summaryrefslogtreecommitdiff
path: root/modules/openssl
diff options
context:
space:
mode:
authorRémi Verschelde <rverschelde@gmail.com>2017-03-05 16:44:50 +0100
committerRémi Verschelde <rverschelde@gmail.com>2017-03-05 16:44:50 +0100
commit5dbf1809c6e3e905b94b8764e99491e608122261 (patch)
tree5e5a5360db15d86d59ec8c6e4f7eb511388c5a9a /modules/openssl
parent45438e9918d421b244bfd7776a30e67dc7f2d3e3 (diff)
A Whole New World (clang-format edition)
I can show you the code Pretty, with proper whitespace Tell me, coder, now when did You last write readable code? I can open your eyes Make you see your bad indent Force you to respect the style The core devs agreed upon A whole new world A new fantastic code format A de facto standard With some sugar Enforced with clang-format A whole new world A dazzling style we all dreamed of And when we read it through It's crystal clear That now we're in a whole new world of code
Diffstat (limited to 'modules/openssl')
-rw-r--r--modules/openssl/stream_peer_openssl.cpp360
-rw-r--r--modules/openssl/stream_peer_openssl.h50
2 files changed, 186 insertions, 224 deletions
diff --git a/modules/openssl/stream_peer_openssl.cpp b/modules/openssl/stream_peer_openssl.cpp
index 43a1f610d8..3b25b8a50e 100644
--- a/modules/openssl/stream_peer_openssl.cpp
+++ b/modules/openssl/stream_peer_openssl.cpp
@@ -29,12 +29,11 @@
#include "stream_peer_openssl.h"
//hostname matching code from curl
-
//#include <openssl/applink.c> // To prevent crashing (see the OpenSSL FAQ)
bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) {
- return Tool_Curl_cert_hostcheck(name,hostname)==CURL_HOST_MATCH;
+ return Tool_Curl_cert_hostcheck(name, hostname) == CURL_HOST_MATCH;
//print_line("MATCH: "+String(name)+" vs "+String(hostname));
//return true;
}
@@ -47,36 +46,32 @@ Error StreamPeerOpenSSL::_match_common_name(const char *hostname, const X509 *se
char *common_name_str = NULL;
// Find the position of the CN field in the Subject field of the certificate
- common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1);
+ common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *)server_cert), NID_commonName, -1);
- ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER );
+ ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER);
// Extract the CN field
- common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc);
+ common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *)server_cert), common_name_loc);
- ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER );
+ ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER);
// Convert the CN field to a C string
common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
- ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER );
+ ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER);
- common_name_str = (char *) ASN1_STRING_data(common_name_asn1);
+ common_name_str = (char *)ASN1_STRING_data(common_name_asn1);
// Make sure there isn't an embedded NUL character in the CN
bool malformed_certificate = (size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str);
- ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER );
-
+ ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER);
// Compare expected hostname with the CN
-
- return _match_host_name(common_name_str,hostname)?OK:FAILED;
-
+ return _match_host_name(common_name_str, hostname) ? OK : FAILED;
}
-
/**
* Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
*
@@ -90,26 +85,25 @@ Error StreamPeerOpenSSL::_match_subject_alternative_name(const char *hostname, c
STACK_OF(GENERAL_NAME) *san_names = NULL;
// Try to extract the names within the SAN extension from the certificate
