summaryrefslogtreecommitdiff
path: root/cups/tls-darwin.c
diff options
context:
space:
mode:
Diffstat (limited to 'cups/tls-darwin.c')
-rw-r--r--cups/tls-darwin.c79
1 files changed, 41 insertions, 38 deletions
diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index d0b65f1eb..dd19daa51 100644
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -60,6 +60,8 @@ extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificate
# include <Security/SecPolicyPriv.h>
#endif /* HAVE_SECPOLICYPRIV_H */
+//extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef _Nullable publicKey, SecKeyRef privateKey);
+
/*
* Constants, very secure stuff...
@@ -77,7 +79,7 @@ static int tls_auto_create = 0;
/* Auto-create self-signed certs? */
static char *tls_common_name = NULL;
/* Default common name */
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
static int tls_cups_keychain = 0;
/* Opened the CUPS keychain? */
static SecKeychainRef tls_keychain = NULL;
@@ -85,7 +87,7 @@ static SecKeychainRef tls_keychain = NULL;
#else
static SecIdentityRef tls_selfsigned = NULL;
/* Temporary self-signed cert */
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
static char *tls_keypath = NULL;
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
@@ -101,11 +103,11 @@ static int tls_options = -1,/* Options for TLS connections */
static CFArrayRef http_cdsa_copy_server(const char *common_name);
static SecCertificateRef http_cdsa_create_credential(http_credential_t *credential);
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
static const char *http_cdsa_default_path(char *buffer, size_t bufsize);
static SecKeychainRef http_cdsa_open_keychain(const char *path, char *filename, size_t filesize);
static SecKeychainRef http_cdsa_open_system_keychain(void);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
static OSStatus http_cdsa_read(SSLConnectionRef connection, void *data, size_t *dataLength);
static int http_cdsa_set_credentials(http_t *http);
static OSStatus http_cdsa_write(SSLConnectionRef connection, const void *data, size_t *dataLength);
@@ -125,7 +127,7 @@ cupsMakeServerCredentials(
const char **alt_names, /* I - Subject Alternate Names */
time_t expiration_date) /* I - Expiration date */
{
-#if defined(HAVE_SECGENERATESELFSIGNEDCERTIFICATE)
+#if TARGET_OS_IOS
int status = 0; /* Return status */
OSStatus err; /* Error code (if any) */
CFStringRef cfcommon_name = NULL;
@@ -284,7 +286,7 @@ cleanup:
return (status);
-#else /* !HAVE_SECGENERATESELFSIGNEDCERTIFICATE */
+#else /* !TARGET_OS_IOS */
int pid, /* Process ID of command */
status, /* Status of command */
i; /* Looping var */
@@ -383,7 +385,7 @@ cleanup:
}
return (!status);
-#endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE && HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_IOS */
}
@@ -404,7 +406,7 @@ cupsSetServerCredentials(
{
DEBUG_printf(("cupsSetServerCredentials(path=\"%s\", common_name=\"%s\", auto_create=%d)", path, common_name, auto_create));
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
char filename[1024]; /* Keychain filename */
SecKeychainRef keychain = http_cdsa_open_keychain(path, filename, sizeof(filename));
@@ -454,7 +456,7 @@ cupsSetServerCredentials(
tls_common_name = _cupsStrAlloc(common_name);
return (1);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
}
@@ -964,12 +966,12 @@ httpLoadCredentials(
const char *common_name) /* I - Common name for credentials */
{
OSStatus err; /* Error info */
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
char filename[1024]; /* Filename for keychain */
SecKeychainRef keychain = NULL,/* Keychain reference */
syschain = NULL;/* System keychain */
CFArrayRef list; /* Keychain list */
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
SecCertificateRef cert = NULL; /* Certificate */
CFDataRef data; /* Certificate data */
SecPolicyRef policy = NULL; /* Policy ref */
@@ -985,7 +987,7 @@ httpLoadCredentials(
*credentials = NULL;
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
keychain = http_cdsa_open_keychain(path, filename, sizeof(filename));
if (!keychain)
@@ -996,7 +998,7 @@ httpLoadCredentials(
#else
if (path)
return (-1);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
cfcommon_name = CFStringCreateWithCString(kCFAllocatorDefault, common_name, kCFStringEncodingUTF8);
@@ -1016,7 +1018,7 @@ httpLoadCredentials(
CFDictionaryAddValue(query, kSecReturnRef, kCFBooleanTrue);
CFDictionaryAddValue(query, kSecMatchLimit, kSecMatchLimitOne);
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
if (syschain)
{
const void *values[2] = { syschain, keychain };
@@ -1027,7 +1029,7 @@ httpLoadCredentials(
list = CFArrayCreate(kCFAllocatorDefault, (const void **)&keychain, 1, &kCFTypeArrayCallBacks);
CFDictionaryAddValue(query, kSecMatchSearchList, list);
CFRelease(list);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
err = SecItemCopyMatching(query, (CFTypeRef *)&cert);
@@ -1048,13 +1050,13 @@ httpLoadCredentials(
