Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-2051

Allow Squeasel to accept certificates and private keys from separate files

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Impala 2.2
    • Fix Version/s: Impala 2.3.0
    • Component/s: None
    • Labels:

      Description

      Squeasel does not allow the SSL certificate and private key to live in separate files:

       if ((ctx->callbacks.init_ssl == NULL ||
             !ctx->callbacks.init_ssl(ctx->ssl_ctx, ctx->user_data)) &&
            (SSL_CTX_use_certificate_file(ctx->ssl_ctx, pem, 1) == 0 ||
             SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, pem, 1) == 0)) {
          cry(fc(ctx), "%s: cannot open %s: %s", __func__, pem, ssl_error());
          return 0;
        }
      

      (Note that pem is the same file in both SSL_CTX_... calls).

      We should improve it to allow two options, one for the private key and one for the certificate. For backwards compatibility reasons, we should default to the same file if only one file is given.

      While we're here, we should allow the client of the Squeasel library to provide a callback for giving a password for the private key (see also IMPALA-1795).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                henryr Henry Robinson
                Reporter:
                henryr Henry Robinson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: