Changeset: c01fb9636ab2 for MonetDB URL: https://dev.monetdb.org/hg/MonetDB/rev/c01fb9636ab2 Modified Files: clients/examples/C/testsfile.c clients/mapilib/Tests/tests.md clients/mapilib/connect_openssl.c clients/mapilib/msettings.c clients/mapilib/msettings.h Branch: monetdburl Log Message:
Make clientkey and clientcert connect_ parameters diffs (126 lines): diff --git a/clients/examples/C/testsfile.c b/clients/examples/C/testsfile.c --- a/clients/examples/C/testsfile.c +++ b/clients/examples/C/testsfile.c @@ -235,6 +235,10 @@ handle_expect_command(const char *locati return expect_string(location, MP_UNKNOWN, msettings_connect_certhash_digits, value); if (strcmp("connect_binary", key) == 0) return expect_long(location, MP_UNKNOWN, msettings_connect_binary, value); + if (strcmp("connect_clientkey", key) == 0) + return expect_string(location, MP_UNKNOWN, msettings_connect_clientkey, value); + if (strcmp("connect_clientcert", key) == 0) + return expect_string(location, MP_UNKNOWN, msettings_connect_clientcert, value); const mparm parm = mparm_parse(key); if (parm == MP_UNKNOWN) { diff --git a/clients/mapilib/Tests/tests.md b/clients/mapilib/Tests/tests.md --- a/clients/mapilib/Tests/tests.md +++ b/clients/mapilib/Tests/tests.md @@ -331,15 +331,40 @@ REJECT monetdbs:///?certhash={sha99}X ```test EXPECT clientkey= +EXPECT clientcert= ACCEPT monetdbs:///?clientkey=/tmp/clientkey.pem EXPECT clientkey=/tmp/clientkey.pem ACCEPT monetdbs:///?clientkey=C:\TEMP\clientkey.pem EXPECT clientkey=C:\TEMP\clientkey.pem ``` -### clientcert +```test +EXPECT connect_clientkey= +EXPECT connect_clientcert= +``` + +```test +SET clientkey=/tmp/key.pem +SET clientcert=/tmp/cert.pem +EXPECT valid=true +EXPECT connect_clientkey=/tmp/key.pem +EXPECT connect_clientcert=/tmp/cert.pem +``` ```test +SET clientkey=/tmp/key.pem +EXPECT valid=true +EXPECT connect_clientkey=/tmp/key.pem +EXPECT connect_clientcert=/tmp/key.pem +``` + +```test +SET clientcert=/tmp/cert.pem +EXPECT valid=false +``` + +```test +SET clientkey=dummy EXPECT clientcert= ACCEPT monetdbs:///?clientcert=/tmp/clientcert.pem EXPECT clientcert=/tmp/clientcert.pem diff --git a/clients/mapilib/connect_openssl.c b/clients/mapilib/connect_openssl.c --- a/clients/mapilib/connect_openssl.c +++ b/clients/mapilib/connect_openssl.c @@ -193,10 +193,8 @@ wrap_tls(Mapi mid, SOCKET sock) size_t hostlen = strlen(host); size_t hostportlen = hostlen + 1 + 20; - const char *clientkey = msetting_string(settings, MP_CLIENTKEY); - const char *clientcert = msetting_string(settings, MP_CLIENTCERT); - if (!clientcert[0]) - clientcert = clientkey; // this logic should be virtual parameters in the spec! + const char *clientkey = msettings_connect_clientkey(settings); + const char *clientcert = msettings_connect_clientcert(settings); enum msetting_tls_verify verify_method = msettings_connect_tls_verify(settings); // Clear any earlier errrors diff --git a/clients/mapilib/msettings.c b/clients/mapilib/msettings.c --- a/clients/mapilib/msettings.c +++ b/clients/mapilib/msettings.c @@ -672,6 +672,12 @@ msettings_validate(msettings *mp, char * return false; } + // 9. If **clientcert** is set, **clientkey** must also be set. + if (nonempty(mp, MP_CLIENTCERT) && empty(mp, MP_CLIENTKEY)) { + *errmsg = allocprintf("clientcert can only be set together with clientkey"); + return false; + } + // compute this here so the getter function can take const msettings* const char *sockdir = msetting_string(mp, MP_SOCKDIR); long effective_port = msettings_connect_port(mp); @@ -767,6 +773,22 @@ msettings_connect_tls_verify(const msett } const char* +msettings_connect_clientkey(const msettings *mp) +{ + return msetting_string(mp, MP_CLIENTKEY); +} + +const char* +msettings_connect_clientcert(const msettings *mp) +{ + const char *cert = msetting_string(mp, MP_CLIENTCERT); + if (*cert) + return cert; + else + return msetting_string(mp, MP_CLIENTKEY); +} + +const char* msettings_connect_certhash_digits(const msettings *mp) { return mp->certhash_digits_buffer; diff --git a/clients/mapilib/msettings.h b/clients/mapilib/msettings.h --- a/clients/mapilib/msettings.h +++ b/clients/mapilib/msettings.h @@ -146,6 +146,8 @@ mapi_export long msettings_connect_port( mapi_export const char *msettings_connect_certhash_digits(const msettings *mp); mapi_export long msettings_connect_binary(const msettings *mp); mapi_export enum msetting_tls_verify msettings_connect_tls_verify(const msettings *mp); +mapi_export const char *msettings_connect_clientkey(const msettings *mp); +mapi_export const char *msettings_connect_clientcert(const msettings *mp); /* automatically incremented each time the corresponding field is updated */ long msettings_user_generation(const msettings *mp); _______________________________________________ checkin-list mailing list -- checkin-list@monetdb.org To unsubscribe send an email to checkin-list-le...@monetdb.org