typedef axlPointer(* VortexTlsCtxCreation)(VortexConnection *connection, axlPointer user_data)

Handler definition used by the TLS profile, to allow the application level to provide the function that must be executed to create an (SSL_CTX *) object, used to perform the TLS activation.

This handler is used by:

By default the Vortex TLS implementation will use its own code to create the SSL_CTX object if not provided the handler. However, such code is too general, so it is recomended to provide your own context creation.

Inside this function you must configure all your stuff to tweak the OpenSSL behaviour. Here is an example:

1 axlPointer * __ctx_creation (VortexConnection * conection,
2  axlPointer user_data)
3 {
4  SSL_CTX * ctx;
5 
6  // create the context using the TLS method (for client side)
7  ctx = SSL_CTX_new (TLSv1_method ());
8 
9  // configure the root CA and its directory to perform verifications
10  if (SSL_CTX_load_verify_locations (ctx, "your-ca-file.pem", "you-ca-directory")) {
11  // failed to configure SSL_CTX context
12  SSL_CTX_free (ctx);
13  return NULL;
14  }
15  if (SSL_CTX_set_default_verify_paths () != 1) {
16  // failed to configure SSL_CTX context
17  SSL_CTX_free (ctx);
18  return NULL;
19  }
20 
21  // configure the client certificate (public key)
22  if (SSL_CTX_use_certificate_chain_file (ctx, "your-client-certificate.pem")) {
23  // failed to configure SSL_CTX context
24  SSL_CTX_free (ctx);
25  return NULL;
26  }
27 
28  // configure the client private key
29  if (SSL_CTX_use_PrivateKey_file (ctx, "your-client-private-key.rpm", SSL_FILETYPE_PEM)) {
30  // failed to configure SSL_CTX context
31  SSL_CTX_free (ctx);
32  return NULL;
33  }
34 
35  // set the verification level for the client side
36  SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, NULL);
37  SSL_CTX_set_verify_depth(ctx, 4);
38 
39  // our ctx is configured
40  return ctx;
41 }

For the server side, the previous example mostly works, but you must reconfigure the call to SSL_CTX_set_verify, providing something like this:

1 SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);

See OpenSSL documenation for SSL_CTX_set_verify and SSL_CTX_set_verify_depth.

Parameters
connectionThe connection that has been requested to be activated the TLS profile, for which a new SSL_CTX must be created.
user_dataAn optional user pointer defined at either vortex_tls_set_default_ctx_creation and vortex_tls_set_ctx_creation.
Returns
You must return a newly allocated SSL_CTX or NULL if the handler must signal that the TLS activation must not be performed.