cleanup :
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
if (keychain)
CFRelease(keychain);
if (syschain)
CFRelease(syschain);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
if (cert)
CFRelease(cert);
if (policy)
@@ -1082,11 +1084,11 @@ httpSaveCredentials(
{
int ret = -1; /* Return value */
OSStatus err; /* Error info */
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
char filename[1024]; /* Filename for keychain */
SecKeychainRef keychain = NULL;/* Keychain reference */
CFArrayRef list; /* Keychain list */
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
SecCertificateRef cert = NULL; /* Certificate */
CFMutableDictionaryRef attrs = NULL; /* Attributes for add */
@@ -1107,7 +1109,7 @@ httpSaveCredentials(
goto cleanup;
}
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
keychain = http_cdsa_open_keychain(path, filename, sizeof(filename));
if (!keychain)
@@ -1116,7 +1118,7 @@ httpSaveCredentials(
#else
if (path)
return (-1);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
if ((attrs = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)) == NULL)
{
@@ -1127,7 +1129,7 @@ httpSaveCredentials(
CFDictionaryAddValue(attrs, kSecClass, kSecClassCertificate);
CFDictionaryAddValue(attrs, kSecValueRef, cert);
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
if ((list = CFArrayCreate(kCFAllocatorDefault, (const void **)&keychain, 1, &kCFTypeArrayCallBacks)) == NULL)
{
DEBUG_puts("1httpSaveCredentials: Unable to create list of keychains.");
@@ -1135,7 +1137,7 @@ httpSaveCredentials(
}
CFDictionaryAddValue(attrs, kSecMatchSearchList, list);
CFRelease(list);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
/* Note: SecItemAdd consumes "attrs"... */
err = SecItemAdd(attrs, NULL);
@@ -1143,10 +1145,10 @@ httpSaveCredentials(
cleanup :
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
if (keychain)
CFRelease(keychain);
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
if (cert)
CFRelease(cert);
@@ -1266,6 +1268,7 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */
/* Pointer to library globals */
OSStatus error; /* Error code */
const char *message = NULL;/* Error message */
+ char msgbuf[1024]; /* Error message buffer */
cups_array_t *credentials; /* Credentials array */
cups_array_t *names; /* CUPS distinguished names */
CFArrayRef dn_array; /* CF distinguished names array */
@@ -1284,7 +1287,7 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */
DEBUG_printf(("4_httpTLSStart: tls_options=%x, tls_min_version=%d, tls_max_version=%d", tls_options, tls_min_version, tls_max_version));
}
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
if (http->mode == _HTTP_MODE_SERVER && !tls_keychain)
{
DEBUG_puts("4_httpTLSStart: cupsSetServerCredentials not called.");
@@ -1294,7 +1297,7 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */
return (-1);
}
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
if ((http->tls = SSLCreateContext(kCFAllocatorDefault, http->mode == _HTTP_MODE_CLIENT ? kSSLClientSide : kSSLServerSide, kSSLStreamType)) == NULL)
{
@@ -1346,7 +1349,6 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */
}
}
-# if HAVE_SSLSETENABLEDCIPHERS
if (!error)
{
SSLCipherSuite supported[100]; /* Supported cipher suites */
@@ -1506,7 +1508,6 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */
error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled);
}
}
-#endif /* HAVE_SSLSETENABLEDCIPHERS */
if (!error && http->mode == _HTTP_MODE_CLIENT)
{
@@ -1806,11 +1807,13 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */
*/
if (!message)
-#ifdef HAVE_CSSMERRORSTRING
- message = cssmErrorString(error);
-#else
- message = _("Unable to establish a secure connection to host.");
-#endif /* HAVE_CSSMERRORSTRING */
+ {
+ if (!cg->lang_default)
+ cg->lang_default = cupsLangDefault();
+
+ snprintf(msgbuf, sizeof(msgbuf), _cupsLangString(cg->lang_default, _("Unable to establish a secure connection to host (%d).")), error);
+ message = msgbuf;
+ }
_cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, message, 1);
@@ -1905,7 +1908,7 @@ static CFArrayRef /* O - Array of certificates or NULL */
http_cdsa_copy_server(
const char *common_name) /* I - Server's hostname */
{
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
OSStatus err; /* Error info */
SecIdentityRef identity = NULL;/* Identity */
CFArrayRef certificates = NULL;
@@ -2009,7 +2012,7 @@ http_cdsa_copy_server(
return (NULL);
return (CFArrayCreate(NULL, (const void **)&tls_selfsigned, 1, &kCFTypeArrayCallBacks));
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
}
@@ -2028,7 +2031,7 @@ http_cdsa_create_credential(
}
-#ifdef HAVE_SECKEYCHAINOPEN
+#if TARGET_OS_OSX
/*
* 'http_cdsa_default_path()' - Get the default keychain path.
*/
@@ -2204,7 +2207,7 @@ http_cdsa_open_system_keychain(void)
return (keychain);
}
-#endif /* HAVE_SECKEYCHAINOPEN */
+#endif /* TARGET_OS_OSX */
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 16:47:56 +0000