Esempio n. 1
0
bool VSslServer::setKeyCrtStuff(VError& error, SSL_CTX* ctx, EVP_PKEY* key, X509* crt)
{
  LOG_ASSERT(key != NULL);
  LOG_ASSERT(crt != NULL);

  int res = SSL_CTX_use_certificate(ctx, crt);
  if (res <= 0)
  {
    error = VSslError(QString("SSL_CTX_use_certificate return %1").arg(res), VSslError::IN_SSL_CTX_USE_CERTIFICATE);
    return false;
  }

  res = SSL_CTX_use_PrivateKey(ctx, key);
  if (res <= 0)
  {
    error = VSslError(QString("SSL_CTX_use_PrivateKey return %1").arg(res), VSslError::SSL_CTX_USER_PRIVATEKEY);
    return false;
  }

  res = SSL_CTX_check_private_key(ctx);
  if (!res)
  {
    error = VSslError(QString("SSL_CTX_check_private_key return %1").arg(res), VSslError::SSL_CTX_CHECK_PRIVATEKEY);
    return false;
  }

  return true;
}
Esempio n. 2
0
static int loadCertFile(SSL_CTX *pCtx, const char *pFile, int type)
{
    char *pBegin,  buf[MAX_CERT_LENGTH];
    BIO *in;
    X509 *cert = NULL;
    int len;
    int ret;
    unsigned int digestlen;
    unsigned char digest[EVP_MAX_MD_SIZE];

    /* THIS FILE TYPE WILL NOT BE HANDLED HERE.
     * Just left this here in case of future implementation.*/
    if (translateType(type) == SSL_FILETYPE_ASN1)
        return LS_FAIL;

    len = loadPemWithMissingDash(pFile, buf, MAX_CERT_LENGTH, &pBegin);
    if (len == -1)
        return LS_FAIL;

    in = BIO_new_mem_buf((void *)pBegin, len);
    cert = PEM_read_bio_X509(in, NULL, 0, NULL);
    BIO_free(in);
    if (!cert)
        return LS_FAIL;
    if (( ret = SSL_CTX_use_certificate(pCtx, cert)) == 1 )
    {
        if ( X509_digest(cert, EVP_sha1(), digest, &digestlen) == 0)
            LS_DBG_L("Creating cert digest failed");
        else if (SslContext::setupIdContext(pCtx, digest, digestlen) != LS_OK)
            LS_DBG_L("Digest id context failed");
    }
    X509_free(cert);
    return ret;
}
Esempio n. 3
0
void SSLContext::loadCertificateFromBufferPEM(folly::StringPiece cert) {
  if (cert.data() == nullptr) {
    throw std::invalid_argument("loadCertificate: <cert> is nullptr");
  }

  ssl::BioUniquePtr bio(BIO_new(BIO_s_mem()));
  if (bio == nullptr) {
    throw std::runtime_error("BIO_new: " + getErrors());
  }

  int written = BIO_write(bio.get(), cert.data(), cert.size());
  if (written <= 0 || static_cast<unsigned>(written) != cert.size()) {
    throw std::runtime_error("BIO_write: " + getErrors());
  }

  ssl::X509UniquePtr x509(
      PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
  if (x509 == nullptr) {
    throw std::runtime_error("PEM_read_bio_X509: " + getErrors());
  }

  if (SSL_CTX_use_certificate(ctx_, x509.get()) == 0) {
    throw std::runtime_error("SSL_CTX_use_certificate: " + getErrors());
  }
}
Esempio n. 4
0
void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
#if ENABLE_INLINE_FILES
    const char *cert_file_inline,
#endif
    X509 **x509
    )
{
  BIO *in = NULL;
  X509 *x = NULL;
  int ret = 0;
  bool inline_file = false;

  ASSERT (NULL != ctx);
  if (NULL != x509)
    ASSERT (NULL == *x509);

