Skip to content

Openssl clientcertengine support2 #14903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Trott wants to merge 5 commits into from
Closed

Openssl clientcertengine support2 #14903

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f2852fe
tls: implement clientCertEngine option
joelostrowski Apr 15, 2016
be53cbe
doc: add `clientCertEngine` to docs
Trott Aug 17, 2017
7511bc3
test: add tls clientcertengine tests
Trott Sep 23, 2017
1501e2c
squash: nits
Trott Nov 8, 2017
085a847
squash: typo
Trott Nov 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
squash: nits
  • Loading branch information
@Trott
Trott committed Nov 8, 2017
commit 1501e2c35a79377f42269471d5fd829831d73417
2 changes: 2 additions & 0 deletions src/node_crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,9 @@ class SecureContext : public BaseObject {
SSL_CTX* ctx_;
X509* cert_;
X509* issuer_;
#ifndef OPENSSL_NO_ENGIN
bool client_cert_engine_provided_ = false;
Copy link
Copy Markdown
Member

@bnoordhuis bnoordhuis Nov 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you wrap this in an #ifndef OPENSSL_NO_ENGINE guard? g++ will complain about it being unused otherwise (with OPENSSL_NO_ENGINE builds, that is.)

#endif // !OPENSSL_NO_ENGINE

static const int kMaxSessionSize = 10 * 1024;

Expand Down
130 changes: 65 additions & 65 deletions test/addons/openssl-client-cert-engine/testengine.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,80 +21,80 @@

namespace {

int EngineInit(ENGINE* engine) {
return 1;
}

int EngineFinish(ENGINE* engine) {
return 1;
}

int EngineDestroy(ENGINE* engine) {
return 1;
}
int EngineInit(ENGINE* engine) {
return 1;
}

int EngineFinish(ENGINE* engine) {
return 1;
}

int EngineDestroy(ENGINE* engine) {
return 1;
}

std::string LoadFile(const char* filename) {
std::ifstream file(filename);
return std::string(std::istreambuf_iterator<char>(file),
std::istreambuf_iterator<char>());
}
Copy link
Copy Markdown
Member

@bnoordhuis bnoordhuis Sep 28, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be shortened somewhat to this:

#include <fstream>
#include <iterator>
#include <string>
// ...
static std::string LoadFile(const char* filename) {
  std::ifstream file(filename);
  return std::string(std::istreambuf_iterator<char>(file),
                     std::istreambuf_iterator<char>());
}

Copy link
Copy Markdown
Member

@bnoordhuis bnoordhuis Sep 28, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As well, if you wrap everything in a namespace { } // namespace anonymous, you can drop the static keywords.



int EngineLoadSSLClientCert(ENGINE* engine,
SSL* ssl,
STACK_OF(X509_NAME)* ca_dn,
X509** ppcert,
EVP_PKEY** ppkey,
STACK_OF(X509)** pother,
UI_METHOD* ui_method,
void* callback_data) {
if (ppcert != nullptr) {
std::string cert = LoadFile(AGENT_CERT);
if (cert.empty()) {
return 0;
}

std::string LoadFile(const char* filename) {
std::ifstream file(filename);
return std::string(std::istreambuf_iterator<char>(file),
std::istreambuf_iterator<char>());
BIO* bio = BIO_new_mem_buf(cert.data(), cert.size());
*ppcert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
BIO_vfree(bio);
if (*ppcert == nullptr) {
printf("Could not read certificate\n");
return 0;
}
}


int EngineLoadSSLClientCert(ENGINE* engine,
SSL* ssl,
STACK_OF(X509_NAME)* ca_dn,
X509** ppcert,
EVP_PKEY** ppkey,
STACK_OF(X509)** pother,
UI_METHOD* ui_method,
void* callback_data) {
if (ppcert) {
std::string cert = LoadFile(AGENT_CERT);
if (cert.size() == 0) {
return 0;
}

BIO* bio = BIO_new_mem_buf(cert.data(), cert.size());
*ppcert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
BIO_vfree(bio);
if (*ppcert == nullptr) {
printf("Could not read certificate\n");
return 0;
}
if (ppkey != nullptr) {
std::string key = LoadFile(AGENT_KEY);
if (key.empty()) {
return 0;
}

if (ppkey) {
std::string key = LoadFile(AGENT_KEY);
if (key.empty()) {
return 0;
}

BIO* bio = BIO_new_mem_buf(key.data(), key.size());
*ppkey = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
BIO_vfree(bio);
if (*ppkey == nullptr) {
printf("Could not read private key\n");
return 0;
}
BIO* bio = BIO_new_mem_buf(key.data(), key.size());
*ppkey = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
BIO_vfree(bio);
if (*ppkey == nullptr) {
printf("Could not read private key\n");
return 0;
}

return 1;
}

int bind_fn(ENGINE* engine, const char* id) {
ENGINE_set_id(engine, TEST_ENGINE_ID);
ENGINE_set_name(engine, TEST_ENGINE_NAME);
ENGINE_set_init_function(engine, EngineInit);
ENGINE_set_finish_function(engine, EngineFinish);
ENGINE_set_destroy_function(engine, EngineDestroy);
ENGINE_set_load_ssl_client_cert_function(engine, EngineLoadSSLClientCert);
return 1;
}

return 1;
}
int bind_fn(ENGINE* engine, const char* id) {
ENGINE_set_id(engine, TEST_ENGINE_ID);
ENGINE_set_name(engine, TEST_ENGINE_NAME);
ENGINE_set_init_function(engine, EngineInit);
ENGINE_set_finish_function(engine, EngineFinish);
ENGINE_set_destroy_function(engine, EngineDestroy);
ENGINE_set_load_ssl_client_cert_function(engine, EngineLoadSSLClientCert);

extern "C" {
IMPLEMENT_DYNAMIC_CHECK_FN();
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn);
}
return 1;
}

extern "C" {
IMPLEMENT_DYNAMIC_CHECK_FN();
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn);
}

} // anonymous namespace