ipsec-tools: Use getpathname() to get the right path.
Change-Id: I169b0ea84113234875c9c0be436384365f95dd89
diff --git a/setup.c b/setup.c
index 7a30078..c2cb082 100644
--- a/setup.c
+++ b/setup.c
@@ -332,11 +332,13 @@
remoteconf->idvtype = IDTYPE_ADDRESS;
auth = OAKLEY_ATTR_AUTH_METHOD_PSKEY;
} else if (argc == 8 && !strcmp(argv[3], "udprsa")) {
+ char path[PATH_MAX + 1];
set_port(target, atoi(argv[4]));
spdadd(myaddrs[0].addr, target, IPPROTO_UDP, NULL, NULL);
remoteconf->myprivfile = argv[5];
remoteconf->mycertfile = argv[6];
- remoteconf->mycert = eay_get_x509cert(argv[6]);
+ getpathname(path, sizeof(path), LC_PATHTYPE_CERT, argv[6]);
+ remoteconf->mycert = eay_get_x509cert(path);
if (!remoteconf->mycert) {
do_plog(LLV_ERROR, "Cannot load user certificate\n");
exit(1);
@@ -345,7 +347,8 @@
remoteconf->verify_cert = FALSE;
} else {
remoteconf->cacertfile = argv[7];
- remoteconf->cacert = eay_get_x509cert(argv[7]);
+ getpathname(path, sizeof(path), LC_PATHTYPE_CERT, argv[7]);
+ remoteconf->cacert = eay_get_x509cert(path);
if (!remoteconf->cacert) {
do_plog(LLV_ERROR, "Cannot load CA certificate\n");
exit(1);
@@ -420,6 +423,7 @@
} else {
strncpy(path, name, length);
}
+ path[length - 1] = '\0';
}
/* sainfo.h */
diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c
index 789b7b1..adbf665 100644
--- a/src/racoon/crypto_openssl.c
+++ b/src/racoon/crypto_openssl.c
@@ -500,7 +500,7 @@
#ifdef ANDROID_CHANGES
if (lcconf->chroot) {
- BIO *bio = BIO_from_android(CApath);
+ BIO *bio = BIO_from_android(CAfile);
STACK_OF(X509_INFO) *stack;
X509_INFO *info;
int i;
