+
+int server_certificate_path(FILE **file, const char *hostname, char *path, size_t size) {
+ /* Hostname too long. */
+ if (size - strlen(STORED_SERVER_CERT_FORMAT) <= strlen(hostname)) {
+ LOG(LOG_WARNING,
+ "server_certificate_path(): hostname too long: '%s'",
+ hostname);
+ return -1;
+ }
+ /* Try to prevent path traversals in hostnames. */
+ if (NULL != strstr(hostname, "..")) {
+ LOG(LOG_WARNING,
+ "server_certificate_path(): possible path traversal: '%s'",
+ hostname);
+ return -1;
+ }
+ snprintf(path, size, STORED_SERVER_CERT_FORMAT, hostname);
+
+ /* Open the stored certificate file. */
+ *file = fopen(path, "rb");
+ if (NULL == *file) {
+ LOG(global_passthrough_unknown ? LOG_DEBUG : LOG_WARNING,
+ "server_certificate_path(): failed to open '%s': %s",
+ path, strerror(errno));
+ /* Couldn't open the file, special case. */
+ return -2;
+ }
+
+ return 0;
+}