Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support reading of cert/private key from memory #54

Merged
merged 1 commit into from
Dec 9, 2019
Merged

Support reading of cert/private key from memory #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/ssl.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,8 @@ external create_context : protocol -> context_type -> context = "ocaml_ssl_creat

external use_certificate : context -> string -> string -> unit = "ocaml_ssl_ctx_use_certificate"

external use_certificate_from_string : context -> string -> string -> unit = "ocaml_ssl_ctx_use_certificate_from_string"

external set_password_callback : context -> (bool -> string) -> unit = "ocaml_ssl_ctx_set_default_passwd_cb"

external embed_socket : Unix.file_descr -> context -> socket = "ocaml_ssl_embed_socket"
Expand Down
2 changes: 2 additions & 0 deletions src/ssl.mli
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,8 @@ val create_context : protocol -> context_type -> context
* name. *)
val use_certificate : context -> string -> string -> unit

val use_certificate_from_string : context -> string -> string -> unit

(** Set the callback function called to get passwords for encrypted PEM files.
* The callback function takes a boolean argument which indicates if it's used
* for reading/decryption ([false]) or writing/encryption ([true]).
Expand Down
36 changes: 36 additions & 0 deletions src/ssl_stubs.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -470,6 +470,42 @@ CAMLprim value ocaml_ssl_ctx_use_certificate(value context, value cert, value pr
CAMLreturn(Val_unit);
}

CAMLprim value ocaml_ssl_ctx_use_certificate_from_string(value context, value cert, value privkey)
{
CAMLparam3(context, cert, privkey);
SSL_CTX *ctx = Ctx_val(context);
char *cert_data = String_val(cert);
int cert_data_length = caml_string_length(cert);
char *privkey_data = String_val(privkey);
int privkey_data_length = caml_string_length(privkey);
char buf[256];
X509 *x509_cert = NULL;
RSA *rsa = NULL;
BIO *cbio, *kbio;

cbio = BIO_new_mem_buf((void*)cert_data, cert_data_length);
x509_cert = PEM_read_bio_X509(cbio, NULL, 0, NULL);
if (NULL == x509_cert || SSL_CTX_use_certificate(ctx, x509_cert) <= 0)
{
ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
caml_raise_with_arg(*caml_named_value("ssl_exn_certificate_error"), caml_copy_string(buf));
}

kbio = BIO_new_mem_buf((void*)privkey_data, privkey_data_length);
rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL);
if (NULL == rsa || SSL_CTX_use_RSAPrivateKey(ctx, rsa) <= 0)
{
ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
caml_raise_with_arg(*caml_named_value("ssl_exn_private_key_error"), caml_copy_string(buf));
}
if (!SSL_CTX_check_private_key(ctx))
{
caml_raise_constant(*caml_named_value("ssl_exn_unmatching_keys"));
}

CAMLreturn(Val_unit);
}

CAMLprim value ocaml_ssl_get_verify_result(value socket)
{
CAMLparam1(socket);
Expand Down