diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-04 06:39:22 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-04 06:39:22 +0100 |
| commit | 9efac3da3cd8ff9cec23c362f851d34c9af4952b (patch) | |
| tree | 728e88f5b685fdc0cb7608b2c2c7ce3a482da81c | |
| parent | 33f049795bf36cd9f7652284ba59c71f5f1d8938 (diff) | |
| download | gnutls-9efac3da3cd8ff9cec23c362f851d34c9af4952b.tar.gz | |
load CA certificates in Android 4.x systems.
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | lib/gnutls_x509.c | 65 |
2 files changed, 60 insertions, 7 deletions
@@ -15,6 +15,8 @@ support AES with PKCS #12. ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 modules, and not only the ones loaded via p11-kit. +** libgnutls: Load CA certificates in android systems. + ** API and ABI modifications: No changes since last version. diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index f391975be9..6fd9a43109 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1590,7 +1590,7 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred, return ret; } -#ifdef _WIN32 +#if defined(_WIN32) static int set_x509_system_trust_file (gnutls_certificate_credentials_t cred) { @@ -1640,6 +1640,54 @@ unsigned int i; return ret; } +#elif defined(ANDROID) || defined(__ANDROID__) +# include <dirent.h> +static int load_dir_certs(const char* dirname, gnutls_certificate_credentials_t cred) +{ +DIR * dirp; +struct dirent *d; +int ret; +int r = 0; +char path[512]; + + dirp = opendir(dirname); + if (dirp != NULL) + { + do + { + d = readdir(dirp); + if (d != NULL && d->d_type == DT_REG) { + snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); + ret = gnutls_certificate_set_x509_trust_file (cred, path, GNUTLS_X509_FMT_PEM); + if (ret >= 0) + r += ret; + } + } + while(d != NULL); + closedir(dirp); + } + + return r; +} + +/* This works on android 4.x + */ +static int +set_x509_system_trust_file (gnutls_certificate_credentials_t cred) +{ + int r = 0, ret; + + ret = load_dir_certs("/system/etc/security/cacerts/", cred); + if (ret >= 0) + r += ret; + + ret = load_dir_certs("/data/misc/keychain/cacerts-added/", cred); + if (ret >= 0) + r += ret; + + return r; +} + #elif defined(DEFAULT_TRUST_STORE_FILE) static int set_x509_system_trust_file (gnutls_certificate_credentials_t cred) @@ -1692,6 +1740,12 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) return r; } +#else +static int +set_x509_system_trust_file (gnutls_certificate_credentials_t cred) +{ + return GNUTLS_E_UNIMPLEMENTED_FEATURE; +} #endif /** @@ -1712,11 +1766,7 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) int gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) { -#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) - int r = GNUTLS_E_UNIMPLEMENTED_FEATURE; -#else int ret, r = 0; -#endif #if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11) ret = read_cas_url (cred, DEFAULT_TRUST_STORE_PKCS11); @@ -1724,11 +1774,12 @@ gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) r += ret; #endif -#ifdef DEFAULT_TRUST_STORE_FILE ret = set_x509_system_trust_file(cred); if (ret > 0) r += ret; -#endif + + if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE && r == 0) + return ret; return r; } |