I sugest change initSSL, as a client, it's not necessary use certificates when connecting to a SSL server .

mbsteixeira commented 1 month ago

bool initSSL(const std::string& certificate, const std::string& privatekey, bool isclient=false) { std::call_once(initCryptoThreadSafeSupportOnceFlag, InitCryptoThreadSafeSupport);

    if (mOpenSSLCTX != nullptr)
    {
        return false;
    }

    mOpenSSLCTX = SSL_CTX_new(SSLv23_method());
    if(isclient && mOpenSSLCTX)
      return true;

    if (certificate.empty() || privatekey.empty())
    {
        return false;
    }

    SSL_CTX_set_client_CA_list(mOpenSSLCTX,
                               SSL_load_client_CA_file(certificate.c_str()));
    SSL_CTX_set_verify_depth(mOpenSSLCTX, 10);

    if (SSL_CTX_use_certificate_chain_file(mOpenSSLCTX,
                                           certificate.c_str()) <= 0)
    {
        SSL_CTX_free(mOpenSSLCTX);
        mOpenSSLCTX = nullptr;
        return false;
    }

    if (SSL_CTX_use_PrivateKey_file(mOpenSSLCTX,
                                    privatekey.c_str(),
                                    SSL_FILETYPE_PEM) <= 0)
    {
        SSL_CTX_free(mOpenSSLCTX);
        mOpenSSLCTX = nullptr;
        return false;
    }

    if (!SSL_CTX_check_private_key(mOpenSSLCTX))
    {
        SSL_CTX_free(mOpenSSLCTX);
        mOpenSSLCTX = nullptr;
        return false;
    }

    return true;
}

IronsDu commented 1 month ago

Or we could put the initialization of the lock in a separate function？

mbsteixeira commented 1 month ago

Agree, this option is more efficient!

IronsDu commented 1 month ago

@mbsteixeira Hello, I do it in #144 . please try the master branch.

IronsDu / brynet

I sugest change initSSL, as a client, it's not necessary use certificates when connecting to a SSL server . #143