diff options
author | Michael Steinert <mike.steinert@gmail.com> | 2012-11-29 12:08:59 -0700 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2013-04-09 15:54:00 -0700 |
commit | dc835960a2773485094306b557e5fc2aa1f43c60 (patch) | |
tree | 025a1ae2a43e04252e6d8c5e698ed29bde445000 | |
parent | 696df0ed2f705184cda8a1279345a58b42b21db0 (diff) | |
download | rabbitmq-c-dc835960a2773485094306b557e5fc2aa1f43c60.tar.gz |
Set the client key/cert in one API call
It doesn't make much sense to have separate APIs to set the client
key/cert pair. This change also make it easier to port to other
backends.
Signed-off-by: Michael Steinert <mike.steinert@gmail.com>
-rw-r--r-- | examples/amqps_bind.c | 9 | ||||
-rw-r--r-- | examples/amqps_consumer.c | 9 | ||||
-rw-r--r-- | examples/amqps_exchange_declare.c | 9 | ||||
-rw-r--r-- | examples/amqps_listen.c | 9 | ||||
-rw-r--r-- | examples/amqps_listenq.c | 9 | ||||
-rw-r--r-- | examples/amqps_producer.c | 9 | ||||
-rw-r--r-- | examples/amqps_sendstring.c | 9 | ||||
-rw-r--r-- | examples/amqps_unbind.c | 9 | ||||
-rw-r--r-- | librabbitmq/amqp-openssl.c | 15 | ||||
-rw-r--r-- | librabbitmq/amqp-ssl-socket.h | 18 | ||||
-rw-r--r-- | tools/common.c | 5 |
11 files changed, 26 insertions, 84 deletions
diff --git a/examples/amqps_bind.c b/examples/amqps_bind.c index 04db414..050be73 100644 --- a/examples/amqps_bind.c +++ b/examples/amqps_bind.c @@ -75,15 +75,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 7) { - status = amqp_ssl_socket_set_key(socket, argv[7]); - if (status) { - die("setting client key"); - } - } - if (argc > 8) { - status = amqp_ssl_socket_set_cert(socket, argv[8]); + status = amqp_ssl_socket_set_key(socket, argv[8], argv[7]); if (status) { die("setting client cert"); } diff --git a/examples/amqps_consumer.c b/examples/amqps_consumer.c index 86c9d9f..cccbe33 100644 --- a/examples/amqps_consumer.c +++ b/examples/amqps_consumer.c @@ -147,15 +147,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 4) { - status = amqp_ssl_socket_set_key(socket, argv[4]); - if (status) { - die("setting client key/cert"); - } - } - if (argc > 5) { - status = amqp_ssl_socket_set_cert(socket, argv[5]); + status = amqp_ssl_socket_set_key(socket, argv[5], argv[4]); if (status) { die("setting client key"); } diff --git a/examples/amqps_exchange_declare.c b/examples/amqps_exchange_declare.c index 12c814b..bcf30b1 100644 --- a/examples/amqps_exchange_declare.c +++ b/examples/amqps_exchange_declare.c @@ -73,15 +73,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 6) { - status = amqp_ssl_socket_set_key(socket, argv[6]); - if (status) { - die("setting client key/cert"); - } - } - if (argc > 7) { - status = amqp_ssl_socket_set_cert(socket, argv[7]); + status = amqp_ssl_socket_set_key(socket, argv[7], argv[6]); if (status) { die("setting client key/cert"); } diff --git a/examples/amqps_listen.c b/examples/amqps_listen.c index 876bad9..25f8371 100644 --- a/examples/amqps_listen.c +++ b/examples/amqps_listen.c @@ -77,15 +77,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 6) { - status = amqp_ssl_socket_set_key(socket, argv[6]); - if (status) { - die("setting client key"); - } - } - if (argc > 7) { - status = amqp_ssl_socket_set_cert(socket, argv[7]); + status = amqp_ssl_socket_set_key(socket, argv[7], argv[6]); if (status) { die("setting client cert"); } diff --git a/examples/amqps_listenq.c b/examples/amqps_listenq.c index 9d910c9..2bb1760 100644 --- a/examples/amqps_listenq.c +++ b/examples/amqps_listenq.c @@ -73,15 +73,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 5) { - status = amqp_ssl_socket_set_key(socket, argv[5]); - if (status) { - die("setting client key"); - } - } - if (argc > 6) { - status = amqp_ssl_socket_set_cert(socket, argv[5]); + status = amqp_ssl_socket_set_key(socket, argv[6], argv[5]); if (status) { die("setting client cert"); } diff --git a/examples/amqps_producer.c b/examples/amqps_producer.c index 18f0b3f..866f8f8 100644 --- a/examples/amqps_producer.c +++ b/examples/amqps_producer.c @@ -137,15 +137,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 6) { - status = amqp_ssl_socket_set_key(socket, argv[6]); - if (status) { - die("setting client key"); - } - } - if (argc > 7) { - status = amqp_ssl_socket_set_cert(socket, argv[7]); + status = amqp_ssl_socket_set_key(socket, argv[7], argv[6]); if (status) { die("setting