#include <folly/Random.h>
#include <folly/SharedMutex.h>
#include <folly/SpinLock.h>
-#include <folly/ThreadId.h>
#include <folly/ssl/Init.h>
+#include <folly/system/ThreadId.h>
// ---------------------------------------------------------------------
// SSLContext implementation
setCiphersOrThrow(ciphers);
}
-void SSLContext::setCipherList(const std::vector<std::string>& ciphers) {
- if (ciphers.size() == 0) {
- return;
- }
- std::string opensslCipherList;
- join(":", ciphers, opensslCipherList);
- setCiphersOrThrow(opensslCipherList);
-}
-
-void SSLContext::setSignatureAlgorithms(
- const std::vector<std::string>& sigalgs) {
- if (sigalgs.size() == 0) {
- return;
- }
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
- std::string opensslSigAlgsList;
- join(":", sigalgs, opensslSigAlgsList);
- int rc = SSL_CTX_set1_sigalgs_list(ctx_, opensslSigAlgsList.c_str());
- if (rc == 0) {
- throw std::runtime_error("SSL_CTX_set1_sigalgs_list " + getErrors());
- }
-#endif
-}
-
void SSLContext::setClientECCurvesList(
const std::vector<std::string>& ecCurves) {
if (ecCurves.size() == 0) {
}
}
+void SSLContext::loadCertKeyPairFromBufferPEM(
+ folly::StringPiece cert,
+ folly::StringPiece pkey) {
+ loadCertificateFromBufferPEM(cert);
+ loadPrivateKeyFromBufferPEM(pkey);
+}
+
+void SSLContext::loadCertKeyPairFromFiles(
+ const char* certPath,
+ const char* keyPath,
+ const char* certFormat,
+ const char* keyFormat) {
+ loadCertificate(certPath, certFormat);
+ loadPrivateKey(keyPath, keyFormat);
+}
+
+bool SSLContext::isCertKeyPairValid() const {
+ return SSL_CTX_check_private_key(ctx_) == 1;
+}
+
void SSLContext::loadTrustedCertificates(const char* path) {
if (path == nullptr) {
throw std::invalid_argument("loadTrustedCertificates: <path> is nullptr");
ctx_,
reinterpret_cast<const unsigned char*>(context.data()),
std::min<unsigned int>(
- static_cast<unsigned int>(context.length()),
- SSL_MAX_SSL_SESSION_ID_LENGTH));
+ static_cast<unsigned int>(context.length()), SSL_MAX_SID_CTX_LENGTH));
}
/**
return int(length);
}
-void SSLContext::setSSLLockTypes(std::map<int, LockType> inLockTypes) {
- folly::ssl::setLockTypes(inLockTypes);
-}
-
#if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH)
void SSLContext::enableFalseStart() {
SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH);