int SSL_use_certificate_file(SSL *ssl, const char *file, int type) {
int reason_code;
BIO *in;
int ret = 0;
X509 *x = NULL;
in = BIO_new(BIO_s_file());
if (in == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
reason_code = ERR_R_ASN1_LIB;
x = d2i_X509_bio(in, NULL);
} else if (type == SSL_FILETYPE_PEM) {
reason_code = ERR_R_PEM_LIB;
x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
ssl->ctx->default_passwd_callback_userdata);
} else {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (x == NULL) {
OPENSSL_PUT_ERROR(SSL, reason_code);
goto end;
}
ret = SSL_use_certificate(ssl, x);
end:
X509_free(x);
BIO_free(in);
return ret;
}
/*
* Null trusted CA chain when initializing server
*/
static void us894_test18 (void)
{
BIO *certin, *keyin;
X509 *x;
EVP_PKEY *priv_key;
int rv;
EST_CTX *ctx;
LOG_FUNC_NM;
/*
* Read the server cert
*/
certin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(certin, US894_SERVER_CERT);
CU_ASSERT(rv > 0);
x = PEM_read_bio_X509(certin, NULL, NULL, NULL);
CU_ASSERT(x != NULL);
BIO_free(certin);
/*
* Read the server key
*/
keyin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(keyin, US894_SERVER_KEY);
CU_ASSERT(rv > 0);
priv_key = PEM_read_bio_PrivateKey(keyin, NULL, NULL, NULL);
CU_ASSERT(priv_key != NULL);
BIO_free(keyin);
/*
* Attempt to init EST proxy using NULL local CA chain
*/
est_init_logger(EST_LOG_LVL_INFO, NULL);
ctx = est_proxy_init(NULL, 0, NULL, 0, EST_CERT_FORMAT_PEM,
"testrealm", x, priv_key,
"estuser", "estpwd");
CU_ASSERT(ctx == NULL);
X509_free(x);
EVP_PKEY_free(priv_key);
}
/*
* Read a bio that contains our certificate in "PEM" format,
* possibly followed by a sequence of CA certificates that should be
* sent to the peer in the Certificate message.
*/
static int
ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
{
X509 *ca, *x = NULL;
unsigned long err;
int ret = 0;
if ((x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata)) == NULL) {
SSLerrorx(ERR_R_PEM_LIB);
goto err;
}
if (!SSL_CTX_use_certificate(ctx, x))
goto err;
if (!ssl_cert_set0_chain(ctx->internal->cert, NULL))
goto err;
/* Process any additional CA certificates. */
while ((ca = PEM_read_bio_X509(in, NULL,
ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata)) != NULL) {
if (!ssl_cert_add0_chain_cert(ctx->internal->cert, ca)) {
X509_free(ca);
goto err;
}
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
ERR_clear_error();
ret = 1;
}
err:
X509_free(x);
return (ret);
}
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
int j;
BIO *in;
int ret = 0;
X509 *x = NULL;
in = BIO_new(BIO_s_file_internal());
if (in == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
x = d2i_X509_bio(in, NULL);
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
ssl->ctx->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (x == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
goto end;
}
ret = SSL_use_certificate(ssl, x);
end:
if (x != NULL)
X509_free(x);
if (in != NULL)
BIO_free(in);
return (ret);
}
X509 *https_open_cert(s8 *filepath)
{
X509 *cert = NULL;
BIO *bio_cert = NULL;
bio_cert = BIO_new_file(filepath, "r");
if (!bio_cert)
{
return NULL;
}
cert = PEM_read_bio_X509(bio_cert, NULL, NULL, NULL);
if (!cert)
{
(void)BIO_reset(bio_cert);
cert = d2i_X509_bio(bio_cert, NULL);
}
BIO_free(bio_cert);
return cert;
}
X509 *fileio_read_cert(const char *filename)
{
X509 *cert = NULL;
BIO *bio;
bio = BIO_new_file(filename, "r");
if (!bio)
goto out;
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
out:
BIO_free_all(bio);
if (!cert) {
fprintf(stderr, "Can't load certificate from file '%s'\n",
filename);
ERR_print_errors_fp(stderr);
}
return cert;
}
static EVP_PKEY *extract_pkey_from_x509(const char *x509_str) {
X509 *x509 = NULL;
EVP_PKEY *result = NULL;
BIO *bio = BIO_new(BIO_s_mem());
BIO_write(bio, x509_str, strlen(x509_str));
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (x509 == NULL) {
gpr_log(GPR_ERROR, "Unable to parse x509 cert.");
goto end;
}
result = X509_get_pubkey(x509);
if (result == NULL) {
gpr_log(GPR_ERROR, "Cannot find public key in X509 cert.");
}
end:
BIO_free(bio);
if (x509 != NULL) X509_free(x509);
return result;
}
/**
* Parses X.509 PEM formatted certificate from file.