- san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
+ san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *)server_cert, NID_subject_alt_name, NULL, NULL);
if (san_names == NULL) {
return ERR_FILE_NOT_FOUND;
}
san_names_nb = sk_GENERAL_NAME_num(san_names);
// Check each name within the extension
- for (i=0; i<san_names_nb; i++) {
+ for (i = 0; i < san_names_nb; i++) {
const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
if (current_name->type == GEN_DNS) {
// Current name is a DNS name, let's check it
- char *dns_name = (char *) ASN1_STRING_data(current_name->d.dNSName);
+ char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName);
// Make sure there isn't an embedded NUL character in the DNS name
if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
result = ERR_INVALID_PARAMETER;
break;
- }
- else { // Compare expected hostname with the DNS name
+ } else { // Compare expected hostname with the DNS name
if (_match_host_name(dns_name, hostname)) {
result = OK;
break;
@@ -131,19 +125,19 @@ int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg
bool base_cert_valid = X509_verify_cert(x509_ctx);
if (!base_cert_valid) {
- print_line("Cause: "+String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx))));
+ print_line("Cause: " + String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx))));
ERR_print_errors_fp(stdout);
}
X509 *server_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
- ERR_FAIL_COND_V(!server_cert,0);
+ ERR_FAIL_COND_V(!server_cert, 0);
char cert_str[256];
- X509_NAME_oneline(X509_get_subject_name (server_cert),
- cert_str, sizeof (cert_str));
+ X509_NAME_oneline(X509_get_subject_name(server_cert),
+ cert_str, sizeof(cert_str));
- print_line("CERT STR: "+String(cert_str));
- print_line("VALID: "+itos(base_cert_valid));
+ print_line("CERT STR: " + String(cert_str));
+ print_line("VALID: " + itos(base_cert_valid));
if (!base_cert_valid)
return 0;
@@ -152,27 +146,24 @@ int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg
if (ssl->validate_hostname) {
- Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(),server_cert);
+ Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(), server_cert);
- if (err==ERR_FILE_NOT_FOUND) {
+ if (err == ERR_FILE_NOT_FOUND) {
- err = _match_common_name(ssl->hostname.utf8().get_data(),server_cert);
+ err = _match_common_name(ssl->hostname.utf8().get_data(), server_cert);
}
- if (err!=OK) {
+ if (err != OK) {
- ssl->status=STATUS_ERROR_HOSTNAME_MISMATCH;
+ ssl->status = STATUS_ERROR_HOSTNAME_MISMATCH;
return 0;
}
}
return 1;
-
}
-
-
-int StreamPeerOpenSSL::_bio_create( BIO *b ) {
+int StreamPeerOpenSSL::_bio_create(BIO *b) {
b->init = 1;
b->num = 0;
b->ptr = NULL;
@@ -180,31 +171,29 @@ int StreamPeerOpenSSL::_bio_create( BIO *b ) {
return 1;
}
-int StreamPeerOpenSSL::_bio_destroy( BIO *b )
-{
- if ( b == NULL )
+int StreamPeerOpenSSL::_bio_destroy(BIO *b) {
+ if (b == NULL)
return 0;
- b->ptr = NULL; /* sb_tls_remove() will free it */
+ b->ptr = NULL; /* sb_tls_remove() will free it */
b->init = 0;
b->flags = 0;
return 1;
}
-int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) {
+int StreamPeerOpenSSL::_bio_read(BIO *b, char *buf, int len) {
-
- if ( buf == NULL || len <= 0 ) return 0;
+ if (buf == NULL || len <= 0) return 0;
StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
- ERR_FAIL_COND_V( sp == NULL, 0);
+ ERR_FAIL_COND_V(sp == NULL, 0);
- BIO_clear_retry_flags( b );
+ BIO_clear_retry_flags(b);
if (sp->use_blocking) {
- Error err = sp->base->get_data((uint8_t*)buf,len);
- if (err!=OK) {
+ Error err = sp->base->get_data((uint8_t *)buf, len);
+ if (err != OK) {
return -1;
}
@@ -212,12 +201,12 @@ int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) {
