diff options
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r-- | include/ssl_key_handler.hpp | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index abc9b50d61..f8142cf24b 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -1,5 +1,7 @@ #pragma once +#include "bmcweb_config.h" + #include "logging.hpp" #include "ossl_random.hpp" @@ -46,7 +48,7 @@ inline bool validateCertificate(X509* const cert) X509_STORE* x509Store = X509_STORE_new(); if (x509Store == nullptr) { - BMCWEB_LOG_ERROR << "Error occurred during X509_STORE_new call"; + BMCWEB_LOG_ERROR("Error occurred during X509_STORE_new call"); return false; } @@ -54,7 +56,7 @@ inline bool validateCertificate(X509* const cert) X509_STORE_CTX* storeCtx = X509_STORE_CTX_new(); if (storeCtx == nullptr) { - BMCWEB_LOG_ERROR << "Error occurred during X509_STORE_CTX_new call"; + BMCWEB_LOG_ERROR("Error occurred during X509_STORE_CTX_new call"); X509_STORE_free(x509Store); return false; } @@ -62,7 +64,7 @@ inline bool validateCertificate(X509* const cert) int errCode = X509_STORE_CTX_init(storeCtx, x509Store, cert, nullptr); if (errCode != 1) { - BMCWEB_LOG_ERROR << "Error occurred during X509_STORE_CTX_init call"; + BMCWEB_LOG_ERROR("Error occurred during X509_STORE_CTX_init call"); X509_STORE_CTX_free(storeCtx); X509_STORE_free(x509Store); return false; @@ -71,7 +73,7 @@ inline bool validateCertificate(X509* const cert) errCode = X509_verify_cert(storeCtx); if (errCode == 1) { - BMCWEB_LOG_INFO << "Certificate verification is success"; + BMCWEB_LOG_INFO("Certificate verification is success"); X509_STORE_CTX_free(storeCtx); X509_STORE_free(x509Store); return true; @@ -83,18 +85,17 @@ inline bool validateCertificate(X509* const cert) X509_STORE_free(x509Store); if (isTrustChainError(errCode)) { - BMCWEB_LOG_DEBUG << "Ignoring Trust Chain error. Reason: " - << X509_verify_cert_error_string(errCode); + BMCWEB_LOG_DEBUG("Ignoring Trust Chain error. Reason: {}", + X509_verify_cert_error_string(errCode)); return true; } - BMCWEB_LOG_ERROR << "Certificate verification failed. Reason: " - << X509_verify_cert_error_string(errCode); + BMCWEB_LOG_ERROR("Certificate verification failed. Reason: {}", + X509_verify_cert_error_string(errCode)); return false; } - BMCWEB_LOG_ERROR - << "Error occurred during X509_verify_cert call. ErrorCode: " - << errCode; + BMCWEB_LOG_ERROR( + "Error occurred during X509_verify_cert call. ErrorCode: {}", errCode); X509_STORE_CTX_free(storeCtx); X509_STORE_free(x509Store); return false; @@ -203,24 +204,24 @@ inline X509* loadCert(const std::string& filePath) BIO* certFileBio = BIO_new_file(filePath.c_str(), "rb"); if (certFileBio == nullptr) { - BMCWEB_LOG_ERROR << "Error occured during BIO_new_file call, " - << "FILE= " << filePath; + BMCWEB_LOG_ERROR("Error occured during BIO_new_file call, FILE= {}", + filePath); return nullptr; } X509* cert = X509_new(); if (cert == nullptr) { - BMCWEB_LOG_ERROR << "Error occured during X509_new call, " - << ERR_get_error(); + BMCWEB_LOG_ERROR("Error occured during X509_new call, {}", + ERR_get_error()); BIO_free(certFileBio); return nullptr; } if (PEM_read_bio_X509(certFileBio, &cert, nullptr, nullptr) == nullptr) { - BMCWEB_LOG_ERROR << "Error occured during PEM_read_bio_X509 call, " - << "FILE= " << filePath; + BMCWEB_LOG_ERROR( + "Error occured during PEM_read_bio_X509 call, FILE= {}", filePath); BIO_free(certFileBio); X509_free(cert); @@ -240,7 +241,7 @@ inline int addExt(X509* cert, int nid, const char* value) ex = X509V3_EXT_conf_nid(nullptr, &ctx, nid, const_cast<char*>(value)); if (ex == nullptr) { - BMCWEB_LOG_ERROR << "Error: In X509V3_EXT_conf_nidn: " << value; + BMCWEB_LOG_ERROR("Error: In X509V3_EXT_conf_nidn: {}", value); return -1; } X509_add_ext(cert, ex, -1); @@ -476,7 +477,7 @@ inline std::shared_ptr<boost::asio::ssl::context> SSL_CTX_set_options(mSslContext->native_handle(), SSL_OP_NO_RENEGOTIATION); - BMCWEB_LOG_DEBUG << "Using default TrustStore location: " << trustStorePath; + BMCWEB_LOG_DEBUG("Using default TrustStore location: {}", trustStorePath); mSslContext->add_verify_path(trustStorePath); mSslContext->use_certificate_file(sslPemFile, @@ -497,9 +498,7 @@ inline std::shared_ptr<boost::asio::ssl::context> // drop, use the right way // http://stackoverflow.com/questions/18929049/boost-asio-with-ecdsa-certificate-issue if (SSL_CTX_set_ecdh_auto(mSslContext->native_handle(), 1) != 1) - { - BMCWEB_LOG_ERROR << "Error setting tmp ecdh list\n"; - } + {} // Mozilla intermediate cipher suites v5.7 // Sourced from: https://ssl-config.mozilla.org/guidelines/5.7.json @@ -516,7 +515,7 @@ inline std::shared_ptr<boost::asio::ssl::context> if (SSL_CTX_set_cipher_list(mSslContext->native_handle(), mozillaIntermediate) != 1) { - BMCWEB_LOG_ERROR << "Error setting cipher list\n"; + BMCWEB_LOG_ERROR("Error setting cipher list"); } return mSslContext; } @@ -537,7 +536,7 @@ inline std::optional<boost::asio::ssl::context> getSSLClientContext() ec); if (ec) { - BMCWEB_LOG_ERROR << "SSL context set_options failed"; + BMCWEB_LOG_ERROR("SSL context set_options failed"); return std::nullopt; } @@ -546,7 +545,7 @@ inline std::optional<boost::asio::ssl::context> getSSLClientContext() sslCtx.set_default_verify_paths(ec); if (ec) { - BMCWEB_LOG_ERROR << "SSL context set_default_verify failed"; + BMCWEB_LOG_ERROR("SSL context set_default_verify failed"); return std::nullopt; } @@ -554,7 +553,7 @@ inline std::optional<boost::asio::ssl::context> getSSLClientContext() sslCtx.set_verify_mode(boost::asio::ssl::verify_peer, ec); if (ec) { - BMCWEB_LOG_ERROR << "SSL context set_verify_mode failed"; + BMCWEB_LOG_ERROR("SSL context set_verify_mode failed"); return std::nullopt; } @@ -574,7 +573,7 @@ inline std::optional<boost::asio::ssl::context> getSSLClientContext() if (SSL_CTX_set_cipher_list(sslCtx.native_handle(), sslCiphers) != 1) { - BMCWEB_LOG_ERROR << "SSL_CTX_set_cipher_list failed"; + BMCWEB_LOG_ERROR("SSL_CTX_set_cipher_list failed"); return std::nullopt; } |