use directory enumerator to load authcerts
This commit is contained in:
parent
ff1ca9a8a3
commit
215b0402b3
|
@ -15,12 +15,12 @@
|
|||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <dirent.h>
|
||||
#include <time.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <utils/identification.h>
|
||||
#include <debug.h>
|
||||
#include <utils/enumerator.h>
|
||||
|
||||
#include <freeswan.h>
|
||||
|
||||
|
@ -284,44 +284,36 @@ x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags)
|
|||
/*
|
||||
* Loads authority certificates
|
||||
*/
|
||||
void load_authcerts(const char *type, const char *path, x509_flag_t auth_flags)
|
||||
void load_authcerts(char *type, char *path, x509_flag_t auth_flags)
|
||||
{
|
||||
struct dirent **filelist;
|
||||
u_char buf[BUF_LEN];
|
||||
u_char *save_dir;
|
||||
int n;
|
||||
enumerator_t *enumerator;
|
||||
struct stat st;
|
||||
char *file;
|
||||
|
||||
/* change directory to specified path */
|
||||
save_dir = getcwd(buf, BUF_LEN);
|
||||
DBG1("loading %s certificates from '%s'", type, path);
|
||||
|
||||
if (chdir(path))
|
||||
enumerator = enumerator_create_directory(path);
|
||||
if (!enumerator)
|
||||
{
|
||||
plog("Could not change to directory '%s'", path);
|
||||
DBG1(" reading directory '%s' failed");
|
||||
return;
|
||||
}
|
||||
else
|
||||
|
||||
while (enumerator->enumerate(enumerator, NULL, &file, &st))
|
||||
{
|
||||
plog("Changing to directory '%s'", path);
|
||||
n = scandir(path, &filelist, file_select, alphasort);
|
||||
cert_t cert;
|
||||
|
||||
if (n < 0)
|
||||
plog(" scandir() error");
|
||||
else
|
||||
if (!S_ISREG(st.st_mode))
|
||||
{
|
||||
while (n--)
|
||||
{
|
||||
cert_t cert;
|
||||
|
||||
if (load_cert(filelist[n]->d_name, type, auth_flags, &cert))
|
||||
{
|
||||
add_authcert(cert.u.x509, auth_flags);
|
||||
}
|
||||
free(filelist[n]);
|
||||
}
|
||||
free(filelist);
|
||||
/* skip special file */
|
||||
continue;
|
||||
}
|
||||
if (load_cert(file, type, auth_flags, &cert))
|
||||
{
|
||||
add_authcert(cert.u.x509, auth_flags);
|
||||
}
|
||||
}
|
||||
/* restore directory path */
|
||||
ignore_result(chdir(save_dir));
|
||||
enumerator->destroy(enumerator);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -44,8 +44,7 @@ extern bool match_requested_ca(linked_list_t *requested_ca,
|
|||
identification_t *our_ca, int *our_pathlen);
|
||||
extern x509cert_t* get_authcert(identification_t *subject, chunk_t keyid,
|
||||
x509_flag_t auth_flags);
|
||||
extern void load_authcerts(const char *type, const char *path,
|
||||
x509_flag_t auth_flags);
|
||||
extern void load_authcerts(char *type, char *path, x509_flag_t auth_flags);
|
||||
extern x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags);
|
||||
extern void free_authcerts(void);
|
||||
extern void list_authcerts(const char *caption, x509_flag_t auth_flags, bool utc);
|
||||
|
|
|
@ -721,11 +721,11 @@ int main(int argc, char **argv)
|
|||
#endif /* CAPABILITIES */
|
||||
|
||||
/* loading X.509 CA certificates */
|
||||
load_authcerts("CA", CA_CERT_PATH, X509_CA);
|
||||
load_authcerts("ca", CA_CERT_PATH, X509_CA);
|
||||
/* loading X.509 AA certificates */
|
||||
load_authcerts("AA", AA_CERT_PATH, X509_AA);
|
||||
load_authcerts("aa", AA_CERT_PATH, X509_AA);
|
||||
/* loading X.509 OCSP certificates */
|
||||
load_authcerts("OCSP", OCSP_CERT_PATH, X509_OCSP_SIGNER);
|
||||
load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
|
||||
/* loading X.509 CRLs */
|
||||
load_crls();
|
||||
/* loading attribute certificates (experimental) */
|
||||
|
|
|
@ -440,17 +440,17 @@ void whack_handle(int whackctlfd)
|
|||
|
||||
if (msg.whack_reread & REREAD_CACERTS)
|
||||
{
|
||||
load_authcerts("CA cert", CA_CERT_PATH, X509_CA);
|
||||
load_authcerts("ca", CA_CERT_PATH, X509_CA);
|
||||
}
|
||||
|
||||
if (msg.whack_reread & REREAD_AACERTS)
|
||||
{
|
||||
load_authcerts("AA cert", AA_CERT_PATH, X509_AA);
|
||||
load_authcerts("aa", AA_CERT_PATH, X509_AA);
|
||||
}
|
||||
|
||||
if (msg.whack_reread & REREAD_OCSPCERTS)
|
||||
{
|
||||
load_authcerts("OCSP cert", OCSP_CERT_PATH, X509_OCSP_SIGNER);
|
||||
load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
|
||||
}
|
||||
|
||||
if (msg.whack_reread & REREAD_ACERTS)
|
||||
|
|
Loading…
Reference in New Issue