diff options
author | lastutf445 <lastutf445@yandex-team.ru> | 2022-02-10 16:50:41 +0300 |
---|---|---|
committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:50:41 +0300 |
commit | 613bcf44f93063d0d999c886a80eec7fb61afd97 (patch) | |
tree | 5d5cb817648f650d76cf1076100726fd9b8448e8 /library/cpp/actors/http/http_proxy_ssl.h | |
parent | 81dc2ca0088907db6b9b8e59b9722e0a610f02a8 (diff) | |
download | ydb-613bcf44f93063d0d999c886a80eec7fb61afd97.tar.gz |
Restoring authorship annotation for <lastutf445@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'library/cpp/actors/http/http_proxy_ssl.h')
-rw-r--r-- | library/cpp/actors/http/http_proxy_ssl.h | 114 |
1 files changed, 57 insertions, 57 deletions
diff --git a/library/cpp/actors/http/http_proxy_ssl.h b/library/cpp/actors/http/http_proxy_ssl.h index d0894a0313..ffce12997f 100644 --- a/library/cpp/actors/http/http_proxy_ssl.h +++ b/library/cpp/actors/http/http_proxy_ssl.h @@ -17,14 +17,14 @@ struct TSslHelpers { SSL_free(ssl); } - static void Destroy(X509* cert) noexcept { - X509_free(cert); - } - - static void Destroy(EVP_PKEY* pkey) noexcept { - EVP_PKEY_free(pkey); - } - + static void Destroy(X509* cert) noexcept { + X509_free(cert); + } + + static void Destroy(EVP_PKEY* pkey) noexcept { + EVP_PKEY_free(pkey); + } + static void Destroy(BIO* bio) noexcept { BIO_free(bio); } @@ -67,55 +67,55 @@ struct TSslHelpers { return ctx; } - static bool LoadX509Chain(TSslHolder<SSL_CTX>& ctx, const TString& pem) { - TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); - if (bio == nullptr) { - return false; - } - TSslHolder<X509> cert(PEM_read_bio_X509_AUX(bio.Get(), nullptr, nullptr, nullptr)); - if (cert == nullptr) { - return false; - } - if (SSL_CTX_use_certificate(ctx.Get(), cert.Release()) <= 0) { - return false; - } - SSL_CTX_clear_chain_certs(ctx.Get()); - while (true) { - TSslHolder<X509> ca(PEM_read_bio_X509(bio.Get(), nullptr, nullptr, nullptr)); - if (ca == nullptr) { - break; - } - if (!SSL_CTX_add0_chain_cert(ctx.Get(), ca.Release())) { - return false; - } - } - return true; - } - - static bool LoadPrivateKey(TSslHolder<SSL_CTX>& ctx, const TString& pem) { - TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); - if (bio == nullptr) { - return false; - } - TSslHolder<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.Get(), nullptr, nullptr, nullptr)); - if (SSL_CTX_use_PrivateKey(ctx.Get(), pkey.Release()) <= 0) { - return false; - } - return true; - } - - static TSslHolder<SSL_CTX> CreateServerContext(const TString& pem) { - TSslHolder<SSL_CTX> ctx = CreateSslCtx(SSLv23_server_method()); - SSL_CTX_set_ecdh_auto(ctx.Get(), 1); - if (!LoadX509Chain(ctx, pem)) { - return nullptr; - } - if (!LoadPrivateKey(ctx, pem)) { - return nullptr; - } - return ctx; - } - + static bool LoadX509Chain(TSslHolder<SSL_CTX>& ctx, const TString& pem) { + TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); + if (bio == nullptr) { + return false; + } + TSslHolder<X509> cert(PEM_read_bio_X509_AUX(bio.Get(), nullptr, nullptr, nullptr)); + if (cert == nullptr) { + return false; + } + if (SSL_CTX_use_certificate(ctx.Get(), cert.Release()) <= 0) { + return false; + } + SSL_CTX_clear_chain_certs(ctx.Get()); + while (true) { + TSslHolder<X509> ca(PEM_read_bio_X509(bio.Get(), nullptr, nullptr, nullptr)); + if (ca == nullptr) { + break; + } + if (!SSL_CTX_add0_chain_cert(ctx.Get(), ca.Release())) { + return false; + } + } + return true; + } + + static bool LoadPrivateKey(TSslHolder<SSL_CTX>& ctx, const TString& pem) { + TSslHolder<BIO> bio(BIO_new_mem_buf(pem.c_str(), pem.size())); + if (bio == nullptr) { + return false; + } + TSslHolder<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.Get(), nullptr, nullptr, nullptr)); + if (SSL_CTX_use_PrivateKey(ctx.Get(), pkey.Release()) <= 0) { + return false; + } + return true; + } + + static TSslHolder<SSL_CTX> CreateServerContext(const TString& pem) { + TSslHolder<SSL_CTX> ctx = CreateSslCtx(SSLv23_server_method()); + SSL_CTX_set_ecdh_auto(ctx.Get(), 1); + if (!LoadX509Chain(ctx, pem)) { + return nullptr; + } + if (!LoadPrivateKey(ctx, pem)) { + return nullptr; + } + return ctx; + } + static TSslHolder<SSL> ConstructSsl(SSL_CTX* ctx, BIO* bio) { TSslHolder<SSL> ssl(SSL_new(ctx)); |