diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index fd2b06469..ef7f95263 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -593,8 +593,7 @@ SSL_CTX *AuthSSL::getCTX() SSL_CTX *AuthSSL::getNewSslCtx() { #ifdef AUTHSSL_DEBUG - std::cerr << "AuthSSL::getNewSslCtx()"; - std::cerr << std::endl; + std::cerr << "AuthSSL::getNewSslCtx()" << std::endl; #endif // setup connection method SSL_CTX *newSslctx = SSL_CTX_new(TLSv1_method()); @@ -627,12 +626,11 @@ int AuthSSL::setConfigDirectories(std::string configfile, std::string neighd std::cerr << " neighdir: " << neighdir; std::cerr << std::endl; #endif - sslMtx.lock(); /***** LOCK *****/ + RsStackMutex stack(sslMtx); /***** LOCK *****/ mCertConfigFile = configfile; mNeighDir = neighdir; - sslMtx.unlock(); /**** UNLOCK ****/ return 1; } @@ -642,12 +640,7 @@ std::string AuthSSL::OwnId() std::cerr << "AuthSSL::OwnId()"; std::cerr << std::endl; #endif - sslMtx.lock(); /***** LOCK *****/ - - std::string id = mOwnId; - - sslMtx.unlock(); /**** UNLOCK ****/ - return id; + return mOwnId; } std::string AuthSSL::getOwnLocation() @@ -656,230 +649,8 @@ std::string AuthSSL::getOwnLocation() std::cerr << "AuthSSL::OwnId()"; std::cerr << std::endl; #endif - sslMtx.lock(); /***** LOCK *****/ - - std::string location = mOwnCert->location; - - sslMtx.unlock(); /**** UNLOCK ****/ - return location; + return mOwnCert->location; } - -//bool AuthSSL::getAllList(std::list &ids) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getAllList()"; -// std::cerr << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// /* iterate through both lists */ -// std::map::iterator it; -// -// for(it = mCerts.begin(); it != mCerts.end(); it++) -// { -// ids.push_back(it->first); -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return true; -//} - -//bool AuthSSL::getAuthenticatedList(std::list &ids) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getAuthenticatedList()"; -// std::cerr << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// /* iterate through both lists */ -// std::map::iterator it; -// -// for(it = mCerts.begin(); it != mCerts.end(); it++) -// { -// if (it->second->authed) -// { -// ids.push_back(it->first); -// } -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return true; -//} - -//bool AuthSSL::getUnknownList(std::list &ids) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getUnknownList()"; -// std::cerr << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// /* iterate through both lists */ -// std::map::iterator it; -// -// for(it = mCerts.begin(); it != mCerts.end(); it++) -// { -// if (!it->second->authed) -// { -// ids.push_back(it->first); -// } -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return true; -//} - -//bool AuthSSL::getSSLChildListOfGPGId(std::string gpg_id, std::list &ids) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getChildListOfGPGId() called for gpg id : " << gpg_id << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// /* iterate through both lists */ -// std::map::iterator it; -// -// for(it = mCerts.begin(); it != mCerts.end(); it++) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getChildListOfGPGId() it->second->authed : " << it->second->authed << "; it->second->issuer : " << it->second->issuer << std::endl; -//#endif -// if (it->second->authed && it->second->issuer == gpg_id) -// { -// ids.push_back(it->first); -// } -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return true; -//} - -//bool AuthSSL::isAuthenticated(std::string id) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::isAuthenticated() " << id; -// std::cerr << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// sslcert *cert = NULL; -// bool auth = false; -// -// if (locked_FindCert(id, &cert)) -// { -// auth = cert->authed; -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return auth; -//} - -//std::string AuthSSL::getName(std::string id) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getName() " << id; -// std::cerr << std::endl; -//#endif -// std::string name; -// -// sslMtx.lock(); /***** LOCK *****/ -// -// sslcert *cert = NULL; -// if (id == mOwnId) -// { -// name = mOwnCert->name; -// } -// else if (locked_FindCert(id, &cert)) -// { -// name = cert->name; -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return name; -//} - -//std::string AuthSSL::getIssuerName(std::string id) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getIssuerName() " << id; -// std::cerr << std::endl; -//#endif -// std::string issuer; -// -// sslMtx.lock(); /***** LOCK *****/ -// -// sslcert *cert = NULL; -// if (id == mOwnId) -// { -// issuer = mOwnCert->issuer; -// } -// else if (locked_FindCert(id, &cert)) -// { -// issuer = cert->issuer; -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getIssuerName() => " << issuer; -// std::cerr << std::endl; -//#endif -// -// return issuer; -//} - -//GPG_id AuthSSL::getGPGId(SSL_id id) { -// return getIssuerName(id); -//} - -//bool AuthSSL::getCertDetails(SSL_id id, sslcert &cert) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::getCertDetails() \"" << id << "\""; -// std::cerr << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// bool valid = false; -// sslcert *tcert = NULL; -// if (id == mOwnId) { -// cert.authed = mOwnCert->authed; -// cert.certificate = mOwnCert->certificate; -// cert.email = mOwnCert->email; -// cert.fpr = mOwnCert->fpr; -// cert.id = mOwnCert->id; -// cert.issuer = mOwnCert->issuer; -// cert.location = mOwnCert->location; -// cert.name = mOwnCert->name; -// cert.org = mOwnCert->org; -// cert.signers = mOwnCert->signers; -// valid = true; -// } else if (locked_FindCert(id, &tcert)) { -// cert.authed = tcert->authed; -// cert.certificate = tcert->certificate; -// cert.email = tcert->email; -// cert.fpr = tcert->fpr; -// cert.id = tcert->id; -// cert.issuer = tcert->issuer; -// cert.location = tcert->location; -// cert.name = tcert->name; -// cert.org = tcert->org; -// cert.signers = tcert->signers; -// valid = true; -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return valid; -//} -// /* Load/Save certificates */ //don't save the ssl certs anymore, just return the id @@ -935,110 +706,6 @@ std::string AuthSSL::SaveOwnCertificateToString() return certstr; } - - -//bool AuthSSL::LoadCertificateFromFile(std::string filename, std::string &id) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::LoadCertificateFromFile() " << id; -// std::cerr << std::endl; -//#endif -// -// std::string nullhash; -// -// X509 *x509 = loadX509FromFile(filename.c_str(), nullhash); -// if (!x509) -// return false; -// -// return ProcessX509(x509, id); -//} - -//============================================================================ - -//! Saves something to filename - -//! \returns true on success, false on failure -//bool AuthSSL::SaveCertificateToFile(std::string id, std::string filename) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::SaveCertificateToFile() " << id; -// std::cerr << std::endl; -//#endif -// -// sslMtx.lock(); /***** LOCK *****/ -// -// /* get the cert first */ -// sslcert *cert = NULL; -// bool valid = false; -// std::string hash; -// -// if (id == mOwnId) -// { -// cert = mOwnCert; -// valid = true; -// } -// else if (locked_FindCert(id, &cert)) -// { -// valid = true; -// } -// if (valid) -// { -// valid = saveX509ToFile(cert->certificate, filename, hash); -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// return valid; -//} - - /**** To/From DER format ***/ - -//bool AuthSSL::LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::LoadCertificateFromFile() " << id; -// std::cerr << std::endl; -//#endif -// -// X509 *x509 = loadX509FromDER(ptr, len); -// if (!x509) -// return false; -// -// return ValidateCertificate(x509, ssl_id); -// -//} - -//bool AuthSSL::SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::SaveCertificateToBinary() " << id; -// std::cerr << std::endl; -//#endif -// -// sslMtx.lock(); /***** LOCK *****/ -// -// /* get the cert first */ -// sslcert *cert = NULL; -// bool valid = false; -// std::string hash; -// -// if (id == mOwnId) -// { -// cert = mOwnCert; -// valid = true; -// } -// else if (locked_FindCert(id, &cert)) -// { -// valid = true; -// } -// if (valid) -// { -// valid = saveX509ToDER(cert->certificate, ptr, len); -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// return