本文整理汇总了C++中SSL_CTX_set_default_verify_paths函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_CTX_set_default_verify_paths函数的具体用法?C++ SSL_CTX_set_default_verify_paths怎么用?C++ SSL_CTX_set_default_verify_paths使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_CTX_set_default_verify_paths函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: perform_ssl_connection
static void perform_ssl_connection (void)
{
struct evhttp_connection *con;
struct evhttp_request *req;
struct bufferevent *bev;
SSL_CTX *sctx;
SSL *ssl;
sctx = SSL_CTX_new (SSLv23_client_method ());
assert (sctx);
SSL_CTX_set_options (sctx, SSL_OP_NO_TLSv1_2);
//SSL_CTX_set_options (sctx, SSL_OP_ALL);
SSL_CTX_set_timeout (sctx, 3000);
SSL_CTX_set_verify (sctx, SSL_VERIFY_PEER, SSLX_CTX_verify_callback);
SSL_CTX_set_default_verify_paths (sctx);
SSL_CTX_set_cipher_list (sctx, "RC4-MD5");
ssl = SSL_new (sctx);
assert (ssl);
bev = bufferevent_openssl_socket_new (evbase, -1, ssl, BUFFEREVENT_SSL_CONNECTING , BEV_OPT_CLOSE_ON_FREE);
//bev = bufferevent_socket_new (evbase, -1, BEV_OPT_CLOSE_ON_FREE);
assert (bev);
con = evhttp_connection_base_bufferevent_new (evbase, dnsbase, bev, HOST, PORT);
evhttp_connection_set_closecb (con, on_connection_close, NULL);
evhttp_connection_set_timeout (con, 10);
req = evhttp_request_new (on_response_cb, NULL);
evhttp_add_header (req->output_headers, "Host", HOST);
// evhttp_add_header (req->output_headers, "Connection", "Keep-Alive");
evhttp_make_request (con, req, EVHTTP_REQ_GET, "/index.html");
}示例2: git_openssl_stream_global_init
int git_openssl_stream_global_init(void)
{
#ifdef GIT_OPENSSL
long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
/* Older OpenSSL and MacOS OpenSSL doesn't have this */
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION;
#endif
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
/*
* Load SSLv{2,3} and TLSv1 so that we can talk with servers
* which use the SSL hellos, which are often used for
* compatibility. We then disable SSL so we only allow OpenSSL
* to speak TLSv1 to perform the encryption itself.
*/
git__ssl_ctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_options(git__ssl_ctx, ssl_opts);
SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL);
if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) {
SSL_CTX_free(git__ssl_ctx);
git__ssl_ctx = NULL;
return -1;
}
#endif
git__on_shutdown(shutdown_ssl);
return 0;
}示例3: sqSetupSSL
/* sqSetupSSL: Common SSL setup tasks */
sqInt sqSetupSSL(sqSSL *ssl, int server) {
/* Fixme. Needs to use specified version */
if(ssl->loglevel) printf("sqSetupSSL: setting method\n");
ssl->method = SSLv23_method();
if(ssl->loglevel) printf("sqSetupSSL: Creating context\n");
ssl->ctx = SSL_CTX_new(ssl->method);
if(!ssl->ctx) ERR_print_errors_fp(stdout);
if(ssl->loglevel) printf("sqSetupSSL: setting cipher list\n");
SSL_CTX_set_cipher_list(ssl->ctx, "!ADH:HIGH:MEDIUM:@STRENGTH");
/* if a cert is provided, use it */
if(ssl->certName) {
if(ssl->loglevel) printf("sqSetupSSL: Using cert file %s\n", ssl->certName);
if(SSL_CTX_use_certificate_file(ssl->ctx, ssl->certName, SSL_FILETYPE_PEM)<=0)
ERR_print_errors_fp(stderr);
if(SSL_CTX_use_PrivateKey_file(ssl->ctx, ssl->certName, SSL_FILETYPE_PEM)<=0)
ERR_print_errors_fp(stderr);
}
/* Set up trusted CA */
if(ssl->loglevel) printf("sqSetupSSL: No root CA given; using default verify paths\n");
if(SSL_CTX_set_default_verify_paths(ssl->ctx) <=0)
ERR_print_errors_fp(stderr);
if(ssl->loglevel) printf("sqSetupSSL: Creating SSL\n");
ssl->ssl = SSL_new(ssl->ctx);
if(ssl->loglevel) printf("sqSetupSSL: setting bios\n");
SSL_set_bio(ssl->ssl, ssl->bioRead, ssl->bioWrite);
return 1;
}示例4: _ssl_ctx_set_packed_file
int _ssl_ctx_set_packed_file(void *ctx, const char *cfile) {
_SSLO_CTX *so = ctx;
if (ctx == NULL) {
return ERR_TR50_BADHANDLE;
}
