secure::server_t secure::server(const char *certfile, const char *ca) { context *ctx = new context; if(!ctx) return NULL; ctx->error = secure::OK; ctx->connect = GNUTLS_SERVER; ctx->xtype = GNUTLS_CRD_CERTIFICATE; ctx->xcred = NULL; ctx->dh = NULL; gnutls_certificate_allocate_credentials(&ctx->xcred); gnutls_certificate_set_x509_key_file(ctx->xcred, certfile, certfile, GNUTLS_X509_FMT_PEM); if(!ca) return ctx; if(eq(ca, "*")) ca = oscerts(); gnutls_certificate_set_x509_trust_file (ctx->xcred, ca, GNUTLS_X509_FMT_PEM); return ctx; }
secure::client_t secure::client(const char *ca) { context *ctx = new(context); secure::init(); if(!ctx) return NULL; ctx->error = secure::OK; ctx->ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx->ctx) { ctx->error = secure::INVALID; return ctx; } if(!ca) return ctx; if(eq(ca, "*")) ca = oscerts(); if(!SSL_CTX_load_verify_locations(ctx->ctx, ca, 0)) { ctx->error = secure::INVALID_AUTHORITY; return ctx; } return ctx; }
const char *secure::oscerts(void) { const char *path = "c:/temp/ca-bundle.crt"; if(!is_file(path)) { if(oscerts(path)) return NULL; } return path; }
int secure::oscerts(const char *pathname) { string_t source = oscerts(); string_t target; if(pathname[0] == '/') target = pathname; else target = shell::path(shell::USER_CONFIG) + "/" + pathname; if(!source) return ENOSYS; return fsys::copy(*source, *target); }
secure::server_t secure::server(const char *certfile, const char *ca) { context *ctx = new(context); if(!ctx) return NULL; secure::init(); ctx->error = secure::OK; ctx->ctx = SSL_CTX_new(SSLv23_server_method()); if(!ctx->ctx) { ctx->error = secure::INVALID; return ctx; } if(!SSL_CTX_use_certificate_chain_file(ctx->ctx, certfile)) { ctx->error = secure::MISSING_CERTIFICATE; return ctx; } if(!SSL_CTX_use_PrivateKey_file(ctx->ctx, certfile, SSL_FILETYPE_PEM)) { ctx->error = secure::MISSING_PRIVATEKEY; return ctx; } if(!SSL_CTX_check_private_key(ctx->ctx)) { ctx->error = secure::INVALID_CERTIFICATE; return ctx; } if(!ca) return ctx; if(eq(ca, "*")) ca = oscerts(); if(!SSL_CTX_load_verify_locations(ctx->ctx, ca, 0)) { ctx->error = secure::INVALID_AUTHORITY; return ctx; } return ctx; }