本文整理汇总了C++中ERR_error_string函数的典型用法代码示例。如果您正苦于以下问题:C++ ERR_error_string函数的具体用法?C++ ERR_error_string怎么用?C++ ERR_error_string使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ERR_error_string函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl_log
//.........这里部分代码省略.........
if ( sc->fileLogFile == NULL
&& !(level & SSL_LOG_ERROR))
return;
if ( level > sc->nLogLevel
&& !(level & SSL_LOG_ERROR))
return;
/* determine the time entry string */
if (add & SSL_NO_TIMESTAMP)
tstr[0] = NUL;
else {
t = ap_get_gmtoff(&timz);
strftime(tstr, 80, "[%d/%b/%Y %H:%M:%S", t);
i = strlen(tstr);
ap_snprintf(tstr+i, 80-i, " %05d] ", (unsigned int)getpid());
}
/* determine whether newline should be written */
if (add & SSL_NO_NEWLINE)
nstr[0] = NUL;
else {
nstr[0] = '\n';
nstr[1] = NUL;
}
/* determine level name */
lstr[0] = NUL;
if (!(add & SSL_NO_LEVELID)) {
for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
if (ssl_log_level2string[i].nLevel == level) {
ap_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
break;
}
}
for (i = strlen(lstr); i <= 7; i++)
lstr[i] = ' ';
lstr[i] = NUL;
}
/* create custom message */
ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
/* write out SSLog message */
if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
astr = " (System and " SSL_LIBRARY_NAME " library errors follow)";
else if (add & SSL_ADD_ERRNO)
astr = " (System error follows)";
else if (add & SSL_ADD_SSLERR)
astr = " (" SSL_LIBRARY_NAME " library error follows)";
else
astr = "";
if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
ap_snprintf(str, sizeof(str), "%s%s%s%s%s", tstr, lstr, vstr, astr, nstr);
fprintf(sc->fileLogFile, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
"mod_ssl: %s%s", vstr, astr);
/* write out additional attachment messages */
if (add & SSL_ADD_ERRNO) {
if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
ap_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
tstr, lstr, strerror(safe_errno), safe_errno, nstr);
fprintf(sc->fileLogFile, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
"System: %s (errno: %d)",
strerror(safe_errno), safe_errno);
}
if (add & SSL_ADD_SSLERR) {
while ((e = ERR_get_error())) {
cpE = ERR_error_string(e, NULL);
cpA = ssl_log_annotation(cpE);
if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
tstr, lstr, SSL_LIBRARY_NAME, cpE,
cpA != NULL ? " [Hint: " : "",
cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
nstr);
fprintf(sc->fileLogFile, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
"%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
cpA != NULL ? " [Hint: " : "",
cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
}
}
/* make sure the next log starts from a clean base */
/* ERR_clear_error(); */
/* cleanup and return */
if (sc->fileLogFile != NULL)
fflush(sc->fileLogFile);
errno = safe_errno;
va_end(ap);
return;
}示例2: cert_stuff
static
int cert_stuff(struct connectdata *conn,
SSL_CTX* ctx,
char *cert_file,
const char *cert_type,
char *key_file,
const char *key_type)
{
struct SessionHandle *data = conn->data;
int file_type;
if(cert_file != NULL) {
SSL *ssl;
X509 *x509;
int cert_done = 0;
if(data->set.key_passwd) {
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
/*
* If password has been given, we store that in the global
* area (*shudder*) for a while:
*/
size_t len = strlen(data->set.key_passwd);
if(len < sizeof(global_passwd))
memcpy(global_passwd, data->set.key_passwd, len+1);
#else
/*
* We set the password in the callback userdata
*/
SSL_CTX_set_default_passwd_cb_userdata(ctx,
data->set.key_passwd);
#endif
/* Set passwd callback: */
SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
}
file_type = do_file_type(cert_type);
#define SSL_CLIENT_CERT_ERR \
"unable to use client certificate (no key found or wrong pass phrase?)"
