summaryrefslogtreecommitdiff
path: root/src/components/security_manager/src/crypto_manager_impl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/components/security_manager/src/crypto_manager_impl.cc')
-rw-r--r--src/components/security_manager/src/crypto_manager_impl.cc28
1 files changed, 25 insertions, 3 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index 00fcb1385a..6bee28a976 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -93,6 +93,7 @@ CryptoManagerImpl::CryptoManagerImpl(
OpenSSL_add_all_algorithms();
SSL_library_init();
}
+ InitCertExpTime();
}
CryptoManagerImpl::~CryptoManagerImpl() {
@@ -295,6 +296,8 @@ const CryptoManagerSettings& CryptoManagerImpl::get_settings() const {
}
bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
+ LOG4CXX_AUTO_TRACE(logger_);
+
if (cert_data.empty()) {
LOG4CXX_WARN(logger_, "Empty certificate");
return false;
@@ -324,20 +327,35 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
}
if (!SSL_CTX_use_certificate(context_, cert)) {
- LOG4CXX_WARN(logger_, "Could not use certificate");
+ LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError());
return false;
}
asn1_time_to_tm(X509_get_notAfter(cert));
if (!SSL_CTX_use_PrivateKey(context_, pkey)) {
- LOG4CXX_ERROR(logger_, "Could not use key");
+ LOG4CXX_ERROR(logger_, "Could not use key: " << LastError());
return false;
}
+
if (!SSL_CTX_check_private_key(context_)) {
- LOG4CXX_ERROR(logger_, "Could not use certificate ");
+ LOG4CXX_ERROR(logger_, "Could not use certificate: " << LastError());
return false;
}
+
+ X509_STORE* store = SSL_CTX_get_cert_store(context_);
+ if (store) {
+ X509* extra_cert = NULL;
+ while ((extra_cert = PEM_read_bio_X509(bio_cert, NULL, 0, 0))) {
+ if (extra_cert != cert) {
+ LOG4CXX_DEBUG(logger_,
+ "Added new certificate to store: " << extra_cert);
+ X509_STORE_add_cert(store, extra_cert);
+ }
+ }
+ }
+
+ LOG4CXX_DEBUG(logger_, "Certificate and key successfully updated");
return true;
}
@@ -384,4 +402,8 @@ void CryptoManagerImpl::asn1_time_to_tm(ASN1_TIME* time) {
}
}
+void CryptoManagerImpl::InitCertExpTime() {
+ strptime("1 Jan 1970 00:00:00", "%d %b %Y %H:%M:%S", &expiration_time_);
+}
+
} // namespace security_manager
View Lorry Controller Status