int DHMContext::parseDHMFile(State & state, mbedtls_dhm_context * context){ Stack * stack = state.stack; if (stack->is<LUA_TSTRING>(1)){ const std::string str = stack->to<const std::string>(1); stack->push<int>(mbedtls_dhm_parse_dhmfile(context, str.c_str())); return 1; } return 0; }
rb_ssl_ctx * rb_setup_ssl_server(const char *cacert, const char *cert, const char *keyfile, const char *dhfile, const char *ssl_cipher_list, const char *named_curve, rb_tls_ver_t tls_min_ver) { int ret; rb_ssl_ctx *sctx; sctx = rb_malloc(sizeof(rb_ssl_ctx)); mbedtls_ssl_config_init(&sctx->config); // mbedtls_entropy_init(&sctx->entropy); // mbedtls_ctr_drbg_init(&sctx->ctr_drbg); mbedtls_ssl_conf_rng(&sctx->config, mbedtls_ctr_drbg_random, &ctr_drbg); if ((ret = mbedtls_ssl_config_defaults(&sctx->config, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { rb_lib_log("rb_init_ssl: unable to initialize default SSL parameters for server context: -0x%x", -ret); return 0; } mbedtls_ssl_conf_rng(&sctx->config, mbedtls_ctr_drbg_random, &ctr_drbg); if(cacert != NULL) { mbedtls_x509_crt_init(&sctx->cacert); ret = mbedtls_x509_crt_parse_file(&sctx->cacert, cacert); if(ret != 0) { rb_lib_log("rb_setup_ssl_server: failed to parse CA certificate '%s': -0x%x", cert, -ret); return 0; } } mbedtls_x509_crt_init(&sctx->x509); ret = mbedtls_x509_crt_parse_file(&sctx->x509, cert); if (ret != 0) { rb_lib_log("rb_setup_ssl_server: failed to parse certificate '%s': -0x%x", cert, -ret); return 0; } mbedtls_pk_init(&sctx->serv_pk); ret = mbedtls_pk_parse_keyfile(&sctx->serv_pk, keyfile, NULL); if (ret != 0) { rb_lib_log("rb_setup_ssl_server: failed to parse private key '%s': -0x%x", keyfile, -ret); return 0; } mbedtls_dhm_init(&sctx->dh_params); ret = mbedtls_dhm_parse_dhmfile(&sctx->dh_params, dhfile); if (ret != 0) { rb_lib_log("rb_setup_ssl_server: failed to parse DH parameters '%s': -0x%x", dhfile, -ret); return 0; } ret = mbedtls_ssl_conf_dh_param_ctx(&sctx->config, &sctx->dh_params); if (ret != 0) { rb_lib_log("rb_setup_ssl_server: failed to set DH parameters on SSL config context: -0x%x", -ret); return 0; } if (&sctx->x509.next) mbedtls_ssl_conf_ca_chain(&sctx->config, sctx->x509.next, NULL); mbedtls_ssl_conf_ca_chain(&sctx->config, &sctx->cacert, NULL); if ((ret = mbedtls_ssl_conf_own_cert(&sctx->config, &sctx->x509, &sctx->serv_pk)) != 0) { rb_lib_log("rb_setup_ssl_server: failed to set up own certificate: -0x%x", -ret); return 0; } return sctx; }