All certificate definition is now within environment

diff --git a/Makefile b/Makefile
index 74edd0ebcf54a5ae11a2cd32be73f2345f679359..986c3064c3c1ef16369011471e43755c3a74201b 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -54,7 +54,7 @@ extfeed       :       debug
                        $(DATATST)/extfeed00.tst
 
 onefeed        :       debug
-                bin/feeder                             \
+               @ bin/feeder                            \
                        -f                              \
                        -d2                             \
                        -c ./conf/feeder.conf.dvl       \

diff --git a/app/feeder.c b/app/feeder.c
index f9a45530e489b3d02028b241ffed8b211975dc5f..beee2a434a97486d7d8ca3a2d203fccb958883c1 100644 (file)
--- a/app/feeder.c
+++ b/app/feeder.c
@@ -27,12 +27,6 @@
 static  char titre[100];                //test title
 static  char testname[100];             //dest description
 
-//default and debugging certificate for client/feeder mode
-static const char *fdr_certs[3]={
-        "./certs/localhost-key.pem",
-        "./certs/localhost-chain-cert.pem",
-        "./certs/root-safe_CA.pem"      //safe root certificate
-        };
 /*
 \f
 */
@@ -131,7 +125,7 @@ while (proceed==true) {
         }
       break;
     case 3      :       //initiating TLS-Crypted in client mode
-      if (soc_starttls(socptr,false,fdr_certs)==false)  
+      if (soc_starttls(socptr,false)==false)  
         phase=999;
       break;
     case 4      :       //eveythin is fine SOC in crypted mode

diff --git a/lib/devsoc.c b/lib/devsoc.c
index 17dc3fbeb62623a8230eea0ea9f9059078c45349..e3e8f8c052032ab7052d662ac659e649ce918832 100644 (file)
--- a/lib/devsoc.c
+++ b/lib/devsoc.c
@@ -49,12 +49,6 @@ typedef struct  {
         int iteration;  //number of soc slot used on the IP
         }SOCTYP;
 
-//default and debugging certificate for server mode
-PUBLIC const char *srvr_certs[3]={
-        "./certs/mailleur_server-key.pem",
-        "./certs/mailleur_server-chain-cert_x509.pem",
-        "./certs/root-safe_CA.pem"      //safe root certificate
-        };
 /*
 \f
 */
@@ -377,7 +371,7 @@ while (proceed==true) {
           break;
         case pro_smtps          :       //set secure socket
           newsoc->modtls=true;
-          newsoc->tls=tls_opentls(newsoc->handle,true,srvr_certs);
+          newsoc->tls=tls_opentls(newsoc->handle,true);
           if (newsoc->tls==(TLSTYP *)0) {
             (void) rou_alert(0,"%s Unable to get a TLS channel",OPEP);
             newsoc->modtls=false;
@@ -1380,7 +1374,7 @@ return socptr;
 /*      crypted channel, return true is successful.     */
 /*                                                     */
 /********************************************************/
-PUBLIC _Bool soc_starttls(SOCPTR *socptr,_Bool server,const char *certs[3])
+PUBLIC _Bool soc_starttls(SOCPTR *socptr,_Bool server)
 
 {
 #define OPEP    "devsoc.c:soc_starttls,"
@@ -1405,7 +1399,7 @@ if ((soc!=(SOCTYP *)0)&&(soc->modtls==false)) {
     case false   :
       break;
     }
-  soc->tls=tls_opentls(soc->handle,server,certs);
+  soc->tls=tls_opentls(soc->handle,server);
   if (soc->tls!=(TLSTYP *)0) {
     soc->proto=pro_smtps;
     soc->modtls=true;

diff --git a/lib/devsoc.h b/lib/devsoc.h
index 14b202e22651f31a7908384c9d47e129eed115f3..2a9f0ee9b95f118979c3754009dfd744009214e1 100644 (file)
--- a/lib/devsoc.h
+++ b/lib/devsoc.h
@@ -79,7 +79,7 @@ extern char *soc_getaddrinfo(SOCPTR *socptr,_Bool local,_Bool getname);
 extern SOCPTR *soc_release(SOCPTR *socptr);
 
 //procedure to initiate crypted mode on plain channel
-extern _Bool soc_starttls(SOCPTR *socptr,_Bool server,const char *certs[3]);
+extern _Bool soc_starttls(SOCPTR *socptr,_Bool server);
 
