diff options
| author | Wilmer van der Gaast <wilmer@gaast.net> | 2011-12-23 13:44:08 +0100 |
|---|---|---|
| committer | Wilmer van der Gaast <wilmer@gaast.net> | 2011-12-23 13:44:08 +0100 |
| commit | 792a93b417c24a206d8995ca8bf51482f20e997e (patch) | |
| tree | c29c4ceae134df4ad52e79ef50bc09d00e1b245d /conf.c | |
| parent | 2d93a51e15ac2d6daaac0d6ac1e2c41e33486c53 (diff) | |
| parent | 41658da57b611d17030dc7e2c3feb54f99b668ac (diff) | |
Merging SSL certificate verification for GnuTLS, with help from AopicieR.
Diffstat (limited to 'conf.c')
| -rw-r--r-- | conf.c | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -66,6 +66,7 @@ conf_t *conf_load( int argc, char *argv[] ) conf->ft_max_kbps = G_MAXUINT; conf->ft_listen = NULL; conf->protocols = NULL; + conf->cafile = NULL; proxytype = 0; i = conf_loadini( conf, global.conf_file ); @@ -176,6 +177,14 @@ conf_t *conf_load( int argc, char *argv[] ) if( config_missing ) fprintf( stderr, "Warning: Unable to read configuration file `%s'.\n", global.conf_file ); + if( conf->cafile && access( conf->cafile, R_OK ) != 0 ) + { + /* Let's treat this as a serious problem so people won't think + they're secure when in fact they're not. */ + fprintf( stderr, "Error: Could not read CA file %s: %s\n", conf->cafile, strerror( errno ) ); + return NULL; + } + return conf; } @@ -339,6 +348,11 @@ static int conf_loadini( conf_t *conf, char *file ) g_strfreev( conf->protocols ); conf->protocols = g_strsplit_set( ini->value, " \t,;", -1 ); } + else if( g_strcasecmp( ini->key, "cafile" ) == 0 ) + { + g_free( conf->cafile ); + conf->cafile = g_strdup( ini->value ); + } else { fprintf( stderr, "Error: Unknown setting `%s` in configuration file (line %d).\n", ini->key, ini->line ); |