/* We got the certificate as PEM, free it. */
gnutls_x509_crt_deinit(cert);
- /* Hostname too long. */
- if (sizeof(path) - strlen(STORED_SERVER_CERT_FORMAT) <= strlen(hostname)) {
- LOG(LOG_WARNING,
- "verify_tls_connection(): hostname too long: '%s'",
- hostname);
- return -1;
- }
- /* Try to prevent path traversals in hostnames. */
- if (NULL != strstr(hostname, "..")) {
- LOG(LOG_WARNING,
- "verify_tls_connection(): possible path traversal: '%s'",
- hostname);
- return -1;
- }
- snprintf(path, sizeof(path), STORED_SERVER_CERT_FORMAT, hostname);
-
- /* Open the stored certificate file. */
- file = fopen(path, "rb");
- if (NULL == file) {
- LOG(LOG_WARNING,
- "verify_tls_connection(): failed to open '%s': %s",
- path, strerror(errno));
+ /* Open stored server certificate file. */
+ if (0 != server_certificate_path(&file, hostname, path, sizeof(path))) {
return -1;
}
return 0;
}
+
+int server_certificate_path(FILE **file, const char *hostname, char *path, size_t size) {
+ /* Hostname too long. */
+ if (size - strlen(STORED_SERVER_CERT_FORMAT) <= strlen(hostname)) {
+ LOG(LOG_WARNING,
+ "server_certificate_path(): hostname too long: '%s'",
+ hostname);
+ return -1;
+ }
+ /* Try to prevent path traversals in hostnames. */
+ if (NULL != strstr(hostname, "..")) {
+ LOG(LOG_WARNING,
+ "server_certificate_path(): possible path traversal: '%s'",
+ hostname);
+ return -1;
+ }
+ snprintf(path, size, STORED_SERVER_CERT_FORMAT, hostname);
+
+ /* Open the stored certificate file. */
+ *file = fopen(path, "rb");
+ if (NULL == *file) {
+ LOG(global_passthrough_unknown ? LOG_DEBUG : LOG_WARNING,
+ "server_certificate_path(): failed to open '%s': %s",
+ path, strerror(errno));
+ /* Couldn't open the file, special case. */
+ return -2;
+ }
+
+ return 0;
+}
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff