本文整理汇总了C++中SSL_CTX_set_default_passwd_cb函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_CTX_set_default_passwd_cb函数的具体用法?C++ SSL_CTX_set_default_passwd_cb怎么用?C++ SSL_CTX_set_default_passwd_cb使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_CTX_set_default_passwd_cb函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: load_private_key
int load_private_key(SSL_CTX *ctx, const neo4j_config_t *config,
neo4j_logger_t *logger)
{
const char *private_key = config->tls_private_key_file;
if (private_key == NULL)
{
return 0;
}
if (SSL_CTX_use_certificate_chain_file(ctx, private_key) != 1)
{
errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);
return -1;
}
if (config->tls_pem_pw_callback != NULL)
{
SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)(intptr_t)config);
SSL_CTX_set_default_passwd_cb(ctx, pem_pw_callback);
}
return 0;
}示例2: tls_ctx_set_options
void
tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
{
ASSERT(NULL != ctx);
SSL_CTX_set_session_cache_mode (ctx->ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options (ctx->ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_default_passwd_cb (ctx->ctx, pem_password_callback);
/* Require peer certificate verification */
#if P2MP_SERVER
if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
{
msg (M_WARN, "WARNING: POTENTIALLY DANGEROUS OPTION "
"--client-cert-not-required may accept clients which do not present "
"a certificate");
}
else
#endif
SSL_CTX_set_verify (ctx->ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_info_callback (ctx->ctx, info_callback);
}示例3: load_private_key
/*
* load a private key from a file
*/
static int
load_private_key(SSL_CTX * ctx, char *filename)
{
int idx, ret_pwd;
LM_DBG("entered\n");
SSL_CTX_set_default_passwd_cb(ctx, passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ctx, filename);
for(idx = 0, ret_pwd = 0; idx < NUM_RETRIES; idx++ ) {
ret_pwd = SSL_CTX_use_PrivateKey_file(ctx, filename, SSL_FILETYPE_PEM);
if ( ret_pwd ) {
break;
} else {
LM_ERR("unable to load private key file '%s'. \n"
"Retry (%d left) (check password case)\n",
filename, (NUM_RETRIES - idx -1) );
continue;
}
}
if( ! ret_pwd ) {
LM_ERR("unable to load private key file '%s'\n",
filename);
return -1;
}
if (!SSL_CTX_check_private_key(ctx)) {
LM_ERR("key '%s' does not match the public key of the certificate\n",
filename);
return -1;
}
LM_DBG("key '%s' successfuly loaded\n", filename);
return 0;
}示例4: _mongoc_ssl_setup_pem_file
static bool
_mongoc_ssl_setup_pem_file (SSL_CTX *ctx,
const char *pem_file,
const char *password)
{
if (!SSL_CTX_use_certificate_chain_file (ctx, pem_file)) {
return 0;
}
if (password) {
SSL_CTX_set_default_passwd_cb_userdata (ctx, (void *)password);
SSL_CTX_set_default_passwd_cb (ctx, _mongoc_ssl_password_cb);
}
if (!(SSL_CTX_use_PrivateKey_file (ctx, pem_file, SSL_FILETYPE_PEM))) {
return 0;
}
if (!(SSL_CTX_check_private_key (ctx))) {
return 0;
}
return 1;
}示例5: SSL_library_init
/*
* Create Global context SSL and use it in every new session
*
* - Load the trusted CAs
* - Load the Private key & the certificate
* - Set the Context options & Verify options
*/
static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf)
{
SSL_METHOD *meth;
SSL_CTX *ctx;
X509_STORE *certstore;
int verify_mode = SSL_VERIFY_NONE;
int ctx_options = 0;
int type;
/*
* Add all the default ciphers and message digests
* Create our context.
*/
SSL_library_init();
SSL_load_error_strings();
/*
* SHA256 is in all versions of OpenSSL, but isn't
* initialized by default. It's needed for WiMAX
* certificates.
