Beispiel #1
0
    SSLManager::SSLManager(const Params& params, bool isServer) :
        _validateCertificates(false),
        _weakValidation(params.weakCertificateValidation) {

        SSL_library_init();
        SSL_load_error_strings();
        ERR_load_crypto_strings();

        if (params.fipsMode) {
            _setupFIPS();
        }

        // Add all digests and ciphers to OpenSSL's internal table
        // so that encryption/decryption is backwards compatible
        OpenSSL_add_all_algorithms();
 
        SSLThreadInfo::init();
        SSLThreadInfo::get();

        if (!_initSSLContext(&_clientContext, params)) {
            uasserted(16768, "ssl initialization problem"); 
        }

        // SSL client specific initialization
        if (!isServer) {
            _serverContext = NULL;

            if (!params.pemfile.empty()) {
                if (!_setSubjectName(params.pemfile, _clientSubjectName)) {
                    uasserted(16941, "ssl initialization problem"); 
                }
            }
        }
        // SSL server specific initialization
        if (isServer) {
            if (!_initSSLContext(&_serverContext, params)) {
                uasserted(16562, "ssl initialization problem"); 
            }

            if (!_setSubjectName(params.pemfile, _serverSubjectName)) {
                uasserted(16942, "ssl initialization problem"); 
            }
            // use the cluster certificate for outgoing connections if specified
            if (!params.clusterfile.empty()) {
                if (!_setSubjectName(params.clusterfile, _clientSubjectName)) {
                    uasserted(16943, "ssl initialization problem"); 
                }
            }
            else { 
                if (!_setSubjectName(params.pemfile, _clientSubjectName)) {
                    uasserted(16944, "ssl initialization problem"); 
                }
            }
        }
    }
Beispiel #2
0
bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size)
{
    _initSSLContext();
    return _ssl->loadObject(SSL_OBJ_RSA_KEY, stream, size);
}
Beispiel #3
0
void WiFiClientSecure::allowSelfSignedCerts()
{
    _initSSLContext();
    _ssl->allowSelfSignedCerts();
}
Beispiel #4
0
bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)
{
    _initSSLContext();
    return _ssl->loadObject(SSL_OBJ_X509_CERT, stream, size);
}
Beispiel #5
0
bool WiFiClientSecure::setPrivateKey_P(PGM_VOID_P pk, size_t size)
{
    _initSSLContext();
    return _ssl->loadObject_P(SSL_OBJ_RSA_KEY, pk, size);
}
Beispiel #6
0
bool WiFiClientSecure::setCertificate_P(PGM_VOID_P pk, size_t size)
{
    _initSSLContext();
    return _ssl->loadObject_P(SSL_OBJ_X509_CERT, pk, size);
}
Beispiel #7
0
bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
{
    _initSSLContext();
    return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size);
}
Beispiel #8
0
bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)
{
    _initSSLContext();
    return _ssl->loadObject(SSL_OBJ_X509_CERT, pk, size);
}