diff options
| author | Chris Cleeland <chris.cleeland@gmail.com> | 2002-02-21 19:22:50 +0000 |
|---|---|---|
| committer | Chris Cleeland <chris.cleeland@gmail.com> | 2002-02-21 19:22:50 +0000 |
| commit | 20a9d831412ffde74180db267e6c2d587562644c (patch) | |
| tree | 8b505f54660fd7ccc930f7116b3c15689e326ef9 | |
| parent | d3b833919887471ae45dc76d0d98e930ec88dd0f (diff) | |
| download | ATCD-20a9d831412ffde74180db267e6c2d587562644c.tar.gz | |
Thu Feb 21 13:12:44 2002 Chris Cleeland <cleeland_c@ociweb.com>
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | ChangeLogs/ChangeLog-02a | 7 | ||||
| -rw-r--r-- | ChangeLogs/ChangeLog-03a | 7 | ||||
| -rw-r--r-- | ace/SSL/SSL_Context.cpp | 32 | ||||
| -rw-r--r-- | ace/SSL/SSL_Context.h | 24 | ||||
| -rw-r--r-- | ace/SSL/SSL_Context.inl | 12 |
6 files changed, 88 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index 8fda45a26e2..f2ce1b9a3d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Thu Feb 21 13:12:44 2002 Chris Cleeland <cleeland_c@ociweb.com> + + * ace/SSL/SSL_Context.* (ACE_SSL_Context): Added new methods to + specify Diffie-Hellman parameters. These parameters are required + when using DSA certificates/keys. The new methods are dh_params, + dh_params_file_name, and dh_params_file_type. + Thu Feb 21 09:32:56 2002 Douglas C. Schmidt <schmidt@macarena.cs.wustl.edu> * ace/TTY_IO.cpp (control): Use the appropriate B* macros to set all diff --git a/ChangeLogs/ChangeLog-02a b/ChangeLogs/ChangeLog-02a index 8fda45a26e2..f2ce1b9a3d7 100644 --- a/ChangeLogs/ChangeLog-02a +++ b/ChangeLogs/ChangeLog-02a @@ -1,3 +1,10 @@ +Thu Feb 21 13:12:44 2002 Chris Cleeland <cleeland_c@ociweb.com> + + * ace/SSL/SSL_Context.* (ACE_SSL_Context): Added new methods to + specify Diffie-Hellman parameters. These parameters are required + when using DSA certificates/keys. The new methods are dh_params, + dh_params_file_name, and dh_params_file_type. + Thu Feb 21 09:32:56 2002 Douglas C. Schmidt <schmidt@macarena.cs.wustl.edu> * ace/TTY_IO.cpp (control): Use the appropriate B* macros to set all diff --git a/ChangeLogs/ChangeLog-03a b/ChangeLogs/ChangeLog-03a index 8fda45a26e2..f2ce1b9a3d7 100644 --- a/ChangeLogs/ChangeLog-03a +++ b/ChangeLogs/ChangeLog-03a @@ -1,3 +1,10 @@ +Thu Feb 21 13:12:44 2002 Chris Cleeland <cleeland_c@ociweb.com> + + * ace/SSL/SSL_Context.* (ACE_SSL_Context): Added new methods to + specify Diffie-Hellman parameters. These parameters are required + when using DSA certificates/keys. The new methods are dh_params, + dh_params_file_name, and dh_params_file_type. + Thu Feb 21 09:32:56 2002 Douglas C. Schmidt <schmidt@macarena.cs.wustl.edu> * ace/TTY_IO.cpp (control): Use the appropriate B* macros to set all diff --git a/ace/SSL/SSL_Context.cpp b/ace/SSL/SSL_Context.cpp index cfcfcbd732e..c43184e0d63 100644 --- a/ace/SSL/SSL_Context.cpp +++ b/ace/SSL/SSL_Context.cpp @@ -441,6 +441,38 @@ ACE_SSL_Context::report_error (void) ACE_OS::last_error (error); } +int +ACE_SSL_Context::dh_params (const char *file_name, + int type) +{ + if (this->dh_params_.type () != -1) + return 0; + + this->dh_params_ = ACE_SSL_Data_File (file_name, type); + + this->check_context (); + + { + // For now we only support PEM encodings + if (this->dh_params_.type () != SSL_FILETYPE_PEM) + return -1; + + // Swiped from Rescorla's examples and the OpenSSL s_server.c app + DH *ret=0; + FILE *dhfp = 0; + + if ((dhfp = ACE_OS::fopen (this->dh_params_.file_name (), "r")) == NULL) + return -1; + + ret = PEM_read_DHparams (dhfp, NULL, NULL, NULL); + ACE_OS::fclose (dhfp); + if(::SSL_CTX_set_tmp_dh (this->context_, ret) < 0) + return -1; + DH_free (ret); + } + + return 0; +} // **************************************************************** diff --git a/ace/SSL/SSL_Context.h b/ace/SSL/SSL_Context.h index 04971038b52..d53cc41dad1 100644 --- a/ace/SSL/SSL_Context.h +++ b/ace/SSL/SSL_Context.h @@ -275,6 +275,27 @@ public: /// Print the last SSL error for the current thread. static void report_error (void); + /** + * @name Diffie-Hellman (DH) Parameters + * + * When using DSS-based certificates, Diffie-Hellman keys need to be + * exchanged. These must be provided in the form of DH key + * generation parameters loaded in, or as fixed keys hardcoded into + * the code itself. ACE_SSL supports loaded parameters. + * + */ + //@{ + /** + * Load Diffie-Hellman parameters from file_name. The specified file can be + * a standalone file containing only DH parameters (e.g., as created + * by <code>openssl dhparam</code>), or it can be a certificate which has + * a PEM-encoded set of DH params concatenated on to i. + */ + int dh_params (const char *file_name, int type = SSL_FILETYPE_PEM); + const char *dh_params_file_name () const; + int dh_params_file_type () const; + //@} + private: /// Verify if the context has been initialized or not. @@ -303,9 +324,10 @@ private: /// Cache the mode so we can answer fast int mode_; - /// The private key and certificate file + /// The private key, certificate, and Diffie-Hellman paramters files ACE_SSL_Data_File private_key_; ACE_SSL_Data_File certificate_; + ACE_SSL_Data_File dh_params_; /// The default verify mode. int default_verify_mode_; diff --git a/ace/SSL/SSL_Context.inl b/ace/SSL/SSL_Context.inl index c4b961597e1..8d198df14c4 100644 --- a/ace/SSL/SSL_Context.inl +++ b/ace/SSL/SSL_Context.inl @@ -75,6 +75,18 @@ ACE_SSL_Context::certificate_file_name (void) const return this->certificate_.file_name (); } +ACE_INLINE int +ACE_SSL_Context::dh_params_file_type (void) const +{ + return this->dh_params_.type (); +} + +ACE_INLINE const char* +ACE_SSL_Context::dh_params_file_name (void) const +{ + return this->dh_params_.file_name (); +} + ACE_INLINE void ACE_SSL_Context::default_verify_mode (int mode) { |