Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.3
gnutls
gnutls-implement-trust-store-dir.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-implement-trust-store-dir.diff of Package gnutls
From a6cef9220ae251e3b8f8d663c5fa7f888e3176d8 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nussel@suse.de> Date: Tue, 8 May 2012 15:47:02 +0200 Subject: [PATCH gnutls] implement trust store dir (since updated as some parts were introduced upstream) --- configure.ac | 18 ++++++++++++- lib/gnutls_x509.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 90 insertions(+), 2 deletions(-) Index: configure.ac =================================================================== --- configure.ac.orig 2012-11-08 23:05:32.000000000 +0000 +++ configure.ac 2012-11-16 23:18:51.000000000 +0000 @@ -301,9 +301,11 @@ AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) -if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x; then +if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x \ + -a "x$with_default_trust_store_dir" = x; then # auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html for i in \ + /etc/ssl/certs \ /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/cert.pem \ /usr/local/share/certs/ca-root-nss.crt \ @@ -321,6 +323,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi +if test "x$with_default_trust_store_dir" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], + ["$with_default_trust_store_dir"], [use the given directory default trust store]) +fi + if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) @@ -562,6 +569,7 @@ if features are disabled) Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir CRL file: $with_default_crl_file ]) Index: lib/gnutls_x509.c =================================================================== --- lib/gnutls_x509.c.orig 2012-09-22 01:01:26.000000000 +0100 +++ lib/gnutls_x509.c 2012-11-16 23:16:31.000000000 +0000 @@ -36,6 +36,7 @@ #include <gnutls_pk.h> #include <gnutls_str.h> #include <debug.h> +#include <dirent.h> #include <x509_b64.h> #include <gnutls_x509.h> #include "x509/common.h" @@ -1694,6 +1695,72 @@ set_x509_system_trust_file (gnutls_certi } #endif +#ifdef DEFAULT_TRUST_STORE_DIR +static int +_gnutls_certificate_set_x509_system_trust_dir (gnutls_certificate_credentials_t cred) +{ + DIR* dir; + struct dirent* buf, *de; + int ret, r = 0; + gnutls_datum_t cas; + size_t size; + char cafile[PATH_MAX]; + + dir = opendir(DEFAULT_TRUST_STORE_DIR); + if (dir == NULL) + { + gnutls_assert (); + return GNUTLS_E_FILE_ERROR; + } + + buf = alloca(offsetof(struct dirent, d_name) + pathconf(DEFAULT_TRUST_STORE_DIR, _PC_NAME_MAX) + 1); + + while (1) + { + if (readdir_r(dir, buf, &de)) + { + gnutls_assert(); + break; + } + if (de == NULL) + { + break; + } + if (strlen(de->d_name) < 4 || strcmp(de->d_name+strlen(de->d_name)-4, ".pem")) + { + continue; + } + + strcpy(cafile, DEFAULT_TRUST_STORE_DIR "/"); + strncat(cafile, de->d_name, sizeof(cafile)-strlen(cafile)-1); + cas.data = (void*)read_binary_file (cafile, &size); + if (cas.data == NULL) + { + gnutls_assert (); + continue; + } + + cas.size = size; + + ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, GNUTLS_X509_FMT_PEM); + + free (cas.data); + + if (ret < 0) + { + gnutls_assert (); + } + else + { + r += ret; + } + } + closedir(dir); + + return r; +} +#endif + /** * gnutls_certificate_set_x509_system_trust: * @cred: is a #gnutls_certificate_credentials_t structure. @@ -1712,7 +1779,7 @@ set_x509_system_trust_file (gnutls_certi int gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) { -#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) +#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) && !defined(DEFAULT_TRUST_STORE_DIR) int r = GNUTLS_E_UNIMPLEMENTED_FEATURE; #else int ret, r = 0; @@ -1730,6 +1797,11 @@ gnutls_certificate_set_x509_system_trust r += ret; #endif +#ifdef DEFAULT_TRUST_STORE_DIR + ret = _gnutls_certificate_set_x509_system_trust_dir(cred); + if (ret > 0) + r += ret; +#endif return r; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor