|
version 1.107, 2010/10/19 13:29:28
|
version 1.107.2.7, 2014/07/23 16:57:58
|
|
|
|
| # include <openssl/err.h> | # include <openssl/err.h> |
| # include <openssl/ssl.h> | # include <openssl/ssl.h> |
| # include <openssl/rand.h> | # include <openssl/rand.h> |
| |
# include <openssl/tls1.h> |
| #else | #else |
| # define SSL_CTX void | # define SSL_CTX void |
| #endif // end of PEGASUS_HAS_SSL | #endif // end of PEGASUS_HAS_SSL |
|
|
|
| | |
| typedef struct x509_store_ctx_st X509_STORE_CTX; | typedef struct x509_store_ctx_st X509_STORE_CTX; |
| | |
| typedef struct Timestamp |
|
| { |
|
| char year[4]; |
|
| char month[2]; |
|
| char day[2]; |
|
| char hour[2]; |
|
| char minutes[2]; |
|
| char seconds[2]; |
|
| char dot; |
|
| char microSeconds[6]; |
|
| char plusOrMinus; |
|
| char utcOffset[3]; |
|
| char padding[3]; |
|
| } Timestamp_t; |
|
| |
|
| PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
|
| { | { |
| struct tm time; | struct tm time; |
| int offset; | int offset; |
| Timestamp_t timeStamp; |
|
| char tempString[80]; |
|
| char plusOrMinus = '+'; | char plusOrMinus = '+'; |
| unsigned char* utcTimeData = utcTime->data; | unsigned char* utcTimeData = utcTime->data; |
| | |
|
|
|
| } | } |
| #undef g2 | #undef g2 |
| | |
| memset((void *)&timeStamp, 0, sizeof(Timestamp_t)); |
|
| | |
| // Format the date. |
if (plusOrMinus == '-') |
| sprintf((char *) &timeStamp,"%04d%02d%02d%02d%02d%02d.%06d%04d", |
{ |
| |
offset = -offset; |
| |
} |
| |
|
| |
CIMDateTime dateTime = CIMDateTime( |
| time.tm_year, | time.tm_year, |
| time.tm_mon + 1, | time.tm_mon + 1, |
| time.tm_mday, | time.tm_mday, |
|
|
|
| time.tm_min, | time.tm_min, |
| time.tm_sec, | time.tm_sec, |
| 0, | 0, |
| |
6, |
| offset); | offset); |
| | |
| timeStamp.plusOrMinus = plusOrMinus; |
|
| |
|
| CIMDateTime dateTime; |
|
| |
|
| dateTime.clear(); |
|
| strcpy(tempString, (char *)&timeStamp); |
|
| dateTime.set(tempString); |
|
| |
|
| return dateTime; | return dateTime; |
| } | } |
| | |
|
|
|
| // return 1 if revoked, 0 otherwise | // return 1 if revoked, 0 otherwise |
| // | // |
| int SSLCallback::verificationCRLCallback( | int SSLCallback::verificationCRLCallback( |
| int ok, |
int, |
| X509_STORE_CTX* ctx, | X509_STORE_CTX* ctx, |
| X509_STORE* sslCRLStore) | X509_STORE* sslCRLStore) |
| { | { |
|
|
|
| | |
| //check whether the subject's certificate is revoked | //check whether the subject's certificate is revoked |
| X509_REVOKED* revokedCert = NULL; | X509_REVOKED* revokedCert = NULL; |
| for (int i = 0; i < sk_X509_REVOKED_num(revokedCerts); i++) |
for (int i = 0; i < numRevoked; i++) |
| { | { |
| revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); | revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); |
| //a matching serial number indicates revocation | //a matching serial number indicates revocation |
|
|
|
| const String& keyPath, | const String& keyPath, |
| const String& crlPath, | const String& crlPath, |
| SSLCertificateVerifyFunction* verifyCert, | SSLCertificateVerifyFunction* verifyCert, |
| const String& randomFile) |
const String& randomFile, |
| |
const String& cipherSuite, |
| |
const Boolean& sslCompatibility) |
| { | { |
| PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::SSLContextRep()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::SSLContextRep()"); |
| | |
|
|
|
| _keyPath = keyPath; | _keyPath = keyPath; |
| _crlPath = crlPath; | _crlPath = crlPath; |
| _certificateVerifyFunction = verifyCert; | _certificateVerifyFunction = verifyCert; |
| |
_cipherSuite = cipherSuite; |
| |
_sslCompatibility = sslCompatibility; |
| // | // |
