| |
| <h1>ssl.cpp</h1> |
| <div class="highlight"><pre><span></span><span class="cp">#include</span> <span class="cpf">"options.hpp"</span><span class="cp"></span> |
| |
| <span class="cp">#include</span> <span class="cpf"><proton/connection_options.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/connection.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/container.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/error_condition.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/listen_handler.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/listener.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/message.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/messaging_handler.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/ssl.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/tracker.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/transport.hpp></span><span class="cp"></span> |
| |
| <span class="cp">#include</span> <span class="cpf"><iostream></span><span class="cp"></span> |
| |
| <span class="cp">#include</span> <span class="cpf">"fake_cpp11.hpp"</span><span class="cp"></span> |
| |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">connection_options</span><span class="p">;</span> |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl_client_options</span><span class="p">;</span> |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl_server_options</span><span class="p">;</span> |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl_certificate</span><span class="p">;</span> |
| |
| <span class="c1">// Helper functions defined below.</span> |
| <span class="kt">bool</span> <span class="nf">using_OpenSSL</span><span class="p">();</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">platform_CA</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">);</span> |
| <span class="n">ssl_certificate</span> <span class="nf">platform_certificate</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">,</span> <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">passwd</span><span class="p">);</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">find_CN</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="p">);</span> |
| |
| <span class="k">namespace</span> <span class="p">{</span> |
| <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify_full</span><span class="p">(</span><span class="s">"full"</span><span class="p">);</span> <span class="c1">// Normal verification</span> |
| <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify_noname</span><span class="p">(</span><span class="s">"noname"</span><span class="p">);</span> <span class="c1">// Skip matching host name against the certificate</span> |
| <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify_fail</span><span class="p">(</span><span class="s">"fail"</span><span class="p">);</span> <span class="c1">// Force name mismatch failure</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify</span><span class="p">(</span><span class="n">verify_full</span><span class="p">);</span> <span class="c1">// Default for example</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">cert_directory</span><span class="p">;</span> |
| <span class="p">}</span> |
| |
| |
| <span class="k">struct</span> <span class="nl">server_handler</span> <span class="p">:</span> <span class="k">public</span> <span class="n">proton</span><span class="o">::</span><span class="n">messaging_handler</span> <span class="p">{</span> |
| <span class="n">proton</span><span class="o">::</span><span class="n">listener</span> <span class="n">listener</span><span class="p">;</span> |
| |
| <span class="kt">void</span> <span class="nf">on_connection_open</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">connection</span> <span class="o">&</span><span class="n">c</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Inbound server connection connected via SSL. Protocol: "</span> <span class="o"><<</span> |
| <span class="n">c</span><span class="p">.</span><span class="n">transport</span><span class="p">().</span><span class="n">ssl</span><span class="p">().</span><span class="n">protocol</span><span class="p">()</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="n">listener</span><span class="p">.</span><span class="n">stop</span><span class="p">();</span> <span class="c1">// Just expecting the one connection.</span> |
| |
| <span class="c1">// Go and do default inbound open stuff too</span> |
| <span class="n">messaging_handler</span><span class="o">::</span><span class="n">on_connection_open</span><span class="p">(</span><span class="n">c</span><span class="p">);</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="nf">on_transport_error</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">transport</span> <span class="o">&</span><span class="n">t</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">listener</span><span class="p">.</span><span class="n">stop</span><span class="p">();</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="nf">on_message</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">delivery</span> <span class="o">&</span><span class="p">,</span> <span class="n">proton</span><span class="o">::</span><span class="n">message</span> <span class="o">&</span><span class="n">m</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="n">m</span><span class="p">.</span><span class="n">body</span><span class="p">()</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="p">};</span> |
| |
| |
| <span class="k">class</span> <span class="nc">hello_world_direct</span> <span class="o">:</span> <span class="k">public</span> <span class="n">proton</span><span class="o">::</span><span class="n">messaging_handler</span> <span class="p">{</span> |
| <span class="k">private</span><span class="o">:</span> |
| <span class="k">class</span> <span class="nc">listener_open_handler</span> <span class="o">:</span> <span class="k">public</span> <span class="n">proton</span><span class="o">::</span><span class="n">listen_handler</span> <span class="p">{</span> |
