Merge "Handle the failure case due to the invalid cert file" into tizen

diff --combined vpn/plugins/ipsec.c
index b33432e,148a7ed..6862fbc
--- 1/vpn/plugins/ipsec.c
--- 2/vpn/plugins/ipsec.c
+++ b/vpn/plugins/ipsec.c
@@@ -248,65 -248,97 +248,97 @@@ static int get_cert_type(const char *pa
        return cert_type;
  }
  
- static void read_der_file(const char *path, X509 **cert)
+ static int read_der_file(const char *path, X509 **cert)
  {
        FILE *fp = NULL;
+       int err = 0;
+ 
+       if(!path || !cert) {
+               /* TODO :remove this after debug */
+               DBG("there's no cert data");
+               return 0;
+       }
  
        DBG("der path %s\n", path);
        fp = fopen(path, "r");
        if (!fp) {
-               connman_error("fopen %s is failed\n", path);
-               return;
+               connman_error("Failed to open file");
+               return -EINVAL;
        }
  
        *cert = d2i_X509_fp(fp, NULL);
+       if (!fp) {
+               connman_error("Failed to read der file");
+               err = -EINVAL;
+       }
+ 
        fclose(fp);
-       return;
+       return err;
  }
  
- static void read_pem_file(const char *path, X509 **cert)
+ static int read_pem_file(const char *path, X509 **cert)
  {
        FILE *fp = NULL;
+       int err = 0;
+ 
+       if(!path || !cert) {
+               /* TODO :remove this after debug */
+               DBG("there's no cert data");
+               return 0;
+       }
  
        DBG("pem path %s\n", path);
        fp = fopen(path, "r");
        if (!fp) {
-               connman_error("fopen %s is failed\n", path);
-               return;
+               connman_error("Failed to open file");
+               return -EINVAL;
        }
  
        *cert = PEM_read_X509(fp, cert, NULL, NULL);
+       if (!fp) {
+               connman_error("Failed to read pem file");
+               err = -EINVAL;
+       }
+ 
        fclose(fp);
-       return;
+       return err;
  }
  
- static void read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+ static int read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
  {
        FILE *fp = NULL;
        PKCS12 *p12;
+       int err = 0;
+ 
+       if(!path || !pass || !pkey || !cert || !ca) {
+               /* TODO :remove this after debug */
+               DBG("there's no cert data");
+               return 0;
+       }
  
        DBG("pkcs12 path %s\n", path);
        fp = fopen(path, "r");
        if (!fp) {
-               print_openssl_error();
-               return;
+               connman_error("Failed to open file");
+               return -EINVAL;
        }
  
        p12 = d2i_PKCS12_fp(fp, NULL);
        if (!p12) {
-               print_openssl_error();
+               connman_error("Failed to open pkcs12");
                fclose(fp);
-               return;
+               return -EINVAL;
        }
  
        if (!PKCS12_parse(p12, pass, pkey, cert, ca)) {
-               print_openssl_error();
-               fclose(fp);
-               return;
+               connman_error("Failed to parse pkcs12");
+               err = -EINVAL;
        }
  
        PKCS12_free(p12);
-       return;
+       fclose(fp);
+ 
+       return err;
  }
  
  static char *get_private_key_str(struct openssl_private_data *data)
@@@ -430,29 -462,30 +462,30 @@@ static char * get_nth_ca_cert_str(struc
        return get_cert_str(cert);
  }
  
- static void extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
+ static int extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
  {
+       int err = 0;
        if(!path || !data) {
                /* TODO :remove this after debug */
                DBG("there's no cert data");
-               return;
+               return 0;
        }
  
        switch (get_cert_type(path)) {
        case CERT_TYPE_DER:
-               read_der_file(path, &(data->local_cert));
+               err = read_der_file(path, &(data->local_cert));
                break;
        case CERT_TYPE_PEM:
-               read_pem_file(path, &(data->local_cert));
+               err = read_pem_file(path, &(data->local_cert));
                break;
        case CERT_TYPE_PKCS12:
-               read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
+               err = read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
                break;
        default:
                break;
        }
  
-       return;
+       return err;
  }
  
  static void free_openssl_private_data(struct openssl_private_data *data)
@@@ -1112,13 -1145,6 +1145,13 @@@ static void check_vici_socket(struct ip
        }
  }
  
 +static void ipsec_died(struct connman_task *task, int exit_code, void *user_data)
 +{
 +       DBG("task %p exit_code %d", task, exit_code);
 +       unlink(VICI_DEFAULT_URI);
 +       vpn_died(task, exit_code, user_data);
 +}
 +
  static int ipsec_connect(struct vpn_provider *provider,
                        struct connman_task *task, const char *if_name,
                        vpn_provider_connect_cb_t cb, const char *dbus_sender,
@@@ -1137,7 -1163,7 +1170,7 @@@
        /*
         * Start charon daemon using ipsec script of strongSwan.
         */
 -      err = connman_task_run(task, vpn_died, provider, NULL, NULL, NULL);
 +      err = connman_task_run(task, ipsec_died, provider, NULL, NULL, NULL);
        if (err < 0) {
                connman_error("charon start failed");
                if (cb)
@@@ -1149,7 -1175,15 +1182,15 @@@
  
        path = vpn_provider_get_string(provider, "IPsec.LocalCerts");
        pass = vpn_provider_get_string(provider, "IPsec.LocalCertPass");
-       extract_cert_info(path, pass, &(data->openssl_data));
+       err = extract_cert_info(path, pass, &(data->openssl_data));
+       if (err < 0) {
+               connman_error("extract cert info failed");
+               if (cb)
+                       cb(provider, user_data, err);
+ 
+               g_free(data);
+               return err;
+       }
  
        check_vici_socket(data);
  //    g_usleep(G_USEC_PER_SEC);