From 89bee3bfeccf17010d8d9a762f2efa3c885af515 Mon Sep 17 00:00:00 2001 From: Michal Simon Date: Tue, 8 Oct 2019 09:13:35 +0200 Subject: [PATCH] [XrdCl] Populate cadir from env, if not available use default. --- src/XrdCl/XrdClTls.cc | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/XrdCl/XrdClTls.cc b/src/XrdCl/XrdClTls.cc index b19c56fe457..797051768b8 100644 --- a/src/XrdCl/XrdClTls.cc +++ b/src/XrdCl/XrdClTls.cc @@ -22,12 +22,29 @@ #include "XrdTls/XrdTlsContext.hh" -namespace XrdCl +namespace { + static const char* GetCaDir() + { + const char *envval = getenv("X509_CERT_DIR"); + static const std::string cadir = envval ? envval : "/etc/grid-security/certificates";; + return cadir.c_str(); + } +} +namespace XrdCl +{ + //------------------------------------------------------------------------ + // Constructor + //------------------------------------------------------------------------ Tls::Tls( Socket *socket, AsyncSocketHandler *socketHandler ) : pSocket( socket ), pTlsHSRevert( None ), pSocketHandler( socketHandler ) { - static XrdTlsContext tlsContext; // Need only one thread-safe instance + static XrdTlsContext tlsContext( 0, 0, GetCaDir(), 0, 0 ); + //---------------------------------------------------------------------- + // If the context is not valid throw an exception! We throw generic + // exception as this will be translated to TlsError anyway. + //---------------------------------------------------------------------- + if( !tlsContext.Context() ) throw std::exception(); pTls.reset( new XrdTlsSocket( tlsContext, pSocket->GetFD(), XrdTlsSocket::TLS_RNB_WNB, @@ -35,7 +52,7 @@ namespace XrdCl } //------------------------------------------------------------------------ - //! Establish a TLS/SSL session and perform host verification. + // Establish a TLS/SSL session and perform host verification. //------------------------------------------------------------------------ Status Tls::Connect( const std::string &thehost, XrdNetAddrInfo *netInfo ) {