diff --git a/ssl_openssl11.pas b/ssl_openssl11.pas index 9e7c67a..a8a8145 100644 --- a/ssl_openssl11.pas +++ b/ssl_openssl11.pas @@ -283,8 +283,12 @@ end; function TSSLOpenSSL.LoadPFX(pfxdata: Ansistring): Boolean; var cert, pkey, ca: SslPtr; + certx: PAnsiChar; b: PBIO; p12: SslPtr; + i: Integer; + Store: PX509_STORE; + iTotal: Integer; begin Result := False; b := BioNew(BioSMem); @@ -303,6 +307,27 @@ begin if SSLCTXusePrivateKey(Fctx, pkey) > 0 then Result := True; {pf} + + if Result and (ca <> nil) then + begin + iTotal := OPENSSL_sk_num(ca); + if iTotal > 0 then + begin + Store := SSL_CTX_get_cert_store(Fctx); + for I := 0 to iTotal - 1 do + begin + certx := OPENSSL_sk_value(ca, I); + if certx <> nil then + begin + if X509_STORE_add_cert(Store, certx) = 0 then + begin + // already exists + end; + //X509_free(Cert); + end; + end; + end; + end; finally EvpPkeyFree(pkey); X509free(cert); @@ -320,12 +345,13 @@ end; function TSSLOpenSSL.SetSslKeys: boolean; var st: TFileStream; - s: string; + s: ansistring; begin Result := False; if not assigned(FCtx) then Exit; try + if FCertificateFile <> '' then if SslCtxUseCertificateChainFile(FCtx, FCertificateFile) <> 1 then if SslCtxUseCertificateFile(FCtx, FCertificateFile, SSL_FILETYPE_PEM) <> 1 then diff --git a/ssl_openssl11_lib.pas b/ssl_openssl11_lib.pas index be9ce81..34c5483 100644 --- a/ssl_openssl11_lib.pas +++ b/ssl_openssl11_lib.pas @@ -137,6 +137,7 @@ type PSSL_METHOD = SslPtr; PX509 = SslPtr; PX509_NAME = SslPtr; + PX509_STORE = Pointer; PEVP_MD = SslPtr; PInteger = ^Integer; PBIO_METHOD = SslPtr; @@ -232,7 +233,6 @@ const TLS1_1_VERSION = $0302; TLS1_2_VERSION = $0303; TLS1_3_VERSION = $0304; - var SSLLibHandle: TLibHandle = 0; SSLUtilHandle: TLibHandle = 0; @@ -283,6 +283,7 @@ var function SSLCtrl(ssl: PSSL; cmd: integer; larg: integer; parg: SslPtr):Integer; // libeay.dll + function X509New: PX509; procedure X509Free(x: PX509); function X509NameOneline(a: PX509_NAME; var buf: AnsiString; size: Integer):AnsiString; @@ -329,10 +330,15 @@ var function d2iX509bio(b:PBIO; x:PX509): PX509; {pf} function PEMReadBioX509(b:PBIO; {var x:PX509;}x:PSslPtr; callback:PFunction; cb_arg: SslPtr): PX509; {pf} procedure SkX509PopFree(st: PSTACK; func: TSkPopFreeFunc); {pf} - + function OPENSSL_sk_num(Stack: PSTACK): Integer; + function OPENSSL_sk_value(Stack: PSTACK; Item: Integer): PAnsiChar; + function X509_STORE_add_cert(Store: PX509_STORE; Cert: PX509): Integer; + function SSL_CTX_get_cert_store(const Ctx: PSSL_CTX): PX509_STORE; function i2dPrivateKeyBio(b: PBIO; pkey: EVP_PKEY): integer; + + // 3DES functions procedure DESsetoddparity(Key: des_cblock); function DESsetkeychecked(key: des_cblock; schedule: des_key_schedule): Integer; @@ -396,6 +402,16 @@ type TSSLSetTlsextHostName = function(ssl: PSSL; buf: PAnsiChar):Integer; cdecl; // libeay.dll + + TOPENSSL_sk_new_null = function: PSTACK; cdecl; + TOPENSSL_sk_num = function(Stack: PSTACK): Integer; cdecl; + TOPENSSL_sk_value = function(Stack: PSTACK; Item: Integer): PAnsiChar; cdecl; + TOPENSSL_sk_free = procedure(Stack: PSTACK); cdecl; + TOPENSSL_sk_insert = function(Stack: PSTACK; Data: PAnsiChar; Index: Integer): Integer; cdecl; + TX509_dup = function(X: PX509): PX509; cdecl; + TSSL_CTX_get_cert_store = function(const Ctx: PSSL_CTX): PX509_STORE;cdecl; + TX509_STORE_add_cert = function(Store: PX509_STORE; Cert: PX509): Integer; cdecl; + TX509New = function: PX509; cdecl; TX509NameOneline = function(a: PX509_NAME; buf: PAnsiChar; size: Integer):PAnsiChar; cdecl; TX509GetSubjectName = function(a: PX509):PX509_NAME; cdecl; @@ -487,6 +503,15 @@ var _SslCtxSetMaxProtoVersion: TSslCtxSetMaxProtoVersion = nil; // libeay.dll + + _OPENSSL_sk_new_null: TOPENSSL_sk_new_null = nil; + _OPENSSL_sk_num: TOPENSSL_sk_num = nil; + _OPENSSL_sk_value: TOPENSSL_sk_value = nil; + _OPENSSL_sk_free: TOPENSSL_sk_free = nil; + _OPENSSL_sk_insert: TOPENSSL_sk_insert = nil; + _SSL_CTX_get_cert_store : TSSL_CTX_get_cert_store = nil; + _X509_STORE_add_cert : TX509_STORE_add_cert = nil; + _X509New: TX509New = nil; _X509NameOneline: TX509NameOneline = nil; _X509GetSubjectName: TX509GetSubjectName = nil; @@ -1136,6 +1161,30 @@ begin Result := nil; end; +function OPENSSL_sk_num(Stack: PSTACK): Integer; +begin + if InitSSLInterface and Assigned(_OPENSSL_sk_num) then + Result := _OPENSSL_sk_num(Stack); +end; + +function SSL_CTX_get_cert_store(const Ctx: PSSL_CTX): PX509_STORE; +begin + if InitSSLInterface and Assigned(_SSL_CTX_get_cert_store) then + Result := _SSL_CTX_get_cert_store(Ctx); +end; + +function OPENSSL_sk_value(Stack: PSTACK; Item: Integer): PAnsiChar; +begin + if InitSSLInterface and Assigned(_OPENSSL_sk_value) then + Result := _OPENSSL_sk_value(Stack, Item); +end; + +function X509_STORE_add_cert(Store: PX509_STORE; Cert: PX509): Integer; +begin + if InitSSLInterface and Assigned(_X509_STORE_add_cert) then + Result := _X509_STORE_add_cert(Store, Cert); +end; + procedure SkX509PopFree(st: PSTACK; func:TSkPopFreeFunc); {pf} begin if InitSSLInterface and Assigned(_SkX509PopFree) then @@ -1273,6 +1322,14 @@ begin _SslGetVerifyResult := GetProcAddr(SSLLibHandle, 'SSL_get_verify_result'); _SslCtrl := GetProcAddr(SSLLibHandle, 'SSL_ctrl'); + _OPENSSL_sk_new_null:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_new_null'); + _OPENSSL_sk_num:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_num'); + _OPENSSL_sk_value:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_value'); + _OPENSSL_sk_free:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_free'); + _OPENSSL_sk_insert:= GetProcAddr(SSLUtilHandle, 'OPENSSL_sk_insert'); + _SSL_CTX_get_cert_store:= GetProcAddr(SSLLibHandle, 'SSL_CTX_get_cert_store'); + _X509_STORE_add_cert := GetProcAddr(SSLUtilHandle, 'X509_STORE_add_cert'); + _X509New := GetProcAddr(SSLUtilHandle, 'X509_new'); _X509Free := GetProcAddr(SSLUtilHandle, 'X509_free'); _X509NameOneline := GetProcAddr(SSLUtilHandle, 'X509_NAME_oneline');