DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 16:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: allow multiple server keys and certificates

Browse Source 
Allow the ntsservercert and ntsserverkey directives to be specified
multiple times to enable the NTS-KE server to operate under multiple
names.
This commit is contained in:
Miroslav Lichvar
2021-02-11 12:26:35 +01:00
parent 80e627c86b
commit 90557cf1ba
8 changed files with 73 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
nts_ke_session.c
View File

@@ -642,10 +642,11 @@ deinit_gnutls(void)
/* ================================================== */
static NKSN_Credentials
create_credentials(const char *cert, const char *key, const char *trusted_certs)
create_credentials(const char **certs, const char **keys, int n_certs_keys,
const char *trusted_certs)
{
gnutls_certificate_credentials_t credentials = NULL;
int r;
int i, r;
init_gnutls();
@@ -653,15 +654,18 @@ create_credentials(const char *cert, const char *key, const char *trusted_certs)
if (r < 0)
goto error;
if (cert && key) {
if (certs && keys) {
assert(!trusted_certs);
r = gnutls_certificate_set_x509_key_file(credentials, cert, key,
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
for (i = 0; i < n_certs_keys; i++) {
r = gnutls_certificate_set_x509_key_file(credentials, certs[i], keys[i],
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
}
} else {
assert(!cert && !key);
if (certs || keys || n_certs_keys > 0)
assert(0);
if (!CNF_GetNoSystemCert()) {
r = gnutls_certificate_set_x509_system_trust(credentials);
@@ -692,9 +696,9 @@ error:
/* ================================================== */
NKSN_Credentials
NKSN_CreateServerCertCredentials(const char *cert, const char *key)
NKSN_CreateServerCertCredentials(const char **certs, const char **keys, int n_certs_keys)
{
return create_credentials(cert, key, NULL);
return create_credentials(certs, keys, n_certs_keys, NULL);
}
/* ================================================== */
@@ -702,7 +706,7 @@ NKSN_CreateServerCertCredentials(const char *cert, const char *key)
NKSN_Credentials
NKSN_CreateClientCertCredentials(const char *trusted_certs)
{
return create_credentials(NULL, NULL, trusted_certs);
return create_credentials(NULL, NULL, 0, trusted_certs);
}
/* ================================================== */