*/
#ifdef HAVE_OPENSSL_EVP_SHA256
EVP_add_digest(EVP_sha256());
#endif
meth = TLSv1_method();
ctx = SSL_CTX_new(meth);
/*
* Identify the type of certificates that needs to be loaded
*/
if (conf->file_type) {
type = SSL_FILETYPE_PEM;
} else {
type = SSL_FILETYPE_ASN1;
}
/*
* Set the password to load private key
*/
if (conf->private_key_password) {
#ifdef __APPLE__
/*
* We don't want to put the private key password in eap.conf, so check
* for our special string which indicates we should get the password
* programmatically.
*/
const char* special_string = "Apple:UseCertAdmin";
if (strncmp(conf->private_key_password,
special_string,
strlen(special_string)) == 0)
{
char cmd[256];
const long max_password_len = 128;
snprintf(cmd, sizeof(cmd) - 1,
"/usr/sbin/certadmin --get-private-key-passphrase \"%s\"",
conf->private_key_file);
DEBUG2("rlm_eap: Getting private key passphrase using command \"%s\"", cmd);
FILE* cmd_pipe = popen(cmd, "r");
if (!cmd_pipe) {
radlog(L_ERR, "rlm_eap: %s command failed. Unable to get private_key_password", cmd);
radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
return NULL;
}
free(conf->private_key_password);
conf->private_key_password = malloc(max_password_len * sizeof(char));
if (!conf->private_key_password) {
radlog(L_ERR, "rlm_eap: Can't malloc space for private_key_password");
radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
pclose(cmd_pipe);
return NULL;
}
fgets(conf->private_key_password, max_password_len, cmd_pipe);
pclose(cmd_pipe);
/* Get rid of newline at end of password. */
conf->private_key_password[strlen(conf->private_key_password) - 1] = '\0';
DEBUG2("rlm_eap: Password from command = \"%s\"", conf->private_key_password);
}
#endif
SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->private_key_password);
SSL_CTX_set_default_passwd_cb(ctx, cbtls_password);
}
/*
* Load our keys and certificates
*
* If certificates are of type PEM then we can make use
* of cert chain authentication using openssl api call
//.........这里部分代码省略.........
示例6: server_test
//.........这里部分代码省略.........
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
}
#endif
if (!useNtruKey) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
}
#ifndef NO_PSK
if (usePsk) {
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL)
if (SSL_CTX_set_cipher_list(ctx,"PSK-AES256-CBC-SHA") !=SSL_SUCCESS)
err_sys("can't set cipher list");
}
#endif
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
if (!doDTLS)
CloseSocket(sockfd);
SSL_set_fd(ssl, clientfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
#ifdef NON_BLOCKING
tcp_set_nonblocking(&clientfd);
NonBlockingSSL_Accept(ssl);
#else
#ifndef CYASSL_CALLBACKS
if (SSL_accept(ssl) != SSL_SUCCESS) {
int err = SSL_get_error(ssl, 0);
char buffer[80];
printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
err_sys("SSL_accept failed");
}
#else
NonBlockingSSL_Accept(ssl);
#endif
#endif
showPeer(ssl);
idx = SSL_read(ssl, input, sizeof(input));
if (idx > 0) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
err_sys("SSL_write failed");
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
CloseSocket(clientfd);
((func_args*)args)->return_code = 0;
return 0;
}示例7: anetSSLAccept
int anetSSLAccept( char *err, int fd, struct redisServer server, anetSSLConnection *ctn) {
ctn->sd = -1;
ctn->ctx = NULL;
ctn->ssl = NULL;
ctn->bio = NULL;
ctn->conn_str = NULL;
if( fd == -1 ) {
return ANET_ERR;
}
ctn->sd = fd;
// Create the SSL Context ( server method )
SSL_CTX* ctx = SSL_CTX_new(TLSv1_1_server_method());
ctn->ctx = ctx;
/*
You will need to generate certificates, the root certificate authority file, the private key file, and the random file yourself.
Google will help. The openssl executable created when you compiled OpenSSL can do all this.