| // If a truststore and/or peer verification function is specified, | // If a truststore and/or peer verification function is specified, |
| // enable peer verification | // enable peer verification |
| // | // |
| _verifyPeer = (trustStore != String::EMPTY || verifyCert != NULL); |
_verifyPeer = (trustStore.size() != 0 || verifyCert != NULL); |
| | |
| _randomInit(randomFile); | _randomInit(randomFile); |
| | |
|
|
|
| _verifyPeer = sslContextRep._verifyPeer; | _verifyPeer = sslContextRep._verifyPeer; |
| _certificateVerifyFunction = sslContextRep._certificateVerifyFunction; | _certificateVerifyFunction = sslContextRep._certificateVerifyFunction; |
| _randomFile = sslContextRep._randomFile; | _randomFile = sslContextRep._randomFile; |
| |
_cipherSuite = sslContextRep._cipherSuite; |
| |
_sslCompatibility = sslContextRep._sslCompatibility; |
| _sslContext = _makeSSLContext(); | _sslContext = _makeSSLContext(); |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
|
| { | { |
| PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::_randomInit()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::_randomInit()"); |
| | |
| Boolean ret; |
|
| int retVal = 0; |
|
| | |
| #if defined(PEGASUS_SSL_RANDOMFILE) && !defined(PEGASUS_OS_PASE) | #if defined(PEGASUS_SSL_RANDOMFILE) && !defined(PEGASUS_OS_PASE) |
| if ( RAND_status() == 0 ) | if ( RAND_status() == 0 ) |
|
|
|
| // | // |
| // Try the given random seed file | // Try the given random seed file |
| // | // |
| ret = FileSystem::exists(randomFile); |
Boolean ret = FileSystem::exists(randomFile); |
| if (ret) | if (ret) |
| { | { |
| retVal = RAND_load_file(randomFile.getCString(), -1); |
int retVal = RAND_load_file(randomFile.getCString(), -1); |
| if ( retVal < 0 ) | if ( retVal < 0 ) |
| { | { |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL1, | PEG_TRACE((TRC_SSL, Tracer::LEVEL1, |
|
|
|
| { | { |
| PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::_makeSSLContext()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::_makeSSLContext()"); |
| | |
| SSL_CTX * sslContext = 0; |
|
| | |
| // | // |
| // create SSL Context Area | // create SSL Context Area |
| // | // |
| |
SSL_CTX *sslContext = NULL; |
| if (!(sslContext = SSL_CTX_new(SSLv23_method()))) | if (!(sslContext = SSL_CTX_new(SSLv23_method()))) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
|
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
| | |
| |
|
| |
int options = SSL_OP_ALL; |
| |
|
| |
|
| |
|
| |
SSL_CTX_set_options(sslContext, options); |
| |
if ( _sslCompatibility == false ) |
| |
{ |
| |
|
| |
#ifdef TLS1_2_VERSION |
| |
// Enable only TLSv1.2 and disable all other protocol (SSL v2, SSL v3, |
| |
// TLS v1.0, TLSv1.1) |
| |
|
| |
options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_SSLv3; |
| |
#else |
| |
PEG_METHOD_EXIT(); |
| |
MessageLoaderParms parms( |
| |
" Common.SSLContext.TLS_1_2_PROTO_NOT_SUPPORTED", |
| |
"TLSv1.2 protocol support is not detected on this system. " |
| |
" To run in less secured mode, set sslBackwardCompatibility=true" |
| |
" in planned config file and start cimserver."); |
| |
throw SSLException(parms); |
| |
#endif |
| |
} |
| |
|
| |
// sslv2 is off permanently even if sslCompatibility is true |
| |
options |= SSL_OP_NO_SSLv2; |
| |
SSL_CTX_set_options(sslContext, options); |
| |
|
| #ifdef PEGASUS_SSL_WEAKENCRYPTION | #ifdef PEGASUS_SSL_WEAKENCRYPTION |
| if (!(SSL_CTX_set_cipher_list(sslContext, SSL_TXT_EXP40))) | if (!(SSL_CTX_set_cipher_list(sslContext, SSL_TXT_EXP40))) |
| { | { |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| |
|
| MessageLoaderParms parms( | MessageLoaderParms parms( |
| "Common.SSLContext.COULD_NOT_SET_CIPHER_LIST", | "Common.SSLContext.COULD_NOT_SET_CIPHER_LIST", |