} else {
int got;
- Error err = sp->base->get_partial_data((uint8_t*)buf,len,got);
- if (err!=OK) {
+ Error err = sp->base->get_partial_data((uint8_t *)buf, len, got);
+ if (err != OK) {
return -1;
}
- if (got==0) {
- BIO_set_retry_read( b );
+ if (got == 0) {
+ BIO_set_retry_read(b);
}
return got;
}
@@ -226,19 +215,19 @@ int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) {
return 0;
}
-int StreamPeerOpenSSL::_bio_write( BIO *b, const char *buf, int len ) {
+int StreamPeerOpenSSL::_bio_write(BIO *b, const char *buf, int len) {
- if ( buf == NULL || len <= 0 ) return 0;
+ if (buf == NULL || len <= 0) return 0;
StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
- ERR_FAIL_COND_V( sp == NULL, 0);
+ ERR_FAIL_COND_V(sp == NULL, 0);
- BIO_clear_retry_flags( b );
+ BIO_clear_retry_flags(b);
if (sp->use_blocking) {
- Error err = sp->base->put_data((const uint8_t*)buf,len);
- if (err!=OK) {
+ Error err = sp->base->put_data((const uint8_t *)buf, len);
+ if (err != OK) {
return -1;
}
@@ -246,43 +235,39 @@ int StreamPeerOpenSSL::_bio_write( BIO *b, const char *buf, int len ) {
} else {
int sent;
- Error err = sp->base->put_partial_data((const uint8_t*)buf,len,sent);
- if (err!=OK) {
+ Error err = sp->base->put_partial_data((const uint8_t *)buf, len, sent);
+ if (err != OK) {
return -1;
}
- if (sent==0) {
- BIO_set_retry_write( b );
+ if (sent == 0) {
+ BIO_set_retry_write(b);
}
return sent;
-
}
//unreachable
return 0;
}
-long StreamPeerOpenSSL::_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
-{
- if ( cmd == BIO_CTRL_FLUSH ) {
+long StreamPeerOpenSSL::_bio_ctrl(BIO *b, int cmd, long num, void *ptr) {
+ if (cmd == BIO_CTRL_FLUSH) {
/* The OpenSSL library needs this */
return 1;
}
return 0;
}
-int StreamPeerOpenSSL::_bio_gets( BIO *b, char *buf, int len )
-{
+int StreamPeerOpenSSL::_bio_gets(BIO *b, char *buf, int len) {
return -1;
}
-int StreamPeerOpenSSL::_bio_puts( BIO *b, const char *str )
-{
- return _bio_write( b, str, strlen( str ) );
+int StreamPeerOpenSSL::_bio_puts(BIO *b, const char *str) {
+ return _bio_write(b, str, strlen(str));
}
BIO_METHOD StreamPeerOpenSSL::_bio_method = {
/* it's a source/sink BIO */
- ( 100 | 0x400 ),
+ (100 | 0x400),
"streampeer glue",
_bio_write,
_bio_read,
@@ -293,35 +278,29 @@ BIO_METHOD StreamPeerOpenSSL::_bio_method = {
_bio_destroy
};
-Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String& p_for_hostname) {
+Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String &p_for_hostname) {
if (connected)
disconnect_from_stream();
-
- hostname=p_for_hostname;
- status=STATUS_DISCONNECTED;
+ hostname = p_for_hostname;
+ status = STATUS_DISCONNECTED;
// Set up a SSL_CTX object, which will tell our BIO object how to do its work
ctx = SSL_CTX_new(SSLv23_client_method());
- base=p_base;
- validate_certs=p_validate_certs;
- validate_hostname=p_for_hostname!="";
-
-
-
+ base = p_base;
+ validate_certs = p_validate_certs;
+ validate_hostname = p_for_hostname != "";
if (p_validate_certs) {
-
if (certs.size()) {
//yay for undocumented OpenSSL functions
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
- for(int i=0;i<certs.size();i++) {
-
- X509_STORE_add_cert(store,certs[i]);
+ for (int i = 0; i < certs.size(); i++) {
+ X509_STORE_add_cert(store, certs[i]);
}
#if 0
const unsigned char *in=(const unsigned char *)certs.ptr();
@@ -343,7 +322,6 @@ Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida
//int res = SSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt",NULL);
//print_line("verify locations res: "+itos(res));
-
/* Ask OpenSSL to verify the server certificate. Note that this
* does NOT include verifying that the hostname is correct.
