Commit f50f5065 authored by louiz’'s avatar louiz’

Refactor load_certs()

parent e1934a0b
......@@ -29,7 +29,7 @@ BasicCredentialsManager::BasicCredentialsManager(const TCPSocketHandler* const s
socket_handler(socket_handler),
trusted_fingerprint{}
{
this->load_certs();
BasicCredentialsManager::load_certs();
}
void BasicCredentialsManager::set_trusted_fingerprint(const std::string& fingerprint)
......@@ -62,17 +62,8 @@ void BasicCredentialsManager::verify_certificate_chain(const std::string& type,
}
}
void BasicCredentialsManager::load_certs()
bool BasicCredentialsManager::try_to_open_one_ca_bundle(const std::vector<std::string>& paths)
{
// Only load the certificates the first time
if (BasicCredentialsManager::certs_loaded)
return;
const std::string conf_path = Config::get("ca_file", "");
std::vector<std::string> paths;
if (conf_path.empty())
paths = default_cert_files;
else
paths.push_back(conf_path);
for (const auto& path: paths)
{
try
......@@ -87,25 +78,39 @@ void BasicCredentialsManager::load_certs()
// will be ignored. As a result, some TLS connection may be refused
// because the certificate is signed by an issuer that was ignored.
try {
const Botan::X509_Certificate cert(bundle);
BasicCredentialsManager::certificate_store.add_certificate(cert);
} catch (const Botan::Decoding_Error& error)
{
Botan::X509_Certificate cert(bundle);
BasicCredentialsManager::certificate_store.add_certificate(std::move(cert));
} catch (const Botan::Decoding_Error& error) {
continue;
}
}
// Only use the first file that can successfully be read.
goto success;
return true;
}
catch (Botan::Stream_IO_Error& e)
catch (const Botan::Stream_IO_Error& e)
{
log_debug(e.what());
}
}
// If we could not open one of the files, print a warning
log_warning("The CA could not be loaded, TLS negociation will probably fail.");
success:
BasicCredentialsManager::certs_loaded = true;
return false;
}
void BasicCredentialsManager::load_certs()
{
// Only load the certificates the first time
if (BasicCredentialsManager::certs_loaded)
return;
const std::string conf_path = Config::get("ca_file", "");
std::vector<std::string> paths;
if (conf_path.empty())
paths = default_cert_files;
else
paths.push_back(conf_path);
if (BasicCredentialsManager::try_to_open_one_ca_bundle(paths))
BasicCredentialsManager::certs_loaded = true;
else
log_warning("The CA could not be loaded, TLS negociation will probably fail.");
}
std::vector<Botan::Certificate_Store*> BasicCredentialsManager::trusted_certificate_authorities(const std::string&, const std::string&)
......
......@@ -29,6 +29,7 @@ public:
private:
const TCPSocketHandler* const socket_handler;
static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths);
static void load_certs();
static Botan::Certificate_Store_In_Memory certificate_store;
static bool certs_loaded;
......
......@@ -151,7 +151,7 @@ namespace utils
throw std::runtime_error("Cannot convert into UTF-8");
// Make sure cd is always closed when we leave this function
const auto sg = utils::make_scope_guard([&](auto&&){ iconv_close(cd); });
const auto sg = utils::make_scope_guard([&cd](auto&&){ iconv_close(cd); });
size_t inbytesleft = str.size();
......@@ -168,7 +168,7 @@ namespace utils
char* outbuf_ptr = outbuf;
// Make sure outbuf is always deleted when we leave this function
const auto sg2 = utils::make_scope_guard([&](auto&&){ delete[] outbuf; });
const auto sg2 = utils::make_scope_guard([outbuf](auto&&){ delete[] outbuf; });
bool done = false;
while (done == false)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment