Make PeerDoor implementation private

2025-12-02 08:55:53 +00:00 · 2013-07-10 09:51:04 -07:00
parent 2db798b38f
commit e4c02aa122
11 changed files with 251 additions and 188 deletions
--- a/modules/ripple_basio/boost/ripple_SslContext.cpp
+++ b/modules/ripple_basio/boost/ripple_SslContext.cpp
@@ -26,4 +26,85 @@ SslContext::SslContext ()
 {
 }

+// VFALCO TODO Can we call this function from the ctor of PeerDoor as well?
+//             Or can we move the common code to a new function?
+//
+void SslContext::initializeFromFile (
+    boost::asio::ssl::context& context,
+    std::string key_file,
+    std::string cert_file,
+    std::string chain_file)
+{
+    SSL_CTX* sslContext = context.native_handle ();
+
+    context.set_options (boost::asio::ssl::context::default_workarounds |
+                         boost::asio::ssl::context::no_sslv2 |
+                         boost::asio::ssl::context::single_dh_use);
+
+    bool cert_set = false;
+
+    if (!cert_file.empty ())
+    {
+        boost::system::error_code error;
+        context.use_certificate_file (cert_file, boost::asio::ssl::context::pem, error);
+
+        if (error)
+            throw std::runtime_error ("Unable to use certificate file");
+
+        cert_set = true;
+    }
+
+    if (!chain_file.empty ())
+    {
+        // VFALCO Replace fopen() with RAII
+        FILE* f = fopen (chain_file.c_str (), "r");
+
+        if (!f)
+            throw std::runtime_error ("Unable to open chain file");
+
+        try
+        {
+            while (true)
+            {
+                X509* x = PEM_read_X509 (f, NULL, NULL, NULL);
+
+                if (x == NULL)
+                    break;
+
+                if (!cert_set)
+                {
+                    if (SSL_CTX_use_certificate (sslContext, x) != 1)
+                        throw std::runtime_error ("Unable to get certificate from chain file");
+
+                    cert_set = true;
+                }
+                else if (SSL_CTX_add_extra_chain_cert (sslContext, x) != 1)
+                {
+                    X509_free (x);
+                    throw std::runtime_error ("Unable to add chain certificate");
+                }
+            }
+
+            fclose (f);
+        }
+        catch (...)
+        {
+            fclose (f);
+            throw;
+        }
+    }
+
+    if (!key_file.empty ())
+    {
+        boost::system::error_code error;
+        context.use_private_key_file (key_file, boost::asio::ssl::context::pem, error);
+
+        if (error)
+            throw std::runtime_error ("Unable to use private key file");
+    }
+
+    if (SSL_CTX_check_private_key (sslContext) != 1)
+        throw std::runtime_error ("Private key not valid");
+}
+
 }