*/
// Load trusted root authorities
SSL_CTX_load_verify_locations(ctx, server.ssl_root_file, server.ssl_root_dir);
// Sets the default certificate password callback function. Read more under the Certificate Verification section.
if( NULL != server.ssl_srvr_cert_passwd ) {
global_ssl_cert_password = server.ssl_srvr_cert_passwd;
SSL_CTX_set_default_passwd_cb(ctx, password_callback);
}
// Sets the certificate file to be used.
SSL_CTX_use_certificate_file(ctx, server.ssl_cert_file, SSL_FILETYPE_PEM);
// Sets the private key file to be used.
SSL_CTX_use_PrivateKey_file(ctx, server.ssl_pk_file, SSL_FILETYPE_PEM);
// Set the maximum depth to be used verifying certificates
// Due to a bug, this is not enforced. The verify callback must enforce it.
SSL_CTX_set_verify_depth(ctx, 1);
// Set the certificate verification callback.
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER /* | SSL_VERIFY_FAIL_IF_NO_PEER_CERT */, verify_callback);
/*
End certificate verification setup.
*/
// We need to load the Diffie-Hellman key exchange parameters.
// First load dh1024.pem (you DID create it, didn't you?)
BIO* bio = BIO_new_file(server.ssl_dhk_file, "r");
// Did we get a handle to the file?
if (bio == NULL) {
anetSetError(err, "SSL Accept: Couldn't open DH param file");
anetCleanupSSL( ctn);
return ANET_ERR;
}
// Read in the DH params.
DH* ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
// Free up the BIO object.
BIO_free(bio);
// Set up our SSL_CTX to use the DH parameters.
if (SSL_CTX_set_tmp_dh(ctx, ret) < 0) {
anetSetError(err, "SSL Accept: Couldn't set DH parameters");
anetCleanupSSL( ctn );
return ANET_ERR;
}
// Now we need to generate a RSA key for use.
// 1024-bit key. If you want to use something stronger, go ahead but it must be a power of 2. Upper limit should be 4096.
RSA* rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
// Set up our SSL_CTX to use the generated RSA key.
if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
anetSetError(err, "SSL Accept: Couldn't set RSA Key");
anetCleanupSSL( ctn );
return ANET_ERR;
}
// Free up the RSA structure.
RSA_free(rsa);
/*
For some reason many tutorials don't include this...
Servers must specify the ciphers they can use, to verify that both the client and the server can use the same cipher.
If you don't do this, you'll get errors relating to "no shared ciphers" or "no common ciphers".
Use all ciphers with the exception of: ones with anonymous Diffie-Hellman, low-strength ciphers, export ciphers, md5 hashing. Ordered from strongest to weakest.
Note that as ciphers become broken, it will be necessary to change the available cipher list to remain secure.
*/
if( NULL == server.ssl_srvr_cipher_list || 0 == strlen(server.ssl_srvr_cipher_list) )
SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
else
SSL_CTX_set_cipher_list(ctx, server.ssl_srvr_cipher_list);
//.........这里部分代码省略.........
