Skip to content

Commit e674bbd

Browse files
jy-vivoxjy-vivox
authored
Merge pull request #38 from Unity-Technologies/jyuill/support-blob
Add blob support to the unitytls backend
2 parents 3007a73 + ccd2590 commit e674bbd

1 file changed

Lines changed: 46 additions & 5 deletions

File tree

lib/vtls/unitytls.c

Lines changed: 46 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,12 @@ static bool unitytls_append_pem_file(const char* filepath, unitytls_x509list* li
109109
return true;
110110
}
111111

112+
static bool unitytls_append_pem_blob(const struct curl_blob* blob, unitytls_x509list* list, unitytls_errorstate* err)
113+
{
114+
size_t parsed = unitytls->unitytls_x509list_append_pem(list, (const char*)blob->data, blob->len, err);
115+
return parsed != 0 && err->code == UNITYTLS_SUCCESS;
116+
}
117+
112118
static unitytls_key* unitytls_key_parse_pem_from_file(const char* filepath, const char* password, unitytls_errorstate* err)
113119
{
114120
long fsize;
@@ -117,12 +123,21 @@ static unitytls_key* unitytls_key_parse_pem_from_file(const char* filepath, cons
117123
if (!filecontent)
118124
return NULL;
119125

120-
unitytls->unitytls_key_parse_pem(filecontent, fsize, password, strlen(password), err);
126+
key = unitytls->unitytls_key_parse_pem(filecontent, fsize,
127+
password, password ? strlen(password) : 0,
128+
err);
121129

122130
free(filecontent);
123131
return key;
124132
}
125133

134+
static unitytls_key* unitytls_key_parse_pem_from_blob(const struct curl_blob* blob, const char* password, unitytls_errorstate* err)
135+
{
136+
return unitytls->unitytls_key_parse_pem((const char*)blob->data, blob->len,
137+
password, password ? strlen(password) : 0,
138+
err);
139+
}
140+
126141
static bool unitytls_parse_all_pem_in_dir(struct Curl_easy* data, const char* path, unitytls_x509list* list, unitytls_errorstate* err)
127142
{
128143
bool success = false;
@@ -387,6 +402,8 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
387402
const bool verifypeer = conn_config->verifypeer;
388403
const char* const ssl_capath = conn_config->CApath;
389404
char* const ssl_cert = ssl_config->primary.clientcert;
405+
const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob;
406+
const struct curl_blob *ssl_key_blob = ssl_config->key_blob;
390407
const char* const hostname = connssl->peer.hostname;
391408

392409
unitytls_errorstate err = unitytls->unitytls_errorstate_create();
@@ -406,7 +423,7 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
406423
}
407424

408425
/* Load the trusted CA */
409-
if (ssl_cafile || ssl_capath)
426+
if (ssl_cafile || ssl_capath || ca_info_blob)
410427
backend->cacert = unitytls->unitytls_x509list_create(&err);
411428

412429
if(ssl_cafile) {
@@ -420,7 +437,16 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
420437

421438
if(ssl_capath) {
422439
if(!unitytls_parse_all_pem_in_dir(data, ssl_capath, backend->cacert, &err) || err.code != UNITYTLS_SUCCESS) {
423-
failf(data, "Error reading ca cert path from %s", ssl_cafile);
440+
failf(data, "Error reading ca cert path from %s", ssl_capath);
441+
if(verifypeer)
442+
return CURLE_SSL_CACERT_BADFILE;
443+
err = unitytls->unitytls_errorstate_create(); /* ignore any errors that came up */
444+
}
445+
}
446+
447+
if(ca_info_blob) {
448+
if(!unitytls_append_pem_blob(ca_info_blob, backend->cacert, &err)) {
449+
failf(data, "Error parsing CA cert blob");
424450
if(verifypeer)
425451
return CURLE_SSL_CACERT_BADFILE;
426452
err = unitytls->unitytls_errorstate_create(); /* ignore any errors that came up */
@@ -430,8 +456,15 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
430456
/* Load the client certificate */
431457
if(ssl_cert) {
432458
backend->clicert = unitytls->unitytls_x509list_create(&err);
433-
if(unitytls_append_pem_file(ssl_cert, backend->clicert, &err) != CURLE_OK || err.code != UNITYTLS_SUCCESS) {
434-
failf(data, "Error reading client cert file %s", ssl_cafile);
459+
if(!unitytls_append_pem_file(ssl_cert, backend->clicert, &err) || err.code != UNITYTLS_SUCCESS) {
460+
failf(data, "Error reading client cert file %s", ssl_cert);
461+
return CURLE_SSL_CERTPROBLEM;
462+
}
463+
}
464+
else if(ssl_cert_blob) {
465+
backend->clicert = unitytls->unitytls_x509list_create(&err);
466+
if(!unitytls_append_pem_blob(ssl_cert_blob, backend->clicert, &err)) {
467+
failf(data, "Error parsing client cert blob");
435468
return CURLE_SSL_CERTPROBLEM;
436469
}
437470
}
@@ -444,6 +477,13 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
444477
return CURLE_SSL_CERTPROBLEM;
445478
}
446479
}
480+
else if(ssl_key_blob) {
481+
backend->pk = unitytls_key_parse_pem_from_blob(ssl_key_blob, ssl_config->key_passwd, &err);
482+
if(!backend->pk || err.code != UNITYTLS_SUCCESS) {
483+
failf(data, "Error parsing private key blob");
484+
return CURLE_SSL_CERTPROBLEM;
485+
}
486+
}
447487
else {
448488
backend->pk = NULL;
449489
}
@@ -717,6 +757,7 @@ const struct Curl_ssl Curl_ssl_unitytls = {
717757
{ CURLSSLBACKEND_UNITYTLS, "unitytls" }, /* info */
718758

719759
SSLSUPP_CA_PATH |
760+
SSLSUPP_CAINFO_BLOB |
720761
SSLSUPP_SSL_CTX,
721762

722763
sizeof(struct ssl_backend_data),

0 commit comments

Comments
 (0)