Merge remote-tracking branch 'origin/ssl_client_cert'

Conflicts: CMakeLists.txt csync/src/CMakeLists.txt csync/src/csync_owncloud.c
author: Olivier Goffart <ogoffart@woboq.com> 2015-01-28 16:11:29 +0300
committer: Olivier Goffart <ogoffart@woboq.com> 2015-01-28 16:13:40 +0300
commit: d70e146c1fbeee8416fd7311ef2e1a0bb08afb83 (patch)
tree: cd3051de0353fae3a7f60befb82e20517a9c0ec3 /csync
parent: 3888a461f3c2f2c99b39725881ec37661ab06644 (diff)
parent: 989005d616bba9293835dbdd358c8781256d44d2 (diff)
5 files changed, 62 insertions, 2 deletions
diff --git a/csync/src/CMakeLists.txt b/csync/src/CMakeLists.txt
index 77b8e8726..91f23070f 100644
--- a/csync/src/CMakeLists.txt
+++ b/csync/src/CMakeLists.txt
@@ -68,6 +68,7 @@ if(USE_NEON)
     )
     list(APPEND CSYNC_LINK_LIBRARIES
         ${NEON_LIBRARIES}
+        ${CRYPTO_LIBRARY}
     )
     add_definitions(-DUSE_NEON)
 endif(USE_NEON)
@@ -93,6 +94,8 @@ include_directories(
   ${CSYNC_PRIVATE_INCLUDE_DIRS}
 )
 
+FIND_LIBRARY(CRYPTO_LIBRARY NAMES crypto)
+
 add_library(${CSYNC_LIBRARY} SHARED ${csync_SRCS})
 #add_library(${CSYNC_LIBRARY}_static STATIC ${csync_SRCS})
 
diff --git a/csync/src/csync.h b/csync/src/csync.h
index e16fd39e0..f8c58b4b2 100644
--- a/csync/src/csync.h
+++ b/csync/src/csync.h
@@ -46,6 +46,11 @@
 extern "C" {
 #endif
 
+struct csync_client_certs_s {
+  char *certificatePath;
+  char *certificatePasswd;
+};  
+  
 /**
   * Instruction enum. In the file traversal structure, it describes
   * the csync state of a file.
diff --git a/csync/src/csync_owncloud.c b/csync/src/csync_owncloud.c
index 14b6d8822..834cec078 100644
--- a/csync/src/csync_owncloud.c
+++ b/csync/src/csync_owncloud.c
@@ -385,6 +385,7 @@ int dav_connect(CSYNC *csyncCtx,  const char *base_url) {
     unsigned int port = 0;
     int proxystate = -1;
     csync_owncloud_ctx_t *ctx = csyncCtx->owncloud_context;
+    struct csync_client_certs_s* clientCerts = csyncCtx->clientCerts;
 
     if (ctx->_connected) {
         return 0;
@@ -448,6 +449,29 @@ int dav_connect(CSYNC *csyncCtx,  const char *base_url) {
             goto out;
         }
 
+        if(clientCerts != NULL) {
+            ne_ssl_client_cert *clicert;
+
+            DEBUG_WEBDAV("dav_connect: certificatePath and certificatePasswd are set, so we use it" );
+            DEBUG_WEBDAV("    with certificatePath: %s", clientCerts->certificatePath );
+            DEBUG_WEBDAV("    with certificatePasswd: %s", clientCerts->certificatePasswd );
+            clicert = ne_ssl_clicert_read ( clientCerts->certificatePath );
+            if ( clicert == NULL ) {
+                DEBUG_WEBDAV ( "Error read certificate : %s", ne_get_error ( ctx->dav_session.ctx ) );
+            } else {
+                if ( ne_ssl_clicert_encrypted ( clicert ) ) {
+                    int rtn = ne_ssl_clicert_decrypt ( clicert, clientCerts->certificatePasswd );
+                    if ( !rtn ) {
+                        DEBUG_WEBDAV ( "Certificate was deciphered successfully." );
+                        ne_ssl_set_clicert ( ctx->dav_session.ctx, clicert );
+                    } else {
+                        DEBUG_WEBDAV ( "Errors while deciphering certificate: %s", ne_get_error ( ctx->dav_session.ctx ) );
+                    }
+                }
+            }
+        } else {
+            DEBUG_WEBDAV("dav_connect: error with csync_client_certs_s* clientCerts");
+        }
         ne_ssl_trust_default_ca( ctx->dav_session.ctx );
         ne_ssl_set_verify( ctx->dav_session.ctx, ssl_callback_by_neon, ctx);
     }
@@ -478,6 +502,7 @@ out:
     return rc;
 }
 