* NB! This struct must be freed using X509_free() function from OpenSSL or
* with X509_scope struct.
*
* @param path PEM formatted X.509 certificate file path.
* @return returns certificate parsed from file.
* @throws IOException throws exception if the file does not contain X.509
* PEM formatted certificate.
*/
X509* digidoc::X509Cert::loadX509(const std::string& path) throw(IOException)
{
// Initialize OpenSSL file.
BIO* file = BIO_new_file(path.c_str(), "rb"); BIO_scope fileScope(&file);
if(file == NULL)
{
THROW_IOEXCEPTION("Failed to open X.509 certificate file '%s': %s",
path.c_str(), ERR_reason_error_string(ERR_get_error()));
}
// Parse X.509 certificate from file.
X509* cert = PEM_read_bio_X509(file, NULL, NULL, NULL);
if(cert == NULL)
{
THROW_IOEXCEPTION("Failed to load X.509 certificate from file '%s': %s",
path.c_str(), ERR_reason_error_string(ERR_get_error()));
}
return cert;
}
int
SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
{
int j;
BIO *in;
int ret = 0;
X509 *x = NULL;
in = BIO_new(BIO_s_file_internal());
if (in == NULL) {
SSLerrorx(ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerrorx(ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
x = d2i_X509_bio(in, NULL);
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata);
} else {
SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (x == NULL) {
SSLerrorx(j);
goto end;
}
ret = SSL_CTX_use_certificate(ctx, x);
end:
X509_free(x);
BIO_free(in);
return (ret);
}
Handle<Certificate> Provider_System::getCertFromURI(Handle<std::string> uri, Handle<std::string> format){
LOGGER_FN();
try{
BIO *bioFile = NULL;
X509 *hcert = NULL;
LOGGER_OPENSSL(BIO_new);
bioFile = BIO_new(BIO_s_file());
LOGGER_OPENSSL(BIO_read_filename);
if (BIO_read_filename(bioFile, uri->c_str()) > 0){
LOGGER_OPENSSL(BIO_seek);
BIO_seek(bioFile, 0);
if (strcmp(format->c_str(), "PEM") == 0){
LOGGER_OPENSSL(PEM_read_bio_X509);
hcert = PEM_read_bio_X509(bioFile, NULL, NULL, NULL);
}
else if (strcmp(format->c_str(), "DER") == 0){
LOGGER_OPENSSL(d2i_X509_bio);
hcert = d2i_X509_bio(bioFile, NULL);
}
else{
THROW_EXCEPTION(0, Provider_System, NULL, "Unsupported format. Only PEM | DER");
}
}
LOGGER_OPENSSL(BIO_free);
BIO_free(bioFile);
if (!hcert){
THROW_EXCEPTION(0, Provider_System, NULL, "Unable decode cert from PEM/DER");
}
else{
return new Certificate(hcert);
}
}
catch (Handle<Exception> e){
THROW_EXCEPTION(0, Provider_System, e, "Error get certificate from URI");
}
}
static int setCertFile(SSL_CTX *ctx, cchar *certFile)
{
X509 *cert;
BIO *bio;
char *buf;
int rc;
assert(ctx);
assert(certFile);
rc = -1;
bio = 0;
buf = 0;
cert = 0;
if (ctx == NULL) {
return rc;
}
if ((buf = mprReadPathContents(certFile, NULL)) == 0) {
mprLog("error openssl", 0, "Unable to read certificate %s", certFile);
} else if ((bio = BIO_new_mem_buf(buf, -1)) == 0) {
mprLog("error openssl", 0, "Unable to allocate memory for certificate %s", certFile);
} else if ((cert = PEM_read_bio_X509(bio, NULL, 0, NULL)) == 0) {
mprLog("error openssl", 0, "Unable to parse certificate %s", certFile);
