diff options
author | Jaakko Keränen <jaakko.keranen@iki.fi> | 2020-08-03 18:27:45 +0300 |
---|---|---|
committer | Jaakko Keränen <jaakko.keranen@iki.fi> | 2020-08-03 18:27:45 +0300 |
commit | c5f7132d637f0186433cccb4da7b9283a4dd5d9a (patch) | |
tree | c5e912733437e307fb894366cc8bf648776a53ce /src/gmcerts.c | |
parent | 8f62f251ee5e49447c0950719ba6629bc1a23257 (diff) |
GmCerts: Thread safety; fixed notifications
Must update the status before notifying.
Diffstat (limited to 'src/gmcerts.c')
-rw-r--r-- | src/gmcerts.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c index 0aa084a4..11e9ce2c 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c | |||
@@ -1,6 +1,7 @@ | |||
1 | #include "gmcerts.h" | 1 | #include "gmcerts.h" |
2 | 2 | ||
3 | #include <the_Foundation/file.h> | 3 | #include <the_Foundation/file.h> |
4 | #include <the_Foundation/mutex.h> | ||
4 | #include <the_Foundation/path.h> | 5 | #include <the_Foundation/path.h> |
5 | #include <the_Foundation/regexp.h> | 6 | #include <the_Foundation/regexp.h> |
6 | #include <the_Foundation/stringhash.h> | 7 | #include <the_Foundation/stringhash.h> |
@@ -32,6 +33,7 @@ iDefineClass(TrustEntry) | |||
32 | /*-----------------------------------------------------------------------------------------------*/ | 33 | /*-----------------------------------------------------------------------------------------------*/ |
33 | 34 | ||
34 | struct Impl_GmCerts { | 35 | struct Impl_GmCerts { |
36 | iMutex mtx; | ||
35 | iString saveDir; | 37 | iString saveDir; |
36 | iStringHash *trusted; | 38 | iStringHash *trusted; |
37 | }; | 39 | }; |
@@ -87,14 +89,18 @@ static void load_GmCerts_(iGmCerts *d) { | |||
87 | } | 89 | } |
88 | 90 | ||
89 | void init_GmCerts(iGmCerts *d, const char *saveDir) { | 91 | void init_GmCerts(iGmCerts *d, const char *saveDir) { |
92 | init_Mutex(&d->mtx); | ||
90 | initCStr_String(&d->saveDir, saveDir); | 93 | initCStr_String(&d->saveDir, saveDir); |
91 | d->trusted = new_StringHash(); | 94 | d->trusted = new_StringHash(); |
92 | load_GmCerts_(d); | 95 | load_GmCerts_(d); |
93 | } | 96 | } |
94 | 97 | ||
95 | void deinit_GmCerts(iGmCerts *d) { | 98 | void deinit_GmCerts(iGmCerts *d) { |
96 | iRelease(d->trusted); | 99 | iGuardMutex(&d->mtx, { |
97 | deinit_String(&d->saveDir); | 100 | iRelease(d->trusted); |
101 | deinit_String(&d->saveDir); | ||
102 | }); | ||
103 | deinit_Mutex(&d->mtx); | ||
98 | } | 104 | } |
99 | 105 | ||
100 | iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *cert) { | 106 | iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *cert) { |
@@ -112,6 +118,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
112 | iDate until; | 118 | iDate until; |
113 | validUntil_TlsCertificate(cert, &until); | 119 | validUntil_TlsCertificate(cert, &until); |
114 | iBlock *fingerprint = collect_Block(fingerprint_TlsCertificate(cert)); | 120 | iBlock *fingerprint = collect_Block(fingerprint_TlsCertificate(cert)); |
121 | lock_Mutex(&d->mtx); | ||
115 | iTrustEntry *trust = value_StringHash(d->trusted, key); | 122 | iTrustEntry *trust = value_StringHash(d->trusted, key); |
116 | if (trust) { | 123 | if (trust) { |
117 | /* We already have it, check if it matches the one we trust for this domain (if it's | 124 | /* We already have it, check if it matches the one we trust for this domain (if it's |
@@ -120,7 +127,9 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
120 | initCurrent_Time(&now); | 127 | initCurrent_Time(&now); |
121 | if (secondsSince_Time(&trust->validUntil, &now) > 0) { | 128 | if (secondsSince_Time(&trust->validUntil, &now) > 0) { |
122 | /* Trusted cert is still valid. */ | 129 | /* Trusted cert is still valid. */ |
123 | return cmp_Block(fingerprint, &trust->fingerprint) == 0; | 130 | const iBool isTrusted = cmp_Block(fingerprint, &trust->fingerprint) == 0; |
131 | unlock_Mutex(&d->mtx); | ||
132 | return isTrusted; | ||
124 | } | 133 | } |
125 | /* Update the trusted cert. */ | 134 | /* Update the trusted cert. */ |
126 | init_Time(&trust->validUntil, &until); | 135 | init_Time(&trust->validUntil, &until); |
@@ -130,5 +139,6 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
130 | insert_StringHash(d->trusted, key, iClob(new_TrustEntry(fingerprint, &until))); | 139 | insert_StringHash(d->trusted, key, iClob(new_TrustEntry(fingerprint, &until))); |
131 | } | 140 | } |
132 | save_GmCerts_(d); | 141 | save_GmCerts_(d); |
142 | unlock_Mutex(&d->mtx); | ||
133 | return iTrue; | 143 | return iTrue; |
134 | } | 144 | } |