lib/common: Move SSL certificate path definition to common location

This commit is contained in:
Povilas Kanapickas 2021-11-01 04:29:53 +02:00
parent d033ffa3d8
commit b76b332f2f
5 changed files with 18 additions and 23 deletions

View File

@ -38,6 +38,7 @@ public:
static fs::path local_ssl_fingerprints_path(); static fs::path local_ssl_fingerprints_path();
static fs::path trusted_servers_ssl_fingerprints_path(); static fs::path trusted_servers_ssl_fingerprints_path();
static fs::path trusted_clients_ssl_fingerprints_path(); static fs::path trusted_clients_ssl_fingerprints_path();
static fs::path ssl_certificate_path();
private: private:
static fs::path _profile; static fs::path _profile;
static fs::path _global; static fs::path _global;

View File

@ -48,4 +48,9 @@ fs::path DataDirectories::trusted_clients_ssl_fingerprints_path()
return ssl_fingerprints_path() / kFingerprintsTrustedClientsFilename; return ssl_fingerprints_path() / kFingerprintsTrustedClientsFilename;
} }
fs::path DataDirectories::ssl_certificate_path()
{
return profile() / "SSL" / "Barrier.pem";
}
} // namespace barrier } // namespace barrier

View File

@ -25,13 +25,6 @@
#include "common/DataDirectories.h" #include "common/DataDirectories.h"
#include "base/String.h" #include "base/String.h"
static const char s_certificateDir[] = { "SSL" };
static const char s_certificateFilename[] = { "Barrier.pem" };
//
// SecureListenSocket
//
SecureListenSocket::SecureListenSocket( SecureListenSocket::SecureListenSocket(
IEventQueue* events, IEventQueue* events,
SocketMultiplexer* socketMultiplexer, SocketMultiplexer* socketMultiplexer,
@ -55,12 +48,7 @@ SecureListenSocket::accept()
setListeningJob(); setListeningJob();
} }
std::string certificateFilename = barrier::string::sprintf("%s/%s/%s", bool loaded = socket->load_certificates(barrier::DataDirectories::ssl_certificate_path());
barrier::DataDirectories::profile().c_str(),
s_certificateDir,
s_certificateFilename);
bool loaded = socket->loadCertificates(certificateFilename);
if (!loaded) { if (!loaded) {
delete socket; delete socket;
return NULL; return NULL;

View File

@ -327,35 +327,35 @@ SecureSocket::initSsl(bool server)
initContext(server); initContext(server);
} }
bool SecureSocket::loadCertificates(const std::string& filename) bool SecureSocket::load_certificates(const barrier::fs::path& path)
{ {
if (filename.empty()) { if (path.empty()) {
showError("ssl certificate is not specified"); showError("ssl certificate is not specified");
return false; return false;
} }
else { else {
if (!barrier::fs::is_regular_file(barrier::fs::u8path(filename))) { if (!barrier::fs::is_regular_file(path)) {
showError("ssl certificate doesn't exist: " + filename); showError("ssl certificate doesn't exist: " + path.u8string());
return false; return false;
} }
} }
int r = 0; int r = 0;
r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM); r = SSL_CTX_use_certificate_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM);
if (r <= 0) { if (r <= 0) {
showError("could not use ssl certificate: " + filename); showError("could not use ssl certificate: " + path.u8string());
return false; return false;
} }
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM); r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM);
if (r <= 0) { if (r <= 0) {
showError("could not use ssl private key: " + filename); showError("could not use ssl private key: " + path.u8string());
return false; return false;
} }
r = SSL_CTX_check_private_key(m_ssl->m_context); r = SSL_CTX_check_private_key(m_ssl->m_context);
if (!r) { if (!r) {
showError("could not verify ssl private key: " + filename); showError("could not verify ssl private key: " + path.u8string());
return false; return false;
} }

View File

@ -19,6 +19,7 @@
#include "net/TCPSocket.h" #include "net/TCPSocket.h"
#include "net/XSocket.h" #include "net/XSocket.h"
#include "io/filesystem.h"
class IEventQueue; class IEventQueue;
class SocketMultiplexer; class SocketMultiplexer;
@ -55,7 +56,7 @@ public:
EJobResult doRead() override; EJobResult doRead() override;
EJobResult doWrite() override; EJobResult doWrite() override;
void initSsl(bool server); void initSsl(bool server);
bool loadCertificates(const std::string& filename); bool load_certificates(const barrier::fs::path& path);
private: private:
// SSL // SSL