OpenSSL improvements

2025-10-23 00:07:59 +02:00 · 2008-09-18 15:54:03 +00:00
parent 5ae8225ece
commit 5f605414ff
6 changed files with 135 additions and 31 deletions
--- a/NetSSL_OpenSSL/src/Context.cpp
+++ b/NetSSL_OpenSSL/src/Context.cpp
@@ -1,7 +1,7 @@
 //
 // Context.cpp
 //
-// $Id: //poco/svn/NetSSL_OpenSSL/src/Context.cpp#1 $
+// $Id: //poco/1.3/NetSSL_OpenSSL/src/Context.cpp#2 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLCore
@@ -64,17 +64,21 @@ Context::Context(
 	_pSSLContext = SSL_CTX_new(SSLv23_method());
 	SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPasswdCallback);

-	File aFile(caLocation);
+	
 	int errCode = 0;
-	if (aFile.isDirectory())
-		errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, caLocation.c_str());
-	else
-		errCode = SSL_CTX_load_verify_locations(_pSSLContext, caLocation.c_str(), 0);
-	if (errCode != 1)
+	if (!caLocation.empty())
 	{
-		SSL_CTX_free(_pSSLContext);
-		_pSSLContext = 0;
-		throw SSLContextException(std::string("Failed to load CA file/directory from ") + caLocation);
+		File aFile(caLocation);
+		if (aFile.isDirectory())
+			errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, caLocation.c_str());
+		else
+			errCode = SSL_CTX_load_verify_locations(_pSSLContext, caLocation.c_str(), 0);
+		if (errCode != 1)
+		{
+			SSL_CTX_free(_pSSLContext);
+			_pSSLContext = 0;
+			throw SSLContextException(std::string("Failed to load CA file/directory from ") + caLocation);
+		}
 	}

 	if (loadCAFromDefaultPath)
@@ -87,22 +91,24 @@ Context::Context(
 			throw SSLContextException(std::string("Failed to load CA file/directory from default location"));
 		}
 	}
-
-	errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, privateKeyFile.c_str());
-	if (errCode != 1)
+	if (!privateKeyFile.empty())
 	{
-		SSL_CTX_free(_pSSLContext);
-		_pSSLContext = 0;
-		throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile);
-	}
-	File tmp(privateKeyFile);
-	poco_assert (tmp.exists());
-	errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM);
-	if (errCode != 1)
-	{
-		SSL_CTX_free(_pSSLContext);
-		_pSSLContext = 0;
-		throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile);
+		errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, privateKeyFile.c_str());
+		if (errCode != 1)
+		{
+			SSL_CTX_free(_pSSLContext);
+			_pSSLContext = 0;
+			throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile);
+		}
+		File tmp(privateKeyFile);
+		poco_assert (tmp.exists());
+		errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM);
+		if (errCode != 1)
+		{
+			SSL_CTX_free(_pSSLContext);
+			_pSSLContext = 0;
+			throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile);
+		}
 	}
 	int flags = (int)verMode;
 	if (verMode == VERIFY_STRICT || verMode == VERIFY_ONCE)
--- a/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
+++ b/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
@@ -1,7 +1,7 @@
 //
 // SecureSocketImpl.cpp
 //
-// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#25 $
+// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#6 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLSockets
--- a/NetSSL_OpenSSL/src/X509Certificate.cpp
+++ b/NetSSL_OpenSSL/src/X509Certificate.cpp
@@ -1,7 +1,7 @@
 //
 // X509Certificate.cpp
 //
-// $Id: //poco/svn/NetSSL_OpenSSL/src/X509Certificate.cpp#1 $
+// $Id: //poco/1.3/NetSSL_OpenSSL/src/X509Certificate.cpp#2 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLCore
@@ -35,21 +35,89 @@


 #include "Poco/Net/X509Certificate.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/SecureSocketImpl.h"
+#include <openssl/pem.h>


 namespace Poco {
 namespace Net {


-X509Certificate::X509Certificate(X509* pCert):_pCert(pCert)
+X509Certificate::X509Certificate(const std::string& file):
+	_issuerName(),
+	_subjectName(),
+	_pCert(0),
+	_file(file)
+{
+	BIO *fp=BIO_new(BIO_s_file());
+	const char* pFN = file.c_str();
+	BIO_read_filename(fp, (void*)pFN);
+	if (!fp)
+		throw Poco::PathNotFoundException("Failed to open " + file);
+	try
+	{
+		_pCert = PEM_read_bio_X509(fp,0,0,0);
+	}
+	catch(...)
+	{
+		BIO_free(fp);
+		throw;
+	}
+	if (!_pCert)
+		throw SSLException("Faild to load certificate from " + file);
+	initialize();
+}
+
+
+X509Certificate::X509Certificate(X509* pCert):
+	_issuerName(),
+	_subjectName(),
+	_pCert(pCert),
+	_file()
 {
 	poco_check_ptr(_pCert);
 	initialize();
 }


+X509Certificate::X509Certificate(const X509Certificate& cert):
+	_issuerName(cert._issuerName),
+	_subjectName(cert._subjectName),
+	_pCert(cert._pCert),
+	_file(cert._file)
+{
+	if (!_file.empty())
+		_pCert = X509_dup(_pCert);
+}
+
+
+X509Certificate& X509Certificate::operator=(const X509Certificate& cert)
+{
+	if (this != &cert)
+	{
+		X509Certificate c(cert);
+		swap(c);
+	}
+	return *this;
+}
+
+
+void X509Certificate::swap(X509Certificate& cert)
+{
+	using std::swap;
+	swap(cert._file, _file);
+	swap(cert._issuerName, _issuerName);
+	swap(cert._subjectName, _subjectName);
+	swap(cert._pCert, _pCert);
+}
+
+
 X509Certificate::~X509Certificate()
 {
+	if (!_file.empty() && _pCert)
+		X509_free(_pCert);
 }


@@ -63,4 +131,11 @@ void X509Certificate::initialize()
 }


+bool X509Certificate::verify(const std::string& hostName, Poco::SharedPtr<Context> ptr)
+{
+	X509* pCert = X509_dup(_pCert);
+	return (X509_V_OK == SecureSocketImpl::postConnectionCheck(ptr, pCert, hostName));
+}
+
+
 } } // namespace Poco::Net