MINOR: ssl: move find certificate chain code to its own function

New function ssl_get_issuer_chain(cert) to find an issuer_chain entry
from "issers-chain-path" tree.
This commit is contained in:
Emmanuel Hocdet 2020-02-18 15:19:24 +01:00 committed by William Lallemand
parent 2104659cd5
commit 75a7aa13da

View File

@ -160,6 +160,7 @@ static struct xprt_ops ssl_sock;
int nb_engines = 0;
static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
static struct issuer_chain* ssl_get_issuer_chain(X509 *cert);
static struct {
char *crt_base; /* base directory path for certificates */
@ -3357,22 +3358,10 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
}
/* Find Certificate Chain in global */
if (chain == NULL) {
AUTHORITY_KEYID *akid;
akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
if (akid) {
struct issuer_chain *issuer;
struct eb64_node *node;
u64 hk;
hk = XXH64(ASN1_STRING_get0_data(akid->keyid), ASN1_STRING_length(akid->keyid), 0);
for (node = eb64_lookup(&cert_issuer_tree, hk); node; node = eb64_next(node)) {
issuer = container_of(node, typeof(*issuer), node);
if (X509_check_issued(sk_X509_value(issuer->chain, 0), cert) == X509_V_OK) {
chain = X509_chain_up_ref(issuer->chain);
break;
}
}
AUTHORITY_KEYID_free(akid);
}
struct issuer_chain *issuer;
issuer = ssl_get_issuer_chain(cert);
if (issuer)
chain = X509_chain_up_ref(issuer->chain);
}
/* no chain */
if (chain == NULL) {
@ -9843,6 +9832,28 @@ static int ssl_load_global_issuer_from_BIO(BIO *in, char *fp, char **err)
return ret;
}
static struct issuer_chain* ssl_get_issuer_chain(X509 *cert)
{
AUTHORITY_KEYID *akid;
struct issuer_chain *issuer = NULL;
akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
if (akid) {
struct eb64_node *node;
u64 hk;
hk = XXH64(ASN1_STRING_get0_data(akid->keyid), ASN1_STRING_length(akid->keyid), 0);
for (node = eb64_lookup(&cert_issuer_tree, hk); node; node = eb64_next(node)) {
struct issuer_chain *ti = container_of(node, typeof(*issuer), node);
if (X509_check_issued(sk_X509_value(ti->chain, 0), cert) == X509_V_OK) {
issuer = ti;
break;
}
}
AUTHORITY_KEYID_free(akid);
}
return issuer;
}
static void ssl_free_global_issuers(void)
{
struct eb64_node *node, *back;