aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2015-04-08 20:29:53 +0200
committerPřemysl Janouch <p.janouch@gmail.com>2015-04-08 20:29:53 +0200
commitad094ebb4b54a48a2f475a9c845da1bfc9592912 (patch)
treed364d2a6490d41e3d75a3b6a7a868449a411823a
parente1d2626f107224f049e94471e422cef885a6e3e0 (diff)
downloadjson-rpc-shell-ad094ebb4b54a48a2f475a9c845da1bfc9592912.tar.gz
json-rpc-shell-ad094ebb4b54a48a2f475a9c845da1bfc9592912.tar.xz
json-rpc-shell-ad094ebb4b54a48a2f475a9c845da1bfc9592912.zip
Allow specifying the CA bundle in configuration
-rw-r--r--json-rpc-shell.c41
1 files changed, 38 insertions, 3 deletions
diff --git a/json-rpc-shell.c b/json-rpc-shell.c
index a344f2b..bbff128 100644
--- a/json-rpc-shell.c
+++ b/json-rpc-shell.c
@@ -69,6 +69,10 @@ static struct config_item g_config_table[] =
{ ATTR_ERROR, NULL, "Terminal attributes for errors" },
{ ATTR_INCOMING, NULL, "Terminal attributes for incoming traffic" },
{ ATTR_OUTGOING, NULL, "Terminal attributes for outgoing traffic" },
+
+ { "ca_file", NULL, "OpenSSL trusted CA certificates file" },
+ { "ca_path", NULL, "OpenSSL trusted CA certificates path" },
+
{ NULL, NULL, NULL }
};
@@ -985,6 +989,29 @@ backend_ws_establish_connection (struct app_context *ctx,
}
static bool
+backend_ws_set_up_ssl_ctx (struct app_context *ctx)
+{
+ struct ws_context *self = &ctx->ws;
+ if (ctx->trust_all)
+ {
+ SSL_CTX_set_verify (self->ssl_ctx, SSL_VERIFY_NONE, NULL);
+ return true;
+ }
+
+ const char *ca_file = str_map_find (&ctx->config, "ca_file");
+ const char *ca_path = str_map_find (&ctx->config, "ca_path");
+ if (ca_file || ca_path)
+ {
+ if (SSL_CTX_load_verify_locations (self->ssl_ctx, ca_file, ca_path))
+ return true;
+ print_warning ("%s: %s",
+ "failed to set locations for trusted CA certificates",
+ ERR_reason_error_string (ERR_get_error ()));
+ }
+ return SSL_CTX_set_default_verify_paths (self->ssl_ctx);
+}
+
+static bool
backend_ws_initialize_tls (struct app_context *ctx,
const char *server_name, struct error **e)
{
@@ -994,9 +1021,8 @@ backend_ws_initialize_tls (struct app_context *ctx,
{
if (!(self->ssl_ctx = SSL_CTX_new (SSLv23_client_method ())))
goto error_ssl_1;
- if (ctx->trust_all)
- SSL_CTX_set_verify (self->ssl_ctx, SSL_VERIFY_NONE, NULL);
- // XXX: how do we check certificates?
+ if (!backend_ws_set_up_ssl_ctx (ctx))
+ goto error_ssl_2;
}
self->ssl = SSL_new (self->ssl_ctx);
@@ -1530,6 +1556,15 @@ backend_curl_init (struct app_context *ctx,
ctx->trust_all ? 0L : 2L)
|| curl_easy_setopt (curl, CURLOPT_URL, endpoint))
exit_fatal ("cURL setup failed");
+
+ if (!ctx->trust_all)
+ {
+ const char *ca_file = str_map_find (&ctx->config, "ca_file");
+ const char *ca_path = str_map_find (&ctx->config, "ca_path");
+ if ((ca_file && !curl_easy_setopt (curl, CURLOPT_CAINFO, ca_file))
+ || (ca_path && !curl_easy_setopt (curl, CURLOPT_CAPATH, ca_path)))
+ exit_fatal ("cURL setup failed");
+ }
}
static void