lib/common: Move SSL certificate path definition to common location
This commit is contained in:
parent
d033ffa3d8
commit
b76b332f2f
|
@ -38,6 +38,7 @@ public:
|
||||||
static fs::path local_ssl_fingerprints_path();
|
static fs::path local_ssl_fingerprints_path();
|
||||||
static fs::path trusted_servers_ssl_fingerprints_path();
|
static fs::path trusted_servers_ssl_fingerprints_path();
|
||||||
static fs::path trusted_clients_ssl_fingerprints_path();
|
static fs::path trusted_clients_ssl_fingerprints_path();
|
||||||
|
static fs::path ssl_certificate_path();
|
||||||
private:
|
private:
|
||||||
static fs::path _profile;
|
static fs::path _profile;
|
||||||
static fs::path _global;
|
static fs::path _global;
|
||||||
|
|
|
@ -48,4 +48,9 @@ fs::path DataDirectories::trusted_clients_ssl_fingerprints_path()
|
||||||
return ssl_fingerprints_path() / kFingerprintsTrustedClientsFilename;
|
return ssl_fingerprints_path() / kFingerprintsTrustedClientsFilename;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fs::path DataDirectories::ssl_certificate_path()
|
||||||
|
{
|
||||||
|
return profile() / "SSL" / "Barrier.pem";
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace barrier
|
} // namespace barrier
|
||||||
|
|
|
@ -25,13 +25,6 @@
|
||||||
#include "common/DataDirectories.h"
|
#include "common/DataDirectories.h"
|
||||||
#include "base/String.h"
|
#include "base/String.h"
|
||||||
|
|
||||||
static const char s_certificateDir[] = { "SSL" };
|
|
||||||
static const char s_certificateFilename[] = { "Barrier.pem" };
|
|
||||||
|
|
||||||
//
|
|
||||||
// SecureListenSocket
|
|
||||||
//
|
|
||||||
|
|
||||||
SecureListenSocket::SecureListenSocket(
|
SecureListenSocket::SecureListenSocket(
|
||||||
IEventQueue* events,
|
IEventQueue* events,
|
||||||
SocketMultiplexer* socketMultiplexer,
|
SocketMultiplexer* socketMultiplexer,
|
||||||
|
@ -55,12 +48,7 @@ SecureListenSocket::accept()
|
||||||
setListeningJob();
|
setListeningJob();
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string certificateFilename = barrier::string::sprintf("%s/%s/%s",
|
bool loaded = socket->load_certificates(barrier::DataDirectories::ssl_certificate_path());
|
||||||
barrier::DataDirectories::profile().c_str(),
|
|
||||||
s_certificateDir,
|
|
||||||
s_certificateFilename);
|
|
||||||
|
|
||||||
bool loaded = socket->loadCertificates(certificateFilename);
|
|
||||||
if (!loaded) {
|
if (!loaded) {
|
||||||
delete socket;
|
delete socket;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -327,35 +327,35 @@ SecureSocket::initSsl(bool server)
|
||||||
initContext(server);
|
initContext(server);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool SecureSocket::loadCertificates(const std::string& filename)
|
bool SecureSocket::load_certificates(const barrier::fs::path& path)
|
||||||
{
|
{
|
||||||
if (filename.empty()) {
|
if (path.empty()) {
|
||||||
showError("ssl certificate is not specified");
|
showError("ssl certificate is not specified");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (!barrier::fs::is_regular_file(barrier::fs::u8path(filename))) {
|
if (!barrier::fs::is_regular_file(path)) {
|
||||||
showError("ssl certificate doesn't exist: " + filename);
|
showError("ssl certificate doesn't exist: " + path.u8string());
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int r = 0;
|
int r = 0;
|
||||||
r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
|
r = SSL_CTX_use_certificate_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM);
|
||||||
if (r <= 0) {
|
if (r <= 0) {
|
||||||
showError("could not use ssl certificate: " + filename);
|
showError("could not use ssl certificate: " + path.u8string());
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
|
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM);
|
||||||
if (r <= 0) {
|
if (r <= 0) {
|
||||||
showError("could not use ssl private key: " + filename);
|
showError("could not use ssl private key: " + path.u8string());
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = SSL_CTX_check_private_key(m_ssl->m_context);
|
r = SSL_CTX_check_private_key(m_ssl->m_context);
|
||||||
if (!r) {
|
if (!r) {
|
||||||
showError("could not verify ssl private key: " + filename);
|
showError("could not verify ssl private key: " + path.u8string());
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
#include "net/TCPSocket.h"
|
#include "net/TCPSocket.h"
|
||||||
#include "net/XSocket.h"
|
#include "net/XSocket.h"
|
||||||
|
#include "io/filesystem.h"
|
||||||
|
|
||||||
class IEventQueue;
|
class IEventQueue;
|
||||||
class SocketMultiplexer;
|
class SocketMultiplexer;
|
||||||
|
@ -55,7 +56,7 @@ public:
|
||||||
EJobResult doRead() override;
|
EJobResult doRead() override;
|
||||||
EJobResult doWrite() override;
|
EJobResult doWrite() override;
|
||||||
void initSsl(bool server);
|
void initSsl(bool server);
|
||||||
bool loadCertificates(const std::string& filename);
|
bool load_certificates(const barrier::fs::path& path);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
// SSL
|
// SSL
|
||||||
|
|
Loading…
Reference in New Issue