Drizzled Public API Documentation

ssl.cc
1 /* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
2  *
3  * Drizzle Client & Protocol Library
4  *
5  * Copyright (C) 2012 Andrew Hutchings (andrew@linuxjedi.co.uk)
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions are
10  * met:
11  *
12  * * Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * * Redistributions in binary form must reproduce the above
16  * copyright notice, this list of conditions and the following disclaimer
17  * in the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * * The names of its contributors may not be used to endorse or
21  * promote products derived from this software without specific prior
22  * written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
25  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
26  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
27  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
28  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
29  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
30  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
34  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35  *
36  */
37 
38 #include <libdrizzle/common.h>
39 
40 drizzle_return_t drizzle_set_ssl(drizzle_con_st *con, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)
41 {
42  con->ssl_context= SSL_CTX_new(TLSv1_client_method());
43 
44  if (cipher)
45  {
46  drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot set the SSL cipher list");
47  return DRIZZLE_RETURN_SSL_ERROR;
48  }
49 
50  if (SSL_CTX_load_verify_locations(con->ssl_context, ca, capath) != 1)
51  {
52  drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate authority file");
53  return DRIZZLE_RETURN_SSL_ERROR;
54  }
55 
56  if (cert)
57  {
58  if (SSL_CTX_use_certificate_file(con->ssl_context, cert, SSL_FILETYPE_PEM) != 1)
59  {
60  drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate file");
61  return DRIZZLE_RETURN_SSL_ERROR;
62  }
63 
64  if (!key)
65  key= cert;
66 
67  if (SSL_CTX_use_PrivateKey_file(con->ssl_context, key, SSL_FILETYPE_PEM) != 1)
68  {
69  drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL key file");
70  return DRIZZLE_RETURN_SSL_ERROR;
71  }
72 
73  if (SSL_CTX_check_private_key(con->ssl_context) != 1)
74  {
75  drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Error validating the SSL private key");
76  return DRIZZLE_RETURN_SSL_ERROR;
77  }
78  }
79 
80  con->ssl= SSL_new(con->ssl_context);
81 
82  return DRIZZLE_RETURN_OK;
83 }