diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-08-13 14:54:35 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-08-22 16:11:45 -0400 |
| commit | c567b8fcb4e4851d6db19946cce8c4d5e75535f5 (patch) | |
| tree | 8bf8abfe334d38dccdbc40c36ba923e2a676206f /src/lib/tls/tortls_nss.c | |
| parent | 7c5339677fd4d524a95bc8c18af223f710ca94e2 (diff) | |
| download | tor-c567b8fcb4e4851d6db19946cce8c4d5e75535f5.tar.gz tor-c567b8fcb4e4851d6db19946cce8c4d5e75535f5.zip | |
NSS support for x509 certs
7 unit tests are failing at this point, but they're all TLS-related.
Diffstat (limited to 'src/lib/tls/tortls_nss.c')
| -rw-r--r-- | src/lib/tls/tortls_nss.c | 61 |
1 files changed, 22 insertions, 39 deletions
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 3ab5c753d0..35dbc27d9c 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -23,7 +23,9 @@ #include "lib/crypt_ops/crypto_dh.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/tls/x509.h" +#include "lib/tls/x509_internal.h" #include "lib/tls/tortls.h" +#include "lib/tls/tortls_st.h" #include "lib/tls/tortls_internal.h" #include "lib/log/util_bug.h" @@ -64,27 +66,27 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client) { tor_assert(identity); - tor_assert(key_lifetime); - (void)flags; - (void)is_client; - // XXXX - return NULL; -} -int -tor_tls_context_init_one(tor_tls_context_t **ppcontext, - crypto_pk_t *identity, - unsigned int key_lifetime, - unsigned int flags, - int is_client) -{ - tor_assert(ppcontext); - tor_assert(identity); - tor_assert(key_lifetime); - (void)flags; - (void)is_client; - // XXXX - return -1; + + tor_tls_context_t *ctx = tor_malloc_zero(sizeof(tor_tls_context_t)); + ctx->refcnt = 1; + + if (! is_client) { + if (tor_tls_context_init_certificates(ctx, identity, + key_lifetime, flags) < 0) { + goto err; + } + } + + // XXXX write the main body. + + goto done; + err: + tor_tls_context_decref(ctx); + ctx = NULL; + done: + return ctx; } + void tor_tls_context_impl_free(struct ssl_ctx_st *ctx) { @@ -361,25 +363,6 @@ tor_tls_log_one_error(tor_tls_t *tls, unsigned long err, // XXXX } -int -tor_tls_get_my_certs(int server, - const struct tor_x509_cert_t **link_cert_out, - const struct tor_x509_cert_t **id_cert_out) -{ - tor_assert(link_cert_out); - tor_assert(id_cert_out); - (void)server; - // XXXX - return -1; -} - -crypto_pk_t * -tor_tls_get_my_client_auth_key(void) -{ - // XXXX - return NULL; -} - const char * tor_tls_get_ciphersuite_name(tor_tls_t *tls) { |