diff --git a/lib/base/tlsstream.hpp b/lib/base/tlsstream.hpp index f6e52097e..63814d309 100644 --- a/lib/base/tlsstream.hpp +++ b/lib/base/tlsstream.hpp @@ -59,7 +59,7 @@ private: struct UnbufferedAsioTlsStreamParams { boost::asio::io_context& IoContext; - boost::asio::ssl::context& SslContext; + TlsContext& SslContext; const String& Hostname; }; @@ -108,7 +108,7 @@ class AsioTlsStream : public boost::asio::buffered_stream::Ptr& context, const String& pubkey, const String& privkey, const String& cakey) +static void InitSslContext(const Shared::Ptr& context, const String& pubkey, const String& privkey, const String& cakey) { char errbuf[256]; // Enforce TLS v1.2 as minimum context->set_options( - boost::asio::ssl::context::default_workarounds | - boost::asio::ssl::context::no_compression | - boost::asio::ssl::context::no_sslv2 | - boost::asio::ssl::context::no_sslv3 | - boost::asio::ssl::context::no_tlsv1 | - boost::asio::ssl::context::no_tlsv1_1 + TlsContext::default_workarounds | + TlsContext::no_compression | + TlsContext::no_sslv2 | + TlsContext::no_sslv3 | + TlsContext::no_tlsv1 | + TlsContext::no_tlsv1_1 ); // Custom TLS flags @@ -202,13 +202,13 @@ static void InitSslContext(const Shared::Ptr& context * @param cakey CA certificate chain file. * @returns An SSL context. */ -Shared::Ptr MakeAsioSslContext(const String& pubkey, const String& privkey, const String& cakey) +Shared::Ptr MakeAsioSslContext(const String& pubkey, const String& privkey, const String& cakey) { namespace ssl = boost::asio::ssl; InitializeOpenSSL(); - auto context (Shared::Make(ssl::context::tls)); + auto context (Shared::Make(TlsContext::tls)); InitSslContext(context, pubkey, privkey, cakey); @@ -220,7 +220,7 @@ Shared::Ptr MakeAsioSslContext(const String& pubkey, * @param context The ssl context. * @param cipherList The ciper list. **/ -void SetCipherListToSSLContext(const Shared::Ptr& context, const String& cipherList) +void SetCipherListToSSLContext(const Shared::Ptr& context, const String& cipherList) { char errbuf[256]; @@ -278,12 +278,12 @@ int ResolveTlsProtocolVersion(const std::string& version) { } } -Shared::Ptr SetupSslContext(String certPath, String keyPath, +Shared::Ptr SetupSslContext(String certPath, String keyPath, String caPath, String crlPath, String cipherList, String protocolmin, DebugInfo di) { namespace ssl = boost::asio::ssl; - Shared::Ptr context; + Shared::Ptr context; try { context = MakeAsioSslContext(certPath, keyPath, caPath); @@ -327,7 +327,7 @@ Shared::Ptr SetupSslContext(String certPath, String k * @param context The ssl context. * @param tlsProtocolmin The minimum TLS protocol version. */ -void SetTlsProtocolminToSSLContext(const Shared::Ptr& context, const String& tlsProtocolmin) +void SetTlsProtocolminToSSLContext(const Shared::Ptr& context, const String& tlsProtocolmin) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L int ret = SSL_CTX_set_min_proto_version(context->native_handle(), ResolveTlsProtocolVersion(tlsProtocolmin)); @@ -355,7 +355,7 @@ void SetTlsProtocolminToSSLContext(const Shared::Ptr& * @param context The SSL context. * @param crlPath The path to the CRL file. */ -void AddCRLToSSLContext(const Shared::Ptr& context, const String& crlPath) +void AddCRLToSSLContext(const Shared::Ptr& context, const String& crlPath) { X509_STORE *x509_store = SSL_CTX_get_cert_store(context->native_handle()); AddCRLToSSLContext(x509_store, crlPath); diff --git a/lib/base/tlsutility.hpp b/lib/base/tlsutility.hpp index b06412020..dd61a66d8 100644 --- a/lib/base/tlsutility.hpp +++ b/lib/base/tlsutility.hpp @@ -38,18 +38,20 @@ const auto LEAF_VALID_FOR = 60 * 60 * 24 * 397; const auto RENEW_THRESHOLD = 60 * 60 * 24 * 30; const auto RENEW_INTERVAL = 60 * 60 * 24; +typedef boost::asio::ssl::context TlsContext; + void InitializeOpenSSL(); String GetOpenSSLVersion(); -Shared::Ptr MakeAsioSslContext(const String& pubkey = String(), const String& privkey = String(), const String& cakey = String()); -void AddCRLToSSLContext(const Shared::Ptr& context, const String& crlPath); +Shared::Ptr MakeAsioSslContext(const String& pubkey = String(), const String& privkey = String(), const String& cakey = String()); +void AddCRLToSSLContext(const Shared::Ptr& context, const String& crlPath); void AddCRLToSSLContext(X509_STORE *x509_store, const String& crlPath); -void SetCipherListToSSLContext(const Shared::Ptr& context, const String& cipherList); -void SetTlsProtocolminToSSLContext(const Shared::Ptr& context, const String& tlsProtocolmin); +void SetCipherListToSSLContext(const Shared::Ptr& context, const