X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fopenssl.c;h=920f5a50384db4a5a50d6578355dc462d4c00ad6;hp=664ed1e68d602b78009a5bba79752dd5255e09e8;hb=b8efb6d762890b56b4dfa31de9739067eeda9f5a;hpb=b8d826f243803c7a2234f0d038ce182d91df3967

diff --git a/src/openssl.c b/src/openssl.c
index 664ed1e6..920f5a50 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -154,6 +154,26 @@ ssl_print_errors (void)
     logprintf (LOG_NOTQUIET, "OpenSSL: %s\n", ERR_error_string (curerr, NULL));
 }
 
+/* Convert keyfile type as used by options.h to a type as accepted by
+   SSL_CTX_use_certificate_file and SSL_CTX_use_PrivateKey_file.
+
+   (options.h intentionally doesn't use values from openssl/ssl.h so
+   it doesn't depend specifically on OpenSSL for SSL functionality.)  */
+
+static int
+key_type_to_ssl_type (enum keyfile_type type)
+{
+  switch (type)
+    {
+    case keyfile_pem:
+      return SSL_FILETYPE_PEM;
+    case keyfile_asn1:
+      return SSL_FILETYPE_ASN1;
+    default:
+      abort ();
+    }
+}
+
 /* Creates a SSL Context and sets some defaults for it */
 uerr_t
 ssl_init ()
@@ -191,59 +211,33 @@ ssl_init ()
     case secure_protocol_tlsv1:
       meth = TLSv1_client_method ();
       break;
-    }
-  if (meth == NULL)
-    {
-      ssl_print_errors ();
-      return SSLERRCTXCREATE;
+    default:
+      abort ();
     }
 
   ssl_ctx = SSL_CTX_new (meth);
-  if (meth == NULL)
-    {
-      ssl_print_errors ();
-      return SSLERRCTXCREATE;
-    }
-
   SSL_CTX_set_default_verify_paths (ssl_ctx);
   SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);
   SSL_CTX_set_verify (ssl_ctx,
 		      opt.check_cert ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
 		      verify_callback);
 
-  if (opt.cert_file != NULL || opt.cert_key != NULL)
-    {
-      int ssl_cert_type = SSL_FILETYPE_PEM;
-      switch (opt.cert_type)
-	{
-	case cert_type_pem:
-	  ssl_cert_type = SSL_FILETYPE_PEM;
-	  break;
-	case cert_type_asn1:
-	  ssl_cert_type = SSL_FILETYPE_ASN1;
-	  break;
-	}
-
-#if 0 /* what was this supposed to achieve? */
-      if (opt.cert_key == NULL) 
-	opt.cert_key = opt.cert_file;
-      if (opt.cert_file == NULL)
-	opt.cert_file = opt.cert_key;
-#endif
-
-      if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
-					ssl_cert_type) != 1)
-	{
-	  ssl_print_errors ();
-  	  return SSLERRCERTFILE;
-	}
-      if (SSL_CTX_use_PrivateKey_file (ssl_ctx, opt.cert_key,
-				       ssl_cert_type) != 1)
-	{
-	  ssl_print_errors ();
-	  return SSLERRCERTKEY;
-	}
-    }
+  if (opt.cert_file)
+    if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
+				      key_type_to_ssl_type (opt.cert_type))
+	!= 1)
+      {
+	ssl_print_errors ();
+	return SSLERRCERTFILE;
+      }
+  if (opt.private_key)
+    if (SSL_CTX_use_PrivateKey_file (ssl_ctx, opt.private_key,
+				     key_type_to_ssl_type (opt.private_key_type))
+	!= 1)
+      {
+	ssl_print_errors ();
+	return SSLERRCERTKEY;
+      }
 
   return 0; /* Succeded */
 }