feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add path handling (basic) for load_verify_locations()

Browse Source
This commit is contained in:
toddouska
2012-02-08 18:07:20 -08:00
parent f0bec7dd02
commit bce2508878
6 changed files with 73 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.0.6],[http://www.yassl.com])
AC_INIT([cyassl],[2.0.6b],[http://www.yassl.com])
AC_CONFIG_AUX_DIR(config)

3
cyassl/ctaocrypt/types.h
View File

@@ -164,10 +164,11 @@ enum {
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
/* strstr and strncmp only used by CyaSSL proper, not required for
/* strstr, strncmp, and strncat only used by CyaSSL proper, not required for
CTaoCrypt only */
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#endif
#ifdef HAVE_ECC

1
cyassl/error.h
View File

@@ -90,6 +90,7 @@ enum CyaSSL_ErrorCodes {
ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */
BAD_MUTEX_ERROR = -256, /* Bad mutex */
NOT_CA_ERROR = -257, /* Not a CA cert error */
BAD_PATH_ERROR = -258, /* Bad path for opendir */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */

1
cyassl/internal.h
View File

@@ -359,6 +359,7 @@ enum Misc {
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
MAX_FILENAME_SZ = 256, /* max file name length */
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
will use dynamic buffer if not big enough */

4
src/internal.c
View File

@@ -3351,6 +3351,10 @@ void SetErrorString(int error, char* str)
XSTRNCPY(str, "Not a CA by basic constraint error", max);
break;
case BAD_PATH_ERROR:
XSTRNCPY(str, "Bad path for opendir error", max);
break;
default :
XSTRNCPY(str, "unknown error number", max);
}

66
src/ssl.c
View File

@@ -52,6 +52,14 @@
#include <cyassl/ctaocrypt/md5.h>
#endif
#ifndef NO_FILESYSTEM
#ifdef USE_WINDOWS_API
#else
#include <dirent.h>
#endif /* USE_WINDOWS_API */
#endif /* NO_FILESYSTEM */
#ifndef min
@@ -1085,17 +1093,71 @@ static int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
}
/* just one for now TODO: add dir support from path */
/* loads each file in path, no c_rehash */
int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
const char* path)
{
int ret;
CYASSL_ENTER("SSL_CTX_load_verify_locations");
(void)path;
if (ctx == NULL || file == NULL)
return SSL_FAILURE;
return ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0);
ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0);
if (ret == SSL_SUCCESS && path) {
/* try to load each regular file in path */
#ifdef USE_WINDOWS_API
WIN32_FIND_DATAA FindFileData;
HANDLE hFind;
char name[MAX_FILENAME_SZ];
XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
XSTRNCAT(name, "\\*", 3);
hFind = FindFirstFileA(name, &FindFileData);
if (hFind == INVALID_HANDLE_VALUE) {
CYASSL_MSG("FindFirstFile for path verify locations failed");
return BAD_PATH_ERROR;
}
do {
if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
XSTRNCAT(name, "\\", 2);
XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0);
}
} while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
FindClose(hFind);
#else
struct dirent* entry;
DIR* dir = opendir(path);
if (dir == NULL) {
CYASSL_MSG("opendir path verify locations failed");
return BAD_PATH_ERROR;
}
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0);
}
}
closedir(dir);
#endif
}
return ret;
}