Prepare the SSL context ************************/
| 359 | |
| 360 | /************* Prepare the SSL context ************************/ |
| 361 | enum tls_init_status TLS_init_context(void) |
| 362 | { |
| 363 | sip_trp_ssl_ctx = instantiate_ssl_context("generic"); |
| 364 | |
| 365 | if (sip_trp_ssl_ctx == nullptr) { |
| 366 | ERROR("TLS_init_context: SSL_CTX_new with TLS_method failed for generic context"); |
| 367 | return TLS_INIT_ERROR; |
| 368 | } |
| 369 | |
| 370 | sip_trp_ssl_ctx_client = instantiate_ssl_context("client"); |
| 371 | |
| 372 | if (sip_trp_ssl_ctx_client == nullptr) { |
| 373 | ERROR("TLS_init_context: SSL_CTX_new with TLS_method failed for client context"); |
| 374 | return TLS_INIT_ERROR; |
| 375 | } |
| 376 | |
| 377 | bool got_ca_file = strlen(tls_ca_name) != 0; |
| 378 | bool got_crl_file = strlen(tls_crl_name) != 0; |
| 379 | |
| 380 | /* Load the trusted CA's */ |
| 381 | if (got_ca_file) { |
| 382 | SSL_CTX_load_verify_locations(sip_trp_ssl_ctx, tls_ca_name, nullptr); |
| 383 | SSL_CTX_load_verify_locations(sip_trp_ssl_ctx_client, tls_ca_name, nullptr); |
| 384 | } |
| 385 | |
| 386 | /* TLS Verification only makes sense if an CA is specified or |
| 387 | * we require CRL validation. */ |
| 388 | if (got_ca_file || got_crl_file) { |
| 389 | if (got_crl_file) { |
| 390 | if (sip_tls_load_crls(sip_trp_ssl_ctx, tls_crl_name) == -1) { |
| 391 | ERROR("TLS_init_context: Unable to load CRL file (%s)", tls_crl_name); |
| 392 | return TLS_INIT_ERROR; |
| 393 | } |
| 394 | |
| 395 | if (sip_tls_load_crls(sip_trp_ssl_ctx_client, tls_crl_name) == -1) { |
| 396 | ERROR("TLS_init_context: Unable to load CRL (client) file (%s)", |
| 397 | tls_crl_name); |
| 398 | return TLS_INIT_ERROR; |
| 399 | } |
| 400 | } |
| 401 | /* The following call forces to process the certificates with |
| 402 | * the initialised SSL_CTX */ |
| 403 | SSL_CTX_set_verify(sip_trp_ssl_ctx, |
| 404 | SSL_VERIFY_PEER | |
| 405 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, |
| 406 | sip_tls_verify_callback); |
| 407 | |
| 408 | SSL_CTX_set_verify(sip_trp_ssl_ctx_client, |
| 409 | SSL_VERIFY_PEER | |
| 410 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, |
| 411 | sip_tls_verify_callback); |
| 412 | } |
| 413 | |
| 414 | |
| 415 | /* Selection Cipher suits - load the application specified ciphers */ |
| 416 | SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx, |
| 417 | (void *)CALL_BACK_USER_DATA); |
| 418 | SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx_client, |
no test coverage detected