From: Marcel Poul Date: Mon, 19 Mar 2012 15:32:02 +0000 (+0000) Subject: use proxy cert file (chain of certs) as easy as user cert X-Git-Tag: glite-jobid-api-c_R_2_1_2_1~28 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=294ccc8d27f01ba5fc85ab40e67cd30b6468d6f4;p=jra1mw.git use proxy cert file (chain of certs) as easy as user cert --- diff --git a/emi.canl.canl-c/examples/canl_sample_client.c b/emi.canl.canl-c/examples/canl_sample_client.c index dfd8851..812ed06 100644 --- a/emi.canl.canl-c/examples/canl_sample_client.c +++ b/emi.canl.canl-c/examples/canl_sample_client.c @@ -21,12 +21,14 @@ int main(int argc, char *argv[]) struct timeval timeout; char *serv_cert = NULL; char *serv_key = NULL; + char *proxy_cert = NULL; while ((opt = getopt(argc, argv, "hp:s:c:k:")) != -1) { switch (opt) { case 'h': fprintf(stderr, "Usage: %s [-p port] [-c certificate]" - " [-k private key] [-d ca_dir] [-h] \n", argv[0]); + " [-k private key] [-d ca_dir] [-h] " + " [-s server] [-x proxy certificate] \n", argv[0]); exit(0); case 'p': port = atoi(optarg); @@ -40,9 +42,13 @@ int main(int argc, char *argv[]) case 'k': serv_key = optarg; break; + case 'x': + proxy_cert = optarg; + break; default: /* '?' */ fprintf(stderr, "Usage: %s [-p port] [-c certificate]" - " [-k private key] [-d ca_dir] [-h] \n", argv[0]); + " [-k private key] [-d ca_dir] [-h] " + " [-s server] [-x proxy certificate] \n", argv[0]); exit(-1); } } @@ -64,7 +70,8 @@ int main(int argc, char *argv[]) } if (serv_cert || serv_key){ - err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, NULL, NULL); + err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, proxy_cert, + NULL, NULL); if (err) { printf("[CLIENT] cannot set certificate or key to context: %s\n", canl_get_error_message(my_ctx)); diff --git a/emi.canl.canl-c/examples/canl_sample_server.c b/emi.canl.canl-c/examples/canl_sample_server.c index 67e9068..f1558be 100644 --- a/emi.canl.canl-c/examples/canl_sample_server.c +++ b/emi.canl.canl-c/examples/canl_sample_server.c @@ -65,7 +65,8 @@ int main(int argc, char *argv[]) } if (serv_cert || serv_key){ - err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, NULL, NULL); + err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, NULL, + NULL, NULL); if (err) { printf("[SERVER] cannot set certificate or key to context: %s\n", canl_get_error_message(my_ctx)); diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index cab9b4b..ee07f9c 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -889,7 +889,7 @@ ssl_finish(glb_ctx *cc, void *ctx) /*maybe move to better file*/ canl_err_code -canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key, +canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key, char *proxy, canl_password_callback cb, void *userdata) { glb_ctx *glb_cc = (glb_ctx*) cc; @@ -904,7 +904,7 @@ canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key, return EINVAL; } - err = do_set_ctx_own_cert_file(glb_cc, m_ctx, cert, key, NULL); + err = do_set_ctx_own_cert_file(glb_cc, m_ctx, cert, key, proxy); if(err) { // update_error(glb_cc, "can't set cert or key to context"); } diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h index e3967ed..09f01fd 100644 --- a/emi.canl.canl-c/src/canl_ssl.h +++ b/emi.canl.canl-c/src/canl_ssl.h @@ -15,7 +15,7 @@ canl_ctx CANL_CALLCONV canl_ctx_set_ssl_flags(canl_ctx, unsigned int); canl_err_code CANL_CALLCONV -canl_ctx_set_ssl_cred(canl_ctx, char *, char *key, +canl_ctx_set_ssl_cred(canl_ctx, char *, char *key, char *proxy, canl_password_callback, void *); canl_err_code CANL_CALLCONV