Changeset: c01fb9636ab2 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/c01fb9636ab2
Modified Files:
clients/examples/C/testsfile.c
clients/mapilib/Tests/tests.md
clients/mapilib/connect_openssl.c
clients/mapilib/msettings.c
clients/mapilib/msettings.h
Branch: monetdburl
Log Message:
Make clientkey and clientcert connect_ parameters
diffs (126 lines):
diff --git a/clients/examples/C/testsfile.c b/clients/examples/C/testsfile.c
--- a/clients/examples/C/testsfile.c
+++ b/clients/examples/C/testsfile.c
@@ -235,6 +235,10 @@ handle_expect_command(const char *locati
return expect_string(location, MP_UNKNOWN,
msettings_connect_certhash_digits, value);
if (strcmp("connect_binary", key) == 0)
return expect_long(location, MP_UNKNOWN,
msettings_connect_binary, value);
+ if (strcmp("connect_clientkey", key) == 0)
+ return expect_string(location, MP_UNKNOWN,
msettings_connect_clientkey, value);
+ if (strcmp("connect_clientcert", key) == 0)
+ return expect_string(location, MP_UNKNOWN,
msettings_connect_clientcert, value);
const mparm parm = mparm_parse(key);
if (parm == MP_UNKNOWN) {
diff --git a/clients/mapilib/Tests/tests.md b/clients/mapilib/Tests/tests.md
--- a/clients/mapilib/Tests/tests.md
+++ b/clients/mapilib/Tests/tests.md
@@ -331,15 +331,40 @@ REJECT monetdbs:///?certhash={sha99}X
```test
EXPECT clientkey=
+EXPECT clientcert=
ACCEPT monetdbs:///?clientkey=/tmp/clientkey.pem
EXPECT clientkey=/tmp/clientkey.pem
ACCEPT monetdbs:///?clientkey=C:\TEMP\clientkey.pem
EXPECT clientkey=C:\TEMP\clientkey.pem
```
-### clientcert
+```test
+EXPECT connect_clientkey=
+EXPECT connect_clientcert=
+```
+
+```test
+SET clientkey=/tmp/key.pem
+SET clientcert=/tmp/cert.pem
+EXPECT valid=true
+EXPECT connect_clientkey=/tmp/key.pem
+EXPECT connect_clientcert=/tmp/cert.pem
+```
```test
+SET clientkey=/tmp/key.pem
+EXPECT valid=true
+EXPECT connect_clientkey=/tmp/key.pem
+EXPECT connect_clientcert=/tmp/key.pem
+```
+
+```test
+SET clientcert=/tmp/cert.pem
+EXPECT valid=false
+```
+
+```test
+SET clientkey=dummy
EXPECT clientcert=
ACCEPT monetdbs:///?clientcert=/tmp/clientcert.pem
EXPECT clientcert=/tmp/clientcert.pem
diff --git a/clients/mapilib/connect_openssl.c
b/clients/mapilib/connect_openssl.c
--- a/clients/mapilib/connect_openssl.c
+++ b/clients/mapilib/connect_openssl.c
@@ -193,10 +193,8 @@ wrap_tls(Mapi mid, SOCKET sock)
size_t hostlen = strlen(host);
size_t hostportlen = hostlen + 1 + 20;
- const char *clientkey = msetting_string(settings, MP_CLIENTKEY);
- const char *clientcert = msetting_string(settings, MP_CLIENTCERT);
- if (!clientcert[0])
- clientcert = clientkey; // this logic should be virtual
parameters in the spec!
+ const char *clientkey = msettings_connect_clientkey(settings);
+ const char *clientcert = msettings_connect_clientcert(settings);
enum msetting_tls_verify verify_method =
msettings_connect_tls_verify(settings);
// Clear any earlier errrors
diff --git a/clients/mapilib/msettings.c b/clients/mapilib/msettings.c
--- a/clients/mapilib/msettings.c
+++ b/clients/mapilib/msettings.c
@@ -672,6 +672,12 @@ msettings_validate(msettings *mp, char *
return false;
}
+ // 9. If **clientcert** is set, **clientkey** must also be set.
+ if (nonempty(mp, MP_CLIENTCERT) && empty(mp, MP_CLIENTKEY)) {
+ *errmsg = allocprintf("clientcert can only be set together with
clientkey");
+ return false;
+ }
+
// compute this here so the getter function can take const msettings*
const char *sockdir = msetting_string(mp, MP_SOCKDIR);
long effective_port = msettings_connect_port(mp);
@@ -767,6 +773,22 @@ msettings_connect_tls_verify(const msett
}
const char*
+msettings_connect_clientkey(const msettings *mp)
+{
+ return msetting_string(mp, MP_CLIENTKEY);
+}
+
+const char*
+msettings_connect_clientcert(const msettings *mp)
+{
+ const char *cert = msetting_string(mp, MP_CLIENTCERT);
+ if (*cert)
+ return cert;
+ else
+ return msetting_string(mp, MP_CLIENTKEY);
+}
+
+const char*
msettings_connect_certhash_digits(const msettings *mp)
{
return mp->certhash_digits_buffer;
diff --git a/clients/mapilib/msettings.h b/clients/mapilib/msettings.h
--- a/clients/mapilib/msettings.h
+++ b/clients/mapilib/msettings.h
@@ -146,6 +146,8 @@ mapi_export long msettings_connect_port(
mapi_export const char *msettings_connect_certhash_digits(const msettings *mp);
mapi_export long msettings_connect_binary(const msettings *mp);
mapi_export enum msetting_tls_verify msettings_connect_tls_verify(const
msettings *mp);
+mapi_export const char *msettings_connect_clientkey(const msettings *mp);
+mapi_export const char *msettings_connect_clientcert(const msettings *mp);
/* automatically incremented each time the corresponding field is updated */
long msettings_user_generation(const msettings *mp);
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
