From 72114287307205d45883cd56894bd55796a712d7 Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Tue, 10 Jan 2012 12:40:08 +0000
Subject: [PATCH] client uses VOMS method to get proxy filenames, (should
 change default behavior)

---
 emi.canl.canl-c/src/canl_ssl.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index e6b4ccb..1ff4483 100644
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -38,7 +38,7 @@ int ssl_server_init(glb_ctx *cc)
     if (!err && (!cc->cert_key || !cc->cert_key->cert || !cc->cert_key->key)) {
         err = do_set_ctx_own_cert_file(cc, user_cert_fn, user_key_fn);
         if (err)
-            goto end;
+            return err;
     }
 
     free(user_cert_fn);
@@ -124,6 +124,9 @@ int ssl_client_init(glb_ctx *cc, io_handler *io)
     unsigned long ssl_err = 0;
     int err = 0;
     CANL_ERROR_ORIGIN e_orig = unknown_error;
+    char *ca_cert_fn, *user_cert_fn, *user_key_fn, *user_proxy_fn;
+    char *ca_cert_dirn = NULL;
+    ca_cert_fn = user_cert_fn = user_key_fn = user_proxy_fn = NULL;
 
     if (!cc) {
         return EINVAL;
@@ -144,10 +147,29 @@ int ssl_client_init(glb_ctx *cc, io_handler *io)
         e_orig = ssl_error;
         goto end;
     }
+    err = proxy_get_filenames(0, &ca_cert_fn, &ca_cert_dirn, &user_proxy_fn,
+            &user_cert_fn, &user_key_fn);
+    if (!err && (!cc->cert_key || !cc->cert_key->cert || !cc->cert_key->key)) {
+        if (user_proxy_fn) {
+            err = do_set_ctx_own_cert_file(cc, user_proxy_fn, user_proxy_fn);
+            if (err)
+                return err;
+        }
+    }
 
-    //TODO test hardcoded
-    SSL_CTX_load_verify_locations(cc->ssl_ctx, "~/terena_ca_file.pem", NULL);
+    free(user_cert_fn);
+    user_cert_fn = NULL;
+    free(user_key_fn);
+    user_key_fn = NULL;
+    free(user_proxy_fn);
+    user_proxy_fn = NULL;
 
+    SSL_CTX_load_verify_locations(cc->ssl_ctx, ca_cert_fn, ca_cert_dirn);
+    free(ca_cert_fn);
+    ca_cert_fn = NULL;
+    free(ca_cert_dirn);
+    ca_cert_dirn = NULL;
+    
     //err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2");
     err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL");
     if (!err) {
-- 
1.8.2.3