|
|
@@ -374,7 +374,7 @@ private:
|
|
|
|
|
|
class SSLServer : public Server {
|
|
|
public:
|
|
|
- SSLServer(const char *cert_path, const char *private_key_path, const char *client_cert_path, const char *trusted_cert_path);
|
|
|
+ SSLServer(const char *cert_path, const char *private_key_path, const char *client_CA_cert_path, const char *trusted_cert_path);
|
|
|
|
|
|
virtual ~SSLServer();
|
|
|
|
|
|
@@ -385,7 +385,7 @@ private:
|
|
|
|
|
|
SSL_CTX *ctx_;
|
|
|
std::mutex ctx_mutex_;
|
|
|
- const char *client_cert_path_;
|
|
|
+ const char *client_CA_cert_path_;
|
|
|
const char *trusted_cert_path_;
|
|
|
};
|
|
|
|
|
|
@@ -2232,7 +2232,7 @@ read_and_close_socket_ssl(socket_t sock, size_t keep_alive_max_count,
|
|
|
// The upcoming 1.1.0 is going to be thread safe.
|
|
|
SSL_CTX *ctx, std::mutex &ctx_mutex,
|
|
|
U SSL_connect_or_accept, V setup, T callback,
|
|
|
- const char* client_cert_path = nullptr,
|
|
|
+ const char* client_CA_cert_path = nullptr,
|
|
|
const char* trusted_cert_path = nullptr) {
|
|
|
SSL *ssl = nullptr;
|
|
|
{
|
|
|
@@ -2259,14 +2259,14 @@ read_and_close_socket_ssl(socket_t sock, size_t keep_alive_max_count,
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- if(client_cert_path){
|
|
|
+ if(client_CA_cert_path){
|
|
|
STACK_OF(X509_NAME)* list;
|
|
|
//list of client CAs to request from client
|
|
|
- list = SSL_load_client_CA_file(client_cert_path);
|
|
|
+ list = SSL_load_client_CA_file(client_CA_cert_path);
|
|
|
SSL_set_client_CA_list(ssl, list);
|
|
|
//certificate chain to verify received client certificate against
|
|
|
//please run c_rehash in the cert folder first
|
|
|
- SSL_CTX_load_verify_locations(ctx,client_cert_path,trusted_cert_path);
|
|
|
+ SSL_CTX_load_verify_locations(ctx,client_CA_cert_path,trusted_cert_path);
|
|
|
}
|
|
|
|
|
|
bool ret = false;
|
|
|
@@ -2348,9 +2348,9 @@ inline std::string SSLSocketStream::get_remote_addr() const {
|
|
|
// SSL HTTP server implementation
|
|
|
inline SSLServer::SSLServer(const char *cert_path,
|
|
|
const char *private_key_path,
|
|
|
- const char *client_cert_path = nullptr,
|
|
|
+ const char *client_CA_cert_path = nullptr,
|
|
|
const char *trusted_cert_path = nullptr)
|
|
|
- : client_cert_path_(client_cert_path),
|
|
|
+ : client_CA_cert_path_(client_CA_cert_path),
|
|
|
trusted_cert_path_(trusted_cert_path){
|
|
|
ctx_ = SSL_CTX_new(SSLv23_server_method());
|
|
|
|
|
|
@@ -2369,7 +2369,7 @@ inline SSLServer::SSLServer(const char *cert_path,
|
|
|
1) {
|
|
|
SSL_CTX_free(ctx_);
|
|
|
ctx_ = nullptr;
|
|
|
- } else if(client_cert_path_) {
|
|
|
+ } else if(client_CA_cert_path_) {
|
|
|
SSL_CTX_set_verify(ctx_,
|
|
|
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, //SSL_VERIFY_CLIENT_ONCE,
|
|
|
nullptr
|
|
|
@@ -2391,7 +2391,7 @@ inline bool SSLServer::read_and_close_socket(socket_t sock) {
|
|
|
[this](Stream &strm, bool last_connection, bool &connection_close) {
|
|
|
return process_request(strm, last_connection, connection_close);
|
|
|
},
|
|
|
- client_cert_path_,
|
|
|
+ client_CA_cert_path_,
|
|
|
trusted_cert_path_);
|
|
|
}
|
|
|
|
PixlRainbow