diff options
Diffstat (limited to 'src/PolarSSL++/SslContext.cpp')
-rw-r--r-- | src/PolarSSL++/SslContext.cpp | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/src/PolarSSL++/SslContext.cpp b/src/PolarSSL++/SslContext.cpp index 4ff0c3077..74b45ea33 100644 --- a/src/PolarSSL++/SslContext.cpp +++ b/src/PolarSSL++/SslContext.cpp @@ -44,7 +44,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> & LOGWARNING("SSL: Double initialization is not supported."); return POLARSSL_ERR_SSL_BAD_INPUT_DATA; // There is no return value well-suited for this, reuse this one. } - + // Set the CtrDrbg context, create a new one if needed: m_CtrDrbg = a_CtrDrbg; if (m_CtrDrbg.get() == nullptr) @@ -52,7 +52,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> & m_CtrDrbg.reset(new cCtrDrbgContext); m_CtrDrbg->Initialize("Cuberite", 8); } - + // Initialize PolarSSL's structures: memset(&m_Ssl, 0, sizeof(m_Ssl)); int res = ssl_init(&m_Ssl); @@ -64,7 +64,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> & ssl_set_authmode(&m_Ssl, SSL_VERIFY_NONE); // We cannot verify because we don't have a CA chain, required by PolarSSL, implemented yet (TODO) ssl_set_rng(&m_Ssl, ctr_drbg_random, &m_CtrDrbg->m_CtrDrbg); ssl_set_bio(&m_Ssl, ReceiveEncrypted, this, SendEncrypted, this); - + #ifdef _DEBUG /* // These functions allow us to debug SSL and certificate problems, but produce way too much output, @@ -74,7 +74,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> & ssl_set_verify(&m_Ssl, &SSLVerifyCert, this); //*/ - + /* // Set ciphersuite to the easiest one to decode, so that the connection can be wireshark-decoded: static const int CipherSuites[] = @@ -87,7 +87,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> & ssl_set_ciphersuites(&m_Ssl, CipherSuites); //*/ #endif - + m_IsValid = true; return 0; } @@ -99,18 +99,18 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> & void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey) { ASSERT(m_IsValid); // Call Initialize() first - + // Check that both the cert and the key is valid: if ((a_OwnCert.get() == nullptr) || (a_OwnCertPrivKey.get() == nullptr)) { LOGWARNING("SSL: Own certificate is not valid, skipping the set."); return; } - + // Make sure we have the cert stored for later, PolarSSL only uses the cert later on m_OwnCert = a_OwnCert; m_OwnCertPrivKey = a_OwnCertPrivKey; - + // Set into the context: ssl_set_own_cert_rsa(&m_Ssl, m_OwnCert->GetInternal(), m_OwnCertPrivKey->GetInternal()); } @@ -122,18 +122,18 @@ void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKe void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey) { ASSERT(m_IsValid); // Call Initialize() first - + // Check that both the cert and the key is valid: if ((a_OwnCert.get() == nullptr) || (a_OwnCertPrivKey.get() == nullptr)) { LOGWARNING("SSL: Own certificate is not valid, skipping the set."); return; } - + // Make sure we have the cert stored for later, PolarSSL only uses the cert later on m_OwnCert = a_OwnCert; m_OwnCertPrivKey2 = a_OwnCertPrivKey; - + // Set into the context: ssl_set_own_cert(&m_Ssl, m_OwnCert->GetInternal(), m_OwnCertPrivKey2->GetInternal()); } @@ -145,12 +145,12 @@ void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr void cSslContext::SetCACerts(const cX509CertPtr & a_CACert, const AString & a_ExpectedPeerName) { ASSERT(m_IsValid); // Call Initialize() first - + // Store the data in our internal buffers, to avoid losing the pointers later on // PolarSSL will need these after this call returns, and the caller may move / delete the data before that: m_ExpectedPeerName = a_ExpectedPeerName; m_CACerts = a_CACert; - + // Set the trusted CA root cert store: ssl_set_authmode(&m_Ssl, SSL_VERIFY_REQUIRED); ssl_set_ca_chain(&m_Ssl, m_CACerts->GetInternal(), nullptr, m_ExpectedPeerName.empty() ? nullptr : m_ExpectedPeerName.c_str()); @@ -171,7 +171,7 @@ int cSslContext::WritePlain(const void * a_Data, size_t a_NumBytes) return res; } } - + return ssl_write(&m_Ssl, reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes); } @@ -190,7 +190,7 @@ int cSslContext::ReadPlain(void * a_Data, size_t a_MaxBytes) return res; } } - + return ssl_read(&m_Ssl, reinterpret_cast<unsigned char *>(a_Data), a_MaxBytes); } @@ -202,7 +202,7 @@ int cSslContext::Handshake(void) { ASSERT(m_IsValid); // Need to call Initialize() first ASSERT(!m_HasHandshaken); // Must not call twice - + int res = ssl_handshake(&m_Ssl); if (res == 0) { @@ -232,7 +232,7 @@ int cSslContext::NotifyClose(void) // Don't want the trace messages return; } - + // Remove the terminating LF: size_t len = strlen(a_Text) - 1; while ((len > 0) && (a_Text[len] <= 32)) @@ -240,7 +240,7 @@ int cSslContext::NotifyClose(void) len--; } AString Text(a_Text, len + 1); - + LOGD("SSL (%d): %s", a_Level, Text.c_str()); } |