From 50000a1ac5a13fd2f4766f063b341377a017a8eb Mon Sep 17 00:00:00 2001 From: Andy Green Date: Tue, 18 Nov 2014 07:53:20 +0800 Subject: [PATCH] ssl also allow passphrase management for server Adapted from idea + diff provided by "linedot" https://github.com/warmcat/libwebsockets/issues/152#issuecomment-63364869 Signed-off-by: Andy Green --- lib/ssl.c | 50 ++++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/lib/ssl.c b/lib/ssl.c index 1b8afaf4..54d86c8b 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -48,6 +48,32 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) return !n; } +static int lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata) +{ + struct lws_context_creation_info * info = (struct lws_context_creation_info *)userdata; + + strncpy(buf, info->ssl_private_key_password, size); + buf[size - 1] = '\0'; + + return strlen(buf); +} + +static void lws_ssl_bind_passphrase(struct libwebsocket_context *context, + struct lws_context_creation_info *info) +{ + if (!info->ssl_private_key_password) + return; + /* + * password provided, set ssl callback and user data + * for checking password which will be trigered during + * SSL_CTX_use_PrivateKey_file function + */ + SSL_CTX_set_default_passwd_cb_userdata(context->ssl_client_ctx, + (void *)info); + SSL_CTX_set_default_passwd_cb(context->ssl_client_ctx, + lws_context_init_ssl_pem_passwd_cb); +} + LWS_VISIBLE int lws_context_init_server_ssl(struct lws_context_creation_info *info, struct libwebsocket_context *context) @@ -157,6 +183,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, (char *)context->service_buffer)); return 1; } + lws_ssl_bind_passphrase(context, info); /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(context->ssl_ctx, info->ssl_private_key_filepath, @@ -218,15 +245,6 @@ libwebsockets_decode_ssl_error(void) } #ifndef LWS_NO_CLIENT -static int lws_context_init_client_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata) -{ - struct lws_context_creation_info * info = (struct lws_context_creation_info *)userdata; - - strncpy(buf, info->ssl_private_key_password, size); - buf[size - 1] = '\0'; - - return strlen(buf); -} int lws_context_init_client_ssl(struct lws_context_creation_info *info, struct libwebsocket_context *context) @@ -326,19 +344,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, } } if (info->ssl_private_key_filepath) { - /* check for provided by user password to private key */ - if (info->ssl_private_key_password) { - /* - * password provided, set ssl callback and user data - * for checking password which will be trigered during - * SSL_CTX_use_PrivateKey_file function - */ - SSL_CTX_set_default_passwd_cb_userdata( - context->ssl_client_ctx, - (void *)info); - SSL_CTX_set_default_passwd_cb(context->ssl_client_ctx, - lws_context_init_client_ssl_pem_passwd_cb); - } + lws_ssl_bind_passphrase(context, info); /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(context->ssl_client_ctx, info->ssl_private_key_filepath, SSL_FILETYPE_PEM) != 1) {