if (!bits)
bits = BITS;
- ret = canl_cred_new_req(ctx, &proxy_bob, bits);
+ ret = canl_cred_new_req(ctx, proxy_bob, bits);
if (ret) {
fprintf(stderr, "[DELEGATION] Failed to create certificate "
"request container: %s\n", canl_get_error_message(ctx));
/* Bob - on receiving the final certificate and chain */
/* deserialize the new proxy cert and chain from Alice */
- ret = canl_cred_new(ctx, &proxy);
- if (ret){
- fprintf(stderr, "[DELEGATION] Proxy context cannot be created"
- ": %s\n", canl_get_error_message(ctx));
- goto end;
- }
-
- ret = canl_cred_load_req(ctx, proxy, proxy_bob);
- if (ret){
- fprintf(stderr, "[DELEGATION] Cannot load cert. request container"
- ": %s\n", canl_get_error_message(ctx));
- goto end;
- }
-
- ret = canl_cred_load_cert(ctx, proxy, x509_cert);
+ ret = canl_cred_load_cert(ctx, proxy_bob, x509_cert);
if (ret){
fprintf(stderr, "[DELEGATION] Cannot load certificate"
": %s\n", canl_get_error_message(ctx));
goto end;
}
- ret = canl_cred_load_chain(ctx, proxy, x509_chain);
+ ret = canl_cred_load_chain(ctx, proxy_bob, x509_chain);
if (ret){
fprintf(stderr, "[DELEGATION] Cannot load cert. chain"
": %s\n", canl_get_error_message(ctx));
if (!output)
output = OUTPUT;
- ret = canl_cred_save_proxyfile(ctx, proxy, output);
+ ret = canl_cred_save_proxyfile(ctx, proxy_bob, output);
if (ret){
fprintf(stderr, "[PROXY-INIT] Cannot save new proxy"
": %s\n", canl_get_error_message(ctx));
crd->c_cert_chain = NULL;
}
crd->c_cert_chain = sk_X509_dup(cert_stack);
- if (crd->c_cert_chain)
+ if (!crd->c_cert_chain)
return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy"
" certificate chain" ); //TODO check ret val
return 0;
}
crd->c_cert = X509_dup(cert);
- if (crd->c_cert)
+ if (!crd->c_cert)
return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy"
" certificate" ); //TODO check ret val
return 0;
proxy_crd->c_cert_chain = sk_X509_dup(signer_crd->c_cert_chain);
if (!proxy_crd->c_cert_chain)
proxy_crd->c_cert_chain = sk_X509_new_null();
- sk_X509_push(proxy_crd->c_cert_chain, signer_crd->c_cert);
+ sk_X509_push(proxy_crd->c_cert_chain, X509_dup(signer_crd->c_cert));
return 0;
creds *crd = (creds*) cred;
FILE *cert_file = NULL;
int ret = 0;
+ int o_ret = 0;
unsigned long ssl_err = 0;
X509 *cert_from_chain = NULL;
return set_error(cc, EINVAL, POSIX_ERROR, "Invalid proxy file name");
/*posix compliant*/
- ret = open(proxy_file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
- if (ret == -1){
+ o_ret = open(proxy_file, O_CREAT | O_EXCL |O_WRONLY, S_IRUSR | S_IWUSR);
+ if (o_ret == -1){
ret = errno;
set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing");
- return ret;
}
- close(ret);
- if (ret == -1){
- ret = errno;
- set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing");
- return ret;
+ else {
+ ret = close(o_ret);
+ if (ret == -1){
+ ret = errno;
+ set_error(cc, ret, POSIX_ERROR, "Cannot close file for writing");
+ return ret;
+ }
}
-
- cert_file = fopen(proxy_file, "ab");
+ if (o_ret)
+ cert_file = fopen(proxy_file, "wb");
+ else
+ cert_file = fopen(proxy_file, "ab");
if (!cert_file) {
ret = errno;
set_error(cc, ret, POSIX_ERROR, "cannot open file for writing");
return ret;
}
-
+
ERR_clear_error();
/*new cert + priv key + chain*/
}
*cert = X509_dup(crd->c_cert);
- if (*cert)
+ if (!(*cert))
return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy"
" certificate" ); //TODO check ret val
*cert_stack = NULL;
}
*cert_stack = sk_X509_dup(crd->c_cert_chain);
- if (*cert_stack)
+ if (!(*cert_stack))
return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy"
" certificate chain" ); //TODO check ret val
return 0;
git://scientific.zcu.cz / jra1mw.git / commitdiff