diff options
Diffstat (limited to 'cups/tls-darwin.c')
-rw-r--r-- | cups/tls-darwin.c | 79 |
1 files changed, 41 insertions, 38 deletions
diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c index d0b65f1eb..dd19daa51 100644 --- a/cups/tls-darwin.c +++ b/cups/tls-darwin.c @@ -60,6 +60,8 @@ extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificate # include <Security/SecPolicyPriv.h> #endif /* HAVE_SECPOLICYPRIV_H */ +//extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef _Nullable publicKey, SecKeyRef privateKey); + /* * Constants, very secure stuff... @@ -77,7 +79,7 @@ static int tls_auto_create = 0; /* Auto-create self-signed certs? */ static char *tls_common_name = NULL; /* Default common name */ -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX static int tls_cups_keychain = 0; /* Opened the CUPS keychain? */ static SecKeychainRef tls_keychain = NULL; @@ -85,7 +87,7 @@ static SecKeychainRef tls_keychain = NULL; #else static SecIdentityRef tls_selfsigned = NULL; /* Temporary self-signed cert */ -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ static char *tls_keypath = NULL; /* Server cert keychain path */ static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; @@ -101,11 +103,11 @@ static int tls_options = -1,/* Options for TLS connections */ static CFArrayRef http_cdsa_copy_server(const char *common_name); static SecCertificateRef http_cdsa_create_credential(http_credential_t *credential); -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX static const char *http_cdsa_default_path(char *buffer, size_t bufsize); static SecKeychainRef http_cdsa_open_keychain(const char *path, char *filename, size_t filesize); static SecKeychainRef http_cdsa_open_system_keychain(void); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ static OSStatus http_cdsa_read(SSLConnectionRef connection, void *data, size_t *dataLength); static int http_cdsa_set_credentials(http_t *http); static OSStatus http_cdsa_write(SSLConnectionRef connection, const void *data, size_t *dataLength); @@ -125,7 +127,7 @@ cupsMakeServerCredentials( const char **alt_names, /* I - Subject Alternate Names */ time_t expiration_date) /* I - Expiration date */ { -#if defined(HAVE_SECGENERATESELFSIGNEDCERTIFICATE) +#if TARGET_OS_IOS int status = 0; /* Return status */ OSStatus err; /* Error code (if any) */ CFStringRef cfcommon_name = NULL; @@ -284,7 +286,7 @@ cleanup: return (status); -#else /* !HAVE_SECGENERATESELFSIGNEDCERTIFICATE */ +#else /* !TARGET_OS_IOS */ int pid, /* Process ID of command */ status, /* Status of command */ i; /* Looping var */ @@ -383,7 +385,7 @@ cleanup: } return (!status); -#endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE && HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_IOS */ } @@ -404,7 +406,7 @@ cupsSetServerCredentials( { DEBUG_printf(("cupsSetServerCredentials(path=\"%s\", common_name=\"%s\", auto_create=%d)", path, common_name, auto_create)); -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX char filename[1024]; /* Keychain filename */ SecKeychainRef keychain = http_cdsa_open_keychain(path, filename, sizeof(filename)); @@ -454,7 +456,7 @@ cupsSetServerCredentials( tls_common_name = _cupsStrAlloc(common_name); return (1); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ } @@ -964,12 +966,12 @@ httpLoadCredentials( const char *common_name) /* I - Common name for credentials */ { OSStatus err; /* Error info */ -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX char filename[1024]; /* Filename for keychain */ SecKeychainRef keychain = NULL,/* Keychain reference */ syschain = NULL;/* System keychain */ CFArrayRef list; /* Keychain list */ -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ SecCertificateRef cert = NULL; /* Certificate */ CFDataRef data; /* Certificate data */ SecPolicyRef policy = NULL; /* Policy ref */ @@ -985,7 +987,7 @@ httpLoadCredentials( *credentials = NULL; -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX keychain = http_cdsa_open_keychain(path, filename, sizeof(filename)); if (!keychain) @@ -996,7 +998,7 @@ httpLoadCredentials( #else if (path) return (-1); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ cfcommon_name = CFStringCreateWithCString(kCFAllocatorDefault, common_name, kCFStringEncodingUTF8); @@ -1016,7 +1018,7 @@ httpLoadCredentials( CFDictionaryAddValue(query, kSecReturnRef, kCFBooleanTrue); CFDictionaryAddValue(query, kSecMatchLimit, kSecMatchLimitOne); -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX if (syschain) { const void *values[2] = { syschain, keychain }; @@ -1027,7 +1029,7 @@ httpLoadCredentials( list = CFArrayCreate(kCFAllocatorDefault, (const void **)&keychain, 1, &kCFTypeArrayCallBacks); CFDictionaryAddValue(query, kSecMatchSearchList, list); CFRelease(list); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ err = SecItemCopyMatching(query, (CFTypeRef *)&cert); @@ -1048,13 +1050,13 @@ httpLoadCredentials( cleanup : -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX if (keychain) CFRelease(keychain); if (syschain) CFRelease(syschain); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ if (cert) CFRelease(cert); if (policy) @@ -1082,11 +1084,11 @@ httpSaveCredentials( { int ret = -1; /* Return value */ OSStatus err; /* Error info */ -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX char filename[1024]; /* Filename for keychain */ SecKeychainRef keychain = NULL;/* Keychain reference */ CFArrayRef list; /* Keychain list */ -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ SecCertificateRef cert = NULL; /* Certificate */ CFMutableDictionaryRef attrs = NULL; /* Attributes for add */ @@ -1107,7 +1109,7 @@ httpSaveCredentials( goto cleanup; } -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX keychain = http_cdsa_open_keychain(path, filename, sizeof(filename)); if (!keychain) @@ -1116,7 +1118,7 @@ httpSaveCredentials( #else if (path) return (-1); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ if ((attrs = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)) == NULL) { @@ -1127,7 +1129,7 @@ httpSaveCredentials( CFDictionaryAddValue(attrs, kSecClass, kSecClassCertificate); CFDictionaryAddValue(attrs, kSecValueRef, cert); -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX if ((list = CFArrayCreate(kCFAllocatorDefault, (const void **)&keychain, 1, &kCFTypeArrayCallBacks)) == NULL) { DEBUG_puts("1httpSaveCredentials: Unable to create list of keychains."); @@ -1135,7 +1137,7 @@ httpSaveCredentials( } CFDictionaryAddValue(attrs, kSecMatchSearchList, list); CFRelease(list); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ /* Note: SecItemAdd consumes "attrs"... */ err = SecItemAdd(attrs, NULL); @@ -1143,10 +1145,10 @@ httpSaveCredentials( cleanup : -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX if (keychain) CFRelease(keychain); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ if (cert) CFRelease(cert); @@ -1266,6 +1268,7 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ /* Pointer to library globals */ OSStatus error; /* Error code */ const char *message = NULL;/* Error message */ + char msgbuf[1024]; /* Error message buffer */ cups_array_t *credentials; /* Credentials array */ cups_array_t *names; /* CUPS distinguished names */ CFArrayRef dn_array; /* CF distinguished names array */ @@ -1284,7 +1287,7 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ DEBUG_printf(("4_httpTLSStart: tls_options=%x, tls_min_version=%d, tls_max_version=%d", tls_options, tls_min_version, tls_max_version)); } -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX if (http->mode == _HTTP_MODE_SERVER && !tls_keychain) { DEBUG_puts("4_httpTLSStart: cupsSetServerCredentials not called."); @@ -1294,7 +1297,7 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ return (-1); } -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ if ((http->tls = SSLCreateContext(kCFAllocatorDefault, http->mode == _HTTP_MODE_CLIENT ? kSSLClientSide : kSSLServerSide, kSSLStreamType)) == NULL) { @@ -1346,7 +1349,6 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ } } -# if HAVE_SSLSETENABLEDCIPHERS if (!error) { SSLCipherSuite supported[100]; /* Supported cipher suites */ @@ -1506,7 +1508,6 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled); } } -#endif /* HAVE_SSLSETENABLEDCIPHERS */ if (!error && http->mode == _HTTP_MODE_CLIENT) { @@ -1806,11 +1807,13 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ */ if (!message) -#ifdef HAVE_CSSMERRORSTRING - message = cssmErrorString(error); -#else - message = _("Unable to establish a secure connection to host."); -#endif /* HAVE_CSSMERRORSTRING */ + { + if (!cg->lang_default) + cg->lang_default = cupsLangDefault(); + + snprintf(msgbuf, sizeof(msgbuf), _cupsLangString(cg->lang_default, _("Unable to establish a secure connection to host (%d).")), error); + message = msgbuf; + } _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, message, 1); @@ -1905,7 +1908,7 @@ static CFArrayRef /* O - Array of certificates or NULL */ http_cdsa_copy_server( const char *common_name) /* I - Server's hostname */ { -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX OSStatus err; /* Error info */ SecIdentityRef identity = NULL;/* Identity */ CFArrayRef certificates = NULL; @@ -2009,7 +2012,7 @@ http_cdsa_copy_server( return (NULL); return (CFArrayCreate(NULL, (const void **)&tls_selfsigned, 1, &kCFTypeArrayCallBacks)); -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ } @@ -2028,7 +2031,7 @@ http_cdsa_create_credential( } -#ifdef HAVE_SECKEYCHAINOPEN +#if TARGET_OS_OSX /* * 'http_cdsa_default_path()' - Get the default keychain path. */ @@ -2204,7 +2207,7 @@ http_cdsa_open_system_keychain(void) return (keychain); } -#endif /* HAVE_SECKEYCHAINOPEN */ +#endif /* TARGET_OS_OSX */ /* |