Skip to content

Commit e644730

Browse files
committed
HSM: local_cert URI
Let's support cases when `local_cert` is a HSM URI too. TODO: fixup indent, this version is only designed to ease code review.
1 parent 73b2c91 commit e644730

File tree

1 file changed

+17
-2
lines changed

1 file changed

+17
-2
lines changed

ext/openssl/xp_ssl.c

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -938,8 +938,22 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
938938
if (certfile) {
939939
char resolved_path_buff[MAXPATHLEN];
940940
const char *private_key = NULL;
941-
942-
if (VCWD_REALPATH(certfile, resolved_path_buff)) {
941+
X509 *cert = NULL;
942+
943+
/* val is certfile */
944+
if (GET_VER_OPT("local_cert")) /* fill val with local_cert if any */
945+
cert = php_openssl_x509_from_str(Z_STR_P(val));
946+
if (cert) {
947+
if (SSL_CTX_use_certificate(ctx, cert) != 1) {
948+
X509_free(cert);
949+
php_error_docref(NULL, E_WARNING,
950+
"Invalid local cert `%s'; Check your device",
951+
certfile);
952+
return FAILURE;
953+
}
954+
}
955+
if (cert || VCWD_REALPATH(certfile, resolved_path_buff)) {
956+
if (!cert) {
943957
/* a certificate to use for authentication */
944958
if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) {
945959
php_error_docref(NULL, E_WARNING,
@@ -948,6 +962,7 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
948962
certfile);
949963
return FAILURE;
950964
}
965+
} // TODO indent, WIP during code reviews
951966
GET_VER_OPT_STRING("local_pk", private_key);
952967
if (private_key) {
953968
char resolved_path_buff_pk[MAXPATHLEN];

0 commit comments

Comments
 (0)