Mercurial > pidgin
comparison libpurple/plugins/ssl/ssl-gnutls.c @ 29647:c35fd54ec64b
Implement reading multiple certificates from a single "bundle" of
certificates in one file. This is most helpful for systems where system
CA certs are installed as a bundle.
Please test, preferably after removing any cached certificates from
~/.purple/certificates/x509/tls_peers/
| author | Stu Tomlinson <stu@nosnilmot.com> |
|---|---|
| date | Sat, 27 Mar 2010 03:55:09 +0000 |
| parents | 401a00227615 |
| children | 9bfa52f8ee87 |
comparison
equal
deleted
inserted
replaced
| 29646:55a807c06fbb | 29647:c35fd54ec64b |
|---|---|
| 544 | 544 |
| 545 /* Cleanup */ | 545 /* Cleanup */ |
| 546 g_free(buf); | 546 g_free(buf); |
| 547 | 547 |
| 548 return crt; | 548 return crt; |
| 549 } | |
| 550 | |
| 551 /** Imports a number of PEM-formatted X.509 certificates from the specified file. | |
| 552 * @param filename Filename to import from. Format is PEM | |
| 553 * | |
| 554 * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme | |
| 555 */ | |
| 556 static GSList * | |
| 557 x509_importcerts_from_file(const gchar * filename) | |
| 558 { | |
| 559 PurpleCertificate *crt; /* Certificate being constructed */ | |
| 560 gchar *buf; /* Used to load the raw file data */ | |
| 561 gchar *begin, *end; | |
| 562 GSList *crts = NULL; | |
| 563 gsize buf_sz; /* Size of the above */ | |
| 564 gnutls_datum dt; /* Struct to pass down to GnuTLS */ | |
| 565 | |
| 566 purple_debug_info("gnutls", | |
| 567 "Attempting to load X.509 certificates from %s\n", | |
| 568 filename); | |
| 569 | |
| 570 /* Next, we'll simply yank the entire contents of the file | |
| 571 into memory */ | |
| 572 /* TODO: Should I worry about very large files here? */ | |
| 573 g_return_val_if_fail( | |
| 574 g_file_get_contents(filename, | |
| 575 &buf, | |
| 576 &buf_sz, | |
| 577 NULL /* No error checking for now */ | |
| 578 ), | |
| 579 NULL); | |
| 580 | |
| 581 begin = buf; | |
| 582 while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) { | |
| 583 end += sizeof("-----END CERTIFICATE-----")-1; | |
| 584 /* Load the datum struct */ | |
| 585 dt.data = (unsigned char *) begin; | |
| 586 dt.size = (end-begin); | |
| 587 | |
| 588 /* Perform the conversion; files should be in PEM format */ | |
| 589 crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM); | |
| 590 crts = g_slist_prepend(crts, crt); | |
| 591 begin = end; | |
| 592 } | |
| 593 | |
| 594 /* Cleanup */ | |
| 595 g_free(buf); | |
| 596 | |
| 597 return crts; | |
| 549 } | 598 } |
| 550 | 599 |
| 551 /** | 600 /** |
| 552 * Exports a PEM-formatted X.509 certificate to the specified file. | 601 * Exports a PEM-formatted X.509 certificate to the specified file. |
| 553 * @param filename Filename to export to. Format will be PEM | 602 * @param filename Filename to export to. Format will be PEM |
| 962 x509_cert_dn, /* Unique ID */ | 1011 x509_cert_dn, /* Unique ID */ |
| 963 x509_issuer_dn, /* Issuer Unique ID */ | 1012 x509_issuer_dn, /* Issuer Unique ID */ |
| 964 x509_common_name, /* Subject name */ | 1013 x509_common_name, /* Subject name */ |
| 965 x509_check_name, /* Check subject name */ | 1014 x509_check_name, /* Check subject name */ |
| 966 x509_times, /* Activation/Expiration time */ | 1015 x509_times, /* Activation/Expiration time */ |
| 967 | 1016 x509_importcerts_from_file, /* Multiple certificates import function */ |
| 968 NULL, | 1017 |
| 969 NULL, | 1018 NULL, |
| 970 NULL, | 1019 NULL, |
| 971 NULL | 1020 NULL |
| 972 | 1021 |
| 973 }; | 1022 }; |