Home Explore Help
Sign In
cpp
/
cpp-httplib
mirror of https://github.com/tazdij/cpp-httplib.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Update SSL related code

yhirose 4 years ago
parent
24a3ef949b
commit
27deb44df5
1 changed files with 13 additions and 25 deletions
Unified View Show Diff Stats
  1. 13 25
      httplib.h

+ 13 - 25
httplib.h
View File 

@@ -7127,17 +7127,14 @@ static SSLInit sslinit_;
 
 inline SSLServer::SSLServer(const char *cert_path, const char *private_key_path,
 
 inline SSLServer::SSLServer(const char *cert_path, const char *private_key_path,
 
                             const char *client_ca_cert_file_path,
 
                             const char *client_ca_cert_file_path,
 
                             const char *client_ca_cert_dir_path) {
 
                             const char *client_ca_cert_dir_path) {
 
-  ctx_ = SSL_CTX_new(TLS_method());
 
+  ctx_ = SSL_CTX_new(TLS_server_method());
 
 
 
   if (ctx_) {
 
   if (ctx_) {
 
     SSL_CTX_set_options(ctx_,
 
     SSL_CTX_set_options(ctx_,
 
-                        SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
 
-                            SSL_OP_NO_COMPRESSION |
 
+                        SSL_OP_NO_COMPRESSION |
 
                             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
                             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
 
 
-    // auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 
-    // SSL_CTX_set_tmp_ecdh(ctx_, ecdh);
 
-    // EC_KEY_free(ecdh);
 
+    SSL_CTX_set_min_proto_version(ctx_, TLS1_1_VERSION);
 
 
 
     if (SSL_CTX_use_certificate_chain_file(ctx_, cert_path) != 1 ||
 
     if (SSL_CTX_use_certificate_chain_file(ctx_, cert_path) != 1 ||
 
         SSL_CTX_use_PrivateKey_file(ctx_, private_key_path, SSL_FILETYPE_PEM) !=
 
         SSL_CTX_use_PrivateKey_file(ctx_, private_key_path, SSL_FILETYPE_PEM) !=
 
@@ -7145,46 +7142,35 @@ inline SSLServer::SSLServer(const char *cert_path, const char *private_key_path,
 
       SSL_CTX_free(ctx_);
 
       SSL_CTX_free(ctx_);
 
       ctx_ = nullptr;
 
       ctx_ = nullptr;
 
     } else if (client_ca_cert_file_path || client_ca_cert_dir_path) {
 
     } else if (client_ca_cert_file_path || client_ca_cert_dir_path) {
 
-      // if (client_ca_cert_file_path) {
 
-      //   auto list = SSL_load_client_CA_file(client_ca_cert_file_path);
 
-      //   SSL_CTX_set_client_CA_list(ctx_, list);
 
-      // }
 
-
 
       SSL_CTX_load_verify_locations(ctx_, client_ca_cert_file_path,
 
       SSL_CTX_load_verify_locations(ctx_, client_ca_cert_file_path,
 
                                     client_ca_cert_dir_path);
 
                                     client_ca_cert_dir_path);
 
 
 
       SSL_CTX_set_verify(
 
       SSL_CTX_set_verify(
 
-          ctx_,
 
-          SSL_VERIFY_PEER |
 
-              SSL_VERIFY_FAIL_IF_NO_PEER_CERT, // SSL_VERIFY_CLIENT_ONCE,
 
-          nullptr);
 
+          ctx_, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
 
     }
 
     }
 
   }
 
   }
 
 }
 
 }
 
 
 
 inline SSLServer::SSLServer(X509 *cert, EVP_PKEY *private_key,
 
 inline SSLServer::SSLServer(X509 *cert, EVP_PKEY *private_key,
 
                             X509_STORE *client_ca_cert_store) {
 
                             X509_STORE *client_ca_cert_store) {
 
-  ctx_ = SSL_CTX_new(SSLv23_server_method());
 
+  ctx_ = SSL_CTX_new(TLS_server_method());
 
 
 
   if (ctx_) {
 
   if (ctx_) {
 
     SSL_CTX_set_options(ctx_,
 
     SSL_CTX_set_options(ctx_,
 
-                        SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
 
-                            SSL_OP_NO_COMPRESSION |
 
+                        SSL_OP_NO_COMPRESSION |
 
                             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
                             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
 