| <span class="kt">void</span> <span class="n">on_open</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">listener</span><span class="o">&</span> <span class="n">l</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">ostringstream</span> <span class="n">url</span><span class="p">;</span> |
| <span class="n">url</span> <span class="o"><<</span> <span class="s">"//:"</span> <span class="o"><<</span> <span class="n">l</span><span class="p">.</span><span class="n">port</span><span class="p">()</span> <span class="o"><<</span> <span class="s">"/example"</span><span class="p">;</span> <span class="c1">// Connect to the actual port</span> |
| <span class="n">l</span><span class="p">.</span><span class="n">container</span><span class="p">().</span><span class="n">open_sender</span><span class="p">(</span><span class="n">url</span><span class="p">.</span><span class="n">str</span><span class="p">());</span> |
| <span class="p">}</span> |
| <span class="p">};</span> |
| |
| <span class="n">listener_open_handler</span> <span class="n">listen_handler</span><span class="p">;</span> |
| <span class="n">server_handler</span> <span class="n">s_handler</span><span class="p">;</span> |
| |
| <span class="k">public</span><span class="o">:</span> |
| <span class="kt">void</span> <span class="n">on_container_start</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">container</span> <span class="o">&</span><span class="n">c</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="c1">// Configure listener. Details vary by platform.</span> |
| <span class="n">ssl_certificate</span> <span class="n">server_cert</span> <span class="o">=</span> <span class="n">platform_certificate</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">,</span> <span class="s">"tserverpw"</span><span class="p">);</span> |
| <span class="n">ssl_server_options</span> <span class="nf">ssl_srv</span><span class="p">(</span><span class="n">server_cert</span><span class="p">);</span> |
| <span class="n">connection_options</span> <span class="n">server_opts</span><span class="p">;</span> |
| <span class="n">server_opts</span><span class="p">.</span><span class="n">ssl_server_options</span><span class="p">(</span><span class="n">ssl_srv</span><span class="p">).</span><span class="n">handler</span><span class="p">(</span><span class="n">s_handler</span><span class="p">);</span> |
| <span class="n">c</span><span class="p">.</span><span class="n">server_connection_options</span><span class="p">(</span><span class="n">server_opts</span><span class="p">);</span> |
| |
| <span class="c1">// Configure client with a Certificate Authority database</span> |
| <span class="c1">// populated with the server's self signed certificate.</span> |
| <span class="n">connection_options</span> <span class="n">client_opts</span><span class="p">;</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_full</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">ssl_client_options</span> <span class="n">ssl_cli</span><span class="p">(</span><span class="n">platform_CA</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">));</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">ssl_client_options</span><span class="p">(</span><span class="n">ssl_cli</span><span class="p">);</span> |
| <span class="c1">// The next line is optional in normal use. Since the</span> |
| <span class="c1">// example uses IP addresses in the connection string, use</span> |
| <span class="c1">// the virtual_host option to set the server host name</span> |
| <span class="c1">// used for certificate verification:</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">virtual_host</span><span class="p">(</span><span class="s">"test_server"</span><span class="p">);</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_noname</span><span class="p">)</span> <span class="p">{</span> |
| <span class="c1">// Downgrade the verification from VERIFY_PEER_NAME to VERIFY_PEER.</span> |
| <span class="n">ssl_client_options</span> <span class="n">ssl_cli</span><span class="p">(</span><span class="n">platform_CA</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">),</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl</span><span class="o">::</span><span class="n">VERIFY_PEER</span><span class="p">);</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">ssl_client_options</span><span class="p">(</span><span class="n">ssl_cli</span><span class="p">);</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_fail</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">ssl_client_options</span> <span class="n">ssl_cli</span><span class="p">(</span><span class="n">platform_CA</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">));</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">ssl_client_options</span><span class="p">(</span><span class="n">ssl_cli</span><span class="p">);</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">virtual_host</span><span class="p">(</span><span class="s">"wrong_name_for_server"</span><span class="p">);</span> <span class="c1">// Pick any name that doesn't match.</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="k">throw</span> <span class="n">std</span><span class="o">::</span><span class="n">logic_error</span><span class="p">(</span><span class="s">"bad verify mode: "</span> <span class="o">+</span> <span class="n">verify</span><span class="p">);</span> |
| |
| <span class="n">c</span><span class="p">.</span><span class="n">client_connection_options</span><span class="p">(</span><span class="n">client_opts</span><span class="p">);</span> |