} else if (SSL_CTX_use_certificate(ctx, cert) != 1) {
mprLog("error openssl", 0, "Unable to use certificate %s", certFile);
} else {
rc = 0;
}
if (bio) {
BIO_free(bio);
}
if (cert) {
X509_free(cert);
}
return rc;
}
DWORD
DirCliPEMToX509(
PCSTR pszCert,
X509** ppCert
)
{
DWORD dwError = 0;
BIO *pBioMem = NULL;
X509* pCert = NULL;
pBioMem = BIO_new_mem_buf((PVOID) pszCert, -1);
if ( pBioMem == NULL)
{
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_VMAFD_ERROR(dwError);
}
pCert = PEM_read_bio_X509(pBioMem, NULL, NULL, NULL);
if (pCert == NULL)
{
dwError = ERROR_OPEN_FAILED;
BAIL_ON_VMAFD_ERROR(dwError);
}
*ppCert = pCert;
cleanup:
if (pBioMem)
{
BIO_free(pBioMem);
}
return dwError;
error:
*ppCert = NULL;
goto cleanup;
}
static void InitializeDefaultCredentials()
{
BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
assert (bio);
if (DefaultPrivateKey) {
// we may come here in a restart.
EVP_PKEY_free (DefaultPrivateKey);
DefaultPrivateKey = NULL;
}
PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
if (DefaultCertificate) {
// we may come here in a restart.
X509_free (DefaultCertificate);
DefaultCertificate = NULL;
}
PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
BIO_free (bio);
}
static X509 *ssl_load_cert(const char *cert_str)
{
X509 *cert = NULL;
BIO *in = NULL;
if (!cert_str) {
return NULL;
}
in = BIO_new_mem_buf((void *)cert_str, -1);
if (!in) {
return NULL;
}
cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
if (in) {
BIO_free(in);
}
return cert;
}
int main(int argc, char **argv)
{
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
#if !defined(OPENSSL_NO_ENGINE)
/* Load all compiled-in ENGINEs */
ENGINE_load_builtin_engines();
ENGINE_register_all_ciphers();
ENGINE_register_all_digests();
#endif
{
BIO *bio = BIO_new_mem_buf(RSA_CERTIFICATE, strlen(RSA_CERTIFICATE));
X509 *x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
assert(x509 != NULL || !!"failed to load certificate");
BIO_free(bio);
cert.len = i2d_X509(x509, &cert.base);
X509_free(x509);
}
{
BIO *bio = BIO_new_mem_buf(RSA_PRIVATE_KEY, strlen(RSA_PRIVATE_KEY));
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
assert(pkey != NULL || !"failed to load private key");
BIO_free(bio);
ptls_openssl_init_sign_certificate(&cert_signer, pkey);
EVP_PKEY_free(pkey);
}
subtest("next-packet-number", test_next_packet_number);
subtest("ranges", test_ranges);
subtest("frame", test_frame);
subtest("maxsender", test_maxsender);
subtest("ack", test_ack);
subtest("simple", test_simple);
subtest("stream-concurrency", test_stream_concurrency);
subtest("loss", test_loss);
return done_testing();
}
/**
* Read from a BIO, adding to the x509 store.
*/
static int
X509_STORE_load_bio(X509_STORE *ca_store, BIO *in) {
int ret = 1;
X509 *ca;
int r;
int found = 0;
unsigned long err;
while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
r = X509_STORE_add_cert(ca_store, ca);
if (r == 0) {
X509_free(ca);
ret = 0;
break;
}
found++;
/**
* The x509 cert object is reference counted by OpenSSL, so the STORE
* keeps it alive after its been added.
