talezero/integration
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor change to cert loading

Browse Source
This commit is contained in:
jyelon
2022-03-22 16:55:20 -04:00
parent d2c7a5e5f2
commit 50155e9562
1 changed files with 5 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
luprex/core/cpp/driver-ssl.cpp
View File

@@ -165,16 +165,12 @@ static bool contains_privatekey(const char *fn) {
void ctx_load_cert_from_directory(SSL_CTX *ctx, const std::string &dir) { void ctx_load_cert_from_directory(SSL_CTX *ctx, const std::string &dir) {
std::vector<std::string> key_paths; std::vector<std::string> key_paths;
std::vector<std::string> chain_paths;
std::vector<std::string> cert_paths; std::vector<std::string> cert_paths;
for (const auto & entry : std::filesystem::directory_iterator(dir)) { for (const auto & entry : std::filesystem::directory_iterator(dir)) {
std::string fn = entry.path(); std::string fn = entry.path();
int count = count_certificates(fn.c_str()); if (count_certificates(fn.c_str()) >= 1) {
if (count == 1) {
cert_paths.push_back(fn); cert_paths.push_back(fn);
} else if (count > 1) {
chain_paths.push_back(fn);
} }
if (contains_privatekey(fn.c_str())) { if (contains_privatekey(fn.c_str())) {
key_paths.push_back(fn); key_paths.push_back(fn);
@@ -185,16 +181,12 @@ void ctx_load_cert_from_directory(SSL_CTX *ctx, const std::string &dir) {
std::cerr << "Directory contains multiple certs: " << dir << std::endl; std::cerr << "Directory contains multiple certs: " << dir << std::endl;
exit(1); exit(1);
} }
if (chain_paths.size() > 1) {
std::cerr << "Directory contains multiple chains: " << dir << std::endl;
exit(1);
}
if (key_paths.size() > 1) { if (key_paths.size() > 1) {
std::cerr << "Directory contains multiple keys: " << dir << std::endl; std::cerr << "Directory contains multiple keys: " << dir << std::endl;
exit(1); exit(1);
} }
if (cert_paths.empty() && chain_paths.empty()) { if (cert_paths.empty()) {
std::cerr << "Directory doesn't contain a certificate: " << dir << std::endl; std::cerr << "Directory doesn't contain a cert: " << dir << std::endl;
exit(1); exit(1);
} }
if (key_paths.empty()) { if (key_paths.empty()) {
@@ -205,13 +197,8 @@ void ctx_load_cert_from_directory(SSL_CTX *ctx, const std::string &dir) {
int status; int status;
status = SSL_CTX_use_PrivateKey_file(ctx, key_paths[0].c_str(), SSL_FILETYPE_PEM); status = SSL_CTX_use_PrivateKey_file(ctx, key_paths[0].c_str(), SSL_FILETYPE_PEM);
assert(status == 1); assert(status == 1);
if (chain_paths.empty()) { status = SSL_CTX_use_certificate_chain_file(ctx, cert_paths[0].c_str());
status = SSL_CTX_use_certificate_file(ctx, cert_paths[0].c_str(), SSL_FILETYPE_PEM); assert(status == 1);
assert(status == 1);
} else {
status = SSL_CTX_use_certificate_chain_file(ctx, chain_paths[0].c_str());
assert(status == 1);
}
} }
} // namespace drvssl } // namespace drvssl