From 52928f385d8a0885ba7cc6a110d4ff6dc4ab91e6 Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Wed, 22 Oct 2014 08:00:39 +0200 Subject: [LIBREPORT PATCH 100/105] ureport: allow multiple cert file in rhsm-entitlement dir Thanks Martin Milata https://bugzilla.redhat.com/show_bug.cgi?id=1140224#c6 Related to #1140224 Signed-off-by: Jakub Filak --- src/lib/ureport.c | 54 +++++++++++++++++++++++------------------------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/src/lib/ureport.c b/src/lib/ureport.c index 0e0472e..99e84ef 100644 --- a/src/lib/ureport.c +++ b/src/lib/ureport.c @@ -103,52 +103,44 @@ ureport_server_config_set_client_auth(struct ureport_server_config *config, ureport_server_config_set_url(config, xstrdup(RHSM_WEB_SERVICE_URL)); GList *certs = get_file_list(RHSMENT_PEM_DIR_PATH, "pem"); - if (g_list_length(certs) != 2) + if (g_list_length(certs) < 2) { + g_list_free_full(certs, (GDestroyNotify)free_file_obj); + log_notice(RHSMENT_PEM_DIR_PATH" does not contain unique cert-key files pair"); log_notice("Not using client authentication"); return; } - const char *cert = NULL; - const char *key = NULL; - - file_obj_t *fst = (file_obj_t *)certs->data; - file_obj_t *scn = (file_obj_t *)certs->next->data; - - if (strlen(fo_get_filename(fst)) < strlen(fo_get_filename(scn))) + /* Use the last non-key file found. */ + file_obj_t *cert = NULL; + for (GList *iter = certs; iter != NULL; iter = g_list_next(iter)) { - cert = fo_get_filename(fst); - key = fo_get_filename(scn); + file_obj_t *tmp = (file_obj_t *)iter->data; + const char *file_name = fo_get_filename(tmp); - config->ur_client_cert = xstrdup(fo_get_fullpath(fst)); - config->ur_client_key = xstrdup(fo_get_fullpath(scn)); + if (suffixcmp(file_name, "-key")) + cert = tmp; } - else + + if (cert == NULL) { - cert = fo_get_filename(scn); - key = fo_get_filename(fst); + g_list_free_full(certs, (GDestroyNotify)free_file_obj); - config->ur_client_cert = xstrdup(fo_get_fullpath(scn)); - config->ur_client_key = xstrdup(fo_get_fullpath(fst)); + log_notice(RHSMENT_PEM_DIR_PATH" contains only key files"); + log_notice("Not using client authentication"); + return; } - const bool iscomplement = prefixcmp(key, cert) != 0 || strcmp("-key", key + strlen(cert)) != 0; - g_list_free_full(certs, (GDestroyNotify)free_file_obj); + config->ur_client_cert = xstrdup(fo_get_fullpath(cert)); + /* Yes, the key file may not exists. I over took this code from + * sos-uploader and they are pretty happy with this approach, so why + * shouldn't we?. */ + config->ur_client_key = xasprintf("%s/%s-key.pem", RHSMENT_PEM_DIR_PATH, fo_get_filename(cert)); - if (iscomplement) - { - log_notice("Key file '%s' isn't complement to cert file '%s'", - config->ur_client_key, config->ur_client_cert); - log_notice("Not using client authentication"); - - free(config->ur_client_cert); - free(config->ur_client_key); - config->ur_client_cert = NULL; - config->ur_client_key = NULL; + log_debug("Using cert files: '%s' : '%s'", config->ur_client_cert, config->ur_client_key); - return; - } + g_list_free_full(certs, (GDestroyNotify)free_file_obj); char *certdata = xmalloc_open_read_close(config->ur_client_cert, /*no size limit*/NULL); if (certdata != NULL) -- 1.8.3.1