version 1.3, 2002/07/31 21:08:40
|
version 1.4, 2002/08/06 21:28:35
|
|
|
#include <Pegasus/Common/Destroyer.h> | #include <Pegasus/Common/Destroyer.h> |
#include <Pegasus/Common/Socket.h> | #include <Pegasus/Common/Socket.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Config/ConfigManager.h> |
|
| |
#include "SSLContext.h" | #include "SSLContext.h" |
#include "SSLContextRep.h" | #include "SSLContextRep.h" |
|
|
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
|
// switch on if 'server needs certified client' |
|
//#define CLIENT_CERTIFY |
| |
// | // |
// use the following definitions only if SSL is available | // use the following definitions only if SSL is available |
|
|
SSL_CTX_set_mode(_SSLContext, SSL_MODE_AUTO_RETRY); | SSL_CTX_set_mode(_SSLContext, SSL_MODE_AUTO_RETRY); |
SSL_CTX_set_options(_SSLContext,SSL_OP_ALL); | SSL_CTX_set_options(_SSLContext,SSL_OP_ALL); |
| |
// |
#ifdef CLIENT_CERTIFY |
// Check if the client certificate verification is required |
|
// |
|
ConfigManager* configManager = ConfigManager::getInstance(); |
|
|
|
if (String::equalNoCase( |
|
configManager->getCurrentValue("enableClientCertification"), "true")) |
|
{ |
|
SSL_CTX_set_verify(_SSLContext, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, | SSL_CTX_set_verify(_SSLContext, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, |
prepareForCallback); | prepareForCallback); |
} |
#else |
else |
|
{ |
|
if (verifyCert != NULL) | if (verifyCert != NULL) |
{ | { |
SSL_CTX_set_verify(_SSLContext, | SSL_CTX_set_verify(_SSLContext, |
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, prepareForCallback); | SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, prepareForCallback); |
} | } |
} |
#endif |
| |
// | // |
// check certificate given to me | // check certificate given to me |