| <span class="n">s_handler</span><span class="p">.</span><span class="n">listener</span> <span class="o">=</span> <span class="n">c</span><span class="p">.</span><span class="n">listen</span><span class="p">(</span><span class="s">"//:0"</span><span class="p">,</span> <span class="n">listen_handler</span><span class="p">);</span> <span class="c1">// Listen on port 0 for a dynamic port</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_connection_open</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">connection</span> <span class="o">&</span><span class="n">c</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">subject</span> <span class="o">=</span> <span class="n">c</span><span class="p">.</span><span class="n">transport</span><span class="p">().</span><span class="n">ssl</span><span class="p">().</span><span class="n">remote_subject</span><span class="p">();</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Outgoing client connection connected via SSL. Server certificate identity "</span> <span class="o"><<</span> |
| <span class="n">find_CN</span><span class="p">(</span><span class="n">subject</span><span class="p">)</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_transport_error</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">transport</span> <span class="o">&</span><span class="n">t</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">err</span> <span class="o">=</span> <span class="n">t</span><span class="p">.</span><span class="n">error</span><span class="p">().</span><span class="n">what</span><span class="p">();</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_fail</span> <span class="o">&&</span> <span class="n">err</span><span class="p">.</span><span class="n">find</span><span class="p">(</span><span class="s">"certificate"</span><span class="p">)</span> <span class="o">!=</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="o">::</span><span class="n">npos</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Expected failure of connection with wrong peer name: "</span> <span class="o"><<</span> <span class="n">err</span> |
| <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Unexpected transport error: "</span> <span class="o"><<</span> <span class="n">err</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_sendable</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">sender</span> <span class="o">&</span><span class="n">s</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">proton</span><span class="o">::</span><span class="n">message</span> <span class="n">m</span><span class="p">;</span> |
| <span class="n">m</span><span class="p">.</span><span class="n">body</span><span class="p">(</span><span class="s">"Hello World!"</span><span class="p">);</span> |
| <span class="n">s</span><span class="p">.</span><span class="n">send</span><span class="p">(</span><span class="n">m</span><span class="p">);</span> |
| <span class="n">s</span><span class="p">.</span><span class="n">close</span><span class="p">();</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_tracker_accept</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">tracker</span> <span class="o">&</span><span class="n">t</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="c1">// All done.</span> |
| <span class="n">t</span><span class="p">.</span><span class="n">connection</span><span class="p">().</span><span class="n">close</span><span class="p">();</span> |
| <span class="p">}</span> |
| <span class="p">};</span> |
| |
| <span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">**</span><span class="n">argv</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">example</span><span class="o">::</span><span class="n">options</span> <span class="n">opts</span><span class="p">(</span><span class="n">argc</span><span class="p">,</span> <span class="n">argv</span><span class="p">);</span> |
| <span class="n">opts</span><span class="p">.</span><span class="n">add_value</span><span class="p">(</span><span class="n">cert_directory</span><span class="p">,</span> <span class="sc">'c'</span><span class="p">,</span> <span class="s">"cert_directory"</span><span class="p">,</span> |
| <span class="s">"directory containing SSL certificates and private key information"</span><span class="p">,</span> <span class="s">"CERTDIR"</span><span class="p">);</span> |
| <span class="n">opts</span><span class="p">.</span><span class="n">add_value</span><span class="p">(</span><span class="n">verify</span><span class="p">,</span> <span class="sc">'v'</span><span class="p">,</span> <span class="s">"verify"</span><span class="p">,</span> <span class="s">"verify type: </span><span class="se">\"</span><span class="s">minimum</span><span class="se">\"</span><span class="s">, </span><span class="se">\"</span><span class="s">full</span><span class="se">\"</span><span class="s">, </span><span class="se">\"</span><span class="s">fail</span><span class="se">\"</span><span class="s">"</span><span class="p">,</span> <span class="s">"VERIFY"</span><span class="p">);</span> |
| |
| <span class="k">try</span> <span class="p">{</span> |
| <span class="n">opts</span><span class="p">.</span><span class="n">parse</span><span class="p">();</span> |
| |
| <span class="kt">size_t</span> <span class="n">sz</span> <span class="o">=</span> <span class="n">cert_directory</span><span class="p">.</span><span class="n">size</span><span class="p">();</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">sz</span> <span class="o">&&</span> <span class="n">cert_directory</span><span class="p">[</span><span class="n">sz</span> <span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="o">!=</span> <span class="sc">'/'</span><span class="p">)</span> |
| <span class="n">cert_directory</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="s">"/"</span><span class="p">);</span> |
| <span class="k">else</span> <span class="n">cert_directory</span> <span class="o">=</span> <span class="s">"ssl_certs/"</span><span class="p">;</span> |
| |
| <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">!=</span> <span class="n">verify_noname</span> <span class="o">&&</span> <span class="n">verify</span> <span class="o">!=</span> <span class="n">verify_full</span> <span class="o">&&</span> <span class="n">verify</span> <span class="o">!=</span> <span class="n">verify_fail</span><span class="p">)</span> |
| <span class="k">throw</span> <span class="n">std</span><span class="o">::</span><span class="n">runtime_error</span><span class="p">(</span><span class="s">"bad verify argument: "</span> <span class="o">+</span> <span class="n">verify</span><span class="p">);</span> |
