Example #1
0
    Profile(const std::string& profilename, const std::string& certstr, const std::string& keystr,
            const std::string& dhstr, unsigned int mindh, const std::string& hashstr,
            const std::string& ciphersuitestr, const std::string& curvestr,
            const std::string& castr, const std::string& crlstr,
            unsigned int recsize,
            CTRDRBG& ctrdrbg,
            int minver, int maxver,
            bool requestclientcert
           )
        : name(profilename)
        , x509cred(certstr, keystr)
        , ciphersuites(ciphersuitestr)
        , curves(curvestr)
        , serverctx(ctrdrbg, MBEDTLS_SSL_IS_SERVER)
        , clientctx(ctrdrbg, MBEDTLS_SSL_IS_CLIENT)
        , cacerts(castr, true)
        , crl(crlstr)
        , hash(hashstr)
        , outrecsize(recsize)
    {
        serverctx.SetX509CertAndKey(x509cred);
        clientctx.SetX509CertAndKey(x509cred);
        clientctx.SetMinDHBits(mindh);

        if (!ciphersuites.empty())
        {
            serverctx.SetCiphersuites(ciphersuites);
            clientctx.SetCiphersuites(ciphersuites);
        }

        if (!curves.empty())
        {
            serverctx.SetCurves(curves);
            clientctx.SetCurves(curves);
        }

        serverctx.SetVersion(minver, maxver);
        clientctx.SetVersion(minver, maxver);

        if (!dhstr.empty())
        {
            dhparams.set(dhstr);
            serverctx.SetDHParams(dhparams);
        }

        clientctx.SetOptionalVerifyCert();
        clientctx.SetCA(cacerts, crl);
        // The default for servers is to not request a client certificate from the peer
        if (requestclientcert)
        {
            serverctx.SetOptionalVerifyCert();
            serverctx.SetCA(cacerts, crl);
        }
    }
Example #2
0
		bool SetDH(DHParams& dh)
		{
			return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0);
		}
Example #3
0
 void SetDHParams(DHParams& dh)
 {
     mbedtls_ssl_conf_dh_param_ctx(&conf, dh.get());
 }