#ifdef CONFIG_GNUTLS
+#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
if (status < 0) {
if (status == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
usage = isCA ? GNUTLS_KEY_KEY_CERT_SIGN :
- GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT;
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT;
} else {
error_setg(errp,
"Unable to query certificate %s key usage: %s",
reason = "The certificate has been revoked";
}
-#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
reason = "The certificate uses an insecure algorithm";
}
-#endif
error_setg(errp,
"Our own certificate %s failed validation against %s: %s",
static void
-qcrypto_tls_creds_x509_prop_set_loaded(Object *obj,
- bool value,
- Error **errp)
+qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp)
{
- QCryptoTLSCredsX509 *creds = QCRYPTO_TLS_CREDS_X509(obj);
+ QCryptoTLSCredsX509 *creds = QCRYPTO_TLS_CREDS_X509(uc);
- if (value) {
- qcrypto_tls_creds_x509_load(creds, errp);
- } else {
- qcrypto_tls_creds_x509_unload(creds);
- }
+ qcrypto_tls_creds_x509_load(creds, errp);
}
}
-static void
-qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp)
+#ifdef CONFIG_GNUTLS
+
+
+static bool
+qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp)
{
- object_property_set_bool(OBJECT(uc), true, "loaded", errp);
+ QCryptoTLSCredsX509 *x509_creds = QCRYPTO_TLS_CREDS_X509(creds);
+ Error *local_err = NULL;
+ gnutls_certificate_credentials_t creds_data = x509_creds->data;
+ gnutls_dh_params_t creds_dh_params = x509_creds->parent_obj.dh_params;
+
+ x509_creds->data = NULL;
+ x509_creds->parent_obj.dh_params = NULL;
+ qcrypto_tls_creds_x509_load(x509_creds, &local_err);
+ if (local_err) {
+ qcrypto_tls_creds_x509_unload(x509_creds);
+ x509_creds->data = creds_data;
+ x509_creds->parent_obj.dh_params = creds_dh_params;
+ error_propagate(errp, local_err);
+ return false;
+ }
+
+ if (creds_data) {
+ gnutls_certificate_free_credentials(creds_data);
+ }
+ if (creds_dh_params) {
+ gnutls_dh_params_deinit(creds_dh_params);
+ }
+ return true;
}
+#else /* ! CONFIG_GNUTLS */
+
+
+static bool
+qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp)
+{
+ return false;
+}
+
+
+#endif /* ! CONFIG_GNUTLS */
+
+
static void
qcrypto_tls_creds_x509_init(Object *obj)
{
qcrypto_tls_creds_x509_class_init(ObjectClass *oc, void *data)
{
UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+ QCryptoTLSCredsClass *ctcc = QCRYPTO_TLS_CREDS_CLASS(oc);
+
+ ctcc->reload = qcrypto_tls_creds_x509_reload;
ucc->complete = qcrypto_tls_creds_x509_complete;
object_class_property_add_bool(oc, "loaded",
qcrypto_tls_creds_x509_prop_get_loaded,
- qcrypto_tls_creds_x509_prop_set_loaded,
NULL);
object_class_property_add_bool(oc, "sanity-check",
qcrypto_tls_creds_x509_prop_get_sanity,
- qcrypto_tls_creds_x509_prop_set_sanity,
- NULL);
+ qcrypto_tls_creds_x509_prop_set_sanity);
object_class_property_add_str(oc, "passwordid",
qcrypto_tls_creds_x509_prop_get_passwordid,
- qcrypto_tls_creds_x509_prop_set_passwordid,
- NULL);
+ qcrypto_tls_creds_x509_prop_set_passwordid);
}