lda/Cytoplasm
1
0
Fork 0
forked from Telodendria/Cytoplasm
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: lda:b28cd422fb6f573eb278569f7905371e6812826a
Branches Tags
lda:master
lda:db-args
lda:raw-types
lda:alignment
lda:add-mbed
lda:fix-deadlock
lda:fix-configure
lda:sha-revamp
lda:opt-ssl-for-sha
lda:lmdbwerk
lda:hashmap-del-leak
lda:mem-moment
lda:fix-tls
lda:fix-duplicate-leak
lda:fix-stringify
lda:tls-file-leak
lda:direct-filenames
lda:fix-sanitation
lda:fix-router-issue
lda:meta-j2s-types
lda:encode-http
Telodendria:master
Telodendria:v0.4.0
Telodendria:v0.4.1
..
compare: lda:f9702cf0ef75ae177ce496d9a43f7156bd483c78
Branches Tags
lda:db-args
lda:raw-types
lda:alignment
lda:add-mbed
lda:master
lda:fix-deadlock
lda:fix-configure
lda:sha-revamp
lda:opt-ssl-for-sha
lda:lmdbwerk
lda:hashmap-del-leak
lda:mem-moment
lda:fix-tls
lda:fix-duplicate-leak
lda:fix-stringify
lda:tls-file-leak
lda:direct-filenames
lda:fix-sanitation
lda:fix-router-issue
lda:meta-j2s-types
lda:encode-http
Telodendria:master
Telodendria:v0.4.0
Telodendria:v0.4.1

No commits in common. "b28cd422fb6f573eb278569f7905371e6812826a" and "f9702cf0ef75ae177ce496d9a43f7156bd483c78" have entirely different histories.
b28cd422fb ... f9702cf0ef

1 changed files with 10 additions and 67 deletions
Show stats Expand all files Collapse all files

77
src/Tls/TlsMbedTLS.c
View file

@ -35,7 +35,6 @@
#include <Memory.h>
#include <Log.h>
#include <Str.h>
#include <string.h>
#include <stdlib.h>
@ -58,70 +57,12 @@ typedef struct MbedCookie {
mbedtls_pk_context serverkey;
} MbedCookie;
static bool
AddPEM(mbedtls_x509_crt *certs, char *path)
{
size_t len;
if (!certs || !path)
{
return false;
}
len = strlen(path);
if (len >= 4 && StrEquals(&path[len - 1 - 4], ".pem"))
{
/* Parse it as a file */
if (mbedtls_x509_crt_parse_file(certs, path) == 0)
{
return true;
}
}
/* Parse it as a directory if it is not a .PEM
* Note that this is non-recursive. */
return mbedtls_x509_crt_parse_path(certs, path) == 0;
}
static bool
RegisterPEMs(mbedtls_x509_crt *certs)
{
char *cafile;
if (!certs)
{
return false;
}
/* Step 0: Load from CYTO_TLS_CA if present to overwrite */
cafile = getenv("CYTO_TLS_CA");
if (AddPEM(certs, cafile))
{
return true;
}
/* Step 1: Try /etc/ssl/certs */
if (AddPEM(certs, "/etc/ssl/certs"))
{
return true;
}
/* Step 2: Try loading off Mozilla's certificates */
if (AddPEM(certs, "/usr/share/ca-certificates/mozilla"))
{
return true;
}
/* Step 3: Try loading from its root directly*/
if (AddPEM(certs, "/usr/share/ca-certificates"))
{
return true;
}
/* Step 4: Give up. */
return false;
}
void *
TlsInitClient(int fd, const char *serverName)
{
MbedCookie *cookie;
char *cafile;
char *seed;
int err;
if (!serverName)
{
@ -153,9 +94,12 @@ TlsInitClient(int fd, const char *serverName)
Log(LOG_ERR, "MbedTLS failure on client init: %d", err);
goto error;
}
/* Add a source of entropy if possible(using the CYTO_TLS_SEED env).
* Note that we ignore the error code. */
seed = getenv("CYTO_TLS_SEED");
mbedtls_entropy_update_seed_file(&cookie->entropy, seed);
/* TODO: Reconsider a source of additional entropy. */
/* TODO */
cookie->serverFD.fd = fd;
err = mbedtls_ssl_config_defaults(
@ -173,12 +117,13 @@ TlsInitClient(int fd, const char *serverName)
}
/* Setup key verification */
if (!RegisterPEMs(&cookie->cert))
cafile = getenv("CYTO_TLS_CA");
if ((err = mbedtls_x509_crt_parse_file(&cookie->cert, cafile)) != 0)
{
char message[256];
mbedtls_strerror(err, message, 255);
Log(LOG_ERR, "MbedTLS failure on client certs: %s", message);
goto error;
//goto error;
}
mbedtls_ssl_conf_ca_chain(&cookie->conf, &cookie->cert, NULL);
@ -272,8 +217,6 @@ TlsInitServer(int fd, const char *crt, const char *key)
goto error;
}
if ((err = mbedtls_pk_parse_keyfile(&cookie->serverkey, key, NULL, mbedtls_entropy_func, &cookie->ctrDrbg)) != 0)
{
char message[256];