[Opalvoip-svn] SF.net SVN: opalvoip:[34886] ptlib/trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 34886
          http://sourceforge.net/p/opalvoip/code/34886
Author:   rjongbloed
Date:     2016-07-28 10:00:20 +0000 (Thu, 28 Jul 2016)
Log Message:
-----------
Added ability to set separate certificate and private key files, as well as certificate authority for two way validation, to PSecureHTTPServiceProcess.

Modified Paths:
--------------
    ptlib/trunk/include/ptclib/shttpsvc.h
    ptlib/trunk/src/ptclib/shttpsvc.cxx

Modified: ptlib/trunk/include/ptclib/shttpsvc.h
===================================================================

--- ptlib/trunk/include/ptclib/shttpsvc.h	2016-07-27 18:09:23 UTC (rev 34885)
+++ ptlib/trunk/include/ptclib/shttpsvc.h	2016-07-28 10:00:20 UTC (rev 34886)
@@ -68,12 +68,24 @@
     virtual PChannel * CreateChannelForHTTP(PChannel * channel);
     virtual void OnHTTPStarted(PHTTPServer & server);
 
+    /** Set/Create the server certificate to use.
+        Must be called before ListenForHTTP() or https will not be supported.
+      */
     bool SetServerCertificate(
-      const PFilePath & certFile,
-      bool create = false,
-      const char * dn = NULL
+      const PFilePath & certFile,   ///< Combined certificate/private key file
+      bool create = false,          ///< Flag indicating a self signed certificate should be generated if it does not exist.
+      const char * dn = NULL        ///< Distinguished Name to use if creating new self signed certificate.
     );
 
+    /** Set the server certificates to use.
+        Must be called before ListenForHTTP() or https will not be supported.
+      */
+    bool SetServerCertificates(
+      const PString & cert,   ///< Certificate file or text string
+      const PString & key,    ///< Private key file or text string
+      const PString & ca      ///< Certificate authority file, directory or text string
+    );
+
     virtual PBoolean OnDetectedNonSSLConnection(PChannel * chan, const PString & line);
 
     virtual PString CreateNonSSLMessage(const PString & url);

Modified: ptlib/trunk/src/ptclib/shttpsvc.cxx
===================================================================
--- ptlib/trunk/src/ptclib/shttpsvc.cxx	2016-07-27 18:09:23 UTC (rev 34885)
+++ ptlib/trunk/src/ptclib/shttpsvc.cxx	2016-07-28 10:00:20 UTC (rev 34886)
@@ -146,9 +146,6 @@
                                                      bool create,
                                                      const char * dn)
 {
-  if (m_sslContext == NULL)
-    m_sslContext = new PSSLContext;
-
   if (create && !PFile::Exists(certificateFile)) {
     PSSLPrivateKey key(1024);
     PSSLCertificate certificate;
@@ -167,13 +164,22 @@
     key.Save(certificateFile, true);
   }
 
-  if (m_sslContext->UseCertificate(certificateFile) && m_sslContext->UsePrivateKey(certificateFile))
+  if (SetServerCertificates(certificateFile, certificateFile, PString::Empty()))
     return true;
 
   DisableSSL();
   return false;
 }
 
+
+bool PSecureHTTPServiceProcess::SetServerCertificates(const PString & cert, const PString & key, const PString & ca)
+{
+  if (m_sslContext == NULL)
+    m_sslContext = new PSSLContext;
+
+  return m_sslContext->SetCredentials(ca, cert, key);
+}
+
 PBoolean PSecureHTTPServiceProcess::OnDetectedNonSSLConnection(PChannel * chan, const PString & line)
 { 
   // get the MIME info

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