| "Could not set the cipher list"); | "Could not set the cipher list"); |
|
|
|
| } | } |
| #endif | #endif |
| | |
| |
if (_cipherSuite.size() != 0) |
| |
{ |
| |
if (!(SSL_CTX_set_cipher_list(sslContext, _cipherSuite.getCString()))) |
| |
{ |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| |
|
| |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
| |
"---> SSL: Cipher Suite could not be specified"); |
| |
MessageLoaderParms parms( |
| |
"Common.SSLContext.COULD_NOT_SET_CIPHER_LIST", |
| |
"Could not set the cipher list"); |
| |
throw SSLException(parms); |
| |
} |
| |
else |
| |
{ |
| |
PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
| |
"---> SSL: Cipher suite set to %s", |
| |
(const char *)_cipherSuite.getCString())); |
| |
} |
| |
} |
| |
|
| // | // |
| // set overall SSL Context flags | // set overall SSL Context flags |
| // | // |
| |
// For OpenSSLversion >1.0.0 use SSL_OP_NO_COMPRESSION to disable the |
| |
// compression For TLS 1.2 version, compression does not suffer from |
| |
// CRIME attack so don.t disable compression For other OpenSSL versions |
| |
// zero out the compression methods. |
| |
#ifdef SSL_OP_NO_COMPRESSION |
| |
#ifndef TLS1_2_VERSION |
| |
SSL_CTX_set_options(sslContext, SSL_OP_NO_COMPRESSION); |
| |
#endif |
| |
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L |
| |
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); |
| |
#endif |
| SSL_CTX_set_quiet_shutdown(sslContext, 1); | SSL_CTX_set_quiet_shutdown(sslContext, 1); |
| SSL_CTX_set_mode(sslContext, SSL_MODE_AUTO_RETRY); | SSL_CTX_set_mode(sslContext, SSL_MODE_AUTO_RETRY); |
| SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE); | SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE); |
| SSL_CTX_set_session_cache_mode(sslContext, SSL_SESS_CACHE_OFF); | SSL_CTX_set_session_cache_mode(sslContext, SSL_SESS_CACHE_OFF); |
| | |
| int options = SSL_OP_ALL; |
#ifdef SSL_MODE_RELEASE_BUFFERS |
| #ifndef PEGASUS_ENABLE_SSLV2 //SSLv2 is disabled by default |
// Keep memory usage as low as possible |
| options |= SSL_OP_NO_SSLv2; |
SSL_CTX_set_mode (sslContext, SSL_MODE_RELEASE_BUFFERS); |
| #endif | #endif |
| SSL_CTX_set_options(sslContext, options); |
|
| | |
| if (_verifyPeer) | if (_verifyPeer) |
| { | { |
|
|
|
| | |
| if (_certificateVerifyFunction != NULL) | if (_certificateVerifyFunction != NULL) |
| { | { |
| PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: certificate verification callback specified"); | "---> SSL: certificate verification callback specified"); |
| SSL_CTX_set_verify(sslContext, | SSL_CTX_set_verify(sslContext, |
| SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, prepareForCallback); | SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, prepareForCallback); |
| } | } |
| else | else |
| { | { |
| PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Trust Store specified"); | "---> SSL: Trust Store specified"); |
| SSL_CTX_set_verify(sslContext, | SSL_CTX_set_verify(sslContext, |
| SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE | | SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE | |
|
|
|
| // Check if there is CA certificate file or directory specified. If | // Check if there is CA certificate file or directory specified. If |
| // specified, and is not empty, load the certificates from the Trust store. | // specified, and is not empty, load the certificates from the Trust store. |
| // | // |
| if (_trustStore != String::EMPTY) |
if (_trustStore.size() != 0) |
| { | { |
| // | // |
| // The truststore may be a single file of CA certificates OR | // The truststore may be a single file of CA certificates OR |
|
|
|
| // | // |
