huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert "Open ssl pfx (#2150)" 

This reverts commit 41abe63c10.
This commit is contained in:
Andrew Stanton-Nurse 2017-11-07 15:48:49 -08:00
parent 41abe63c10
commit 89fa8f0fa2
5 changed files with 16 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Kestrel.Tls/ListenOptionsTlsExtensions.cs
View File

@ -10,12 +10,12 @@ namespace Microsoft.AspNetCore.Hosting
{
public static class ListenOptionsTlsExtensions
{
public static ListenOptions UseTls(this ListenOptions listenOptions, string certificatePath, string password)
public static ListenOptions UseTls(this ListenOptions listenOptions, string certificatePath, string privateKeyPath)
{
return listenOptions.UseTls(new TlsConnectionAdapterOptions
{
CertificatePath = certificatePath,
Password = password,
PrivateKeyPath = privateKeyPath,
Protocols = listenOptions.Protocols
});
}

62
src/Kestrel.Tls/OpenSsl.cs
View File

@ -49,41 +49,6 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
NativeMethods.SSL_CTX_free(ctx);
}
public unsafe static int SSL_CTX_Set_Pfx(IntPtr ctx, string path, string password)
{
var pass = Marshal.StringToHGlobalAnsi(password);
var key = IntPtr.Zero;
var cert = IntPtr.Zero;
var ca = IntPtr.Zero;
try
{
var file = System.IO.File.ReadAllBytes(path);
fixed (void* f = file)
{
var buffer = (IntPtr)f;
var pkcs = NativeMethods.d2i_PKCS12(IntPtr.Zero, ref buffer, file.Length);
var result = NativeMethods.PKCS12_parse(pkcs, pass, ref key, ref cert, ref ca);
if (result != 1)
{
return -1;
}
if (NativeMethods.SSL_CTX_use_certificate(ctx, cert) != 1) return -1;
if (NativeMethods.SSL_CTX_use_PrivateKey(ctx, key) != 1) return -1;
if (NativeMethods.SSL_CTX_set1_chain(ctx, ca) != 1) return -1;
return 1;
}
}
finally
{
Marshal.FreeHGlobal(pass);
if (key != IntPtr.Zero) NativeMethods.EVP_PKEY_free(key);
if (cert != IntPtr.Zero) NativeMethods.X509_free(cert);
if (ca != IntPtr.Zero) NativeMethods.sk_X509_pop_free(ca);
}
}
public static int SSL_CTX_set_ecdh_auto(IntPtr ctx, int onoff)
{
return (int)NativeMethods.SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff, IntPtr.Zero);
@ -298,33 +263,6 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern void ERR_load_BIO_strings();
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern IntPtr d2i_PKCS12(IntPtr unsused, ref IntPtr bufferPointer, long length);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern int PKCS12_parse(IntPtr p12, IntPtr pass, ref IntPtr pkey, ref IntPtr cert, ref IntPtr ca);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern void PKCS12_free(IntPtr p12);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern void EVP_PKEY_free(IntPtr pkey);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern void X509_free(IntPtr a);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern void sk_X509_pop_free(IntPtr ca);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern int SSL_CTX_set1_chain(IntPtr ctx, IntPtr sk);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern int SSL_CTX_use_certificate(IntPtr ctx, IntPtr x509);
[DllImport("libssl", CallingConvention = CallingConvention.Cdecl)]
public static extern int SSL_CTX_use_PrivateKey(IntPtr ctx, IntPtr pkey);
}
}
}

6
src/Kestrel.Tls/TlsConnectionAdapter.cs
View File

@ -40,9 +40,9 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
throw new ArgumentException("Certificate path must be non-null.", nameof(options));
}
if (options.Password == null)
if (options.PrivateKeyPath == null)
{
throw new ArgumentException("Password must be non-null.", nameof(options));
throw new ArgumentException("Private key path must be non-null.", nameof(options));
}
_options = options;
@ -70,7 +70,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
private async Task<IAdaptedConnection> InnerOnConnectionAsync(ConnectionAdapterContext context)
{
var tlsStream = new TlsStream(context.ConnectionStream, _options.CertificatePath, _options.Password, _serverProtocols);
var tlsStream = new TlsStream(context.ConnectionStream, _options.CertificatePath, _options.PrivateKeyPath, _serverProtocols);
try
{

2
src/Kestrel.Tls/TlsConnectionAdapterOptions.cs
View File

@ -9,7 +9,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
{
public string CertificatePath { get; set; } = string.Empty;
public string Password { get; set; } = string.Empty;
public string PrivateKeyPath { get; set; } = string.Empty;
public HttpProtocols Protocols { get; set; }
}

15
src/Kestrel.Tls/TlsStream.cs
View File

@ -36,7 +36,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
OpenSsl.OpenSSL_add_all_algorithms();
}
public TlsStream(Stream innerStream, string certificatePath, string password, IEnumerable<string> protocols)
public TlsStream(Stream innerStream, string certificatePath, string privateKeyPath, IEnumerable<string> protocols)
{
_innerStream = innerStream;
_protocols = ToWireFormat(protocols);
@ -49,13 +49,18 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tls
throw new Exception("Unable to create SSL context.");
}
if(OpenSsl.SSL_CTX_Set_Pfx(_ctx, certificatePath, password) != 1)
OpenSsl.SSL_CTX_set_ecdh_auto(_ctx, 1);
if (OpenSsl.SSL_CTX_use_certificate_file(_ctx, certificatePath, 1) != 1)
{
throw new InvalidOperationException("Unable to load PFX");
throw new Exception("Unable to load certificate file.");
}
if (OpenSsl.SSL_CTX_use_PrivateKey_file(_ctx, privateKeyPath, 1) != 1)
{
throw new Exception("Unable to load private key file.");
}
OpenSsl.SSL_CTX_set_ecdh_auto(_ctx, 1);
OpenSsl.SSL_CTX_set_alpn_select_cb(_ctx, _alpnSelectCallback, GCHandle.ToIntPtr(_protocolsHandle));
_ssl = OpenSsl.SSL_new(_ctx);