client cert"); } diff --git a/examples/amqps_sendstring.c b/examples/amqps_sendstring.c index 1133dcf..c1f10df 100644 --- a/examples/amqps_sendstring.c +++ b/examples/amqps_sendstring.c @@ -75,15 +75,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 7) { - status = amqp_ssl_socket_set_key(socket, argv[7]); - if (status) { - die("setting client key"); - } - } - if (argc > 8) { - status = amqp_ssl_socket_set_cert(socket, argv[8]); + status = amqp_ssl_socket_set_key(socket, argv[8], argv[7]); if (status) { die("setting client cert"); } diff --git a/examples/amqps_unbind.c b/examples/amqps_unbind.c index 5c8a4b5..58a6730 100644 --- a/examples/amqps_unbind.c +++ b/examples/amqps_unbind.c @@ -75,15 +75,8 @@ int main(int argc, char const * const *argv) { } } - if (argc > 7) { - status = amqp_ssl_socket_set_key(socket, argv[7]); - if (status) { - die("setting client key"); - } - } - if (argc > 8) { - status = amqp_ssl_socket_set_cert(socket, argv[8]); + status = amqp_ssl_socket_set_key(socket, argv[8], argv[7]); if (status) { die("setting client cert"); } diff --git a/librabbitmq/amqp-openssl.c b/librabbitmq/amqp-openssl.c index df158b7..04be202 100644 --- a/librabbitmq/amqp-openssl.c +++ b/librabbitmq/amqp-openssl.c @@ -324,15 +324,21 @@ amqp_ssl_socket_set_cacert(amqp_socket_t *base, int amqp_ssl_socket_set_key(amqp_socket_t *base, + const char *cert, const char *key) { + int status; struct amqp_ssl_socket_t *self; if (base->klass != &amqp_ssl_socket_class) { amqp_abort("<%p> is not of type amqp_ssl_socket_t", base); } self = (struct amqp_ssl_socket_t *)base; - int status = SSL_CTX_use_PrivateKey_file(self->ctx, key, - SSL_FILETYPE_PEM); + status = SSL_CTX_use_certificate_chain_file(self->ctx, cert); + if (1 != status) { + return -1; + } + status = SSL_CTX_use_PrivateKey_file(self->ctx, key, + SSL_FILETYPE_PEM); if (1 != status) { return -1; } @@ -351,6 +357,7 @@ password_cb(AMQP_UNUSED char *buffer, int amqp_ssl_socket_set_key_buffer(amqp_socket_t *base, + const char *cert, const void *key, size_t n) { @@ -362,6 +369,10 @@ amqp_ssl_socket_set_key_buffer(amqp_socket_t *base, amqp_abort("<%p> is not of type amqp_ssl_socket_t", base); } self = (struct amqp_ssl_socket_t *)base; + status = SSL_CTX_use_certificate_chain_file(self->ctx, cert); + if (1 != status) { + return -1; + } buf = BIO_new_mem_buf((void *)key, n); if (!buf) { goto error; diff --git a/librabbitmq/amqp-ssl-socket.h b/librabbitmq/amqp-ssl-socket.h index b6396ed..87bce35 100644 --- a/librabbitmq/amqp-ssl-socket.h +++ b/librabbitmq/amqp-ssl-socket.h @@ -58,6 +58,7 @@ amqp_ssl_socket_set_cacert(amqp_socket_t *self, * Set the client key. * * \param [in,out] self An SSL/TLS socket object. + * \param [in] cert Path to the client certificate in PEM foramt. * \param [in] key Path to the client key in PEM format. * * \return Zero if successful, -1 otherwise. @@ -66,12 +67,14 @@ AMQP_PUBLIC_FUNCTION int AMQP_CALL amqp_ssl_socket_set_key(amqp_socket_t *self, + const char *cert, const char *key); /** * Set the client key from a buffer. * * \param [in,out] self An SSL/TLS socket object. + * \param [in] cert Path to the client certificate in PEM foramt. * \param [in] key A buffer containing client key in PEM format. * \param [in] n The length of the buffer. * @@ -81,24 +84,11 @@ AMQP_PUBLIC_FUNCTION int AMQP_CALL amqp_ssl_socket_set_key_buffer(amqp_socket_t *self, + const char *cert, const void *key, size_t n); /** - * Set the client certificate. - * - * \param [in,out] self An SSL/TLS socket object. - * \param [in] cert Path to the client certificate in PEM foramt. - * - * \return Zero if successful, -1 otherwise. - */ -AMQP_PUBLIC_FUNCTION -int -AMQP_CALL -amqp_ssl_socket_set_cert(amqp_socket_t *self, - const char *cert); - -/** * Enable or disable peer verification. * * If peer verification is enabled then the common name in the server diff --git a/tools/common.c b/tools/common.c index 60d70fb..abfba4b 100644 --- a/tools/common.c +++ b/tools/common.c @@ -336,10 +336,7 @@ amqp_connection_state_t make_connection(void) amqp_ssl_socket_set_cacert(socket, amqp_cacert); } if (amqp_key) { - amqp_ssl_socket_set_key(socket, amqp_key); - } - if (amqp_cert) { - amqp_ssl_socket_set_cert(socket, amqp_cert); + amqp_ssl_socket_set_key(socket, amqp_cert, amqp_key); } #else die("librabbitmq was not built with SSL/TLS support"); |