From 9571010a14533a0f8abc6b25834fe3413755f2e8 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Sat, 21 Nov 2015 11:22:04 +0100 Subject: [PATCH] polarssl: also allocate PKCS#11 certificate object on demand Commit 444a93ea changed certificate allocation to be postponed until actual usage to fix --client-cert-not-required / --verify-client-cert for PolarSSL builds. However, I forgot to allocate when using pkcs11 (because that code does not use the tls_ctx_load_cert_file() function). And while we're at it, use ALLOC_OBJ_CLEAR() instead of malloc + manual check. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <1448101324-20310-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/10543 Signed-off-by: Gert Doering --- src/openvpn/pkcs11_polarssl.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/openvpn/pkcs11_polarssl.c b/src/openvpn/pkcs11_polarssl.c index be4e9737..4018b22a 100644 --- a/src/openvpn/pkcs11_polarssl.c +++ b/src/openvpn/pkcs11_polarssl.c @@ -50,18 +50,13 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, ASSERT (NULL != ssl_ctx); + ALLOC_OBJ_CLEAR (ssl_ctx->crt_chain, x509_crt); if (pkcs11_x509_cert_init(ssl_ctx->crt_chain, certificate)) { msg (M_FATAL, "PKCS#11: Cannot retrieve PolarSSL certificate object"); goto cleanup; } - ssl_ctx->priv_key_pkcs11 = malloc(sizeof(pkcs11_context)); - - if (ssl_ctx->priv_key_pkcs11 == NULL) { - msg (M_FATAL, "PKCS#11: Cannot allocate PolarSSL private key object"); - goto cleanup; - } - + ALLOC_OBJ_CLEAR (ssl_ctx->priv_key_pkcs11, pkcs11_context); if (pkcs11_priv_key_init(ssl_ctx->priv_key_pkcs11, certificate)) { msg (M_FATAL, "PKCS#11: Cannot initialize PolarSSL private key object"); goto cleanup;