in platform/posix/transport/src/openssl_posix.c [72:202]
static void logPath( const char * path,
const char * fileType );
#endif /* #if ( LIBRARY_LOG_LEVEL == LOG_DEBUG ) */
/**
* @brief Add X509 certificate to the trusted list of root certificates.
*
* OpenSSL does not provide a single function for reading and loading
* certificates from files into stores, so the file API must be called. Start
* with the root certificate.
*
* @param[out] pSslContext SSL context to which the trusted server root CA is to
* be added.
* @param[in] pRootCaPath Filepath string to the trusted server root CA.
*
* @return 1 on success; -1, 0 on failure.
*/
static int32_t setRootCa( const SSL_CTX * pSslContext,
const char * pRootCaPath );
/**
* @brief Set X509 certificate as client certificate for the server to
* authenticate.
*
* @param[out] pSslContext SSL context to which the client certificate is to be
* set.
* @param[in] pClientCertPath Filepath string to the client certificate.
*
* @return 1 on success; 0 failure.
*/
static int32_t setClientCertificate( SSL_CTX * pSslContext,
const char * pClientCertPath );
/**
* @brief Set private key for the client's certificate.
*
* @param[out] pSslContext SSL context to which the private key is to be added.
* @param[in] pPrivateKeyPath Filepath string to the client private key.
*
* @return 1 on success; 0 on failure.
*/
static int32_t setPrivateKey( SSL_CTX * pSslContext,
const char * pPrivateKeyPath );
/**
* @brief Passes TLS credentials to the OpenSSL library.
*
* Provides the root CA certificate, client certificate, and private key to the
* OpenSSL library. If the client certificate or private key is not NULL, mutual
* authentication is used when performing the TLS handshake.
*
* @param[out] pSslContext SSL context to which the credentials are to be
* imported.
* @param[in] pOpensslCredentials TLS credentials to be imported.
*
* @return 1 on success; -1, 0 on failure.
*/
static int32_t setCredentials( SSL_CTX * pSslContext,
const OpensslCredentials_t * pOpensslCredentials );
/**
* @brief Set optional configurations for the TLS connection.
*
* This function is used to set SNI, MFLN, and ALPN protocols.
*
* @param[in] pSsl SSL context to which the optional configurations are to be
* set.
* @param[in] pOpensslCredentials TLS credentials containing configurations.
*/
static void setOptionalConfigurations( SSL * pSsl,
const OpensslCredentials_t * pOpensslCredentials );
/**
* @brief Converts the sockets wrapper status to openssl status.
*
* @param[in] socketStatus Sockets wrapper status.
*
* @return #OPENSSL_SUCCESS, #OPENSSL_INVALID_PARAMETER, #OPENSSL_DNS_FAILURE,
* and #OPENSSL_CONNECT_FAILURE.
*/
static OpensslStatus_t convertToOpensslStatus( SocketStatus_t socketStatus );
/**
* @brief Establish TLS session by performing handshake with the server.
*
* @param[in] pServerInfo Server connection info.
* @param[in] pOpensslParams Parameters to perform the TLS handshake.
* @param[in] pOpensslCredentials TLS credentials containing configurations.
*
* @return #OPENSSL_SUCCESS, #OPENSSL_API_ERROR, and #OPENSSL_HANDSHAKE_FAILED.
*/
static OpensslStatus_t tlsHandshake( const ServerInfo_t * pServerInfo,
OpensslParams_t * pOpensslParams,
const OpensslCredentials_t * pOpensslCredentials );
/**
* @brief Check if the network context is valid.
*
* @param[in] pNetworkContext The network context created using Openssl_Connect API.
*
* @return 1 on success; 0 on failure.
*/
static int32_t isValidNetworkContext( const NetworkContext_t * pNetworkContext );
/*-----------------------------------------------------------*/
#if ( LIBRARY_LOG_LEVEL == LOG_DEBUG )
static void logPath( const char * path,
const char * fileType )
{
char * cwd = NULL;
assert( path != NULL );
assert( fileType != NULL );
/* Unused parameter when logs are disabled. */
( void ) fileType;
/* Log the absolute directory based on first character of path. */
if( ( path[ 0 ] == '/' ) || ( path[ 0 ] == '\\' ) )
{
LogDebug( ( "Attempting to open %s: Path=%s.", fileType, path ) );
}
else
{
cwd = getcwd( NULL, 0 );
LogDebug( ( "Attempting to open %s: Path=%s/%s.", fileType, cwd, path ) );
}
/* Free cwd because getcwd calls malloc. */
free( cwd );
}