Merge pull request #421 from pjd/fixes

Remove tls->cert field, make tls_get_certificate() static and free certificate after use.
2012-02-12 10:10:39 -08:00 · 2012-02-12 10:10:39 -08:00 · f4c77a755d
commit f4c77a755d
parent d37e6091b0 928dc74782
2 changed files with 35 additions and 27 deletions
--- a/libfreerdp-core/tls.c
+++ b/libfreerdp-core/tls.c
@ -22,8 +22,37 @@

 #include "tls.h"

+static CryptoCert tls_get_certificate(rdpTls* tls)
+{
+	CryptoCert cert;
+	X509* server_cert;
+
+	server_cert = SSL_get_peer_certificate(tls->ssl);
+
+	if (!server_cert)
+	{
+		printf("ssl_verify: failed to get the server SSL certificate\n");
+		cert = NULL;
+	}
+	else
+	{
+		cert = xmalloc(sizeof(*cert));
+		cert->px509 = server_cert;
+	}
+
+	return cert;
+}
+
+static void tls_free_certificate(CryptoCert cert)
+{
+
+	X509_free(cert->px509);
+	xfree(cert);
+}
+
 boolean tls_connect(rdpTls* tls)
 {
+	CryptoCert cert;
 	int connection_status;

 	tls->ctx = SSL_CTX_new(TLSv1_client_method());
@ -73,23 +102,25 @@ boolean tls_connect(rdpTls* tls)
 		}
 	}

-	tls->cert = tls_get_certificate(tls);
+	cert = tls_get_certificate(tls);

-	if (tls->cert == NULL)
+	if (cert == NULL)
 	{
 		printf("tls_connect: tls_get_certificate failed to return the server certificate.\n");
 		return false;
 	}

-	if (!crypto_cert_get_public_key(tls->cert, &tls->public_key))
+	if (!crypto_cert_get_public_key(cert, &tls->public_key))
 	{
 		printf("tls_connect: crypto_cert_get_public_key failed to return the server public key.\n");
 		return false;
 	}

-	if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname))
+	if (!tls_verify_certificate(tls, cert, tls->settings->hostname))
 		tls_disconnect(tls);

+	tls_free_certificate(cert);
+
 	return true;
 }

@ -230,27 +261,6 @@ boolean tls_print_error(char* func, SSL* connection, int value)
 	}
 }

-CryptoCert tls_get_certificate(rdpTls* tls)
-{
-	CryptoCert cert;
-	X509* server_cert;
-
-	server_cert = SSL_get_peer_certificate(tls->ssl);
-
-	if (!server_cert)
-	{
-		printf("ssl_verify: failed to get the server SSL certificate\n");
-		cert = NULL;
-	}
-	else
-	{
-		cert = xmalloc(sizeof(*cert));
-		cert->px509 = server_cert;
-	}
-
-	return cert;
-}
-
 boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
 {
 	int match;
--- a/libfreerdp-core/tls.h
+++ b/libfreerdp-core/tls.h
@ -36,7 +36,6 @@ struct rdp_tls
 	SSL* ssl;
 	int sockfd;
 	SSL_CTX* ctx;
-	CryptoCert cert;
 	rdpBlob public_key;
 	rdpSettings* settings;
 	rdpCertificateStore* certificate_store;
@ -49,7 +48,6 @@ boolean tls_disconnect(rdpTls* tls);
 int tls_read(rdpTls* tls, uint8* data, int length);
 int tls_write(rdpTls* tls, uint8* data, int length);

-CryptoCert tls_get_certificate(rdpTls* tls);
 boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
 void tls_print_certificate_error(char* hostname, char* fingerprint);
 void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);