示例8: echoclient_test
void echoclient_test(void* args)
{
SOCKET_T sockfd = 0;
FILE* fin = stdin;
FILE* fout = stdout;
int inCreated = 0;
int outCreated = 0;
char send[1024];
char reply[1024];
SSL_METHOD* method = 0;
SSL_CTX* ctx = 0;
SSL* ssl = 0;
int sendSz;
int argc = 0;
char** argv = 0;
((func_args*)args)->return_code = -1; /* error state */
argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv;
if (argc >= 2) {
fin = fopen(argv[1], "r");
inCreated = 1;
}
if (argc >= 3) {
fout = fopen(argv[2], "w");
outCreated = 1;
}
if (!fin) err_sys("can't open input file");
if (!fout) err_sys("can't open output file");
tcp_connect(&sockfd, yasslIP, yasslPort);
#if defined(CYASSL_DTLS)
method = DTLSv1_client_method();
#elif !defined(NO_TLS)
method = TLSv1_client_method();
#else
method = SSLv3_client_method();
#endif
ctx = SSL_CTX_new(method);
#ifndef NO_FILESYSTEM
if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file");
#ifdef HAVE_ECC
if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file");
#endif
#else
load_buffer(ctx, caCert, CYASSL_CA);
#endif
#ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
ssl = SSL_new(ctx);
SSL_set_fd(ssl, sockfd);
#if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
/* let echoserver bind first, TODO: add Windows signal like pthreads does */
Sleep(100);
#endif
if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed");
while (fgets(send, sizeof(send), fin)) {
sendSz = (int)strlen(send) + 1;
if (SSL_write(ssl, send, sendSz) != sendSz)
err_sys("SSL_write failed");
if (strncmp(send, "quit", 4) == 0) {
fputs("sending server shutdown command: quit!\n", fout);
break;
}
if (strncmp(send, "break", 4) == 0) {
fputs("sending server session close: break!\n", fout);
break;
}
while (sendSz) {
int got;
if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) {
fputs(reply, fout);
sendSz -= got;
}
else
break;
}
}
#ifdef CYASSL_DTLS
//.........这里部分代码省略.........
示例9: memcpy
void SSLHandler::init(const SecurityProperties& securityProperties) {
if(isSSLEnabled)
{
this->securityProperties = securityProperties;
if(securityProperties.alpnEnabled && securityProperties.alpnProtoList.size()>0)
{
for(int pn=0;pn<(int)securityProperties.alpnProtoList.size();pn++)
{
string protoname = securityProperties.alpnProtoList.at(pn);
vector<unsigned char> res = vector<unsigned char>(1 + protoname.length());
unsigned char* p = res.data();
*p++ = protoname.length();
memcpy(p, protoname.c_str(), protoname.length());
advertisedProtos.push_back(res);
}
}
string sslConfsettings = "Server setup with SSL enabled, CERTFILE = ";
sslConfsettings.append(securityProperties.cert_file);
sslConfsettings.append(", KEYFILE = ");
sslConfsettings.append(securityProperties.key_file);
sslConfsettings.append(", PASSWORD = ");
sslConfsettings.append(securityProperties.sec_password);
sslConfsettings.append(", DHFILE = ");
sslConfsettings.append(securityProperties.dh_file);
sslConfsettings.append(", CA_LIST = ");
sslConfsettings.append(securityProperties.ca_list);
sslConfsettings.append(", ISDH_PARAMS = ");
//sslConfsettings.append(CastUtil::lexical_cast<string>(securityProperties.isDHParams));
//sslConfsettings.append(", CLIENT_SEC_LEVEL = ");
//sslConfsettings.append(CastUtil::lexical_cast<string>(securityProperties.client_auth));
logger << sslConfsettings << endl;
/* Build our SSL context*/
ctx = SSLCommon::initialize_ctx(true);
pass = (char*)securityProperties.sec_password.c_str();
SSL_CTX_set_default_passwd_cb(ctx, SSLHandler::password_cb);
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_DH_USE |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_TICKET |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
if(securityProperties.isDHParams)
{
SSLCommon::load_dh_params(ctx,(char*)securityProperties.dh_file.c_str());
}
else
{
SSLCommon::load_ecdh_params(ctx);
}
const unsigned char sid_ctx[] = "Ffead";
SSL_CTX_set_session_id_context(ctx, sid_ctx, sizeof(sid_ctx) - 1);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
/*SSL_CTX_set_session_id_context(ctx,
(const unsigned char*)&s_server_session_id_context,
sizeof s_server_session_id_context);
*/
/* Set our cipher list */
if(SSLCommon::ciphers!=""){
SSL_CTX_set_cipher_list(ctx, SSLCommon::ciphers.c_str());
}
SSLCommon::loadCerts(ctx, (char*)securityProperties.cert_file.c_str(),
(char*)securityProperties.key_file.c_str(),
securityProperties.ca_list, true);
if(securityProperties.client_auth==2)
{
/* Set to require peer (client) certificate verification */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
/* Set the verification depth to 1 */
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(ctx,1);
#endif
}
else if(securityProperties.client_auth==1)
{
/* Set to require peer (client) certificate verification */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
/* Set the verification depth to 1 */
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(ctx,1);
#endif
}
else
{
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if(securityProperties.alpnEnabled)
{
//.........这里部分代码省略.........
