/**
* \ingroup nuclientAPI
* Initialize TLS:
* - Set key filename (and test if the file does exist)
* - Set certificate (if key and cert. are present)
*
* \param session Pointer to client session
* \param keyfile Complete path to a key file stored in PEM format (can be NULL)
* \param certfile Complete path to a certificate file stored in PEM format (can be NULL)
* \param err Pointer to a nuclient_error_t: which contains the error
* \return Returns 0 on error (error description in err), 1 otherwise
*/
int nu_client_load_key(nuauth_session_t * session,
const char *keyfile, const char *certfile,
nuclient_error_t * err)
{
char certstring[256];
char keystring[256];
char *home = nu_get_home_dir();
int exit_on_error = 0;
int ret;
/* If the user specified a certficate and a key on command line,
* exit if we fail loading them.
* Elsewise, try loading certs from ~/.nufw/, but continue if we fail
*/
if (certfile || keyfile)
exit_on_error = 1;
/* compute patch keyfile */
if (keyfile == NULL && home != NULL) {
ret = secure_snprintf(keystring, sizeof(keystring),
"%s/.nufw/key.pem", home);
if (ret)
keyfile = keystring;
}
if (certfile == NULL && home != NULL) {
ret = secure_snprintf(certstring, sizeof(certstring),
"%s/.nufw/cert.pem", home);
if (ret)
certfile = certstring;
}
if (certfile != NULL || keyfile != NULL) {
ret = nussl_ssl_set_keypair(session->nussl, certfile, keyfile);
if (ret != NUSSL_OK) {
if (exit_on_error) {
if (home)
free(home);
SET_ERROR(err, NUSSL_ERR, ret);
return 0;
}
else {
log_printf(DEBUG_LEVEL_WARNING, "Warning: Failed to load default certificate and key.");
}
}
}
if (home)
free(home);
return 1;
}
char *compute_user_config_path()
{
char path_dir[254];
char *home = nu_get_home_dir();
if (home == NULL)
return NULL;
secure_snprintf(path_dir, sizeof(path_dir), "%s/.nufw", home);
if (access(path_dir, R_OK) != 0) {
return NULL;
}
secure_snprintf(path_dir, sizeof(path_dir), "%s/.nufw/ufwiclient.conf", home);
free(home);
if (access(path_dir, R_OK) != 0) {
return NULL;
}
return strdup(path_dir);
}
/**
* \ingroup nuclientAPI
* Initialize TLS:
* - Set trust file of credentials (if needed)
*
* \param session Pointer to client session
* \param cafile Complete path to a certificate authority file stored in PEM format (can be NULL)
* \param err Pointer to a nuclient_error_t: which contains the error
* \return Returns 0 on error (error description in err), 1 otherwise
*/
int nu_client_load_ca(nuauth_session_t * session,
const char *cafile,
nuclient_error_t * err)
{
char castring[256];
char *home = nu_get_home_dir();
int exit_on_error = 0;
int ret;
if (cafile != NULL)
exit_on_error = 1;
if (cafile == NULL && home != NULL) {
ret = secure_snprintf(castring, sizeof(castring),
"%s/.nufw/cacert.pem", home);
if (ret)
cafile = castring;
}
if (cafile != NULL) {
ret = nussl_ssl_trust_cert_file(session->nussl, cafile);
if (ret != NUSSL_OK) {
if (exit_on_error) {
if (home)
free(home);
SET_ERROR(err, NUSSL_ERR, ret);
return 0;
}
else {
if (!session->suppress_ca_warning) {
log_printf(DEBUG_LEVEL_WARNING, "\nWARNING: you have not provided any certificate authority.\n"
"nutcpc will *NOT* verify server certificate trust.\n"
"Use the -A <cafile> option to set up CA.\n"
);
}
session->suppress_fqdn_verif = 1;
nussl_set_session_flag(session->nussl, NUSSL_SESSFLAG_IGNORE_ID_MISMATCH, 1);
}
}
} else {
log_printf(DEBUG_LEVEL_WARNING, "Could not load any CA !");
return 0;
}
return 1;
}
