From 7215e5f450ba6039b04601e4ac10a1a5539a18ef Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Tue, 31 Jan 2012 22:59:02 +0000
Subject: [PATCH] load key and cert. using default path properly

---
 emi.canl.canl-c/src/canl.c     |  4 ++--
 emi.canl.canl-c/src/canl_ssl.c | 28 ++++++++++++++++++++++------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/emi.canl.canl-c/src/canl.c b/emi.canl.canl-c/src/canl.c
index 4d19c77..6be2d02 100644
--- a/emi.canl.canl-c/src/canl.c
+++ b/emi.canl.canl-c/src/canl.c
@@ -277,8 +277,8 @@ canl_io_accept(canl_ctx cc, canl_io_handler io, int new_fd,
 	err = mech->get_peer(glb_cc, io_cc, conn_ctx, peer);
 	if (err)
 	    goto end;
-    }*/
-
+    }
+*/
     io_cc->authn_mech.ctx = conn_ctx;
     io_cc->authn_mech.type = mech->mech;
     io_cc->authn_mech.oid = GSS_C_NO_OID;
diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index 44b5500..bbf9c53 100644
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -142,11 +142,9 @@ ssl_server_init(glb_ctx *cc, void *mech_ctx, void **ctx)
         return 1;
     }
     /*Make sure the key and certificate file match*/
-    if ( (err = SSL_check_private_key(ssl)) != 1) {
-        set_error(cc, ERR_get_error(), SSL_ERROR, "Private key does not match"
-                " the certificate public key"); 
-        return 1;
-    }
+    if ( (err = SSL_check_private_key(ssl)) != 1)
+        return set_error(cc, ERR_get_error(), SSL_ERROR, "Private key"
+               " does not match the certificate public key"); 
 
     *ctx = ssl;
 
@@ -183,6 +181,18 @@ ssl_client_init(glb_ctx *cc, void *mech_ctx, void **ctx)
             if (err)
                 return err;
         }
+        else {
+            if (user_cert_fn && !access(user_cert_fn, R_OK)) {
+                err = do_set_ctx_own_cert_file(cc, user_cert_fn, NULL);
+                if (err)
+                    return err;
+            }
+            if (user_key_fn && !access(user_key_fn, R_OK)) {
+                err = do_set_ctx_own_cert_file(cc, NULL, user_key_fn);
+                if (err)
+                    return err;
+            }
+        }
     }
 
     free(user_cert_fn);
@@ -200,7 +210,7 @@ ssl_client_init(glb_ctx *cc, void *mech_ctx, void **ctx)
                         "use private key");
             }
         }
-        else if (cc->cert_key->cert) {
+        if (cc->cert_key->cert) {
             err = SSL_use_certificate(ssl, cc->cert_key->cert);
             if (err != 1) {
                 return set_error(cc, ERR_get_error(), SSL_ERROR, "Cannot"
@@ -208,6 +218,12 @@ ssl_client_init(glb_ctx *cc, void *mech_ctx, void **ctx)
             }
         }
     }
+    /*Make sure the key and certificate file match
+     * not mandatory on client side*/
+    if (cc->cert_key->cert && cc->cert_key->key)
+    if ( (err = SSL_check_private_key(ssl)) != 1)
+        return set_error(cc, ERR_get_error(), SSL_ERROR, "Private key"
+                " does not match the certificate public key"); 
 
     *ctx = ssl;
     return 0;
-- 
1.8.2.3