* So, by itself, this means anyone with any legitimate
@@ -366,183 +344,176 @@ Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida
* OpenSSL's built-in routine which would have been called if
* we hadn't set the callback. Therefore, we're just
* "wrapping" OpenSSL's routine, not replacing it. */
- SSL_CTX_set_cert_verify_callback (ctx, _cert_verify_callback,this);
+ SSL_CTX_set_cert_verify_callback(ctx, _cert_verify_callback, this);
//Let the verify_callback catch the verify_depth error so that we get an appropriate error in the logfile. (??)
- SSL_CTX_set_verify_depth(ctx,max_cert_chain_depth + 1);
-
+ SSL_CTX_set_verify_depth(ctx, max_cert_chain_depth + 1);
}
-
-
-
-
- ssl = SSL_new( ctx );
- bio = BIO_new( &_bio_method );
+ ssl = SSL_new(ctx);
+ bio = BIO_new(&_bio_method);
bio->ptr = this;
- SSL_set_bio( ssl, bio, bio );
+ SSL_set_bio(ssl, bio, bio);
- if (p_for_hostname!=String()) {
- SSL_set_tlsext_host_name(ssl,p_for_hostname.utf8().get_data());
+ if (p_for_hostname != String()) {
+ SSL_set_tlsext_host_name(ssl, p_for_hostname.utf8().get_data());
}
- use_blocking=true; // let handshake use blocking
+ use_blocking = true; // let handshake use blocking
// Set the SSL to automatically retry on failure.
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
// Same as before, try to connect.
- int result = SSL_connect( ssl );
+ int result = SSL_connect(ssl);
- print_line("CONNECTION RESULT: "+itos(result));
- if (result<1) {
+ print_line("CONNECTION RESULT: " + itos(result));
+ if (result < 1) {
ERR_print_errors_fp(stdout);
_print_error(result);
}
- X509 * peer = SSL_get_peer_certificate(ssl);
+ X509 *peer = SSL_get_peer_certificate(ssl);
if (peer) {
bool cert_ok = SSL_get_verify_result(ssl) == X509_V_OK;
- print_line("cert_ok: "+itos(cert_ok));
+ print_line("cert_ok: " + itos(cert_ok));
- } else if (validate_certs){
- status=STATUS_ERROR_NO_CERTIFICATE;
+ } else if (validate_certs) {
+ status = STATUS_ERROR_NO_CERTIFICATE;
}
- connected=true;
- status=STATUS_CONNECTED;
+ connected = true;
+ status = STATUS_CONNECTED;
return OK;
}
Error StreamPeerOpenSSL::accept_stream(Ref<StreamPeer> p_base) {
-
return ERR_UNAVAILABLE;
}
void StreamPeerOpenSSL::_print_error(int err) {
- err = SSL_get_error(ssl,err);
- switch(err) {
+ err = SSL_get_error(ssl, err);
+ switch (err) {
case SSL_ERROR_NONE: ERR_PRINT("NO ERROR: The TLS/SSL I/O operation completed"); break;
case SSL_ERROR_ZERO_RETURN: ERR_PRINT("The TLS/SSL connection has been closed.");
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
- ERR_PRINT("The operation did not complete."); break;
+ ERR_PRINT("The operation did not complete.");
+ break;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
- ERR_PRINT("The connect/accept operation did not complete"); break;
+ ERR_PRINT("The connect/accept operation did not complete");
+ break;
case SSL_ERROR_WANT_X509_LOOKUP:
- ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again."); break;
+ ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again.");
+ break;
case SSL_ERROR_SYSCALL:
- ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error."); break;
+ ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error.");
+ break;
case SSL_ERROR_SSL:
- ERR_PRINT("A failure in the SSL library occurred, usually a protocol error."); break;
-
+ ERR_PRINT("A failure in the SSL library occurred, usually a protocol error.");
+ break;
}
}
-Error StreamPeerOpenSSL::put_data(const uint8_t* p_data,int p_bytes) {
+Error StreamPeerOpenSSL::put_data(const uint8_t *p_data, int p_bytes) {
- ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
+ ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