switch(file_type) {
case SSL_FILETYPE_PEM:
/* SSL_CTX_use_certificate_chain_file() only works on PEM files */
if(SSL_CTX_use_certificate_chain_file(ctx,
cert_file) != 1) {
failf(data, SSL_CLIENT_CERT_ERR);
return 0;
}
break;
case SSL_FILETYPE_ASN1:
/* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
we use the case above for PEM so this can only be performed with
ASN1 files. */
if(SSL_CTX_use_certificate_file(ctx,
cert_file,
file_type) != 1) {
failf(data, SSL_CLIENT_CERT_ERR);
return 0;
}
break;
case SSL_FILETYPE_ENGINE:
failf(data, "file type ENG for certificate not implemented");
return 0;
case SSL_FILETYPE_PKCS12:
{
#ifdef HAVE_PKCS12_SUPPORT
FILE *f;
PKCS12 *p12;
EVP_PKEY *pri;
f = fopen(cert_file,"rb");
if (!f) {
failf(data, "could not open PKCS12 file '%s'", cert_file);
return 0;
}
p12 = d2i_PKCS12_fp(f, NULL);
fclose(f);
PKCS12_PBE_add();
if (!PKCS12_parse(p12, data->set.key_passwd, &pri, &x509, NULL)) {
failf(data,
"could not parse PKCS12 file, check password, OpenSSL error %s",
ERR_error_string(ERR_get_error(), NULL) );
return 0;
}
PKCS12_free(p12);
if(SSL_CTX_use_certificate(ctx, x509) != 1) {
failf(data, SSL_CLIENT_CERT_ERR);
EVP_PKEY_free(pri);
X509_free(x509);
return 0;
}
if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
//.........这里部分代码省略.........
示例3: f_starttls
int
f_starttls( SNET *sn, int ac, char **av )
{
int rc;
X509 *peer;
char buf[ 1024 ];
if ( ac != 1 ) {
snet_writef( sn, "%d Syntax error (no parameters allowed)\r\n", 501 );
return( 1 );
} else {
snet_writef( sn, "%d Ready to start TLS\r\n", 220 );
}
/* We get here when the client asks for TLS with the STARTTLS verb */
/*
* Client MUST NOT attempt to start a TLS session if a TLS
* session is already active. No mention of what to do if it does...
*
* Once STARTTLS has succeeded, the STARTTLS verb is no longer valid
*/
/*
* Begin TLS
*/
/* This is where the TLS start */
/* At this point the client is also starting TLS */
/* 1 is for server, 0 is client */
if (( rc = snet_starttls( sn, ctx, 1 )) != 1 ) {
syslog( LOG_ERR, "f_starttls: snet_starttls: %s",
ERR_error_string( ERR_get_error(), NULL ) );
snet_writef( sn, "%d SSL didn't work error! XXX\r\n", 501 );
return( 1 );
}
if ( authlevel == 2 ) {
if (( peer = SSL_get_peer_certificate( sn->sn_ssl ))
== NULL ) {
syslog( LOG_ERR, "no peer certificate" );
return( -1 );
}
syslog( LOG_INFO, "CERT Subject: %s\n",
X509_NAME_oneline( X509_get_subject_name( peer ), buf,
sizeof( buf )));
X509_NAME_get_text_by_NID( X509_get_subject_name( peer ),
NID_commonName, buf, sizeof( buf ));
if (( remote_cn = strdup( buf )) == NULL ) {
syslog( LOG_ERR, "strdup: %m" );
X509_free( peer );
return( -1 );
}
X509_free( peer );
}
/* get command file */
if ( command_k( "config", 0 ) < 0 ) {
/* Client not in config */
commands = noauth;
ncommands = sizeof( noauth ) / sizeof( noauth[ 0 ] );
} else {
/* Client in config */
commands = auth;
ncommands = sizeof( auth ) / sizeof( auth[ 0 ] );
if ( read_kfile( sn, command_file ) != 0 ) {
/* error message given in list_transcripts */
exit( 1 );
}
}
return( 0 );
}示例4: add_connection
/*
* add_connection - creates a client which has just connected to us on
* the given fd. The sockhost field is initialized with the ip# of the host.
* An unique id is calculated now, in case it is needed for auth.
* The client is sent to the auth module for verification, and not put in
* any client list yet.
*/
void
add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
{
struct Client *new_client;
assert(NULL != listener);
new_client = make_client(NULL);
fd_open(&new_client->localClient->fd, fd, 1,
(listener->flags & LISTENER_SSL) ?
"Incoming SSL connection" : "Incoming connection");
/*
* copy address to 'sockhost' as a string, copy it to host too
* so we have something valid to put into error messages...