#if ENABLE_INLINE_FILES
  inline_file = (strcmp (cert_file, INLINE_FILE_TAG) == 0);

  if (inline_file && cert_file_inline)
    in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
  else
#endif /* ENABLE_INLINE_FILES */
    in = BIO_new_file (cert_file, "r");

  if (in == NULL)
    {
      SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
      goto end;
    }

  x = PEM_read_bio_X509 (in, NULL, ctx->ctx->default_passwd_callback,
                         ctx->ctx->default_passwd_callback_userdata);
  if (x == NULL)
    {
      SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
      goto end;
    }

  ret = SSL_CTX_use_certificate (ctx->ctx, x);
  if (ret)
    tls_ctx_add_extra_certs (ctx, in);

end:
  if (!ret)
    {
      if (inline_file)
        msg (M_SSLERR, "Cannot load inline certificate file");
      else
        msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
    }

  if (in != NULL)
    BIO_free(in);
  if (x509)
    *x509 = x;
  else if (x)
    X509_free (x);
}
Esempio n. 5
0
static CURLcode sslctxfun( CURL * curl, void * sslctx, void * parm ) {

	sslctxparm * p = (sslctxparm *) parm;
	SSL_CTX * ctx = (SSL_CTX *) sslctx ;

	if ( !SSL_CTX_use_certificate( ctx,p->usercert ) ) {
		BIO_printf( p->errorbio, "SSL_CTX_use_certificate problem\n" ); goto err;
	}
	if ( !SSL_CTX_use_PrivateKey( ctx,p->pkey ) ) {
		BIO_printf( p->errorbio, "SSL_CTX_use_PrivateKey\n" ); goto err;
	}

	if ( !SSL_CTX_check_private_key( ctx ) ) {
		BIO_printf( p->errorbio, "SSL_CTX_check_private_key\n" ); goto err;
	}

	SSL_CTX_set_quiet_shutdown( ctx,1 );
	SSL_CTX_set_cipher_list( ctx,"RC4-MD5" );
	SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY );

	X509_STORE_add_cert( ctx->cert_store,sk_X509_value( p->ca,sk_X509_num( p->ca ) - 1 ) );

	SSL_CTX_set_verify_depth( ctx,2 );

	SSL_CTX_set_verify( ctx,SSL_VERIFY_PEER,NULL );

	SSL_CTX_set_cert_verify_callback( ctx, ssl_app_verify_callback, parm );


	return CURLE_OK ;
err:
	ERR_print_errors( p->errorbio );
	return CURLE_SSL_CERTPROBLEM;

}
Esempio n. 6
0
int validate_client_server_cert(SSL_CTX* ctx, X509 *client_cert, const char *keyfile)
{
	if ( client_cert != NULL )
	{
		if (SSL_CTX_use_certificate(ctx, client_cert) <= 0)
		{
			ERR_print_errors_fp(stderr);
		        abort();
		}
		else
			printf("SSL_CTX_use_certificate OK\n");


		if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) <= 0)
    		{
        		ERR_print_errors_fp(stderr);
        		abort();
    		}
		else
			printf("SSL_CTX_use_PrivateKey_file OK\n");

		/* verify private key between client certificate and stored private key to see if they match*/
		if (!SSL_CTX_check_private_key(ctx))
		{
        		fprintf(stderr, "Private key of server does not match the public client certificate\n");
		        abort();
	   	}
		return 0;
	}
	return 1;
}
Esempio n. 7
0
  // memory is only valid for duration of callback; must be copied if queueing
  // is required
  DtlsSocketContext::DtlsSocketContext() {
      started = false;
      mSocket = NULL;
      receiver = NULL;
      DtlsSocketContext::Init();

      ELOG_DEBUG("Creating Dtls factory, Openssl v %s", OPENSSL_VERSION_TEXT);

      mContext = SSL_CTX_new(DTLSv1_method());
      assert(mContext);

      int r = SSL_CTX_use_certificate(mContext, mCert);
      assert(r == 1);

      r = SSL_CTX_use_PrivateKey(mContext, privkey);
      assert(r == 1);

      SSL_CTX_set_cipher_list(mContext, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");

      SSL_CTX_set_info_callback(mContext, SSLInfoCallback);

      SSL_CTX_set_verify(mContext, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
        SSLVerifyCallback);