示例10: cert_stuff
static
int cert_stuff(struct connectdata *conn,
SSL_CTX* ctx,
char *cert_file,
const char *cert_type,
char *key_file,
const char *key_type)
{
struct SessionHandle *data = conn->data;
int file_type;
if(cert_file != NULL) {
SSL *ssl;
X509 *x509;
if(data->set.key_passwd) {
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
/*
* If password has been given, we store that in the global
* area (*shudder*) for a while:
*/
size_t len = strlen(data->set.key_passwd);
if(len < sizeof(global_passwd))
memcpy(global_passwd, data->set.key_passwd, len+1);
#else
/*
* We set the password in the callback userdata
*/
SSL_CTX_set_default_passwd_cb_userdata(ctx,
data->set.key_passwd);
#endif
/* Set passwd callback: */
SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
}
file_type = do_file_type(cert_type);
switch(file_type) {
case SSL_FILETYPE_PEM:
/* SSL_CTX_use_certificate_chain_file() only works on PEM files */
if(SSL_CTX_use_certificate_chain_file(ctx,
cert_file) != 1) {
failf(data, "unable to set certificate file (wrong password?)");
return 0;
}
break;
case SSL_FILETYPE_ASN1:
/* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
we use the case above for PEM so this can only be performed with
ASN1 files. */
if(SSL_CTX_use_certificate_file(ctx,
cert_file,
file_type) != 1) {
failf(data, "unable to set certificate file (wrong password?)");
return 0;
}
break;
case SSL_FILETYPE_ENGINE:
failf(data, "file type ENG for certificate not implemented");
return 0;
default:
failf(data, "not supported file type '%s' for certificate", cert_type);
return 0;
}
file_type = do_file_type(key_type);
switch(file_type) {
case SSL_FILETYPE_PEM:
if(key_file == NULL)
/* cert & key can only be in PEM case in the same file */
key_file=cert_file;
case SSL_FILETYPE_ASN1:
if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
failf(data, "unable to set private key file: '%s' type %s\n",
key_file, key_type?key_type:"PEM");
return 0;
}
break;
case SSL_FILETYPE_ENGINE:
#ifdef HAVE_OPENSSL_ENGINE_H
{ /* XXXX still needs some work */
EVP_PKEY *priv_key = NULL;
if(conn && conn->data && conn->data->engine) {
#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
UI_METHOD *ui_method = UI_OpenSSL();
#endif
if(!key_file || !key_file[0]) {
failf(data, "no key set to load from crypto engine\n");
return 0;
}
/* the typecast below was added to please mingw32 */
priv_key = (EVP_PKEY *)
ENGINE_load_private_key(conn->data->engine,key_file,
#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
ui_method,
#endif
data->set.key_passwd);
//.........这里部分代码省略.........
示例11: SSLv23_method
bool
SSLClient::sslSetupCTX(std::string &keyspec, std::string &caspec)
{
GNASH_REPORT_FUNCTION;
// SSL_METHOD *meth;
int ret;
string keyfile;
string cafile;
#if 1
if (keyspec.find('/', 0) != string::npos) {
keyfile = keyspec;
} else {
keyfile = _rootpath;
keyfile += "/";
keyfile += keyspec;
}
if (caspec.find('/', 0) != string::npos) {
cafile = caspec;
} else {
cafile = _rootpath;
cafile += "/";
cafile += caspec;
}
#else
keyfile = keyspec;
cafile = caspec;
#endif
// create the context
_ctx.reset(SSL_CTX_new( SSLv23_method()));
ERR_clear_error();
if (!(SSL_CTX_load_verify_locations(_ctx.get(), cafile.c_str(),
_rootpath.c_str()))) {
log_error("Can't read CA list from \"%s\"!", cafile);
log_error("Error was: \"%s\"!", ERR_reason_error_string(ERR_get_error()));
return false;
} else {
log_debug("Read CA list from \"%s\"", cafile);
}
// Load our keys and certificates
ERR_clear_error();
if ((ret = SSL_CTX_use_certificate_chain_file(_ctx.get(), keyfile.c_str())) != 1) {
log_error("Can't read certificate file \"%s\"!", keyfile);
return false;
} else {
log_debug("Read certificate file \"%s\".", keyfile);
}
// Set the password as a callback, otherwise we get prompted for it
SSL_CTX_set_default_passwd_cb(_ctx.get(), password_cb);
// Add the first private key in the keyfile to the context.
