}
/**
- * Load certificates from the confiuguration file
+ * Load trusted/untrusted certificates
*/
-static bool load_certs(settings_t *settings, char *dir)
+static bool load_trusted_cert(settings_t *settings, bool trusted)
{
enumerator_t *enumerator;
- char *key, *value, wd[PATH_MAX];
- certificate_t *cert;
-
- if (getcwd(wd, sizeof(wd)) == NULL)
- {
- fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
- return FALSE;
- }
- if (chdir(dir) != 0)
- {
- fprintf(stderr, "opening directory '%s' failed: %s\n",
- dir, strerror(errno));
- return FALSE;
- }
+ char *key, *value;
- enumerator = settings->create_key_value_enumerator(settings, "certs.trusted");
+ enumerator = settings->create_key_value_enumerator(settings,
+ trusted ? "certs.trusted" : "certs.untrusted");
while (enumerator->enumerate(enumerator, &key, &value))
{
- if (!strcaseeq(key, "x509"))
+ certificate_t *cert = NULL;
+
+ if (strcaseeq(key, "x509"))
{
- fprintf(stderr, "certificate type '%s' not supported\n", key);
- enumerator->destroy(enumerator);
- return FALSE;
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
}
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FILE, value, BUILD_END);
- if (!cert)
+ else if (strcaseeq(key, "crl"))
{
- fprintf(stderr, "loading trusted certificate "
- "'%s' from '%s' failed\n", key, value);
- enumerator->destroy(enumerator);
- return FALSE;
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
}
- conftest->creds->add_cert(conftest->creds, TRUE, cert);
- }
- enumerator->destroy(enumerator);
-
- enumerator = settings->create_key_value_enumerator(settings, "certs.untrusted");
- while (enumerator->enumerate(enumerator, &key, &value))
- {
- if (!strcaseeq(key, "x509"))
+ else
{
fprintf(stderr, "certificate type '%s' not supported\n", key);
enumerator->destroy(enumerator);
return FALSE;
}
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FILE, value, BUILD_END);
if (!cert)
{
- fprintf(stderr, "loading untrusted certificate "
- "'%s' from '%s' failed\n", key, value);
+ fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
+ "failed\n", trusted ? "" : "un", key, value);
enumerator->destroy(enumerator);
return FALSE;
}
- conftest->creds->add_cert(conftest->creds, FALSE, cert);
+ conftest->creds->add_cert(conftest->creds, trusted, cert);
}
enumerator->destroy(enumerator);
+ return TRUE;
+}
+
+/**
+ * Load certificates from the confiuguration file
+ */
+static bool load_certs(settings_t *settings, char *dir)
+{
+ char wd[PATH_MAX];
+
+ if (getcwd(wd, sizeof(wd)) == NULL)
+ {
+ fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
+ return FALSE;
+ }
+ if (chdir(dir) != 0)
+ {
+ fprintf(stderr, "opening directory '%s' failed: %s\n",
+ dir, strerror(errno));
+ return FALSE;
+ }
+
+ if (!load_trusted_cert(settings, TRUE) ||
+ !load_trusted_cert(settings, FALSE))
+ {
+ return FALSE;
+ }
if (chdir(wd) != 0)
{