*/
X509_free(ca);
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
if (found != 0 &&
ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
ERR_clear_error();
} else {
/* some real error */
ret = 0;
}
return ret;
}
X509 *SSL_read_X509(char* filename, X509 **x509, pem_password_cb *cb)
{
X509 *rc;
BIO *bioS;
BIO *bioF;
/* 1. try PEM (= DER+Base64+headers) */
if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL;
rc = PEM_read_bio_X509 (bioS, x509, cb, NULL);
BIO_free(bioS);
if (rc == NULL) {
/* 2. try DER+Base64 */
if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL;
if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
BIO_free(bioS);
return NULL;
}
bioS = BIO_push(bioF, bioS);
rc = d2i_X509_bio(bioS, NULL);
BIO_free_all(bioS);
if (rc == NULL) {
/* 3. try plain DER */
if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL;
rc = d2i_X509_bio(bioS, NULL);
BIO_free(bioS);
}
}
if (rc != NULL && x509 != NULL) {
if (*x509 != NULL)
X509_free(*x509);
*x509 = rc;
}
return rc;
}
/* Loads an in-memory PEM certificate chain into the SSL context. */
static tsi_result ssl_ctx_use_certificate_chain(
SSL_CTX* context, const unsigned char* pem_cert_chain,
size_t pem_cert_chain_size) {
tsi_result result = TSI_OK;
X509* certificate = NULL;
BIO* pem = BIO_new_mem_buf((void*)pem_cert_chain, pem_cert_chain_size);
if (pem == NULL) return TSI_OUT_OF_RESOURCES;
do {
certificate = PEM_read_bio_X509_AUX(pem, NULL, NULL, "");
if (certificate == NULL) {
result = TSI_INVALID_ARGUMENT;
break;
}
if (!SSL_CTX_use_certificate(context, certificate)) {
result = TSI_INVALID_ARGUMENT;
break;
}
while (1) {
X509* certificate_authority = PEM_read_bio_X509(pem, NULL, NULL, "");
if (certificate_authority == NULL) {
ERR_clear_error();
break; /* Done reading. */
}
if (!SSL_CTX_add_extra_chain_cert(context, certificate_authority)) {
X509_free(certificate_authority);
result = TSI_INVALID_ARGUMENT;
break;
}
/* We don't need to free certificate_authority as its ownership has been
transfered to the context. That is not the case for certificate though.
*/
}
} while (0);
if (certificate != NULL) X509_free(certificate);
BIO_free(pem);
return result;
}
static CURLcode ssl_ctx_function(CURL *curl, void *sslctx, void *parm)
{
X509_STORE *store;
X509 *cert = nullptr;
BIO *bio;
bio = BIO_new_mem_buf(const_cast<char*>(NinjaParty::Cacerts), -1);
while((cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr)) != nullptr)
{
store = SSL_CTX_get_cert_store(static_cast<SSL_CTX*>(sslctx));
if(X509_STORE_add_cert(store, cert) == 0)
{
// todo: log error adding certificate
BIO_free(bio);
return CURLE_SSL_CACERT;
}
}
BIO_free(bio);
return CURLE_OK;
}
embassy_t *pki_embassy_load_from_memory(char *certificate, char *privatekey, uint32_t serial)
{
BIO *bio_memory = NULL;
embassy_t *embassy;
// create an empty embassy
embassy = calloc(1, sizeof(embassy_t));
// fetch the certificate in PEM format and convert to X509
bio_memory = BIO_new_mem_buf(certificate, strlen(certificate));
embassy->certificate = PEM_read_bio_X509(bio_memory, NULL, NULL, NULL);
BIO_free(bio_memory);
// fetch the private key in PEM format and convert to EVP
bio_memory = BIO_new_mem_buf(privatekey, strlen(privatekey));
embassy->keyring = PEM_read_bio_PrivateKey(bio_memory, NULL, NULL, NULL);
BIO_free(bio_memory);
embassy->serial = serial;
return embassy;
}
/*
* Null Server certificate private key when initializing server
*/
static void us894_test17 (void)
{
unsigned char *cacerts = NULL;
int cacerts_len = 0;
BIO *certin;
X509 *x;
int rv;
EST_CTX *ctx;