*/
memcpy(&new_client->ip, irn, sizeof(struct irc_ssaddr));
irc_getnameinfo((struct sockaddr*)&new_client->ip,
new_client->ip.ss_len, new_client->sockhost,
HOSTIPLEN, NULL, 0, NI_NUMERICHOST);
new_client->aftype = new_client->ip.ss.ss_family;
#ifdef IPV6
if (new_client->sockhost[0] == ':')
strlcat(new_client->host, "0", HOSTLEN+1);
if (new_client->aftype == AF_INET6 &&
ConfigFileEntry.dot_in_ip6_addr == 1)
{
strlcat(new_client->host, new_client->sockhost,HOSTLEN+1);
strlcat(new_client->host, ".", HOSTLEN+1);
}
else
#endif
strlcat(new_client->host, new_client->sockhost,HOSTLEN+1);
new_client->connect_id = ++connect_id;
new_client->localClient->listener = listener;
++listener->ref_count;
#ifdef HAVE_LIBCRYPTO
if (listener->flags & LISTENER_SSL)
{
if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.ctx)) == NULL)
{
ilog(L_CRIT, "SSL_new() ERROR! -- %s",
ERR_error_string(ERR_get_error(), NULL));
SetDead(new_client);
exit_client(new_client, new_client, "SSL_new failed");
return;
}
SSL_set_fd(new_client->localClient->fd.ssl, fd);
ssl_handshake(0, new_client);
}
else
#endif
execute_callback(auth_cb, new_client);
}示例5: Curl_ossl_connect
//.........这里部分代码省略.........
/* SSL always tries to verify the peer, this only says whether it should
* fail to connect if the verification fails, or if it should continue
* anyway. In the latter case the result of the verification is checked with
* SSL_get_verify_result() below. */
SSL_CTX_set_verify(connssl->ctx,
data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
cert_verify_callback);
/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,
data->set.ssl.fsslctxp);
if(retcode) {
failf(data,"error signaled by ssl ctx callback");
return retcode;
}
}
/* Lets make an SSL structure */
connssl->handle = SSL_new(connssl->ctx);
if (!connssl->handle) {
failf(data, "SSL: couldn't create a context (handle)!");
return CURLE_OUT_OF_MEMORY;
}
SSL_set_connect_state(connssl->handle);
connssl->server_cert = 0x0;
/* Check if there's a cached ID we can/should use here! */
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
/* we got a session id, use it! */
if (!SSL_set_session(connssl->handle, ssl_sessionid)) {
failf(data, "SSL: SSL_set_session failed: %s",
ERR_error_string(ERR_get_error(),NULL));
return CURLE_SSL_CONNECT_ERROR;
}
/* Informational message */
infof (data, "SSL re-using session ID\n");
}
/* pass the raw socket into the SSL layers */
if (!SSL_set_fd(connssl->handle, sockfd)) {
failf(data, "SSL: SSL_set_fd failed: %s",
ERR_error_string(ERR_get_error(),NULL));
return CURLE_SSL_CONNECT_ERROR;
}
while(1) {
int writefd;
int readfd;
long timeout_ms;
long has_passed;
/* Find out if any timeout is set. If not, use 300 seconds.
Otherwise, figure out the most strict timeout of the two possible one
and then how much time that has elapsed to know how much time we
allow for the connect call */
if(data->set.timeout || data->set.connecttimeout) {
/* get the most strict timeout of the ones converted to milliseconds */
if(data->set.timeout &&
(data->set.timeout>data->set.connecttimeout))
timeout_ms = data->set.timeout*1000;
else
timeout_ms = data->set.connecttimeout*1000;
}示例6: connect_ssl
BOOL connect_ssl(int sockfd,
const char* ca_crt_root,
const char* ca_crt_client,
const char* ca_password,
const char* ca_key_client,
SSL** pp_ssl, SSL_CTX** pp_ssl_ctx)
{
SSL_METHOD* meth = NULL;
#if OPENSSL_VERSION_NUMBER >= 0x010100000L
meth = (SSL_METHOD*)TLS_client_method();
#else
meth = (SSL_METHOD*)SSLv23_client_method();
#endif /* OPENSSL_VERSION_NUMBER */
*pp_ssl_ctx = SSL_CTX_new(meth);
if(!*pp_ssl_ctx)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_new: %s\n", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl3;
}
if(ca_crt_root && ca_crt_client && ca_password && ca_key_client)
{
