/* Share the credentials with other client instances */
if (!client_credentials)
- client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile());
+ client_credentials = NKSN_CreateClientCertCredentials(CNF_GetNtsTrustedCertFile());
client_credentials_refs++;
return inst;
return;
if (helper_sock_fd == INVALID_SOCK_FD) {
- server_credentials = NKSN_CreateCertCredentials(cert, key, NULL);
+ server_credentials = NKSN_CreateServerCertCredentials(cert, key);
if (!server_credentials)
return;
} else {
/* ================================================== */
-void *
-NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs)
+static void *
+create_credentials(const char *cert, const char *key, const char *trusted_certs)
{
gnutls_certificate_credentials_t credentials = NULL;
int r;
goto error;
if (cert && key) {
+ assert(!trusted_certs);
+
r = gnutls_certificate_set_x509_key_file(credentials, cert, key,
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
} else {
+ assert(!cert && !key);
+
if (!CNF_GetNoSystemCert()) {
r = gnutls_certificate_set_x509_system_trust(credentials);
if (r < 0)
/* ================================================== */
+void *
+NKSN_CreateServerCertCredentials(const char *cert, const char *key)
+{
+ return create_credentials(cert, key, NULL);
+}
+
+/* ================================================== */
+
+void *
+NKSN_CreateClientCertCredentials(const char *trusted_certs)
+{
+ return create_credentials(NULL, NULL, trusted_certs);
+}
+
+/* ================================================== */
+
void
NKSN_DestroyCertCredentials(void *credentials)
{
the session. */
typedef int (*NKSN_MessageHandler)(void *arg);
-/* Get client or server credentials using certificates of trusted CAs,
- or a server certificate and key. The credentials may be shared between
+/* Get server or client credentials using a server certificate and key,
+ or certificates of trusted CAs. The credentials may be shared between
different clients or servers. */
-extern void *NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs);
+extern void *NKSN_CreateServerCertCredentials(const char *cert, const char *key);
+extern void *NKSN_CreateClientCertCredentials(const char *trusted_certs);
/* Destroy the credentials */
extern void NKSN_DestroyCertCredentials(void *credentials);
server = NKSN_CreateInstance(1, NULL, handle_request, NULL);
client = NKSN_CreateInstance(0, "test", handle_response, NULL);
- server_cred = NKSN_CreateCertCredentials("nts_ke.crt", "nts_ke.key", NULL);
- client_cred = NKSN_CreateCertCredentials(NULL, NULL, "nts_ke.crt");
+ server_cred = NKSN_CreateServerCertCredentials("nts_ke.crt", "nts_ke.key");
+ client_cred = NKSN_CreateClientCertCredentials("nts_ke.crt");
TEST_CHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds) == 0);
TEST_CHECK(fcntl(sock_fds[0], F_SETFL, O_NONBLOCK) == 0);
projects / thirdparty / chrony.git / commitdiff
