summaryrefslogtreecommitdiff
path: root/louloulibs/network/credentials_manager.cpp
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2016-12-21 21:25:17 +0100
committerJonas Smedegaard <dr@jones.dk>2016-12-21 21:25:17 +0100
commitdc1ad45aea9a10007a31ae449b1e0fe352a8a6cd (patch)
treeeb233ce97fc828e2edba69a82a1e7314b92771d3 /louloulibs/network/credentials_manager.cpp
parenta077b304b27d21bf635ef4f31a2a0447d3b14d11 (diff)
parentf820d86aadb7a5473bcc0a0a3669732ab0182555 (diff)
downloadbiboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.tar.gz
biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.tar.bz2
biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.tar.xz
biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.zip
Merge tag 'upstream/4.0'
Upstream version 4.0 # gpg: Signature made Wed Dec 21 21:25:11 2016 CET # gpg: using RSA key 2C7C3146C1A00121 # gpg: Good signature from "Jonas Smedegaard <dr@jones.dk>" # gpg: aka "Jonas Smedegaard <jonas@homebase.dk>" # gpg: aka "Jonas Smedegaard <js@debian.org>" # gpg: aka "[jpeg image of size 4165]"
Diffstat (limited to 'louloulibs/network/credentials_manager.cpp')
-rw-r--r--louloulibs/network/credentials_manager.cpp47
1 files changed, 26 insertions, 21 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp
index ee83c3b..ed04d24 100644
--- a/louloulibs/network/credentials_manager.cpp
+++ b/louloulibs/network/credentials_manager.cpp
@@ -29,7 +29,7 @@ BasicCredentialsManager::BasicCredentialsManager(const TCPSocketHandler* const s
socket_handler(socket_handler),
trusted_fingerprint{}
{
- this->load_certs();
+ BasicCredentialsManager::load_certs();
}
void BasicCredentialsManager::set_trusted_fingerprint(const std::string& fingerprint)
@@ -62,17 +62,8 @@ void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
}
}
-void BasicCredentialsManager::load_certs()
+bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
{
- // Only load the certificates the first time
- if (BasicCredentialsManager::certs_loaded)
- return;
- const std::string conf_path = Config::get("ca_file", "");
- std::vector<std::string> paths;
- if (conf_path.empty())
- paths = default_cert_files;
- else
- paths.push_back(conf_path);
for (const auto& path: paths)
{
try
@@ -87,25 +78,39 @@ void BasicCredentialsManager::load_certs()
// will be ignored. As a result, some TLS connection may be refused
// because the certificate is signed by an issuer that was ignored.
try {
- const Botan::X509_Certificate cert(bundle);
- BasicCredentialsManager::certificate_store.add_certificate(cert);
- } catch (const Botan::Decoding_Error& error)
- {
+ Botan::X509_Certificate cert(bundle);
+ BasicCredentialsManager::certificate_store.add_certificate(std::move(cert));
+ } catch (const Botan::Decoding_Error& error) {
continue;
}
}
// Only use the first file that can successfully be read.
- goto success;
+ return true;
}
- catch (Botan::Stream_IO_Error& e)
+ catch (const Botan::Stream_IO_Error& e)
{
log_debug(e.what());
}
}
- // If we could not open one of the files, print a warning
- log_warning("The CA could not be loaded, TLS negociation will probably fail.");
- success:
- BasicCredentialsManager::certs_loaded = true;
+ return false;
+}
+
+void BasicCredentialsManager::load_certs()
+{
+ // Only load the certificates the first time
+ if (BasicCredentialsManager::certs_loaded)
+ return;
+ const std::string conf_path = Config::get("ca_file", "");
+ std::vector<std::string> paths;
+ if (conf_path.empty())
+ paths = default_cert_files;
+ else
+ paths.push_back(conf_path);
+
+ if (BasicCredentialsManager::try_to_open_one_ca_bundle(paths))
+ BasicCredentialsManager::certs_loaded = true;
+ else
+ log_warning("The CA could not be loaded, TLS negociation will probably fail.");
}
std::vector<Botan::Certificate_Store*> BasicCredentialsManager::trusted_certificate_authorities(const std::string&, const std::string&)