SecurityClientSSL::SecurityClientSSL( Address& Address,
std::string certFile,
std::string keyFile,
std::string trustFile,
std::string password,
securityMode method) :
SecurityClient(Address),
itsSecurityMode(method),
itsCertificate(new Certificate()), itsKey(new Key()), itsTrust(new Trust())
{
SetCertificate(certFile);
SetKey(keyFile);
SetTrust(trustFile);
itsPassword = password;
libsslInit();
itsCTX = SSLWrap::SSL_CTX_new(GetMethod()); /* create new context from method */
if (itsCTX == NULL) {
throw_SSL("SSL_CTX_new failed");
}
SSLWrap::SSL_CTX_set_default_passwd_cb(itsCTX, passwordCallback);
if (itsPassword.length() >= 4)
SSLWrap::SSL_CTX_set_default_passwd_cb_userdata(itsCTX, this);
itsCertificate->SetContext(itsCTX);
itsKey->SetContext(itsCTX);
itsTrust->SetContext(itsCTX);
itsCertificate->Apply();
itsKey->Apply();
itsTrust->Apply();
//create new SSL BIO, basing on a configured context
BIO* bio = SSLWrap::BIO_new_ssl_connect(itsCTX);
if (bio == NULL) {
throw_SSL("BIO_new_ssl_connect failed");
}
//make sure SSL is here
SSLWrap::BIO_get_ssl_(bio, & itsSSL);
if (itsSSL == NULL) {
throw_SSL("BIO_get_ssl failed");
}
/* With this option set, if the server suddenly wants a new handshake,
* OpenSSL handles it in the background. */
SSLWrap::SSL_set_mode_(itsSSL, SSL_MODE_AUTO_RETRY);
/*The hostname can be an IP address. The hostname can also include the port
* in the form hostname:port . It is also acceptable to use the form
* "hostname/any/other/path" or "hostname:port/any/other/path".*/
SSLWrap::BIO_set_conn_hostname_(bio, itsSrverAddress.GetHostAndPort().c_str());
DBG << "populated safe client BIO @host=" << itsSrverAddress.GetHostAndPort() << std::endl;
SetBIO(bio);
DBG_CONSTRUCTOR;
}
TER
transact_SetTrust (
SerializedTransaction const& txn,
TransactionEngineParams params,
TransactionEngine* engine)
{
return SetTrust (txn, params, engine).apply ();
}
