diff options
| author | Martin Willi <martin@revosec.ch> | 2010-11-12 16:10:00 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:45:46 +0100 |
| commit | 90994a8a5cf8376638930499875cc3c0cc07db05 (patch) | |
| tree | 132ba323c217b7f980c15a831965e5c8cd88253d /src | |
| parent | 00d8b9a6383234fafc7b8098ad96e9ad4b647b1f (diff) | |
| download | strongswan-90994a8a5cf8376638930499875cc3c0cc07db05.tar.bz2 strongswan-90994a8a5cf8376638930499875cc3c0cc07db05.tar.xz | |
Support loading of certificate revocation lists
Diffstat (limited to 'src')
| -rw-r--r-- | src/conftest/conftest.c | 85 |
1 files changed, 44 insertions, 41 deletions
diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c index 7de88ce73..f18ad7e84 100644 --- a/src/conftest/conftest.c +++ b/src/conftest/conftest.c @@ -87,69 +87,72 @@ static bool load_configs(char *suite_file, char *test_file) } /** - * Load certificates from the confiuguration file + * Load trusted/untrusted certificates */ -static bool load_certs(settings_t *settings, char *dir) +static bool load_trusted_cert(settings_t *settings, bool trusted) { enumerator_t *enumerator; - char *key, *value, wd[PATH_MAX]; - certificate_t *cert; - - if (getcwd(wd, sizeof(wd)) == NULL) - { - fprintf(stderr, "getting cwd failed: %s\n", strerror(errno)); - return FALSE; - } - if (chdir(dir) != 0) - { - fprintf(stderr, "opening directory '%s' failed: %s\n", - dir, strerror(errno)); - return FALSE; - } + char *key, *value; - enumerator = settings->create_key_value_enumerator(settings, "certs.trusted"); + enumerator = settings->create_key_value_enumerator(settings, + trusted ? "certs.trusted" : "certs.untrusted"); while (enumerator->enumerate(enumerator, &key, &value)) { - if (!strcaseeq(key, "x509")) + certificate_t *cert = NULL; + + if (strcaseeq(key, "x509")) { - fprintf(stderr, "certificate type '%s' not supported\n", key); - enumerator->destroy(enumerator); - return FALSE; + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_X509, BUILD_FROM_FILE, value, BUILD_END); } - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FILE, value, BUILD_END); - if (!cert) + else if (strcaseeq(key, "crl")) { - fprintf(stderr, "loading trusted certificate " - "'%s' from '%s' failed\n", key, value); - enumerator->destroy(enumerator); - return FALSE; + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END); } - conftest->creds->add_cert(conftest->creds, TRUE, cert); - } - enumerator->destroy(enumerator); - - enumerator = settings->create_key_value_enumerator(settings, "certs.untrusted"); - while (enumerator->enumerate(enumerator, &key, &value)) - { - if (!strcaseeq(key, "x509")) + else { fprintf(stderr, "certificate type '%s' not supported\n", key); enumerator->destroy(enumerator); return FALSE; } - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FILE, value, BUILD_END); if (!cert) { - fprintf(stderr, "loading untrusted certificate " - "'%s' from '%s' failed\n", key, value); + fprintf(stderr, "loading %strusted certificate '%s' from '%s' " + "failed\n", trusted ? "" : "un", key, value); enumerator->destroy(enumerator); return FALSE; } - conftest->creds->add_cert(conftest->creds, FALSE, cert); + conftest->creds->add_cert(conftest->creds, trusted, cert); } enumerator->destroy(enumerator); + return TRUE; +} + +/** + * Load certificates from the confiuguration file + */ +static bool load_certs(settings_t *settings, char *dir) +{ + char wd[PATH_MAX]; + + if (getcwd(wd, sizeof(wd)) == NULL) + { + fprintf(stderr, "getting cwd failed: %s\n", strerror(errno)); + return FALSE; + } + if (chdir(dir) != 0) + { + fprintf(stderr, "opening directory '%s' failed: %s\n", + dir, strerror(errno)); + return FALSE; + } + + if (!load_trusted_cert(settings, TRUE) || + !load_trusted_cert(settings, FALSE)) + { + return FALSE; + } if (chdir(wd) != 0) { |