diff --git a/src/lib/common/DataDirectories.h b/src/lib/common/DataDirectories.h index bb264480..45502116 100644 --- a/src/lib/common/DataDirectories.h +++ b/src/lib/common/DataDirectories.h @@ -38,6 +38,7 @@ public: static fs::path local_ssl_fingerprints_path(); static fs::path trusted_servers_ssl_fingerprints_path(); static fs::path trusted_clients_ssl_fingerprints_path(); + static fs::path ssl_certificate_path(); private: static fs::path _profile; static fs::path _global; diff --git a/src/lib/common/DataDirectories_static.cpp b/src/lib/common/DataDirectories_static.cpp index 40c0ebf7..47f88e70 100644 --- a/src/lib/common/DataDirectories_static.cpp +++ b/src/lib/common/DataDirectories_static.cpp @@ -48,4 +48,9 @@ fs::path DataDirectories::trusted_clients_ssl_fingerprints_path() return ssl_fingerprints_path() / kFingerprintsTrustedClientsFilename; } +fs::path DataDirectories::ssl_certificate_path() +{ + return profile() / "SSL" / "Barrier.pem"; +} + } // namespace barrier diff --git a/src/lib/net/SecureListenSocket.cpp b/src/lib/net/SecureListenSocket.cpp index bfaa4be0..71e09ce5 100644 --- a/src/lib/net/SecureListenSocket.cpp +++ b/src/lib/net/SecureListenSocket.cpp @@ -25,13 +25,6 @@ #include "common/DataDirectories.h" #include "base/String.h" -static const char s_certificateDir[] = { "SSL" }; -static const char s_certificateFilename[] = { "Barrier.pem" }; - -// -// SecureListenSocket -// - SecureListenSocket::SecureListenSocket( IEventQueue* events, SocketMultiplexer* socketMultiplexer, @@ -55,12 +48,7 @@ SecureListenSocket::accept() setListeningJob(); } - std::string certificateFilename = barrier::string::sprintf("%s/%s/%s", - barrier::DataDirectories::profile().c_str(), - s_certificateDir, - s_certificateFilename); - - bool loaded = socket->loadCertificates(certificateFilename); + bool loaded = socket->load_certificates(barrier::DataDirectories::ssl_certificate_path()); if (!loaded) { delete socket; return NULL; diff --git a/src/lib/net/SecureSocket.cpp b/src/lib/net/SecureSocket.cpp index 39b40fd7..6a658db1 100644 --- a/src/lib/net/SecureSocket.cpp +++ b/src/lib/net/SecureSocket.cpp @@ -327,35 +327,35 @@ SecureSocket::initSsl(bool server) initContext(server); } -bool SecureSocket::loadCertificates(const std::string& filename) +bool SecureSocket::load_certificates(const barrier::fs::path& path) { - if (filename.empty()) { + if (path.empty()) { showError("ssl certificate is not specified"); return false; } else { - if (!barrier::fs::is_regular_file(barrier::fs::u8path(filename))) { - showError("ssl certificate doesn't exist: " + filename); + if (!barrier::fs::is_regular_file(path)) { + showError("ssl certificate doesn't exist: " + path.u8string()); return false; } } int r = 0; - r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM); + r = SSL_CTX_use_certificate_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM); if (r <= 0) { - showError("could not use ssl certificate: " + filename); + showError("could not use ssl certificate: " + path.u8string()); return false; } - r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM); + r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM); if (r <= 0) { - showError("could not use ssl private key: " + filename); + showError("could not use ssl private key: " + path.u8string()); return false; } r = SSL_CTX_check_private_key(m_ssl->m_context); if (!r) { - showError("could not verify ssl private key: " + filename); + showError("could not verify ssl private key: " + path.u8string()); return false; } diff --git a/src/lib/net/SecureSocket.h b/src/lib/net/SecureSocket.h index 24653b6f..6e355008 100644 --- a/src/lib/net/SecureSocket.h +++ b/src/lib/net/SecureSocket.h @@ -19,6 +19,7 @@ #include "net/TCPSocket.h" #include "net/XSocket.h" +#include "io/filesystem.h" class IEventQueue; class SocketMultiplexer; @@ -55,7 +56,7 @@ public: EJobResult doRead() override; EJobResult doWrite() override; void initSsl(bool server); - bool loadCertificates(const std::string& filename); + bool load_certificates(const barrier::fs::path& path); private: // SSL