From: Fredrik Tolf Date: Tue, 19 Oct 2010 06:26:26 +0000 (+0200) Subject: sni: Added support for reading a whole directory with certificates. X-Git-Tag: 0.3~1^2~1 X-Git-Url: http://git.dolda2000.com/gitweb/?a=commitdiff_plain;h=26902200a8061d8e9211e5104abbf2acc84ed7b9;p=ashd.git sni: Added support for reading a whole directory with certificates. --- diff --git a/src/ssl-gnutls.c b/src/ssl-gnutls.c index 5247f2a..e27d314 100644 --- a/src/ssl-gnutls.c +++ b/src/ssl-gnutls.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -349,6 +350,28 @@ static struct namedcreds *readncreds(char *file) return(nc); } +static void readncdir(struct ncredbuf *buf, char *dir) +{ + DIR *d; + struct dirent *e; + size_t es; + + if((d = opendir(dir)) == NULL) { + flog(LOG_ERR, "ssl: could not read certificate directory %s: %s", dir, strerror(errno)); + exit(1); + } + while((e = readdir(d)) != NULL) { + if(e->d_name[0] == '.') + continue; + if((es = strlen(e->d_name)) <= 4) + continue; + if(strcmp(e->d_name + es - 4, ".crt")) + continue; + bufadd(*buf, readncreds(sprintf3("%s/%s", dir, e->d_name))); + } + closedir(d); +} + void handlegnussl(int argc, char **argp, char **argv) { int i, ret, port, fd; @@ -411,6 +434,8 @@ void handlegnussl(int argc, char **argp, char **argv) port = atoi(argv[i]); } else if(!strcmp(argp[i], "ncert")) { bufadd(ncreds, readncreds(argv[i])); + } else if(!strcmp(argp[i], "ncertdir")) { + readncdir(&ncreds, argv[i]); } else { flog(LOG_ERR, "unknown parameter `%s' to ssl handler", argp[i]); exit(1);