String& cipherList); +void SetTlsProtocolminToSSLContext(const Shared::Ptr& context, const String& tlsProtocolmin); int ResolveTlsProtocolVersion(const std::string& version); -Shared::Ptr SetupSslContext(String certPath, String keyPath, +Shared::Ptr SetupSslContext(String certPath, String keyPath, String caPath, String crlPath, String cipherList, String protocolmin, DebugInfo di); String GetCertificateCN(const std::shared_ptr& certificate); diff --git a/lib/cli/consolecommand.cpp b/lib/cli/consolecommand.cpp index 78906bb2a..c259711ad 100644 --- a/lib/cli/consolecommand.cpp +++ b/lib/cli/consolecommand.cpp @@ -524,7 +524,7 @@ incomplete: */ Shared::Ptr ConsoleCommand::Connect() { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(Empty, Empty, Empty); //TODO: Add support for cert, key, ca parameters diff --git a/lib/icingadb/redisconnection.hpp b/lib/icingadb/redisconnection.hpp index f346ba285..a36da7317 100644 --- a/lib/icingadb/redisconnection.hpp +++ b/lib/icingadb/redisconnection.hpp @@ -183,7 +183,7 @@ namespace icinga typedef boost::asio::buffered_stream TcpConn; typedef boost::asio::buffered_stream UnixConn; - Shared::Ptr m_TLSContext; + Shared::Ptr m_TLSContext; template static Value ReadRESP(AsyncReadStream& stream, boost::asio::yield_context& yc); diff --git a/lib/methods/ifwapichecktask.cpp b/lib/methods/ifwapichecktask.cpp index 8516d70c0..88f9ce61e 100644 --- a/lib/methods/ifwapichecktask.cpp +++ b/lib/methods/ifwapichecktask.cpp @@ -497,7 +497,7 @@ void IfwApiCheckTask::ScriptFunc(const Checkable::Ptr& checkable, const CheckRes auto& io (IoEngine::Get().GetIoContext()); auto strand (Shared::Make(io)); - Shared::Ptr ctx; + Shared::Ptr ctx; double start = Utility::GetTime(); try { diff --git a/lib/perfdata/elasticsearchwriter.cpp b/lib/perfdata/elasticsearchwriter.cpp index 9fb2aa90f..1b3e7bf90 100644 --- a/lib/perfdata/elasticsearchwriter.cpp +++ b/lib/perfdata/elasticsearchwriter.cpp @@ -602,7 +602,7 @@ OptionalTlsStream ElasticsearchWriter::Connect() bool tls = GetEnableTls(); if (tls) { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(GetCertPath(), GetKeyPath(), GetCaPath()); diff --git a/lib/perfdata/gelfwriter.cpp b/lib/perfdata/gelfwriter.cpp index c5b2bbd13..7210731d9 100644 --- a/lib/perfdata/gelfwriter.cpp +++ b/lib/perfdata/gelfwriter.cpp @@ -174,7 +174,7 @@ void GelfWriter::ReconnectInternal() bool ssl = GetEnableTls(); if (ssl) { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(GetCertPath(), GetKeyPath(), GetCaPath()); diff --git a/lib/perfdata/influxdbcommonwriter.cpp b/lib/perfdata/influxdbcommonwriter.cpp index a76310839..7d25ba129 100644 --- a/lib/perfdata/influxdbcommonwriter.cpp +++ b/lib/perfdata/influxdbcommonwriter.cpp @@ -149,7 +149,7 @@ OptionalTlsStream InfluxdbCommonWriter::Connect() bool ssl = GetSslEnable(); if (ssl) { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(GetSslCert(), GetSslKey(), GetSslCaCert()); diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp index fced0a8af..870294ca8 100644 --- a/lib/remote/apilistener.hpp +++ b/lib/remote/apilistener.hpp @@ -161,7 +161,7 @@ protected: void ValidateTlsHandshakeTimeout(const Lazy& lvalue, const ValidationUtils& utils) override; private: - Shared::Ptr m_SSLContext; + Shared::Ptr m_SSLContext; boost::shared_mutex m_SSLContextMutex; mutable std::mutex m_AnonymousClientsLock; diff --git a/lib/remote/pkiutility.cpp b/lib/remote/pkiutility.cpp index e49356559..bc108b980 100644 --- a/lib/remote/pkiutility.cpp +++ b/lib/remote/pkiutility.cpp @@ -83,7 +83,7 @@ int PkiUtility::SignCsr(const String& csrfile, const String& certfile) std::shared_ptr PkiUtility::FetchCert(const String& host, const String& port) { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(); @@ -151,7 +151,7 @@ int PkiUtility::GenTicket(const String& cn, const String& salt, std::ostream& ti int PkiUtility::RequestCertificate(const String& host, const String& port, const String& keyfile, const String& certfile, const String& cafile, const std::shared_ptr& trustedCert, const String& ticket) { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(certfile, keyfile); diff --git a/plugins/check_nscp_api.cpp b/plugins/check_nscp_api.cpp index aef43fb98..6d55ea4f6 100644 --- a/plugins/check_nscp_api.cpp +++ b/plugins/check_nscp_api.cpp @@ -176,7 +176,7 @@ static int FormatOutput(const Dictionary::Ptr& result) */ static Shared::Ptr Connect(const String& host, const String& port) { - Shared::Ptr sslContext; + Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(Empty, Empty, Empty); //TODO: Add support for cert, key, ca parameters