/* vi: set noexpandtab sw=4 sts=4: */
-/* opkg_download.c - the opkg package management system
+/* opkg_pathfinder.c - the opkg package management system
- Carl D. Worth
-
- Copyright (C) 2001 University of Southern California
- Copyright (C) 2008 OpenMoko Inc
+ Copyright (C) 2009 Camille Moncelier <moncelier@devlife.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
#include <openssl/ssl.h>
#include <libpathfinder.h>
-#include "includes.h"
-#include "opkg_message.h"
-
+#include <stdlib.h>
#if defined(HAVE_SSLCURL)
#include <curl/curl.h>
#endif
+#include "libbb/libbb.h"
+#include "opkg_message.h"
+
#if defined(HAVE_SSLCURL) || defined(HAVE_OPENSSL)
/*
* This callback is called instead of X509_verify_cert to perform path
const char *hex = "0123456789ABCDEF";
size_t size = i2d_X509(ctx->cert, NULL);
unsigned char *keybuf, *iend;
- iend = keybuf = malloc(size);
+ iend = keybuf = xmalloc(size);
i2d_X509(ctx->cert, &iend);
- char *certdata_str = malloc(size * 2 + 1);
+ char *certdata_str = xmalloc(size * 2 + 1);
unsigned char *cp = keybuf;
char *certdata_str_i = certdata_str;
while (cp < iend)
int validated = pathfinder_dbus_verify(certdata_str, policy, 0, 0, &errmsg);
if (!validated)
- fprintf(stderr, "curlcb_pathfinder: Path verification failed: %s", errmsg);
+ opkg_msg(ERROR, "Path verification failed: %s.\n", errmsg);
free(certdata_str);
free(errmsg);
}
#endif
-
#if defined(HAVE_OPENSSL)
int pkcs7_pathfinder_verify_signers(PKCS7* p7)
{
STACK_OF(X509) *signers;
- int i;
+ int i, ret = 1; /* signers are verified by default */
signers = PKCS7_get0_signers(p7, NULL, 0);
.cert = sk_X509_value(signers, i),
};
- if(!pathfinder_verify_callback(&ctx, NULL))
- return 0;
+ if(!pathfinder_verify_callback(&ctx, NULL)){
+ /* Signer isn't verified ! goto jail; */
+ ret = 0;
+ break;
+ }
}
- return 1;
+ sk_X509_free(signers);
+ return ret;
}
#endif