CRYPTO_cleanup_all_ex_data();
} );
-std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
+std::shared_ptr<X509> loadX509FromFile( const std::string& filename ) {
FILE* f = fopen( filename.c_str(), "r" );
if( !f ) {
} );
}
-std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
+std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename ) {
FILE* f = fopen( filename.c_str(), "r" );
if( !f ) {
SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
- SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 );
+ if( 1 != SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ) ) {
+ throw "Cannot load CA store for certificate validation.";
+ }
if( server ) {
STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
}
}
-std::shared_ptr<BIO> openSerial( const std::string name ) {
+std::shared_ptr<BIO> openSerial( const std::string& name ) {
FILE* f = fopen( name.c_str(), "r+" );
if( !f ) {
return b;
}
-CAConfig::CAConfig( std::string name ) {
- this->name = name;
- this->path = "ca/" + name;
+CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) {
ca = loadX509FromFile( path + "/ca.crt" );
caKey = loadPkeyFromFile( path + "/ca.key" );
ASN1_TIME* tm = X509_get_notBefore( ca );