From 852e10d59bb6262de04593903981dec1e7ca85dc Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Thu, 10 Nov 2011 10:07:40 +0100 Subject: Die if trust file load fails --- src/libwaitress/waitress.c | 14 +++++++++++--- src/libwaitress/waitress.h | 3 ++- src/main.c | 20 ++++++++++++++++---- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c index f6d4d03..ebf254b 100644 --- a/src/libwaitress/waitress.c +++ b/src/libwaitress/waitress.c @@ -53,17 +53,21 @@ typedef struct { size_t pos; } WaitressFetchBufCbBuffer_t; -void WaitressInit (WaitressHandle_t *waith, const char *caPath) { +WaitressReturn_t WaitressInit (WaitressHandle_t *waith, const char *caPath) { assert (waith != NULL); memset (waith, 0, sizeof (*waith)); waith->timeout = 30000; if (caPath != NULL) { gnutls_certificate_allocate_credentials (&waith->tlsCred); - gnutls_certificate_set_x509_trust_file (waith->tlsCred, caPath, - GNUTLS_X509_FMT_PEM); + if (gnutls_certificate_set_x509_trust_file (waith->tlsCred, caPath, + GNUTLS_X509_FMT_PEM) <= 0) { + return WAITRESS_RET_TLS_TRUSTFILE_ERR; + } waith->tlsInitialized = true; } + + return WAITRESS_RET_OK; } void WaitressFree (WaitressHandle_t *waith) { @@ -1162,6 +1166,10 @@ const char *WaitressErrorToStr (WaitressReturn_t wRet) { return "TLS handshake failed."; break; + case WAITRESS_RET_TLS_TRUSTFILE_ERR: + return "Loading root certificates failed."; + break; + default: return "No error message available."; break; diff --git a/src/libwaitress/waitress.h b/src/libwaitress/waitress.h index 8d4e5a4..e1cf303 100644 --- a/src/libwaitress/waitress.h +++ b/src/libwaitress/waitress.h @@ -77,6 +77,7 @@ typedef enum { WAITRESS_RET_TLS_WRITE_ERR, WAITRESS_RET_TLS_READ_ERR, WAITRESS_RET_TLS_HANDSHAKE_ERR, + WAITRESS_RET_TLS_TRUSTFILE_ERR, } WaitressReturn_t; /* reusable handle @@ -109,7 +110,7 @@ typedef struct { } request; } WaitressHandle_t; -void WaitressInit (WaitressHandle_t *, const char *); +WaitressReturn_t WaitressInit (WaitressHandle_t *, const char *); void WaitressFree (WaitressHandle_t *); bool WaitressSetProxy (WaitressHandle_t *, const char *); char *WaitressUrlEncode (const char *); diff --git a/src/main.c b/src/main.c index d4bf6fb..e14a88a 100644 --- a/src/main.c +++ b/src/main.c @@ -328,6 +328,7 @@ int main (int argc, char **argv) { static BarApp_t app; /* terminal attributes _before_ we started messing around with ~ECHO */ struct termios termOrig; + WaitressReturn_t wRet; memset (&app, 0, sizeof (app)); @@ -344,10 +345,6 @@ int main (int argc, char **argv) { BarSettingsInit (&app.settings); BarSettingsRead (&app.settings); - WaitressInit (&app.waith, app.settings.tlsCaPath); - app.waith.url.host = strdup (PIANO_RPC_HOST); - app.waith.url.tls = true; - BarUiMsg (&app.settings, MSG_NONE, "Welcome to " PACKAGE " (" VERSION ")! "); if (app.settings.keys[BAR_KS_HELP] == BAR_KS_DISABLED) { @@ -358,6 +355,20 @@ int main (int argc, char **argv) { app.settings.keys[BAR_KS_HELP]); } + if ((wRet = WaitressInit (&app.waith, app.settings.tlsCaPath)) != WAITRESS_RET_OK) { + if (wRet == WAITRESS_RET_TLS_TRUSTFILE_ERR) { + BarUiMsg (&app.settings, MSG_ERR, "Can't load root certificates. " + "Please check the tls_ca_path setting in your config file.\n"); + } else { + BarUiMsg (&app.settings, MSG_ERR, "Can't initialize HTTP library: " + "%s\n", WaitressErrorToStr (wRet)); + } + goto die; + } + + app.waith.url.host = strdup (PIANO_RPC_HOST); + app.waith.url.tls = true; + /* init fds */ FD_ZERO(&app.input.set); app.input.fds[0] = STDIN_FILENO; @@ -377,6 +388,7 @@ int main (int argc, char **argv) { BarMainLoop (&app); +die: if (app.input.fds[1] != -1) { close (app.input.fds[1]); } -- cgit v1.2.3