Return TypeFunction nameArguments
hzEcodeInitServerSSL(const char*,const char*,const char*,)

Declared in file: hzIpServer.h
Defined in file : hzIpServer.cpp

Function Logic:

0:START 1:s_SSL_svrRegime 2:Return hzerr(E_INITDUP,SSL Init called already for whole server) 3:!s_svrMeth 4:SSL_library_init sys_rc SSL_load_error_strings OpenSSL_add_ssl_algorithms sys_rc SSLv23_server_method s_svrMeth 5:!s_svrMeth 6:Return hzerr(E_INITFAIL,Failed to allocate SSLv23 Server Method (errno %d)\n,errno) 7:(pvtKey||sslCert||sslCA)&&(!pvtKey||!sslCert||!sslCA) 8:Return hzerr(E_ARGUMENT,Server SSL params incomplete set [PvtKey=%s][Cert=%s][CertCA=%s],pvtKey,sslCert,sslCA) 9:!pvtKey||!sslCert||!sslCA 10:hzMapS::GetObj s_SSL_svrRegime 11:!s_SSL_svrRegime 12:Return hzerr(E_ARGUMENT,Server SSL - No domain SSL regimes found [PvtKey=%s][Cert=%s][CertCA=%s],pvtKey,sslCert,sslCA) 13:Return E_OK 14:s_SSL_svrRegime s_SSL_svrRegime SSL_CTX_new s_SSL_svrRegime 15:!s_SSL_svrRegime->m_svrCTX 16:Return hzerr(E_INITFAIL,Failed to allocate SSL Server Context for % (errno %d)\n,*s_SSL_svrRegime->m_Domain,errno) 17:SSL_CTX_set_tlsext_servername_callback SSL_CTX_use_certificate_file sys_rc 18:sys_rc<=0 19:Return hzerr(E_INITFAIL,No SSL certificate. File %s Returned %d, errno %d,sslCert,sys_rc,errno) 20:SSL_CTX_load_verify_locations sys_rc 21:sys_rc<=0 22:Return hzerr(E_INITFAIL,No SSL CA certificate. File %s Returned %d, errno %d,sslCA,sys_rc,errno) 23:SSL_CTX_use_PrivateKey_file sys_rc 24:sys_rc<=0 25:Return hzerr(E_INITFAIL,No SSL private key. File %s Error %d,pvtKey,sys_rc) 26:SSL_CTX_check_private_key sys_rc 27:!(sys_rc=SSL_CTX_check_private_key(s_SSL_svrRegime->m_svrCTX)) 28:Return hzerr(E_INITFAIL,Private key does not match the certificate public key) 29:Return E_OK

Function body:

hzEcode InitServerSSL (const char* pvtKey, const char* sslCert, const char* sslCA)
{
   _hzfunc("InitServerSSL") ;
   hzString    S ;
   int32_t     sys_rc ;
   if (s_SSL_svrRegime)
       return hzerr(E_INITDUP, "SSL Init called already for whole server") ;
   if (!s_svrMeth)
   {
       sys_rc = SSL_library_init() ;
       threadLog("Returned from SSL_library_init with %d\n", sys_rc) ;
       SSL_load_error_strings();
       sys_rc = OpenSSL_add_ssl_algorithms();
       threadLog("Returned from OpenSSL_add_ssl_algorithms with %d\n", sys_rc) ;
       s_svrMeth = SSLv23_server_method() ;
       if (!s_svrMeth)
           return hzerr(E_INITFAIL, "Failed to allocate SSLv23 Server Method (errno %d)\n", errno) ;
   }
   if ((pvtKey || sslCert || sslCA) && (!pvtKey || !sslCert || !sslCA))
       return hzerr(E_ARGUMENT, "Server SSL params incomplete set [PvtKey=%s][Cert=%s][CertCA=%s]", pvtKey, sslCert, sslCA) ;
   if (!pvtKey || !sslCert || !sslCA)
   {
       s_SSL_svrRegime = s_mapSSLDoms.GetObj(0);
       if (!s_SSL_svrRegime)
           return hzerr(E_ARGUMENT, "Server SSL - No domain SSL regimes found [PvtKey=%s][Cert=%s][CertCA=%s]", pvtKey, sslCert, sslCA) ;
       return E_OK ;
   }
   threadLog("SSL params [PvtKey=%s][Cert=%s][CertCA=%s]\n", pvtKey, sslCert, sslCA) ;
   s_SSL_svrRegime = new _hz_SSL_Regime() ;
   s_SSL_svrRegime->m_Domain = "default" ;
   s_SSL_svrRegime->m_svrCTX = SSL_CTX_new(s_svrMeth) ;
   if (!s_SSL_svrRegime->m_svrCTX)
       return hzerr(E_INITFAIL, "Failed to allocate SSL Server Context for % (errno %d)\n", *s_SSL_svrRegime->m_Domain, errno) ;
   SSL_CTX_set_tlsext_servername_callback(s_SSL_svrRegime->m_svrCTX, &SNI_Callback) ;
   sys_rc = SSL_CTX_use_certificate_file(s_SSL_svrRegime->m_svrCTX, sslCert, SSL_FILETYPE_PEM) ;
   if (sys_rc <&eq; 0)
       return hzerr(E_INITFAIL, "No SSL certificate. File %s Returned %d, errno %d", sslCert, sys_rc, errno) ;
   threadLog("Returned from SSL_CTX_use_certificate_file with %d\n", sys_rc) ;
   sys_rc = SSL_CTX_load_verify_locations(s_SSL_svrRegime->m_svrCTX, sslCA, NULL) ;
   if (sys_rc <&eq; 0)
       return hzerr(E_INITFAIL, "No SSL CA certificate. File %s Returned %d, errno %d", sslCA, sys_rc, errno) ;
   threadLog("Returned from SSL_CTX_load_verify_locations with %d\n", sys_rc) ;
   sys_rc = SSL_CTX_use_PrivateKey_file(s_SSL_svrRegime->m_svrCTX, pvtKey, SSL_FILETYPE_PEM) ;
   if (sys_rc <&eq; 0)
       return hzerr(E_INITFAIL, "No SSL private key. File %s Error %d", pvtKey, sys_rc) ;
   threadLog("Returned from SSL_CTX_use_PrivateKey_file with %d\n", sys_rc) ;
   if (!(sys_rc = SSL_CTX_check_private_key(s_SSL_svrRegime->m_svrCTX)))
       return hzerr(E_INITFAIL, "Private key does not match the certificate public key") ;
   threadLog("Returned from SSL_CTX_check_private_key with %d\n", sys_rc) ;
   return E_OK ;
}