diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2016-12-21 21:25:17 +0100 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2016-12-21 21:25:17 +0100 |
| commit | dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd (patch) | |
| tree | eb233ce97fc828e2edba69a82a1e7314b92771d3 /louloulibs/network/credentials_manager.cpp | |
| parent | a077b304b27d21bf635ef4f31a2a0447d3b14d11 (diff) | |
| parent | f820d86aadb7a5473bcc0a0a3669732ab0182555 (diff) | |
| download | biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.tar.gz biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.tar.bz2 biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.tar.xz biboumi-dc1ad45aea9a10007a31ae449b1e0fe352a8a6cd.zip | |
Merge tag 'upstream/4.0'
Upstream version 4.0
# gpg: Signature made Wed Dec 21 21:25:11 2016 CET
# gpg: using RSA key 2C7C3146C1A00121
# gpg: Good signature from "Jonas Smedegaard <dr@jones.dk>"
# gpg: aka "Jonas Smedegaard <jonas@homebase.dk>"
# gpg: aka "Jonas Smedegaard <js@debian.org>"
# gpg: aka "[jpeg image of size 4165]"
Diffstat (limited to 'louloulibs/network/credentials_manager.cpp')
| -rw-r--r-- | louloulibs/network/credentials_manager.cpp | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp index ee83c3b..ed04d24 100644 --- a/louloulibs/network/credentials_manager.cpp +++ b/louloulibs/network/credentials_manager.cpp @@ -29,7 +29,7 @@ BasicCredentialsManager::BasicCredentialsManager(const TCPSocketHandler* const s socket_handler(socket_handler), trusted_fingerprint{} { - this->load_certs(); + BasicCredentialsManager::load_certs(); } void BasicCredentialsManager::set_trusted_fingerprint(const std::string& fingerprint) @@ -62,17 +62,8 @@ void BasicCredentialsManager::verify_certificate_chain(const std::string& type, } } -void BasicCredentialsManager::load_certs() +bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths) { - // Only load the certificates the first time - if (BasicCredentialsManager::certs_loaded) - return; - const std::string conf_path = Config::get("ca_file", ""); - std::vector<std::string> paths; - if (conf_path.empty()) - paths = default_cert_files; - else - paths.push_back(conf_path); for (const auto& path: paths) { try @@ -87,25 +78,39 @@ void BasicCredentialsManager::load_certs() // will be ignored. As a result, some TLS connection may be refused // because the certificate is signed by an issuer that was ignored. try { - const Botan::X509_Certificate cert(bundle); - BasicCredentialsManager::certificate_store.add_certificate(cert); - } catch (const Botan::Decoding_Error& error) - { + Botan::X509_Certificate cert(bundle); + BasicCredentialsManager::certificate_store.add_certificate(std::move(cert)); + } catch (const Botan::Decoding_Error& error) { continue; } } // Only use the first file that can successfully be read. - goto success; + return true; } - catch (Botan::Stream_IO_Error& e) + catch (const Botan::Stream_IO_Error& e) { log_debug(e.what()); } } - // If we could not open one of the files, print a warning - log_warning("The CA could not be loaded, TLS negociation will probably fail."); - success: - BasicCredentialsManager::certs_loaded = true; + return false; +} + +void BasicCredentialsManager::load_certs() +{ + // Only load the certificates the first time + if (BasicCredentialsManager::certs_loaded) + return; + const std::string conf_path = Config::get("ca_file", ""); + std::vector<std::string> paths; + if (conf_path.empty()) + paths = default_cert_files; + else + paths.push_back(conf_path); + + if (BasicCredentialsManager::try_to_open_one_ca_bundle(paths)) + BasicCredentialsManager::certs_loaded = true; + else + log_warning("The CA could not be loaded, TLS negociation will probably fail."); } std::vector<Botan::Certificate_Store*> BasicCredentialsManager::trusted_certificate_authorities(const std::string&, const std::string&) |