diff options
author | Nathan Skrzypczak <nathan.skrzypczak@gmail.com> | 2019-07-30 16:14:34 +0200 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2019-07-30 16:29:24 +0000 |
commit | 874a31ea0be9f6d3fe6e8fb0fa17e8b02ce8d37a (patch) | |
tree | 02834e16563dd689b6ec60c4025ccc3eefcb197c | |
parent | 1c2af06852fb6d7788f0f4926d062c11e5869ead (diff) |
quic: fix cert loading
Type: fix
Change-Id: I29d24c8ec7b8e0613d4fbf5eedc72384326dc284
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
-rw-r--r-- | src/plugins/quic/certs.c | 14 | ||||
-rw-r--r-- | src/plugins/quic/certs.h | 4 | ||||
-rw-r--r-- | src/plugins/quic/quic.c | 11 |
3 files changed, 17 insertions, 12 deletions
diff --git a/src/plugins/quic/certs.c b/src/plugins/quic/certs.c index 20d9881d22c..8b2f05ebabe 100644 --- a/src/plugins/quic/certs.c +++ b/src/plugins/quic/certs.c @@ -174,7 +174,7 @@ ptls_load_bio_certificates (ptls_context_t * ctx, BIO * bio) return ret; } -void +int load_bio_certificate_chain (ptls_context_t * ctx, const char *cert_data) { BIO *cert_bio; @@ -182,13 +182,13 @@ load_bio_certificate_chain (ptls_context_t * ctx, const char *cert_data) if (ptls_load_bio_certificates (ctx, cert_bio) != 0) { BIO_free (cert_bio); - clib_warning ("failed to load certificate:%s\n", strerror (errno)); - exit (1); + return -1; } BIO_free (cert_bio); + return 0; } -void +int load_bio_private_key (ptls_context_t * ctx, const char *pk_data) { static ptls_openssl_sign_certificate_t sc; @@ -200,13 +200,11 @@ load_bio_private_key (ptls_context_t * ctx, const char *pk_data) BIO_free (key_bio); if (pkey == NULL) - { - clib_warning ("failed to read private key from app configuration\n"); - exit (1); - } + return -1; ptls_openssl_init_sign_certificate (&sc, pkey); EVP_PKEY_free (pkey); ctx->sign_certificate = &sc.super; + return 0; } diff --git a/src/plugins/quic/certs.h b/src/plugins/quic/certs.h index e60f96d55d2..c26e060a1f4 100644 --- a/src/plugins/quic/certs.h +++ b/src/plugins/quic/certs.h @@ -32,9 +32,9 @@ int ptls_load_bio_pem_objects (BIO * bio, const char *label, int ptls_load_bio_certificates (ptls_context_t * ctx, BIO * bio); -void load_bio_certificate_chain (ptls_context_t * ctx, const char *cert_data); +int load_bio_certificate_chain (ptls_context_t * ctx, const char *cert_data); -void load_bio_private_key (ptls_context_t * ctx, const char *pk_data); +int load_bio_private_key (ptls_context_t * ctx, const char *pk_data); #endif /* __included_quic_certs_h__ */ diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c index 9ec7fd869d5..252f92d3160 100644 --- a/src/plugins/quic/quic.c +++ b/src/plugins/quic/quic.c @@ -927,8 +927,15 @@ allocate_quicly_ctx (application_t * app, u8 is_client) &ptls_openssl_sha256, key_vec); if (!is_client && app->tls_key != NULL && app->tls_cert != NULL) { - load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key); - load_bio_certificate_chain (quicly_ctx->tls, (char *) app->tls_cert); + if (load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key)) + { + QUIC_DBG (1, "failed to read private key from app configuration\n"); + } + if (load_bio_certificate_chain (quicly_ctx->tls, + (char *) app->tls_cert)) + { + QUIC_DBG (1, "failed to load certificate\n"); + } } } |