Return TypeFunction nameArguments
hzEcodeInitDomainSSL(const char*,const char*,const char*,const char*,)

Declared in file: hzIpServer.h
Defined in file : hzIpServer.cpp

Function Logic:

0:START 1:!pvtKey||!sslCert||!sslCA||!domain 2:Return hzerr(E_ARGUMENT,Domain %s: SSL params missing [PvtKey=%s][Cert=%s][CertCA=%s],domain,pvtKey,sslCert,sslCA) 3:!s_svrMeth 4:SSL_library_init sys_rc SSL_load_error_strings OpenSSL_add_ssl_algorithms sys_rc SSLv23_server_method s_svrMeth 5:!s_svrMeth 6:Return hzerr(E_INITFAIL,Failed to allocate SSLv23 Server Method (errno %d)\n,errno) 7:S hzMapS::Exists 8:s_mapSSLDoms.Exists(S) 9:Return hzerr(E_INITDUP,SSL Init called already for domain %s,domain) 10:pSSL_Regime pSSL_Regime hzMapS::Insert SSL_CTX_new pSSL_Regime 11:!pSSL_Regime->m_svrCTX 12:Return hzerr(E_INITFAIL,Failed to allocate SSL Server Context for % (errno %d)\n,*pSSL_Regime->m_Domain,errno) 13:SSL_CTX_set_tlsext_servername_callback SSL_CTX_use_certificate_file sys_rc 14:sys_rc<=0 15:Return hzerr(E_INITFAIL,No SSL certificate. File %s Returned %d, errno %d,sslCert,sys_rc,errno) 16:SSL_CTX_load_verify_locations sys_rc 17:sys_rc<=0 18:Return hzerr(E_INITFAIL,No SSL CA certificate. File %s Returned %d, errno %d,sslCA,sys_rc,errno) 19:SSL_CTX_use_PrivateKey_file sys_rc 20:sys_rc<=0 21:Return hzerr(E_INITFAIL,No SSL private key. File %s Error %d,pvtKey,sys_rc) 22:SSL_CTX_check_private_key sys_rc 23:!(sys_rc=SSL_CTX_check_private_key(pSSL_Regime->m_svrCTX)) 24:Return hzerr(E_INITFAIL,Private key does not match the certificate public key) 25:Return E_OK

Function body:

hzEcode InitDomainSSL (const char* pvtKey, const char* sslCert, const char* sslCA, const char* domain)
{
   _hzfunc("InitDomainSSL") ;
   _hz_SSL_Regime* pSSL_Regime ;
   hzString        S ;
   int32_t         sys_rc ;
   if (!pvtKey || !sslCert || !sslCA || !domain)
       return hzerr(E_ARGUMENT, "Domain %s: SSL params missing [PvtKey=%s][Cert=%s][CertCA=%s]", domain, pvtKey, sslCert, sslCA) ;
   threadLog("Domain %s: SSL params [PvtKey=%s][Cert=%s][CertCA=%s]\n", domain, pvtKey, sslCert, sslCA) ;
   if (!s_svrMeth)
   {
       sys_rc = SSL_library_init() ;
       threadLog("Returned from SSL_library_init with %d\n", sys_rc) ;
       SSL_load_error_strings();
       sys_rc = OpenSSL_add_ssl_algorithms();
       threadLog("Returned from OpenSSL_add_ssl_algorithms with %d\n", sys_rc) ;
       s_svrMeth = SSLv23_server_method() ;
       if (!s_svrMeth)
           return hzerr(E_INITFAIL, "Failed to allocate SSLv23 Server Method (errno %d)\n", errno) ;
   }
   S = domain ;
   if (s_mapSSLDoms.Exists(S))
       return hzerr(E_INITDUP, "SSL Init called already for domain %s", domain) ;
   pSSL_Regime = new _hz_SSL_Regime() ;
   pSSL_Regime->m_Domain = S ;
   s_mapSSLDoms.Insert(S, pSSL_Regime) ;
   pSSL_Regime->m_svrCTX = SSL_CTX_new(s_svrMeth) ;
   if (!pSSL_Regime->m_svrCTX)
       return hzerr(E_INITFAIL, "Failed to allocate SSL Server Context for % (errno %d)\n", *pSSL_Regime->m_Domain, errno) ;
   SSL_CTX_set_tlsext_servername_callback(pSSL_Regime->m_svrCTX, &SNI_Callback) ;
   sys_rc = SSL_CTX_use_certificate_file(pSSL_Regime->m_svrCTX, sslCert, SSL_FILETYPE_PEM) ;
   if (sys_rc <&eq; 0)
       return hzerr(E_INITFAIL, "No SSL certificate. File %s Returned %d, errno %d", sslCert, sys_rc, errno) ;
   threadLog("Returned from SSL_CTX_use_certificate_file with %d\n", sys_rc) ;
   sys_rc = SSL_CTX_load_verify_locations(pSSL_Regime->m_svrCTX, sslCA, NULL) ;
   if (sys_rc <&eq; 0)
       return hzerr(E_INITFAIL, "No SSL CA certificate. File %s Returned %d, errno %d", sslCA, sys_rc, errno) ;
   threadLog("Returned from SSL_CTX_load_verify_locations with %d\n", sys_rc) ;
   sys_rc = SSL_CTX_use_PrivateKey_file(pSSL_Regime->m_svrCTX, pvtKey, SSL_FILETYPE_PEM) ;
   if (sys_rc <&eq; 0)
       return hzerr(E_INITFAIL, "No SSL private key. File %s Error %d", pvtKey, sys_rc) ;
   threadLog("Returned from SSL_CTX_use_PrivateKey_file with %d\n", sys_rc) ;
   if (!(sys_rc = SSL_CTX_check_private_key(pSSL_Regime->m_svrCTX)))
       return hzerr(E_INITFAIL, "Private key does not match the certificate public key") ;
   threadLog("Returned from SSL_CTX_check_private_key with %d\n", sys_rc) ;
   return E_OK ;
}