diff options
Diffstat (limited to 'src/components')
6 files changed, 27 insertions, 0 deletions
diff --git a/src/components/config_profile/include/config_profile/profile.h b/src/components/config_profile/include/config_profile/profile.h index bbd0a5d243..dffa2d1571 100644 --- a/src/components/config_profile/include/config_profile/profile.h +++ b/src/components/config_profile/include/config_profile/profile.h @@ -552,6 +552,11 @@ class Profile : public protocol_handler::ProtocolHandlerSettings, */ size_t update_before_hours() const; + /** + * @brief Return security level that will be configured in the OpenSSL + */ + uint32_t security_level() const; + #endif // ENABLE_SECURITY /** @@ -1073,6 +1078,7 @@ class Profile : public protocol_handler::ProtocolHandlerSettings, std::string security_manager_protocol_name_; std::vector<int> force_protected_service_; std::vector<int> force_unprotected_service_; + uint32_t security_level_; #endif /* diff --git a/src/components/config_profile/src/profile.cc b/src/components/config_profile/src/profile.cc index d9204acf90..27829d478f 100644 --- a/src/components/config_profile/src/profile.cc +++ b/src/components/config_profile/src/profile.cc @@ -140,6 +140,7 @@ const char* kSecurityKeyPathKey = "KeyPath"; const char* kSecurityCipherListKey = "CipherList"; const char* kSecurityVerifyPeerKey = "VerifyPeer"; const char* kBeforeUpdateHours = "UpdateBeforeHours"; +const char* kSecurityLevel = "SecurityLevel"; #endif const char* kAudioDataStoppedTimeoutKey = "AudioDataStoppedTimeout"; @@ -337,6 +338,7 @@ const char* kDefaultSecurityProtocol = "TLSv1.2"; const char* kDefaultSSLMode = "CLIENT"; const bool kDefaultVerifyPeer = false; const uint32_t kDefaultBeforeUpdateHours = 24; +const uint32_t kDefaultSecurityLevel = 1; #endif // ENABLE_SECURITY const uint32_t kDefaultHubProtocolIndex = 0; @@ -1117,6 +1119,10 @@ const std::vector<int>& Profile::force_protected_service() const { const std::vector<int>& Profile::force_unprotected_service() const { return force_unprotected_service_; } + +uint32_t Profile::security_level() const { + return security_level_; +} #endif // ENABLE_SECURITY bool Profile::logs_enabled() const { @@ -1308,6 +1314,11 @@ void Profile::UpdateValues() { kSecuritySection, kBeforeUpdateHours); + ReadUIntValue(&security_level_, + kDefaultSecurityLevel, + kSecuritySection, + kSecurityLevel); + #endif // ENABLE_SECURITY // Logs enabled diff --git a/src/components/include/security_manager/security_manager_settings.h b/src/components/include/security_manager/security_manager_settings.h index 0bbe0f4f96..4e601c3e0e 100644 --- a/src/components/include/security_manager/security_manager_settings.h +++ b/src/components/include/security_manager/security_manager_settings.h @@ -60,6 +60,7 @@ class CryptoManagerSettings { virtual size_t maximum_payload_size() const = 0; virtual const std::vector<int>& force_protected_service() const = 0; virtual const std::vector<int>& force_unprotected_service() const = 0; + virtual uint32_t security_level() const = 0; }; } // namespace security_manager diff --git a/src/components/include/test/security_manager/mock_security_manager_settings.h b/src/components/include/test/security_manager/mock_security_manager_settings.h index b1c869cd1b..2c62973413 100644 --- a/src/components/include/test/security_manager/mock_security_manager_settings.h +++ b/src/components/include/test/security_manager/mock_security_manager_settings.h @@ -56,6 +56,7 @@ class MockCryptoManagerSettings MOCK_CONST_METHOD0(maximum_payload_size, size_t()); MOCK_CONST_METHOD0(force_protected_service, const std::vector<int>&()); MOCK_CONST_METHOD0(force_unprotected_service, const std::vector<int>&()); + MOCK_CONST_METHOD0(security_level, uint32_t()); }; } // namespace security_manager_test diff --git a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h index f170ef90a7..d6658a79bc 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h @@ -83,6 +83,10 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings { return profile_.force_unprotected_service(); } + uint32_t security_level() const OVERRIDE { + return profile_.security_level(); + } + private: const profile::Profile& profile_; const std::string certificate_data_; diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 53c61401c3..717991cf5c 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -261,6 +261,10 @@ bool CryptoManagerImpl::Init() { #endif } +#if OPENSSL_VERSION_NUMBER >= OPENSSL1_1_VERSION + SSL_CTX_set_security_level(context_, get_settings().security_level()); +#endif + if (get_settings().ca_cert_path().empty()) { SDL_LOG_WARN("Setting up empty CA certificate location"); } |