| if (FileSystem::isDirectory(_trustStore)) | if (FileSystem::isDirectory(_trustStore)) |
| { | { |
| PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Truststore is a directory"); | "---> SSL: Truststore is a directory"); |
| // | // |
| // load certificates from the trust store | // load certificates from the trust store |
| // | // |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Loading certificates from the trust store: %s", | "---> SSL: Loading certificates from the trust store: %s", |
| (const char*)_trustStore.getCString())); | (const char*)_trustStore.getCString())); |
| | |
|
|
|
| MessageLoaderParms parms( | MessageLoaderParms parms( |
| "Common.SSLContext.COULD_NOT_LOAD_CERTIFICATES", | "Common.SSLContext.COULD_NOT_LOAD_CERTIFICATES", |
| "Could not load certificates in to trust store."); | "Could not load certificates in to trust store."); |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| // | // |
| // load certificates from the trust store | // load certificates from the trust store |
| // | // |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Loading certificates from the trust store: %s", | "---> SSL: Loading certificates from the trust store: %s", |
| (const char*)_trustStore.getCString())); | (const char*)_trustStore.getCString())); |
| | |
|
|
|
| MessageLoaderParms parms( | MessageLoaderParms parms( |
| "Common.SSLContext.COULD_NOT_LOAD_CERTIFICATES", | "Common.SSLContext.COULD_NOT_LOAD_CERTIFICATES", |
| "Could not load certificates in to trust store."); | "Could not load certificates in to trust store."); |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| } | } |
| } | } |
| | |
| if (_crlPath != String::EMPTY) |
if (_crlPath.size() != 0) |
| { | { |
| // need to save this -- can we make it static since there's only | // need to save this -- can we make it static since there's only |
| // one CRL for cimserver? | // one CRL for cimserver? |
|
|
|
| _crlStore.reset(X509_STORE_new()); | _crlStore.reset(X509_STORE_new()); |
| if (_crlStore.get() == NULL) | if (_crlStore.get() == NULL) |
| { | { |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw PEGASUS_STD(bad_alloc)(); | throw PEGASUS_STD(bad_alloc)(); |
| } | } |
|
|
|
| // during server startup | // during server startup |
| if (FileSystem::isDirectory(_crlPath)) | if (FileSystem::isDirectory(_crlPath)) |
| { | { |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: CRL store is a directory in %s", | "---> SSL: CRL store is a directory in %s", |
| (const char*)_crlPath.getCString())); | (const char*)_crlPath.getCString())); |
| | |
|
|
|
| "Common.SSLContext.COULD_NOT_LOAD_CRLS", | "Common.SSLContext.COULD_NOT_LOAD_CRLS", |
| "Could not load certificate revocation list."); | "Could not load certificate revocation list."); |
| _crlStore.reset(); | _crlStore.reset(); |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| } | } |
| else | else |
| { | { |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: CRL store is the file %s", | "---> SSL: CRL store is the file %s", |
| (const char*)_crlPath.getCString())); | (const char*)_crlPath.getCString())); |
| | |
|
|
|
| "Common.SSLContext.COULD_NOT_LOAD_CRLS", | "Common.SSLContext.COULD_NOT_LOAD_CRLS", |
| "Could not load certificate revocation list."); | "Could not load certificate revocation list."); |
| _crlStore.reset(); | _crlStore.reset(); |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| X509_LOOKUP_load_file( | X509_LOOKUP_load_file( |
| pLookup, (const char*)_crlPath.getCString(), X509_FILETYPE_PEM); | pLookup, (const char*)_crlPath.getCString(), X509_FILETYPE_PEM); |
| | |
| PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Successfully configured CRL file"); | "---> SSL: Successfully configured CRL file"); |
