static void parse_makestep(char *);
static void parse_maxchange(char *);
static void parse_ntsserver(char *, ARR_Instance files);
+static void parse_ntstrustedcerts(char *);
static void parse_ratelimit(char *line, int *enabled, int *interval,
int *burst, int *leak);
static void parse_refclock(char *);
static int nts_server_connections = 100;
static int nts_refresh = 2419200; /* 4 weeks */
static int nts_rotate = 604800; /* 1 week */
-static char *nts_trusted_cert_file = NULL;
+static ARR_Instance nts_trusted_certs_files; /* array of (char *) */
/* Number of clock updates needed to enable certificate time checks */
static int no_cert_time_check = 0;
nts_server_cert_files = ARR_CreateInstance(sizeof (char *));
nts_server_key_files = ARR_CreateInstance(sizeof (char *));
+ nts_trusted_certs_files = ARR_CreateInstance(sizeof (char *));
rtc_device = Strdup(DEFAULT_RTC_DEVICE);
hwclock_file = Strdup(DEFAULT_HWCLOCK_FILE);
Free(*(char **)ARR_GetElement(nts_server_cert_files, i));
for (i = 0; i < ARR_GetSize(nts_server_key_files); i++)
Free(*(char **)ARR_GetElement(nts_server_key_files, i));
+ for (i = 0; i < ARR_GetSize(nts_trusted_certs_files); i++)
+ Free(*(char **)ARR_GetElement(nts_trusted_certs_files, i));
ARR_DestroyInstance(init_sources);
ARR_DestroyInstance(ntp_sources);
ARR_DestroyInstance(nts_server_cert_files);
ARR_DestroyInstance(nts_server_key_files);
+ ARR_DestroyInstance(nts_trusted_certs_files);
Free(drift_file);
Free(dumpdir);
Free(tempcomp_point_file);
Free(nts_dump_dir);
Free(nts_ntp_server);
- Free(nts_trusted_cert_file);
}
/* ================================================== */
} else if (!strcasecmp(command, "ntsratelimit")) {
parse_ratelimit(p, &nts_ratelimit_enabled, &nts_ratelimit_interval,
&nts_ratelimit_burst, &nts_ratelimit_leak);
- } else if (!strcasecmp(command, "ntstrustedcerts")) {
- parse_string(p, &nts_trusted_cert_file);
} else if (!strcasecmp(command, "ntscachedir") ||
!strcasecmp(command, "ntsdumpdir")) {
parse_string(p, &nts_dump_dir);
parse_ntsserver(p, nts_server_cert_files);
} else if (!strcasecmp(command, "ntsserverkey")) {
parse_ntsserver(p, nts_server_key_files);
+ } else if (!strcasecmp(command, "ntstrustedcerts")) {
+ parse_ntstrustedcerts(p);
} else if (!strcasecmp(command, "peer")) {
parse_source(p, command, 1);
} else if (!strcasecmp(command, "pidfile")) {
/* ================================================== */
+static void
+parse_ntstrustedcerts(char *line)
+{
+ char *file = NULL;
+
+ parse_string(line, &file);
+ ARR_AppendElement(nts_trusted_certs_files, &file);
+}
+
+/* ================================================== */
+
static void
parse_allow_deny(char *line, ARR_Instance restrictions, int allow)
{
/* ================================================== */
-char *
-CNF_GetNtsTrustedCertFile(void)
+int
+CNF_GetNtsTrustedCertsFiles(const char ***files)
{
- return nts_trusted_cert_file;
+ *files = ARR_GetElements(nts_trusted_certs_files);
+
+ return ARR_GetSize(nts_trusted_certs_files);
}
/* ================================================== */
static NKSN_Credentials
create_credentials(const char **certs, const char **keys, int n_certs_keys,
- const char *trusted_certs)
+ const char **trusted_certs, int n_trusted_certs)
{
gnutls_certificate_credentials_t credentials = NULL;
int i, r;
}
if (trusted_certs) {
- r = gnutls_certificate_set_x509_trust_file(credentials, trusted_certs,
- GNUTLS_X509_FMT_PEM);
- if (r < 0)
- goto error;
+ for (i = 0; i < n_trusted_certs; i++) {
+ r = gnutls_certificate_set_x509_trust_file(credentials, trusted_certs[i],
+ GNUTLS_X509_FMT_PEM);
+ if (r < 0)
+ goto error;
+ }
}
}
NKSN_Credentials
NKSN_CreateServerCertCredentials(const char **certs, const char **keys, int n_certs_keys)
{
- return create_credentials(certs, keys, n_certs_keys, NULL);
+ return create_credentials(certs, keys, n_certs_keys, NULL, 0);
}
/* ================================================== */
NKSN_Credentials
-NKSN_CreateClientCertCredentials(const char *trusted_certs)
+NKSN_CreateClientCertCredentials(const char **trusted_certs, int n_certs)
{
- return create_credentials(NULL, NULL, 0, trusted_certs);
+ return create_credentials(NULL, NULL, 0, trusted_certs, n_certs);
}
/* ================================================== */