      // SSL_CTX_set_session_cache_mode(mContext, SSL_SESS_CACHE_OFF);
      // SSL_CTX_set_options(mContext, SSL_OP_NO_TICKET);
      // Set SRTP profiles
      r = SSL_CTX_set_tlsext_use_srtp(mContext, DefaultSrtpProfile);
      assert(r == 0);

      SSL_CTX_set_verify_depth(mContext, 2);
      SSL_CTX_set_read_ahead(mContext, 1);

      ELOG_DEBUG("DtlsSocketContext %p created", this);
    }
Esempio n. 8
0
void ContextImpl::setIdentity(const Certificate& cert)
{
    if( ! cert.impl()->pkey() )
        throw InvalidCertificate("invalid certificate");

    if(_pkey)
        EVP_PKEY_free(_pkey);
    _pkey = 0;

    if(_x509)
        X509_free(_x509);
    _x509 = 0;

    _x509 = copyX509( cert.impl()->x509() );
    _pkey = copyPrivateKey( cert.impl()->pkey() );

    if( ! SSL_CTX_use_certificate(_ctx, _x509) )
    {
        throw InvalidCertificate("invalid certificate");
    }

    if( ! SSL_CTX_use_PrivateKey( _ctx, _pkey ) )
    {
        throw InvalidCertificate("invalid certificate");
    }
    
    // openssl will not check the private key of this context against the 
    // certifictate. TO do so call SSL_CTX_check_private_key(_ctx)
}
Esempio n. 9
0
bool
SSLContext::Init(X509 *pCert, EVP_PKEY *pPrivatekey){
	int nLockCt = CRYPTO_num_locks();
	InitializeCryptoLocks(nLockCt);

#ifdef _DEBUG
    CRYPTO_malloc_debug_init();
    CRYPTO_dbg_set_options	(V_CRYPTO_MDEBUG_ALL);
    CRYPTO_mem_ctrl			(CRYPTO_MEM_CHECK_ON);
#endif
	
	CRYPTO_set_locking_callback			(&ssl_lock_callback);
    CRYPTO_set_dynlock_create_callback	(&ssl_lock_dyn_create_callback);
	CRYPTO_set_dynlock_lock_callback	(&ssl_lock_dyn_callback);
    CRYPTO_set_dynlock_destroy_callback	(&ssl_lock_dyn_destroy_callback);

    SSL_load_error_strings	();
    SSL_library_init		();

	// Initialize and verify SSL context. {{
	const SSL_METHOD* meth = SSLv23_method();
	m_pssl_ctx = SSL_CTX_new(meth);
	SSL_CTX_set_verify(m_pssl_ctx, SSL_VERIFY_NONE, nullptr);
	// }}

#ifdef _SERVER
	SSL_CTX_set_options(m_pssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 
#endif

	if( pCert )
		SSL_CTX_use_certificate	(m_pssl_ctx, pCert);
	if( pPrivatekey )
		SSL_CTX_use_PrivateKey	(m_pssl_ctx, pPrivatekey);
	return true;
	}
Esempio n. 10
0
int
set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
{
	if (cert == NULL)
		return 1;
	if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
		BIO_printf(bio_err, "error setting certificate\n");
		ERR_print_errors(bio_err);
		return 0;
	}
	if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
		BIO_printf(bio_err, "error setting private key\n");
		ERR_print_errors(bio_err);
		return 0;
	}
	/*
	 * Now we know that a key and cert have been set against the SSL
	 * context
	 */
	if (!SSL_CTX_check_private_key(ctx)) {
		BIO_printf(bio_err,
		    "Private key does not match the certificate public key\n");
		return 0;
	}
	return 1;
}
Esempio n. 11
0
int
useCertFile(SSL_CTX* ctx, const char* path, const char* passphrase, const char* cacertfile)
{
    FILE *p12_file;
    PKCS12 *p12_cert = NULL;
    EVP_PKEY *pkey;
    X509 *x509_cert;
    
    p12_file = fopen(path, "r");
    if (!p12_file)
    {
        timestamp_f(stderr);
        perror(path);
        return -1;
    }

    d2i_PKCS12_fp(p12_file, &p12_cert);
    fclose(p12_file);

