mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:lib/tls: add tstream_tls_params_client_lpcfg()
This will be able simplify the callers a lot... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
3186cdce85
commit
604413b98a
@ -63,6 +63,11 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
|
|||||||
const char *peer_name,
|
const char *peer_name,
|
||||||
struct tstream_tls_params **_tlsp);
|
struct tstream_tls_params **_tlsp);
|
||||||
|
|
||||||
|
NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx,
|
||||||
|
struct loadparm_context *lp_ctx,
|
||||||
|
const char *peer_name,
|
||||||
|
struct tstream_tls_params **tlsp);
|
||||||
|
|
||||||
NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
|
NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
|
||||||
const char *dns_host_name,
|
const char *dns_host_name,
|
||||||
bool enabled,
|
bool enabled,
|
||||||
|
@ -27,6 +27,7 @@
|
|||||||
#include "../lib/tsocket/tsocket_internal.h"
|
#include "../lib/tsocket/tsocket_internal.h"
|
||||||
#include "../lib/util/util_net.h"
|
#include "../lib/util/util_net.h"
|
||||||
#include "lib/tls/tls.h"
|
#include "lib/tls/tls.h"
|
||||||
|
#include "lib/param/param.h"
|
||||||
|
|
||||||
#include <gnutls/gnutls.h>
|
#include <gnutls/gnutls.h>
|
||||||
#include <gnutls/x509.h>
|
#include <gnutls/x509.h>
|
||||||
@ -986,6 +987,52 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
|
|||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx,
|
||||||
|
struct loadparm_context *lp_ctx,
|
||||||
|
const char *peer_name,
|
||||||
|
struct tstream_tls_params **tlsp)
|
||||||
|
{
|
||||||
|
TALLOC_CTX *frame = talloc_stackframe();
|
||||||
|
const char *ptr = NULL;
|
||||||
|
char *ca_file = NULL;
|
||||||
|
char *crl_file = NULL;
|
||||||
|
const char *tls_priority = NULL;
|
||||||
|
enum tls_verify_peer_state verify_peer =
|
||||||
|
TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
|
ptr = lpcfg__tls_cafile(lp_ctx);
|
||||||
|
if (ptr != NULL) {
|
||||||
|
ca_file = lpcfg_tls_cafile(frame, lp_ctx);
|
||||||
|
if (ca_file == NULL) {
|
||||||
|
TALLOC_FREE(frame);
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ptr = lpcfg__tls_crlfile(lp_ctx);
|
||||||
|
if (ptr != NULL) {
|
||||||
|
crl_file = lpcfg_tls_crlfile(frame, lp_ctx);
|
||||||
|
if (crl_file == NULL) {
|
||||||
|
TALLOC_FREE(frame);
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tls_priority = lpcfg_tls_priority(lp_ctx);
|
||||||
|
verify_peer = lpcfg_tls_verify_peer(lp_ctx);
|
||||||
|
|
||||||
|
status = tstream_tls_params_client(mem_ctx,
|
||||||
|
ca_file,
|
||||||
|
crl_file,
|
||||||
|
tls_priority,
|
||||||
|
verify_peer,
|
||||||
|
peer_name,
|
||||||
|
tlsp);
|
||||||
|
TALLOC_FREE(frame);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
static NTSTATUS tstream_tls_prepare_gnutls(struct tstream_tls_params *_tlsp,
|
static NTSTATUS tstream_tls_prepare_gnutls(struct tstream_tls_params *_tlsp,
|
||||||
struct tstream_tls *tlss)
|
struct tstream_tls *tlss)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user