LOG_FUNC_NM;
/*
* Read in the CA certificates
*/
cacerts_len = read_binary_file(US894_CACERT, &cacerts);
CU_ASSERT(cacerts_len > 0);
/*
* Read the server cert
*/
certin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(certin, US894_SERVER_CERT);
CU_ASSERT(rv > 0);
x = PEM_read_bio_X509(certin, NULL, NULL, NULL);
CU_ASSERT(x != NULL);
BIO_free(certin);
/*
* Attempt to init EST proxy using NULL private key
*/
est_init_logger(EST_LOG_LVL_INFO, NULL);
ctx = est_proxy_init(cacerts, cacerts_len, cacerts, cacerts_len,
EST_CERT_FORMAT_PEM,
"testrealm", x, NULL,
"estuser", "estpwd");
CU_ASSERT(ctx == NULL);
X509_free(x);
}
bool cOpenSSLSocket::Init() {
CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use
SSL_library_init(); // Initialize OpenSSL's SSL libraries
SSL_load_error_strings(); // Load SSL error strings
ERR_load_BIO_strings(); // Load BIO error strings
OpenSSL_add_all_algorithms(); // Load all available encryption algorithms
//! Load the certificates and config
if ( FileSystem::FileExists( cSSLSocket::CertificatesPath ) ) {
SafeDataPointer data;
FileSystem::FileGet( cSSLSocket::CertificatesPath, data );
if ( data.DataSize > 0 ) {
BIO* mem = BIO_new(BIO_s_mem());
BIO_puts( mem, (const char*) data.Data );
while( true ) {
X509 * cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
if (!cert)
break;
sCerts.push_back(cert);
}
BIO_free(mem);
}
eePRINTL( "Loaded certs from '%s': %d", cSSLSocket::CertificatesPath.c_str(), (int)sCerts.size() );
}
return true;
}
SISCertificateChain* makeChain(const char* certData, EVP_PKEY** publicKey) {
BIO* in = BIO_new_mem_buf((void*) certData, -1);
BIO* out = BIO_new(BIO_s_mem());
while (true) {
X509* cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
if (!cert) {
unsigned long err = ERR_peek_last_error();
int lib = ERR_GET_LIB(err);
int func = ERR_GET_FUNC(err);
int reason = ERR_GET_REASON(err);
if (lib == ERR_LIB_PEM && func == PEM_F_PEM_READ_BIO && reason == PEM_R_NO_START_LINE)
break;
ERR_print_errors_fp(stderr);
throw SignBadCert;
}
if (!*publicKey)
*publicKey = X509_PUBKEY_get(X509_get_X509_PUBKEY(cert));
i2d_X509_bio(out, cert);
X509_OBJECT obj;
obj.type = X509_LU_X509;
obj.data.x509 = cert;
X509_OBJECT_free_contents(&obj);
}
BIO_free_all(in);
char* ptr;
long length = BIO_get_mem_data(out, &ptr);
if (length <= 0) {
fprintf(stderr, "Bad certificate file\n");
throw SignBadCert;
}
SISBlob* blob = new SISBlob((uint8_t*) ptr, length);
BIO_free_all(out);
return new SISCertificateChain(blob);
}
/*
* Based on SSL_CTX_use_certificate_file, return an x509 object for the
* given file.
*/
static int
tls_ctx_read_certificate_file(SSL_CTX *ctx, const char *file, X509 **x509)
{
int j;
BIO *in;
int ret=0;
X509 *x=NULL;
in=BIO_new(BIO_s_file_internal());
if (in == NULL)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in,file) <= 0)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
goto end;
}
end:
if (in != NULL)
BIO_free(in);
if (x509)
*x509 = x;
else if (x)
X509_free (x);
return(ret);
}
//Get key from a cert file, return string
std::string get_key_from_certfile(const char* certfile) {
BIO* certbio = NULL;
certbio = BIO_new_file(certfile, "r");
X509* cert = NULL;
cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
EVP_PKEY* key = NULL;
key = X509_get_pubkey(cert);
BIO* out = NULL;
out = BIO_new(BIO_s_mem());
PEM_write_bio_PUBKEY(out, key);
std::string pubkey_str;
for(;;) {
char s[256];
int l = BIO_read(out,s,sizeof(s));
if(l <= 0) break;
pubkey_str.append(s,l);;
}
EVP_PKEY_free(key);
X509_free(cert);
