8 files changed, 25 insertions, 81 deletions
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 7fb33da9e..c82391625 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -568,13 +568,13 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 {
 	if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
 	{
-		/* CRLs get written to /etc/ipsec.d/crls/authkeyId.crl */
+		/* CRLs get written to /etc/ipsec.d/crls/<authkeyId>.crl */
 		crl_t *crl = (crl_t*)cert;
 	
 		cert->get_ref(cert);
 		if (add_crl(this, crl))
 		{
-			char buf[256];
+			char buf[BUF_LEN];
 			chunk_t chunk, hex;
 			identification_t *id;
 			
@@ -585,14 +585,7 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 			free(hex.ptr);
 			
 			chunk = cert->get_encoding(cert);
-			if (chunk_write(chunk, buf, 022, TRUE))
-			{
-				DBG1(DBG_CFG, "  written crl to '%s'", buf);
-			}
-			else
-			{
-				DBG1(DBG_CFG, "  writing crl to '%s' failed", buf);
-			}
+			chunk_write(chunk, buf, "crl", 022, TRUE);
 			free(chunk.ptr);
 		}
 	}
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index ce424f7d6..24ac5e8e7 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -208,7 +208,7 @@ void chunk_split(chunk_t chunk, const char *mode, ...)
 /**
  * Described in header.
  */
-bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
+bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force)
 {
 	mode_t oldmask;
 	FILE *fd;
@@ -216,7 +216,7 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
 
 	if (!force && access(path, F_OK) == 0)
 	{
-		DBG1("  file '%s' already exists", path);
+		DBG1("  %s file '%s' already exists", label, path);
 		return FALSE;
 	}
 	oldmask = umask(mask);
@@ -225,18 +225,20 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
 	{
 		if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len)
 		{
+			DBG1("  written to %s file '%s' (%d bytes)",
+				 label, path, chunk.len);
 			good = TRUE;
 		}
 		else
 		{
-			DBG1("  writing to file '%s' failed: %s", path, strerror(errno));
+			DBG1("  writing to %s file '%s' failed: %s",
+				 label, path, strerror(errno));
 		}
 		fclose(fd);
-		return TRUE;
 	}
 	else
 	{
-		DBG1("  could not open file '%s': %s", path, strerror(errno));
+		DBG1("  could not open %s file '%s': %s", label, path, strerror(errno));
 	}
 	umask(oldmask);
 	return good;
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index 37cbebfc5..f88e95ed3 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -86,8 +86,14 @@ void chunk_split(chunk_t chunk, const char *mode, ...);
 
 /**
   * Write the binary contents of a chunk_t to a file
-  */
-bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
+  *
+ * @param path			path where file is written to
+ * @param label			label specifying file type 
+ * @param mask			file mode creation mask
+ * @param force			overwrite existing file by force
+ * @return				TRUE if write operation was successful
+ */
+bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force);
 
 /**
  * Convert a chunk of data to hex encoding.
@@ -95,7 +101,6 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
  * The resulting string is '\\0' terminated, but the chunk does not include
  * the '\\0'. If buf is supplied, it must hold at least (chunk.len * 2 + 1).
  *
- * @param chunk			data to convert
  * @param buf			buffer to write to, NULL to malloc
  * @param uppercase		TRUE to use uppercase letters
  * @return				chunk of encoded data
diff --git a/src/openac/openac.c b/src/openac/openac.c
index a35bc51ad..8b0117156 100755
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -564,9 +564,8 @@ int main(int argc, char **argv)
 	
 		/* write the attribute certificate to file */
 		attr_chunk = attr_cert->get_encoding(attr_cert);
-		if (chunk_write(attr_chunk, outfile, 0022, TRUE))
+		if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE))
 		{
-			DBG1("  wrote attribute cert file '%s' (%u bytes)", outfile, attr_chunk.len);
 			write_serial(serial);
 			status = 0;
 		}
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index eb9765b0b..21ea8e0a9 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -308,7 +308,7 @@ insert_crl(chunk_t blob, chunk_t crl_uri, bool cache_crl)
 
 			datatot(subjectKeyID.ptr, subjectKeyID.len, 16, buf, BUF_LEN);
 			snprintf(path, BUF_LEN, "%s/%s.crl", CRL_PATH, buf);
-			write_chunk(path, "crl", crl->certificateList, 0022, TRUE);
+			chunk_write(crl->certificateList, path, "crl",  0022, TRUE);
 		}
 
 		/* is the fetched crl valid? */
diff --git a/src/pluto/defs.c b/src/pluto/defs.c
index 09fd8415b..84c269aa0 100644
--- a/src/pluto/defs.c
+++ b/src/pluto/defs.c
@@ -94,55 +94,6 @@ mv_chunk(u_char **pos, chunk_t content)
 	}
 }
 