+
 char *owncloud_error_string(CSYNC* ctx)
 {
     return ctx->owncloud_context->dav_session.error_string;
@@ -505,7 +530,6 @@ int owncloud_commit(CSYNC* ctx) {
   SAFE_FREE( ctx->owncloud_context->dav_session.pwd );
   SAFE_FREE( ctx->owncloud_context->dav_session.session_key);
   SAFE_FREE( ctx->owncloud_context->dav_session.error_string );
-
   return 0;
 }
 
@@ -513,6 +537,12 @@ void owncloud_destroy(CSYNC* ctx)
 {
     owncloud_commit(ctx);
     SAFE_FREE(ctx->owncloud_context);
+    
+    SAFE_FREE(ctx->clientCerts->certificatePasswd);
+    SAFE_FREE(ctx->clientCerts->certificatePath);
+    SAFE_FREE(ctx->clientCerts);
+    ctx->clientCerts = NULL;
+
     ctx->owncloud_context = 0;
     ne_sock_exit();
 }
@@ -547,12 +577,28 @@ int owncloud_set_property(CSYNC* ctx, const char *key, void *data) {
     if( c_streq(key, "redirect_callback")) {
         if (data) {
             csync_owncloud_redirect_callback_t* cb_wrapper = data;
-
             ctx->owncloud_context->dav_session.redir_callback = *cb_wrapper;
         } else {
             ctx->owncloud_context->dav_session.redir_callback = NULL;
         }
     }
+    if( c_streq(key, "SSLClientCerts")) {
+        if(ctx->clientCerts != NULL) {
+            SAFE_FREE(ctx->clientCerts->certificatePasswd);
+            SAFE_FREE(ctx->clientCerts->certificatePath);
+            SAFE_FREE(ctx->clientCerts);
+            ctx->clientCerts = NULL;
+        }
+        if (data) {
+            struct csync_client_certs_s* clientCerts = (struct csync_client_certs_s*) data;
+            struct csync_client_certs_s* newCerts = c_malloc(sizeof(struct csync_client_certs_s));
+            newCerts->certificatePath = c_strdup(clientCerts->certificatePath);
+            newCerts->certificatePasswd = c_strdup(clientCerts->certificatePasswd);
+            ctx->clientCerts = newCerts;
+        } else {
+            DEBUG_WEBDAV("error: in owncloud_set_property for 'SSLClientCerts'" );
+        }
+    }
 
     return -1;
 }
@@ -567,3 +613,4 @@ void owncloud_init(CSYNC* ctx) {
 }
 
 /* vim: set ts=4 sw=4 et cindent: */
+
diff --git a/csync/src/csync_owncloud_private.h b/csync/src/csync_owncloud_private.h
index c74ee4e0c..03cd73a8e 100644
--- a/csync/src/csync_owncloud_private.h
+++ b/csync/src/csync_owncloud_private.h
@@ -96,6 +96,7 @@ struct csync_owncloud_ctx_s {
     int _connected;                   /* flag to indicate if a connection exists, ie.
                                          the dav_session is valid */
 };
+
 typedef struct csync_owncloud_ctx_s csync_owncloud_ctx_t;
 //typedef csync_owncloud_ctx_t* csync_owncloud_ctx_p;
 
diff --git a/csync/src/csync_private.h b/csync/src/csync_private.h
index 6e9d42b8f..7a4e2a5eb 100644
--- a/csync/src/csync_private.h
+++ b/csync/src/csync_private.h
@@ -79,6 +79,7 @@ typedef struct csync_file_stat_s csync_file_stat_t;
 
 struct csync_owncloud_ctx_s; // csync_owncloud.c
 
+
 /**
  * @brief csync public structure
  */
@@ -96,6 +97,9 @@ struct csync_s {
   } callbacks;
   c_strlist_t *excludes;
 
+  // needed for SSL client certificate support
+  struct csync_client_certs_s *clientCerts;
+  
   struct {
     char *file;
     sqlite3 *db;
author	Olivier Goffart <ogoffart@woboq.com>	2015-01-28 16:11:29 +0300
committer	Olivier Goffart <ogoffart@woboq.com>	2015-01-28 16:13:40 +0300
commit	d70e146c1fbeee8416fd7311ef2e1a0bb08afb83 (patch)
tree	cd3051de0353fae3a7f60befb82e20517a9c0ec3 /csync
parent	3888a461f3c2f2c99b39725881ec37661ab06644 (diff)
parent	989005d616bba9293835dbdd358c8781256d44d2 (diff)