Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
  • 1 commit
  • 3 files changed
  • 0 comments
  • 1 contributor
24  ext/ssl.cpp
@@ -155,18 +155,34 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
155 155
 	SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
156 156
 #endif
157 157
 
  158
+  /* convert the private_key and certificate strings into structs */
  159
+  BIO      *bio;
  160
+  X509     *certificate;
  161
+  EVP_PKEY *private_key;
  162
+
  163
+  bio = BIO_new(BIO_s_mem());
  164
+
  165
+  BIO_write(bio, certchainfile.c_str(), certchainfile.length());
  166
+  certificate = PEM_read_bio_X509(bio,NULL,0,NULL);
  167
+  assert(certificate);
  168
+
  169
+  BIO_write(bio, privkeyfile.c_str(), privkeyfile.length());
  170
+  private_key = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
  171
+  assert(private_key);
  172
+
  173
+
158 174
 	if (is_server) {
159 175
 		// The SSL_CTX calls here do NOT allocate memory.
160 176
 		int e;
161 177
 		if (privkeyfile.length() > 0)
162  
-			e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
  178
+			e = SSL_CTX_use_PrivateKey (pCtx, private_key);
163 179
 		else
164 180
 			e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
165 181
 		if (e <= 0) ERR_print_errors_fp(stderr);
166 182
 		assert (e > 0);
167 183
 
168 184
 		if (certchainfile.length() > 0)
169  
-			e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
  185
+			e = SSL_CTX_use_certificate (pCtx, certificate);
170 186
 		else
171 187
 			e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
172 188
 		if (e <= 0) ERR_print_errors_fp(stderr);
@@ -182,12 +198,12 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
182 198
 	else {
183 199
 		int e;
184 200
 		if (privkeyfile.length() > 0) {
185  
-			e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
  201
+			e = SSL_CTX_use_PrivateKey (pCtx, private_key);
186 202
 			if (e <= 0) ERR_print_errors_fp(stderr);
187 203
 			assert (e > 0);
188 204
 		}
189 205
 		if (certchainfile.length() > 0) {
190  
-			e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
  206
+			e = SSL_CTX_use_certificate (pCtx, certificate);
191 207
 			if (e <= 0) ERR_print_errors_fp(stderr);
192 208
 			assert (e > 0);
193 209
 		}
22  lib/em/connection.rb
... ...
@@ -1,5 +1,5 @@
1 1
 module EventMachine
2  
-  class FileNotFoundException < Exception
  2
+  class FileNotFoundException < Errno::ENOENT
3 3
   end
4 4
 
5 5
   # EventMachine::Connection is a class that is instantiated
@@ -404,15 +404,21 @@ def connection_completed
404 404
     #
405 405
     # @see #ssl_verify_peer
406 406
     def start_tls args={}
407  
-      priv_key, cert_chain, verify_peer = args.values_at(:private_key_file, :cert_chain_file, :verify_peer)
408  
-
409  
-      [priv_key, cert_chain].each do |file|
410  
-        next if file.nil? or file.empty?
411  
-        raise FileNotFoundException,
412  
-        "Could not find #{file} for start_tls" unless File.exists? file
  407
+      verify_peer  = args[:verify_peer]
  408
+
  409
+      begin
  410
+        priv_key     = args[:private_key]
  411
+        priv_key   ||= args[:private_key_file] ? File.open(args[:private_key_file]) : StringIO.new
  412
+
  413
+        cert_chain   = args[:cert_chain]
  414
+        cert_chain ||= args[:cert_chain_file] ? File.open(args[:cert_chain_file]) : StringIO.new
  415
+      rescue Errno::ENOENT => e
  416
+        # re-raise with the custom exception.
  417
+        # shim for maintaining backwards compatibility.
  418
+        raise FileNotFoundException, e.message
413 419
       end
414 420
 
415  
-      EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer)
  421
+      EventMachine::set_tls_parms(@signature, priv_key.read, cert_chain.read, verify_peer)
416 422
       EventMachine::start_tls @signature
417 423
     end
418 424
 
34  tests/test_ssl_args.rb
@@ -36,43 +36,45 @@ class <<self
36 36
 class TestSslArgs < Test::Unit::TestCase
37 37
   def setup
38 38
     EM._set_mocks
  39
+    # associate_callback_target is a pain! (build!)
  40
+    @conn = EM::Connection.new('foo')
39 41
   end
40  
-  
  42
+
41 43
   def teardown
42 44
     EM._clear_mocks
43 45
   end
44  
-  
  46
+
45 47
   def test_tls_params_file_doesnt_exist
46 48
     priv_file, cert_file = 'foo_priv_key', 'bar_cert_file'
47 49
     [priv_file, cert_file].all? do |f|
48 50
       assert(!File.exists?(f), "Cert file #{f} seems to exist, and should not for the tests")
49 51
     end
50  
-    
51  
-    # associate_callback_target is a pain! (build!)
52  
-    conn = EM::Connection.new('foo')
53  
-    
54 52
     assert_raises(EM::FileNotFoundException) do
55  
-      conn.start_tls(:private_key_file => priv_file)
  53
+      @conn.start_tls(:private_key_file => priv_file)
56 54
     end
57 55
     assert_raises(EM::FileNotFoundException) do
58  
-      conn.start_tls(:cert_chain_file => cert_file)
  56
+      @conn.start_tls(:cert_chain_file => cert_file)
59 57
     end
60 58
     assert_raises(EM::FileNotFoundException) do
61  
-      conn.start_tls(:private_key_file => priv_file, :cert_chain_file => cert_file)
  59
+      @conn.start_tls(:private_key_file => priv_file, :cert_chain_file => cert_file)
62 60
     end
63 61
   end
64  
-  
  62
+
65 63
   def test_tls_params_file_does_exist
66 64
     priv_file = Tempfile.new('em_test')
67 65
     cert_file = Tempfile.new('em_test')
68  
-    priv_file_path = priv_file.path
69  
-    cert_file_path = cert_file.path
70  
-    conn = EM::Connection.new('foo')
71  
-    params = {:private_key_file => priv_file_path, :cert_chain_file => cert_file_path}
  66
+
  67
+    params = {:private_key_file => priv_file.path, :cert_chain_file => cert_file.path}
72 68
     begin
73  
-      conn.start_tls params
  69
+      @conn.start_tls params
74 70
     rescue Object
75 71
       assert(false, 'should not have raised an exception')
76 72
     end
77 73
   end
78  
-end if EM.ssl?
  74
+
  75
+  def test_tls_params_can_be_strings_if_they_respond_to_read
  76
+    @conn.start_tls :cert_chain => File.open("./tests/client.crt"), :private_key => File.open("./tests/client.key")
  77
+    @conn.start_tls :cert_chain => StringIO.new("CERTIFICATE"), :private_key => StringIO.new("PRIVATE_KEY")
  78
+  end
  79
+
  80
+end if EM.ssl?

No commit comments for this range

Something went wrong with that request. Please try again.