valid; -//} - /* Sign / Encrypt / Verify Data (TODO) */ bool AuthSSL::SignData(std::string input, std::string &sign) @@ -1115,9 +782,6 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len, std::cerr << "SignDataBin() Not Enough Sign SpacegnInit Failure!" << std::endl; return false; } - - - if (0 == EVP_SignInit(mdctx, EVP_sha1())) { @@ -1171,7 +835,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int signlen, sslcert* peer) { - RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/ + RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/ /* find the peer */ #ifdef AUTHSSL_DEBUG2 @@ -1241,28 +905,6 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len, return true; } - - - - - - /**** NEW functions we've added ****/ - - - /**** AUX Functions ****/ -//bool AuthSSL::locked_FindCert(std::string id, sslcert **cert) -//{ -// std::map::iterator it; -// -// if (mCerts.end() != (it = mCerts.find(id))) -// { -// *cert = it->second; -// return true; -// } -// return false; -//} - - X509 *AuthSSL::loadX509FromFile(std::string fname, std::string hash) { #ifdef AUTHSSL_DEBUG @@ -1545,148 +1187,6 @@ bool AuthSSL::saveX509ToDER(X509 *x509, uint8_t **ptr, uint32_t *len) } - - -//bool AuthSSL::ProcessX509(X509 *x509, std::string &id) -//{ -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509()"; -// std::cerr << std::endl; -//#endif -// -// /* extract id */ -// std::string xid; -// -// bool valid = ValidateCertificate(x509, xid); -// -// if (!valid) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() ValidateCertificate FAILED"; -// std::cerr << std::endl; -//#endif -// } -// -// sslcert *cert = NULL; -// bool duplicate = false; -// -// sslMtx.lock(); /***** LOCK *****/ -// -// if (xid == mOwnId) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() Cert is own id (dup)"; -// std::cerr << std::endl; -//#endif -// -// cert = mOwnCert; -// duplicate = true; -// } -// else if (locked_FindCert(xid, &cert)) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() Found Duplicate"; -// std::cerr << std::endl; -//#endif -// -// duplicate = true; -// } -// -// if (duplicate) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() Processing as dup"; -// std::cerr << std::endl; -//#endif -// -// /* have a duplicate */ -// /* check that they are exact */ -// if (0 != X509_cmp(cert->certificate, x509)) -// { -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() Not the same: MAJOR ERROR"; -// std::cerr << std::endl; -//#endif -// -// /* MAJOR ERROR */ -// X509_free(x509); -// sslMtx.unlock(); /**** UNLOCK ****/ -// return false; -// } -// -// X509_free(x509); -// -// /* we accepted it! */ -// id = xid; -// -// if (!cert->authed) -// { -// cert->authed = valid; -// -// /* resave newly authed certificate */ -// mToSaveCerts = true; -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() "; -// std::cerr << "Updating Unauthed duplicate: "; -// std::cerr << (valid ? "true" : "false"); -// std::cerr << std::endl; -//#endif -// } -// else -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() "; -// std::cerr << "Original already Valid"; -// std::cerr << std::endl; -//#endif -// } -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() Accepted Dup"; -// std::cerr << std::endl; -//#endif -// -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// return true; -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// /* if we get here -> its a new certificate */ -// cert = new sslcert(x509, xid); -// cert->authed = valid; -// -// sslMtx.lock(); /***** LOCK *****/ -// -// mCerts[xid] = cert; -// -// /* resave if new certificate */ -// mToSaveCerts = true; -// sslMtx.unlock(); /**** UNLOCK ****/ -// -//#if 0 -// /******************** notify of new Cert **************************/ -// pqiNotify *pqinotify = getPqiNotify(); -// if (pqinotify) -// { -// pqinotify->AddFeedItem(RS_FEED_ITEM_PEER_NEW, xid, "",""); -// } -// /******************** notify of new Cert **************************/ -//#endif -// -// id = xid; -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::ProcessX509() Accepted New Cert"; -// std::cerr << std::endl; -//#endif -// return true; -//} - - bool getX509id(X509 *x509, std::string &xid) { #ifdef