summaryrefslogtreecommitdiff
path: root/vpn
diff options
context:
space:
mode:
authorJiung Yu <jiung.yu@samsung.com>2017-06-02 15:28:33 +0900
committerJiung Yu <jiung.yu@samsung.com>2017-06-02 15:40:19 +0900
commit20b67692553b2b41bc520a6959537bb09c1cad55 (patch)
tree6176dda3d4f13941a3d3819a65214046ac4a01a7 /vpn
parent3cd173b5ecdf1c61f1f8cbdeac35f62f79c0deb9 (diff)
downloadconnman-20b67692553b2b41bc520a6959537bb09c1cad55.tar.gz
connman-20b67692553b2b41bc520a6959537bb09c1cad55.tar.bz2
connman-20b67692553b2b41bc520a6959537bb09c1cad55.zip
Handle the failure case due to the invalid cert file
Change-Id: I86d6e2324936417c3a454a35f480dadb65feb9a8 Signed-off-by: Yu jiung <jiung.yu@samsung.com>
Diffstat (limited to 'vpn')
-rw-r--r--vpn/plugins/ipsec.c89
1 files changed, 65 insertions, 24 deletions
diff --git a/vpn/plugins/ipsec.c b/vpn/plugins/ipsec.c
index 70f3433a..148a7ed2 100644
--- a/vpn/plugins/ipsec.c
+++ b/vpn/plugins/ipsec.c
@@ -248,65 +248,97 @@ static int get_cert_type(const char *path)
return cert_type;
}
-static void read_der_file(const char *path, X509 **cert)
+static int read_der_file(const char *path, X509 **cert)
{
FILE *fp = NULL;
+ int err = 0;
+
+ if(!path || !cert) {
+ /* TODO :remove this after debug */
+ DBG("there's no cert data");
+ return 0;
+ }
DBG("der path %s\n", path);
fp = fopen(path, "r");
if (!fp) {
- connman_error("fopen %s is failed\n", path);
- return;
+ connman_error("Failed to open file");
+ return -EINVAL;
}
*cert = d2i_X509_fp(fp, NULL);
+ if (!fp) {
+ connman_error("Failed to read der file");
+ err = -EINVAL;
+ }
+
fclose(fp);
- return;
+ return err;
}
-static void read_pem_file(const char *path, X509 **cert)
+static int read_pem_file(const char *path, X509 **cert)
{
FILE *fp = NULL;
+ int err = 0;
+
+ if(!path || !cert) {
+ /* TODO :remove this after debug */
+ DBG("there's no cert data");
+ return 0;
+ }
DBG("pem path %s\n", path);
fp = fopen(path, "r");
if (!fp) {
- connman_error("fopen %s is failed\n", path);
- return;
+ connman_error("Failed to open file");
+ return -EINVAL;
}
*cert = PEM_read_X509(fp, cert, NULL, NULL);
+ if (!fp) {
+ connman_error("Failed to read pem file");
+ err = -EINVAL;
+ }
+
fclose(fp);
- return;
+ return err;
}
-static void read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+static int read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
FILE *fp = NULL;
PKCS12 *p12;
+ int err = 0;
+
+ if(!path || !pass || !pkey || !cert || !ca) {
+ /* TODO :remove this after debug */
+ DBG("there's no cert data");
+ return 0;
+ }
DBG("pkcs12 path %s\n", path);
fp = fopen(path, "r");
if (!fp) {
- print_openssl_error();
- return;
+ connman_error("Failed to open file");
+ return -EINVAL;
}
p12 = d2i_PKCS12_fp(fp, NULL);
if (!p12) {
- print_openssl_error();
+ connman_error("Failed to open pkcs12");
fclose(fp);
- return;
+ return -EINVAL;
}
if (!PKCS12_parse(p12, pass, pkey, cert, ca)) {
- print_openssl_error();
- fclose(fp);
- return;
+ connman_error("Failed to parse pkcs12");
+ err = -EINVAL;
}
PKCS12_free(p12);
- return;
+ fclose(fp);
+
+ return err;
}
static char *get_private_key_str(struct openssl_private_data *data)
@@ -430,29 +462,30 @@ static char * get_nth_ca_cert_str(struct openssl_private_data *data, int num)
return get_cert_str(cert);
}
-static void extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
+static int extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
{
+ int err = 0;
if(!path || !data) {
/* TODO :remove this after debug */
DBG("there's no cert data");
- return;
+ return 0;
}
switch (get_cert_type(path)) {
case CERT_TYPE_DER:
- read_der_file(path, &(data->local_cert));
+ err = read_der_file(path, &(data->local_cert));
break;
case CERT_TYPE_PEM:
- read_pem_file(path, &(data->local_cert));
+ err = read_pem_file(path, &(data->local_cert));
break;
case CERT_TYPE_PKCS12:
- read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
+ err = read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
break;
default:
break;
}
- return;
+ return err;
}
static void free_openssl_private_data(struct openssl_private_data *data)
@@ -1142,7 +1175,15 @@ static int ipsec_connect(struct vpn_provider *provider,
path = vpn_provider_get_string(provider, "IPsec.LocalCerts");
pass = vpn_provider_get_string(provider, "IPsec.LocalCertPass");
- extract_cert_info(path, pass, &(data->openssl_data));
+ err = extract_cert_info(path, pass, &(data->openssl_data));
+ if (err < 0) {
+ connman_error("extract cert info failed");
+ if (cb)
+ cb(provider, user_data, err);
+
+ g_free(data);
+ return err;
+ }
check_vici_socket(data);
// g_usleep(G_USEC_PER_SEC);