Beispiel #1
0
static void provide_clicert(void *userdata, ne_session *sess,
                            const ne_ssl_dname *const *dname, int dncount)
{
    const char *ccfn = userdata;
    int n;

    printf("The server has requested a client certificate.\n");

#if 0
    /* display CA names? */
    for (n = 0; n < dncount; n++) {
        char *dn = ne_ssl_readable_dname(dname[n]);
        printf("Name: %s\n", dn);
        free(dn);
    }
#endif
    
    if (ne_ssl_clicert_encrypted(client_cert)) {
        const char *name = ne_ssl_clicert_name(client_cert);
        char *pass;
        
        if (!name) name = ccfn;
        
        printf("Client certificate `%s' is encrypted.\n", name);
        
        for (n = 0; n < 3; n++) {
            pass = fm_getpassword(_("Decryption password: "******"Password incorrect, try again.\n");
            } else {
                break;
            }
        }
    }
    
    if (!ne_ssl_clicert_encrypted(client_cert)) {
        printf("Using client certificate.\n");
        ne_ssl_set_clicert(session.sess, client_cert);
    }
    
}
Beispiel #2
0
int dav_startsessx(char *server, char *comment, int enable_ssl)
{
	FILE *p12 = NULL;
	const char *p12cert = "/tmp/usercert.p12";
	const char *userkey, *usercert, *userproxy;
  char buffer[128];

	/* Function to be executed once per thread, used to create the connection structure and set the server name */
	if(mutex == 0)
	{
		/* If no host specified, use the DPNS default one */
		if (!server)
			server = getenv("DPNS_HOST");

		/* Finish the function if the host is still NULL*/
		if (!server)
		{
			dav_error = SENOSHOST;
			return -1;
		}

		/* Trigger an error if the comment is too long */
		if(comment && (strlen(comment) > CA_MAXCOMMENTLEN))
		{
			dav_error = EINVAL;
			return -1;
		}

		pthread_once(&init_once, thread_init_once);

		connection = (struct dav_connection *)calloc(sizeof(struct dav_connection), 1);
		strcpy(connection->server, server);
		mutex = 1;
	}

	/* exit function if a session already exists */
	if(connection->session)
		return 0;	

	/* Retrieve userkey and usercert from environement variable */
	userkey   = getenv("X509_USER_KEY");
	usercert  = getenv("X509_USER_CERT");
  userproxy = getenv("X509_USER_PROXY");
  
  /* Use a proxy */
  if (enable_ssl) {
    if (userproxy) {
      userkey = usercert = userproxy;
    }
    /* Try default proxy location */
    else if (!userkey && !usercert) {
      struct stat stat_buf;

      snprintf(buffer, sizeof(buffer), "/tmp/x509up_u%d", getuid());
      /* No luck, try with host cert and key */
      if (stat(buffer, &stat_buf) != 0) {
        usercert = "/etc/grid-security/hostcert.pem";
        userkey  = "/etc/grid-security/hostkey.pem";
      }
    }

    debug_msg("User certificate: %s", usercert);
    debug_msg("User key:         %s", userkey);

    /* Try to open the certificate, create one if file does not exist yet */
    if ((p12 = fopen(p12cert, "r")) == NULL){
      if(convert_x509_to_p12(userkey, usercert, p12cert) == -1){
        fprintf(stderr, "An error occur in the certificate conversion\n");
        return -1;
      }
    }else {
      fclose(p12);
    }

    /* Try to open a session, return -1 and set the correct errno if it failed */
    if ((connection->session = ne_session_create("https", server, 443)) == NULL)
    {
      dav_error = ENSNACT;
      return -1;
    }
  }
  else {
    if ((connection->session = ne_session_create("http", server, 80)) == NULL)
    {
      dav_error = ENSNACT;
      return -1;
    }
  }

	/* manual checking for ssl credentials */
	ne_ssl_set_verify(connection->session, no_ssl_verification, NULL);

	/* Read the pkcs12 certificate */
  if (enable_ssl) {
    ne_ssl_client_cert *cert = ne_ssl_clicert_read(p12cert);
        if (cert == NULL) {
      ne_session_destroy(connection->session);
      dav_error = SECOMERR;
      return -1;
    }
    ne_ssl_set_clicert(connection->session, cert);
    ne_ssl_clicert_free(cert);
  }
	
	return 0;
}