diff options
Diffstat (limited to 'src/components/security_manager/src/crypto_manager_impl.cc')
-rw-r--r-- | src/components/security_manager/src/crypto_manager_impl.cc | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 00fcb1385a..6bee28a976 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -93,6 +93,7 @@ CryptoManagerImpl::CryptoManagerImpl( OpenSSL_add_all_algorithms(); SSL_library_init(); } + InitCertExpTime(); } CryptoManagerImpl::~CryptoManagerImpl() { @@ -295,6 +296,8 @@ const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { } bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { + LOG4CXX_AUTO_TRACE(logger_); + if (cert_data.empty()) { LOG4CXX_WARN(logger_, "Empty certificate"); return false; @@ -324,20 +327,35 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { } if (!SSL_CTX_use_certificate(context_, cert)) { - LOG4CXX_WARN(logger_, "Could not use certificate"); + LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError()); return false; } asn1_time_to_tm(X509_get_notAfter(cert)); if (!SSL_CTX_use_PrivateKey(context_, pkey)) { - LOG4CXX_ERROR(logger_, "Could not use key"); + LOG4CXX_ERROR(logger_, "Could not use key: " << LastError()); return false; } + if (!SSL_CTX_check_private_key(context_)) { - LOG4CXX_ERROR(logger_, "Could not use certificate "); + LOG4CXX_ERROR(logger_, "Could not use certificate: " << LastError()); return false; } + + X509_STORE* store = SSL_CTX_get_cert_store(context_); + if (store) { + X509* extra_cert = NULL; + while ((extra_cert = PEM_read_bio_X509(bio_cert, NULL, 0, 0))) { + if (extra_cert != cert) { + LOG4CXX_DEBUG(logger_, + "Added new certificate to store: " << extra_cert); + X509_STORE_add_cert(store, extra_cert); + } + } + } + + LOG4CXX_DEBUG(logger_, "Certificate and key successfully updated"); return true; } @@ -384,4 +402,8 @@ void CryptoManagerImpl::asn1_time_to_tm(ASN1_TIME* time) { } } +void CryptoManagerImpl::InitCertExpTime() { + strptime("1 Jan 1970 00:00:00", "%d %b %Y %H:%M:%S", &expiration_time_); +} + } // namespace security_manager |