static void provide_clicert(void *userdata, ne_session *sess,
const ne_ssl_dname *const *dname, int dncount)
{
const char *ccfn = userdata;
int n;
printf("The server has requested a client certificate.\n");
#if 0
/* display CA names? */
for (n = 0; n < dncount; n++) {
char *dn = ne_ssl_readable_dname(dname[n]);
printf("Name: %s\n", dn);
free(dn);
}
#endif
if (ne_ssl_clicert_encrypted(client_cert)) {
const char *name = ne_ssl_clicert_name(client_cert);
char *pass;
if (!name) name = ccfn;
printf("Client certificate `%s' is encrypted.\n", name);
for (n = 0; n < 3; n++) {
pass = fm_getpassword(_("Decryption password: "******"Password incorrect, try again.\n");
} else {
break;
}
}
}
if (!ne_ssl_clicert_encrypted(client_cert)) {
printf("Using client certificate.\n");
ne_ssl_set_clicert(session.sess, client_cert);
}
}
int dav_startsessx(char *server, char *comment, int enable_ssl)
{
FILE *p12 = NULL;
const char *p12cert = "/tmp/usercert.p12";
const char *userkey, *usercert, *userproxy;
char buffer[128];
/* Function to be executed once per thread, used to create the connection structure and set the server name */
if(mutex == 0)
{
/* If no host specified, use the DPNS default one */
if (!server)
server = getenv("DPNS_HOST");
/* Finish the function if the host is still NULL*/
if (!server)
{
dav_error = SENOSHOST;
return -1;
}
/* Trigger an error if the comment is too long */
if(comment && (strlen(comment) > CA_MAXCOMMENTLEN))
{
dav_error = EINVAL;
return -1;
}
pthread_once(&init_once, thread_init_once);
connection = (struct dav_connection *)calloc(sizeof(struct dav_connection), 1);
strcpy(connection->server, server);
mutex = 1;
}
/* exit function if a session already exists */
if(connection->session)
return 0;
/* Retrieve userkey and usercert from environement variable */
userkey = getenv("X509_USER_KEY");
usercert = getenv("X509_USER_CERT");
userproxy = getenv("X509_USER_PROXY");
/* Use a proxy */
if (enable_ssl) {
if (userproxy) {
userkey = usercert = userproxy;
}
/* Try default proxy location */
else if (!userkey && !usercert) {
struct stat stat_buf;
snprintf(buffer, sizeof(buffer), "/tmp/x509up_u%d", getuid());
/* No luck, try with host cert and key */
if (stat(buffer, &stat_buf) != 0) {
usercert = "/etc/grid-security/hostcert.pem";
userkey = "/etc/grid-security/hostkey.pem";
}
}
debug_msg("User certificate: %s", usercert);
debug_msg("User key: %s", userkey);
/* Try to open the certificate, create one if file does not exist yet */
if ((p12 = fopen(p12cert, "r")) == NULL){
if(convert_x509_to_p12(userkey, usercert, p12cert) == -1){
fprintf(stderr, "An error occur in the certificate conversion\n");
return -1;
}
}else {
fclose(p12);
}
/* Try to open a session, return -1 and set the correct errno if it failed */
if ((connection->session = ne_session_create("https", server, 443)) == NULL)
{
dav_error = ENSNACT;
return -1;
}
}
else {
if ((connection->session = ne_session_create("http", server, 80)) == NULL)
{
dav_error = ENSNACT;
return -1;
}
}
/* manual checking for ssl credentials */
ne_ssl_set_verify(connection->session, no_ssl_verification, NULL);
/* Read the pkcs12 certificate */
if (enable_ssl) {
ne_ssl_client_cert *cert = ne_ssl_clicert_read(p12cert);
if (cert == NULL) {
ne_session_destroy(connection->session);
dav_error = SECOMERR;
return -1;
}
ne_ssl_set_clicert(connection->session, cert);
ne_ssl_clicert_free(cert);
}
return 0;
}