ERR_clear_error();
if((ret = SSL_CTX_use_PrivateKey_file(_ctx.get(), keyfile.c_str(),
SSL_FILETYPE_PEM)) != 1) {
log_error("Can't read CERT file \"%s\"!", keyfile);
log_error("Error was: \"%s\"!", ERR_reason_error_string(ERR_get_error()));
return false;
} else {
log_debug("Read key file \"%s\".", keyfile);
}
SSL_CTX_set_verify(_ctx.get(), SSL_VERIFY_PEER, verify_callback);
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(_ctx.get(), 4);
#endif
return true;
}示例12: lua_co_tcp
static int lua_co_tcp(lua_State *L)
{
cosocket_t *cok = (cosocket_t *) lua_newuserdata(L, sizeof(cosocket_t));
if(!cok) {
lua_pushnil(L);
lua_pushstring(L, "stack error!");
return 2;
}
bzero(cok, sizeof(cosocket_t));
if(lua_isstring(L, 1) && lua_isstring(L, 2)) {
if(cok->ctx) {
SSL_CTX_free(cok->ctx);
}
cok->ctx = SSL_CTX_new(SSLv23_client_method());
if(cok->ctx == NULL) {
lua_pushnil(cok->L);
lua_pushstring(cok->L, "SSL_CTX_new Error");
return 2;
}
if(lua_isstring(L, 3)) {
if(cok->ssl_pw) {
free(cok->ssl_pw);
}
size_t len = 0;
const char *p1 = lua_tolstring(L, 3, &len);
cok->ssl_pw = malloc(len + 1);
if(cok->ssl_pw) {
memcpy(cok->ssl_pw, p1, len);
cok->ssl_pw[len] = '\0';
SSL_CTX_set_default_passwd_cb_userdata(cok->ctx, (void *)cok->ssl_pw);
SSL_CTX_set_default_passwd_cb(cok->ctx, ssl_password_cb);
}
int l = snprintf(temp_buf, 4096, "%s:%s:%s", lua_tostring(L, 1), lua_tostring(L, 2), p1);
cok->ssl_sign = fnv1a_32(temp_buf, l);
} else {
int l = snprintf(temp_buf, 4096, "%s:%s:", lua_tostring(L, 1), lua_tostring(L, 2));
cok->ssl_sign = fnv1a_32(temp_buf, l);
}
if(SSL_CTX_use_certificate_file(cok->ctx, lua_tostring(L, 1), SSL_FILETYPE_PEM) != 1) {
SSL_CTX_free(cok->ctx);
cok->ctx = NULL;
lua_pushnil(cok->L);
lua_pushstring(cok->L, "SSL_CTX_use_certificate_file Error");
return 2;
}
if(SSL_CTX_use_PrivateKey_file(cok->ctx, lua_tostring(L, 2), SSL_FILETYPE_PEM) != 1) {
SSL_CTX_free(cok->ctx);
cok->ctx = NULL;
lua_pushnil(cok->L);
lua_pushstring(cok->L, "SSL_CTX_use_PrivateKey_file Error");
return 2;
}
if(!SSL_CTX_check_private_key(cok->ctx)) {
SSL_CTX_free(cok->ctx);
cok->ctx = NULL;
lua_pushnil(cok->L);
lua_pushstring(cok->L, "SSL_CTX_check_private_key Error");
return 2;
}
cok->use_ssl = 1;
} else if(lua_isboolean(L, 1) && lua_toboolean(L, 1) == 1) {
cok->use_ssl = 1;
} else {
cok->use_ssl = 0;
}
cok->L = L;
cok->fd = -1;
cok->timeout = 30000;
/*
if(luaL_newmetatable(L, "cosocket")) {
//luaL_checkstack(L, 1, "not enough stack to register connection MT");
lua_pushvalue(L, lua_upvalueindex(1));
setfuncs(L, M, 1);
lua_pushvalue(L, -1);
lua_setfield(L, -2, "__index");
}*/
luaL_getmetatable(L, "cosocket:tcp");
lua_setmetatable(L, -2);
return 1;
}示例13: context_init
void context_init(void) { /* init SSL */
int i;
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
/* Load all bundled ENGINEs into memory and make them visible */