    if (!PKCS12_parse(p12_cert, passphrase, &pkey, &x509_cert, NULL))
    {
        int error = ERR_get_error();
        timestamp_f(stderr);
        fprintf(stderr, "failed to parse p12 file; error %d\n", error);
        PKCS12_free(p12_cert);
        return -1;
    }
    PKCS12_free(p12_cert);

    if (!SSL_CTX_use_certificate(ctx, x509_cert))
    {
        int error = ERR_get_error();
        timestamp_f(stderr);
        fprintf(stderr, "failed to set cert for SSL context; error %d\n", error);
        X509_free(x509_cert);
        EVP_PKEY_free(pkey);
        return -1;
    }
    X509_free(x509_cert);

    if (!SSL_CTX_use_PrivateKey(ctx, pkey))
    {
        int error = ERR_get_error();
        timestamp_f(stderr);
        fprintf(stderr, "failed to set private key for SSL context; error %d\n", error);
        EVP_PKEY_free(pkey);
        return -1;
    }
    EVP_PKEY_free(pkey);

    if (cacertfile && *cacertfile && !SSL_CTX_load_verify_locations(ctx, cacertfile, NULL))
    {
        timestamp_f(stderr);
        fprintf(stderr, "failed to load root cert for verification from %s\n", cacertfile);
        return -1;
    }

    return 0;
}
Esempio n. 12
0
int
SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *data, int data_len)
{
	pem_password_cb *psw_fn = ctx->default_passwd_callback;
	void *psw_arg = ctx->default_passwd_callback_userdata;
	X509 *cert;
	BIO *bio = NULL;
	int ok;

	ERR_clear_error();

	/* Read from memory */
	bio = BIO_new_mem_buf(data, data_len);
	if (!bio) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
		goto failed;
	}

	/* Load primary cert */
	cert = PEM_read_bio_X509_AUX(bio, NULL, psw_fn, psw_arg);
	if (!cert) {
		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
		goto failed;
	}

	/* Increments refcount */
	ok = SSL_CTX_use_certificate(ctx, cert);
	X509_free(cert);
	if (!ok || ERR_peek_error())
		goto failed;

	/* Load extra certs */
	ok = SSL_CTX_clear_extra_chain_certs(ctx);
	while (ok) {
		cert = PEM_read_bio_X509(bio, NULL, psw_fn, psw_arg);
		if (!cert) {
			/* Is it EOF? */
			unsigned long err = ERR_peek_last_error();
			if (ERR_GET_LIB(err) != ERR_LIB_PEM)
				break;
			if (ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
				break;

			/* On EOF do successful exit */
			BIO_free(bio);
			ERR_clear_error();
			return 1;
		}
		/* Does not increment refcount */
		ok = SSL_CTX_add_extra_chain_cert(ctx, cert);
		if (!ok)
			X509_free(cert);
	}
failed:
	if (bio)
		BIO_free(bio);
	return 0;
}
Esempio n. 13
0
struct dtls_context *
create_dtls_context(const char *common)
{
  if (common == NULL)
    return NULL;

  struct dtls_context *context = (struct dtls_context *)calloc(1, sizeof *context);
  if (context == NULL)
    return NULL;

  SSL_library_init();
  OpenSSL_add_all_algorithms();

  SSL_CTX *ctx = SSL_CTX_new(DTLSv1_method());
  if (ctx == NULL)
    goto ctx_err;
  context->ctx = ctx;

  // ALL:NULL:eNULL:aNULL
  if (SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1)
    goto ctx_err;

  SSL_CTX_set_read_ahead(ctx, 1); // for DTLS
  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_certificate_cb);

  EVP_PKEY *key = gen_key();
  if (key == NULL)
    goto ctx_err;
  SSL_CTX_use_PrivateKey(ctx, key);

