Backout changes which SSL 1.0 forced. SSL 0.98 was always being used on dnseppus.mop.biz

This commit is contained in:
Ren RenJuan 2014-01-07 18:58:20 +00:00
parent 83c6117308
commit af9396ed14
1 changed files with 13 additions and 21 deletions

View File

@ -8,14 +8,6 @@
#include <unistd.h> #include <unistd.h>
#include <sys/socket.h> #include <sys/socket.h>
#if (PRODUCTION==1)
#define sslCast
#define sslUncast
#else
#define sslCast const
#define sslUncast (SSL_CTX *)
#endif
using namespace std; using namespace std;
namespace { namespace {
@ -41,36 +33,36 @@ TLSContext::TLSContext(const string& private_key_file,
SSL_load_error_strings(); SSL_load_error_strings();
SSL_library_init(); SSL_library_init();
sslCast SSL_METHOD *meth = TLSv1_client_method(); SSL_METHOD *meth = TLSv1_client_method();
if (meth == NULL) if (meth == NULL)
throw SSLException("Error initialising SSL method"); throw SSLException("Error initialising SSL method");
// SSL Context // SSL Context
sslCast SSL_CTX *local_ctx = SSL_CTX_new(meth); SSL_CTX *local_ctx = SSL_CTX_new(meth);
if (local_ctx == NULL) if (local_ctx == NULL)
{ {
throw SSLException ("Error initialising SSL context"); throw SSLException ("Error initialising SSL context");
} }
// SSL Ciphers // SSL Ciphers
int i = SSL_CTX_set_cipher_list( sslUncast local_ctx, "TLSv1"); int i = SSL_CTX_set_cipher_list( local_ctx, "TLSv1");
if (i == -1) if (i == -1)
{ {
SSL_CTX_free( sslUncast local_ctx); SSL_CTX_free( local_ctx);
throw SSLException( throw SSLException(
"There was a problem initialising the SSL cipher list"); "There was a problem initialising the SSL cipher list");
} }
SSL_CTX_set_default_passwd_cb_userdata( sslUncast local_ctx, SSL_CTX_set_default_passwd_cb_userdata( local_ctx,
static_cast<void*>(const_cast<char*>(password.c_str()))); static_cast<void*>(const_cast<char*>(password.c_str())));
SSL_CTX_set_default_passwd_cb( sslUncast local_ctx, getPassword); SSL_CTX_set_default_passwd_cb( local_ctx, getPassword);
i = SSL_CTX_use_PrivateKey_file( sslUncast local_ctx, i = SSL_CTX_use_PrivateKey_file( local_ctx,
private_key_file.c_str(), private_key_file.c_str(),
SSL_FILETYPE_PEM); SSL_FILETYPE_PEM);
if (i == -1) if (i == -1)
{ {
SSL_CTX_free( sslUncast local_ctx); SSL_CTX_free( local_ctx);
throw SSLException( throw SSLException(
"There was a problem initialising SSL the private key '" "There was a problem initialising SSL the private key '"
+ private_key_file + "'"); + private_key_file + "'");
@ -78,23 +70,23 @@ TLSContext::TLSContext(const string& private_key_file,
// Load the public certificate for our key. // Load the public certificate for our key.
// Replace with // Replace with
i = SSL_CTX_use_certificate_chain_file( sslUncast local_ctx, cert_file.c_str()); i = SSL_CTX_use_certificate_chain_file( local_ctx, cert_file.c_str());
if (i == -1) if (i == -1)
{ {
SSL_CTX_free( sslUncast local_ctx); SSL_CTX_free( local_ctx);
throw SSLException("Error loading cert_file '" + cert_file + "'"); throw SSLException("Error loading cert_file '" + cert_file + "'");
} }
// Load the CA certificate(s) // Load the CA certificate(s)
i = SSL_CTX_load_verify_locations ( sslUncast local_ctx, ca_file.c_str(), NULL); i = SSL_CTX_load_verify_locations ( local_ctx, ca_file.c_str(), NULL);
if (i == -1) if (i == -1)
{ {
SSL_CTX_free( sslUncast local_ctx); SSL_CTX_free( local_ctx);
throw EPPException ("Could not load CA file '" + ca_file +"'"); throw EPPException ("Could not load CA file '" + ca_file +"'");
} }
ctx = sslUncast local_ctx; ctx = local_ctx;
} }