fix: better choose CAcert if multiple are available

[cassiopeia.git] / src / crypto / remoteSigner.cpp

diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp
index 5888667aea2903cbbc37b3038dd1c8db3fcfb63e..f4680d650933248c0bb9584f63cc8b892583b549 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -69,20 +69,11 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
     send( conn, head, RecordHeader::SignerCommand::SIGN, "" );
     send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" );
     auto result = std::make_shared<SignedCertificate>();
-    std::vector<char> buffer( 2048 * 4 );
 
     for( int i = 0; i < 3; i++ ) {
         try {
-            int length = conn->read( buffer.data(), buffer.size() );
-
-            if( length <= 0 ) {
-                logger::error( "Error, no response data" );
-                result = nullptr;
-                break;
-            }
-
             RecordHeader head;
-            std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
+            std::string payload = parseCommand( head, conn->readLine() );
 
             switch( static_cast<RecordHeader::SignerResult>( head.command )) {
             case RecordHeader::SignerResult::CERTIFICATE:
@@ -141,9 +132,11 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
         result->serial = std::string( serStr.get() );
     }
 
+    logger::note( "Closing SSL connection" );
     if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
         logger::warn( "SSL shutdown failed" );
     }
+    logger::note( "SSL connection closed" );
 
     return result;
 }
@@ -169,14 +162,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     std::string payload = ca->name;
     send( conn, head, RecordHeader::SignerCommand::REVOKE, payload );
 
-    std::vector<char> buffer( 2048 * 4 );
-    int length = conn->read( buffer.data(), buffer.size() );
-
-    if( length <= 0 ) {
-        throw "Error, no response data";
-    }
-
-    payload = parseCommand( head, std::string( buffer.data(), length ) );
+    payload = parseCommand( head, conn->readLine() );
 
     auto crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl" ) );
     std::string date;
@@ -205,13 +191,8 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     } else {
         logger::warn( "CRL is broken, trying to recover" );
         send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
-        length = conn->read( buffer.data(), buffer.size() );
-
-        if( length <= 0 ) {
-            throw "Error, no response data";
-        }
 
-        payload = parseCommand( head, std::string( buffer.data(), length ) );
+        payload = parseCommand( head, conn->readLine() );
 
         if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
             throw "Protocol violation";
@@ -230,9 +211,11 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
 
     logger::debug( "CRL:\n", crl->toString() );
 
+    logger::note( "Closing SSL connection" );
     if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
         logger::warn( "SSL shutdown failed" );
     }
+    logger::note( "SSL connection closed" );
 
     return { crl, date };
 }