Remove OpenSSL dependency from http.c
authorDavid Woodhouse <David.Woodhouse@intel.com>
Tue, 29 May 2012 15:28:30 +0000 (16:28 +0100)
committerDavid Woodhouse <David.Woodhouse@intel.com>
Tue, 29 May 2012 15:29:56 +0000 (16:29 +0100)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
http.c
openconnect-internal.h
openssl.c

diff --git a/http.c b/http.c
index 6d27165..9b539d5 100644 (file)
--- a/http.c
+++ b/http.c
 #include <pwd.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
 
 #include "openconnect-internal.h"
 
@@ -441,10 +440,8 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
        close(fd);
 
        if (!fork()) {
-               X509 *scert = SSL_get_peer_certificate(vpninfo->https_ssl);
-               X509 *ccert = SSL_get_certificate(vpninfo->https_ssl);
-               char scertbuf[EVP_MAX_MD_SIZE * 2 + 1];
-               char ccertbuf[EVP_MAX_MD_SIZE * 2 + 1];
+               char scertbuf[MD5_SIZE * 2 + 1];
+               char ccertbuf[MD5_SIZE * 2 + 1];
                char *csd_argv[32];
                int i = 0;
 
@@ -490,15 +487,13 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
                if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"") == -1)
                        return -ENOMEM;
 
-               get_cert_md5_fingerprint(vpninfo, scert, scertbuf);
-               if (ccert)
-                       get_cert_md5_fingerprint(vpninfo, ccert, ccertbuf);
-               else
-                       ccertbuf[0] = 0;
-
+               openconnect_local_cert_md5(vpninfo, ccertbuf);
+               scertbuf[0] = 0;
+               get_cert_md5_fingerprint(vpninfo, vpninfo->peer_cert, scertbuf);
                csd_argv[i++]= (char *)"-certhash";
                if (asprintf(&csd_argv[i++], "\"%s:%s\"", scertbuf, ccertbuf) == -1)
                        return -ENOMEM;
+
                csd_argv[i++]= (char *)"-url";
                if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1)
                        return -ENOMEM;
index 06902fb..be75d2a 100644 (file)
@@ -49,6 +49,7 @@
 #define N_(s) s
 
 #define SHA1_SIZE 20
+#define MD5_SIZE 16
 
 /****************************************************************************/
 
@@ -296,6 +297,8 @@ int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
 void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
 int openconnect_sha1(unsigned char *result, void *data, int len);
 int openconnect_random(void *bytes, int len);
+int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
+                              char *buf);
 
 /* mainloop.c */
 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
index 740ff5d..61366bf 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -1166,3 +1166,17 @@ char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
        return ret;
 }
 
+
+int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
+                              char *buf)
+{
+       buf[0] = 0;
+
+       if (!vpninfo->cert_x509)
+               return -EIO;
+
+       if (get_cert_md5_fingerprint(vpninfo, vpninfo->cert_x509, buf))
+               return -EIO;
+
+       return 0;
+}