diff options
| author | Adam Williamson <awilliam@redhat.com> | 2015-01-13 20:52:20 -0800 |
|---|---|---|
| committer | Stef Walter <stefw@redhat.com> | 2015-01-14 13:36:47 +0100 |
| commit | a6df1f21e42a3b57448eb6897b976ac8883908eb (patch) | |
| tree | 78d0379a31c7370907086535c4fe1cc2159991ff /trust/extract-openssl.c | |
| parent | b65e3148a8ea2d54b17a8be617bbdcb026c49fcd (diff) | |
trust: Add pem-directory-hash extract format
This allows extraction of a directory of standard PEM files
with the OpenSSL hash symlinks; this is a format used by
some popular platforms (Debian's /etc/ssl/certs is in this
form, and OpenSUSE provides it for compatibility).
Initially by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added header, fixed compiler warnings
Diffstat (limited to 'trust/extract-openssl.c')
| -rw-r--r-- | trust/extract-openssl.c | 76 |
1 files changed, 40 insertions, 36 deletions
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c index d622d7a..3271339 100644 --- a/trust/extract-openssl.c +++ b/trust/extract-openssl.c @@ -587,6 +587,45 @@ symlink_for_subject_old_hash (p11_enumerate *ex) #endif /* OS_UNIX */ +/* + * The OpenSSL style c_rehash stuff + * + * Different versions of openssl build these hashes differently + * so output both of them. Shouldn't cause confusion, because + * multiple certificates can hash to the same link anyway, + * and this is the reason for the trailing number after the dot. + * + * The trailing number is incremented p11_save_symlink_in() if it + * conflicts with something we've already written out. + * + * On Windows no symlinks. + */ +bool +p11_openssl_symlink (p11_enumerate *ex, + p11_save_dir *dir, + const char *filename) +{ + bool ret = true; +#ifdef OS_UNIX + char *linkname; + + linkname = symlink_for_subject_hash (ex); + if (linkname) { + ret = p11_save_symlink_in (dir, linkname, ".0", filename); + free (linkname); + } + + if (ret) { + linkname = symlink_for_subject_old_hash (ex); + if (linkname) { + ret = p11_save_symlink_in (dir, linkname, ".0", filename); + free (linkname); + } + } +#endif /* OS_UNIX */ + return ret; +} + bool p11_extract_openssl_directory (p11_enumerate *ex, const char *destination) @@ -601,10 +640,6 @@ p11_extract_openssl_directory (p11_enumerate *ex, char *name; CK_RV rv; -#ifdef OS_UNIX - char *linkname; -#endif - dir = p11_save_open_directory (destination, ex->flags); if (dir == NULL) return false; @@ -637,38 +672,7 @@ p11_extract_openssl_directory (p11_enumerate *ex, if (ret) filename = p11_path_base (path); } - - /* - * The OpenSSL style c_rehash stuff - * - * Different versions of openssl build these hashes differently - * so output both of them. Shouldn't cause confusion, because - * multiple certificates can hash to the same link anyway, - * and this is the reason for the trailing number after the dot. - * - * The trailing number is incremented p11_save_symlink_in() if it - * conflicts with something we've already written out. - * - * On Windows no symlinks. - */ - -#ifdef OS_UNIX - if (ret) { - linkname = symlink_for_subject_hash (ex); - if (linkname) { - ret = p11_save_symlink_in (dir, linkname, ".0", filename); - free (linkname); - } - } - - if (ret) { - linkname = symlink_for_subject_old_hash (ex); - if (linkname) { - ret = p11_save_symlink_in (dir, linkname, ".0", filename); - free (linkname); - } - } -#endif /* OS_UNIX */ + ret = p11_openssl_symlink(ex, dir, filename); free (filename); free (path); |