diff options
author | Howard Chu <hyc@symas.com> | 2019-03-08 15:15:24 +0000 |
---|---|---|
committer | Howard Chu <hyc@symas.com> | 2019-03-08 15:15:24 +0000 |
commit | b8c2e21cba5c5f2db050d9d464bef9417fc6f62b (patch) | |
tree | 6ca4e256aa2390e0d894602d341d133c1f1d4e9d /contrib/epee | |
parent | Merge pull request #5232 (diff) | |
download | monero-b8c2e21cba5c5f2db050d9d464bef9417fc6f62b.tar.xz |
Fix startup errors with SSL cert generation
Use SSL API directly, skip boost layer
Diffstat (limited to 'contrib/epee')
-rw-r--r-- | contrib/epee/include/net/net_ssl.h | 1 | ||||
-rw-r--r-- | contrib/epee/src/net_ssl.cpp | 43 |
2 files changed, 6 insertions, 38 deletions
diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h index ca53d3667..f7b102164 100644 --- a/contrib/epee/include/net/net_ssl.h +++ b/contrib/epee/include/net/net_ssl.h @@ -59,7 +59,6 @@ namespace net_utils bool is_ssl(const unsigned char *data, size_t len); ssl_context_t create_ssl_context(const std::pair<std::string, std::string> &private_key_and_certificate_path, std::list<std::string> allowed_certificates, std::vector<std::vector<uint8_t>> allowed_fingerprints, bool allow_any_cert); void use_ssl_certificate(ssl_context_t &ssl_context, const std::pair<std::string, std::string> &private_key_and_certificate_path); - bool create_ssl_certificate(std::string &pkey_buffer, std::string &cert_buffer); bool is_certificate_allowed(boost::asio::ssl::verify_context &ctx, const ssl_context_t &ssl_context); bool ssl_handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const epee::net_utils::ssl_context_t &ssl_context); bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s); diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp index 9a62dd3c2..7154d4d33 100644 --- a/contrib/epee/src/net_ssl.cpp +++ b/contrib/epee/src/net_ssl.cpp @@ -120,40 +120,6 @@ bool create_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert) return true; } -bool create_ssl_certificate(std::string &pkey_buffer, std::string &cert_buffer) -{ - EVP_PKEY *pkey; - X509 *cert; - if (!create_ssl_certificate(pkey, cert)) - return false; - BIO *bio_pkey = BIO_new(BIO_s_mem()), *bio_cert = BIO_new(BIO_s_mem()); - openssl_bio bio_pkey_deleter{bio_pkey}; - bool success = PEM_write_bio_PrivateKey(bio_pkey, pkey, NULL, NULL, 0, NULL, NULL) && PEM_write_bio_X509(bio_cert, cert); - X509_free(cert); - if (!success) - { - MERROR("Failed to write cert and/or pkey: " << ERR_get_error()); - return false; - } - BUF_MEM *buf = NULL; - BIO_get_mem_ptr(bio_pkey, &buf); - if (!buf || !buf->data || !buf->length) - { - MERROR("Failed to write pkey: " << ERR_get_error()); - return false; - } - pkey_buffer = std::string(buf->data, buf->length); - buf = NULL; - BIO_get_mem_ptr(bio_cert, &buf); - if (!buf || !buf->data || !buf->length) - { - MERROR("Failed to write cert: " << ERR_get_error()); - return false; - } - cert_buffer = std::string(buf->data, buf->length); - return success; -} - ssl_context_t create_ssl_context(const std::pair<std::string, std::string> &private_key_and_certificate_path, std::list<std::string> allowed_certificates, std::vector<std::vector<uint8_t>> allowed_fingerprints, bool allow_any_cert) { ssl_context_t ssl_context{boost::asio::ssl::context(boost::asio::ssl::context::tlsv12), std::move(allowed_certificates), std::move(allowed_fingerprints)}; @@ -190,10 +156,13 @@ ssl_context_t create_ssl_context(const std::pair<std::string, std::string> &priv CHECK_AND_ASSERT_THROW_MES(private_key_and_certificate_path.first.empty() == private_key_and_certificate_path.second.empty(), "private key and certificate must be either both given or both empty"); if (private_key_and_certificate_path.second.empty()) { - std::string pkey, cert; + EVP_PKEY *pkey; + X509 *cert; CHECK_AND_ASSERT_THROW_MES(create_ssl_certificate(pkey, cert), "Failed to create certificate"); - ssl_context.context.use_private_key(boost::asio::buffer(pkey), boost::asio::ssl::context::pem); - ssl_context.context.use_certificate(boost::asio::buffer(cert), boost::asio::ssl::context::pem); + CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_certificate(ctx, cert), "Failed to use generated certificate"); + // don't free the cert, the CTX owns it now + CHECK_AND_ASSERT_THROW_MES(SSL_CTX_use_PrivateKey(ctx, pkey), "Failed to use generated private key"); + EVP_PKEY_free(pkey); } else { |