(mbedtls) correct support for using own certificate and private key
This commit is contained in:
Benjamin Sergeant
parent
8e7d310439
commit
d1a4cab134
@ -1,6 +1,10 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
## [7.6.2] - 2019-12-20
|
||||||
|
|
||||||
|
(mbedtls) correct support for using own certificate and private key
|
||||||
|
|
||||||
## [7.6.1] - 2019-12-20
|
## [7.6.1] - 2019-12-20
|
||||||
|
|
||||||
(ws commands) in websocket proxy, disable automatic reconnections + in Dockerfile, use alpine 3.11
|
(ws commands) in websocket proxy, disable automatic reconnections + in Dockerfile, use alpine 3.11
|
||||||
|
|||||||
@ -71,11 +71,16 @@ namespace ix
|
|||||||
|
|
||||||
if (_tlsOptions.hasCertAndKey())
|
if (_tlsOptions.hasCertAndKey())
|
||||||
{
|
{
|
||||||
if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.certFile.c_str()) < 0)
|
if (mbedtls_x509_crt_parse_file(&_cert, _tlsOptions.certFile.c_str()) < 0)
|
||||||
{
|
{
|
||||||
errMsg = "Cannot parse cert file '" + _tlsOptions.certFile + "'";
|
errMsg = "Cannot parse cert file '" + _tlsOptions.certFile + "'";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (mbedtls_pk_parse_keyfile(&_pkey, _tlsOptions.keyFile.c_str(), "") < 0)
|
||||||
|
{
|
||||||
|
errMsg = "Cannot parse key file '" + _tlsOptions.keyFile + "'";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_tlsOptions.isPeerVerifyDisabled())
|
if (_tlsOptions.isPeerVerifyDisabled())
|
||||||
@ -84,7 +89,7 @@ namespace ix
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
mbedtls_ssl_conf_ca_chain(&_conf, &_cacert, NULL);
|
mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||||
|
|
||||||
// FIXME: should we call mbedtls_ssl_conf_verify ?
|
// FIXME: should we call mbedtls_ssl_conf_verify ?
|
||||||
|
|
||||||
@ -97,7 +102,13 @@ namespace ix
|
|||||||
errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'";
|
errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
|
||||||
|
mbedtls_ssl_conf_ca_chain(&_conf, &_cacert, NULL);
|
||||||
|
|
||||||
|
if (_tlsOptions.hasCertAndKey())
|
||||||
|
{
|
||||||
|
mbedtls_ssl_conf_own_cert(&_conf, &_cert, &_pkey);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mbedtls_ssl_setup(&_ssl, &_conf) != 0)
|
if (mbedtls_ssl_setup(&_ssl, &_conf) != 0)
|
||||||
|
|||||||
@ -45,6 +45,7 @@ namespace ix
|
|||||||
mbedtls_ctr_drbg_context _ctr_drbg;
|
mbedtls_ctr_drbg_context _ctr_drbg;
|
||||||
mbedtls_x509_crt _cacert;
|
mbedtls_x509_crt _cacert;
|
||||||
mbedtls_x509_crt _cert;
|
mbedtls_x509_crt _cert;
|
||||||
|
mbedtls_pk_context _pkey;
|
||||||
|
|
||||||
std::mutex _mutex;
|
std::mutex _mutex;
|
||||||
SocketTLSOptions _tlsOptions;
|
SocketTLSOptions _tlsOptions;
|
||||||
|
|||||||
@ -6,4 +6,4 @@
|
|||||||
|
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#define IX_WEBSOCKET_VERSION "7.6.1"
|
#define IX_WEBSOCKET_VERSION "7.6.2"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user