SSL_CTX_load_verify_locations(*pp_ssl_ctx, ca_crt_root, NULL);
if(SSL_CTX_use_certificate_file(*pp_ssl_ctx, ca_crt_client, SSL_FILETYPE_PEM) <= 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
SSL_CTX_set_default_passwd_cb_userdata(*pp_ssl_ctx, (char*)ca_password);
if(SSL_CTX_use_PrivateKey_file(*pp_ssl_ctx, ca_key_client, SSL_FILETYPE_PEM) <= 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
if(!SSL_CTX_check_private_key(*pp_ssl_ctx))
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
}
*pp_ssl = SSL_new(*pp_ssl_ctx);
if(!*pp_ssl)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_new: %s\n", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
if(SSL_set_fd(*pp_ssl, sockfd) <= 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_set_fd: %s\n", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl1;
}
if(SSL_connect(*pp_ssl) <= 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_connect: %s\n", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl1;
}
return TRUE;
clean_ssl1:
if(*pp_ssl)
{
SSL_free(*pp_ssl);
*pp_ssl = NULL;
}
clean_ssl2:
if(*pp_ssl_ctx)
{
SSL_CTX_free(*pp_ssl_ctx);
*pp_ssl_ctx = NULL;
}
clean_ssl3:
return FALSE;
}示例7: create_ssl
BOOL create_ssl(int sockfd,
const char* ca_crt_root,
const char* ca_crt_server,
const char* ca_password,
const char* ca_key_server,
BOOL enableclientcacheck,
SSL** pp_ssl, SSL_CTX** pp_ssl_ctx)
{
int ssl_rc = -1;
BOOL b_ssl_accepted;
X509* client_cert;
SSL_METHOD* meth = NULL;
#if OPENSSL_VERSION_NUMBER >= 0x010100000L
meth = (SSL_METHOD*)TLS_server_method();
#else
meth = (SSL_METHOD*)SSLv23_server_method();
#endif /* OPENSSL_VERSION_NUMBER */
*pp_ssl_ctx = SSL_CTX_new(meth);
if(!*pp_ssl_ctx)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl3;
}
if(enableclientcacheck)
{
SSL_CTX_set_verify(*pp_ssl_ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
SSL_CTX_set_verify_depth(*pp_ssl_ctx, 4);
}
SSL_CTX_load_verify_locations(*pp_ssl_ctx, ca_crt_root, NULL);
if(SSL_CTX_use_certificate_file(*pp_ssl_ctx, ca_crt_server, SSL_FILETYPE_PEM) <= 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl3;
}
SSL_CTX_set_default_passwd_cb_userdata(*pp_ssl_ctx, (char*)ca_password);
if(SSL_CTX_use_PrivateKey_file(*pp_ssl_ctx, ca_key_server, SSL_FILETYPE_PEM) <= 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl3;
}
if(!SSL_CTX_check_private_key(*pp_ssl_ctx))
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl3;
}
ssl_rc = SSL_CTX_set_cipher_list(*pp_ssl_ctx, "ALL");
if(ssl_rc == 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_CTX_set_cipher_list: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl3;
}
SSL_CTX_set_mode(*pp_ssl_ctx, SSL_MODE_AUTO_RETRY);
*pp_ssl = SSL_new(*pp_ssl_ctx);
if(!*pp_ssl)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_new: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
ssl_rc = SSL_set_fd(*pp_ssl, sockfd);
if(ssl_rc == 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_set_fd: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
ssl_rc = SSL_set_cipher_list(*pp_ssl, "ALL");
if(ssl_rc == 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_set_cipher_list: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
ssl_rc = SSL_accept(*pp_ssl);
if(ssl_rc < 0)
{
CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME);
uTrace.Write(Trace_Error, "SSL_accept: %s", ERR_error_string(ERR_get_error(),NULL));
goto clean_ssl2;
}
else if(ssl_rc = 0)
{
goto clean_ssl1;
}
b_ssl_accepted = TRUE;
if(enableclientcacheck)
{
//.........这里部分代码省略.........
示例8: ssl_negotiate
/**
* ssl_negotiate - Attempt to negotiate SSL over the wire
* @param conn Connection to a server
* @param ssldata SSL socket data
* @retval 0 Success
* @retval -1 Error
*
* After SSL state has been initialized, attempt to negotiate SSL over the
* wire, including certificate checks.
