{
dane_mtype_list m;
unsigned char mdbuf[EVP_MAX_MD_SIZE];
- unsigned char *buf;
+ unsigned char *buf = NULL;
unsigned char *buf2;
- unsigned int len;
+ unsigned int len = 0;
/*
* Extract ASN.1 DER form of certificate or public key.
matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0);
if(matched > 0)
if(!ctx->chain)
+ {
if( (ctx->chain = sk_X509_new_null())
&& sk_X509_push(ctx->chain, cert))
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE);
return -1;
}
+ }
return matched;
}
* Sub-domain match: certid is any sub-domain of hostname.
*/
if(match_subdomain)
+ {
if( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
&& certid[idlen - domlen - 1] == '.'
&& !strcasecmp(certid + (idlen - domlen), domain))
return 1;
else
continue;
+ }
/*
* Exact match and initial "*" match. The initial "*" in a certid
int matched = 0;
int chain_length = sk_X509_num(ctx->chain);
-DEBUG(D_tls) debug_printf("Dane library verify_chain fn called\n");
+DEBUG(D_tls) debug_printf("Dane verify-chain\n");
issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER];
leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF];
int matched;
X509 *cert = ctx->cert; /* XXX: accessor? */
-DEBUG(D_tls) debug_printf("Dane library verify_cert fn called\n");
+DEBUG(D_tls) debug_printf("Dane verify-cert\n");
if(ssl_idx < 0)
ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
ssl_dane *dane;
int u;
-DEBUG(D_tls) debug_printf("Dane library cleanup fn called\n");
+DEBUG(D_tls) debug_printf("Dane lib-cleanup\n");
if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
return;
if(dane->chain)
sk_X509_pop_free(dane->chain, X509_free);
OPENSSL_free(dane);
-DEBUG(D_tls) debug_printf("Dane library cleanup fn return\n");
}
static dane_host_list
dane_pkey_list klist = 0;
const EVP_MD *md = 0;
-DEBUG(D_tls) debug_printf("Dane add_tlsa\n");
+DEBUG(D_tls) debug_printf("Dane add-tlsa: usage %u sel %u mdname \"%s\"\n",
+ usage, selector, mdname);
if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
{
return -1;
}
#else
-DEBUG(D_tls) debug_printf("Dane ssl_init\n");
+DEBUG(D_tls) debug_printf("Dane ssl-init\n");
if(dane_idx < 0)
{
DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_LIBRARY_INIT);
OPENSSL_free(dane);
return 0;
}
-DEBUG(D_tls) debug_printf("Dane ssl-init: new dane struct: %p\n", dane);
dane->verify = 0;
dane->hosts = 0;