CernVM-FS  2.10.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
ssl.cc
Go to the documentation of this file.
1 
5 #include "ssl.h"
6 
7 #include <dirent.h>
8 
9 #include <cstdlib>
10 #include <string>
11 #include <vector>
12 
13 #include "duplex_curl.h"
14 #include "platform.h"
15 #include "util/posix.h"
16 #include "util/string.h"
17 
18 namespace {
19 
20 bool HasCertificates(const std::string &directory) {
21  DIR *dirp = opendir(directory.c_str());
22  if (!dirp) return false;
23 
24  platform_dirent64 *dirent;
25  while ((dirent = platform_readdir(dirp))) {
26  const std::string filename(directory + "/" + std::string(dirent->d_name));
27 
28  platform_stat64 stat;
29  if (platform_stat(filename.c_str(), &stat) != 0) continue;
30  if (!(S_ISREG(stat.st_mode) || S_ISLNK(stat.st_mode))) continue;
31 
32  if (HasSuffix(filename, ".pem", /* ignore case = */ false) ||
33  HasSuffix(filename, ".crt", /* ignore case = */ false)) {
34  closedir(dirp);
35  return true;
36  }
37  }
38 
39  closedir(dirp);
40  return false;
41 }
42 
43 } // namespace
44 
45 
47  const char *ca_path_env = getenv("X509_CERT_DIR");
48  if (ca_path_env && *ca_path_env)
49  ca_path_ = ca_path_env;
50  else
51  ca_path_ = "/etc/grid-security/certificates";
52  const char *ca_bundle_env = getenv("X509_CERT_BUNDLE");
53  if (ca_bundle_env && *ca_bundle_env)
54  ca_bundle_ = ca_bundle_env;
55 }
56 
57 
59  CURLcode res1 = curl_easy_setopt(handle, CURLOPT_CAPATH, ca_path_.c_str());
60  CURLcode res2 = CURLE_OK;
61  if (!ca_bundle_.empty())
62  res2 = curl_easy_setopt(handle, CURLOPT_CAINFO, ca_bundle_.c_str());
63 
64  return (res1 == CURLE_OK) && (res2 == CURLE_OK);
65 }
66 
67 
69  std::vector<std::string> candidates;
70 
71  candidates.push_back("/etc/ssl/certs");
72  candidates.push_back("/etc/pki/tls/certs");
73  candidates.push_back("/etc/ssl");
74  candidates.push_back("/etc/pki/tls");
75  candidates.push_back("/etc/pki/ca-trust/extracted/pem");
76  candidates.push_back("/etc/ssl");
77 
78  for (unsigned i = 0; i < candidates.size(); ++i) {
79  if (HasCertificates(candidates[i])) {
80  const std::string bundle_candidate = candidates[i] + "/ca-bundle.crt";
81  if (ca_bundle_.empty() &&
82  (FileExists(bundle_candidate) || SymlinkExists(bundle_candidate)))
83  {
84  ca_bundle_ = bundle_candidate;
85  }
86  ca_path_ = candidates[i];
87  return;
88  }
89  }
90 
91  // fallback
92  ca_path_ = candidates[0];
93 }
struct stat64 platform_stat64
int platform_stat(const char *path, platform_stat64 *buf)
bool HasCertificates(const std::string &directory)
Definition: ssl.cc:20
bool SymlinkExists(const std::string &path)
Definition: posix.cc:848
bool FileExists(const std::string &path)
Definition: posix.cc:816
bool ApplySslCertificatePath(CURL *handle) const
Definition: ssl.cc:58
bool HasSuffix(const std::string &str, const std::string &suffix, const bool ignore_case)
Definition: string.cc:279
void UseSystemCertificatePath()
Definition: ssl.cc:68
std::string ca_bundle_
Definition: ssl.h:31
std::string ca_path_
Definition: ssl.h:30
platform_dirent64 * platform_readdir(DIR *dirp)
SslCertificateStore()
Definition: ssl.cc:46
struct dirent64 platform_dirent64