19 #include "ca_bundle_data_src.c" 21 OpenSSLWrapper *OpenSSLWrapper::_global_ptr =
nullptr;
34 OpenSSL_add_all_algorithms();
36 _x509_store = X509_STORE_new();
37 X509_STORE_set_default_paths(_x509_store);
41 load_certificates_from_der_ram((
const char *)ca_bundle_data, ca_bundle_data_len);
45 (
"ca-bundle-filename",
"",
46 PRC_DESC(
"This names the certificate authority file for OpenSSL " 47 "to use to verify whether SSL certificates are trusted or not. " 48 "The file named by this setting should contain one or more " 49 "PEM-formatted certificates from trusted certificate " 50 "authorities. This is a fairly standard file; a copy of " 51 "ca-bundle.crt is included in the OpenSSL distribution, and " 52 "is also included with Panda."));
54 if (!ca_bundle_filename.empty()) {
55 load_certificates(ca_bundle_filename);
60 PRC_DESC(
"This variable lists additional filenames, on top of the file " 61 "named by ca-bundle-filename, that contain trusted SSL " 62 "certificates or certificate authorities."));
64 int num_certs = ssl_certificates.get_num_unique_values();
65 for (
int ci = 0; ci < num_certs; ci++) {
66 std::string cert_file = ssl_certificates.get_unique_value(ci);
68 load_certificates(filename);
78 X509_STORE_free(_x509_store);
87 clear_certificates() {
89 X509_STORE_free(_x509_store);
90 _x509_store = X509_STORE_new();
107 load_certificates(
const Filename &filename) {
112 if (!vfs->read_file(filename, data,
true)) {
115 <<
"Could not read " << filename <<
".\n";
119 int result = load_certificates_from_pem_ram(data.data(), data.size());
123 <<
"Could not load certificates from " << filename <<
".\n";
128 if (express_cat.is_debug()) {
130 <<
"Appending " << result <<
" SSL certificates from " 147 load_certificates_from_pem_ram(
const char *data,
size_t data_size) {
148 STACK_OF(X509_INFO) *inf;
152 BIO *mbio = BIO_new_mem_buf((
void *)data, data_size);
157 inf = PEM_X509_INFO_read_bio(mbio,
nullptr,
nullptr,
nullptr);
163 <<
"PEM_X509_INFO_read_bio() returned NULL.\n";
168 if (express_cat.is_spam()) {
170 <<
"PEM_X509_INFO_read_bio() found " << sk_X509_INFO_num(inf)
177 int num_entries = sk_X509_INFO_num(inf);
178 for (
int i = 0; i < num_entries; i++) {
179 X509_INFO *itmp = sk_X509_INFO_value(inf, i);
182 int result = X509_STORE_add_cert(_x509_store, itmp->x509);
184 notify_debug_ssl_errors();
189 if (express_cat.is_spam()) {
191 <<
"Entry " << i <<
" is x509\n";
194 }
else if (itmp->crl) {
195 int result = X509_STORE_add_crl(_x509_store, itmp->crl);
197 notify_debug_ssl_errors();
202 if (express_cat.is_spam()) {
204 <<
"Entry " << i <<
" is crl\n";
207 }
else if (itmp->x_pkey) {
208 if (express_cat.is_spam()) {
210 <<
"Entry " << i <<
" is pkey\n";
214 if (express_cat.is_spam()) {
216 <<
"Entry " << i <<
" is unknown type\n";
220 sk_X509_INFO_pop_free(inf, X509_INFO_free);
222 if (express_cat.is_spam()) {
224 <<
"successfully loaded " << count <<
" entries.\n";
240 load_certificates_from_der_ram(
const char *data,
size_t data_size) {
241 if (express_cat.is_spam()) {
243 <<
"load_certificates_from_der_ram(" << (
void *)data
244 <<
", " << data_size <<
")\n";
249 #if OPENSSL_VERSION_NUMBER >= 0x00908000L 251 const unsigned char *bp, *bp_end;
254 unsigned char *bp, *bp_end;
257 bp = (
unsigned char *)data;
258 bp_end = bp + data_size;
259 while (bp < bp_end) {
260 X509 *x509 = d2i_X509(
nullptr, &bp, bp_end - bp);
261 if (x509 ==
nullptr) {
266 int result = X509_STORE_add_cert(_x509_store, x509);
268 notify_debug_ssl_errors();
275 if (express_cat.is_spam()) {
277 <<
"loaded " << count <<
" certificates\n";
292 X509_STORE *OpenSSLWrapper::
303 void OpenSSLWrapper::
304 notify_ssl_errors() {
305 #ifdef REPORT_OPENSSL_ERRORS 306 static bool strings_loaded =
false;
307 if (!strings_loaded) {
308 SSL_load_error_strings();
309 strings_loaded =
true;
312 unsigned long e = ERR_get_error();
314 static const size_t buffer_len = 256;
315 char buffer[buffer_len];
316 ERR_error_string_n(e, buffer, buffer_len);
317 express_cat.warning() << buffer <<
"\n";
320 #endif // REPORT_OPENSSL_ERRORS 326 void OpenSSLWrapper::
327 notify_debug_ssl_errors() {
328 #ifdef REPORT_OPENSSL_ERRORS 329 static bool strings_loaded =
false;
330 if (!strings_loaded) {
331 SSL_load_error_strings();
332 strings_loaded =
true;
335 unsigned long e = ERR_get_error();
337 if (express_cat.is_debug()) {
338 static const size_t buffer_len = 256;
339 char buffer[buffer_len];
340 ERR_error_string_n(e, buffer, buffer_len);
341 express_cat.debug() << buffer <<
"\n";
345 #endif // REPORT_OPENSSL_ERRORS 351 OpenSSLWrapper *OpenSSLWrapper::
353 if (_global_ptr ==
nullptr) {
354 _global_ptr =
new OpenSSLWrapper;
359 #endif // HAVE_OPENSSL This is a convenience class to specialize ConfigVariable as a Filename type.
A hierarchy of directories and files that appears to be one continuous file system, even though the files may originate from several different sources that may not be related to the actual OS's file system.
static Filename expand_from(const std::string &user_string, Type type=T_general)
Returns the same thing as from_os_specific(), but embedded environment variable references (e...
This class is similar to ConfigVariable, but it reports its value as a list of strings.
The name of a file, such as a texture file or an Egg file.
static VirtualFileSystem * get_global_ptr()
Returns the default global VirtualFileSystem.
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.