From 47feb91e57f83c81722188ec3025c3109758dd33 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 00:28:27 +0200 Subject: cSslContext supports setting own cert / privkey. --- src/PolarSSL++/SslContext.h | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'src/PolarSSL++/SslContext.h') diff --git a/src/PolarSSL++/SslContext.h b/src/PolarSSL++/SslContext.h index 85add5f8b..273939b9f 100644 --- a/src/PolarSSL++/SslContext.h +++ b/src/PolarSSL++/SslContext.h @@ -11,6 +11,8 @@ #include "polarssl/ssl.h" #include "../ByteBuffer.h" +#include "PublicKey.h" +#include "RsaPrivateKey.h" #include "X509Cert.h" @@ -47,7 +49,16 @@ public: /** Returns true if the object has been initialized properly. */ bool IsValid(void) const { return m_IsValid; } - /** Sets a cert chain as the trusted cert store for this context. + /** Sets the certificate to use as our own. Must be used when representing a server, optional when client. + Must be called after Initialize(). */ + void SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey); + + /** Sets the certificate to use as our own. Must be used when representing a server, optional when client. + Must be called after Initialize(). + Despite the class name, a_OwnCertPrivKey is a PRIVATE key. */ + void SetOwnCert(const cX509CertPtr & a_OwnCert, const cPublicKeyPtr & a_OwnCertPrivKey); + + /** Sets a cert chain as the trusted cert store for this context. Must be called after Initialize(). Calling this will switch the context into strict cert verification mode. a_ExpectedPeerName is the CommonName that we expect the SSL peer to have in its cert, if it is different, the verification will fail. An empty string will disable the CN check. */ @@ -93,6 +104,15 @@ protected: /** The SSL context that PolarSSL uses. */ ssl_context m_Ssl; + /** The certificate that we present to the peer. */ + cX509CertPtr m_OwnCert; + + /** Private key for m_OwnCert, if initialized from a cRsaPrivateKey */ + cRsaPrivateKeyPtr m_OwnCertPrivKey; + + /** Private key for m_OwnCert, if initialized from a cPublicKey. Despite the class name, this is a PRIVATE key. */ + cPublicKeyPtr m_OwnCertPrivKey2; + /** True if the SSL handshake has been completed. */ bool m_HasHandshaken; -- cgit v1.2.3 From 1587b21edded56dbfb88150500336c2853b460c6 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 15:21:41 +0200 Subject: Renamed cPublicKey to cCryptoKey. The class can hold both the private key and the public key, bad naming on PolarSSL's part. Also somewhat fixed the cert and key loading in cHTTPServer. --- src/PolarSSL++/SslContext.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'src/PolarSSL++/SslContext.h') diff --git a/src/PolarSSL++/SslContext.h b/src/PolarSSL++/SslContext.h index 273939b9f..a4ad1a345 100644 --- a/src/PolarSSL++/SslContext.h +++ b/src/PolarSSL++/SslContext.h @@ -11,7 +11,7 @@ #include "polarssl/ssl.h" #include "../ByteBuffer.h" -#include "PublicKey.h" +#include "CryptoKey.h" #include "RsaPrivateKey.h" #include "X509Cert.h" @@ -54,9 +54,8 @@ public: void SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey); /** Sets the certificate to use as our own. Must be used when representing a server, optional when client. - Must be called after Initialize(). - Despite the class name, a_OwnCertPrivKey is a PRIVATE key. */ - void SetOwnCert(const cX509CertPtr & a_OwnCert, const cPublicKeyPtr & a_OwnCertPrivKey); + Must be called after Initialize(). */ + void SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey); /** Sets a cert chain as the trusted cert store for this context. Must be called after Initialize(). Calling this will switch the context into strict cert verification mode. @@ -107,11 +106,11 @@ protected: /** The certificate that we present to the peer. */ cX509CertPtr m_OwnCert; - /** Private key for m_OwnCert, if initialized from a cRsaPrivateKey */ + /** Private key for m_OwnCert, if initialized from a cRsaPrivateKey. */ cRsaPrivateKeyPtr m_OwnCertPrivKey; - /** Private key for m_OwnCert, if initialized from a cPublicKey. Despite the class name, this is a PRIVATE key. */ - cPublicKeyPtr m_OwnCertPrivKey2; + /** Private key for m_OwnCert, if initialized from a cCryptoKey. */ + cCryptoKeyPtr m_OwnCertPrivKey2; /** True if the SSL handshake has been completed. */ bool m_HasHandshaken; -- cgit v1.2.3 From 9221b458989512e41f8502b56ed738d143599093 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 21:23:37 +0200 Subject: cSslContext has virtual destructor now. --- src/PolarSSL++/SslContext.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/PolarSSL++/SslContext.h') diff --git a/src/PolarSSL++/SslContext.h b/src/PolarSSL++/SslContext.h index a4ad1a345..6b4f2c1e7 100644 --- a/src/PolarSSL++/SslContext.h +++ b/src/PolarSSL++/SslContext.h @@ -40,7 +40,7 @@ public: /** Creates a new uninitialized context */ cSslContext(void); - ~cSslContext(); + virtual ~cSslContext(); /** Initializes the context for use as a server or client. Returns 0 on success, PolarSSL error on failure. */ -- cgit v1.2.3