tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7172 from Elias481/fix/generate-rsa-4635-org 

Account for OpenSSL library evolution
This commit is contained in:
Michael Friedrich 2019-05-10 13:24:01 +02:00 committed by GitHub
parent de3c73ff18 4c86c370bb
commit ed4e68430b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/base/tlsstream.cpp
View File

@ -61,7 +61,7 @@ TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, Connecti
m_CurrentAction(TlsActionNone), m_Retry(false), m_Shutdown(false) m_CurrentAction(TlsActionNone), m_Retry(false), m_Shutdown(false)
{ {
std::ostringstream msgbuf; std::ostringstream msgbuf;
char errbuf[120]; char errbuf[256];
m_SSL = std::shared_ptr<SSL>(SSL_new(sslContext), SSL_free); m_SSL = std::shared_ptr<SSL>(SSL_new(sslContext), SSL_free);
@ -272,8 +272,9 @@ void TlsStream::OnEvent(int revents)
m_ErrorOccurred = true; m_ErrorOccurred = true;
if (m_ErrorCode != 0) { if (m_ErrorCode != 0) {
char errbuf[256];
Log(LogWarning, "TlsStream") Log(LogWarning, "TlsStream")
<< "OpenSSL error: " << ERR_error_string(m_ErrorCode, nullptr); << "OpenSSL error: " << ERR_error_string(m_ErrorCode, errbuf);
} else { } else {
Log(LogWarning, "TlsStream", "TLS stream was disconnected."); Log(LogWarning, "TlsStream", "TLS stream was disconnected.");
} }

33
lib/base/tlsutility.cpp
View File

@ -60,7 +60,7 @@ void InitializeOpenSSL()
static void SetupSslContext(SSL_CTX *sslContext, const String& pubkey, const String& privkey, const String& cakey) static void SetupSslContext(SSL_CTX *sslContext, const String& pubkey, const String& privkey, const String& cakey)
{ {
char errbuf[120]; char errbuf[256];
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE; long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE;
@ -228,7 +228,7 @@ void SetTlsProtocolminToSSLContext(const std::shared_ptr<boost::asio::ssl::conte
*/ */
void AddCRLToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& crlPath) void AddCRLToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& context, const String& crlPath)
{ {
char errbuf[120]; char errbuf[256];
X509_STORE *x509_store = SSL_CTX_get_cert_store(context->native_handle()); X509_STORE *x509_store = SSL_CTX_get_cert_store(context->native_handle());
X509_LOOKUP *lookup; X509_LOOKUP *lookup;
@ -259,7 +259,7 @@ void AddCRLToSSLContext(const std::shared_ptr<boost::asio::ssl::context>& contex
static String GetX509NameCN(X509_NAME *name) static String GetX509NameCN(X509_NAME *name)
{ {
char errbuf[120]; char errbuf[256];
char buffer[256]; char buffer[256];
int rc = X509_NAME_get_text_by_NID(name, NID_commonName, buffer, sizeof(buffer)); int rc = X509_NAME_get_text_by_NID(name, NID_commonName, buffer, sizeof(buffer));
@ -294,7 +294,7 @@ String GetCertificateCN(const std::shared_ptr<X509>& certificate)
*/ */
std::shared_ptr<X509> GetX509Certificate(const String& pemfile) std::shared_ptr<X509> GetX509Certificate(const String& pemfile)
{ {
char errbuf[120]; char errbuf[256];
X509 *cert; X509 *cert;
BIO *fpcert = BIO_new(BIO_s_file()); BIO *fpcert = BIO_new(BIO_s_file());
@ -332,11 +332,32 @@ std::shared_ptr<X509> GetX509Certificate(const String& pemfile)
int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile, bool ca) int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile, bool ca)
{ {
char errbuf[120]; char errbuf[256];
InitializeOpenSSL(); InitializeOpenSSL();
RSA *rsa = RSA_generate_key(4096, RSA_F4, nullptr, nullptr); RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
if (!rsa || !e) {
Log(LogCritical, "SSL")
<< "Error while creating RSA key: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
BOOST_THROW_EXCEPTION(openssl_error()
<< boost::errinfo_api_function("RSA_generate_key")
<< errinfo_openssl_error(ERR_peek_error()));
}
BN_set_word(e, RSA_F4);
if (!RSA_generate_key_ex(rsa, 4096, e, nullptr)) {
Log(LogCritical, "SSL")
<< "Error while creating RSA key: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
BOOST_THROW_EXCEPTION(openssl_error()
<< boost::errinfo_api_function("RSA_generate_key")
<< errinfo_openssl_error(ERR_peek_error()));
}
BN_free(e);
Log(LogInformation, "base") Log(LogInformation, "base")
<< "Writing private key to '" << keyfile << "'."; << "Writing private key to '" << keyfile << "'.";

2
lib/remote/pkiutility.cpp
View File

@ -53,7 +53,7 @@ int PkiUtility::NewCert(const String& cn, const String& keyfile, const String& c
int PkiUtility::SignCsr(const String& csrfile, const String& certfile) int PkiUtility::SignCsr(const String& csrfile, const String& certfile)
{ {
char errbuf[120]; char errbuf[256];
InitializeOpenSSL(); InitializeOpenSSL();