9 years ago · 07c8bbca6c
--- a/components/openssl/include/internal/ssl_methods.h
+++ b/components/openssl/include/internal/ssl_methods.h
@@ -22,6 +22,7 @@
 
				                     set_fd, get_fd, \
			
 
				                     set_bufflen, \
			
 
				                     get_verify_result, \
			
 
				+                    ssl_reload_crt, \
			
 
				                     get_state) \
			
 
				         static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
			
 
				                 new, \
			
@@ -36,6 +37,7 @@
 
				                 get_fd, \
			
 
				                 set_bufflen, \
			
 
				                 get_verify_result, \
			
 
				+                ssl_reload_crt, \
			
 
				                 get_state \
			
 
				         };
			
 
				 
			
--- a/components/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@@ -259,6 +259,8 @@ struct ssl_method_func_st {
 
				 
			
 
				     long (*ssl_get_verify_result)(const SSL *ssl);
			
 
				 
			
 
				+    int (*ssl_reload_crt)(SSL *ssl);
			
 
				+
			
 
				     OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
			
 
				 };
			
 
				 
			
--- a/components/openssl/include/platform/ssl_pm.h
+++ b/components/openssl/include/platform/ssl_pm.h
@@ -51,4 +51,6 @@ void pkey_pm_unload(EVP_PKEY *pkey);
 
				 
			
 
				 long ssl_pm_get_verify_result(const SSL *ssl);
			
 
				 
			
 
				+int ssl_pm_reload_crt(SSL *ssl);
			
 
				+
			
 
				 #endif
			
--- a/components/openssl/library/ssl_methods.c
+++ b/components/openssl/library/ssl_methods.c
@@ -26,6 +26,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
 
				         ssl_pm_set_fd, ssl_pm_get_fd,
			
 
				         ssl_pm_set_bufflen,
			
 
				         ssl_pm_get_verify_result,
			
 
				+        ssl_pm_reload_crt,
			
 
				         ssl_pm_get_state);
			
 
				 
			
 
				 /*
			
--- a/components/openssl/library/ssl_pkey.c
+++ b/components/openssl/library/ssl_pkey.c
@@ -127,6 +127,9 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 
				     SSL_ASSERT(ctx);
			
 
				     SSL_ASSERT(pkey);
			
 
				 
			
 
				+    if (ctx->cert->pkey)
			
 
				+        EVP_PKEY_free(ctx->cert->pkey);
			
 
				+
			
 
				     ctx->cert->pkey = pkey;
			
 
				 
			
 
				     return 1;
			
@@ -144,12 +147,26 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 
				  */
			
 
				 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
			
 
				 {
			
 
				+    int ret;
			
 
				+    int ssl_ret;
			
 
				+
			
 
				     SSL_ASSERT(ctx);
			
 
				     SSL_ASSERT(pkey);
			
 
				 
			
 
				+    if (!ssl->ca_reload)
			
 
				+        ssl->ca_reload = 1;
			
 
				+    else
			
 
				+        EVP_PKEY_free(ssl->cert->pkey);
			
 
				+
			
 
				     ssl->cert->pkey = pkey;
			
 
				 
			
 
				-    return 1;
			
 
				+    ssl_ret = SSL_METHOD_CALL(reload_crt, ssl);
			
 
				+    if (ssl_ret)
			
 
				+        ret = 0;
			
 
				+    else
			
 
				+        ret = 1;
			
 
				+
			
 
				+    return ret;
			
 
				 }
			
 
				 
			
 
				 /*
			
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -138,6 +138,9 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
 
				  */
			
 
				 int SSL_add_client_CA(SSL *ssl, X509 *x)
			
 
				 {
			
 
				+    int ret;
			
 
				+    int ssl_ret;
			
 
				+
			
 
				     SSL_ASSERT(ssl);
			
 
				     SSL_ASSERT(x);
			
 
				 
			
@@ -148,7 +151,13 @@ int SSL_add_client_CA(SSL *ssl, X509 *x)
 
				 
			
 
				     ssl->client_CA = x;
			
 
				 
			
 
				-    return 1;
			
 
				+    ssl_ret = SSL_METHOD_CALL(reload_crt, ssl);
			
 
				+    if (ssl_ret)
			
 
				+        ret = 0;
			
 
				+    else
			
 
				+        ret = 1;
			
 
				+
			
 
				+    return ret;
			
 
				 }
			
 
				 
			
 
				 /*
			
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@@ -475,3 +475,33 @@ long ssl_pm_get_verify_result(const SSL *ssl)
 
				 
			
 
				     return verify_result;
			
 
				 }
			
 
				+
			
 
				+int ssl_pm_reload_crt(SSL *ssl)
			
 
				+{
			
 
				+    int ret;
			
 
				+    int mode;
			
 
				+    struct ssl_pm *ssl_pm = ssl->ssl_pm;
			
 
				+    struct x509_pm *x509_pm;
			
 
				+    struct pkey_pm *pkey_pm;
			
 
				+
			
 
				+    x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
			
 
				+    if (x509_pm->load) {
			
 
				+        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
			
 
				+
			
 
				+        mode = MBEDTLS_SSL_VERIFY_REQUIRED;
			
 
				+    } else {
			
 
				+        mode = MBEDTLS_SSL_VERIFY_NONE;
			
 
				+    }
			
 
				+    mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
			
 
				+
			
 
				+    pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
			
 
				+    if (pkey_pm->load) {
			
 
				+        x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
			
 
				+
			
 
				+        ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
			
 
				+        if (ret)
			
 
				+            return -1;
			
 
				+    }
			
 
				+
			
 
				+    return 0;
			
 
				+}