HPCC-27255 TLS cert/key as buffers 2a

Signed-off-by: Mark Kelly <[email protected]>
hpcc-systems · Sep 15, 2023 · ebddb3c · ebddb3c
1 parent 3565cac
commit ebddb3c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/esp/bindings/SOAP/Platform/soapbind.cpp b/esp/bindings/SOAP/Platform/soapbind.cpp
@@ -278,14 +278,14 @@ static IPropertyTree *createSecClientConfig(const char *clientCertFileOrBuf, con
     if (!isEmptyString(clientCertFileOrBuf))
     {
         if (containsEmbeddedKey(clientCertFileOrBuf))
-            info->setProp("certificatebuf", clientCertFileOrBuf);
+            info->setProp("certificate_pem", clientCertFileOrBuf);
         else
             info->setProp("certificate", clientCertFileOrBuf);
 
         if (!isEmptyString(clientPrivKeyFileOrBuf))
         {
             if (containsEmbeddedKey(clientPrivKeyFileOrBuf))
-                info->setProp("privatekeybuf", clientPrivKeyFileOrBuf);
+                info->setProp("privatekey_pem", clientPrivKeyFileOrBuf);
             else
                 info->setProp("privatekey", clientPrivKeyFileOrBuf);
         }

diff --git a/system/security/securesocket/securesocket.cpp b/system/security/securesocket/securesocket.cpp
@@ -1231,7 +1231,7 @@ static bool useCertificateChainPEMBuffer(SSL_CTX *ctx, const char *certBuf, int
     return true;
 }
 
-static bool loadVerifyLocationsPEMBuffer(SSL_CTX *ctx, const char *caCertBuf, int caCertLen=-1)
+static bool setVerifyCertsPEMBuffer(SSL_CTX *ctx, const char *caCertBuf, int caCertLen=-1)
 {
     // this routine based on code originally from:
     // https://stackoverflow.com/questions/5052563/c-openssl-use-root-ca-from-buffer-rather-than-file-ssl-ctx-load-verify-locat
@@ -1333,15 +1333,15 @@ class CSecureSocketContext : public CInterfaceOf<ISecureSocketContext>
             throw makeStringException(-1, "Private key does not match the certificate public key");
     }
 
-    void setVerifyLocations(const char *caCertsPathOrBuf)
+    void setVerifyCerts(const char *caCertsPathOrBuf)
     {
         if (isEmptyString(caCertsPathOrBuf))
             return;
 
         if (containsEmbeddedKey(caCertsPathOrBuf))
         {
             // can have multiple certs in buffer
-            if (!loadVerifyLocationsPEMBuffer(m_ctx, caCertsPathOrBuf))
+            if (!setVerifyCertsPEMBuffer(m_ctx, caCertsPathOrBuf))
                 throw makeStringException(-1, "Error loading CA certificates");
         }
         else if (SSL_CTX_load_verify_locations(m_ctx, caCertsPathOrBuf, NULL) != 1)
@@ -1393,13 +1393,13 @@ class CSecureSocketContext : public CInterfaceOf<ISecureSocketContext>
             SSL_CTX_set_default_passwd_cb(m_ctx, pem_passwd_cb);
         }
 
-        const char *certFileOrBuf = config->queryProp("certificatebuf");
+        const char *certFileOrBuf = config->queryProp("certificate_pem");
         if (!certFileOrBuf)
             certFileOrBuf = config->queryProp("certificate");
         if (certFileOrBuf && *certFileOrBuf)
             setCertificate(certFileOrBuf);
 
-        const char *privKeyFileOrBuf = config->queryProp("privatekeybuf");
+        const char *privKeyFileOrBuf = config->queryProp("privatekey_pem");
         if (!privKeyFileOrBuf)
             privKeyFileOrBuf = config->queryProp("privatekey");
         if (privKeyFileOrBuf && *privKeyFileOrBuf)
@@ -1416,7 +1416,7 @@ class CSecureSocketContext : public CInterfaceOf<ISecureSocketContext>
             if (!caCertPathOrBuf)
                 caCertPathOrBuf = config->queryProp("verify/ca_certificates/@path");
             if (caCertPathOrBuf && *caCertPathOrBuf)
-                setVerifyLocations(caCertPathOrBuf);
+                setVerifyCerts(caCertPathOrBuf);
 
             bool acceptSelfSigned = config->getPropBool("verify/@accept_selfsigned");
             SSL_CTX_set_verify(m_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, (acceptSelfSigned) ? verify_callback_allow_selfSigned : verify_callback_reject_selfSigned);