diff options
author | SoniEx2 <endermoneymod@gmail.com> | 2021-05-30 00:34:43 -0300 |
---|---|---|
committer | SoniEx2 <endermoneymod@gmail.com> | 2021-05-30 00:34:43 -0300 |
commit | aa921ca2a04f674d81ca61d8a305ed35745df48a (patch) | |
tree | 4879550c767622dd134555adb0b624496cd10bfe /src/common | |
parent | e2cfba040e26927b94a4e311a0a61365a81a41b1 (diff) |
Allow setting cert path for SASL EXTERNAL feature/flexible-cert
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/server.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/src/common/server.c b/src/common/server.c index 5c645eb5..7f6a003b 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -1582,23 +1582,33 @@ server_connect (server *serv, char *hostname, int port, int no_login) char *cert_file; serv->have_cert = FALSE; - /* first try network specific cert/key */ - cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem", - get_xdir (), server_get_network (serv, TRUE)); - if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) + /* try user-supplied cert (only for SASL EXTERNAL) */ + if (serv->password[0] && serv->loginmethod == LOGIN_SASLEXTERNAL && + SSL_CTX_use_certificate_file (serv->ctx, + cert_file = g_strdup_printf ("%s", serv->password), + SSL_FILETYPE_PEM) == 1) { if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) serv->have_cert = TRUE; } else + /* try network specific cert/key */ + if (SSL_CTX_use_certificate_file (serv->ctx, + cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem", + get_xdir (), server_get_network (serv, TRUE)), + SSL_FILETYPE_PEM) == 1) { - /* if that doesn't exist, try <config>/certs/client.pem */ - cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL); - if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) - { - if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) - serv->have_cert = TRUE; - } + if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) + serv->have_cert = TRUE; + } + else + /* if that doesn't exist, try <config>/certs/client.pem */ + if (SSL_CTX_use_certificate_file (serv->ctx, + cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL), + SSL_FILETYPE_PEM) == 1) + { + if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) + serv->have_cert = TRUE; } g_free (cert_file); } |