#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
#include <time.h>
+#include <sys/stat.h>
#include <sys/types.h>
-#include <utils/identification.h>
+#include <debug.h>
+#include <utils/enumerator.h>
#include <freeswan.h>
/*
* Loads authority certificates
*/
-void load_authcerts(const char *type, const char *path, x509_flag_t auth_flags)
+void load_authcerts(char *type, char *path, x509_flag_t auth_flags)
{
- struct dirent **filelist;
- u_char buf[BUF_LEN];
- u_char *save_dir;
- int n;
+ enumerator_t *enumerator;
+ struct stat st;
+ char *file;
- /* change directory to specified path */
- save_dir = getcwd(buf, BUF_LEN);
+ DBG1("loading %s certificates from '%s'", type, path);
- if (chdir(path))
+ enumerator = enumerator_create_directory(path);
+ if (!enumerator)
{
- plog("Could not change to directory '%s'", path);
+ DBG1(" reading directory '%s' failed");
+ return;
}
- else
+
+ while (enumerator->enumerate(enumerator, NULL, &file, &st))
{
- plog("Changing to directory '%s'", path);
- n = scandir(path, &filelist, file_select, alphasort);
+ cert_t cert;
- if (n < 0)
- plog(" scandir() error");
- else
+ if (!S_ISREG(st.st_mode))
{
- while (n--)
- {
- cert_t cert;
-
- if (load_cert(filelist[n]->d_name, type, auth_flags, &cert))
- {
- add_authcert(cert.u.x509, auth_flags);
- }
- free(filelist[n]);
- }
- free(filelist);
+ /* skip special file */
+ continue;
+ }
+ if (load_cert(file, type, auth_flags, &cert))
+ {
+ add_authcert(cert.u.x509, auth_flags);
}
}
- /* restore directory path */
- ignore_result(chdir(save_dir));
+ enumerator->destroy(enumerator);
}
/*
identification_t *our_ca, int *our_pathlen);
extern x509cert_t* get_authcert(identification_t *subject, chunk_t keyid,
x509_flag_t auth_flags);
-extern void load_authcerts(const char *type, const char *path,
- x509_flag_t auth_flags);
+extern void load_authcerts(char *type, char *path, x509_flag_t auth_flags);
extern x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags);
extern void free_authcerts(void);
extern void list_authcerts(const char *caption, x509_flag_t auth_flags, bool utc);
#endif /* CAPABILITIES */
/* loading X.509 CA certificates */
- load_authcerts("CA", CA_CERT_PATH, X509_CA);
+ load_authcerts("ca", CA_CERT_PATH, X509_CA);
/* loading X.509 AA certificates */
- load_authcerts("AA", AA_CERT_PATH, X509_AA);
+ load_authcerts("aa", AA_CERT_PATH, X509_AA);
/* loading X.509 OCSP certificates */
- load_authcerts("OCSP", OCSP_CERT_PATH, X509_OCSP_SIGNER);
+ load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
/* loading X.509 CRLs */
load_crls();
/* loading attribute certificates (experimental) */
if (msg.whack_reread & REREAD_CACERTS)
{
- load_authcerts("CA cert", CA_CERT_PATH, X509_CA);
+ load_authcerts("ca", CA_CERT_PATH, X509_CA);
}
if (msg.whack_reread & REREAD_AACERTS)
{
- load_authcerts("AA cert", AA_CERT_PATH, X509_AA);
+ load_authcerts("aa", AA_CERT_PATH, X509_AA);
}
if (msg.whack_reread & REREAD_OCSPCERTS)
{
- load_authcerts("OCSP cert", OCSP_CERT_PATH, X509_OCSP_SIGNER);
+ load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
}
if (msg.whack_reread & REREAD_ACERTS)
projects / thirdparty / strongswan.git / commitdiff
