mirror of
https://github.com/ClassiCube/ClassiCube.git
synced 2025-09-08 14:56:12 -04:00
Start drafting up cert validator backend API
This commit is contained in:
UnknownShadow200
parent
7c5229096f
commit
89b6d8ec59
28
src/Certs.h
Normal file
28
src/Certs.h
Normal file
@ -0,0 +1,28 @@
|
||||
#ifndef CC_SSL_H
|
||||
#define CC_SSL_H
|
||||
#include "Platform.h"
|
||||
CC_BEGIN_HEADER
|
||||
|
||||
/*
|
||||
Validates an X509 certificate chain for verifying a SSL/TLS connection.
|
||||
Copyright 2014-2025 ClassiCube | Licensed under BSD-3
|
||||
*/
|
||||
|
||||
void CertsBackend_Init(void);
|
||||
|
||||
struct X509CertContext {
|
||||
void* ctx;
|
||||
void* chain;
|
||||
void* cert;
|
||||
};
|
||||
|
||||
cc_result Certs_BeginChain( struct X509CertContext* ctx);
|
||||
cc_result Certs_FreeChain( struct X509CertContext* ctx);
|
||||
cc_result Certs_VerifyChain(struct X509CertContext* ctx);
|
||||
|
||||
void Certs_BeginCert( struct X509CertContext* ctx, int size);
|
||||
void Certs_AppendCert(struct X509CertContext* ctx, void* data, int len);
|
||||
void Certs_FinishCert(struct X509CertContext* ctx);
|
||||
|
||||
CC_END_HEADER
|
||||
#endif
|
||||
34
src/SSL.c
34
src/SSL.c
@ -408,13 +408,22 @@ cc_result SSL_Free(void* ctx_) {
|
||||
#include "String.h"
|
||||
#include "bearssl.h"
|
||||
#include "../misc/certs/certs.h"
|
||||
|
||||
// https://github.com/unkaktus/bearssl/blob/master/samples/client_basic.c#L283
|
||||
#define SSL_ERROR_SHIFT 0xB5510000
|
||||
|
||||
static br_x509_class cert_verifier_vtable;
|
||||
typedef struct SSLContext {
|
||||
br_x509_minimal_context xc;
|
||||
br_ssl_client_context sc;
|
||||
struct X509CertContext x509;
|
||||
unsigned char iobuf[BR_SSL_BUFSIZE_BIDI];
|
||||
br_sslio_context ioc;
|
||||
cc_result readError, writeError;
|
||||
cc_socket socket;
|
||||
} SSLContext;
|
||||
static cc_bool _verifyCerts;
|
||||
|
||||
static unsigned cert_verifier_end_chain(const br_x509_class** ctx) {
|
||||
static unsigned x509_end_chain(const br_x509_class** ctx) {
|
||||
unsigned r = br_x509_minimal_vtable.end_chain(ctx);
|
||||
|
||||
/* User selected to not care about certificate authenticity */
|
||||
@ -434,20 +443,19 @@ static unsigned cert_verifier_end_chain(const br_x509_class** ctx) {
|
||||
return r;
|
||||
}
|
||||
|
||||
typedef struct SSLContext {
|
||||
br_x509_minimal_context xc;
|
||||
br_ssl_client_context sc;
|
||||
unsigned char iobuf[BR_SSL_BUFSIZE_BIDI];
|
||||
br_sslio_context ioc;
|
||||
cc_result readError, writeError;
|
||||
cc_socket socket;
|
||||
} SSLContext;
|
||||
static const br_x509_class cert_verifier_vtable = {
|
||||
sizeof(br_x509_minimal_context),
|
||||
x509_start_chain,
|
||||
x509_start_cert,
|
||||
x509_append,
|
||||
x509_end_cert,
|
||||
x509_end_chain,
|
||||
x509_get_pkey
|
||||
};
|
||||
|
||||
void SSLBackend_Init(cc_bool verifyCerts) {
|
||||
_verifyCerts = verifyCerts;
|
||||
|
||||
cert_verifier_vtable = br_x509_minimal_vtable;
|
||||
cert_verifier_vtable.end_chain = cert_verifier_end_chain;
|
||||
CertsBackend_Init();
|
||||
}
|
||||
|
||||
cc_bool SSLBackend_DescribeError(cc_result res, cc_string* dst) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user