Setup context for VOMS callback

- pvd_setup_initializers and the destroy counterpart
- implement setup_SSL_proxy_handler() : set pvd to ssl context, give it unique ID

diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c
index a71b892..61f13f5 100644 (file)
--- a/emi.canl.canl-c/src/canl_cred.c
+++ b/emi.canl.canl-c/src/canl_cred.c
@@ -8,9 +8,8 @@
 
 static STACK_OF(X509)* my_sk_X509_dup(glb_ctx *cc, STACK_OF(X509) *stack);
 extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd);
-extern void proxy_verify_ctx_init(proxy_verify_ctx_desc * pvxd);
-static proxy_verify_desc *setup_initializers(char *cadir);
-static void destroy_initializers(void *data);
+extern proxy_verify_desc *pvd_setup_initializers(char *cadir);
+extern void pvd_destroy_initializers(void *data);
 
 static STACK_OF(X509)* my_sk_X509_dup(glb_ctx *cc, STACK_OF(X509) *stack)
 {
@@ -641,14 +640,14 @@ canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain,
 {
     proxy_verify_desc *pvd = NULL; /* verification context */
     
-    pvd = setup_initializers(cadir);    
+    pvd = pvd_setup_initializers(cadir);    
     proxy_verify_cert_chain(ucert, cert_chain, pvd);
 
-    destroy_initializers(pvd);
+    pvd_destroy_initializers(pvd);
     return ENOSYS;
 }
 
-static proxy_verify_desc *setup_initializers(char *cadir)
+proxy_verify_desc *pvd_setup_initializers(char *cadir)
 {
     proxy_verify_ctx_desc *pvxd = NULL;
     proxy_verify_desc *pvd = NULL;
@@ -673,7 +672,7 @@ static proxy_verify_desc *setup_initializers(char *cadir)
 
 }
 
-static void destroy_initializers(void *data)
+void pvd_destroy_initializers(void *data)
 {
     proxy_verify_desc *pvd = (proxy_verify_desc *)data;
 

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index 7700361..c89c4b4 100644 (file)
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -63,6 +63,10 @@ static canl_x509store_t * store_dup(canl_x509store_t *store_from);
 static X509_STORE * canl_create_x509store(canl_x509store_t *store);
 static canl_error get_verify_result(unsigned long ssl_err, const SSL *ssl);
 
+static void setup_SSL_proxy_handler(SSL *ssl, char *cadir);
+extern proxy_verify_desc *pvd_setup_initializers(char *cadir);
+extern void pvd_destroy_initializers(char *cadir);
+
 #ifdef DEBUG
 static void dbg_print_ssl_error(int errorcode);
 #endif
@@ -564,12 +568,20 @@ ssl_client_init(glb_ctx *cc, void **ctx)
     return 0;
 }
 
+void setup_SSL_proxy_handler(SSL *ssl, char *cadir)
+{
+    SSL_set_ex_data(ssl, PVD_SSL_EX_DATA_IDX,
+            pvd_setup_initializers(cadir));
+}
+
 static canl_err_code
 ssl_connect(glb_ctx *cc, io_handler *io, void *auth_ctx,
                struct timeval *timeout, const char * host)
 {
     SSL *ssl = (SSL *) auth_ctx;
     int err = 0, flags;
+    mech_glb_ctx *m_ctx = (mech_glb_ctx *)cc->mech_ctx;
+
 
     if (!cc) {
         return EINVAL;
@@ -584,7 +596,7 @@ ssl_connect(glb_ctx *cc, io_handler *io, void *auth_ctx,
     flags = fcntl(io->sock, F_GETFL, 0);
     (void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK);
 
-    //setup_SSL_proxy_handler(cc->ssl_ctx, cacertdir);
+    setup_SSL_proxy_handler(auth_ctx, m_ctx->ca_dir);
     SSL_set_fd(ssl, io->sock);
 
     err = do_ssl_connect(cc, io, ssl, timeout); 
@@ -684,6 +696,7 @@ ssl_accept(glb_ctx *cc, io_handler *io, void *auth_ctx, struct timeval *timeout)
 {
     SSL *ssl = (SSL *) auth_ctx;
     int err = 0, flags;
+    mech_glb_ctx *m_ctx = (mech_glb_ctx *)cc->mech_ctx;
 
     if (!cc) {
         return EINVAL;
@@ -698,7 +711,7 @@ ssl_accept(glb_ctx *cc, io_handler *io, void *auth_ctx, struct timeval *timeout)
     flags = fcntl(io->sock, F_GETFL, 0);
     (void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK);
 
-    //setup_SSL_proxy_handler(cc->ssl_ctx, cacertdir);
+    setup_SSL_proxy_handler(auth_ctx, m_ctx->ca_dir);
     SSL_set_fd(ssl, io->sock);
 
     err = do_ssl_accept(cc, io, ssl, timeout);