Panda3D
Public Member Functions | Static Public Member Functions | List of all members
OpenSSLWrapper Class Reference

Provides an interface wrapper around the OpenSSL library, to ensure that the library is properly initialized in the application, and to provide some hooks into global OpenSSL context data. More...

Public Member Functions

 clearCertificates ()
 Removes all the certificates from the global store, including the compiled- in certificates loaded from ca_bundle_data.c. More...
 
X509STORE getX509Store ()
 Returns the global X509_STORE object. More...
 
int loadCertificates (const Filename filename)
 Reads the PEM-formatted certificate(s) (delimited by --—BEGIN CERTIFICATE--— and --—END CERTIFICATE--—) from the indicated file and adds them to the global store object, retrieved via get_x509_store(). More...
 
int loadCertificatesFromDerRam (str data, int data_size)
 Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. More...
 
int loadCertificatesFromDerRam (str data)
 Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. More...
 
int loadCertificatesFromPemRam (str data, int data_size)
 Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. More...
 
int loadCertificatesFromPemRam (str data)
 Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. More...
 
 notifyDebugSslErrors ()
 As notify_ssl_errors(), but sends the output to debug instead of warning. More...
 
 notifySslErrors ()
 A convenience function that is itself a wrapper around the OpenSSL convenience function to output the recent OpenSSL errors. More...
 

Static Public Member Functions

static OpenSSLWrapper getGlobalPtr ()
 

Detailed Description

Provides an interface wrapper around the OpenSSL library, to ensure that the library is properly initialized in the application, and to provide some hooks into global OpenSSL context data.

Member Function Documentation

◆ clearCertificates()

clearCertificates ( )

Removes all the certificates from the global store, including the compiled- in certificates loaded from ca_bundle_data.c.

You can add new certificates by calling load_certificates().

◆ getGlobalPtr()

static OpenSSLWrapper getGlobalPtr ( )
static

◆ getX509Store()

X509STORE getX509Store ( )

Returns the global X509_STORE object.

It has to be a global object, because OpenSSL seems to store some global pointers associated with this object whether you want it to or not, and keeping independent copies of a local X509_STORE object doesn't seem to work that well. So, we have one store that keeps all certificates the application might need.

◆ loadCertificates()

int loadCertificates ( const Filename  filename)

Reads the PEM-formatted certificate(s) (delimited by --—BEGIN CERTIFICATE--— and --—END CERTIFICATE--—) from the indicated file and adds them to the global store object, retrieved via get_x509_store().

Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

◆ loadCertificatesFromDerRam() [1/2]

int loadCertificatesFromDerRam ( str  data,
int  data_size 
)

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object.

The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

◆ loadCertificatesFromDerRam() [2/2]

int loadCertificatesFromDerRam ( str  data)

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object.

The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

◆ loadCertificatesFromPemRam() [1/2]

int loadCertificatesFromPemRam ( str  data,
int  data_size 
)

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object.

The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

◆ loadCertificatesFromPemRam() [2/2]

int loadCertificatesFromPemRam ( str  data)

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object.

The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

◆ notifyDebugSslErrors()

notifyDebugSslErrors ( )

As notify_ssl_errors(), but sends the output to debug instead of warning.

◆ notifySslErrors()

notifySslErrors ( )

A convenience function that is itself a wrapper around the OpenSSL convenience function to output the recent OpenSSL errors.

This function sends the error string to express_cat.warning(). If REPORT_OPENSSL_ERRORS is not defined, the function does nothing.