AUTHSSL_DEBUG std::cerr << "AuthSSL::getX509id()"; @@ -1947,7 +1447,7 @@ bool AuthSSL::AuthX509(X509 *x509) fprintf(stderr, "AuthSSL::AuthX509() called\n"); #endif - RsStackMutex stack(sslMtx); /******* LOCKED ******/ + //RsStackMutex stack(sslMtx); /******* LOCKED ******/ /* extract CN for peer Id */ std::string issuer = getX509CNString(x509->cert_info->issuer); @@ -2590,521 +2090,3 @@ int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, out << "\t + ERR Error: " << ERR_error_string(err2, NULL) << std::endl; return 1; } - - -/***************************** OLD STORAGE of CERTS ************************* - * We will retain the existing CERT storage format for the moment.... - * This will enable the existing certs to be loaded in. - * - * BUT Save will change the format - removing the options from - * the configuration file. This will mean that we can catch NEW/OLD formats. - * - * We only want to load old format ONCE. as we'll use it to get - * the list of existing friends... - * - * - * - */ - -//bool AuthSSL::FinalSaveCertificates() -//{ -// CheckSaveCertificates(); -// -// RsStackMutex stack(sslMtx); /***** LOCK *****/ -// mConfigSaveActive = false; -// return true; -//} - -//bool AuthSSL::CheckSaveCertificates() -//{ -// sslMtx.lock(); /***** LOCK *****/ -// -// if ((mConfigSaveActive) && (mToSaveCerts)) -// { -// mToSaveCerts = false; -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// saveCertificates(); -// return true; -// } -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return false; -//} - -//bool AuthSSL::saveCertificates() -//{ -// // construct file name. -// // create the file in memory - hash + sign. -// // write out data to a file. -// -// sslMtx.lock(); /***** LOCK *****/ -// -// std::string configfile = mCertConfigFile; -// std::string neighdir = mNeighDir; -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// /* add on the slash */ -// if (neighdir != "") -// { -// neighdir += "/"; -// } -// -// std::map::iterator mit; -// -// std::string conftxt; -// std::string empty(""); -// unsigned int i; -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "AuthSSL::saveCertificates()"; -// std::cerr << std::endl; -//#endif -// sslMtx.lock(); /***** LOCK *****/ -// -// /* iterate through both lists */ -// std::map::iterator it; -// -// for(it = mCerts.begin(); it != mCerts.end(); it++) -// { -//// SAVE ALL CERTS -//#if PQI_USE_PQISSL -//#endif -//// Save only Authed Certs; -// if (it->second->authed) -// { -// X509 *x509 = it->second->certificate; -// std::string hash; -//#if PQI_SSLONLY -// std::string neighfile = neighdir + getCertName(x509) + ".pqi"; -//#else -// std::string neighfile = neighdir + (it->first) + ".pqi"; -//#endif -// -// if (saveX509ToFile(x509, neighfile, hash)) -// { -// conftxt += "CERT "; -//#if PQI_SSLONLY -// conftxt += getCertName(x509); -//#else -// conftxt += (it->first); -//#endif -// conftxt += "\n"; -// conftxt += hash; -// conftxt += "\n"; -// } -// } -// } -// -// -// // now work out signature of it all. This relies on the -// // EVP library of openSSL..... We are going to use signing -// // for the moment. -// -// unsigned int signlen = EVP_PKEY_size(pkey); -// unsigned char signature[signlen]; -// -// //OpenSSL_add_all_digests(); -// -// EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); -// -// if (0 == EVP_SignInit_ex(mdctx, EVP_sha1(), NULL)) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "EVP_SignInit Failure!" << std::endl; -//#endif -// } -// -// if (0 == EVP_SignUpdate(mdctx, conftxt.c_str(), conftxt.length())) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "EVP_SignUpdate Failure!" << std::endl; -//#endif -// } -// -// -// if (0 == EVP_SignFinal(mdctx, signature, &signlen, pkey)) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "EVP_SignFinal Failure!" << std::endl; -//#endif -// } -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Conf Signature is(" << signlen << "): "; -//#endif -// for(i = 0; i < signlen; i++) -// { -//#ifdef AUTHSSL_DEBUG -// fprintf(stderr, "%02x", signature[i]); -//#endif -// conftxt += signature[i]; -// } -//#ifdef AUTHSSL_DEBUG -// std::cerr << std::endl; -//#endif -// EVP_MD_CTX_destroy(mdctx); -// -// FILE *cfd = fopen(configfile.c_str(), "wb"); -// if (cfd == NULL) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Failed to open: " << configfile << std::endl; -//#endif -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return false; -// } -// -// int wrec; -// if (1 != (wrec = fwrite(conftxt.c_str(), conftxt.length(), 1, cfd))) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Error writing: " << configfile << std::endl; -// std::cerr << "Wrote: " << wrec << "/" << 1 << " Records" << std::endl; -//#endif -// } -// -// fclose(cfd); -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// return true; -//} - - -/****** - * Special version for backwards compatibility - * - * has two extra parameters. - * bool oldFormat & std::map keyvaluemap - * - * We'll leave these in for the next couple of months... - * so that old versions will automatically be converted to the - * new format! - * - */ - -//bool AuthSSL::loadCertificates() -//{ -// bool oldFormat; -// std::map keyValueMap; -// -// return loadCertificates(oldFormat, keyValueMap); -//} - -/********************* - * NOTE no need to Lock here. locking handled in ProcessX509() - */ -static const uint32_t OPT_LEN = 16; -static const uint32_t VAL_LEN = 1000; - -//bool AuthSSL::loadCertificates(bool &oldFormat, std::map &keyValueMap) -//{ -// -// /******************************************* -// * open the configuration file. -// * read in CERT + Hash. -// * -// * construct file name. -// * create the file in memory - hash + sign. -// * write out data to a file. -// *****************************************/ -// -// sslMtx.lock(); /***** LOCK *****/ -// -// std::string configfile = mCertConfigFile; -// std::string neighdir = mNeighDir; -// -// sslMtx.unlock(); /**** UNLOCK ****/ -// -// /* add on the slash */ -// if (neighdir != "") -// { -// neighdir += "/"; -// } -// -// oldFormat = false; -// -// std::string conftxt; -// -// unsigned int maxnamesize = 1024; -// char name[maxnamesize]; -// -// int c; -// unsigned int i; -// -// FILE *cfd = fopen(configfile.c_str(), "rb"); -// if (cfd == NULL) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Unable to Load Configuration File!" << std::endl; -// std::cerr << "File: " << configfile << std::endl; -//#endif -// return false; -// } -// -// std::list fnames; -// std::list hashes; -// std::map::iterator mit; -// std::map tmpsettings; -// -// unsigned int signlen = EVP_PKEY_size(pkey); -// unsigned char conf_signature[signlen]; -// char *ret = NULL; -// -// for(ret = fgets(name, maxnamesize, cfd); -// ((ret != NULL) && (!strncmp(name, "CERT ", 5))); -// ret = fgets(name, maxnamesize, cfd)) -// { -// for(i = 5; (name[i] != '\n') && (i < (unsigned) maxnamesize); i++); -// -// if (name[i] == '\n') -// { -// name[i] = '\0'; -// } -// -// // so the name is first.... -// std::string fname = &(name[5]); -// -// // now read the -// std::string hash; -// std::string signature; -// -// for(i = 0; i < signlen; i++) -// { -// if (EOF == (c = fgetc(cfd))) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Error Reading Signature of: "; -// std::cerr << fname; -// std::cerr << std::endl; -// std::cerr << "ABorting Load!"; -// std::cerr << std::endl; -//#endif -// return -1; -// } -// unsigned char uc = (unsigned char) c; -// signature += (unsigned char) uc; -// } -// if ('\n' != (c = fgetc(cfd))) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Warning Mising seperator" << std::endl; -//#endif -// } -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Read fname:" << fname << std::endl; -// std::cerr << "Signature:" << std::endl; -// for(i = 0; i < signlen; i++) -// { -// fprintf(stderr, "%02x", (unsigned char) signature[i]); -// } -// std::cerr << std::endl; -// std::cerr << std::endl; -//#endif -// -// // push back..... -// fnames.push_back(fname); -// hashes.push_back(signature); -// -// conftxt += "CERT "; -// conftxt += fname; -// conftxt += "\n"; -// conftxt += signature; -// conftxt += "\n"; -// -// // be sure to write over a bit... -// name[0] = 'N'; -// name[1] = 'O'; -// } -// -// // string already waiting! -// for(; ((ret != NULL) && (!strncmp(name, "OPT ", 4))); -// ret = fgets(name, maxnamesize, cfd)) -// { -// for(i = 4; (name[i] != '\n') && (i < OPT_LEN); i++); -// // terminate the string. -// name[i] = '\0'; -// -// // so the name is first.... -// std::string opt = &(name[4]); -// -// // now read the -// std::string val; // cleaned up value. -// std::string valsign; // value in the file. -// for(i = 0; i < VAL_LEN; i++) -// { -// if (EOF == (c = fgetc(cfd))) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Error Reading Value of: "; -// std::cerr << opt; -// std::cerr << std::endl; -// std::cerr << "ABorting Load!"; -// std::cerr << std::endl; -//#endif -// return -1; -// } -// // remove zeros on strings... -// if (c != '\0') -// { -// val += (unsigned char) c; -// } -// valsign += (unsigned char) c; -// } -// if ('\n' != (c = fgetc(cfd))) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Warning Mising seperator" << std::endl; -//#endif -// } -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Read OPT:" << opt; -// std::cerr << " Val:" << val << std::endl; -//#endif -// -// // push back..... -// tmpsettings[opt] = val; -// -// conftxt += "OPT "; -// conftxt += opt; -// conftxt += "\n"; -// conftxt += valsign; -// conftxt += "\n"; -// -// // be sure to write over a bit... -// name[0] = 'N'; -// name[1] = 'O'; -// } -// -// // only read up to the first newline symbol.... -// // continue... -// for(i = 0; (name[i] != '\n') && (i < signlen); i++); -// -// if (i != signlen) -// { -// for(i++; i < signlen; i++) -// { -// c = fgetc(cfd); -// if (c == EOF) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Error Reading Conf Signature:"; -// std::cerr << std::endl; -//#endif -// return 1; -// } -// unsigned char uc = (unsigned char) c; -// name[i] = uc; -// } -// } -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Configuration File Signature: " << std::endl; -// for(i = 0; i < signlen; i++) -// { -// fprintf(stderr, "%02x", (unsigned char) name[i]); -// } -// std::cerr << std::endl; -//#endif -// -// -// // when we get here - should have the final signature in the buffer. -// // check. -// // -// // compare signatures. -// // instead of verifying with the public key.... -// // we'll sign it again - and compare .... FIX LATER... -// -// EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); -// -// if (0 == EVP_SignInit(mdctx, EVP_sha1())) -// { -//#ifdef AUTHSSL_DEBUG -//#endif -// std::cerr << "EVP_SignInit Failure!" << std::endl; -// } -// -// if (0 == EVP_SignUpdate(mdctx, conftxt.c_str(), conftxt.length())) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "EVP_SignUpdate Failure!" << std::endl; -//#endif -// } -// -// if (0 == EVP_SignFinal(mdctx, conf_signature, &signlen, pkey)) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "EVP_SignFinal Failure!" << std::endl; -//#endif -// } -// -// EVP_MD_CTX_destroy(mdctx); -// fclose(cfd); -// -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Recalced File Signature: " << std::endl; -// for(i = 0; i < signlen; i++) -// { -// fprintf(stderr, "%02x", conf_signature[i]); -// } -// std::cerr << std::endl; -//#endif -// -// bool same = true; -// for(i = 0; i < signlen; i++) -// { -// if ((unsigned char) name[i] != conf_signature[i]) -// { -// same = false; -// } -// } -// -// if (same == false) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "ERROR VALIDATING CONFIGURATION!" << std::endl; -// std::cerr << "PLEASE FIX!" << std::endl; -//#endif -// return false; -// } -// -// std::list::iterator it; -// std::list::iterator it2; -// for(it = fnames.begin(), it2 = hashes.begin(); it != fnames.end(); it++, it2++) -// { -// std::string neighfile = neighdir + (*it) + ".pqi"; -// X509 *x509 = loadX509FromFile(neighfile, (*it2)); -// if (x509 != NULL) -// { -// std::string id; -// if (ProcessX509(x509, id)) -// { -//#ifdef AUTHSSL_DEBUG -// std::cerr << "Loaded Certificate: " << id; -// std::cerr << std::endl; -//#endif -// } -// } -// } -// for(mit = tmpsettings.begin(); mit != tmpsettings.end(); mit++) -// { -// keyValueMap[mit -> first] = mit -> second; -// } -// -// mToSaveCerts = false; -// -// if (keyValueMap.size() > 0) -// { -// oldFormat = true; -// mToSaveCerts = true; -// } -// -// return true; -//} -//