speed up cert setting via cert type detection

CryptoPro · Oct 22, 2020 · 195e8e5 · 195e8e5
1 parent c83efe8
commit 195e8e5
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/src/client.c b/src/client.c
@@ -820,19 +820,25 @@ NOEXPORT void ssl_start(CLI *c) {
         {
             char * cert = j == 0 ? c->opt->cert : c->opt->cert2;
             char * pin = j == 0 ? c->opt->pin : c->opt->pin2;
+            char * pcerttype = j == 0 ? &c->opt->certtype : &c->opt->certtype2;
+            char certtype = *pcerttype;
             char is_ok = 0;
             char is_pfx = 0;
 
             if( !cert )
             {
                 is_ok = 1;
             }
-            else if( msspi_add_mycert( c->msh, cert, 0 ) )
+            else if( ( certtype == 0 || certtype == 1 ) && msspi_add_mycert( c->msh, cert, 0 ) )
             {
+                certtype = 1;
+                *pcerttype = certtype;
                 is_ok = 1;
             }
-            else if( pin && msspi_add_mycert_pfx( c->msh, cert, strlen( cert ), pin ) )
+            else if( pin && ( certtype == 0 || certtype == 2 ) && msspi_add_mycert_pfx( c->msh, cert, strlen( cert ), pin ) )
             {
+                certtype = 2;
+                *pcerttype = certtype;
                 is_ok = 1;
                 is_pfx = 1;
             }
@@ -879,13 +885,17 @@ NOEXPORT void ssl_start(CLI *c) {
                         errstr = "can not read file";
                         break;
                     }
-                    if( msspi_add_mycert( c->msh, (char *)str_file, (int)size_file ) )
+                    if( ( certtype == 0 || certtype == 3 ) && msspi_add_mycert( c->msh, (char *)str_file, (int)size_file ) )
                     {
+                        certtype = 3;
+                        *pcerttype = certtype;
                         is_ok = 1;
                         break;
                     }
-                    if( pin && msspi_add_mycert_pfx( c->msh, (char *)str_file, (int)size_file, pin ) )
+                    if( pin && ( certtype == 0 || certtype == 4 ) && msspi_add_mycert_pfx( c->msh, (char *)str_file, (int)size_file, pin ) )
                     {
+                        certtype = 4;
+                        *pcerttype = certtype;
                         is_ok = 1;
                         is_pfx = 1;
                         break;

diff --git a/src/prototypes.h b/src/prototypes.h
@@ -260,6 +260,8 @@ typedef struct service_options_struct {
     char *pin2;                                  /* pin-code for second cert */
     NAME_LIST * checkSubject;                         /* strcmp cert subject */
     NAME_LIST * checkIssuer;                           /* strcmp cert issuer */
+    char certtype;                                     /* cert type detector */
+    char certtype2;                                   /* cert2 type detector */
 #endif
     long session_size, session_timeout;
 #if OPENSSL_VERSION_NUMBER>=0x10100000L