ENGINE_load_builtin_engines();
/* Register all of them for every algorithm they collectively implement */
ENGINE_register_all_complete();
#endif
if(!init_prng())
log(LOG_INFO, "PRNG seeded successfully");
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
if(options.option.client) {
ctx=SSL_CTX_new(SSLv3_client_method());
} else { /* Server mode */
ctx=SSL_CTX_new(SSLv23_server_method());
#ifndef NO_RSA
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
#endif /* NO_RSA */
if(init_dh())
log(LOG_WARNING, "Diffie-Hellman initialization failed");
}
if(options.ssl_options) {
log(LOG_DEBUG, "Configuration SSL options: 0x%08lX",
options.ssl_options);
log(LOG_DEBUG, "SSL options set: 0x%08lX",
SSL_CTX_set_options(ctx, options.ssl_options));
}
#if SSLEAY_VERSION_NUMBER >= 0x00906000L
SSL_CTX_set_mode(ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif /* OpenSSL-0.9.6 */
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout(ctx, options.session_timeout);
if(options.option.cert) {
if(!SSL_CTX_use_certificate_chain_file(ctx, options.cert)) {
log(LOG_ERR, "Error reading certificate file: %s", options.cert);
sslerror("SSL_CTX_use_certificate_chain_file");
exit(1);
}
log(LOG_DEBUG, "Certificate: %s", options.cert);
log(LOG_DEBUG, "Key file: %s", options.key);
#ifdef USE_WIN32
SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb);
#endif
for(i=0; i<3; i++) {
#ifdef NO_RSA
if(SSL_CTX_use_PrivateKey_file(ctx, options.key,
SSL_FILETYPE_PEM))
#else /* NO_RSA */
if(SSL_CTX_use_RSAPrivateKey_file(ctx, options.key,
SSL_FILETYPE_PEM))
#endif /* NO_RSA */
break;
if(i<2 && ERR_GET_REASON(ERR_peek_error())==EVP_R_BAD_DECRYPT) {
sslerror_stack(); /* dump the error stack */
log(LOG_ERR, "Wrong pass phrase: retrying");
continue;
}
#ifdef NO_RSA
sslerror("SSL_CTX_use_PrivateKey_file");
#else /* NO_RSA */
sslerror("SSL_CTX_use_RSAPrivateKey_file");
#endif /* NO_RSA */
exit(1);
}
if(!SSL_CTX_check_private_key(ctx)) {
sslerror("Private key does not match the certificate");
exit(1);
}
}
verify_init(); /* Initialize certificate verification */
SSL_CTX_set_info_callback(ctx, info_callback);
if(options.cipher_list) {
if (!SSL_CTX_set_cipher_list(ctx, options.cipher_list)) {
sslerror("SSL_CTX_set_cipher_list");
exit(1);
}
}
}示例14: SSL_load_error_strings
void OpenSSLSession::Start()
{
if(m_bStarted)
{
return;
}
SSL_load_error_strings();
SSL_library_init();
ERR_load_BIO_strings();
//OpenSSL_add_all_algorithms();
//SSL protocol method
const SSL_METHOD *meth = SSLv3_method();
//Connection context using SSL protocol method
m_ConnectionCtx = SSL_CTX_new(meth);
if(!m_ConnectionCtx)
{
ERR_print_errors_fp(stderr);
return;
}
if(SSL_CTX_set_cipher_list(m_ConnectionCtx, (char*)m_CipherList.c_str()) == 0)
{
ERR_print_errors_fp(stderr);
}
//Send SARA certificate to remote location
if(m_bLocalVerification)
{
/* Load our keys and certificates*/
