mirror of
https://github.com/debauchee/barrier.git
synced 2024-12-23 11:02:21 +03:00
lib/common: Move SSL certificate path definition to common location
This commit is contained in:
parent
d033ffa3d8
commit
b76b332f2f
@ -38,6 +38,7 @@ public:
|
||||
static fs::path local_ssl_fingerprints_path();
|
||||
static fs::path trusted_servers_ssl_fingerprints_path();
|
||||
static fs::path trusted_clients_ssl_fingerprints_path();
|
||||
static fs::path ssl_certificate_path();
|
||||
private:
|
||||
static fs::path _profile;
|
||||
static fs::path _global;
|
||||
|
@ -48,4 +48,9 @@ fs::path DataDirectories::trusted_clients_ssl_fingerprints_path()
|
||||
return ssl_fingerprints_path() / kFingerprintsTrustedClientsFilename;
|
||||
}
|
||||
|
||||
fs::path DataDirectories::ssl_certificate_path()
|
||||
{
|
||||
return profile() / "SSL" / "Barrier.pem";
|
||||
}
|
||||
|
||||
} // namespace barrier
|
||||
|
@ -25,13 +25,6 @@
|
||||
#include "common/DataDirectories.h"
|
||||
#include "base/String.h"
|
||||
|
||||
static const char s_certificateDir[] = { "SSL" };
|
||||
static const char s_certificateFilename[] = { "Barrier.pem" };
|
||||
|
||||
//
|
||||
// SecureListenSocket
|
||||
//
|
||||
|
||||
SecureListenSocket::SecureListenSocket(
|
||||
IEventQueue* events,
|
||||
SocketMultiplexer* socketMultiplexer,
|
||||
@ -55,12 +48,7 @@ SecureListenSocket::accept()
|
||||
setListeningJob();
|
||||
}
|
||||
|
||||
std::string certificateFilename = barrier::string::sprintf("%s/%s/%s",
|
||||
barrier::DataDirectories::profile().c_str(),
|
||||
s_certificateDir,
|
||||
s_certificateFilename);
|
||||
|
||||
bool loaded = socket->loadCertificates(certificateFilename);
|
||||
bool loaded = socket->load_certificates(barrier::DataDirectories::ssl_certificate_path());
|
||||
if (!loaded) {
|
||||
delete socket;
|
||||
return NULL;
|
||||
|
@ -327,35 +327,35 @@ SecureSocket::initSsl(bool server)
|
||||
initContext(server);
|
||||
}
|
||||
|
||||
bool SecureSocket::loadCertificates(const std::string& filename)
|
||||
bool SecureSocket::load_certificates(const barrier::fs::path& path)
|
||||
{
|
||||
if (filename.empty()) {
|
||||
if (path.empty()) {
|
||||
showError("ssl certificate is not specified");
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
if (!barrier::fs::is_regular_file(barrier::fs::u8path(filename))) {
|
||||
showError("ssl certificate doesn't exist: " + filename);
|
||||
if (!barrier::fs::is_regular_file(path)) {
|
||||
showError("ssl certificate doesn't exist: " + path.u8string());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
int r = 0;
|
||||
r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
|
||||
r = SSL_CTX_use_certificate_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM);
|
||||
if (r <= 0) {
|
||||
showError("could not use ssl certificate: " + filename);
|
||||
showError("could not use ssl certificate: " + path.u8string());
|
||||
return false;
|
||||
}
|
||||
|
||||
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
|
||||
r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, path.u8string().c_str(), SSL_FILETYPE_PEM);
|
||||
if (r <= 0) {
|
||||
showError("could not use ssl private key: " + filename);
|
||||
showError("could not use ssl private key: " + path.u8string());
|
||||
return false;
|
||||
}
|
||||
|
||||
r = SSL_CTX_check_private_key(m_ssl->m_context);
|
||||
if (!r) {
|
||||
showError("could not verify ssl private key: " + filename);
|
||||
showError("could not verify ssl private key: " + path.u8string());
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -19,6 +19,7 @@
|
||||
|
||||
#include "net/TCPSocket.h"
|
||||
#include "net/XSocket.h"
|
||||
#include "io/filesystem.h"
|
||||
|
||||
class IEventQueue;
|
||||
class SocketMultiplexer;
|
||||
@ -55,7 +56,7 @@ public:
|
||||
EJobResult doRead() override;
|
||||
EJobResult doWrite() override;
|
||||
void initSsl(bool server);
|
||||
bool loadCertificates(const std::string& filename);
|
||||
bool load_certificates(const barrier::fs::path& path);
|
||||
|
||||
private:
|
||||
// SSL
|
||||
|
Loading…
Reference in New Issue
Block a user