in adapters/httpapi_curl.c [375:497]
static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
{
CURLcode result;
if (
(curl == NULL) ||
(ssl_ctx == NULL) ||
(userptr == NULL)
)
{
LogError("unexpected parameter CURL *curl=%p, void *ssl_ctx=%p, void *userptr=%p", curl, ssl_ctx, userptr);
result = CURLE_SSL_CERTPROBLEM;
}
else
{
HTTP_HANDLE_DATA *httpHandleData = (HTTP_HANDLE_DATA *)userptr;
#ifdef USE_OPENSSL
/*trying to set the x509 per device certificate*/
#ifndef OPENSSL_NO_ENGINE
if (httpHandleData->x509privatekeytype == KEY_TYPE_ENGINE) {
ENGINE_load_builtin_engines();
httpHandleData->engine = ENGINE_by_id(httpHandleData->engineId);
}
if (httpHandleData->x509privatekeytype == KEY_TYPE_ENGINE && httpHandleData->engine == NULL)
{
LogError("unable to load engine by ID: %s", httpHandleData->engineId);
result = CURLE_SSL_CERTPROBLEM;
}
else if (
(httpHandleData->x509certificate != NULL) && (httpHandleData->x509privatekey != NULL) &&
(x509_openssl_add_credentials(ssl_ctx, httpHandleData->x509certificate, httpHandleData->x509privatekey, httpHandleData->x509privatekeytype, httpHandleData->engine) != 0)
)
#else // OPENSSL_NO_ENGINE
if (
(httpHandleData->x509certificate != NULL) && (httpHandleData->x509privatekey != NULL) &&
(x509_openssl_add_credentials(ssl_ctx, httpHandleData->x509certificate, httpHandleData->x509privatekey, httpHandleData->x509privatekeytype) != 0)
)
#endif // OPENSSL_NO_ENGINE
{
LogError("unable to x509_openssl_add_credentials");
result = CURLE_SSL_CERTPROBLEM;
#ifndef OPENSSL_NO_ENGINE
ENGINE_free(httpHandleData->engine);
httpHandleData->engine = NULL;
#endif // OPENSSL_NO_ENGINE
}
/*trying to set CA certificates*/
else if (
(httpHandleData->certificates != NULL) &&
(x509_openssl_add_certificates(ssl_ctx, httpHandleData->certificates) != 0)
)
{
LogError("failure in x509_openssl_add_certificates");
result = CURLE_SSL_CERTPROBLEM;
#ifndef OPENSSL_NO_ENGINE
ENGINE_free(httpHandleData->engine);
httpHandleData->engine = NULL;
#endif // OPENSSL_NO_ENGINE
}
#elif USE_WOLFSSL
if (
(httpHandleData->x509certificate != NULL) &&
(httpHandleData->x509privatekey != NULL) &&
(
((wolfSSL_CTX_use_certificate_chain_buffer(ssl_ctx, (unsigned char*)httpHandleData->x509certificate, strlen(httpHandleData->x509certificate)) != SSL_SUCCESS)) ||
((wolfSSL_CTX_use_PrivateKey_buffer(ssl_ctx, (unsigned char*)httpHandleData->x509privatekey, strlen(httpHandleData->x509privatekey), SSL_FILETYPE_PEM) != SSL_SUCCESS))
)
)
{
LogError("unable to add x509 certs to wolfssl");
result = CURLE_SSL_CERTPROBLEM;
}
else if (
(httpHandleData->certificates != NULL) &&
(wolfSSL_CTX_load_verify_buffer(ssl_ctx, (const unsigned char*)httpHandleData->certificates, strlen(httpHandleData->certificates), SSL_FILETYPE_PEM) != SSL_SUCCESS)
)
{
LogError("failure in adding trusted certificate to client");
result = CURLE_SSL_CERTPROBLEM;
}
#elif USE_MBEDTLS
// set device cert and key
if (
(httpHandleData->x509certificate != NULL) && (httpHandleData->x509privatekey != NULL) &&
!(
(mbedtls_x509_crt_parse(&httpHandleData->cert, (const unsigned char *)httpHandleData->x509certificate, (int)(strlen(httpHandleData->x509certificate) + 1)) == 0) &&
(parse_key(httpHandleData->x509privatekey, &httpHandleData->key) == 0) &&
(mbedtls_ssl_conf_own_cert(ssl_ctx, &httpHandleData->cert, &httpHandleData->key) == 0)
)
)
{
LogError("unable to set x509 credentials");
result = CURLE_SSL_CERTPROBLEM;
}
// set CA
else if (httpHandleData->certificates != NULL)
{
if (mbedtls_x509_crt_parse(&httpHandleData->trusted_certificates, (const unsigned char *)httpHandleData->certificates, (int)(strlen(httpHandleData->certificates) + 1)) != 0)
{
LogError("unable to set trusted certificate");
result = CURLE_SSL_CERTPROBLEM;
}
else
{
mbedtls_ssl_conf_ca_chain(ssl_ctx, &httpHandleData->trusted_certificates, NULL);
result = CURLE_OK;
}
}
#else
if (httpHandleData->x509certificate != NULL || httpHandleData->x509privatekey != NULL)
{
LogError("Failure no platform is enabled to handle certificates");
result = CURLE_SSL_CERTPROBLEM;
}
#endif
else
{
result = CURLE_OK;
}
}
return result;
}