bool init_tls_server( const char *cert_file, const char *key_file ) { debug( "Initializing TLS server ( ctx = %p, cert_file = %s, key_file = %s ).", ctx, cert_file, key_file ); assert( ctx == NULL ); SSL_library_init(); SSL_load_error_strings(); const SSL_METHOD *method = TLSv1_server_method(); ctx = SSL_CTX_new( method ); if ( ctx == NULL ) { unsigned long error_no = ERR_get_error(); char error_str[ 256 ]; memset( error_str, '\0', sizeof( error_str ) ); ERR_error_string_n( error_no, error_str, sizeof( error_str ) ); error( "Failed to create SSL context ( %s [%ul] ).", error_str, error_no ); return false; } const char *ciphers = "HIGH"; int retval = SSL_CTX_set_cipher_list( ctx, ciphers ); if ( retval != 1 ) { unsigned long error_no = ERR_get_error(); char error_str[ 256 ]; memset( error_str, '\0', sizeof( error_str ) ); ERR_error_string_n( error_no, error_str, sizeof( error_str ) ); error( "Failed to set cipher list ( ctx = %p, ciphers = %s, retval = %s, error = %s [%ul] ).", ctx, ciphers, retval, error_str, error_no ); return false; } bool ret = load_certificates( cert_file, key_file ); if ( !ret ) { error( "Failed to load certificates." ); SSL_CTX_free( ctx ); ctx = NULL; return false; } return true; }
int xml_verify(char *filename) { xmlSecDSigCtxPtr dsig_ctx = NULL; xmlDocPtr doc = NULL; xmlNodePtr root_node; xmlNodePtr sign_node; xmlNodePtr cert_node; xmlNodePtr x509d_node; xmlNodePtr cur_node; int result = DCP_FATAL; xmlSecKeysMngrPtr key_manager; char cert[5000]; int cert_l; xmlsec_verify_init(); /* load doc file */ doc = xmlParseFile(filename); if (doc == NULL) { dcp_log(LOG_ERROR, "unable to parse file %s", filename); goto done; } /* find root node */ root_node = xmlDocGetRootElement(doc); if (root_node == NULL){ dcp_log(LOG_ERROR, "unable to find root node"); goto done; } /* find signature node */ sign_node = xmlSecFindNode(root_node, xmlSecNodeSignature, xmlSecDSigNs); if(sign_node == NULL) { dcp_log(LOG_ERROR, "signature node not found"); goto done; } /* create keys manager */ key_manager = load_certificates(); if (key_manager == NULL) { dcp_log(LOG_ERROR,"create key manager failed"); goto done; } /* find certificates */ cur_node = sign_node; while (x509d_node = xmlSecFindNode(cur_node, xmlSecNodeX509Data, xmlSecDSigNs)) { cert_node = xmlSecFindNode(x509d_node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cert_node == NULL) { dcp_log(LOG_ERROR, "X509certficate node not found"); goto done; } sprintf(cert,"-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n",xmlNodeGetContent(cert_node)); cert_l = strlen(cert); if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, cert, cert_l, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { dcp_log(LOG_ERROR, "could read X509certificate node value"); goto done; } cur_node = xmlNextElementSibling(x509d_node); } /* create signature context */ dsig_ctx = xmlSecDSigCtxCreate(key_manager); if (dsig_ctx == NULL) { dcp_log(LOG_ERROR,"create signature opendcp failed"); goto done; } /* sign the template */ if (xmlSecDSigCtxVerify(dsig_ctx, sign_node) < 0) { dcp_log(LOG_ERROR,"signature verify failed"); goto done; } if (dsig_ctx->status != xmlSecDSigStatusSucceeded) { dcp_log(LOG_ERROR,"signature validation failed"); goto done; } /* success */ result = 0; done: /* destroy keys manager */ xmlSecKeysMngrDestroy(key_manager); /* destroy signature context */ if(dsig_ctx != NULL) { xmlSecDSigCtxDestroy(dsig_ctx); } /* destroy xml doc */ if(doc != NULL) { xmlFreeDoc(doc); } xmlsec_close(); return(result); }