From c30ffbeebf883ae1ed8b25f12ffbe9cc784b9c2a Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Tue, 7 Aug 2012 15:04:24 +0000
Subject: [PATCH] Make X509_STORE from canl structure and initialize it.

---
 emi.canl.canl-c/src/canl_locl.h      |  1 +
 emi.canl.canl-c/src/canl_ocsp.c      | 41 +++++++++++++++++++++++++++++++++---
 emi.canl.canl-c/src/proxy/sslutils.c |  4 ++++
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/emi.canl.canl-c/src/canl_locl.h b/emi.canl.canl-c/src/canl_locl.h
index 1a3aed1..95f7903 100644
--- a/emi.canl.canl-c/src/canl_locl.h
+++ b/emi.canl.canl-c/src/canl_locl.h
@@ -118,6 +118,7 @@ typedef struct canl_mech {
 
 typedef struct {
     char *ca_dir;
+    char *ca_file;
     char *crl_dir;
 } canl_x509store_t;
 
diff --git a/emi.canl.canl-c/src/canl_ocsp.c b/emi.canl.canl-c/src/canl_ocsp.c
index 97d071d..db16960 100644
--- a/emi.canl.canl-c/src/canl_ocsp.c
+++ b/emi.canl.canl-c/src/canl_ocsp.c
@@ -214,9 +214,41 @@ set_ocsp_store(canl_ocsprequest_t *ocspreq, canl_x509store_t *store)
 }
 
 static X509_STORE *
-canl_create_x509store(canl_x509store_t *store)
+canl_create_x509store(canl_x509store_t *c_store)
 {
-    return NULL;
+    X509_STORE *store = NULL;
+    X509_LOOKUP *lookup = NULL;
+
+
+    if (!c_store)
+        return NULL;
+    if(!(store = X509_STORE_new()))
+        goto end; 
+    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        goto end;
+    if (c_store->ca_file) {
+        if(!X509_LOOKUP_load_file(lookup, c_store->ca_file, X509_FILETYPE_PEM)) { 
+            goto end; 
+        } 
+    }
+    else X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); 
+
+    lookup=X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); 
+    if (lookup == NULL)
+        goto end; 
+    if (c_store->ca_dir) {
+        if(!X509_LOOKUP_add_dir(lookup, c_store->ca_dir, X509_FILETYPE_PEM)) { 
+            goto end;
+        }
+    }
+    else X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); 
+
+    ERR_clear_error(); 
+    return store; 
+end: 
+    X509_STORE_free(store); 
+    return NULL; 
 }
 
 /* Extract an url of given ocsp responder out of the AIA extension.
@@ -377,7 +409,10 @@ int do_ocsp_verify (canl_ocsprequest_t *data)
     if (USENONCE && OCSP_check_nonce(req, basic) <= 0) 
         goto end;
     /*TODO make the store*/ 
-    if (data->store && !(store = canl_create_x509store(data->store)))
+    if (data->store)
+        goto end;
+    store = canl_create_x509store(data->store);
+    if (!store)
         goto end;
     /*TODO check the second parametr (responder_cert) and the last one*/
     if ((rc = OCSP_basic_verify(basic, 0, store, 0)) <= 0)
diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index 379f97c..a9e2f7c 100644
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -2185,6 +2185,10 @@ proxy_verify_callback(
         }
     }
 
+    /*
+       OCSP check
+     */
+
     EVP_PKEY_free(key);
 
     if (objset)
-- 
1.8.2.3