version 1.79, 2007/05/09 19:17:59
|
version 1.80, 2007/05/25 18:35:13
|
|
|
| |
#ifdef PEGASUS_HAS_SSL | #ifdef PEGASUS_HAS_SSL |
# include <Pegasus/Common/Config.h> | # include <Pegasus/Common/Config.h> |
|
# include <Pegasus/Common/Executor.h> |
# include <Pegasus/Common/Network.h> | # include <Pegasus/Common/Network.h> |
# define OPENSSL_NO_KRB5 1 | # define OPENSSL_NO_KRB5 1 |
# include <openssl/err.h> | # include <openssl/err.h> |
|
|
{ | { |
PEG_METHOD_ENTER(TRC_SSL, "_verifyPrivateKey()"); | PEG_METHOD_ENTER(TRC_SSL, "_verifyPrivateKey()"); |
| |
if (SSL_CTX_use_PrivateKey_file( |
// Open the private key file. |
ctx, keyPath.getCString(), SSL_FILETYPE_PEM) <= 0) |
|
|
FILE* is = Executor::openFile(keyPath.getCString(), 'r'); |
|
|
|
if (!is) |
|
{ |
|
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, |
|
String("failed to open private key file: ") + String(keyPath)); |
|
return false; |
|
} |
|
|
|
// Read the private key from the input stream. |
|
|
|
EVP_PKEY* pkey; |
|
pkey = PEM_read_PrivateKey(is, NULL, NULL, NULL); |
|
|
|
if (!pkey) |
|
{ |
|
PEG_TRACE_STRING( |
|
TRC_SSL, Tracer::LEVEL2, "failed to create private key"); |
|
return false; |
|
} |
|
|
|
// Close the input stream. |
|
|
|
fclose(is); |
|
|
|
// Associate the new private key with the SSL context object. |
|
|
|
if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) |
{ | { |
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, | PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, |
"---> SSL: no private key found in " + String(keyPath)); | "---> SSL: no private key found in " + String(keyPath)); |
|
|
return false; | return false; |
} | } |
| |
|
// Check private key for validity. |
|
|
if (!SSL_CTX_check_private_key(ctx)) | if (!SSL_CTX_check_private_key(ctx)) |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2, | PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2, |