AstralTransRocketries/ClassiCube
1
0
Fork 0
mirror of https://github.com/ClassiCube/ClassiCube.git synced 2025-09-11 16:45:48 -04:00
Code Issues Packages Projects Releases Wiki Activity

Start drafting up cert validator backend API

Browse Source
This commit is contained in:
UnknownShadow200 2025-06-24 07:55:49 +10:00
parent 7c5229096f
commit 89b6d8ec59
2 changed files with 49 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/Certs.h Normal file
View File

@ -0,0 +1,28 @@
#ifndef CC_SSL_H
#define CC_SSL_H
#include "Platform.h"
CC_BEGIN_HEADER
/*
Validates an X509 certificate chain for verifying a SSL/TLS connection.
Copyright 2014-2025 ClassiCube | Licensed under BSD-3
*/
void CertsBackend_Init(void);
struct X509CertContext {
void* ctx;
void* chain;
void* cert;
};
cc_result Certs_BeginChain( struct X509CertContext* ctx);
cc_result Certs_FreeChain( struct X509CertContext* ctx);
cc_result Certs_VerifyChain(struct X509CertContext* ctx);
void Certs_BeginCert( struct X509CertContext* ctx, int size);
void Certs_AppendCert(struct X509CertContext* ctx, void* data, int len);
void Certs_FinishCert(struct X509CertContext* ctx);
CC_END_HEADER
#endif

34
src/SSL.c
View File

@ -408,13 +408,22 @@ cc_result SSL_Free(void* ctx_) {
#include "String.h" #include "String.h"
#include "bearssl.h" #include "bearssl.h"
#include "../misc/certs/certs.h" #include "../misc/certs/certs.h"
// https://github.com/unkaktus/bearssl/blob/master/samples/client_basic.c#L283 // https://github.com/unkaktus/bearssl/blob/master/samples/client_basic.c#L283
#define SSL_ERROR_SHIFT 0xB5510000 #define SSL_ERROR_SHIFT 0xB5510000
static br_x509_class cert_verifier_vtable; typedef struct SSLContext {
br_x509_minimal_context xc;
br_ssl_client_context sc;
struct X509CertContext x509;
unsigned char iobuf[BR_SSL_BUFSIZE_BIDI];
br_sslio_context ioc;
cc_result readError, writeError;
cc_socket socket;
} SSLContext;
static cc_bool _verifyCerts; static cc_bool _verifyCerts;
static unsigned cert_verifier_end_chain(const br_x509_class** ctx) { static unsigned x509_end_chain(const br_x509_class** ctx) {
unsigned r = br_x509_minimal_vtable.end_chain(ctx); unsigned r = br_x509_minimal_vtable.end_chain(ctx);
/* User selected to not care about certificate authenticity */ /* User selected to not care about certificate authenticity */
@ -434,20 +443,19 @@ static unsigned cert_verifier_end_chain(const br_x509_class** ctx) {
return r; return r;
} }
typedef struct SSLContext { static const br_x509_class cert_verifier_vtable = {
br_x509_minimal_context xc; sizeof(br_x509_minimal_context),
br_ssl_client_context sc; x509_start_chain,
unsigned char iobuf[BR_SSL_BUFSIZE_BIDI]; x509_start_cert,
br_sslio_context ioc; x509_append,
cc_result readError, writeError; x509_end_cert,
cc_socket socket; x509_end_chain,
} SSLContext; x509_get_pkey
};
void SSLBackend_Init(cc_bool verifyCerts) { void SSLBackend_Init(cc_bool verifyCerts) {
_verifyCerts = verifyCerts; _verifyCerts = verifyCerts;
CertsBackend_Init();
cert_verifier_vtable = br_x509_minimal_vtable;
cert_verifier_vtable.end_chain = cert_verifier_end_chain;
} }
cc_bool SSLBackend_DescribeError(cc_result res, cc_string* dst) { cc_bool SSLBackend_DescribeError(cc_result res, cc_string* dst) {