X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopkg-lede.git;a=blobdiff_plain;f=libopkg%2Fopkg_pathfinder.c;fp=libopkg%2Fopkg_pathfinder.c;h=0000000000000000000000000000000000000000;hp=578328ee87b63b9650c7ef5a62e94e1a4e38ac06;hb=374d9aadeef27c7213999a1d63ba094aa8aecf51;hpb=33f7b80aa32583ed41a9bb88612f8ec6a959987b diff --git a/libopkg/opkg_pathfinder.c b/libopkg/opkg_pathfinder.c deleted file mode 100644 index 578328e..0000000 --- a/libopkg/opkg_pathfinder.c +++ /dev/null @@ -1,100 +0,0 @@ -/* vi: set noexpandtab sw=4 sts=4: */ -/* opkg_pathfinder.c - the opkg package management system - - Copyright (C) 2009 Camille Moncelier - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2, or (at - your option) any later version. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. -*/ - -#include -#include -#include -#if defined(HAVE_SSLCURL) -#include -#endif - -#include "libbb/libbb.h" -#include "opkg_message.h" - -#if defined(HAVE_SSLCURL) || defined(HAVE_OPENSSL) -/* - * This callback is called instead of X509_verify_cert to perform path - * validation on a certificate using pathfinder. - * - */ -static int pathfinder_verify_callback(X509_STORE_CTX * ctx, void *arg) -{ - char *errmsg; - const char *hex = "0123456789ABCDEF"; - size_t size = i2d_X509(ctx->cert, NULL); - unsigned char *keybuf, *iend; - iend = keybuf = xmalloc(size); - i2d_X509(ctx->cert, &iend); - char *certdata_str = xmalloc(size * 2 + 1); - unsigned char *cp = keybuf; - char *certdata_str_i = certdata_str; - while (cp < iend) { - unsigned char ch = *cp++; - *certdata_str_i++ = hex[(ch >> 4) & 0xf]; - *certdata_str_i++ = hex[ch & 0xf]; - } - *certdata_str_i = 0; - free(keybuf); - - const char *policy = "2.5.29.32.0"; // anyPolicy - int validated = - pathfinder_dbus_verify(certdata_str, policy, 0, 0, &errmsg); - - if (!validated) - opkg_msg(ERROR, "Path verification failed: %s.\n", errmsg); - - free(certdata_str); - free(errmsg); - - return validated; -} -#endif - -#if defined(HAVE_OPENSSL) -int pkcs7_pathfinder_verify_signers(PKCS7 * p7) -{ - STACK_OF(X509) * signers; - int i, ret = 1; /* signers are verified by default */ - - signers = PKCS7_get0_signers(p7, NULL, 0); - - for (i = 0; i < sk_X509_num(signers); i++) { - X509_STORE_CTX ctx = { - .cert = sk_X509_value(signers, i), - }; - - if (!pathfinder_verify_callback(&ctx, NULL)) { - /* Signer isn't verified ! goto jail; */ - ret = 0; - break; - } - } - - sk_X509_free(signers); - return ret; -} -#endif - -#if defined(HAVE_SSLCURL) -CURLcode curl_ssl_ctx_function(CURL * curl, void *sslctx, void *parm) -{ - - SSL_CTX *ctx = (SSL_CTX *) sslctx; - SSL_CTX_set_cert_verify_callback(ctx, pathfinder_verify_callback, parm); - - return CURLE_OK; -} -#endif