pascal/synapse
1
0
Fork 0
Code Issues Releases Activity

ssl_openssl11 - Read all certificates from the PFX file (Radek Cervinka)

Browse Source 
git-svn-id: https://svn.code.sf.net/p/synalist/code/trunk@261 7c85be65-684b-0410-a082-b2ed4fbef004
This commit is contained in:
geby 2022-05-10 06:05:54 +00:00
parent dbaf609283
commit 2945035388
2 changed files with 86 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssl_openssl11.pas
View File

@ -283,8 +283,12 @@ end;
function TSSLOpenSSL.LoadPFX(pfxdata: Ansistring): Boolean;
var
cert, pkey, ca: SslPtr;
certx: PAnsiChar;
b: PBIO;
p12: SslPtr;
i: Integer;
Store: PX509_STORE;
iTotal: Integer;
begin
Result := False;
b := BioNew(BioSMem);
@ -303,6 +307,27 @@ begin
if SSLCTXusePrivateKey(Fctx, pkey) > 0 then
Result := True;
{pf}
if Result and (ca <> nil) then
begin
iTotal := OPENSSL_sk_num(ca);
if iTotal > 0 then
begin
Store := SSL_CTX_get_cert_store(Fctx);
for I := 0 to iTotal - 1 do
begin
certx := OPENSSL_sk_value(ca, I);
if certx <> nil then
begin
if X509_STORE_add_cert(Store, certx) = 0 then
begin
// already exists
end;
//X509_free(Cert);
end;
end;
end;
end;
finally
EvpPkeyFree(pkey);
X509free(cert);
@ -320,12 +345,13 @@ end;
function TSSLOpenSSL.SetSslKeys: boolean;
var
st: TFileStream;
s: string;
s: ansistring;
begin
Result := False;
if not assigned(FCtx) then
Exit;
try
if FCertificateFile <> '' then
if SslCtxUseCertificateChainFile(FCtx, FCertificateFile) <> 1 then
if SslCtxUseCertificateFile(FCtx, FCertificateFile, SSL_FILETYPE_PEM) <> 1 then