| } | } |
| } | } |
|
|
|
| // certificate) specified. If specified, validate and load the | // certificate) specified. If specified, validate and load the |
| // certificate. | // certificate. |
| // | // |
| if (_certPath != String::EMPTY) |
if (_certPath.size() != 0) |
| { | { |
| // | // |
| // load the specified server certificates | // load the specified server certificates |
| // | // |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Loading server certificate from: %s", | "---> SSL: Loading server certificate from: %s", |
| (const char*)_certPath.getCString())); | (const char*)_certPath.getCString())); |
| | |
|
|
|
| "Common.SSLContext.COULD_NOT_ACCESS_SERVER_CERTIFICATE", | "Common.SSLContext.COULD_NOT_ACCESS_SERVER_CERTIFICATE", |
| "Could not access server certificate in $0.", | "Could not access server certificate in $0.", |
| (const char*)_certPath.getCString()); | (const char*)_certPath.getCString()); |
| |
|
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| // As of 2.4, if a keyfile is specified, its location is verified | // As of 2.4, if a keyfile is specified, its location is verified |
| // during server startup and will throw an error if the path is invalid. | // during server startup and will throw an error if the path is invalid. |
| // | // |
| if (_keyPath == String::EMPTY) |
if (_keyPath.size() == 0) |
| { | { |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: Key file empty, loading private key from " | "---> SSL: Key file empty, loading private key from " |
| "certificate file: %s",(const char*)_certPath.getCString())); | "certificate file: %s",(const char*)_certPath.getCString())); |
| // | // |
|
|
|
| MessageLoaderParms parms( | MessageLoaderParms parms( |
| "Common.SSLContext.COULD_NOT_GET_PRIVATE_KEY", | "Common.SSLContext.COULD_NOT_GET_PRIVATE_KEY", |
| "Could not get private key."); | "Could not get private key."); |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| // private key) specified and the key was not already loaded. | // private key) specified and the key was not already loaded. |
| // If specified, validate and load the key. | // If specified, validate and load the key. |
| // | // |
| if (_keyPath != String::EMPTY && !keyLoaded) |
if (_keyPath.size() != 0 && !keyLoaded ) |
| { | { |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "---> SSL: loading private key from: %s", | "---> SSL: loading private key from: %s", |
| (const char*)_keyPath.getCString())); | (const char*)_keyPath.getCString())); |
| // | // |
|
|
|
| MessageLoaderParms parms( | MessageLoaderParms parms( |
| "Common.SSLContext.COULD_NOT_GET_PRIVATE_KEY", | "Common.SSLContext.COULD_NOT_GET_PRIVATE_KEY", |
| "Could not get private key."); | "Could not get private key."); |
| |
SSL_CTX_free(sslContext); |
| |
sslContext = NULL; |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw SSLException(parms); | throw SSLException(parms); |
| } | } |
|
|
|
| } | } |
| #endif | #endif |
| | |
| |
String SSLContextRep::getCipherSuite() const |
| |
{ |
| |
return _cipherSuite; |
| |
} |
| |
|
| String SSLContextRep::getCRLPath() const | String SSLContextRep::getCRLPath() const |
| { | { |
| return _crlPath; | return _crlPath; |
|
|
|
| // | // |
| | |
| SSLContextRep::SSLContextRep( | SSLContextRep::SSLContextRep( |
| const String& trustStore, |
const String&, |
| const String& certPath, |
const String&, |
| const String& keyPath, |
const String&, |
| const String& crlPath, |
const String&, |
| SSLCertificateVerifyFunction* verifyCert, |
SSLCertificateVerifyFunction*, |
| const String& randomFile) |
const String&, |
| |
const String&, |
| |
const Boolean&) |
| { | { |
| } | } |
| | |
