Mercurial > pidgin
comparison libpurple/plugins/ssl/ssl-gnutls.c @ 29647:c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
certificates in one file. This is most helpful for systems where system
CA certs are installed as a bundle.
Please test, preferably after removing any cached certificates from
~/.purple/certificates/x509/tls_peers/
author | Stu Tomlinson <stu@nosnilmot.com> |
---|---|
date | Sat, 27 Mar 2010 03:55:09 +0000 |
parents | 401a00227615 |
children | 9bfa52f8ee87 |
comparison
equal
deleted
inserted
replaced
29646:55a807c06fbb | 29647:c35fd54ec64b |
---|---|
544 | 544 |
545 /* Cleanup */ | 545 /* Cleanup */ |
546 g_free(buf); | 546 g_free(buf); |
547 | 547 |
548 return crt; | 548 return crt; |
549 } | |
550 | |
551 /** Imports a number of PEM-formatted X.509 certificates from the specified file. | |
552 * @param filename Filename to import from. Format is PEM | |
553 * | |
554 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme | |
555 */ | |
556 static GSList * | |
557 x509_importcerts_from_file(const gchar * filename) | |
558 { | |
559 PurpleCertificate *crt; /* Certificate being constructed */ | |
560 gchar *buf; /* Used to load the raw file data */ | |
561 gchar *begin, *end; | |
562 GSList *crts = NULL; | |
563 gsize buf_sz; /* Size of the above */ | |
564 gnutls_datum dt; /* Struct to pass down to GnuTLS */ | |
565 | |
566 purple_debug_info("gnutls", | |
567 "Attempting to load X.509 certificates from %s\n", | |
568 filename); | |
569 | |
570 /* Next, we'll simply yank the entire contents of the file | |
571 into memory */ | |
572 /* TODO: Should I worry about very large files here? */ | |
573 g_return_val_if_fail( | |
574 g_file_get_contents(filename, | |
575 &buf, | |
576 &buf_sz, | |
577 NULL /* No error checking for now */ | |
578 ), | |
579 NULL); | |
580 | |
581 begin = buf; | |
582 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) { | |
583 end += sizeof("-----END CERTIFICATE-----")-1; | |
584 /* Load the datum struct */ | |
585 dt.data = (unsigned char *) begin; | |
586 dt.size = (end-begin); | |
587 | |
588 /* Perform the conversion; files should be in PEM format */ | |
589 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM); | |
590 crts = g_slist_prepend(crts, crt); | |
591 begin = end; | |
592 } | |
593 | |
594 /* Cleanup */ | |
595 g_free(buf); | |
596 | |
597 return crts; | |
549 } | 598 } |
550 | 599 |
551 /** | 600 /** |
552 * Exports a PEM-formatted X.509 certificate to the specified file. | 601 * Exports a PEM-formatted X.509 certificate to the specified file. |
553 * @param filename Filename to export to. Format will be PEM | 602 * @param filename Filename to export to. Format will be PEM |
962 x509_cert_dn, /* Unique ID */ | 1011 x509_cert_dn, /* Unique ID */ |
963 x509_issuer_dn, /* Issuer Unique ID */ | 1012 x509_issuer_dn, /* Issuer Unique ID */ |
964 x509_common_name, /* Subject name */ | 1013 x509_common_name, /* Subject name */ |
965 x509_check_name, /* Check subject name */ | 1014 x509_check_name, /* Check subject name */ |
966 x509_times, /* Activation/Expiration time */ | 1015 x509_times, /* Activation/Expiration time */ |
967 | 1016 x509_importcerts_from_file, /* Multiple certificates import function */ |
968 NULL, | 1017 |
969 NULL, | 1018 NULL, |
970 NULL, | 1019 NULL, |
971 NULL | 1020 NULL |
972 | 1021 |
973 }; | 1022 }; |