summaryrefslogtreecommitdiff
path: root/source4/lib/tls
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-06-26 00:12:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:18:48 -0500
commit8c53aba485e7986baacf91b2c99ef7999142aee4 (patch)
treeb615503de3ef8a222ba95d5dd8a591d71cf7653f /source4/lib/tls
parentb3e493470f3465cfe5cfa958b019ac8cfb8f12f2 (diff)
downloadsamba-8c53aba485e7986baacf91b2c99ef7999142aee4.tar.gz
samba-8c53aba485e7986baacf91b2c99ef7999142aee4.tar.bz2
samba-8c53aba485e7986baacf91b2c99ef7999142aee4.zip
r7912: make private_path() recognise a non-relative filename, so we can have
sam database = sam.ldb and it will know to put it in the private dir, but if you use sam database = ldap://server it knows to use it as-is (This used to be commit c5bccbc366db144d3e1cb7b21f0e3284d841dd06)
Diffstat (limited to 'source4/lib/tls')
-rw-r--r--source4/lib/tls/tls.c28
1 files changed, 21 insertions, 7 deletions
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index f89e2f1028..12087639c1 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -309,17 +309,22 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
{
struct tls_params *params;
int ret;
- const char *keyfile = lp_tls_keyfile();
- const char *certfile = lp_tls_certfile();
- const char *cafile = lp_tls_cafile();
- const char *crlfile = lp_tls_crlfile();
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile());
+ const char *certfile = private_path(tmp_ctx, lp_tls_certfile());
+ const char *cafile = private_path(tmp_ctx, lp_tls_cafile());
+ const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile());
void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
params = talloc(mem_ctx, struct tls_params);
- if (params == NULL) return NULL;
+ if (params == NULL) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) {
params->tls_enabled = False;
+ talloc_free(tmp_ctx);
return params;
}
@@ -371,11 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
params->tls_enabled = True;
+ talloc_free(tmp_ctx);
return params;
init_failed:
DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret)));
params->tls_enabled = False;
+ talloc_free(tmp_ctx);
return params;
}
@@ -450,6 +457,8 @@ struct tls_context *tls_init_client(struct socket_context *socket,
struct tls_context *tls;
int ret;
const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ char *cafile;
+
tls = talloc(socket, struct tls_context);
if (tls == NULL) return NULL;
@@ -461,11 +470,16 @@ struct tls_context *tls_init_client(struct socket_context *socket,
return tls;
}
+ cafile = private_path(tls, lp_tls_cafile());
+ if (!cafile || !*cafile) {
+ goto failed;
+ }
+
gnutls_global_init();
gnutls_certificate_allocate_credentials(&tls->xcred);
- gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(),
- GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+ talloc_free(cafile);
TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
TLSCHECK(gnutls_set_default_priority(tls->session));
gnutls_certificate_type_set_priority(tls->session, cert_type_priority);