[XrdCl] Populate cadir from env, if not available use default.

xrootd · Oct 16, 2019 · 89bee3b · 89bee3b
1 parent b8f3c7c
commit 89bee3b
Showing 1 changed file with 20 additions and 3 deletions.
diff --git a/src/XrdCl/XrdClTls.cc b/src/XrdCl/XrdClTls.cc
@@ -22,20 +22,37 @@
 
 #include "XrdTls/XrdTlsContext.hh"
 
-namespace XrdCl
+namespace
 {
+  static const char* GetCaDir()
+  {
+    const char *envval = getenv("X509_CERT_DIR");
+    static const std::string cadir = envval ? envval : "/etc/grid-security/certificates";;
+    return cadir.c_str();
+  }
+}
 
+namespace XrdCl
+{
+  //------------------------------------------------------------------------
+  // Constructor
+  //------------------------------------------------------------------------
   Tls::Tls( Socket *socket, AsyncSocketHandler *socketHandler ) : pSocket( socket ), pTlsHSRevert( None ), pSocketHandler( socketHandler )
   {
-    static XrdTlsContext tlsContext; // Need only one thread-safe instance
+    static XrdTlsContext tlsContext( 0, 0, GetCaDir(), 0, 0 );
+    //----------------------------------------------------------------------
+    // If the context is not valid throw an exception! We throw generic
+    // exception as this will be translated to TlsError anyway.
+    //----------------------------------------------------------------------
+    if( !tlsContext.Context() ) throw std::exception();
 
     pTls.reset(
         new XrdTlsSocket( tlsContext, pSocket->GetFD(), XrdTlsSocket::TLS_RNB_WNB,
                           XrdTlsSocket::TLS_HS_NOBLK, true ) );
   }
 
   //------------------------------------------------------------------------
-  //! Establish a TLS/SSL session and perform host verification.
+  // Establish a TLS/SSL session and perform host verification.
   //------------------------------------------------------------------------
   Status Tls::Connect( const std::string &thehost, XrdNetAddrInfo *netInfo )
   {