X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fgen_sslfunc.c;h=c19cc66fe08d0af64e9e272b143a5d55ce1df66f;hp=8b64b581e106945a1dad379a408c3eca178a699f;hb=07f60f19a4ee99ddc343bb51568b0c474e9b853d;hpb=2efc3520df1125ea96eff026ee57293ebf3e2ea1

diff --git a/src/gen_sslfunc.c b/src/gen_sslfunc.c
index 8b64b581..c19cc66f 100644
--- a/src/gen_sslfunc.c
+++ b/src/gen_sslfunc.c
@@ -32,8 +32,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
 #include <openssl/err.h>
 #include <openssl/pem.h>
 
-#define SSL_ERR_CTX_CREATION -2
-
 #include "wget.h"
 #include "connect.h"
 
@@ -41,11 +39,10 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
 extern int errno;
 #endif
 
-/* #### Shouldn't this be static?  --hniksic */
-int verify_callback PARAMS ((int, X509_STORE_CTX *));
+static int verify_callback PARAMS ((int, X509_STORE_CTX *));
 
 /* Creates a SSL Context and sets some defaults for it */
-int
+uerr_t
 init_ssl (SSL_CTX **ctx)
 {
   SSL_METHOD *meth = NULL;
@@ -57,7 +54,18 @@ init_ssl (SSL_CTX **ctx)
   meth = SSLv23_client_method ();
   *ctx = SSL_CTX_new (meth);
   SSL_CTX_set_verify (*ctx, verify, verify_callback);
-  if (*ctx == NULL) return SSL_ERR_CTX_CREATION;
+  if (*ctx == NULL) return SSLERRCTXCREATE;
+  if (opt.sslcertfile)
+    {
+      if (SSL_CTX_use_certificate_file (*ctx, opt.sslcertfile,
+					SSL_FILETYPE_PEM) <= 0)
+	return SSLERRCERTFILE;
+      if (opt.sslcertkey == NULL) 
+	opt.sslcertkey=opt.sslcertfile;
+      if (SSL_CTX_use_PrivateKey_file (*ctx, opt.sslcertkey,
+				       SSL_FILETYPE_PEM) <= 0)
+	return SSLERRCERTKEY;
+  }
   return 0; /* Succeded */
 }
 
@@ -107,6 +115,23 @@ verify_callback (int ok, X509_STORE_CTX *ctx)
   return ok;
 }
 
+/* pass all ssl errors to DEBUGP
+   returns the number of printed errors */
+int
+ssl_printerrors (void) 
+{
+  int ocerr = 0;
+  unsigned long curerr = 0;
+  char errbuff[1024];
+  memset(errbuff, 0, sizeof(errbuff));
+  for (curerr = ERR_get_error (); curerr; curerr = ERR_get_error ())
+    {
+      DEBUGP (("OpenSSL: %s\n", ERR_error_string (curerr, errbuff)));
+      ++ocerr;
+    }
+  return ocerr;
+}
+
 /* SSL version of iread. Only exchanged read for SSL_read 
    Read at most LEN bytes from FD, storing them to BUF.  This is
    virtually the same as read(), but takes care of EINTR braindamage