*/
static int ssl_negotiate(struct Connection *conn, struct SslSockData *ssldata)
{
int err;
const char *errmsg = NULL;
HostExDataIndex = SSL_get_ex_new_index(0, "host", NULL, NULL, NULL);
if (HostExDataIndex == -1)
{
mutt_debug(LL_DEBUG1,
"#1 failed to get index for application specific data\n");
return -1;
}
if (!SSL_set_ex_data(ssldata->ssl, HostExDataIndex, conn->account.host))
{
mutt_debug(LL_DEBUG1, "#2 failed to save hostname in SSL structure\n");
return -1;
}
SkipModeExDataIndex = SSL_get_ex_new_index(0, "skip", NULL, NULL, NULL);
if (SkipModeExDataIndex == -1)
{
mutt_debug(LL_DEBUG1,
"#3 failed to get index for application specific data\n");
return -1;
}
if (!SSL_set_ex_data(ssldata->ssl, SkipModeExDataIndex, NULL))
{
mutt_debug(LL_DEBUG1, "#4 failed to save skip mode in SSL structure\n");
return -1;
}
SSL_set_verify(ssldata->ssl, SSL_VERIFY_PEER, ssl_verify_callback);
SSL_set_mode(ssldata->ssl, SSL_MODE_AUTO_RETRY);
if (!SSL_set_tlsext_host_name(ssldata->ssl, conn->account.host))
{
/* L10N: This is a warning when trying to set the host name for
* TLS Server Name Indication (SNI). This allows the server to present
* the correct certificate if it supports multiple hosts. */
mutt_error(_("Warning: unable to set TLS SNI host name"));
}
ERR_clear_error();
err = SSL_connect(ssldata->ssl);
if (err != 1)
{
switch (SSL_get_error(ssldata->ssl, err))
{
case SSL_ERROR_SYSCALL:
errmsg = _("I/O error");
break;
case SSL_ERROR_SSL:
errmsg = ERR_error_string(ERR_get_error(), NULL);
break;
default:
errmsg = _("unknown error");
}
mutt_error(_("SSL failed: %s"), errmsg);
return -1;
}
return 0;
}示例9: ssl_err
/**
* ssl_err - Display an SSL error message
* @param data SSL socket data
* @param err SSL error code
*/
static void ssl_err(struct SslSockData *data, int err)
{
int e = SSL_get_error(data->ssl, err);
switch (e)
{
case SSL_ERROR_NONE:
return;
case SSL_ERROR_ZERO_RETURN:
data->isopen = 0;
break;
case SSL_ERROR_SYSCALL:
data->isopen = 0;
break;
}
const char *errmsg = NULL;
unsigned long sslerr;
switch (e)
{
case SSL_ERROR_SYSCALL:
errmsg = "I/O error";
break;
case SSL_ERROR_WANT_ACCEPT:
errmsg = "retry accept";
break;
case SSL_ERROR_WANT_CONNECT:
errmsg = "retry connect";
break;
case SSL_ERROR_WANT_READ:
errmsg = "retry read";
break;
case SSL_ERROR_WANT_WRITE:
errmsg = "retry write";
break;
case SSL_ERROR_WANT_X509_LOOKUP:
errmsg = "retry x509 lookup";
break;
case SSL_ERROR_ZERO_RETURN:
errmsg = "SSL connection closed";
break;
case SSL_ERROR_SSL:
sslerr = ERR_get_error();
switch (sslerr)
{
case 0:
switch (err)
{
case 0:
errmsg = "EOF";
break;
default:
errmsg = strerror(errno);
}
break;
default:
errmsg = ERR_error_string(sslerr, NULL);
}
break;
default:
errmsg = "unknown error";
}
mutt_debug(LL_DEBUG1, "SSL error: %s\n", errmsg);
}示例10: LOG
void Socket::_handleSendError(int ret, const char* context) {
#ifdef MONGO_SSL
if (_ssl) {
LOG(_logLevel) << "SSL Error ret: " << ret << " err: " << SSL_get_error(_ssl , ret)
<< " " << ERR_error_string(ERR_get_error(), NULL)
<< endl;
throw SocketException(SocketException::SEND_ERROR , remoteString());
}
#endif
#if defined(_WIN32)
const int mongo_errno = WSAGetLastError();
if ( mongo_errno == WSAETIMEDOUT && _timeout != 0 ) {
#else
const int mongo_errno = errno;
if ( ( mongo_errno == EAGAIN || mongo_errno == EWOULDBLOCK ) && _timeout != 0 ) {
#endif
LOG(_logLevel) << "Socket " << context <<
" send() timed out " << remoteString() << endl;
throw SocketException(SocketException::SEND_TIMEOUT , remoteString());
}
else {
LOG(_logLevel) << "Socket " << context << " send() "
