[glib-networking/wip/openssl: 33/41] Request certificate if there is an interaction
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/wip/openssl: 33/41] Request certificate if there is an interaction
- Date: Tue, 19 Jan 2016 08:24:59 +0000 (UTC)
commit 405391278d20b84678f6225d369630f22d630899
Author: Ignacio Casal Quinteiro <icq gnome org>
Date: Fri Nov 6 12:33:38 2015 +0100
Request certificate if there is an interaction
If the certificate wasn't set when needed and we have an
interaction set, use the interaction to request the certificate.
tls/openssl/gtlsclientconnection-openssl.c | 15 +++++++++++++++
tls/openssl/gtlsconnection-openssl.c | 23 +++++++++++++++++++++++
tls/openssl/gtlsconnection-openssl.h | 3 +++
3 files changed, 41 insertions(+), 0 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 6aa6222..6742086 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -346,10 +346,13 @@ retrieve_certificate (SSL *ssl,
GTlsClientConnectionOpenssl *client;
GTlsClientConnectionOpensslPrivate *priv;
GTlsConnectionBase *tls;
+ GTlsConnectionOpenssl *openssl;
GTlsCertificate *cert;
+ gboolean set_certificate = FALSE;
client = SSL_get_ex_data (ssl, data_index);
tls = G_TLS_CONNECTION_BASE (client);
+ openssl = G_TLS_CONNECTION_OPENSSL (client);
priv = g_tls_client_connection_openssl_get_instance_private (client);
@@ -360,6 +363,18 @@ retrieve_certificate (SSL *ssl,
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
if (cert != NULL)
+ set_certificate = TRUE;
+ else
+ {
+ g_clear_error (&tls->certificate_error);
+ if (g_tls_connection_openssl_request_certificate (openssl, &tls->certificate_error))
+ {
+ cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
+ set_certificate = (cert != NULL);
+ }
+ }
+
+ if (set_certificate)
{
EVP_PKEY *key;
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index c3bd5b3..08ce38c 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -540,3 +540,26 @@ g_tls_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *openssl)
return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl_ctx (openssl);
}
+
+gboolean
+g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
+ GError **error)
+{
+ GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+ GTlsInteraction *interaction;
+ GTlsConnection *conn;
+ GTlsConnectionBase *tls;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), FALSE);
+
+ conn = G_TLS_CONNECTION (openssl);
+ tls = G_TLS_CONNECTION_BASE (openssl);
+
+ interaction = g_tls_connection_get_interaction (conn);
+ if (!interaction)
+ return FALSE;
+
+ res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
+ tls->read_cancellable, error);
+ return res != G_TLS_INTERACTION_FAILED;
+}
diff --git a/tls/openssl/gtlsconnection-openssl.h b/tls/openssl/gtlsconnection-openssl.h
index 4031f61..0689189 100644
--- a/tls/openssl/gtlsconnection-openssl.h
+++ b/tls/openssl/gtlsconnection-openssl.h
@@ -60,6 +60,9 @@ GType g_tls_connection_openssl_get_type (void) G_GNUC_CONST;
SSL *g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection);
SSL_CTX *g_tls_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *connection);
+gboolean g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
+ GError **error);
+
G_END_DECLS
#endif /* __G_TLS_CONNECTION_OPENSSL_H___ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]