diff options
author | Florent Le Coz <louiz@louiz.org> | 2015-11-05 02:16:21 +0100 |
---|---|---|
committer | Florent Le Coz <louiz@louiz.org> | 2015-11-05 02:17:19 +0100 |
commit | 5ce9d3f1429228746fcee724a44860f16ad166f5 (patch) | |
tree | 78c7a281d2c82bee7d317cb2baa8f652ee99dbeb /louloulibs | |
parent | e8386bd14e9783f0bef39bdf577545522e33e719 (diff) | |
download | biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.tar.gz biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.tar.bz2 biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.tar.xz biboumi-5ce9d3f1429228746fcee724a44860f16ad166f5.zip |
Make the CA file configurable
Diffstat (limited to 'louloulibs')
-rw-r--r-- | louloulibs/network/credentials_manager.cpp | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/louloulibs/network/credentials_manager.cpp b/louloulibs/network/credentials_manager.cpp index b9a9af8..57100ee 100644 --- a/louloulibs/network/credentials_manager.cpp +++ b/louloulibs/network/credentials_manager.cpp @@ -5,11 +5,22 @@ #include <network/credentials_manager.hpp> #include <logger/logger.hpp> #include <botan/tls_exceptn.h> +#include <config/config.hpp> #ifdef USE_DATABASE # include <database/database.hpp> #endif +/** + * TODO find a standard way to find that out. + */ +static const std::vector<std::string> default_cert_files = { + "/etc/ssl/certs/ca-bundle.crt", + "/etc/pki/tls/certs/ca-bundle.crt", + "/etc/ssl/certs/ca-certificates.crt", + "/etc/ca-certificates/extracted/tls-ca-bundle.pem" +}; + Botan::Certificate_Store_In_Memory Basic_Credentials_Manager::certificate_store; bool Basic_Credentials_Manager::certs_loaded = false; @@ -43,16 +54,34 @@ void Basic_Credentials_Manager::load_certs() // Only load the certificates the first time if (Basic_Credentials_Manager::certs_loaded) return; - const std::vector<std::string> paths = {"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}; + const std::string conf_path = Config::get("ca_file", ""); + std::vector<std::string> paths; + if (conf_path.empty()) + paths = default_cert_files; + else + paths.push_back(conf_path); for (const auto& path: paths) { - Botan::DataSource_Stream bundle(path); - while (!bundle.end_of_data() && bundle.check_available(27)) + try + { + Botan::DataSource_Stream bundle(path); + log_debug("Using ca bundle: " << path); + while (!bundle.end_of_data() && bundle.check_available(27)) + { + const Botan::X509_Certificate cert(bundle); + Basic_Credentials_Manager::certificate_store.add_certificate(cert); + } + // Only use the first file that can successfully be read. + goto success; + } + catch (Botan::Stream_IO_Error& e) { - const Botan::X509_Certificate cert(bundle); - Basic_Credentials_Manager::certificate_store.add_certificate(cert); + log_debug(e.what()); } } + // If we could not open one of the files, print a warning + log_warning("The CA could not be loaded, TLS negociation will probably fail."); + success: Basic_Credentials_Manager::certs_loaded = true; } |