<< errnoWithDescription(mongo_errno) << ' ' << remoteString() << endl;
throw SocketException(SocketException::SEND_ERROR , remoteString());
}
}
void Socket::_handleRecvError(int ret, int len, int* retries) {
if (ret == 0) {
LOG(3) << "Socket recv() conn closed? " << remoteString() << endl;
throw SocketException(SocketException::CLOSED , remoteString());
}
// ret < 0
#ifdef MONGO_SSL
if (_ssl) {
LOG(_logLevel) << "SSL Error ret: " << ret << " err: " << SSL_get_error(_ssl , ret)
<< " " << ERR_error_string(ERR_get_error(), NULL)
<< endl;
throw SocketException(SocketException::RECV_ERROR, remoteString());
}
#endif
#if defined(_WIN32)
int e = WSAGetLastError();
#else
int e = errno;
# if defined(EINTR)
if (e == EINTR) {
LOG(_logLevel) << "EINTR retry " << ++*retries << endl;
return;
}
# endif
#endif
#if defined(_WIN32)
// Windows
if ((e == EAGAIN || e == WSAETIMEDOUT) && _timeout > 0) {
#else
if (e == EAGAIN && _timeout > 0) {
#endif
// this is a timeout
LOG(_logLevel) << "Socket recv() timeout " << remoteString() <<endl;
throw SocketException(SocketException::RECV_TIMEOUT, remoteString());
}
LOG(_logLevel) << "Socket recv() " <<
errnoWithDescription(e) << " " << remoteString() <<endl;
throw SocketException(SocketException::RECV_ERROR , remoteString());
}
void Socket::setTimeout( double secs ) {
setSockTimeouts( _fd, secs );
}
#if defined(_WIN32)
struct WinsockInit {
WinsockInit() {
WSADATA d;
if ( WSAStartup(MAKEWORD(2,2), &d) != 0 ) {
out() << "ERROR: wsastartup failed " << errnoWithDescription() << endl;
problem() << "ERROR: wsastartup failed " << errnoWithDescription() << endl;
_exit(EXIT_NTSERVICE_ERROR);
}
}
} winsock_init;
#endif
} // namespace mongo示例11: tnet_tls_socket_recv
int tnet_tls_socket_recv(tnet_tls_socket_handle_t* self, void** data, tsk_size_t *size, tsk_bool_t *isEncrypted)
{
#if !HAVE_OPENSSL
TSK_DEBUG_ERROR("You MUST enable OpenSSL");
return -200;
#else
int ret = -1;
tsk_size_t read = 0;
tsk_size_t to_read = *size;
int rcount = TNET_TLS_RETRY_COUNT;
tnet_tls_socket_t* socket = self;
if(!self){
TSK_DEBUG_ERROR("Invalid parameter");
return -1;
}
tsk_safeobj_lock(socket);
*isEncrypted = SSL_is_init_finished(socket->ssl) ? tsk_false : tsk_true;
/* SSL handshake has completed? */
if(*isEncrypted){
char* buffer[1024];
if((ret = SSL_read(socket->ssl, buffer, sizeof(buffer))) <= 0){
ret = SSL_get_error(socket->ssl, ret);
if(ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ){
ret = 0;
}
else{
TSK_DEBUG_ERROR("SSL_read failed [%d, %s]", ret, ERR_error_string(ERR_get_error(), tsk_null));
}
*size = 0;
}
else{
*size = ret;
ret = 0;
}
goto bail;
}
/* Read Application data */
ssl_read:
if(rcount && ((ret = SSL_read(socket->ssl, (((uint8_t*)*data)+read), (int)to_read)) <= 0)){
ret = SSL_get_error(socket->ssl, ret);
if(ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ){
if(!(ret = tnet_sockfd_waitUntil(socket->fd, TNET_TLS_TIMEOUT, (ret == SSL_ERROR_WANT_WRITE)))){
rcount--;
goto ssl_read;
}
}
else if(SSL_ERROR_ZERO_RETURN){ /* connection closed: do nothing, the transport layer will be alerted. */
*size = 0;
ret = 0;
TSK_DEBUG_INFO("TLS connection closed.");
}
else{
TSK_DEBUG_ERROR("SSL_read failed [%d, %s]", ret, ERR_error_string(ERR_get_error(), tsk_null));
}
}
else if(ret >=0){
read += (tsk_size_t)ret;
if((ret = SSL_pending(socket->ssl)) > 0){
void *ptr;
to_read = ret;
if((ptr = tsk_realloc(*data, (read + to_read)))){
*data = ptr;
goto ssl_read;
}
}
}
bail:
tsk_safeobj_unlock(socket);
if(read){
*size = read;
return 0;
}
else{
return ret;
}
#endif
}示例12: lws_client_socket_service
//.........这里部分代码省略.........