- while(p_bytes>0) {
- int ret = SSL_write(ssl,p_data,p_bytes);
- if (ret<=0) {
+ while (p_bytes > 0) {
+ int ret = SSL_write(ssl, p_data, p_bytes);
+ if (ret <= 0) {
_print_error(ret);
disconnect_from_stream();
return ERR_CONNECTION_ERROR;
}
- p_data+=ret;
- p_bytes-=ret;
+ p_data += ret;
+ p_bytes -= ret;
}
return OK;
-
}
-Error StreamPeerOpenSSL::put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent){
+Error StreamPeerOpenSSL::put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent) {
- ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
- if (p_bytes==0)
+ ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
+ if (p_bytes == 0)
return OK;
- Error err = put_data(p_data,p_bytes);
- if (err!=OK)
+ Error err = put_data(p_data, p_bytes);
+ if (err != OK)
return err;
- r_sent=p_bytes;
+ r_sent = p_bytes;
return OK;
-
}
-Error StreamPeerOpenSSL::get_data(uint8_t* p_buffer, int p_bytes){
+Error StreamPeerOpenSSL::get_data(uint8_t *p_buffer, int p_bytes) {
- ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
+ ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
- while(p_bytes>0) {
+ while (p_bytes > 0) {
- int ret = SSL_read(ssl,p_buffer,p_bytes);
- if (ret<=0) {
+ int ret = SSL_read(ssl, p_buffer, p_bytes);
+ if (ret <= 0) {
_print_error(ret);
disconnect_from_stream();
return ERR_CONNECTION_ERROR;
}
- p_buffer+=ret;
- p_bytes-=ret;
+ p_buffer += ret;
+ p_bytes -= ret;
}
return OK;
}
-Error StreamPeerOpenSSL::get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received){
+Error StreamPeerOpenSSL::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received) {
- ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
- if (p_bytes==0) {
- r_received=0;
+ ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
+ if (p_bytes == 0) {
+ r_received = 0;
return OK;
}
- Error err = get_data(p_buffer,p_bytes);
- if (err!=OK)
+ Error err = get_data(p_buffer, p_bytes);
+ if (err != OK)
return err;
- r_received=p_bytes;
+ r_received = p_bytes;
return OK;
}
int StreamPeerOpenSSL::get_available_bytes() const {
- ERR_FAIL_COND_V(!connected,0);
+ ERR_FAIL_COND_V(!connected, 0);
return SSL_pending(ssl);
-
}
StreamPeerOpenSSL::StreamPeerOpenSSL() {
- ctx=NULL;
- ssl=NULL;
- bio=NULL;
- connected=false;
- use_blocking=true; //might be improved int the future, but for now it always blocks
- max_cert_chain_depth=9;
- flags=0;
+ ctx = NULL;
+ ssl = NULL;
+ bio = NULL;
+ connected = false;
+ use_blocking = true; //might be improved int the future, but for now it always blocks
+ max_cert_chain_depth = 9;
+ flags = 0;
}
void StreamPeerOpenSSL::disconnect_from_stream() {
if (!connected)
return;
- SSL_shutdown( ssl );
- SSL_free( ssl );
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
SSL_CTX_free(ctx);
- base=Ref<StreamPeer>();
- connected=false;
- validate_certs=false;
- validate_hostname=false;
- status=STATUS_DISCONNECTED;
-
-
+ base = Ref<StreamPeer>();
+ connected = false;
+ validate_certs = false;
+ validate_hostname = false;
+ status = STATUS_DISCONNECTED;
}
StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const {
@@ -550,27 +521,24 @@ StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const {
return status;
}
-
StreamPeerOpenSSL::~StreamPeerOpenSSL() {
disconnect_from_stream();
}
-StreamPeerSSL* StreamPeerOpenSSL::_create_func() {
+StreamPeerSSL *StreamPeerOpenSSL::_create_func() {
- return memnew( StreamPeerOpenSSL );
+ return memnew(StreamPeerOpenSSL);
}
+Vector<X509 *> StreamPeerOpenSSL::certs;
-Vector<X509*> StreamPeerOpenSSL::certs;
-
-
-void StreamPeerOpenSSL::_load_certs(const PoolByteArray& p_array) {
+void StreamPeerOpenSSL::_load_certs(const PoolByteArray &p_array) {
