From 7fa3f71575d159a21930f62a2b012d5a52301305 Mon Sep 17 00:00:00 2001 From: Paul Beckingham Date: Sun, 3 Nov 2013 12:51:13 -0500 Subject: [PATCH] TLS - Connected code paths to use CA or trust. --- src/TLSClient.cpp | 6 ++++-- src/TLSClient.h | 2 +- src/commands/CmdSync.cpp | 7 ++----- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp index d28b915da..d1b75c8e6 100644 --- a/src/TLSClient.cpp +++ b/src/TLSClient.cpp @@ -156,17 +156,19 @@ void TLSClient::trust (bool value) //////////////////////////////////////////////////////////////////////////////// void TLSClient::init ( + const std::string& ca, const std::string& cert, const std::string& key) { + _ca = ca; _cert = cert; _key = key; gnutls_global_init (); gnutls_certificate_allocate_credentials (&_credentials); - if (_cert != "" && - gnutls_certificate_set_x509_trust_file (_credentials, _cert.c_str (), GNUTLS_X509_FMT_PEM) < 0) + if (_ca != "" && + gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM) < 0) throw std::string ("Missing CA file."); if (_cert != "" && diff --git a/src/TLSClient.h b/src/TLSClient.h index d7462fbee..baccec7c5 100644 --- a/src/TLSClient.h +++ b/src/TLSClient.h @@ -40,7 +40,7 @@ public: void limit (int); void debug (int); void trust (bool); - void init (const std::string&, const std::string&); + void init (const std::string&, const std::string&, const std::string&); void connect (const std::string&, const std::string&); void bye (); diff --git a/src/commands/CmdSync.cpp b/src/commands/CmdSync.cpp index c7f003cfd..4ec46bdab 100644 --- a/src/commands/CmdSync.cpp +++ b/src/commands/CmdSync.cpp @@ -344,11 +344,8 @@ bool CmdSync::send ( TLSClient client; client.debug (context.config.getInteger ("debug.tls")); - // TODO Either use 'ca' or 'trust', but not both. - if (trust && ca == "") - client.trust (trust); - - client.init (certificate, key); + client.trust (trust); + client.init (ca, certificate, key); client.connect (server, port); client.send (request.serialize () + "\n");