talezero/integration
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code to load SSL certs from dir, and ssl overhaul

Browse Source
This commit is contained in:
jyelon
2022-03-22 16:30:58 -04:00
parent 0094b503f6
commit d2c7a5e5f2
8 changed files with 297 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
luprex/core/cpp/driver-common.cpp
View File

@@ -38,81 +38,6 @@ static std::string_view read_file(const char *fn, char *buf, int bufsize, std::s
err = "";
return std::string_view(buf, nread);
}
struct SSL_CTX_Deleter {
void operator()(SSL_CTX *ctx) { SSL_CTX_free(ctx); }
};
using UniqueSSLCTX = std::unique_ptr<SSL_CTX, SSL_CTX_Deleter>;
static std::string ssl_errors_string(bool lastonly = true) {
std::string err;
const char *file, *data, *func;
int line, flags;
while (true) {
unsigned long code =
ERR_get_error_all(&file, &line, &func, &data, &flags);
if (code == 0) break;
std::string reason;
if (ERR_SYSTEM_ERROR(code)) {
reason = strerror_str(ERR_GET_REASON(code));
} else {
const char *rc = ERR_reason_error_string(code);
reason = (rc == nullptr) ? "unknown" : rc;
}
if (err.empty() || lastonly) {
err = reason;
} else {
err = err + ", " + reason;
}
if (data != nullptr) {
err = err + " " + data;
}
}
return err;
}
void assert_ssl_errors_empty() {
int code = ERR_peek_error();
if (code != 0) {
std::cerr << "SSL should not have errors at this point." << std::endl;
ERR_print_errors_fp(stderr);
exit(1);
}
}
static int ssl_ctx_use_certificate_str(SSL_CTX *ctx, const char *str) {
BIO *bio = BIO_new(BIO_s_mem());
BIO_puts(bio, str);
X509 *certificate = PEM_read_bio_X509(bio, NULL, NULL, NULL);
BIO_free(bio);
int status = SSL_CTX_use_certificate(ctx, certificate);
X509_free(certificate);
return status;
}
static int ssl_ctx_use_privatekey_str(SSL_CTX *ctx, const char *str) {
BIO *bio = BIO_new(BIO_s_mem());
BIO_puts(bio, str);
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
BIO_free(bio);
int status = SSL_CTX_use_PrivateKey(ctx, pkey);
EVP_PKEY_free(pkey);
return status;
}
static void ssl_ctx_use_dummycert(SSL_CTX *ctx) {
if (ssl_ctx_use_certificate_str(ctx, dummycert::certificate) <= 0) {
ERR_print_errors_fp(stderr);
exit(1);
}
if (ssl_ctx_use_privatekey_str(ctx, dummycert::privatekey) <= 0) {
ERR_print_errors_fp(stderr);
exit(1);
}
}
class Driver {
public:
enum ChanState {
@@ -146,9 +71,9 @@ class Driver {
std::unique_ptr<struct pollfd[]> pollvec_;
drv::ReplayRecorder recorder_;
UniqueSSLCTX ssl_server_ctx_;
UniqueSSLCTX ssl_client_secure_ctx_;
UniqueSSLCTX ssl_client_insecure_ctx_;
drvssl::UniqueCTX ssl_server_ctx_;
drvssl::UniqueCTX ssl_client_secure_ctx_;
drvssl::UniqueCTX ssl_client_insecure_ctx_;
void handle_listen_ports() {
const auto &listenports = recorder_.drv_get_listen_ports();
@@ -353,7 +278,7 @@ class Driver {
} else if (error == SSL_ERROR_WANT_WRITE) {
chan.ready_on_pollout = true;
} else {
close_channel(chan, ssl_errors_string());
close_channel(chan, drvssl::errors_string());
}
}
@@ -424,7 +349,7 @@ class Driver {
}
void advance_channel(ChanInfo &chan) {
assert_ssl_errors_empty();
drvssl::assert_errors_empty();
switch (chan.state) {
case CHAN_PLAINTEXT:
advance_plaintext(chan);
@@ -442,7 +367,7 @@ class Driver {
assert(false);
break;
}
assert_ssl_errors_empty();
drvssl::assert_errors_empty();
}
void handle_socket_input_output() {
@@ -597,10 +522,11 @@ class Driver {
chbuf_.reset(new char[CHBUF_SIZE]);
pollvec_.reset(new struct pollfd[POLLVEC_SIZE]);
ssl_server_ctx_.reset(new_ssl_server_context());
ssl_client_secure_ctx_.reset(new_ssl_client_context(SSL_VERIFY_PEER));
ssl_client_insecure_ctx_.reset(new_ssl_client_context(SSL_VERIFY_NONE));
assert_ssl_errors_empty();
ssl_server_ctx_.reset(drvssl::new_context(SSL_VERIFY_NONE));
ssl_client_secure_ctx_.reset(drvssl::new_context(SSL_VERIFY_PEER));
ssl_client_insecure_ctx_.reset(drvssl::new_context(SSL_VERIFY_NONE));
ssl_load_certificate_authorities(ssl_client_secure_ctx_.get());
drvssl::assert_errors_empty();
handle_lua_source();
recorder_.drv_invoke_event_init(argc, argv);