From: Andrew Zaborowski <andrew.zaborowski@intel.com>
To: ell@lists.01.org
Subject: [PATCH 2/3] tools: Convert certchain-verify to l_cert_load_container_file
Date: Wed, 28 Apr 2021 19:30:20 +0200 [thread overview]
Message-ID: <20210428173021.2036697-2-andrew.zaborowski@intel.com> (raw)
In-Reply-To: <20210428173021.2036697-1-andrew.zaborowski@intel.com>
[-- Attachment #1: Type: text/plain, Size: 2934 bytes --]
Drop the local certificate chain loading code in favour of
l_cert_load_container_file to support the format dumped by
l_tls_set_cert_dump_path and whlie there also other formats.
---
tools/certchain-verify.c | 68 +++-------------------------------------
1 file changed, 5 insertions(+), 63 deletions(-)
diff --git a/tools/certchain-verify.c b/tools/certchain-verify.c
index 1a1dab1..732c187 100644
--- a/tools/certchain-verify.c
+++ b/tools/certchain-verify.c
@@ -23,72 +23,16 @@
#endif
#include <stdio.h>
-#include <errno.h>
-#include <stdint.h>
-#include <stdbool.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/mman.h>
#include <ell/ell.h>
-#include "ell/tls-private.h"
-
-static int load_cert_chain(const char *file, struct l_certchain **certchain)
-{
- int fd;
- struct stat st;
- char *data;
- int err;
-
- fd = open(file, O_RDONLY);
- if (fd < 0) {
- fprintf(stderr, "Could not open %s: %s\n",
- file, strerror(errno));
- return -errno;
- }
-
- if (fstat(fd, &st) < 0) {
- err = -errno;
- fprintf(stderr, "Could not stat %s: %s\n",
- file, strerror(errno));
- goto close_file;
- }
-
- if (st.st_size == 0) {
- err = -EINVAL;
- fprintf(stderr, "Certificate file %s is empty!\n", file);
- goto close_file;
- }
-
- data = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
- if (data == MAP_FAILED) {
- err = -errno;
- fprintf(stderr, "Could not mmap %s: %s\n",
- file, strerror(errno));
- goto close_file;
- }
-
- err = tls_parse_certificate_list(data, st.st_size, certchain);
- if (err < 0)
- fprintf(stderr, "Could not parse certificate list: %s\n",
- strerror(-err));
-
- munmap(data, st.st_size);
-
-close_file:
- close(fd);
- return err;
-}
static void usage(const char *bin)
{
- printf("%s - TLS certificate chain verification utility\n\n", bin);
+ printf("%s - Certificate chain verification utility\n\n", bin);
- printf("Usage: %s [options] <ca_cert file> <raw certificates file>\n"
- " <ca_cert file> - local CA Certificate to validate against\n"
- " <raw certificates file> - Certificates obtained from PCAP\n"
+ printf("Usage: %s [options] <ca_cert file> <certchain container>\n"
+ " <ca_cert file> - local CA Certificates to validate against\n"
+ " <certchain container> - certificate chain to verify\n"
" --help\n\n", bin);
}
@@ -97,7 +41,6 @@ int main(int argc, char *argv[])
int status = EXIT_FAILURE;
struct l_certchain *certchain;
struct l_queue *ca_certs;
- int err;
const char *error_str;
if (argc != 3) {
@@ -107,8 +50,7 @@ int main(int argc, char *argv[])
l_log_set_stderr();
- err = load_cert_chain(argv[2], &certchain);
- if (err < 0)
+ if (!l_cert_load_container_file(argv[2], NULL, &certchain, NULL, NULL))
goto done;
if (!certchain) {
--
2.27.0
next prev parent reply other threads:[~2021-04-28 17:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-28 17:30 [PATCH 1/3] cert: Try TLS format in l_cert_load_container_file Andrew Zaborowski
2021-04-28 17:30 ` Andrew Zaborowski [this message]
2021-04-28 17:30 ` [PATCH 3/3] tls: Proceed after l_certchain_verify failure if no CA certs Andrew Zaborowski
2021-04-28 18:28 ` [PATCH 1/3] cert: Try TLS format in l_cert_load_container_file Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210428173021.2036697-2-andrew.zaborowski@intel.com \
--to=andrew.zaborowski@intel.com \
--cc=ell@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).