[glib-networking/wip/openssl: 33/41] Request certificate if there is an interaction



commit 405391278d20b84678f6225d369630f22d630899
Author: Ignacio Casal Quinteiro <icq gnome org>
Date:   Fri Nov 6 12:33:38 2015 +0100

    Request certificate if there is an interaction
    
    If the certificate wasn't set when needed and we have an
    interaction set, use the interaction to request the certificate.

 tls/openssl/gtlsclientconnection-openssl.c |   15 +++++++++++++++
 tls/openssl/gtlsconnection-openssl.c       |   23 +++++++++++++++++++++++
 tls/openssl/gtlsconnection-openssl.h       |    3 +++
 3 files changed, 41 insertions(+), 0 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 6aa6222..6742086 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -346,10 +346,13 @@ retrieve_certificate (SSL       *ssl,
   GTlsClientConnectionOpenssl *client;
   GTlsClientConnectionOpensslPrivate *priv;
   GTlsConnectionBase *tls;
+  GTlsConnectionOpenssl *openssl;
   GTlsCertificate *cert;
+  gboolean set_certificate = FALSE;
 
   client = SSL_get_ex_data (ssl, data_index);
   tls = G_TLS_CONNECTION_BASE (client);
+  openssl = G_TLS_CONNECTION_OPENSSL (client);
 
   priv = g_tls_client_connection_openssl_get_instance_private (client);
 
@@ -360,6 +363,18 @@ retrieve_certificate (SSL       *ssl,
 
   cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
   if (cert != NULL)
+    set_certificate = TRUE;
+  else
+    {
+      g_clear_error (&tls->certificate_error);
+      if (g_tls_connection_openssl_request_certificate (openssl, &tls->certificate_error))
+        {
+          cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
+          set_certificate = (cert != NULL);
+        }
+    }
+
+  if (set_certificate)
     {
       EVP_PKEY *key;
 
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index c3bd5b3..08ce38c 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -540,3 +540,26 @@ g_tls_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *openssl)
 
   return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl_ctx (openssl);
 }
+
+gboolean
+g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl  *openssl,
+                                              GError                **error)
+{
+  GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+  GTlsInteraction *interaction;
+  GTlsConnection *conn;
+  GTlsConnectionBase *tls;
+
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), FALSE);
+
+  conn = G_TLS_CONNECTION (openssl);
+  tls = G_TLS_CONNECTION_BASE (openssl);
+
+  interaction = g_tls_connection_get_interaction (conn);
+  if (!interaction)
+    return FALSE;
+
+  res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
+                                                     tls->read_cancellable, error);
+  return res != G_TLS_INTERACTION_FAILED;
+}
diff --git a/tls/openssl/gtlsconnection-openssl.h b/tls/openssl/gtlsconnection-openssl.h
index 4031f61..0689189 100644
--- a/tls/openssl/gtlsconnection-openssl.h
+++ b/tls/openssl/gtlsconnection-openssl.h
@@ -60,6 +60,9 @@ GType g_tls_connection_openssl_get_type (void) G_GNUC_CONST;
 SSL     *g_tls_connection_openssl_get_ssl     (GTlsConnectionOpenssl *connection);
 SSL_CTX *g_tls_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *connection);
 
+gboolean g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl  *openssl,
+                                                       GError                **error);
+
 G_END_DECLS
 
 #endif /* __G_TLS_CONNECTION_OPENSSL_H___ */


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]