From: Marcel Poul Date: Mon, 9 Jul 2012 14:52:42 +0000 (+0000) Subject: Setup context for VOMS callback X-Git-Tag: gridsite-core_R_1_7_22~31 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=2e0d6485b1c013c48bd674bbdf9f691b3ab22752;p=jra1mw.git Setup context for VOMS callback - pvd_setup_initializers and the destroy counterpart - implement setup_SSL_proxy_handler() : set pvd to ssl context, give it unique ID --- diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c index a71b892..61f13f5 100644 --- a/emi.canl.canl-c/src/canl_cred.c +++ b/emi.canl.canl-c/src/canl_cred.c @@ -8,9 +8,8 @@ static STACK_OF(X509)* my_sk_X509_dup(glb_ctx *cc, STACK_OF(X509) *stack); extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); -extern void proxy_verify_ctx_init(proxy_verify_ctx_desc * pvxd); -static proxy_verify_desc *setup_initializers(char *cadir); -static void destroy_initializers(void *data); +extern proxy_verify_desc *pvd_setup_initializers(char *cadir); +extern void pvd_destroy_initializers(void *data); static STACK_OF(X509)* my_sk_X509_dup(glb_ctx *cc, STACK_OF(X509) *stack) { @@ -641,14 +640,14 @@ canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain, { proxy_verify_desc *pvd = NULL; /* verification context */ - pvd = setup_initializers(cadir); + pvd = pvd_setup_initializers(cadir); proxy_verify_cert_chain(ucert, cert_chain, pvd); - destroy_initializers(pvd); + pvd_destroy_initializers(pvd); return ENOSYS; } -static proxy_verify_desc *setup_initializers(char *cadir) +proxy_verify_desc *pvd_setup_initializers(char *cadir) { proxy_verify_ctx_desc *pvxd = NULL; proxy_verify_desc *pvd = NULL; @@ -673,7 +672,7 @@ static proxy_verify_desc *setup_initializers(char *cadir) } -static void destroy_initializers(void *data) +void pvd_destroy_initializers(void *data) { proxy_verify_desc *pvd = (proxy_verify_desc *)data; diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index 7700361..c89c4b4 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -63,6 +63,10 @@ static canl_x509store_t * store_dup(canl_x509store_t *store_from); static X509_STORE * canl_create_x509store(canl_x509store_t *store); static canl_error get_verify_result(unsigned long ssl_err, const SSL *ssl); +static void setup_SSL_proxy_handler(SSL *ssl, char *cadir); +extern proxy_verify_desc *pvd_setup_initializers(char *cadir); +extern void pvd_destroy_initializers(char *cadir); + #ifdef DEBUG static void dbg_print_ssl_error(int errorcode); #endif @@ -564,12 +568,20 @@ ssl_client_init(glb_ctx *cc, void **ctx) return 0; } +void setup_SSL_proxy_handler(SSL *ssl, char *cadir) +{ + SSL_set_ex_data(ssl, PVD_SSL_EX_DATA_IDX, + pvd_setup_initializers(cadir)); +} + static canl_err_code ssl_connect(glb_ctx *cc, io_handler *io, void *auth_ctx, struct timeval *timeout, const char * host) { SSL *ssl = (SSL *) auth_ctx; int err = 0, flags; + mech_glb_ctx *m_ctx = (mech_glb_ctx *)cc->mech_ctx; + if (!cc) { return EINVAL; @@ -584,7 +596,7 @@ ssl_connect(glb_ctx *cc, io_handler *io, void *auth_ctx, flags = fcntl(io->sock, F_GETFL, 0); (void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK); - //setup_SSL_proxy_handler(cc->ssl_ctx, cacertdir); + setup_SSL_proxy_handler(auth_ctx, m_ctx->ca_dir); SSL_set_fd(ssl, io->sock); err = do_ssl_connect(cc, io, ssl, timeout); @@ -684,6 +696,7 @@ ssl_accept(glb_ctx *cc, io_handler *io, void *auth_ctx, struct timeval *timeout) { SSL *ssl = (SSL *) auth_ctx; int err = 0, flags; + mech_glb_ctx *m_ctx = (mech_glb_ctx *)cc->mech_ctx; if (!cc) { return EINVAL; @@ -698,7 +711,7 @@ ssl_accept(glb_ctx *cc, io_handler *io, void *auth_ctx, struct timeval *timeout) flags = fcntl(io->sock, F_GETFL, 0); (void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK); - //setup_SSL_proxy_handler(cc->ssl_ctx, cacertdir); + setup_SSL_proxy_handler(auth_ctx, m_ctx->ca_dir); SSL_set_fd(ssl, io->sock); err = do_ssl_accept(cc, io, ssl, timeout);