Fixes for cert folders

EVerest · Feb 28, 2024 · 605deb6 · 605deb6
1 parent 288c307
commit 605deb6
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/lib/evse_security/crypto/openssl/openssl_supplier.cpp b/lib/evse_security/crypto/openssl/openssl_supplier.cpp
@@ -574,7 +574,14 @@ CertificateValidationError OpenSSLSupplier::x509_verify_certificate_chain(X509Ha
         const char* c_dir_path = dir_path.has_value() ? dir_path.value().c_str() : nullptr;
         const char* c_file_path = file_path.has_value() ? file_path.value().c_str() : nullptr;
 
-        X509_STORE_load_locations(store_ptr.get(), c_file_path, c_dir_path);
+        if (X509_STORE_load_locations(store_ptr.get(), c_file_path, c_dir_path) != 1) {
+            return CertificateValidationError::Unknown;
+        }
+        if (dir_path.has_value()) {
+            if (X509_STORE_add_lookup(store_ptr.get(), X509_LOOKUP_file()) == nullptr) {
+                return CertificateValidationError::Unknown;
+            }
+        }
     }
 
     X509_STORE_CTX_init(store_ctx_ptr.get(), store_ptr.get(), get(target), NULL);

diff --git a/lib/evse_security/evse_security.cpp b/lib/evse_security/evse_security.cpp
@@ -1061,22 +1061,30 @@ InstallCertificateResult EvseSecurity::verify_certificate_internal(const std::st
 
         const auto leaf_certificate = _certificate_chain.at(0);
         std::vector<X509Handle*> parent_certificates;
+        fs::path store;
         std::optional<fs::path> store_file;
+        std::optional<fs::path> store_dir;
 
         for (size_t i = 1; i < _certificate_chain.size(); i++) {
             parent_certificates.emplace_back(_certificate_chain[i].get());
         }
 
         if (certificate_type == LeafCertificateType::CSMS) {
-            store_file = this->ca_bundle_path_map.at(CaCertificateType::CSMS);
+            store = this->ca_bundle_path_map.at(CaCertificateType::CSMS);
         } else if (certificate_type == LeafCertificateType::V2G) {
-            store_file = this->ca_bundle_path_map.at(CaCertificateType::V2G);
+            store = this->ca_bundle_path_map.at(CaCertificateType::V2G);
         } else {
-            store_file = this->ca_bundle_path_map.at(CaCertificateType::MF);
+            store = this->ca_bundle_path_map.at(CaCertificateType::MF);
+        }
+
+        if (fs::is_directory(store)) {
+            store_dir = store;
+        } else {
+            store_file = store;
         }
 
         CertificateValidationError validated = CryptoSupplier::x509_verify_certificate_chain(
-            leaf_certificate.get(), parent_certificates, true, std::nullopt, store_file);
+            leaf_certificate.get(), parent_certificates, true, store_dir, store_file);
 
         if (validated != CertificateValidationError::NoError) {
             return to_install_certificate_result(validated);