PoolByteArray::Read r = p_array.read();
- BIO* mem = BIO_new(BIO_s_mem());
- BIO_puts(mem,(const char*)r.ptr());
- while(true) {
- X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
+ BIO *mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem, (const char *)r.ptr());
+ while (true) {
+ X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
if (!cert)
break;
certs.push_back(cert);
@@ -580,66 +548,62 @@ void StreamPeerOpenSSL::_load_certs(const PoolByteArray& p_array) {
void StreamPeerOpenSSL::initialize_ssl() {
- available=true;
+ available = true;
- load_certs_func=_load_certs;
+ load_certs_func = _load_certs;
- _create=_create_func;
+ _create = _create_func;
CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use
SSL_library_init(); // Initialize OpenSSL's SSL libraries
SSL_load_error_strings(); // Load SSL error strings
ERR_load_BIO_strings(); // Load BIO error strings
OpenSSL_add_all_algorithms(); // Load all available encryption algorithms
- String certs_path =GLOBAL_DEF("network/ssl/certificates","");
- GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/certificates",PropertyInfo(Variant::STRING,"network/ssl/certificates",PROPERTY_HINT_FILE,"*.crt"));
- if (certs_path!="") {
-
-
+ String certs_path = GLOBAL_DEF("network/ssl/certificates", "");
+ GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt"));
+ if (certs_path != "") {
- FileAccess *f=FileAccess::open(certs_path,FileAccess::READ);
+ FileAccess *f = FileAccess::open(certs_path, FileAccess::READ);
if (f) {
PoolByteArray arr;
int flen = f->get_len();
- arr.resize(flen+1);
+ arr.resize(flen + 1);
{
PoolByteArray::Write w = arr.write();
- f->get_buffer(w.ptr(),flen);
- w[flen]=0; //end f string
+ f->get_buffer(w.ptr(), flen);
+ w[flen] = 0; //end f string
}
memdelete(f);
_load_certs(arr);
- print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size()));
+ print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size()));
}
}
- String config_path =GLOBAL_DEF("network/ssl/config","");
- GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/config",PropertyInfo(Variant::STRING,"network/ssl/config",PROPERTY_HINT_FILE,"*.cnf"));
- if (config_path!="") {
+ String config_path = GLOBAL_DEF("network/ssl/config", "");
+ GlobalConfig::get_singleton()->set_custom_property_info("network/ssl/config", PropertyInfo(Variant::STRING, "network/ssl/config", PROPERTY_HINT_FILE, "*.cnf"));
+ if (config_path != "") {
Vector<uint8_t> data = FileAccess::get_file_as_array(config_path);
if (data.size()) {
data.push_back(0);
- BIO* mem = BIO_new(BIO_s_mem());
- BIO_puts(mem,(const char*) data.ptr());
+ BIO *mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem, (const char *)data.ptr());
- while(true) {
- X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
+ while (true) {
+ X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
if (!cert)
break;
certs.push_back(cert);
}
BIO_free(mem);
}
- print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size()));
-
+ print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size()));
}
-
}
-void StreamPeerOpenSSL::finalize_ssl(){
+void StreamPeerOpenSSL::finalize_ssl() {
- for(int i=0;i<certs.size();i++) {
+ for (int i = 0; i < certs.size(); i++) {
X509_free(certs[i]);
}
certs.clear();
diff --git a/modules/openssl/stream_peer_openssl.h b/modules/openssl/stream_peer_openssl.h
index 84ae03fe07..56b45802df 100644
--- a/modules/openssl/stream_peer_openssl.h
+++ b/modules/openssl/stream_peer_openssl.h
@@ -29,26 +29,26 @@
#ifndef STREAM_PEER_OPEN_SSL_H
#define STREAM_PEER_OPEN_SSL_H
-#include <stdio.h> // If you don't know what this is for stop reading now.
