OpenSSLWrapper

class OpenSSLWrapper

Provides an interface wrapper around the OpenSSL library, to ensure that the library is properly initialized in the application, and to provide some hooks into global OpenSSL context data.

Inheritance diagram

Inheritance diagram of OpenSSLWrapper

void clear_certificates(void)

Removes all the certificates from the global store, including the compiled- in certificates loaded from ca_bundle_data.c. You can add new certificates by calling load_certificates().

static OpenSSLWrapper *get_global_ptr(void)
X509_STORE *get_x509_store(void)

Returns the global X509_STORE object.

It has to be a global object, because OpenSSL seems to store some global pointers associated with this object whether you want it to or not, and keeping independent copies of a local X509_STORE object doesn’t seem to work that well. So, we have one store that keeps all certificates the application might need.

int load_certificates(Filename const &filename)

Reads the PEM-formatted certificate(s) (delimited by —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–) from the indicated file and adds them to the global store object, retrieved via get_x509_store().

Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

int load_certificates_from_der_ram(char const *data, std::size_t data_size)
int load_certificates_from_der_ram(std::string const &data)

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be DER- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

int load_certificates_from_pem_ram(char const *data, std::size_t data_size)
int load_certificates_from_pem_ram(std::string const &data)

Reads a chain of trusted certificates from the indicated data buffer and adds them to the X509_STORE object. The data buffer should be PEM- formatted. Returns the number of certificates read on success, or 0 on failure.

You should call this only with trusted, locally-stored certificates; not with certificates received from an untrusted source.

void notify_debug_ssl_errors(void)

As notify_ssl_errors(), but sends the output to debug instead of warning.

void notify_ssl_errors(void)

A convenience function that is itself a wrapper around the OpenSSL convenience function to output the recent OpenSSL errors. This function sends the error string to express_cat.warning(). If REPORT_OPENSSL_ERRORS is not defined, the function does nothing.