* state of the underlying ssl layer...
* but since it may be stalled on
* blocked write, no incoming data may
* arrive to trigger the retry.
* Force (possibly many times if the SSL
* state persists in returning the
* condition code, but other sockets
* are getting serviced inbetweentimes)
* us to get called back when writable.
*/
lwsl_info(
"SSL_connect WANT_... retrying\n");
libwebsocket_callback_on_writable(
context, wsi);
wsi->mode = LWS_CONNMODE_WS_CLIENT_WAITING_SSL;
return 0; /* no error */
}
n = -1;
}
if (n <= 0) {
/*
* retry if new data comes until we
* run into the connection timeout or win
*/
n = ERR_get_error();
if (n != SSL_ERROR_NONE) {
lwsl_err("SSL connect error %lu: %s\n",
n,
ERR_error_string(n,
(char *)context->service_buffer));
return 0;
}
}
} else
wsi->ssl = NULL;
/* fallthru */
case LWS_CONNMODE_WS_CLIENT_WAITING_SSL:
if (wsi->use_ssl) {
if (wsi->mode == LWS_CONNMODE_WS_CLIENT_WAITING_SSL) {
lws_latency_pre(context, wsi);
n = SSL_connect(wsi->ssl);
lws_latency(context, wsi,
"SSL_connect LWS_CONNMODE_WS_CLIENT_WAITING_SSL",
n, n > 0);
if (n < 0) {
n = SSL_get_error(wsi->ssl, n);
if (n == SSL_ERROR_WANT_READ ||
n == SSL_ERROR_WANT_WRITE) {
/*
* wants us to retry connect due to
* state of the underlying ssl layer...
* but since it may be stalled on
* blocked write, no incoming data may
* arrive to trigger the retry.
* Force (possibly many times if the SSL示例13: test_mod_mul
int test_mod_mul(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*c,*d,*e;
int i,j;
a=BN_new();
b=BN_new();
c=BN_new();
d=BN_new();
e=BN_new();
for (j=0; j<3; j++) {
BN_bntest_rand(c,1024,0,0); /**/
for (i=0; i<num0; i++)
{
BN_bntest_rand(a,475+i*10,0,0); /**/
BN_bntest_rand(b,425+i*11,0,0); /**/
a->neg=rand_neg();
b->neg=rand_neg();
if (!BN_mod_mul(e,a,b,c,ctx))
{
unsigned long l;
while ((l=ERR_get_error()))
fprintf(stderr,"ERROR:%s\n",
ERR_error_string(l,NULL));
EXIT(1);
}
if (bp != NULL)
{
if (!results)
{
BN_print(bp,a);
BIO_puts(bp," * ");
BN_print(bp,b);
BIO_puts(bp," % ");
BN_print(bp,c);
if ((a->neg ^ b->neg) && !BN_is_zero(e))
{
/* If (a*b) % c is negative, c must be added
* in order to obtain the normalized remainder
* (new with OpenSSL 0.9.7, previous versions of
* BN_mod_mul could generate negative results)
*/
BIO_puts(bp," + ");
BN_print(bp,c);
}
BIO_puts(bp," - ");
}
BN_print(bp,e);
BIO_puts(bp,"\n");
}
BN_mul(d,a,b,ctx);
BN_sub(d,d,e);
BN_div(a,b,d,c,ctx);
if(!BN_is_zero(b))
{
fprintf(stderr,"Modulo multiply test failed!\n");
ERR_print_errors_fp(stderr);
return 0;
}
}
}
BN_free(a);
BN_free(b);
BN_free(c);
BN_free(d);
BN_free(e);
return(1);
}示例14: connection_state_machine
//.........这里部分代码省略.........
