fix: use correct prepared statement for writing logs

[cassiopeia.git] / src / crypto / sslUtil.h

diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h
index 1327a17bd47367dd0113ce8dec984e1ca93ccb27..f0eaaf6e6e3d0ccf7584bf227a391b2f75f06b28 100644 (file)
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -2,23 +2,28 @@
 
 #include <memory>
 #include <string>
+#include <string.h>
 #include <vector>
 #include <cinttypes>
 #include <ctime>
+#include <unordered_set>
 
 #include <openssl/ssl.h>
 
 #include "db/database.h"
 
-class CAConfig {
-public:
+struct CAConfig {
     std::string path;
     std::string name;
+    std::string crlURL;
+    std::string crtURL;
 
     std::shared_ptr<X509> ca;
     std::shared_ptr<EVP_PKEY> caKey;
     std::shared_ptr<ASN1_TIME> notBefore;
+
     CAConfig( const std::string& name );
+
     bool crlNeedsResign();
 };
 
@@ -30,14 +35,23 @@ struct Profile {
 
     std::vector<std::shared_ptr<CAConfig>> ca;
     std::time_t maxValidity;
+    std::unordered_set<std::string> include;
     std::shared_ptr<CAConfig> getCA() {
+        std::shared_ptr<CAConfig> min = nullptr;
+
         for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
             if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
-                return *it;
+                if( min != nullptr ) {
+                    if( strcmp( min->name.c_str(), ( *it )->name.c_str() ) < 0 ) {
+                        min = *it;
+                    }
+                } else {
+                    min = *it;
+                }
             }
         }
 
-        return ca[0];
+        return min ? min : ca[0];
     }
 };
 
@@ -49,4 +63,5 @@ std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename );
 std::shared_ptr<SSL_CTX> generateSSLContext( bool server );
 std::shared_ptr<BIO> openSerial( const std::string& name );
 std::string timeToString( std::shared_ptr<ASN1_TIME> time );
+
 void extractTimes( std::shared_ptr<X509> source, std::shared_ptr<SignedCertificate> cert );