  X509 *cert = gen_cert(key, common, 365);
  if (cert == NULL)
    goto ctx_err;
  SSL_CTX_use_certificate(ctx, cert);
  
  if (SSL_CTX_check_private_key(ctx) != 1)
    goto ctx_err;

  unsigned int len;
  unsigned char buf[BUFFER_SIZE];
  X509_digest(cert, EVP_sha256(), buf, &len);

  char *p = context->fingerprint;
  for (int i = 0; i < len; ++i) {
    snprintf(p, 4, "%02X:", buf[i]);
    p += 3;
  }
  *(p - 1) = 0;

  if (0) {
ctx_err:
    SSL_CTX_free(ctx);
    free(context);
    context = NULL;
  }

  return context;
}
Esempio n. 14
0
void SSLContext::useCertificate(const crypto::X509Certificate& certificate)
{
    int errCode = SSL_CTX_use_certificate(_sslContext, const_cast<X509*>(certificate.certificate()));
    if (errCode != 1)
    {
        std::string msg = getLastError();
        throw std::runtime_error("SSL Error: Cannot set certificate for Context: " + msg);
    }
}
Esempio n. 15
0
bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) {
  // 1 is the documented success return code.
  if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 ||
     SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) {
    LogSSLErrors("Configuring key and certificate");
    return false;
  }
  return true;
}
Esempio n. 16
0
void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate)
{
	int errCode = SSL_CTX_use_certificate(_pSSLContext, const_cast<X509*>(certificate.certificate()));
	if (errCode != 1)
	{
		std::string msg = Utility::getLastError();
		throw SSLContextException("Cannot set certificate for Context", msg);
	}
}
Esempio n. 17
0
bool SSL_CTX_use_certificate_file(::SSL_CTX* ctx, const char* file, int /*type*/)
{
	auto x509 = getX509(file);
	if (!x509)
	{
		return false;
	}
	return SSL_CTX_use_certificate(ctx, x509) == SSL_SUCCESS;
}
Esempio n. 18
0
	__declspec(dllexport) void ILibWrapper_InitializeDTLS()
	{
		ctx = SSL_CTX_new(DTLSv1_method());
		SSL_CTX_use_certificate(ctx, selftlscert.x509);
		SSL_CTX_use_PrivateKey(ctx,selftlscert.pkey);
		
		int l = 32;
		X509_digest(selftlscert.x509, EVP_get_digestbyname("sha256"), (unsigned char*)tlsServerCertThumbprint, (unsigned int*)&l);
	}
Esempio n. 19
0
wi_boolean_t wi_socket_tls_set_certificate(wi_socket_tls_t *tls, wi_x509_t *x509) {
	if(SSL_CTX_use_certificate(tls->ssl_ctx, wi_x509_x509(x509)) != 1) {
		wi_error_set_openssl_error();

		return false;
	}
	
	return true;
}
Esempio n. 20
0
int EdSSLContext::setSSLCertMem(void* crt, int crtlen, void* key, int keylen)
{
	X509* xcert = d2i_X509(NULL, (const unsigned char**)&crt, crtlen);
	SSL_CTX_use_certificate(mCtx, xcert);

	RSA *pkey = d2i_RSAPrivateKey(NULL, (const unsigned char**)&key, keylen);
	SSL_CTX_use_RSAPrivateKey(mCtx, pkey);
	return 0;
}
Esempio n. 21
0
SSL_CTX *
evssl_init()
{
	DH		*dh;
	SSL_CTX		*ctx;

	SSL_load_error_strings();
	SSL_library_init();
	RAND_poll();

	if ((passport = pki_passport_load_from_file(cfg->cert,
	    cfg->pkey, cfg->tcert)) == NULL) {
		return NULL;
	}

	if ((ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) {
		jlog(L_ERROR, "SSL_CTX_new failed");
		return NULL;
	}

	if ((dh = get_dh_1024()) == NULL) {
		jlog(L_ERROR, "get_dh_1024 failed");
		goto out;
	}

	if ((SSL_CTX_set_tmp_dh(ctx, dh)) == 0) {
		jlog(L_ERROR, "SSL_CTX_set_tmp_dh failed");
		goto out;
	}

	//SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES256-GCM-SHA384");
	if ((SSL_CTX_set_cipher_list(ctx, "AES256-GCM-SHA384")) == 0) {
		jlog(L_ERROR, "SSL_CTX_set_cipher failed");
		goto out;
	}

