r3106 - in trunk/libmcrypto: include/libmcrypto/openssl source
source/gnutls source/openssl
mikma at minisip.org
mikma at minisip.org
Wed Jan 10 20:53:23 CET 2007
Author: mikma
Date: 2007-01-10 20:53:22 +0100 (Wed, 10 Jan 2007)
New Revision: 3106
Modified:
trunk/libmcrypto/include/libmcrypto/openssl/init.h
trunk/libmcrypto/source/gnutls/cert.cxx
trunk/libmcrypto/source/gnutls/init.cxx
trunk/libmcrypto/source/init.cxx
trunk/libmcrypto/source/openssl/cert.cxx
trunk/libmcrypto/source/openssl/init.cxx
Log:
* Add all OpenSSL algorithms and clean up in libmcrypto(Openssl)Init
and libmcrypto(Openssl)Uninit respectively.
* Implement gtls_certificate::control
* Allow X509 version 1 CA certificates in gtls_certificate::control
and gtls_certificate_chain::control.
Modified: trunk/libmcrypto/include/libmcrypto/openssl/init.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/init.h 2007-01-10 19:49:08 UTC (rev 3105)
+++ trunk/libmcrypto/include/libmcrypto/openssl/init.h 2007-01-10 19:53:22 UTC (rev 3106)
@@ -26,6 +26,9 @@
#include <libmcrypto/init.h>
#include <libmutil/MSingleton.h>
+void libmcryptoOpensslInit();
+void libmcryptoOpensslUninit();
+
class LIBMCRYPTO_API OpenSSLThreadGuard : public CryptoThreadGuard,
public MSingleton<OpenSSLThreadGuard>
{
Modified: trunk/libmcrypto/source/gnutls/cert.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/cert.cxx 2007-01-10 19:49:08 UTC (rev 3105)
+++ trunk/libmcrypto/source/gnutls/cert.cxx 2007-01-10 19:53:22 UTC (rev 3106)
@@ -36,7 +36,6 @@
using namespace std;
-
#define UNIMPLEMENTED \
string msg = string( __FUNCTION__ ) + " unimplemented"; \
throw Exception(msg.c_str());
@@ -914,9 +913,38 @@
}
-// TODO convert to gnutls
int gtls_certificate::control( ca_db * certDb ){
- UNIMPLEMENTED;
+ int result;
+ unsigned int verify = 0;
+ MRef<gtls_ca_db*> gtls_db =
+ dynamic_cast<gtls_ca_db*>( certDb );
+ gnutls_x509_crt_t* ca_list = NULL;
+ size_t ca_list_length = 0;
+
+ if( !gtls_db ){
+ cerr << "Not gtls CA db" << endl;
+ return 0;
+ }
+
+ if( !gtls_db->getDb( &ca_list, &ca_list_length ) ){
+ cerr << "No CA db" << endl;
+ return 0;
+ }
+
+ result = gnutls_x509_crt_verify( cert,
+ ca_list, ca_list_length,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &verify);
+
+ if( result < 0 ){
+ cerr << "gnutls_x509_crt_verify failed" << endl;
+ return 0;
+ }
+
+#ifdef DEBUG_OUTPUT
+ cerr << "gnutls_x509_crt_verify returns " << verify << endl;
+#endif
+ return verify ? 0 : 1;
}
int gtls_certificate::envelope_data( unsigned char * data, int size, unsigned char *retdata, int *retsize,
@@ -1265,7 +1293,8 @@
ca_list, ca_list_length,
// crl_list, crl_list_length,
NULL, 0,
- 0, &verify);
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &verify);
delete[] gtls_list;
gtls_list = NULL;
Modified: trunk/libmcrypto/source/gnutls/init.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/init.cxx 2007-01-10 19:49:08 UTC (rev 3105)
+++ trunk/libmcrypto/source/gnutls/init.cxx 2007-01-10 19:53:22 UTC (rev 3106)
@@ -27,24 +27,16 @@
using namespace std;
-static unsigned int g_initialized;
-
void libmcryptoGnutlsInit()
{
- if( g_initialized++ )
- return;
-
/* The order matters.
*/
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
gnutls_global_init();
- g_initialized = true;
}
void libmcryptoGnutlsUninit()
{
- if( --g_initialized )
- return;
gnutls_global_deinit();
}
Modified: trunk/libmcrypto/source/init.cxx
===================================================================
--- trunk/libmcrypto/source/init.cxx 2007-01-10 19:49:08 UTC (rev 3105)
+++ trunk/libmcrypto/source/init.cxx 2007-01-10 19:53:22 UTC (rev 3106)
@@ -32,9 +32,15 @@
#include <config.h>
+static unsigned int g_initialized;
+
void libmcryptoInit()
{
+ if( g_initialized++ )
+ return;
+
#ifdef HAVE_OPENSSL
+ libmcryptoOpensslInit();
#if 0
OpensslThreadGuard::initialize();
#endif
@@ -48,8 +54,13 @@
void libmcryptoUninit()
{
+ if( --g_initialized )
+ return;
+
#if defined(HAVE_GNUTLS)
libmcryptoGnutlsUninit();
+#elif defined(HAVE_OPENSSL)
+ libmcryptoOpensslUninit();
#endif
}
Modified: trunk/libmcrypto/source/openssl/cert.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/cert.cxx 2007-01-10 19:49:08 UTC (rev 3105)
+++ trunk/libmcrypto/source/openssl/cert.cxx 2007-01-10 19:53:22 UTC (rev 3106)
@@ -515,8 +515,6 @@
throw certificate_exception_pkey("Couldn't initiate bio buffer" );
}
- SSLeay_add_all_algorithms();
-
private_key = PEM_read_bio_PrivateKey(mem, NULL, 0, (void*)password.c_str());
if(private_key == NULL )
Modified: trunk/libmcrypto/source/openssl/init.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/init.cxx 2007-01-10 19:49:08 UTC (rev 3105)
+++ trunk/libmcrypto/source/openssl/init.cxx 2007-01-10 19:53:22 UTC (rev 3106)
@@ -27,17 +27,24 @@
#include <vector>
#include <openssl/crypto.h>
+#include <openssl/evp.h>
#ifdef OPENSSL_SYS_WIN32
#include <windows.h>
#endif
#include <config.h>
+using namespace std;
+
void libmcryptoOpensslInit() {
- MRef<OpenSSLThreadGuard *> instance = OpenSSLThreadGuard::getInstance();
+// MRef<OpenSSLThreadGuard *> instance = OpenSSLThreadGuard::getInstance();
// instance will be saved by singleton
+ OpenSSL_add_all_algorithms();
}
+void libmcryptoOpensslUninit(){
+ EVP_cleanup();
+}
OpenSSLThreadGuard::OpenSSLThreadGuard() : CryptoThreadGuard()
{
More information about the Minisip-devel
mailing list