From 704dbb70cf6c561fd2f036e44dc104fcc6e1d721 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=ADn=20Lucas=20Golini?= Date: Sun, 1 Jun 2014 17:43:47 -0300 Subject: [PATCH] Small code clean up for the SSL implementation. --- .../ssl/backend/openssl/copensslsocket.cpp | 19 ++++--------- src/eepp/network/ssl/csslsocket.cpp | 28 +++++++++++++++++-- 2 files changed, 32 insertions(+), 15 deletions(-) diff --git a/src/eepp/network/ssl/backend/openssl/copensslsocket.cpp b/src/eepp/network/ssl/backend/openssl/copensslsocket.cpp index f26fed45b..c333d516b 100644 --- a/src/eepp/network/ssl/backend/openssl/copensslsocket.cpp +++ b/src/eepp/network/ssl/backend/openssl/copensslsocket.cpp @@ -94,7 +94,7 @@ int cOpenSSLSocket::CertVerifyCb( X509_STORE_CTX * x509_ctx, void * arg ) { bool base_cert_valid = X509_verify_cert( x509_ctx ); if ( !base_cert_valid ) { - eePRINTL( "Cause: %s", ( X509_verify_cert_error_string( X509_STORE_CTX_get_error( x509_ctx ) ) ) ); + eePRINTL( "Cause: %s", X509_verify_cert_error_string( X509_STORE_CTX_get_error( x509_ctx ) ) ); ERR_print_errors_fp( stdout ); } @@ -103,8 +103,8 @@ int cOpenSSLSocket::CertVerifyCb( X509_STORE_CTX * x509_ctx, void * arg ) { char cert_str[256]; X509_NAME_oneline( X509_get_subject_name ( server_cert ), cert_str, sizeof ( cert_str ) ); - eePRINTL( "CERT STR: %s", ( cert_str ) ); - eePRINTL( "VALID: %s", String::ToStr( base_cert_valid ).c_str() ); + eePRINTL( "CERT STR: %s", cert_str ); + eePRINTL( "VALID: %d", (int)base_cert_valid ); if ( !base_cert_valid ) { return 0; @@ -161,7 +161,7 @@ bool cOpenSSLSocket::Init() { BIO_free(mem); } - eePRINTL( "Loaded certs from '%s': %d", cSSLSocket::CertificatesPath.c_str(), (int)sCerts.size() ); + eePRINTL( "Loaded certs from '%s': %d", cSSLSocket::CertificatesPath.c_str(), (int)sCerts.size() ); } return true; @@ -243,12 +243,6 @@ cSocket::Status cOpenSSLSocket::Connect( const cIpAddress& remoteAddress, unsign } mSSL = SSL_new( mCTX ); - /** - mBIO = BIO_new( &_bio_method ); - mBIO->ptr = this; - - SSL_set_bio( mSSL, mBIO, mBIO ); - */ SSL_set_fd( mSSL, (int)mSSLSocket->mSocket ); @@ -260,7 +254,7 @@ cSocket::Status cOpenSSLSocket::Connect( const cIpAddress& remoteAddress, unsign // Same as before, try to connect. int result = SSL_connect( mSSL ); - eePRINTL( "CONNECTION RESULT: %s", String::ToStr(result).c_str() ); + eePRINTL( "CONNECTION RESULT: %d", result ); if ( result < 1 ) { ERR_print_errors_fp(stdout); @@ -277,7 +271,7 @@ cSocket::Status cOpenSSLSocket::Connect( const cIpAddress& remoteAddress, unsign if ( peer ) { bool cert_ok = SSL_get_verify_result(mSSL) == X509_V_OK; - eePRINTL( "cert_ok: %s", String::ToStr(cert_ok).c_str() ); + eePRINTL( "cert_ok: %d", (int)cert_ok ); mStatus = cSocket::Done; } else if ( mSSLSocket->mValidateCertificate ) { @@ -301,7 +295,6 @@ void cOpenSSLSocket::Disconnect() { mSSL = NULL; mCTX = NULL; - mConnected = false; mStatus = cSocket::Disconnected; } diff --git a/src/eepp/network/ssl/csslsocket.cpp b/src/eepp/network/ssl/csslsocket.cpp index f83f9fa65..75ec2ebff 100644 --- a/src/eepp/network/ssl/csslsocket.cpp +++ b/src/eepp/network/ssl/csslsocket.cpp @@ -1,6 +1,6 @@ #include #include -#include +#include #ifdef EE_OPENSSL #include @@ -18,7 +18,31 @@ bool cSSLSocket::Init() { if ( !ssl_initialized ) { if ( CertificatesPath.empty() ) { #if EE_PLATFORM == EE_PLATFORM_LINUX - CertificatesPath = "/etc/ssl/ca-bundle.pem"; + // Debian Systems + if ( FileSystem::FileExists( "/etc/ssl/certs/ca-certificates.crt" ) ) { + CertificatesPath = "/etc/ssl/certs/ca-certificates.crt"; + // SuSE Systems + } else if ( FileSystem::FileExists( "/etc/ssl/ca-bundle.pem" ) ) { + CertificatesPath = "/etc/ssl/ca-bundle.pem"; + // Redhat and Mandriva Systems + } else if ( FileSystem::FileExists( "/etc/pki/tls/certs/ca-bundle.crt" ) ) { + CertificatesPath = "/etc/pki/tls/certs/ca-bundle.crt"; + // older Redhat Systems + } else if ( FileSystem::FileExists( "/usr/share/ssl/certs/ca-bundle.crt" ) ) { + CertificatesPath = "/usr/share/ssl/certs/ca-bundle.crt"; + } + #elif EE_PLATFORM == EE_PLATFORM_BSD + // FreeBSD + if ( FileSystem::FileExists( "/usr/local/share/certs/ca-root.crt" ) ) { + CertificatesPath = "/usr/local/share/certs/ca-root.crt"; + // OpenBSD + } else if ( FileSystem::FileExists( "/etc/ssl/cert.pem" ) ) { + CertificatesPath = "/etc/ssl/cert.pem"; + } + #elif EE_PLATFORM == EE_PLATFORM_HAIKU + if ( FileSystem::FileExists( "/boot/common/data/ssl/cert.pem" ) ) { + CertificatesPath = "/boot/common/data/ssl/cert.pem"; + } #endif }