Mercurial > pidgin.yaz
comparison libpurple/certificate.c @ 19094:dd9f69ebaae8
In x509_ca pool:
- More skeletonizing, including a partial "lazy initialization"
implementation to get around the problem of x509_ca requiring an x509
Scheme to be registered before it can properly init.
- Cosmetics
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Sun, 12 Aug 2007 03:36:53 +0000 |
parents | f96b53df8d17 |
children | cd70e75f9a83 |
comparison
equal
deleted
inserted
replaced
19093:f96b53df8d17 | 19094:dd9f69ebaae8 |
---|---|
585 }; | 585 }; |
586 | 586 |
587 | 587 |
588 | 588 |
589 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ | 589 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ |
590 /* This is implemented in what may be the most inefficient and bugprone way | |
591 possible; however, future optimizations should not be difficult. */ | |
592 | |
590 static PurpleCertificatePool x509_ca; | 593 static PurpleCertificatePool x509_ca; |
594 | |
595 /** Holds a key-value pair for quickish certificate lookup */ | |
596 typedef struct { | |
597 gchar *dn; | |
598 PurpleCertificate *crt; | |
599 } x509_ca_element; | |
600 | |
601 /** System directory to probe for CA certificates */ | |
602 /* TODO: The current path likely won't work on anything but Debian! Fix! */ | |
603 static const gchar *x509_ca_syspath = "/etc/ssl/certs/"; | |
604 | |
605 /** A list of loaded CAs, populated from the above path whenever the lazy_init | |
606 happens. Contains pointers to x509_ca_elements */ | |
607 static GList *x509_ca_certs = NULL; | |
608 | |
609 /** Used for lazy initialization purposes. */ | |
610 static gboolean x509_ca_initialized = FALSE; | |
611 | |
612 static gboolean | |
613 x509_ca_lazy_init(void) | |
614 { | |
615 if (x509_ca_initialized) return TRUE; | |
616 | |
617 /* Populate the certificates pool from the system path */ | |
618 /* TODO: Writeme! */ | |
619 | |
620 x509_ca_initialized = TRUE; | |
621 return TRUE; | |
622 } | |
591 | 623 |
592 static gboolean | 624 static gboolean |
593 x509_ca_init(void) | 625 x509_ca_init(void) |
594 { | 626 { |
627 /* Attempt to initialize now, but if it doesn't work, that's OK; | |
628 it will get done later */ | |
629 if ( ! x509_ca_lazy_init()) { | |
630 purple_debug_info("certificate/x509/ca", | |
631 "Lazy init failed, probably because a " | |
632 "dependency is not yet registered. " | |
633 "It has been deferred to later.\n"); | |
634 } | |
635 | |
595 return TRUE; | 636 return TRUE; |
596 } | 637 } |
597 | 638 |
598 static void | 639 static void |
599 x509_ca_uninit(void) | 640 x509_ca_uninit(void) |
603 | 644 |
604 static gboolean | 645 static gboolean |
605 x509_ca_cert_in_pool(const gchar *id) | 646 x509_ca_cert_in_pool(const gchar *id) |
606 { | 647 { |
607 gboolean ret = FALSE; | 648 gboolean ret = FALSE; |
608 | 649 |
650 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); | |
609 g_return_val_if_fail(id, FALSE); | 651 g_return_val_if_fail(id, FALSE); |
610 | 652 |
611 return ret; | 653 return ret; |
612 } | 654 } |
613 | 655 |
614 static PurpleCertificate * | 656 static PurpleCertificate * |
615 x509_ca_get_cert(const gchar *id) | 657 x509_ca_get_cert(const gchar *id) |
616 { | 658 { |
617 PurpleCertificateScheme *x509; | 659 PurpleCertificateScheme *x509; |
618 PurpleCertificate *crt = NULL; | 660 PurpleCertificate *crt = NULL; |
619 | 661 |
662 g_return_val_if_fail(x509_ca_lazy_init(), NULL); | |
620 g_return_val_if_fail(id, NULL); | 663 g_return_val_if_fail(id, NULL); |
621 | 664 |
622 /* Is it in the pool? */ | 665 /* Is it in the pool? */ |
623 if ( !x509_ca_cert_in_pool(id) ) { | 666 if ( !x509_ca_cert_in_pool(id) ) { |
624 return NULL; | 667 return NULL; |
634 static gboolean | 677 static gboolean |
635 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) | 678 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) |
636 { | 679 { |
637 gboolean ret = FALSE; | 680 gboolean ret = FALSE; |
638 | 681 |
682 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); | |
639 g_return_val_if_fail(crt, FALSE); | 683 g_return_val_if_fail(crt, FALSE); |
640 g_return_val_if_fail(crt->scheme, FALSE); | 684 g_return_val_if_fail(crt->scheme, FALSE); |
641 /* Make sure that this is some kind of X.509 certificate */ | 685 /* Make sure that this is some kind of X.509 certificate */ |
642 /* TODO: Perhaps just check crt->scheme->name instead? */ | 686 /* TODO: Perhaps just check crt->scheme->name instead? */ |
643 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); | 687 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); |
648 static gboolean | 692 static gboolean |
649 x509_ca_delete_cert(const gchar *id) | 693 x509_ca_delete_cert(const gchar *id) |
650 { | 694 { |
651 gboolean ret = FALSE; | 695 gboolean ret = FALSE; |
652 | 696 |
697 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); | |
653 g_return_val_if_fail(id, FALSE); | 698 g_return_val_if_fail(id, FALSE); |
654 | 699 |
655 /* Is the id even in the pool? */ | 700 /* Is the id even in the pool? */ |
656 if (!x509_ca_cert_in_pool(id)) { | 701 if (!x509_ca_cert_in_pool(id)) { |
657 purple_debug_warning("certificate/ca", | 702 purple_debug_warning("certificate/x509/ca", |
658 "Id %s wasn't in the pool\n", | 703 "Id %s wasn't in the pool\n", |
659 id); | 704 id); |
660 return FALSE; | 705 return FALSE; |
661 } | 706 } |
662 | 707 |
664 } | 709 } |
665 | 710 |
666 static GList * | 711 static GList * |
667 x509_ca_get_idlist(void) | 712 x509_ca_get_idlist(void) |
668 { | 713 { |
714 g_return_val_if_fail(x509_ca_lazy_init(), NULL); | |
669 return NULL; | 715 return NULL; |
670 } | 716 } |
671 | 717 |
672 | 718 |
673 static PurpleCertificatePool x509_ca = { | 719 static PurpleCertificatePool x509_ca = { |