if (con->keep_alive) {
connection_set_state(srv, con, CON_STATE_REQUEST_START);
#if 0
con->request_start = srv->cur_ts;
con->read_idle_ts = srv->cur_ts;
#endif
} else {
switch(r = plugins_call_handle_connection_close(srv, con)) {
case HANDLER_GO_ON:
case HANDLER_FINISHED:
break;
default:
log_error_write(srv, __FILE__, __LINE__, "sd", "unhandling return value", r);
break;
}
#ifdef USE_OPENSSL
if (srv_sock->is_ssl) {
switch (SSL_shutdown(con->ssl)) {
case 1:
/* done */
break;
case 0:
/* wait for fd-event
*
* FIXME: wait for fdevent and call SSL_shutdown again
*
*/
break;
default:
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
}
}
#endif
connection_close(srv, con);
srv->con_closed++;
}
connection_reset(srv, con);
break;
case CON_STATE_CONNECT:
if (srv->srvconf.log_state_handling) {
log_error_write(srv, __FILE__, __LINE__, "sds",
"state for fd", con->fd, connection_get_state(con->state));
}
/*
if (con->read_queue != NULL) {
chunk *c;
size_t avail = 0;
for (c= con->read_queue->first; c != NULL; c = c->next) {
if(c->type == MEM_CHUNK)
avail += c->mem->used - c->offset -1;
}
log_error_write(srv, __FILE__, __LINE__, "sd", "con->read_queue is not empty!", avail);
}*/
chunkqueue_reset(con->read_queue);
con->request_count = 0;
break;示例15: lws_context_init_client_ssl
int lws_context_init_client_ssl(struct lws_context_creation_info *info,
struct lws_context *context)
{
int error;
int n;
SSL_METHOD *method;
struct lws wsi;
if (info->provided_client_ssl_ctx) {
/* use the provided OpenSSL context if given one */
context->ssl_client_ctx = info->provided_client_ssl_ctx;
/* nothing for lib to delete */
context->user_supplied_ssl_ctx = 1;
return 0;
}
if (info->port != CONTEXT_PORT_NO_LISTEN)
return 0;
/* basic openssl init */
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
method = (SSL_METHOD *)SSLv23_client_method();
if (!method) {
error = ERR_get_error();
lwsl_err("problem creating ssl method %lu: %s\n",
error, ERR_error_string(error,
(char *)context->pt[0].serv_buf));
return 1;
}
/* create context */
context->ssl_client_ctx = SSL_CTX_new(method);
if (!context->ssl_client_ctx) {
error = ERR_get_error();
lwsl_err("problem creating ssl context %lu: %s\n",
error, ERR_error_string(error,
(char *)context->pt[0].serv_buf));
return 1;
}
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(context->ssl_client_ctx,
SSL_OP_NO_COMPRESSION);
#endif
SSL_CTX_set_options(context->ssl_client_ctx,
SSL_OP_CIPHER_SERVER_PREFERENCE);
if (info->ssl_cipher_list)
SSL_CTX_set_cipher_list(context->ssl_client_ctx,
info->ssl_cipher_list);
#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS
if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS))
/* loads OS default CA certs */
SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
#endif
/* openssl init for cert verification (for client sockets) */
if (!info->ssl_ca_filepath) {
if (!SSL_CTX_load_verify_locations(
context->ssl_client_ctx, NULL,
LWS_OPENSSL_CLIENT_CERTS))
lwsl_err(
"Unable to load SSL Client certs from %s "
"(set by --with-client-cert-dir= "
"in configure) -- client ssl isn't "
"going to work", LWS_OPENSSL_CLIENT_CERTS);
} else
if (!SSL_CTX_load_verify_locations(
context->ssl_client_ctx, info->ssl_ca_filepath,
NULL))
lwsl_err(
"Unable to load SSL Client certs "
"file from %s -- client ssl isn't "
"going to work", info->ssl_ca_filepath);
else
lwsl_info("loaded ssl_ca_filepath\n");
/*
* callback allowing user code to load extra verification certs
* helping the client to verify server identity
*/
/* support for client-side certificate authentication */
if (info->ssl_cert_filepath) {
n = SSL_CTX_use_certificate_chain_file(context->ssl_client_ctx,
info->ssl_cert_filepath);
if (n != 1) {
lwsl_err("problem getting cert '%s' %lu: %s\n",
info->ssl_cert_filepath,
ERR_get_error(),
ERR_error_string(ERR_get_error(),
(char *)context->pt[0].serv_buf));
return 1;
}
}
if (info->ssl_private_key_filepath) {
//.........这里部分代码省略.........