1
/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
3
* Drizzle Client & Protocol Library
5
* Copyright (C) 2012 Andrew Hutchings (andrew@linuxjedi.co.uk)
8
* Redistribution and use in source and binary forms, with or without
9
* modification, are permitted provided that the following conditions are
12
* * Redistributions of source code must retain the above copyright
13
* notice, this list of conditions and the following disclaimer.
15
* * Redistributions in binary form must reproduce the above
16
* copyright notice, this list of conditions and the following disclaimer
17
* in the documentation and/or other materials provided with the
20
* * The names of its contributors may not be used to endorse or
21
* promote products derived from this software without specific prior
24
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
25
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
26
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
27
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
28
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
29
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
30
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
34
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38
#include <libdrizzle/common.h>
40
drizzle_return_t drizzle_set_ssl(drizzle_con_st *con, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)
42
con->ssl_context= SSL_CTX_new(TLSv1_client_method());
46
drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot set the SSL cipher list");
47
return DRIZZLE_RETURN_SSL_ERROR;
50
if (SSL_CTX_load_verify_locations(con->ssl_context, ca, capath) != 1)
52
drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate authority file");
53
return DRIZZLE_RETURN_SSL_ERROR;
58
if (SSL_CTX_use_certificate_file(con->ssl_context, cert, SSL_FILETYPE_PEM) != 1)
60
drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate file");
61
return DRIZZLE_RETURN_SSL_ERROR;
67
if (SSL_CTX_use_PrivateKey_file(con->ssl_context, key, SSL_FILETYPE_PEM) != 1)
69
drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL key file");
70
return DRIZZLE_RETURN_SSL_ERROR;
73
if (SSL_CTX_check_private_key(con->ssl_context) != 1)
75
drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Error validating the SSL private key");
76
return DRIZZLE_RETURN_SSL_ERROR;
80
con->ssl= SSL_new(con->ssl_context);
82
return DRIZZLE_RETURN_OK;