-/*
- * write the binary contents of a chunk_t to a file
- */
-bool
-write_chunk(const char *filename, const char *label, chunk_t ch
-, mode_t mask, bool force)
-{
-	mode_t oldmask;
-	FILE *fd;
-	size_t written;
-
-	if (!force)
-	{
-		fd = fopen(filename, "r");
-		if (fd)
-		{
-			fclose(fd);
-			plog("  %s file '%s' already exists", label, filename);
-			return FALSE;
-		}
-	}
-
-	/* set umask */
-	oldmask = umask(mask);
-
-	fd = fopen(filename, "w");
-
-	if (fd)
-	{
-		written = fwrite(ch.ptr, sizeof(u_char), ch.len, fd);
-		fclose(fd);
-		if (written != ch.len)
-		{
-			plog("  writing to %s file '%s' failed", label, filename);
-			umask(oldmask);
-			return FALSE;
-		}
-		plog("  written %s file '%s' (%d bytes)", label, filename, (int)ch.len);
-		umask(oldmask);
-		return TRUE;
-	}
-	else
-	{
-		plog("  could not open %s file '%s' for writing", label, filename);
-		umask(oldmask);
-		return FALSE;
-	}
-}
-
 /*  checks if the expiration date has been reached and
  *  warns during the warning_interval of the imminent
  *  expiry. strict=TRUE declares a fatal error,
diff --git a/src/pluto/defs.h b/src/pluto/defs.h
index 5cb84ef72..ac4f20e3c 100644
--- a/src/pluto/defs.h
+++ b/src/pluto/defs.h
@@ -63,10 +63,6 @@ extern const char* concatenate_paths(const char *a, const char *b);
 /* move a chunk to a memory position and free it after insertion */
 extern void mv_chunk(u_char **pos, chunk_t content);
 
-/* write the binary contents of a chunk_t to a file */
-extern bool write_chunk(const char *filename, const char *label, chunk_t ch
-	,mode_t mask, bool force);
-
 /* warns a predefined interval before expiry */
 extern const char* check_expiry(time_t expiration_date,
 	int warning_interval, bool strict);
@@ -88,10 +84,8 @@ typedef struct dirent dirent_t;
 extern int file_select(const dirent_t *entry);
 
 /* cleanly exit Pluto */
-
 extern void exit_pluto(int /*status*/) NEVER_RETURNS;
 
-
 /* zero all bytes */
 #define zero(x) memset((x), '\0', sizeof(*(x)))
 
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index f4a63bfbf..eb1c2af42 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -879,7 +879,7 @@ int main(int argc, char **argv)
 	{
 		const char *path = concatenate_paths(REQ_PATH, file_out_pkcs10);
 
-		if (!write_chunk(path, "pkcs10", pkcs10->request, 0022, force))
+		if (!chunk_write(pkcs10->request,path, "pkcs10",  0022, force))
 			exit_scepclient("could not write pkcs10 file '%s'", path);
 
 		filetype_out &= ~PKCS10;   /* delete PKCS10 flag */
@@ -902,7 +902,7 @@ int main(int argc, char **argv)
 		)
 		pkcs1 = pkcs1_build_private_key(private_key);
 
-		if (!write_chunk(path, "pkcs1", pkcs1, 0066, force))
+		if (!chunk_write(pkcs1, path, "pkcs1", 0066, force))
 			exit_scepclient("could not write pkcs1 file '%s'", path);
 
 		filetype_out &= ~PKCS1;   /* delete PKCS1 flag */
@@ -940,7 +940,7 @@ int main(int argc, char **argv)
 	{
 		const char *path = concatenate_paths(HOST_CERT_PATH, file_out_cert_self);
 
-		if (!write_chunk(path, "self-signed cert", x509_signer->certificate, 0022, force))
+		if (!chunk_write(x509_signer->certificate, path, "self-signed cert", 0022, force))
 			exit_scepclient("could not write self-signed cert file '%s'", path);
 ;
 		filetype_out &= ~CERT_SELF;   /* delete CERT_SELF flag */
@@ -996,7 +996,7 @@ int main(int argc, char **argv)
 	{
 		const char *path = concatenate_paths(REQ_PATH, file_out_pkcs7);
 
-		if (!write_chunk(path, "pkcs7 encrypted request", pkcs7, 0022, force))
+		if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
 			exit_scepclient("could not write pkcs7 file '%s'", path);
 ;
 		filetype_out &= ~PKCS7;   /* delete PKCS7 flag */
@@ -1120,7 +1120,7 @@ int main(int argc, char **argv)
 			{
 				if (stored)
 					exit_scepclient("multiple certs received, only first stored");
-				if (!write_chunk(path, "requested cert", cert->certificate, 0022, force))
+				if (!chunk_write(cert->certificate, path, "requested cert", 0022, force))
 					exit_scepclient("could not write cert file '%s'", path);
 				stored = TRUE;
 			}