/* Load proxy CA file, this CA "list" is send to the client. */
if (!use_invalid_cert) {
result = gnutls_certificate_set_x509_trust_file(*x509_cred,
- PROXY_CA_FILE,
+ PROXY_CA_PATH,
GNUTLS_X509_FMT_PEM);
if (result <= 0) {
LOG(ERROR,
"initialize_tls_session_client(): can't read CA file: '%s'",
- PROXY_CA_FILE);
+ PROXY_CA_PATH);
gnutls_certificate_free_credentials(*x509_cred);
return -1;
}
/* And certificate for this website and proxy's private key. */
if (!use_invalid_cert) {
result = gnutls_certificate_set_x509_key_file(*x509_cred,
- path, PROXY_KEY_FILE,
+ path,
+ PROXY_KEY_PATH,
GNUTLS_X509_FMT_PEM);
/* If the invalid hostname was specified load our special "invalid"
* certificate. */
} else {
result = gnutls_certificate_set_x509_key_file(*x509_cred,
- PROXY_INVALID_CERT_FILE,
- PROXY_KEY_FILE,
+ PROXY_INVALID_CERT_PATH,
+ PROXY_KEY_PATH,
GNUTLS_X509_FMT_PEM);
}
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
"initialize_tls_session_client(): "
"can't read server certificate ('%s') or key file ('%s'): %s",
- path, PROXY_KEY_FILE, gnutls_strerror(result));
+ path, PROXY_KEY_PATH, gnutls_strerror(result));
gnutls_certificate_free_credentials(*x509_cred);
/* Could be a missing certificate. */
return -2;
#define TLSPROXY_MAX_PATH_LENGTH 1024
/* Paths to necessary TLS files: the CA and the server key. */
-#define PROXY_CA_FILE "proxy-ca.pem"
-#define PROXY_KEY_FILE "proxy-key.pem"
+#define PROXY_CA_PATH "proxy-ca.pem"
+#define PROXY_KEY_PATH "proxy-key.pem"
/* Path to special "invalid" certificate send to the client when an error
* occurs. */
-#define PROXY_INVALID_CERT_FILE "proxy-invalid.pem"
+#define PROXY_INVALID_CERT_PATH "proxy-invalid.pem"
/* The server certificate for the given hostname is stored in
* "./certificate-hostname-proxy.pem" - we use this for the connection to the
* client. */
ruderich.org/simon / tlsproxy / tlsproxy.git / commitdiff