int X509Credential::loadFromFileP12(const std::string &p12_cred, const std::string & passwd, DavixError **err){ d_ptr->clear_cert(); if( (d_ptr->_cred = ne_ssl_clicert_read(p12_cred.c_str())) == NULL){ Davix::DavixError::setupError(err, davix_scope_x509cred(),StatusCode::CredentialNotFound, std::string("Impossible to load credential ").append(p12_cred)); return -1; } if( ne_ssl_clicert_encrypted(d_ptr->_cred) !=0 && ne_ssl_clicert_decrypt(d_ptr->_cred, passwd.c_str()) !=0){ Davix::DavixError::setupError(err, davix_scope_x509cred(), StatusCode::LoginPasswordError, std::string("Impossible to decrypt the credential ").append(p12_cred).append(" with the provided password")); d_ptr->clear_cert(); return -1; } return 0; }
static int setup_ssl(void) { char *ccfn = get_option(opt_clicert); ne_ssl_trust_default_ca(session.sess); ne_ssl_set_verify(session.sess, cert_verify, NULL); if (ccfn) { client_cert = ne_ssl_clicert_read(ccfn); if (client_cert) { ne_ssl_provide_clicert(session.sess, provide_clicert, ccfn); } else { printf("Could not load client certificate from `%s'.\n", ccfn); } } return 0; }
int dav_startsessx(char *server, char *comment, int enable_ssl) { FILE *p12 = NULL; const char *p12cert = "/tmp/usercert.p12"; const char *userkey, *usercert, *userproxy; char buffer[128]; /* Function to be executed once per thread, used to create the connection structure and set the server name */ if(mutex == 0) { /* If no host specified, use the DPNS default one */ if (!server) server = getenv("DPNS_HOST"); /* Finish the function if the host is still NULL*/ if (!server) { dav_error = SENOSHOST; return -1; } /* Trigger an error if the comment is too long */ if(comment && (strlen(comment) > CA_MAXCOMMENTLEN)) { dav_error = EINVAL; return -1; } pthread_once(&init_once, thread_init_once); connection = (struct dav_connection *)calloc(sizeof(struct dav_connection), 1); strcpy(connection->server, server); mutex = 1; } /* exit function if a session already exists */ if(connection->session) return 0; /* Retrieve userkey and usercert from environement variable */ userkey = getenv("X509_USER_KEY"); usercert = getenv("X509_USER_CERT"); userproxy = getenv("X509_USER_PROXY"); /* Use a proxy */ if (enable_ssl) { if (userproxy) { userkey = usercert = userproxy; } /* Try default proxy location */ else if (!userkey && !usercert) { struct stat stat_buf; snprintf(buffer, sizeof(buffer), "/tmp/x509up_u%d", getuid()); /* No luck, try with host cert and key */ if (stat(buffer, &stat_buf) != 0) { usercert = "/etc/grid-security/hostcert.pem"; userkey = "/etc/grid-security/hostkey.pem"; } } debug_msg("User certificate: %s", usercert); debug_msg("User key: %s", userkey); /* Try to open the certificate, create one if file does not exist yet */ if ((p12 = fopen(p12cert, "r")) == NULL){ if(convert_x509_to_p12(userkey, usercert, p12cert) == -1){ fprintf(stderr, "An error occur in the certificate conversion\n"); return -1; } }else { fclose(p12); } /* Try to open a session, return -1 and set the correct errno if it failed */ if ((connection->session = ne_session_create("https", server, 443)) == NULL) { dav_error = ENSNACT; return -1; } } else { if ((connection->session = ne_session_create("http", server, 80)) == NULL) { dav_error = ENSNACT; return -1; } } /* manual checking for ssl credentials */ ne_ssl_set_verify(connection->session, no_ssl_verification, NULL); /* Read the pkcs12 certificate */ if (enable_ssl) { ne_ssl_client_cert *cert = ne_ssl_clicert_read(p12cert); if (cert == NULL) { ne_session_destroy(connection->session); dav_error = SECOMERR; return -1; } ne_ssl_set_clicert(connection->session, cert); ne_ssl_clicert_free(cert); } return 0; }