-#include "io/stream_peer_ssl.h"
+#include "curl_hostcheck.h"
#include "global_config.h"
+#include "io/stream_peer_ssl.h"
#include "os/file_access.h"
-#include "curl_hostcheck.h"
+#include <stdio.h> // If you don't know what this is for stop reading now.
#include <openssl/bio.h> // BIO objects for I/O
-#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections
#include <openssl/err.h> // Error reporting
+#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections
#include <openssl/x509v3.h>
class StreamPeerOpenSSL : public StreamPeerSSL {
private:
- static int _bio_create( BIO *b );
- static int _bio_destroy( BIO *b );
- static int _bio_read( BIO *b, char *buf, int len );
- static int _bio_write( BIO *b, const char *buf, int len );
- static long _bio_ctrl( BIO *b, int cmd, long num, void *ptr );
- static int _bio_gets( BIO *b, char *buf, int len );
- static int _bio_puts( BIO *b, const char *str );
+ static int _bio_create(BIO *b);
+ static int _bio_destroy(BIO *b);
+ static int _bio_read(BIO *b, char *buf, int len);
+ static int _bio_write(BIO *b, const char *buf, int len);
+ static long _bio_ctrl(BIO *b, int cmd, long num, void *ptr);
+ static int _bio_gets(BIO *b, char *buf, int len);
+ static int _bio_puts(BIO *b, const char *str);
static BIO_METHOD _bio_method;
@@ -56,16 +56,14 @@ private:
static Error _match_common_name(const char *hostname, const X509 *server_cert);
static Error _match_subject_alternative_name(const char *hostname, const X509 *server_cert);
-
static int _cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg);
-
Status status;
String hostname;
int max_cert_chain_depth;
- SSL_CTX* ctx;
- SSL* ssl;
- BIO* bio;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ BIO *bio;
bool connected;
int flags;
bool use_blocking;
@@ -74,28 +72,28 @@ private:
Ref<StreamPeer> base;
- static StreamPeerSSL* _create_func();
+ static StreamPeerSSL *_create_func();
void _print_error(int err);
- static Vector<X509*> certs;
+ static Vector<X509 *> certs;
+
+ static void _load_certs(const PoolByteArray &p_array);
- static void _load_certs(const PoolByteArray& p_array);
protected:
static void _bind_methods();
-public:
-
+public:
virtual Error accept_stream(Ref<StreamPeer> p_base);
- virtual Error connect_to_stream(Ref<StreamPeer> p_base,bool p_validate_certs=false,const String& p_for_hostname=String());
+ virtual Error connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs = false, const String &p_for_hostname = String());
virtual Status get_status() const;
virtual void disconnect_from_stream();
- virtual Error put_data(const uint8_t* p_data,int p_bytes);
- virtual Error put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent);
+ virtual Error put_data(const uint8_t *p_data, int p_bytes);
+ virtual Error put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent);
- virtual Error get_data(uint8_t* p_buffer, int p_bytes);
- virtual Error get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received);
+ virtual Error get_data(uint8_t *p_buffer, int p_bytes);
+ virtual Error get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received);
virtual int get_available_bytes() const;