	SSL_CTX_set_cert_store(ctx, passport->cacert_store);

	if ((SSL_CTX_use_certificate(ctx, passport->certificate)) == 0) {
		jlog(L_ERROR, "SSL_CTX_use_certificate failed");
		goto out;
	}

	if ((SSL_CTX_use_PrivateKey(ctx, passport->keyring)) == 0) {
		jlog(L_ERROR, "SSL_CTX_use_PrivateKey failed");
		goto out;
	}

	DH_free(dh);
	return ctx;

out:
	DH_free(dh);
	SSL_CTX_free(ctx);
	return NULL;
}
Esempio n. 22
0
CSSLServerApplication::CSSLServerApplication() : CSSLApplication()
{
	const SSL_METHOD* method;

	SSLMode = MODE_SSL_SERVER;
	NeedDataOp = OP_CLIENT_READ;

	// Create new context from method.
	method = SSLv23_server_method();
	ctx = SSL_CTX_new(method);

	//	These are for load certificate data from memory
	X509 *cert = NULL;
	RSA *rsa = NULL;
	BIO *cbio, *kbio;

	cbio = BIO_new_mem_buf((void*)cert_data, -1);
	cert = PEM_read_bio_X509(cbio, NULL, 0, NULL);
	ASSERT(cert != NULL);
	if (SSL_CTX_use_certificate(ctx, cert) <= 0)
	{
		ERR_print_errors_fp(stdout);
		exit(1);
	}

	kbio = BIO_new_mem_buf((void*)pkey_data, -1);
	rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL);
	ASSERT(rsa != NULL);
	if (SSL_CTX_use_RSAPrivateKey(ctx, rsa) <= 0)
	{
		ERR_print_errors_fp(stdout);
		exit(1);
	}

// 		for read from file, use this
// 		if (SSL_CTX_use_certificate_file(ctx, "Z:\\Develop\\opensslbin\\server.pem", SSL_FILETYPE_PEM) <= 0)
// 		{
// 			ERR_print_errors_fp(stdout);
// 			exit(1);
// 		}
// 		if (SSL_CTX_use_PrivateKey_file(ctx, "Z:\\Develop\\opensslbin\\ca-nocap.key", SSL_FILETYPE_PEM) <= 0)
// 		{
// 			ERR_print_errors_fp(stdout);
// 			exit(1);
// 		}

	if (!SSL_CTX_check_private_key(ctx))
		cerr << "Private key is invalid." << endl;
	else
		cout << "Private key is OK" << endl;

	return;
}
Esempio n. 23
0
static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
{
    SSL_CTX* ctx = (SSL_CTX*)sslctx;
    
    if(!SSL_CTX_use_certificate(ctx, g_Cert))
        printf("SSL_CTX_use_certificate problem\n");
    
    if(!SSL_CTX_use_PrivateKey(ctx, g_PrivateKey))
        printf("Use Key failed\n");
    
    return CURLE_OK;
}
Esempio n. 24
0
int SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *file, int type)
{
    int j;

    BIO *in;

    int ret = 0;

    X509 *x = NULL;

    in = BIO_new (BIO_s_file_internal ());
    if (in == NULL)
    {
        SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
        goto end;
    }

    if (BIO_read_filename (in, file) <= 0)
    {
        SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
        goto end;
    }
    if (type == SSL_FILETYPE_ASN1)
    {
        j = ERR_R_ASN1_LIB;
        x = d2i_X509_bio (in, NULL);
    }
    else if (type == SSL_FILETYPE_PEM)
    {
        j = ERR_R_PEM_LIB;
        x = PEM_read_bio_X509 (in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
    }
    else
    {
        SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
        goto end;
    }

    if (x == NULL)
    {
        SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
        goto end;
    }

    ret = SSL_CTX_use_certificate (ctx, x);
  end:
    if (x != NULL)
        X509_free (x);
    if (in != NULL)
        BIO_free (in);
    return (ret);
}
Esempio n. 25
0
void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
#if ENABLE_INLINE_FILES
    const char *cert_file_inline,
#endif
    X509 **x509
    )
{
  ASSERT(NULL != ctx);
  if (NULL != x509)
    ASSERT(NULL == *x509);