BIO_free_all(certbio);
BIO_free_all(out);
if(!pubkey_str.empty()) {
std::size_t pos = pubkey_str.find("BEGIN PUBLIC KEY");
if(pos != std::string::npos) {
std::size_t pos1 = pubkey_str.find_first_of("---", pos);
std::size_t pos2 = pubkey_str.find_first_not_of("-", pos1);
std::size_t pos3 = pubkey_str.find_first_of("---", pos2);
std::string str = pubkey_str.substr(pos2+1, pos3-pos2-2);
return str;
}
return ("");
}
return pubkey_str;
}
bud_error_t bud_config_load_ca_file(X509_STORE** store, const char* filename) {
BIO* b;
X509* x509;
bud_error_t err;
b = BIO_new_file(filename, "r");
if (b == NULL)
return bud_error_dstr(kBudErrLoadCert, filename);
x509 = NULL;
*store = X509_STORE_new();
if (*store == NULL) {
err = bud_error_dstr(kBudErrNoMem, "CA store");
goto fatal;
}
while ((x509 = PEM_read_bio_X509(b, NULL, NULL, NULL)) != NULL) {
if (x509 == NULL) {
err = bud_error_dstr(kBudErrParseCert, filename);
goto fatal;
}
if (X509_STORE_add_cert(*store, x509) != 1) {
err = bud_error(kBudErrAddCert);
goto fatal;
}
X509_free(x509);
x509 = NULL;
}
err = bud_ok();
fatal:
if (x509 != NULL)
X509_free(x509);
BIO_free_all(b);
return bud_ok();
}
static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
STACK_OF(X509) *certs;
BIO *bio;
X509 *x;
bio = BIO_new_file(filename, "r");
if (bio == NULL) {
return NULL;
}
certs = sk_X509_new_null();
if (certs == NULL) {
BIO_free(bio);
return NULL;
}
ERR_set_mark();
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
sk_X509_pop_free(certs, X509_free);
BIO_free(bio);
return NULL;
} else if (x == NULL) {
/*
* We probably just ran out of certs, so ignore any errors
* generated
*/
ERR_pop_to_mark();
}
} while (x != NULL);
BIO_free(bio);
return certs;
}
static X509 *LoadCert(unsigned char *data, size_t len, CertFormat format)
{
X509 *x509;
BIO *bio = BIO_new_mem_buf(data, len);
if (bio == NULL)
{
exit(1);
}
if (format == PEM)
{
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
}
else
{
x509 = d2i_X509_bio(bio, NULL);
}
BIO_free(bio);
return x509;
}
void Certificate::LoadPem(std::string filename, std::string password)
{
if(ssl_cert)
{
X509_free(ssl_cert);
ssl_cert = NULL;
}
FILE* f = fopen(filename.c_str(), "r");
if(!f)
throw BadFile();
// Get file size
if(fseek(f, 0, SEEK_END))
throw BadFile();
size_t file_size = ftell(f);
rewind(f);
// Read the file
char buf[file_size];
if(fread(buf, file_size, 1, f) <= 0)
throw BadFile();
fclose(f);
if(file_size > UINT_MAX)
throw BadFile();
BIO* raw_cert_bio = BIO_new_mem_buf(buf, (uint32_t)file_size);
ssl_cert = PEM_read_bio_X509(raw_cert_bio, NULL, NULL, NULL);
BIO_free(raw_cert_bio);
if(!ssl_cert)
{
std::string str = std::string(ERR_error_string( ERR_get_error(), NULL));
throw BadCertificate(str);
}
}
void
tcp_init1(const char *extra_ca, int init_ssl)
{
if(init_ssl) {
SSL_library_init();
SSL_load_error_strings();
int i, n = CRYPTO_num_locks();
ssl_locks = malloc(sizeof(pthread_mutex_t) * n);
for(i = 0; i < n; i++)
pthread_mutex_init(&ssl_locks[i], NULL);
CRYPTO_set_locking_callback(ssl_lock_fn);
CRYPTO_set_id_callback(ssl_tid_fn);
}
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if(!SSL_CTX_load_verify_locations(ssl_ctx, NULL, "/etc/ssl/certs"))
exit(1);
if(extra_ca != NULL) {
BIO *cbio = BIO_new_mem_buf((char *)extra_ca, -1);
X509 *cert = PEM_read_bio_X509(cbio, NULL, 0, NULL);
BIO_free(cbio);
if(cert == NULL) {
fprintf(stderr, "Unable to load extra cert\n");
exit(1);
}
X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
X509_STORE_add_cert(store, cert);
}
SSL_CTX_set_verify_depth(ssl_ctx, 3);
}