| |
| <span class="n">hello_world_direct</span> <span class="n">hwd</span><span class="p">;</span> |
| <span class="n">proton</span><span class="o">::</span><span class="n">container</span><span class="p">(</span><span class="n">hwd</span><span class="p">).</span><span class="n">run</span><span class="p">();</span> |
| <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> |
| <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">exception</span><span class="o">&</span> <span class="n">e</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="n">e</span><span class="p">.</span><span class="n">what</span><span class="p">()</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="k">return</span> <span class="mi">1</span><span class="p">;</span> |
| <span class="p">}</span> |
| |
| |
| <span class="kt">bool</span> <span class="nf">using_OpenSSL</span><span class="p">()</span> <span class="p">{</span> |
| <span class="c1">// Current defaults.</span> |
| <span class="cp">#if defined(WIN32)</span> |
| <span class="k">return</span> <span class="nb">false</span><span class="p">;</span> |
| <span class="cp">#else</span> |
| <span class="k">return</span> <span class="nb">true</span><span class="p">;</span> |
| <span class="cp">#endif</span> |
| <span class="p">}</span> |
| |
| <span class="n">ssl_certificate</span> <span class="nf">platform_certificate</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">,</span> <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">passwd</span><span class="p">)</span> <span class="p">{</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">using_OpenSSL</span><span class="p">())</span> <span class="p">{</span> |
| <span class="c1">// The first argument will be the name of the file containing the public certificate, the</span> |
| <span class="c1">// second argument will be the name of the file containing the private key.</span> |
| <span class="k">return</span> <span class="n">ssl_certificate</span><span class="p">(</span><span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-certificate.pem"</span><span class="p">,</span> |
| <span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-private-key.pem"</span><span class="p">,</span> <span class="n">passwd</span><span class="p">);</span> |
| <span class="p">}</span> |
| <span class="k">else</span> <span class="p">{</span> |
| <span class="c1">// Windows SChannel</span> |
| <span class="c1">// The first argument will be the database or store that contains one or more complete certificates</span> |
| <span class="c1">// (public and private data). The second will be an optional name of the certificate in the store</span> |
| <span class="c1">// (not used in this example with one certificate per store).</span> |
| <span class="k">return</span> <span class="n">ssl_certificate</span><span class="p">(</span><span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-full.p12"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="n">passwd</span><span class="p">);</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">platform_CA</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">)</span> <span class="p">{</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">using_OpenSSL</span><span class="p">())</span> <span class="p">{</span> |
| <span class="c1">// In this simple example with self-signed certificates, the peer's certificate is the CA database.</span> |
| <span class="k">return</span> <span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-certificate.pem"</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="k">else</span> <span class="p">{</span> |
| <span class="c1">// Windows SChannel. Use a pkcs#12 file with just the peer's public certificate information.</span> |
| <span class="k">return</span> <span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-certificate.p12"</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">find_CN</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">subject</span><span class="p">)</span> <span class="p">{</span> |
| <span class="c1">// The subject string is returned with different whitespace and component ordering between platforms.</span> |
| <span class="c1">// Here we just return the common name by searching for "CN=...." in the subject, knowing that</span> |
| <span class="c1">// the test certificates do not contain any escaped characters.</span> |
| <span class="kt">size_t</span> <span class="n">pos</span> <span class="o">=</span> <span class="n">subject</span><span class="p">.</span><span class="n">find</span><span class="p">(</span><span class="s">"CN="</span><span class="p">);</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">pos</span> <span class="o">==</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="o">::</span><span class="n">npos</span><span class="p">)</span> <span class="k">throw</span> <span class="n">std</span><span class="o">::</span><span class="n">runtime_error</span><span class="p">(</span><span class="s">"No common name in certificate subject"</span><span class="p">);</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">cn</span> <span class="o">=</span> <span class="n">subject</span><span class="p">.</span><span class="n">substr</span><span class="p">(</span><span class="n">pos</span><span class="p">);</span> |
| <span class="n">pos</span> <span class="o">=</span> <span class="n">cn</span><span class="p">.</span><span class="n">find</span><span class="p">(</span><span class="sc">','</span><span class="p">);</span> |
| <span class="k">return</span> <span class="n">pos</span> <span class="o">==</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="o">::</span><span class="n">npos</span> <span class="o">?</span> <span class="nl">cn</span> <span class="p">:</span> <span class="n">cn</span><span class="p">.</span><span class="n">substr</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">pos</span><span class="p">);</span> |
| <span class="p">}</span> |
| </pre></div> |
| |
| <p><a href="ssl.cpp">Download this file</a></p> |