-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl engine #1247
base: master
Are you sure you want to change the base?
ssl engine #1247
Conversation
because "test95-3-offline-buffering-auto-reconnect-static" case always timeout , but i don't think is't my fault, so I'll take it out first. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @shawshank119 !
The only part I don't like is not having the ability to use the default OpenSSL configuration (which in all my projects is default). It would be great if you could avoid loading the config (or load the default config) when engineConfFile
is not set.
@@ -1062,6 +1062,7 @@ typedef struct | |||
* 2 means no ssl_error_context, ssl_error_cb | |||
* 3 means no ssl_psk_cb, ssl_psk_context, disableDefaultTrustStore | |||
* 4 means no protos, protos_len | |||
* 5 means no ssl engine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit : not aligned.
const char* engineId; | ||
|
||
/** engine config file Only used if struct_version is >= 6.*/ | ||
const char* engineConfFile; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: not aligned.
@@ -686,6 +687,15 @@ typedef struct | |||
/** The password to load the client's privateKey if encrypted. */ | |||
const char* privateKeyPassword; | |||
|
|||
/** Key mode "ENG" for engine or "PEM" for pem format Only used if struct_version is >= 6.*/ | |||
const char* keyType; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this be an enum instead of string?
{ | ||
if (!load_openssl_config) | ||
{ | ||
if (CONF_modules_load_file(opts->engineConfFile, "openssl_conf", 0) != 1) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is loading configuration necessary? I would prefer that the default OpenSSL configuration is used instead of allowing applications modify it.
(E.g. https://github.com/dotnet/runtime/pull/88656/files#diff-b4a7a922ce304a412632e8b5a25c5f5a87fe5b3e63f639a5eb63a9c7b02668f9R279)
Either way, the code should allow for the case where engineConfFile
is NULL.
@shawshank119 I didn't see it originally: I think PRs should be sent to the |
@shawshank119 I have previously written a test for our library using a Docker container, SoftHSM and p11: We could re-use this to test the functionality end-to-end. @icraggs (and other maintainers) please let us know if the code change is acceptable and I can reserve some time to add the tests. |
Parts of the code in this PR are identical with #1224. |
Thank you for your mqtt code. i add ssl engine mode for load private key. please check and merge.