From d0fd2ec6d85e12a0d6ba84da8166743b2697d2cc Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Wed, 12 Aug 2015 17:38:41 +0900 Subject: [PATCH] Add trusted cert storage when search certificate Change-Id: I8eea0d409da58ed679e76f21935165fd98e121e4 Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 1 - packaging/cert-svc.spec | 3 --- srcs/cert-service-process.c | 8 +++++--- srcs/cert-service-store.c | 2 +- vcore/vcore/pkcs12.cpp | 2 +- 5 files changed, 7 insertions(+), 9 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 099fe42..2568183 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -40,7 +40,6 @@ ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${TZ_SYS_RO_WRT_ENGINE}/schema.xsd\"" ADD_DEFINITIONS("-DCERTSVC_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/\"") ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${TZ_SYS_SHARE}/cert-svc/pkcs12/\"") ADD_DEFINITIONS("-DSYSTEM_CERT_DIR=\"${TZ_SYS_ETC}/ssl/certs/\"") -ADD_DEFINITIONS("-DCERTSVC_SSL_CERTS_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/ssl/\"") CONFIGURE_FILE(cert-svc.pc.in cert-svc.pc @ONLY) CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY) diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec index ff1a80d..c3ef6ae 100644 --- a/packaging/cert-svc.spec +++ b/packaging/cert-svc.spec @@ -102,8 +102,6 @@ mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants ln -s ../cert-server.service %{buildroot}%{_unitdir}/multi-user.target.wants/ ln -s ../cert-server.socket %{buildroot}%{_unitdir}/sockets.target.wants/ -ln -sf %{TZ_SYS_ETC}/ssl/certs %{buildroot}%{TZ_SYS_SHARE}/cert-svc/certs/ssl - %clean rm -rf %{buildroot} @@ -161,7 +159,6 @@ rm %{TZ_SYS_BIN}/initialize_store_db.sh %{TZ_SYS_SHARE}/cert-svc/certs/trusteduser %{TZ_SYS_SHARE}/cert-svc/pkcs12 %{TZ_SYS_SHARE}/cert-svc/dbspace -%{TZ_SYS_SHARE}/cert-svc/certs/ssl %files devel diff --git a/srcs/cert-service-process.c b/srcs/cert-service-process.c index 50cb7f4..6c84eac 100644 --- a/srcs/cert-service-process.c +++ b/srcs/cert-service-process.c @@ -1289,7 +1289,8 @@ int _get_all_certificates(char *const *paths, cert_svc_filename_list **lst) { continue; len = strlen((const char *)(ftsent->fts_path)); - if (strcmp((ftsent->fts_path + len - strlen(".pem")), ".pem") != 0) + if (strcmp((ftsent->fts_path + len - strlen(".pem")), ".pem") != 0 + && strcmp((ftsent->fts_path + len - strlen(".der")), ".der") != 0) continue; el = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)); @@ -1329,10 +1330,11 @@ out: int get_all_certificates(cert_svc_filename_list** allCerts) { int ret; - char *buffer[2]; + char *buffer[3]; buffer[0] = ROOT_CA_CERTS_DIR; - buffer[1] = NULL; + buffer[1] = CERTSVC_DIR; + buffer[2] = NULL; if (!allCerts) { SLOGE("[ERR][%s] Invalid argument.", __func__); diff --git a/srcs/cert-service-store.c b/srcs/cert-service-store.c index 0749f25..b88ce4a 100644 --- a/srcs/cert-service-store.c +++ b/srcs/cert-service-store.c @@ -60,7 +60,7 @@ int get_file_full_path(char* originalName, const char* location, char* outBuf) memset(pathLocation, 0x00, sizeof(pathLocation)); if(location == NULL) { // use default path - strncpy(buf, CERTSVC_SSL_CERTS_DIR, sizeof(buf) - 1); + strncpy(buf, SYSTEM_CERT_DIR, sizeof(buf) - 1); } else { int locSize = strlen(location) + strlen(CERTSVC_DIR); diff --git a/vcore/vcore/pkcs12.cpp b/vcore/vcore/pkcs12.cpp index 448208c..88b01fe 100644 --- a/vcore/vcore/pkcs12.cpp +++ b/vcore/vcore/pkcs12.cpp @@ -554,7 +554,7 @@ int verify_cert_details(X509** cert, STACK_OF(X509) **certv) goto free_memory; } - res = X509_STORE_load_locations(cert_store, NULL, CERTSVC_SSL_CERTS_DIR); + res = X509_STORE_load_locations(cert_store, NULL, SYSTEM_CERT_DIR); if (res != 1) { SLOGE("P12 load certificate store failed"); result = CERTSVC_FAIL; -- 2.7.4