//1. Load the certificates in to "m_ConnectionCtx"
if (!SSL_CTX_use_certificate_file(m_ConnectionCtx, m_SARACertificate.c_str(), SSL_FILETYPE_PEM))
{
ERR_print_errors_fp(stderr);
return;
}
//2. Set the default password callback when loading/storing a PEM certificate with encryption
SSL_CTX_set_default_passwd_cb(m_ConnectionCtx, GetPassword_CB);
//3. Add the first private key found in file "m_SARACertificate" to "m_ConnectionCtx"
if (!SSL_CTX_use_PrivateKey_file(m_ConnectionCtx, m_SARAPvtKeyFile.c_str(), SSL_FILETYPE_PEM))
{
ERR_print_errors_fp(stderr);
return;
}
//3_A. Check the private key is correct
if(SSL_CTX_check_private_key(m_ConnectionCtx) == -1)
{
ERR_print_errors_fp(stderr);
return;
}
}
//Evaluation of remote certificate by SARA
if(m_bRemoteVerification)
{
//4. Specify the location ("m_TrustedCACertificate") where CA certificates for verification purposes are located
// Used to authenticate the host to which we are connected. Loading all the CAs that we trust.
if(!(SSL_CTX_load_verify_locations(m_ConnectionCtx, 0, m_TrustedCACertificate.c_str())))
{
ERR_print_errors_fp(stderr);
return;
}
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(m_ConnectionCtx,1);
#else
SSL_CTX_set_verify_depth(m_ConnectionCtx, m_iDepth);
#endif
//5. Set verification for host.
SSL_CTX_set_verify(m_ConnectionCtx, SSL_VERIFY_PEER, OpenSSLSession::SSL_VerifyCallback);
}
m_bStarted = true;
}示例15: build_ssl_ctx
static int
build_ssl_ctx(void)
{
SSL_DATA *ssl;
/* Library initialization */
SSL_library_init();
SSL_load_error_strings();
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!check_data->ssl)
ssl = (SSL_DATA *) MALLOC(sizeof (ssl_data));
else
ssl = check_data->ssl;
/* Initialize SSL context for SSL v2/3 */
ssl->meth = (SSL_METHOD *) SSLv23_method();
ssl->ctx = SSL_CTX_new(ssl->meth);
/* return for autogen context */
if (!check_data->ssl) {
check_data->ssl = ssl;
goto end;
}
/* Load our keys and certificates */
if (check_data->ssl->keyfile)
if (!
(SSL_CTX_use_certificate_chain_file
(ssl->ctx, check_data->ssl->keyfile))) {
log_message(LOG_INFO,
"SSL error : Cant load certificate file...");
return 0;
}
/* Handle password callback using userdata ssl */
if (check_data->ssl->password) {
SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx,
check_data->ssl);
SSL_CTX_set_default_passwd_cb(ssl->ctx, password_cb);
}
if (check_data->ssl->keyfile)
if (!
(SSL_CTX_use_PrivateKey_file
(ssl->ctx, check_data->ssl->keyfile, SSL_FILETYPE_PEM))) {
log_message(LOG_INFO, "SSL error : Cant load key file...");
return 0;
}
/* Load the CAs we trust */
if (check_data->ssl->cafile)
if (!
(SSL_CTX_load_verify_locations
(ssl->ctx, check_data->ssl->cafile, 0))) {
log_message(LOG_INFO, "SSL error : Cant load CA file...");
return 0;
}
end:
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(ssl->ctx, 1);
#endif
return 1;
}