|
17 | 17 |
|
18 | 18 | #include "SslCertificate.h" |
19 | 19 | #include "common/DataDirectories.h" |
| 20 | +#include "base/finally.h" |
| 21 | +#include "io/fstream.h" |
20 | 22 | #include "net/FingerprintDatabase.h" |
21 | 23 | #include "net/SecureUtils.h" |
22 | 24 |
|
@@ -98,54 +100,41 @@ std::string SslCertificate::getCertificateDirectory() |
98 | 100 | bool SslCertificate::isCertificateValid(const std::string& path) |
99 | 101 | { |
100 | 102 | OpenSSL_add_all_algorithms(); |
101 | | - ERR_load_BIO_strings(); |
102 | 103 | ERR_load_crypto_strings(); |
103 | 104 |
|
104 | | - BIO* bio = BIO_new(BIO_s_file()); |
105 | | - |
106 | | - auto ret = BIO_read_filename(bio, path.c_str()); |
107 | | - if (!ret) { |
| 105 | + auto fp = barrier::fopen_utf8_path(path, "r"); |
| 106 | + if (!fp) { |
108 | 107 | emit info(tr("Could not read from default certificate file.")); |
109 | | - BIO_free_all(bio); |
110 | 108 | return false; |
111 | 109 | } |
| 110 | + auto file_close = barrier::finally([fp]() { std::fclose(fp); }); |
112 | 111 |
|
113 | | - X509* cert = PEM_read_bio_X509(bio, NULL, 0, NULL); |
| 112 | + auto* cert = PEM_read_X509(fp, nullptr, nullptr, nullptr); |
114 | 113 | if (!cert) { |
115 | 114 | emit info(tr("Error loading default certificate file to memory.")); |
116 | | - BIO_free_all(bio); |
117 | 115 | return false; |
118 | 116 | } |
| 117 | + auto cert_free = barrier::finally([cert]() { X509_free(cert); }); |
119 | 118 |
|
120 | | - EVP_PKEY* pubkey = X509_get_pubkey(cert); |
| 119 | + auto* pubkey = X509_get_pubkey(cert); |
121 | 120 | if (!pubkey) { |
122 | 121 | emit info(tr("Default certificate key file does not contain valid public key")); |
123 | | - X509_free(cert); |
124 | | - BIO_free_all(bio); |
125 | 122 | return false; |
126 | 123 | } |
| 124 | + auto pubkey_free = barrier::finally([pubkey]() { EVP_PKEY_free(pubkey); }); |
127 | 125 |
|
128 | 126 | auto type = EVP_PKEY_type(EVP_PKEY_id(pubkey)); |
129 | 127 | if (type != EVP_PKEY_RSA && type != EVP_PKEY_DSA) { |
130 | 128 | emit info(tr("Public key in default certificate key file is not RSA or DSA")); |
131 | | - EVP_PKEY_free(pubkey); |
132 | | - X509_free(cert); |
133 | | - BIO_free_all(bio); |
134 | 129 | return false; |
135 | 130 | } |
136 | 131 |
|
137 | 132 | auto bits = EVP_PKEY_bits(pubkey); |
138 | 133 | if (bits < 2048) { |
139 | 134 | // We could have small keys in old barrier installations |
140 | 135 | emit info(tr("Public key in default certificate key file is too small.")); |
141 | | - EVP_PKEY_free(pubkey); |
142 | | - X509_free(cert); |
143 | | - BIO_free_all(bio); |
144 | 136 | return false; |
145 | 137 | } |
146 | 138 |
|
147 | | - EVP_PKEY_free(pubkey); |
148 | | - X509_free(cert); |
149 | | - BIO_free_all(bio); |
150 | 139 | return true; |
151 | 140 | } |
0 commit comments