more efficient ca cert encoding

2025-05-13 14:30:02 -04:00 · 2025-01-24 14:09:55 -05:00 · 2025-01-24 14:09:55 -05:00 · fe72717db8
commit fe72717db8
parent 42e927b71b
4 changed files with 110 additions and 28 deletions
--- a/client/libcurl/certs.c
+++ b/client/libcurl/certs.c
@ -0,0 +1,61 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "curl/curl.h"
+#include "mbedtls/base64.h"
+
+#include "cacert.h"
+
+struct curl_blob cacert_blob;
+unsigned char* cacert_pem;
+int cacert_pem_len;
+
+unsigned char* get_cacert() {
+  return cacert_pem;
+}
+
+//generate a pem file from the stored binary certificates
+void generate_pem() {
+  char* begin_cert_str = "-----BEGIN CERTIFICATE-----\n";
+  int begin_cert_len = strlen(begin_cert_str);
+  char* end_cert_str = "\n-----END CERTIFICATE-----\n";
+  int end_cert_len = strlen(end_cert_str);
+
+  //calculate total length of the pem file
+  cacert_pem_len = 0;
+  for (int i = 0; i < cert_count; i++) {
+    int cert_len = cert_lengths[i];
+    int b64_len = ((4 * cert_len / 3) + 3) & ~3;
+    cacert_pem_len += begin_cert_len + end_cert_len + b64_len;
+  }
+  cacert_pem = malloc(cacert_pem_len);
+
+  //loop for base64 encoding each part
+  int offset = 0;
+  for (int i = 0; i < cert_count; i++) {
+    unsigned char* cert = _certs[i];
+    int cert_len = cert_lengths[i];
+    int b64_len = ((4 * cert_len / 3) + 3) & ~3;
+    
+    strcpy((char*) (cacert_pem + offset), begin_cert_str);
+    offset += begin_cert_len;
+
+    size_t olen;
+    mbedtls_base64_encode(cacert_pem + offset, b64_len+1, &olen, cert, cert_len);
+    offset += b64_len;
+
+    strcpy((char*) (cacert_pem + offset), end_cert_str);
+    offset += end_cert_len;
+  }
+  cacert_pem[cacert_pem_len-1] = '\0';
+}
+
+void init_curl() {
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+  generate_pem();
+
+  //tell curl to use our generated pem file
+  cacert_blob.data = cacert_pem;
+  cacert_blob.len = cacert_pem_len;
+  cacert_blob.flags = CURL_BLOB_NOCOPY;
+}
--- a/client/libcurl/request.c
+++ b/client/libcurl/request.c
@ -7,14 +7,13 @@
 #include "curl/easy.h"
 #include "curl/multi.h"

-#include "cacert.h"
 #include "util.h"
 #include "types.h"

 void finish_request(CURLMsg *curl_msg);
 void forward_headers(struct RequestInfo *request_info);

-struct curl_blob cacert_blob;
+extern struct curl_blob cacert_blob;

 size_t write_function(char *data, size_t size, size_t nmemb, struct RequestInfo *request_info) {
  size_t real_size = size * nmemb;
@ -82,14 +81,3 @@ void finish_request(CURLMsg *curl_msg) {
 void request_set_proxy(CURL* http_handle, const char* proxy_url) {
  curl_easy_setopt(http_handle, CURLOPT_PROXY, proxy_url);
 }
-
-unsigned char* get_cacert() {
-  return _cacert_pem;
-}
-
-void init_curl() {
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-  cacert_blob.data = _cacert_pem;
-  cacert_blob.len = _cacert_pem_len;
-  cacert_blob.flags = CURL_BLOB_NOCOPY;
-}