Date: Sat, 1 Mar 2008 19:30:03 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 136599 for review Message-ID: <200803011930.m21JU3us066152@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=136599 Change 136599 by csjp@ibm01 on 2008/03/01 19:29:27 Introduce crypto_fatal and use that. Include a "main" for now until things are a bit more stable. Affected files ... .. //depot/projects/trustedbsd/netauditd/crypto.c#4 edit Differences ... ==== //depot/projects/trustedbsd/netauditd/crypto.c#4 (text+ko) ==== @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ #include <stdio.h> +#include <assert.h> #include <openssl/ssl.h> @@ -32,6 +33,16 @@ static char *crypto_pass; static int +crypto_fatal(struct crypto_context *ct, const char *string) +{ + + assert(ct != NULL); + BIO_printf(ct->c_bioerror, "%s\n", string); + ERR_print_errors(ct->c_bioerror); + exit(1); +} + +static int crypto_password_cb(char *buf, int num, int rwflag, void *userdata) { int slen; @@ -60,22 +71,22 @@ } meth = SSLv23_method(); ct->c_ctx = SSL_CTX_new(meth); - if (!SSL_CTX_use_certificate_chain_file(ct->c_ctx, "KEYFILE")) - berr_exit("Can't read certificate file"); + if (!SSL_CTX_use_certificate_chain_file(ct->c_ctx, "server.pem")) + crypto_fatal(ct, "Can't read certificate file"); /* * XXX we will revisit this. Just want to get things working. */ crypto_pass = "SeCrET KeY"; SSL_CTX_set_default_passwd_cb(ct->c_ctx, crypto_password_cb); - if (!SSL_CTX_use_PrivateKey_file(ct->c_ctx, "KEYFILE", SSL_FILETYPE_PEM)) - berr_exit("Can't read key file"); + if (!SSL_CTX_use_PrivateKey_file(ct->c_ctx, "server.pem", SSL_FILETYPE_PEM)) + crypto_fatal(ct, "Can't read key file"); /* - * Load trusted certificate authorities from root.pem + * Load trusted certificate authorities from key.pem */ - if (!SSL_CTX_load_verify_locations(ct->c_ctx, "root.pem", 0)) - berr_exit("Can't read CA list"); + if (!SSL_CTX_load_verify_locations(ct->c_ctx, "key.pem", 0)) + crypto_fatal(ct, "Can't read CA list"); if ((bio = BIO_new_file("DHFILE", "r")) == NULL) - berr_exit("Couldn't open DH file"); + crypto_fatal(ct, "Couldn't open DH file"); /* * If we are initializing this crypto context for serving SSL clients, * make sure we initialize our Diffie Hellman parameters. @@ -84,7 +95,7 @@ ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio); if (SSL_CTX_set_tmp_dh(ct->c_ctx, ret) < 0) - berr_exit("Couldn't set DH parameters"); + crypto_fatal(ct, "Couldn't set DH parameters"); } return (0); } @@ -95,3 +106,15 @@ SSL_CTX_free(ct->c_ctx); } + +int +main(int argc, char *argv[]) +{ + struct crypto_context ct; + int error; + + error = crypto_init_context(&ct, CRYPTO_CTX_SERVER); + if (error) + err(1, "crypto_init_context failed"); + return (0); +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803011930.m21JU3us066152>