Mercurial > pidgin

diff libpurple/plugins/ssl/ssl-gnutls.c @ 29647:c35fd54ec64b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement reading multiple certificates from a single "bundle" of certificates in one file. This is most helpful for systems where system CA certs are installed as a bundle. Please test, preferably after removing any cached certificates from ~/.purple/certificates/x509/tls_peers/
author Stu Tomlinson <stu@nosnilmot.com>
date Sat, 27 Mar 2010 03:55:09 +0000
parents 401a00227615
children 9bfa52f8ee87
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c	Sat Mar 27 02:11:31 2010 +0000
+++ b/libpurple/plugins/ssl/ssl-gnutls.c	Sat Mar 27 03:55:09 2010 +0000
@@ -548,6 +548,55 @@
 	return crt;
 }
 
+/** Imports a number of PEM-formatted X.509 certificates from the specified file.
+ * @param filename Filename to import from. Format is PEM
+ *
+ * @return A newly allocated GSList of Certificate structures of the x509_gnutls scheme
+ */
+static GSList *
+x509_importcerts_from_file(const gchar * filename)
+{
+	PurpleCertificate *crt;  /* Certificate being constructed */
+	gchar *buf;        /* Used to load the raw file data */
+	gchar *begin, *end;
+	GSList *crts = NULL;
+	gsize buf_sz;      /* Size of the above */
+	gnutls_datum dt; /* Struct to pass down to GnuTLS */
+
+	purple_debug_info("gnutls",
+			  "Attempting to load X.509 certificates from %s\n",
+			  filename);
+
+	/* Next, we'll simply yank the entire contents of the file
+	   into memory */
+	/* TODO: Should I worry about very large files here? */
+	g_return_val_if_fail(
+		g_file_get_contents(filename,
+			    &buf,
+			    &buf_sz,
+			    NULL      /* No error checking for now */
+		),
+		NULL);
+
+	begin = buf;
+	while((end = strstr(begin, "-----END CERTIFICATE-----")) != NULL) {
+		end += sizeof("-----END CERTIFICATE-----")-1;
+		/* Load the datum struct */
+		dt.data = (unsigned char *) begin;
+		dt.size = (end-begin);
+
+		/* Perform the conversion; files should be in PEM format */
+		crt = x509_import_from_datum(dt, GNUTLS_X509_FMT_PEM);
+		crts = g_slist_prepend(crts, crt);
+		begin = end;
+	}
+
+	/* Cleanup */
+	g_free(buf);
+
+	return crts;
+}
+
 /**
  * Exports a PEM-formatted X.509 certificate to the specified file.
  * @param filename Filename to export to. Format will be PEM
@@ -964,10 +1013,10 @@
 	x509_common_name,                /* Subject name */
 	x509_check_name,                 /* Check subject name */
 	x509_times,                      /* Activation/Expiration time */
+	x509_importcerts_from_file,      /* Multiple certificates import function */
 
 	NULL,
 	NULL,
-	NULL,
 	NULL
 
 };