Changeset 505

Show
Ignore:
Timestamp:
08/15/07 10:03:32 (1 year ago)
Author:
blackhedd
Message:

added support for client-side certificates and private keys

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • version_0/ext/ssl.cpp

    r325 r505  
    121121**************************/ 
    122122 
    123 SslContext_t::SslContext_t (bool is_server): 
     123SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile): 
    124124        pCtx (NULL), 
    125125        PrivateKey (NULL), 
    126126        Certificate (NULL) 
    127127{ 
     128        /* TODO: the usage of the specified private-key and cert-chain filenames only applies to 
     129         * client-side connections at this point. Server connections currently use the default materials. 
     130         * That needs to be fixed asap. 
     131         * Also, in this implementation, server-side connections use statically defined X-509 defaults. 
     132         * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY 
     133         * objects when we call our destructor, or whether just calling SSL_CTX_free is enough. 
     134         */ 
     135 
    128136        if (!bLibraryInitialized) { 
    129137                bLibraryInitialized = true; 
     
    160168                SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12); 
    161169        } 
    162  
    163 
     170        else { 
     171                int e; 
     172                if (privkeyfile.length() > 0) { 
     173                        e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM); 
     174                        assert (e > 0); 
     175                } 
     176                if (certchainfile.length() > 0) { 
     177                        e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str()); 
     178                        assert (e > 0); 
     179                } 
     180        } 
     181
     182 
     183 
    164184 
    165185/*************************** 
     
    183203******************/ 
    184204 
    185 SslBox_t::SslBox_t (bool is_server): 
     205SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile): 
    186206        bIsServer (is_server), 
    187207        pSSL (NULL), 
     
    189209        pbioWrite (NULL) 
    190210{ 
    191         Context = new SslContext_t (bIsServer); 
     211        /* TODO someday: make it possible to re-use SSL contexts so we don't have to create 
     212         * a new one every time we come here. 
     213         */ 
     214 
     215        Context = new SslContext_t (bIsServer, privkeyfile, certchainfile); 
    192216        assert (Context); 
    193217 

  • version_0/ext/ssl.h

    r325 r505  
    3434{ 
    3535        public: 
    36                 SslContext_t (bool is_server); 
     36                SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile); 
    3737                virtual ~SslContext_t(); 
    3838 
     
    5858{ 
    5959        public: 
    60                 SslBox_t (bool is_server); 
     60                SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile); 
    6161                virtual ~SslBox_t(); 
    6262