From eeccf5a2b0e05e77f10ce50eb3039ab87a574387 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Mon, 13 Jun 2011 12:21:55 -0400
Subject: [PATCH] load trusted certs into ssl context prior to handshake

---
 sfa/util/server.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sfa/util/server.py b/sfa/util/server.py
index f8b1af48..b4fd2ffa 100644
--- a/sfa/util/server.py
+++ b/sfa/util/server.py
@@ -18,6 +18,8 @@ import SimpleXMLRPCServer
 from OpenSSL import SSL
 
 from sfa.trust.certificate import Keypair, Certificate
+from sfa.trust.trustedroot import TrustedRootList
+from sfa.util.config import Config
 from sfa.trust.credential import *
 from sfa.util.faults import *
 from sfa.plc.api import SfaAPI
@@ -151,6 +153,10 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
         ctx.use_certificate_file(cert_file)
         # If you wanted to verify certs against known CAs.. this is how you would do it
         #ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
+        config = Config()
+        trusted_cert_files = TrustedRootList(config.get_trustedroots_dir()).get_file_list()
+        for cert_file in trusted_cert_files:
+            ctx.load_verify_locations(cert_file)
         ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
         ctx.set_verify_depth(5)
         ctx.set_app_data(self)
-- 
2.47.0