DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 18:05:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: allow ntstrustedcerts to specify directory

Browse Source 
If the specified path is a directory, load all certificates in the
directory.
This commit is contained in:
Miroslav Lichvar
2021-02-11 15:43:49 +01:00
parent 316d47e3b4
commit 26ce610155
5 changed files with 30 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nts_ke_session.c
View File

@@ -675,10 +675,18 @@ create_credentials(const char **certs, const char **keys, int n_certs_keys,
if (trusted_certs) {
for (i = 0; i < n_trusted_certs; i++) {
r = gnutls_certificate_set_x509_trust_file(credentials, trusted_certs[i],
GNUTLS_X509_FMT_PEM);
struct stat buf;
if (stat(trusted_certs[i], &buf) == 0 && S_ISDIR(buf.st_mode))
r = gnutls_certificate_set_x509_trust_dir(credentials, trusted_certs[i],
GNUTLS_X509_FMT_PEM);
else
r = gnutls_certificate_set_x509_trust_file(credentials, trusted_certs[i],
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
DEBUG_LOG("Added %d trusted certs from %s", r, trusted_certs[i]);
}
}
}