 //return flag true if socket is in crypted mode
 extern _Bool soc_iscrypted(SOCPTR *socptr);

diff --git a/lib/lvleml.c b/lib/lvleml.c
index 95c6f5e9f0a3b5b2d9a305a1749561deaef682bf..e3bd81e584c03e375854a67d14f808e0f43cf57f 100644 (file)
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -416,7 +416,7 @@ while (proceed==true) {
       proceed=doreset(contact,line);
       break;
     case c_starttls     :       //EHLO start encrypted link in server mode
-      switch (soc_starttls(contact->socptr,true,srvr_certs)) {
+      switch (soc_starttls(contact->socptr,true)) {
         case true       :       //link now in TLS crypted mode
           (void) transmit(contact,"%d Link now encrypted (cipher=<%s>)",
                                    CMDOK,soc_get_cipher_name(contact->socptr));

diff --git a/lib/unitls.c b/lib/unitls.c
index 99415d0022cb882a9e0f3eb60a7cbd78a5cff11c..761f2f51a3fee27ef1914b0a654f38327c6b1d99 100644 (file)
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -154,10 +154,12 @@ return tls;
 /*     Procedure to set the link certificate           */
 /*                                                      */
 /********************************************************/
-static int set_certificate(TLSTYP *tls,const char *certs[3])
+static int set_certificate(TLSTYP *tls)
 
 {
 #define OPEP    "unitls.c:set_certificate"
+
+const char *certs[3];
 int done;
 int mode;
 int phase;
@@ -170,7 +172,12 @@ phase=0;
 proceed=true;
 while (proceed==true) {
   switch (phase) {
-    case 0      :       //first load certificate key
+    case 0      :       //loading certificate names
+      certs[0]=getenv("CA_KEY");
+      certs[1]=getenv("CA_CERT");
+      certs[2]=getenv("CA_ROOT");
+      break;
+    case 1      :       //first load certificate key
       if (SSL_CTX_use_PrivateKey_file(tls->ctx,certs[0],SSL_FILETYPE_PEM)!=1) {
         char msg[200];
 
@@ -180,7 +187,7 @@ while (proceed==true) {
         phase=999;
         }
       break;
-    case 1      :       //load certificate + chain file
+    case 2      :       //load certificate + chain file
       if (SSL_CTX_use_certificate_chain_file(tls->ctx,certs[1])!=1) {
         char msg[200];
 
@@ -190,7 +197,7 @@ while (proceed==true) {
         phase=999;      //no need to go furter
         }
       break;
-    case 2      :       //loading root certificate
+    case 3      :       //loading root certificate
       if (SSL_CTX_load_verify_locations(tls->ctx,certs[2],(const char *)0)!=1) {
         char msg[200];
 
@@ -200,7 +207,7 @@ while (proceed==true) {
         phase=999;      //no need to go furter
         }
       break;
-    case 3      :       //verify management
+    case 4      :       //verify management
       if (((mode&SSL_VERIFY_PEER)!=0)||(tls->server==false))
         tls->checkpeer=true;
       (void) SSL_CTX_set_verify(tls->ctx,mode,(int(*)())0);
@@ -212,10 +219,10 @@ while (proceed==true) {
         phase=999;
         }
       break;
-    case 4      :       //allowing partial write
+    case 5      :       //allowing partial write
       (void) SSL_CTX_set_mode(tls->ctx,SSL_MODE_ENABLE_PARTIAL_WRITE);
       break;
-    case 5      :       //everything fine
+    case 6      :       //everything fine
       done=true;
       break;
     default     :       //SAFE Guard
@@ -391,7 +398,7 @@ return ok;
 /*     Procedure to open an SSL channel                */
 /*                                                      */
 /********************************************************/
-PUBLIC TLSTYP *tls_opentls(int handle,_Bool server,const char *certs[3])
+PUBLIC TLSTYP *tls_opentls(int handle,_Bool server)
 
 {
 #define OPEP    "unitls.c:tls_opentls"
@@ -424,7 +431,7 @@ while (proceed==true) {
         }
       break;
     case 1      :       //set certificate
-      if (set_certificate(tls,certs)==false) 
+      if (set_certificate(tls)==false) 
         phase=999;      //trouble, trouble no need to go furter
       break;
     case 2      :       //Setting the TLS channel

diff --git a/lib/unitls.h b/lib/unitls.h
index 726626d7493bcce760d51777e1015648ebc69d36..a797e772aca3ac74f6e7e996c4020313650d9437 100644 (file)
--- a/lib/unitls.h
+++ b/lib/unitls.h
@@ -29,7 +29,7 @@ typedef struct  {
 extern _Bool tls_verify(TLSTYP *tls);
 
 //procedure to open an tls channel
-extern TLSTYP *tls_opentls(int handle,_Bool server,const char *certs[3]);
+extern TLSTYP *tls_opentls(int handle,_Bool server);
 
 //procedure to close an tls channel
 extern TLSTYP *tls_closetls(TLSTYP *tls);