| SSLContextRep::SSLContextRep(const SSLContextRep& sslContextRep) {} |
SSLContextRep::SSLContextRep(const SSLContextRep&) {} |
| | |
| SSLContextRep::~SSLContextRep() {} | SSLContextRep::~SSLContextRep() {} |
| | |
| SSL_CTX* SSLContextRep::_makeSSLContext() { return 0; } | SSL_CTX* SSLContextRep::_makeSSLContext() { return 0; } |
| | |
| Boolean SSLContextRep::_verifyPrivateKey( | Boolean SSLContextRep::_verifyPrivateKey( |
| SSL_CTX *ctx, |
SSL_CTX*, |
| const String& keyPath) |
const String&) |
| { | { |
| return false; | return false; |
| } | } |
|
|
|
| | |
| String SSLContextRep::getKeyPath() const { return String::EMPTY; } | String SSLContextRep::getKeyPath() const { return String::EMPTY; } |
| | |
| |
String SSLContextRep::getCipherSuite() const { return String::EMPTY; } |
| |
|
| #ifdef PEGASUS_USE_DEPRECATED_INTERFACES | #ifdef PEGASUS_USE_DEPRECATED_INTERFACES |
| String SSLContextRep::getTrustStoreUserName() const { return String::EMPTY; } | String SSLContextRep::getTrustStoreUserName() const { return String::EMPTY; } |
| #endif | #endif |
|
|
|
| return SharedPtr<X509_STORE, FreeX509STOREPtr>(); | return SharedPtr<X509_STORE, FreeX509STOREPtr>(); |
| } | } |
| | |
| void SSLContextRep::setCRLStore(X509_STORE* store) { } |
void SSLContextRep::setCRLStore(X509_STORE*) { } |
| | |
| Boolean SSLContextRep::isPeerVerificationEnabled() const { return false; } | Boolean SSLContextRep::isPeerVerificationEnabled() const { return false; } |
| | |
|
|
|
| String::EMPTY, | String::EMPTY, |
| String::EMPTY, | String::EMPTY, |
| verifyCert, | verifyCert, |
| randomFile); |
randomFile, |
| |
String::EMPTY, |
| |
false); |
| } | } |
| | |
| SSLContext::SSLContext( | SSLContext::SSLContext( |
|
|
|
| trustStore, certPath, keyPath, crlPath, verifyCert, randomFile); | trustStore, certPath, keyPath, crlPath, verifyCert, randomFile); |
| } | } |
| | |
| |
#ifdef PEGASUS_USE_EXPERIMENTAL_INTERFACES |
| |
SSLContext::SSLContext( |
| |
const String& trustStore, |
| |
const String& certPath, |
| |
const String& keyPath, |
| |
const String& crlPath, |
| |
SSLCertificateVerifyFunction* verifyCert, |
| |
const String& randomFile, |
| |
const String& cipherSuite, |
| |
const Boolean& sslCompatibility) |
| |
{ |
| |
#ifndef PEGASUS_ENABLE_SSL_CRL_VERIFICATION |
| |
if (crlPath.size() > 0) |
| |
{ |
| |
MessageLoaderParms parms( |
| |
"Common.Exception.SSL_CRL_NOT_ENABLED_EXCEPTION", |
| |
"SSL CRL verification is not enabled."); |
| |
throw Exception(parms); |
| |
} |
| |
#endif |
| |
_rep = new SSLContextRep( |
| |
trustStore, certPath, keyPath, crlPath, verifyCert, randomFile, |
| |
cipherSuite,sslCompatibility); |
| |
} |
| |
#endif |
| |
|
| #ifdef PEGASUS_USE_DEPRECATED_INTERFACES | #ifdef PEGASUS_USE_DEPRECATED_INTERFACES |
| SSLContext::SSLContext( | SSLContext::SSLContext( |
| const String& trustStore, | const String& trustStore, |
| const String& certPath, | const String& certPath, |
| const String& keyPath, | const String& keyPath, |
| SSLCertificateVerifyFunction* verifyCert, | SSLCertificateVerifyFunction* verifyCert, |
| String trustStoreUserName, |
String, |
| const String& randomFile) | const String& randomFile) |
| { | { |
| _rep = new SSLContextRep( | _rep = new SSLContextRep( |
|
|
|
| } | } |
| #endif | #endif |
| | |
| |
#ifdef PEGASUS_USE_EXPERIMENTAL_INTERFACES |
| |
String SSLContext::getCipherSuite() const |
| |
{ |
| |
return _rep->getCipherSuite(); |
| |
} |
| |
#endif |
| |
|
| SSLCertificateVerifyFunction* | SSLCertificateVerifyFunction* |
| SSLContext::getSSLCertificateVerifyFunction() const | SSLContext::getSSLCertificateVerifyFunction() const |
| { | { |
Return to
SSLContext.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Common