static void provide_clicert(void *userdata, ne_session *sess, const ne_ssl_dname *const *dname, int dncount) { const char *ccfn = userdata; int n; printf("The server has requested a client certificate.\n"); #if 0 /* display CA names? */ for (n = 0; n < dncount; n++) { char *dn = ne_ssl_readable_dname(dname[n]); printf("Name: %s\n", dn); free(dn); } #endif if (ne_ssl_clicert_encrypted(client_cert)) { const char *name = ne_ssl_clicert_name(client_cert); char *pass; if (!name) name = ccfn; printf("Client certificate `%s' is encrypted.\n", name); for (n = 0; n < 3; n++) { pass = fm_getpassword(_("Decryption password: "******"Password incorrect, try again.\n"); } else { break; } } } if (!ne_ssl_clicert_encrypted(client_cert)) { printf("Using client certificate.\n"); ne_ssl_set_clicert(session.sess, client_cert); } }
int dav_startsessx(char *server, char *comment, int enable_ssl) { FILE *p12 = NULL; const char *p12cert = "/tmp/usercert.p12"; const char *userkey, *usercert, *userproxy; char buffer[128]; /* Function to be executed once per thread, used to create the connection structure and set the server name */ if(mutex == 0) { /* If no host specified, use the DPNS default one */ if (!server) server = getenv("DPNS_HOST"); /* Finish the function if the host is still NULL*/ if (!server) { dav_error = SENOSHOST; return -1; } /* Trigger an error if the comment is too long */ if(comment && (strlen(comment) > CA_MAXCOMMENTLEN)) { dav_error = EINVAL; return -1; } pthread_once(&init_once, thread_init_once); connection = (struct dav_connection *)calloc(sizeof(struct dav_connection), 1); strcpy(connection->server, server); mutex = 1; } /* exit function if a session already exists */ if(connection->session) return 0; /* Retrieve userkey and usercert from environement variable */ userkey = getenv("X509_USER_KEY"); usercert = getenv("X509_USER_CERT"); userproxy = getenv("X509_USER_PROXY"); /* Use a proxy */ if (enable_ssl) { if (userproxy) { userkey = usercert = userproxy; } /* Try default proxy location */ else if (!userkey && !usercert) { struct stat stat_buf; snprintf(buffer, sizeof(buffer), "/tmp/x509up_u%d", getuid()); /* No luck, try with host cert and key */ if (stat(buffer, &stat_buf) != 0) { usercert = "/etc/grid-security/hostcert.pem"; userkey = "/etc/grid-security/hostkey.pem"; } } debug_msg("User certificate: %s", usercert); debug_msg("User key: %s", userkey); /* Try to open the certificate, create one if file does not exist yet */ if ((p12 = fopen(p12cert, "r")) == NULL){ if(convert_x509_to_p12(userkey, usercert, p12cert) == -1){ fprintf(stderr, "An error occur in the certificate conversion\n"); return -1; } }else { fclose(p12); } /* Try to open a session, return -1 and set the correct errno if it failed */ if ((connection->session = ne_session_create("https", server, 443)) == NULL) { dav_error = ENSNACT; return -1; } } else { if ((connection->session = ne_session_create("http", server, 80)) == NULL) { dav_error = ENSNACT; return -1; } } /* manual checking for ssl credentials */ ne_ssl_set_verify(connection->session, no_ssl_verification, NULL); /* Read the pkcs12 certificate */ if (enable_ssl) { ne_ssl_client_cert *cert = ne_ssl_clicert_read(p12cert); if (cert == NULL) { ne_session_destroy(connection->session); dav_error = SECOMERR; return -1; } ne_ssl_set_clicert(connection->session, cert); ne_ssl_clicert_free(cert); } return 0; }