Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
arangodb/lib/Basics/ssl-helper.cpp

140 lines
4.1 KiB
C++
Raw Blame History

////////////////////////////////////////////////////////////////////////////////
/// @brief ssl helper functions
///
/// @file
///
/// DISCLAIMER
///
/// Copyright 2014 ArangoDB GmbH, Cologne, Germany
/// Copyright 2004-2014 triAGENS GmbH, Cologne, Germany
///
/// Licensed under the Apache License, Version 2.0 (the "License");
/// you may not use this file except in compliance with the License.
/// You may obtain a copy of the License at
///
/// http://www.apache.org/licenses/LICENSE-2.0
///
/// Unless required by applicable law or agreed to in writing, software
/// distributed under the License is distributed on an "AS IS" BASIS,
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
/// See the License for the specific language governing permissions and
/// limitations under the License.
///
/// Copyright holder is ArangoDB GmbH, Cologne, Germany
///
/// @author Jan Steemann
/// @author Copyright 2014, ArangoDB GmbH, Cologne, Germany
/// @author Copyright 2012-2013, triAGENS GmbH, Cologne, Germany
////////////////////////////////////////////////////////////////////////////////
#include "ssl-helper.h"
#include <openssl/err.h>
#include "Basics/logging.h"
using namespace triagens::basics;
using namespace std;
// -----------------------------------------------------------------------------
// --SECTION-- public functions
// -----------------------------------------------------------------------------
////////////////////////////////////////////////////////////////////////////////
/// @brief creates an SSL context
////////////////////////////////////////////////////////////////////////////////
SSL_CTX* triagens::basics::sslContext (protocol_e protocol, string const& keyfile) {
// create our context
SSL_METHOD SSL_CONST* meth = nullptr;
switch (protocol) {
#ifndef OPENSSL_NO_SSL2
case SSL_V2:
meth = SSLv2_method();
break;
#endif
case SSL_V3:
meth = SSLv3_method();
break;
case SSL_V23:
meth = SSLv23_method();
break;
case TLS_V1:
meth = TLSv1_method();
break;
default:
LOG_ERROR("unknown SSL protocol method");
return nullptr;
}
SSL_CTX* sslctx = SSL_CTX_new(meth);
// load our keys and certificates
if (! SSL_CTX_use_certificate_chain_file(sslctx, keyfile.c_str())) {
LOG_ERROR("cannot read certificate from '%s': %s", keyfile.c_str(), triagens::basics::lastSSLError().c_str());
return nullptr;
}
if (! SSL_CTX_use_PrivateKey_file(sslctx, keyfile.c_str(), SSL_FILETYPE_PEM)) {
LOG_ERROR("cannot read key from '%s': %s", keyfile.c_str(), triagens::basics::lastSSLError().c_str());
return nullptr;
}
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(sslctx, 1);
#endif
return sslctx;
}
////////////////////////////////////////////////////////////////////////////////
/// @brief get the name of an SSL protocol version
////////////////////////////////////////////////////////////////////////////////
string triagens::basics::protocolName (const protocol_e protocol) {
switch (protocol) {
case SSL_V2:
return "SSLv2";
case SSL_V23:
return "SSLv23";
case SSL_V3:
return "SSLv3";
case TLS_V1:
return "TLSv1";
default:
return "unknown";
}
}
////////////////////////////////////////////////////////////////////////////////
/// @brief get last SSL error
////////////////////////////////////////////////////////////////////////////////
string triagens::basics::lastSSLError () {
char buf[122];
memset(buf, 0, sizeof(buf));
unsigned long err = ERR_get_error();
ERR_error_string_n(err, buf, sizeof(buf) - 1);
return string(buf);
}
// -----------------------------------------------------------------------------
// --SECTION-- END-OF-FILE
// -----------------------------------------------------------------------------
// Local Variables:
// mode: outline-minor
// outline-regexp: "/// @brief\\|/// {@inheritDoc}\\|/// @page\\|// --SECTION--\\|/// @\\}"
// End:
Reference in New Issue View Git Blame Copy Permalink