 
+    SSL_CTX_set_min_proto_version(ctx_, TLS1_1_VERSION);
 
+
 
     if (SSL_CTX_use_certificate(ctx_, cert) != 1 ||
 
     if (SSL_CTX_use_certificate(ctx_, cert) != 1 ||
 
         SSL_CTX_use_PrivateKey(ctx_, private_key) != 1) {
 
         SSL_CTX_use_PrivateKey(ctx_, private_key) != 1) {
 
       SSL_CTX_free(ctx_);
 
       SSL_CTX_free(ctx_);
 
       ctx_ = nullptr;
 
       ctx_ = nullptr;
 
     } else if (client_ca_cert_store) {
 
     } else if (client_ca_cert_store) {
 
-
 
       SSL_CTX_set_cert_store(ctx_, client_ca_cert_store);
 
       SSL_CTX_set_cert_store(ctx_, client_ca_cert_store);
 
 
 
       SSL_CTX_set_verify(
 
       SSL_CTX_set_verify(
 
-          ctx_,
 
-          SSL_VERIFY_PEER |
 
-              SSL_VERIFY_FAIL_IF_NO_PEER_CERT, // SSL_VERIFY_CLIENT_ONCE,
 
-          nullptr);
 
+          ctx_, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
 
     }
 
     }
 
   }
 
   }
 
 }
 
 }
 
@@ -7249,12 +7235,13 @@ inline SSLClient::SSLClient(const std::string &host, int port,
 
                             const std::string &client_cert_path,
 
                             const std::string &client_cert_path,
 
                             const std::string &client_key_path)
 
                             const std::string &client_key_path)
 
     : ClientImpl(host, port, client_cert_path, client_key_path) {
 
     : ClientImpl(host, port, client_cert_path, client_key_path) {
 
-  ctx_ = SSL_CTX_new(SSLv23_client_method());
 
+  ctx_ = SSL_CTX_new(TLS_client_method());
 
 
 
   detail::split(&host_[0], &host_[host_.size()], '.',
 
   detail::split(&host_[0], &host_[host_.size()], '.',
 
                 [&](const char *b, const char *e) {
 
                 [&](const char *b, const char *e) {
 
                   host_components_.emplace_back(std::string(b, e));
 
                   host_components_.emplace_back(std::string(b, e));
 
                 });
 
                 });
 
+
 
   if (!client_cert_path.empty() && !client_key_path.empty()) {
 
   if (!client_cert_path.empty() && !client_key_path.empty()) {
 
     if (SSL_CTX_use_certificate_file(ctx_, client_cert_path.c_str(),
 
     if (SSL_CTX_use_certificate_file(ctx_, client_cert_path.c_str(),
 
                                      SSL_FILETYPE_PEM) != 1 ||
 
                                      SSL_FILETYPE_PEM) != 1 ||
 
@@ -7269,12 +7256,13 @@ inline SSLClient::SSLClient(const std::string &host, int port,
 
 inline SSLClient::SSLClient(const std::string &host, int port,
 
 inline SSLClient::SSLClient(const std::string &host, int port,
 
                             X509 *client_cert, EVP_PKEY *client_key)
 
                             X509 *client_cert, EVP_PKEY *client_key)
 
     : ClientImpl(host, port) {
 
     : ClientImpl(host, port) {
 
-  ctx_ = SSL_CTX_new(SSLv23_client_method());
 
+  ctx_ = SSL_CTX_new(TLS_client_method());
 
 
 
   detail::split(&host_[0], &host_[host_.size()], '.',
 
   detail::split(&host_[0], &host_[host_.size()], '.',
 
                 [&](const char *b, const char *e) {
 
                 [&](const char *b, const char *e) {
 
                   host_components_.emplace_back(std::string(b, e));
 
                   host_components_.emplace_back(std::string(b, e));
 
                 });
 
                 });
 
+
 
   if (client_cert != nullptr && client_key != nullptr) {
 
   if (client_cert != nullptr && client_key != nullptr) {
 
     if (SSL_CTX_use_certificate(ctx_, client_cert) != 1 ||
 
     if (SSL_CTX_use_certificate(ctx_, client_cert) != 1 ||
 
         SSL_CTX_use_PrivateKey(ctx_, client_key) != 1) {
 
         SSL_CTX_use_PrivateKey(ctx_, client_key) != 1) {