static void SSL_initializeCert() {
- char *crt, *key, *pass;
+ char *crt = (char *)getStrConf(CERTIFICATE);
+ char *key = (char *)getStrConf(KEY);
- crt = (char *)getStrConf(CERTIFICATE);
- key = (char *)getStrConf(KEY);
- pass = (char *)getStrConf(PASSPHRASE);
+ if (context) {
+ bool did_load_cert = SSL_CTX_use_certificate_chain_file(context, crt);
+ rsa = SSL_readprivatekey(key);
- x509 = SSL_readcert(crt);
- rsa = SSL_readprivatekey(key);
- if (rsa != NULL) {
- pkey = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(pkey, rsa);
- }
-
-
-#if 0
- /* Later ... */
- if (key && !x509) {
- qscCert = QSslCertificate(key);
- if (! qscCert.isNull()) {
- logthis("Using certificate from key.");
- }
- }
-
- if (! qscCert.isNull()) {
- QSsl::KeyAlgorithm alg = qscCert.publicKey().algorithm();
- /* Fetch algorith from cert */
- if (! key.isEmpty()) {
- /* get key */
- qskKey = QSslKey(key, alg, QSsl::Pem, QSsl::PrivateKey, pass);
- if (qskKey.isNull()) {
- logthis("Failed to parse key.");
- }
- }
+ if (!rsa || !did_load_cert) {
+ Log_info("Generating new server certificate.");
- if (! crt.isEmpty() && qskKey.isNull()) {
- /* get key from certificate */
- qskKey = QSslKey(crt, alg, QSsl::Pem, QSsl::PrivateKey, pass);
- if (! qskKey.isNull()) {
- logthis("Using key from certificate.");
- }
- }
- }
-#endif
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- if (!rsa || !x509) {
- Log_info("Generating new server certificate.");
+ x509 = X509_new();
+ pkey = EVP_PKEY_new();
+ rsa = RSA_generate_key(4096,RSA_F4,NULL,NULL);
+ EVP_PKEY_assign_RSA(pkey, rsa);
+ X509_set_version(x509, 2);
+ ASN1_INTEGER_set(X509_get_serialNumber(x509),1);
+ X509_gmtime_adj(X509_get_notBefore(x509),0);
+ X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365);
+ X509_set_pubkey(x509, pkey);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ X509_NAME *name=X509_get_subject_name(x509);
- x509 = X509_new();
- pkey = EVP_PKEY_new();
- rsa = RSA_generate_key(1024,RSA_F4,NULL,NULL);
- EVP_PKEY_assign_RSA(pkey, rsa);
+ X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const uint8_t *)"Murmur Autogenerated Certificate v2", -1, -1, 0);
+ X509_set_issuer_name(x509, name);
+ SSL_add_ext(x509, NID_basic_constraints, "critical,CA:FALSE");
+ SSL_add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth");
+ SSL_add_ext(x509, NID_subject_key_identifier, "hash");
+ SSL_add_ext(x509, NID_netscape_comment, "Generated from umurmur");
- X509_set_version(x509, 2);
- ASN1_INTEGER_set(X509_get_serialNumber(x509),1);
- X509_gmtime_adj(X509_get_notBefore(x509),0);
- X509_gmtime_adj(X509_get_notAfter(x509),60*60*24*365);
- X509_set_pubkey(x509, pkey);
+ X509_sign(x509, pkey, EVP_md5());
- X509_NAME *name=X509_get_subject_name(x509);
+ SSL_writecert(crt, x509);
+ SSL_writekey(key, rsa);
- X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const uint8_t *)"Murmur Autogenerated Certificate v2", -1, -1, 0);
- X509_set_issuer_name(x509, name);
- SSL_add_ext(x509, NID_basic_constraints, "critical,CA:FALSE");
- SSL_add_ext(x509, NID_ext_key_usage, "serverAuth,clientAuth");
- SSL_add_ext(x509, NID_subject_key_identifier, "hash");
- SSL_add_ext(x509, NID_netscape_comment, "Generated from umurmur");
+ SSL_CTX_use_certificate(context, x509);
+ } else {
+ pkey = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(pkey, rsa);
+ }
- X509_sign(x509, pkey, EVP_md5());
+ SSL_CTX_use_PrivateKey(context, pkey);
- SSL_writecert(crt, x509);
- SSL_writekey(key, rsa);
+ } else {
+ Log_fatal("Failed to initialize TLS context.");
}
}
void SSLi_init(void)
{
- SSL_METHOD *method;
SSL *ssl;
int i, offset = 0, cipherstringlen = 0;
STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL;
SSL_CIPHER *cipher;
- char *cipherstring, tempstring[128];
+ char *cipherstring;
SSL_library_init();
- OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
- SSL_load_error_strings(); /* load all error messages */
- ERR_load_crypto_strings(); /* load all error messages */
- method = SSLv23_server_method(); /* create new server-method instance */
- context = SSL_CTX_new(method); /* create new context from method */
+ OpenSSL_add_all_algorithms();
+ SSL_load_error_strings();
+ ERR_load_crypto_strings();
+
+ context = SSL_CTX_new(SSLv23_server_method());
if (context == NULL)
{
ERR_print_errors_fp(stderr);
}
SSL_initializeCert();
- if (SSL_CTX_use_certificate(context, x509) <= 0)
- Log_fatal("Failed to initialize cert");
- if (SSL_CTX_use_PrivateKey(context, pkey) <= 0) {
- ERR_print_errors_fp(stderr);
- Log_fatal("Failed to initialize private key");
- }
/* Set cipher list */
ssl = SSL_new(context);
projects / umurmur.git / commitdiff