client: Make SSL options configurable.

diff --git a/src/client/sock.c b/src/client/sock.c
index 330d656fb66d2f2c566ce8a36812c6ea83dca4e4..b67910efa4b5eb843504b825587e52a14367f465 100644 (file)
--- a/src/client/sock.c
+++ b/src/client/sock.c
@@ -64,6 +64,7 @@ struct sdb_client {
        bool  eof;
 
        /* optional SSL settings */
+       sdb_ssl_options_t ssl_opts;
        sdb_ssl_client_t *ssl;
        sdb_ssl_session_t *ssl_session;
 
@@ -171,8 +172,7 @@ connect_tcp(sdb_client_t *client, const char *address)
        if (client->fd < 0)
                return -1;
 
-       /* TODO: make options configurable */
-       client->ssl = sdb_ssl_client_create(NULL);
+       client->ssl = sdb_ssl_client_create(&client->ssl_opts);
        if (! client->ssl) {
                sdb_client_close(client);
                return -1;
@@ -188,6 +188,20 @@ connect_tcp(sdb_client_t *client, const char *address)
        return client->fd;
 } /* connect_tcp */
 
+static void
+free_ssl_options(sdb_ssl_options_t *opts)
+{
+       if (opts->ca_file)
+               free(opts->ca_file);
+       if (opts->key_file)
+               free(opts->key_file);
+       if (opts->cert_file)
+               free(opts->cert_file);
+       if (opts->crl_file)
+               free(opts->crl_file);
+       opts->ca_file = opts->key_file = opts->cert_file = opts->crl_file = NULL;
+} /* free_ssl_options */
+
 /*
  * public API
  */
@@ -235,9 +249,47 @@ sdb_client_destroy(sdb_client_t *client)
                free(client->address);
        client->address = NULL;
 
+       free_ssl_options(&client->ssl_opts);
+
        free(client);
 } /* sdb_client_destroy */
 
+int
+sdb_client_set_ssl_options(sdb_client_t *client, const sdb_ssl_options_t *opts)
+{
+       int ret = 0;
+
+       if ((! client) || (! opts))
+               return -1;
+
+       free_ssl_options(&client->ssl_opts);
+
+       if (opts->ca_file) {
+               client->ssl_opts.ca_file = strdup(opts->ca_file);
+               if (! client->ssl_opts.ca_file)
+                       ret = -1;
+       }
+       if (opts->key_file) {
+               client->ssl_opts.key_file = strdup(opts->key_file);
+               if (! client->ssl_opts.key_file)
+                       ret = -1;
+       }
+       if (opts->cert_file) {
+               client->ssl_opts.cert_file = strdup(opts->cert_file);
+               if (! client->ssl_opts.cert_file)
+                       ret = -1;
+       }
+       if (opts->crl_file) {
+               client->ssl_opts.crl_file = strdup(opts->crl_file);
+               if (! client->ssl_opts.crl_file)
+                       ret = -1;
+       }
+
+       if (ret)
+               free_ssl_options(&client->ssl_opts);
+       return ret;
+} /* sdb_client_set_ssl_options */
+
 int
 sdb_client_connect(sdb_client_t *client, const char *username)
 {

diff --git a/src/include/client/sock.h b/src/include/client/sock.h
index 9a7947b88f6d5513f51734683f19c134c420699f..615227d7408effab59f3b3806b905b01186a35e1 100644 (file)
--- a/src/include/client/sock.h
+++ b/src/include/client/sock.h
@@ -31,6 +31,7 @@
 #include "core/object.h"
 #include "core/data.h"
 #include "frontend/proto.h"
+#include "utils/ssl.h"
 #include "utils/strbuf.h"
 
 #include <sys/socket.h>
@@ -59,11 +60,22 @@ sdb_client_create(const char *address);
 
 /*
  * sdb_client_destroy:
- * Destroyes the client connection and deallocates the client object.
+ * Destroys the client connection and deallocates the client object.
  */
 void
 sdb_client_destroy(sdb_client_t *client);
 
+/*
+ * sdb_client_set_ssl_options:
+ * Use the specified options for any SSL connections.
+ *
+ * Returns:
+ *  - 0 on success
+ *  - a negative value else
+ */
+int
+sdb_client_set_ssl_options(sdb_client_t *client, const sdb_ssl_options_t *opts);
+
 /*
  * sdb_client_connect:
  * Connect to the client's address using the specified username.