C++ (Cpp) _trust_this_cert Examples

Programming Language: C++ (Cpp)

Method/Function: _trust_this_cert

Examples at hotexamples.com: 2

C++ (Cpp) _trust_this_cert - 2 examples found. These are the top rated real world C++ (Cpp) examples of _trust_this_cert extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: snmpTLSBaseDomain.c Project: michalklempa/net-snmp

void
_load_trusted_certs(SSL_CTX *the_ctx) {
    netsnmp_container *trusted_certs = NULL;
    netsnmp_iterator  *trusted_cert_iterator = NULL;
    char *fingerprint;

    trusted_certs = netsnmp_cert_get_trustlist();
    trusted_cert_iterator = CONTAINER_ITERATOR(trusted_certs);
    if (trusted_cert_iterator) {
        for (fingerprint = (char *) ITERATOR_FIRST(trusted_cert_iterator);
             fingerprint; fingerprint = ITERATOR_NEXT(trusted_cert_iterator)) {
            if (!_trust_this_cert(the_ctx, fingerprint))
                snmp_log(LOG_ERR, "failed to load trust cert: %s\n",
                         fingerprint);
        }
        ITERATOR_RELEASE(trusted_cert_iterator);
    }
}

Example #2

Show file

File: snmpTLSBaseDomain.c Project: 274914765/C

SSL_CTX *sslctx_client_setup (const SSL_METHOD * method, _netsnmpTLSBaseData * tlsbase)
{
    netsnmp_cert *id_cert, *peer_cert;

    SSL_CTX *the_ctx;

    /***********************************************************************
     * Set up the client context
     */
    the_ctx = SSL_CTX_new (NETSNMP_REMOVE_CONST (SSL_METHOD *, method));
    if (!the_ctx)
    {
        snmp_log (LOG_ERR, "ack: %p\n", the_ctx);
        LOGANDDIE ("can't create a new context");
    }
    SSL_CTX_set_read_ahead (the_ctx, 1);    /* Required for DTLS */

    SSL_CTX_set_verify (the_ctx,
                        SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, &verify_callback);

    if (tlsbase->our_identity)
    {
        DEBUGMSGTL (("sslctx_client", "looking for local id: %s\n", tlsbase->our_identity));
        id_cert = netsnmp_cert_find (NS_CERT_IDENTITY, NS_CERTKEY_MULTIPLE, tlsbase->our_identity);
    }
    else
    {
        DEBUGMSGTL (("sslctx_client", "looking for default local id: %s\n", tlsbase->our_identity));
        id_cert = netsnmp_cert_find (NS_CERT_IDENTITY, NS_CERTKEY_DEFAULT, NULL);
    }

    if (!id_cert)
        LOGANDDIE ("error finding client identity keys");

    if (!id_cert->key || !id_cert->key->okey)
        LOGANDDIE ("failed to load private key");

    DEBUGMSGTL (("sslctx_client", "using public key: %s\n", id_cert->info.filename));
    DEBUGMSGTL (("sslctx_client", "using private key: %s\n", id_cert->key->info.filename));

    if (SSL_CTX_use_certificate (the_ctx, id_cert->ocert) <= 0)
        LOGANDDIE ("failed to set the certificate to use");

    if (SSL_CTX_use_PrivateKey (the_ctx, id_cert->key->okey) <= 0)
        LOGANDDIE ("failed to set the private key to use");

    if (!SSL_CTX_check_private_key (the_ctx))
        LOGANDDIE ("public and private keys incompatible");

    if (tlsbase->their_identity)
        peer_cert = netsnmp_cert_find (NS_CERT_REMOTE_PEER, NS_CERTKEY_MULTIPLE, tlsbase->their_identity);
    else
        peer_cert = netsnmp_cert_find (NS_CERT_REMOTE_PEER, NS_CERTKEY_DEFAULT, NULL);
    if (peer_cert)
    {
        DEBUGMSGTL (("sslctx_client", "server's expected public key: %s\n",
                     peer_cert ? peer_cert->info.filename : "none"));

        /* Trust the expected certificate */
        if (netsnmp_cert_trust_ca (the_ctx, peer_cert) != SNMPERR_SUCCESS)
            LOGANDDIE ("failed to set verify paths");
    }

    /* trust a certificate (possibly a CA) aspecifically passed in */
    if (tlsbase->trust_cert)
    {
        if (!_trust_this_cert (the_ctx, tlsbase->trust_cert))
            return 0;
    }

    return _sslctx_common_setup (the_ctx, tlsbase);
}