openssl: don't try to print nonexistant peer private keys

X.509 certificates carry public keys, not private keys. Fields corresponding to the private half of the key will always be NULL. Closes #1425
author: David Benjamin <davidben@google.com> 2017-04-17 10:20:26 -0400
committer: Daniel Stenberg <daniel@haxx.se> 2017-04-17 23:22:51 +0200
commit: 997504ea50887c80a0f90b88bb1778aad75f7ee9 (patch)
tree: 58f1f1386bc27ee52de8267d9401f396b71235ee
parent: 1c92b5b60957b26819c5f8a9f46412564d4c2cfe (diff)
download: curl-997504ea50887c80a0f90b88bb1778aad75f7ee9.tar.gz
1 files changed, 3 insertions, 29 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 3650c99c9..ee0761576 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2628,38 +2628,18 @@ static CURLcode get_cert_chain(struct connectdata *conn,
         {
           const BIGNUM *n;
           const BIGNUM *e;
-          const BIGNUM *d;
-          const BIGNUM *p;
-          const BIGNUM *q;
-          const BIGNUM *dmp1;
-          const BIGNUM *dmq1;
-          const BIGNUM *iqmp;
 
-          RSA_get0_key(rsa, &n, &e, &d);
-          RSA_get0_factors(rsa, &p, &q);
-          RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+          RSA_get0_key(rsa, &n, &e, NULL);
           BN_print(mem, n);
           push_certinfo("RSA Public Key", i);
           print_pubkey_BN(rsa, n, i);
           print_pubkey_BN(rsa, e, i);
-          print_pubkey_BN(rsa, d, i);
-          print_pubkey_BN(rsa, p, i);
-          print_pubkey_BN(rsa, q, i);
-          print_pubkey_BN(rsa, dmp1, i);
-          print_pubkey_BN(rsa, dmq1, i);
-          print_pubkey_BN(rsa, iqmp, i);
         }
 #else
         BIO_printf(mem, "%d", BN_num_bits(rsa->n));
         push_certinfo("RSA Public Key", i);
         print_pubkey_BN(rsa, n, i);
         print_pubkey_BN(rsa, e, i);
-        print_pubkey_BN(rsa, d, i);
-        print_pubkey_BN(rsa, p, i);
-        print_pubkey_BN(rsa, q, i);
-        print_pubkey_BN(rsa, dmp1, i);
-        print_pubkey_BN(rsa, dmq1, i);
-        print_pubkey_BN(rsa, iqmp, i);
 #endif
 
         break;
@@ -2678,23 +2658,20 @@ static CURLcode get_cert_chain(struct connectdata *conn,
           const BIGNUM *p;
           const BIGNUM *q;
           const BIGNUM *g;
-          const BIGNUM *priv_key;
           const BIGNUM *pub_key;
 
           DSA_get0_pqg(dsa, &p, &q, &g);
-          DSA_get0_key(dsa, &pub_key, &priv_key);
+          DSA_get0_key(dsa, &pub_key, NULL);
 
           print_pubkey_BN(dsa, p, i);
           print_pubkey_BN(dsa, q, i);
           print_pubkey_BN(dsa, g, i);
-          print_pubkey_BN(dsa, priv_key, i);
           print_pubkey_BN(dsa, pub_key, i);
         }
 #else
         print_pubkey_BN(dsa, p, i);
         print_pubkey_BN(dsa, q, i);
         print_pubkey_BN(dsa, g, i);
-        print_pubkey_BN(dsa, priv_key, i);
         print_pubkey_BN(dsa, pub_key, i);
 #endif
 #endif /* !OPENSSL_NO_DSA */
@@ -2713,20 +2690,17 @@ static CURLcode get_cert_chain(struct connectdata *conn,
           const BIGNUM *p;
           const BIGNUM *q;
           const BIGNUM *g;
-          const BIGNUM *priv_key;
           const BIGNUM *pub_key;
           DH_get0_pqg(dh, &p, &q, &g);
-          DH_get0_key(dh, &pub_key, &priv_key);
+          DH_get0_key(dh, &pub_key, NULL);
           print_pubkey_BN(dh, p, i);
           print_pubkey_BN(dh, q, i);
           print_pubkey_BN(dh, g, i);
-          print_pubkey_BN(dh, priv_key, i);
           print_pubkey_BN(dh, pub_key, i);
        }
 #else
         print_pubkey_BN(dh, p, i);
         print_pubkey_BN(dh, g, i);
-        print_pubkey_BN(dh, priv_key, i);
         print_pubkey_BN(dh, pub_key, i);
 #endif
         break;
author	David Benjamin <davidben@google.com>	2017-04-17 10:20:26 -0400
committer	Daniel Stenberg <daniel@haxx.se>	2017-04-17 23:22:51 +0200
commit	997504ea50887c80a0f90b88bb1778aad75f7ee9 (patch)
tree	58f1f1386bc27ee52de8267d9401f396b71235ee
parent	1c92b5b60957b26819c5f8a9f46412564d4c2cfe (diff)
download	curl-997504ea50887c80a0f90b88bb1778aad75f7ee9.tar.gz