61
ssl_openssl11_lib.pas
View File

@ -137,6 +137,7 @@ type
PSSL_METHOD = SslPtr;
PX509 = SslPtr;
PX509_NAME = SslPtr;
PX509_STORE = Pointer;
PEVP_MD = SslPtr;
PInteger = ^Integer;
PBIO_METHOD = SslPtr;
@ -232,7 +233,6 @@ const
TLS1_1_VERSION = $0302;
TLS1_2_VERSION = $0303;
TLS1_3_VERSION = $0304;
var
SSLLibHandle: TLibHandle = 0;
SSLUtilHandle: TLibHandle = 0;
@ -283,6 +283,7 @@ var
function SSLCtrl(ssl: PSSL; cmd: integer; larg: integer; parg: SslPtr):Integer;
// libeay.dll
function X509New: PX509;
procedure X509Free(x: PX509);
function X509NameOneline(a: PX509_NAME; var buf: AnsiString; size: Integer):AnsiString;
@ -329,10 +330,15 @@ var
function d2iX509bio(b:PBIO; x:PX509): PX509; {pf}
function PEMReadBioX509(b:PBIO; {var x:PX509;}x:PSslPtr; callback:PFunction; cb_arg: SslPtr): PX509; {pf}
procedure SkX509PopFree(st: PSTACK; func: TSkPopFreeFunc); {pf}
function OPENSSL_sk_num(Stack: PSTACK): Integer;
function OPENSSL_sk_value(Stack: PSTACK; Item: Integer): PAnsiChar;
function X509_STORE_add_cert(Store: PX509_STORE; Cert: PX509): Integer;
function SSL_CTX_get_cert_store(const Ctx: PSSL_CTX): PX509_STORE;
function i2dPrivateKeyBio(b: PBIO; pkey: EVP_PKEY): integer;
// 3DES functions
procedure DESsetoddparity(Key: des_cblock);
function DESsetkeychecked(key: des_cblock; schedule: des_key_schedule): Integer;
@ -396,6 +402,16 @@ type
TSSLSetTlsextHostName = function(ssl: PSSL; buf: PAnsiChar):Integer; cdecl;
// libeay.dll
TOPENSSL_sk_new_null = function: PSTACK; cdecl;
TOPENSSL_sk_num = function(Stack: PSTACK): Integer; cdecl;
TOPENSSL_sk_value = function(Stack: PSTACK; Item: Integer): PAnsiChar; cdecl;
TOPENSSL_sk_free = procedure(Stack: PSTACK); cdecl;
TOPENSSL_sk_insert = function(Stack: PSTACK; Data: PAnsiChar; Index: Integer): Integer; cdecl;
TX509_dup = function(X: PX509): PX509; cdecl;
TSSL_CTX_get_cert_store = function(const Ctx: PSSL_CTX): PX509_STORE;cdecl;
TX509_STORE_add_cert = function(Store: PX509_STORE; Cert: PX509): Integer; cdecl;
TX509New = function: PX509; cdecl;
TX509NameOneline = function(a: PX509_NAME; buf: PAnsiChar; size: Integer):PAnsiChar; cdecl;
TX509GetSubjectName = function(a: PX509):PX509_NAME; cdecl;
@ -487,6 +503,15 @@ var
_SslCtxSetMaxProtoVersion: TSslCtxSetMaxProtoVersion = nil;
// libeay.dll
_OPENSSL_sk_new_null: TOPENSSL_sk_new_null = nil;
_OPENSSL_sk_num: TOPENSSL_sk_num = nil;
_OPENSSL_sk_value: TOPENSSL_sk_value = nil;
_OPENSSL_sk_free: TOPENSSL_sk_free = nil;
_OPENSSL_sk_insert: TOPENSSL_sk_insert = nil;
_SSL_CTX_get_cert_store : TSSL_CTX_get_cert_store = nil;
_X509_STORE_add_cert : TX509_STORE_add_cert = nil;
_X509New: TX509New = nil;
_X509NameOneline: TX509NameOneline = nil;
_X509GetSubjectName: TX509GetSubjectName = nil;
@ -1136,6 +1161,30 @@ begin
Result := nil;
end;
function OPENSSL_sk_num(Stack: PSTACK): Integer;
begin
if InitSSLInterface and Assigned(_OPENSSL_sk_num) then
Result := _OPENSSL_sk_num(Stack);
end;
function SSL_CTX_get_cert_store(const Ctx: PSSL_CTX): PX509_STORE;
begin
if InitSSLInterface and Assigned(_SSL_CTX_get_cert_store) then
Result := _SSL_CTX_get_cert_store(Ctx);
end;
function OPENSSL_sk_value(Stack: PSTACK; Item: Integer): PAnsiChar;
begin
if InitSSLInterface and Assigned(_OPENSSL_sk_value) then
Result := _OPENSSL_sk_value(Stack, Item);
end;
function X509_STORE_add_cert(Store: PX509_STORE; Cert: PX509): Integer;
begin
if InitSSLInterface and Assigned(_X509_STORE_add_cert) then
Result := _X509_STORE_add_cert(Store, Cert);
end;
procedure SkX509PopFree(st: PSTACK; func:TSkPopFreeFunc); {pf}
begin
if InitSSLInterface and Assigned(_SkX509PopFree) then
@ -1273,6 +1322,14 @@ begin
_SslGetVerifyResult := GetProcAddr(SSLLibHandle, 'SSL_get_verify_result');
_SslCtrl := GetProcAddr(SSLLibHandle, 'SSL_ctrl');
_OPENSSL_sk_new_null:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_new_null');
_OPENSSL_sk_num:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_num');
_OPENSSL_sk_value:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_value');
_OPENSSL_sk_free:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_free');
_OPENSSL_sk_insert:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_insert');
_SSL_CTX_get_cert_store:= GetProcAddr(SSLLibHandle, 'SSL_CTX_get_cert_store');
_X509_STORE_add_cert := GetProcAddr(SSLUtilHandle, 'X509_STORE_add_cert');
_X509New := GetProcAddr(SSLUtilHandle, 'X509_new');
_X509Free := GetProcAddr(SSLUtilHandle, 'X509_free');
_X509NameOneline := GetProcAddr(SSLUtilHandle, 'X509_NAME_oneline');