#if ENABLE_INLINE_FILES
  if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_file_inline)
    {
      BIO *in = NULL;
      X509 *x = NULL;
      int ret = 0;

      in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
      if (in)
	{
	  x = PEM_read_bio_X509 (in,
			     NULL,
			     ctx->ctx->default_passwd_callback,
			     ctx->ctx->default_passwd_callback_userdata);
	  BIO_free (in);
	  if (x) {
	    ret = SSL_CTX_use_certificate(ctx->ctx, x);
	    if (x509)
	      *x509 = x;
	    else
	      X509_free (x);
	  }
	}

      if (!ret)
        msg (M_SSLERR, "Cannot load inline certificate file");
    }
  else
#endif /* ENABLE_INLINE_FILES */
    {
      if (!SSL_CTX_use_certificate_chain_file (ctx->ctx, cert_file))
	msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
      if (x509)
	{
	  if (!tls_ctx_read_certificate_file(ctx->ctx, cert_file, x509))
	    msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
	}
    }
}
Esempio n. 26
0
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const uint8_t *d) {
  X509 *x;
  int ret;

  x = d2i_X509(NULL, &d, (long)len);
  if (x == NULL) {
    OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
    return 0;
  }

  ret = SSL_CTX_use_certificate(ctx, x);
  X509_free(x);
  return ret;
}
Esempio n. 27
0
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
{
    X509 *x;
    int ret;

    x = d2i_X509(NULL, &d, (long)len);
    if (x == NULL) {
        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
        return (0);
    }

    ret = SSL_CTX_use_certificate(ctx, x);
    X509_free(x);
    return (ret);
}
Esempio n. 28
0
bool SslContext::UseCertificate(String certdata, String pkeydata, bool cert_asn1)
{
	ASSERT(ssl_ctx);
	if(IsNull(certdata) || IsNull(pkeydata))
		return false;
	SslCertificate cert;
	SslKey pkey;
	if(!cert.Load(certdata, cert_asn1) || !pkey.Load(pkeydata))
		return false;
	if(!SSL_CTX_use_certificate(ssl_ctx, cert) || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
		return false;
	if(!SSL_CTX_check_private_key(ssl_ctx))
		return false;
	return true;
}
Esempio n. 29
0
SSL_CTX *
InitCTX (void)
{
  SSL_METHOD *method;
  X509 *cert;
  EVP_PKEY *key;

  SSL_library_init ();
  OpenSSL_add_all_algorithms ();	/* Load cryptos, et.al. */
  SSL_load_error_strings ();	/* Bring in and register error messages */
  method = SSLv3_server_method ();
  ctx = SSL_CTX_new (method);	/* Create new context */

  if (ctx == NULL) {
#ifdef DEBUG
    ERR_print_errors_fp (stderr);
#endif
    abort ();
  }

  SSL_CTX_set_options (ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
  SSL_CTX_set_cipher_list (ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");

  if (gen_cert (&cert, &key) == 0) {
#ifdef DEBUG
    printf ("Error w/ gen_cert()\n");
#endif
    exit (1);
  }

  if (SSL_CTX_use_certificate (ctx, cert) != 1) {
#ifdef DEBUG
    fprintf (stderr, "SSL_CTX_use_certificate failed.\n");
#endif
    exit (1);
  }
  if (SSL_CTX_use_PrivateKey (ctx, key) != 1) {
#ifdef DEBUG
    fprintf (stderr, "SSL_CTX_use_PrivateKey failed.\n");
#endif
    exit (1);
  }

  X509_free (cert);
  EVP_PKEY_free (key);

  return ctx;
}
Esempio n. 30
0
static void Init() {
    ctx = SSL_CTX_new(SSLv23_method());
    const uint8_t *bufp = kRSAPrivateKeyDER;
    RSA *privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
    OPENSSL_assert(privkey != NULL);
    EVP_PKEY *pkey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pkey, privkey);
    int ret = SSL_CTX_use_PrivateKey(ctx, pkey);
    OPENSSL_assert(ret == 1);
    EVP_PKEY_free(pkey);
    bufp = kCertificateDER;
    X509 *cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
    OPENSSL_assert(cert != NULL);
    ret = SSL_CTX_use_certificate(ctx, cert);
    OPENSSL_assert(ret == 1);
    X509_free(cert);
  }