X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FsslUtil.cpp;h=5855e6670437f230fc5cab63ebf351ec0b3f745c;hb=de2271154502f2fe7bc6259208bcb092d4e82ae3;hp=d0710e0a837d8d297dd343f37b1796f18d362e0f;hpb=98a544751a65db8c606ee1878fe157ba7c5191ab;p=cassiopeia.git

diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp
index d0710e0..5855e66 100644
--- a/src/crypto/sslUtil.cpp
+++ b/src/crypto/sslUtil.cpp
@@ -17,7 +17,7 @@ std::shared_ptr<int> ssl_lib_ref(
         CRYPTO_cleanup_all_ex_data();
     } );
 
-std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
+std::shared_ptr<X509> loadX509FromFile( const std::string& filename ) {
     FILE* f = fopen( filename.c_str(), "r" );
 
     if( !f ) {
@@ -38,7 +38,7 @@ std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
         } );
 }
 
-std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
+std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename ) {
     FILE* f = fopen( filename.c_str(), "r" );
 
     if( !f ) {
@@ -94,7 +94,9 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
     SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
     SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
     SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
-    SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 );
+    if( 1 != SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ) ) {
+        throw "Cannot load CA store for certificate validation.";
+    }
 
     if( server ) {
         STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
@@ -162,7 +164,7 @@ void setupSerial( FILE* f ) {
     }
 }
 
-std::shared_ptr<BIO> openSerial( const std::string name ) {
+std::shared_ptr<BIO> openSerial( const std::string& name ) {
     FILE* f = fopen( name.c_str(), "r+" );
 
     if( !f ) {
@@ -175,9 +177,7 @@ std::shared_ptr<BIO> openSerial( const std::string name ) {
     return b;
 }
 
-CAConfig::CAConfig( std::string name ) {
-    this->name = name;
-    this->path = "ca/" + name;
+CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) {
     ca = loadX509FromFile( path + "/ca.crt" );
     caKey = loadPkeyFromFile( path + "/ca.key" );
     ASN1_TIME* tm = X509_get_notBefore( ca );