mirror of
https://github.com/pocoproject/poco.git
synced 2025-11-07 14:37:32 +01:00
NetSSL library refactoring
This commit is contained in:
Guenter Obiltschnig
@@ -1,13 +1,13 @@
|
||||
//
|
||||
// Context.cpp
|
||||
//
|
||||
// $Id: //poco/1.3/NetSSL_OpenSSL/src/Context.cpp#2 $
|
||||
// $Id: //poco/Main/NetSSL_OpenSSL/src/Context.cpp#17 $
|
||||
//
|
||||
// Library: NetSSL_OpenSSL
|
||||
// Package: SSLCore
|
||||
// Module: Context
|
||||
//
|
||||
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
|
||||
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
|
||||
// and Contributors.
|
||||
//
|
||||
// Permission is hereby granted, free of charge, to any person or organization
|
||||
@@ -37,6 +37,7 @@
|
||||
#include "Poco/Net/Context.h"
|
||||
#include "Poco/Net/SSLManager.h"
|
||||
#include "Poco/Net/SSLException.h"
|
||||
#include "Poco/Net/Utility.h"
|
||||
#include "Poco/File.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
@@ -44,79 +45,82 @@
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
|
||||
using Poco::File;
|
||||
|
||||
|
||||
namespace Poco {
|
||||
namespace Net {
|
||||
|
||||
|
||||
Context::Context(
|
||||
const std::string& privateKeyFile,
|
||||
const std::string& caLocation,
|
||||
bool isServerContext,
|
||||
VerificationMode verMode,
|
||||
int verificationDepth,
|
||||
bool loadCAFromDefaultPath,
|
||||
const std::string& cypherList):_pSSLContext(0), _mode(verMode), _server(isServerContext)
|
||||
Usage usage,
|
||||
const std::string& privateKeyFile,
|
||||
const std::string& certificateFile,
|
||||
const std::string& caLocation,
|
||||
VerificationMode verificationMode,
|
||||
int verificationDepth,
|
||||
bool loadDefaultCAs,
|
||||
const std::string& cypherList):
|
||||
_usage(usage),
|
||||
_mode(verificationMode),
|
||||
_pSSLContext(0)
|
||||
{
|
||||
|
||||
_pSSLContext = SSL_CTX_new(SSLv23_method());
|
||||
if (!_pSSLContext) throw SSLException("Cannot create SSL_CTX object");
|
||||
SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPasswdCallback);
|
||||
|
||||
Utility::clearErrorStack();
|
||||
|
||||
int errCode = 0;
|
||||
if (!caLocation.empty())
|
||||
{
|
||||
File aFile(caLocation);
|
||||
Poco::File aFile(caLocation);
|
||||
if (aFile.isDirectory())
|
||||
errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, caLocation.c_str());
|
||||
else
|
||||
errCode = SSL_CTX_load_verify_locations(_pSSLContext, caLocation.c_str(), 0);
|
||||
if (errCode != 1)
|
||||
{
|
||||
std::string msg = Utility::getLastError();
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
_pSSLContext = 0;
|
||||
throw SSLContextException(std::string("Failed to load CA file/directory from ") + caLocation);
|
||||
throw SSLContextException(std::string("Cannot load CA file/directory at ") + caLocation, msg);
|
||||
}
|
||||
}
|
||||
|
||||
if (loadCAFromDefaultPath)
|
||||
if (loadDefaultCAs)
|
||||
{
|
||||
errCode = SSL_CTX_set_default_verify_paths(_pSSLContext);
|
||||
if (errCode != 1)
|
||||
{
|
||||
std::string msg = Utility::getLastError();
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
_pSSLContext = 0;
|
||||
throw SSLContextException(std::string("Failed to load CA file/directory from default location"));
|
||||
throw SSLContextException("Cannot load default CA certificates", msg);
|
||||
}
|
||||
}
|
||||
|
||||
if (!privateKeyFile.empty())
|
||||
{
|
||||
errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, privateKeyFile.c_str());
|
||||
if (errCode != 1)
|
||||
{
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
_pSSLContext = 0;
|
||||
throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile);
|
||||
}
|
||||
File tmp(privateKeyFile);
|
||||
poco_assert (tmp.exists());
|
||||
errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM);
|
||||
if (errCode != 1)
|
||||
{
|
||||
std::string msg = Utility::getLastError();
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
_pSSLContext = 0;
|
||||
throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile);
|
||||
throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile, msg);
|
||||
}
|
||||
}
|
||||
int flags = (int)verMode;
|
||||
if (verMode == VERIFY_STRICT || verMode == VERIFY_ONCE)
|
||||
flags |= SSL_VERIFY_PEER;
|
||||
if (serverContext())
|
||||
SSL_CTX_set_verify(_pSSLContext, flags, &SSLManager::verifyServerCallback);
|
||||
|
||||
if (!certificateFile.empty())
|
||||
{
|
||||
errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, certificateFile.c_str());
|
||||
if (errCode != 1)
|
||||
{
|
||||
std::string errMsg = Utility::getLastError();
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile, errMsg);
|
||||
}
|
||||
}
|
||||
|
||||
if (usage == SERVER_USE)
|
||||
SSL_CTX_set_verify(_pSSLContext, verificationMode, &SSLManager::verifyServerCallback);
|
||||
else
|
||||
SSL_CTX_set_verify(_pSSLContext, flags, &SSLManager::verifyClientCallback);
|
||||
SSL_CTX_set_verify(_pSSLContext, verificationMode, &SSLManager::verifyClientCallback);
|
||||
|
||||
SSL_CTX_set_verify_depth(_pSSLContext, verificationDepth);
|
||||
SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY);
|
||||
}
|
||||
@@ -124,11 +128,7 @@ Context::Context(
|
||||
|
||||
Context::~Context()
|
||||
{
|
||||
if (_pSSLContext)
|
||||
{
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
_pSSLContext = 0;
|
||||
}
|
||||
SSL_CTX_free(_pSSLContext);
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user