summaryrefslogtreecommitdiff
path: root/louloulibs
diff options
context:
space:
mode:
authorFlorent Le Coz <louiz@louiz.org>2015-11-05 02:16:21 +0100
committerFlorent Le Coz <louiz@louiz.org>2015-11-05 02:17:19 +0100
commit5ce9d3f1429228746fcee724a44860f16ad166f5 (patch)
tree78c7a281d2c82bee7d317cb2baa8f652ee99dbeb /louloulibs
parente8386bd14e9783f0bef39bdf577545522e33e719 (diff)
downloadbiboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.tar.gz
biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.tar.bz2
biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.tar.xz
biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.zip
Make the CA file configurable
Diffstat (limited to 'louloulibs')
-rw-r--r--louloulibs/network/credentials_manager.cpp39
1 files changed, 34 insertions, 5 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp
index b9a9af8..57100ee 100644
--- a/louloulibs/network/credentials_manager.cpp
+++ b/louloulibs/network/credentials_manager.cpp
@@ -5,11 +5,22 @@
#include <network/credentials_manager.hpp>
#include <logger/logger.hpp>
#include <botan/tls_exceptn.h>
+#include <config/config.hpp>
#ifdef USE_DATABASE
# include <database/database.hpp>
#endif
+/**
+ * TODO find a standard way to find that out.
+ */
+static const std::vector<std::string> default_cert_files = {
+ "/etc/ssl/certs/ca-bundle.crt",
+ "/etc/pki/tls/certs/ca-bundle.crt",
+ "/etc/ssl/certs/ca-certificates.crt",
+ "/etc/ca-certificates/extracted/tls-ca-bundle.pem"
+};
+
Botan::Certificate_Store_In_Memory Basic_Credentials_Manager::certificate_store;
bool Basic_Credentials_Manager::certs_loaded = false;
@@ -43,16 +54,34 @@ void Basic_Credentials_Manager::load_certs()
// Only load the certificates the first time
if (Basic_Credentials_Manager::certs_loaded)
return;
- const std::vector<std::string> paths = {"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"};
+ const std::string conf_path = Config::get("ca_file", "");
+ std::vector<std::string> paths;
+ if (conf_path.empty())
+ paths = default_cert_files;
+ else
+ paths.push_back(conf_path);
for (const auto& path: paths)
{
- Botan::DataSource_Stream bundle(path);
- while (!bundle.end_of_data() && bundle.check_available(27))
+ try
+ {
+ Botan::DataSource_Stream bundle(path);
+ log_debug("Using ca bundle: " << path);
+ while (!bundle.end_of_data() && bundle.check_available(27))
+ {
+ const Botan::X509_Certificate cert(bundle);
+ Basic_Credentials_Manager::certificate_store.add_certificate(cert);
+ }
+ // Only use the first file that can successfully be read.
+ goto success;
+ }
+ catch (Botan::Stream_IO_Error& e)
{
- const Botan::X509_Certificate cert(bundle);
- Basic_Credentials_Manager::certificate_store.add_certificate(cert);
+ log_debug(e.what());
}
}
+ // If we could not open one of the files, print a warning
+ log_warning("The CA could not be loaded, TLS negociation will probably fail.");
+ success:
Basic_Credentials_Manager::certs_loaded = true;
}