CernVM-FS  2.13.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
ssl.cc
Go to the documentation of this file.
1 
5 #include "ssl.h"
6 
7 #include <dirent.h>
8 
9 #include <cstdlib>
10 #include <string>
11 #include <vector>
12 
13 #include "duplex_curl.h"
14 #include "util/platform.h"
15 #include "util/posix.h"
16 #include "util/string.h"
17 
18 namespace {
19 
20 bool HasCertificates(const std::string &directory) {
21  DIR *dirp = opendir(directory.c_str());
22  if (!dirp)
23  return false;
24 
25  platform_dirent64 *dirent;
26  while ((dirent = platform_readdir(dirp))) {
27  const std::string filename(directory + "/" + std::string(dirent->d_name));
28 
29  platform_stat64 stat;
30  if (platform_stat(filename.c_str(), &stat) != 0)
31  continue;
32  if (!(S_ISREG(stat.st_mode) || S_ISLNK(stat.st_mode)))
33  continue;
34 
35  if (HasSuffix(filename, ".pem", /* ignore case = */ false)
36  || HasSuffix(filename, ".crt", /* ignore case = */ false)) {
37  closedir(dirp);
38  return true;
39  }
40  }
41 
42  closedir(dirp);
43  return false;
44 }
45 
46 } // namespace
47 
48 
49 SslCertificateStore::SslCertificateStore() {
50  const char *ca_path_env = getenv("X509_CERT_DIR");
51  if (ca_path_env && *ca_path_env)
52  ca_path_ = ca_path_env;
53  else
54  ca_path_ = "/etc/grid-security/certificates";
55  const char *ca_bundle_env = getenv("X509_CERT_BUNDLE");
56  if (ca_bundle_env && *ca_bundle_env)
57  ca_bundle_ = ca_bundle_env;
58 }
59 
60 
61 bool SslCertificateStore::ApplySslCertificatePath(CURL *handle) const {
62  CURLcode res1 = curl_easy_setopt(handle, CURLOPT_CAPATH, ca_path_.c_str());
63  CURLcode res2 = CURLE_OK;
64  if (!ca_bundle_.empty())
65  res2 = curl_easy_setopt(handle, CURLOPT_CAINFO, ca_bundle_.c_str());
66 
67  return (res1 == CURLE_OK) && (res2 == CURLE_OK);
68 }
69 
70 
71 void SslCertificateStore::UseSystemCertificatePath() {
72  std::vector<std::string> candidates;
73 
74  candidates.push_back("/etc/ssl/certs");
75  candidates.push_back("/etc/pki/tls/certs");
76  candidates.push_back("/etc/ssl");
77  candidates.push_back("/etc/pki/tls");
78  candidates.push_back("/etc/pki/ca-trust/extracted/pem");
79  candidates.push_back("/etc/ssl");
80 
81  for (unsigned i = 0; i < candidates.size(); ++i) {
82  if (HasCertificates(candidates[i])) {
83  const std::string bundle_candidate = candidates[i] + "/ca-bundle.crt";
84  if (ca_bundle_.empty()
85  && (FileExists(bundle_candidate)
86  || SymlinkExists(bundle_candidate))) {
87  ca_bundle_ = bundle_candidate;
88  }
89  ca_path_ = candidates[i];
90  return;
91  }
92  }
93 
94  // fallback
95  ca_path_ = candidates[0];
96 }
platform_stat64
struct stat64 platform_stat64
Definition: platform_linux.h:212
platform_stat
int platform_stat(const char *path, platform_stat64 *buf)
Definition: platform_linux.h:214
anonymous_namespace{ssl.cc}::HasCertificates
bool HasCertificates(const std::string &directory)
Definition: ssl.cc:20
SymlinkExists
bool SymlinkExists(const std::string &path)
Definition: posix.cc:833
FileExists
bool FileExists(const std::string &path)
Definition: posix.cc:803
SslCertificateStore::ApplySslCertificatePath
bool ApplySslCertificatePath(CURL *handle) const
Definition: ssl.cc:61
HasSuffix
bool HasSuffix(const std::string &str, const std::string &suffix, const bool ignore_case)
Definition: string.cc:296
SslCertificateStore::UseSystemCertificatePath
void UseSystemCertificatePath()
Definition: ssl.cc:71
SslCertificateStore::ca_bundle_
std::string ca_bundle_
Definition: ssl.h:31
SslCertificateStore::ca_path_
std::string ca_path_
Definition: ssl.h:30
platform_readdir
platform_dirent64 * platform_readdir(DIR *dirp)
Definition: platform_linux.h:208
duplex_curl.h
SslCertificateStore::SslCertificateStore
SslCertificateStore()
Definition: ssl.cc:49
platform_dirent64
struct dirent64 platform_dirent64
Definition: platform_linux.h:206