if (SSL_CTX_use_certificate_chain_file(so->ctx, cfile) != 1) {
//so->errcode = ERR_get_error();
//ERR_error_string_n(so->errcode, so->errmsg, SSL_ERR_STR_LEN);
return ERR_TR50_SSL_CTX;
}
if (SSL_CTX_load_verify_locations(so->ctx, cfile, NULL) != 1) {
//so->errcode = ERR_get_error();
//ERR_error_string_n(so->errcode, so->errmsg, SSL_ERR_STR_LEN);
return ERR_TR50_SSL_CTX;
}
if (SSL_CTX_set_default_verify_paths(so->ctx) != 1) {
//so->errcode = ERR_get_error();
//ERR_error_string_n(so->errcode, so->errmsg, SSL_ERR_STR_LEN);
return ERR_TR50_SSL_CTX;
}
SSL_CTX_set_default_passwd_cb(so->ctx, _ssl_ctx_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(so->ctx, so->passwd);
if (SSL_CTX_use_PrivateKey_file(so->ctx, cfile, SSL_FILETYPE_PEM) != 1) {
//so->errcode = ERR_get_error();
//ERR_error_string_n(so->errcode, so->errmsg, SSL_ERR_STR_LEN);
return ERR_TR50_SSL_CTX;
}
return 0;
}示例5: sizeof
SSL *getSSL(void)
{
if (!context) {
const SSL_METHOD *m;
unsigned char f_randfile[PATH_MAX];
const unsigned char *f = (const unsigned char *)RAND_file_name(cast_char f_randfile, sizeof(f_randfile));
if (f && RAND_egd(cast_const_char f)<0) {
/* Not an EGD, so read and write to it */
if (RAND_load_file(cast_const_char f_randfile, -1))
RAND_write_file(cast_const_char f_randfile);
}
SSLeay_add_ssl_algorithms();
m = SSLv23_client_method();
if (!m) return NULL;
context = SSL_CTX_new((void *)m);
if (!context) return NULL;
SSL_CTX_set_options(context, SSL_OP_ALL);
SSL_CTX_set_default_verify_paths(context);
/* needed for systems without /dev/random, but obviously kills security. */
/*{
unsigned char pool[32768];
int i;
int rs;
struct timeval tv;
EINTRLOOP(rs, gettimeofday(&tv, NULL));
for (i = 0; i < sizeof pool; i++) pool[i] = random() ^ tv.tv_sec ^ tv.tv_usec;
RAND_add(pool, sizeof pool, sizeof pool);
}*/
}
return (SSL_new(context));
}示例6: ssl_setup
static int ssl_setup(gitno_socket *socket, const char *host, int flags)
{
int ret;
SSL_library_init();
SSL_load_error_strings();
socket->ssl.ctx = SSL_CTX_new(SSLv23_method());
if (socket->ssl.ctx == NULL)
return ssl_set_error(&socket->ssl, 0);
SSL_CTX_set_mode(socket->ssl.ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(socket->ssl.ctx, SSL_VERIFY_NONE, NULL);
if (!SSL_CTX_set_default_verify_paths(socket->ssl.ctx))
return ssl_set_error(&socket->ssl, 0);
socket->ssl.ssl = SSL_new(socket->ssl.ctx);
if (socket->ssl.ssl == NULL)
return ssl_set_error(&socket->ssl, 0);
if((ret = SSL_set_fd(socket->ssl.ssl, socket->socket)) == 0)
return ssl_set_error(&socket->ssl, ret);
if ((ret = SSL_connect(socket->ssl.ssl)) <= 0)
return ssl_set_error(&socket->ssl, ret);
if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags)
return 0;
return verify_server_cert(&socket->ssl, host);
}示例7: LoadCertificates
void LoadCertificates(SSL_CTX* ctx, char* CertFile, char* KeyFile)
{
if (SSL_CTX_load_verify_locations(ctx, CertFile, KeyFile) != 1)
ERR_print_errors_fp(stderr);
if (SSL_CTX_set_default_verify_paths(ctx) != 1)
ERR_print_errors_fp(stderr);
if (SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
abort();
}
if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
abort();
}
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr, "Private key does not match the public certificate\n");
abort();
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
}示例8: tls_init
/* Initialize the library */
static void tls_init(int verify)
{
if(_tlsctx)
{
TLSERROR("Library is already initialized!");
return;
}
SSL_load_error_strings();
SSL_library_init();
_tlsctx = SSL_CTX_new(TLSv1_method());
if(!_tlsctx) TLSERROR("Couldn't create TLS object.\n");
else
{
OPENSSLCHECK(SSL_CTX_set_quiet_shutdown(_tlsctx, 1));
OPENSSLCHECK(SSL_CTX_set_info_callback(_tlsctx, NULL));
OPENSSLCHECK(SSL_CTX_load_verify_locations(ctx, CAfile, CApath));
OPENSSLCHECK(SSL_CTX_set_default_verify_paths());
if(verify == GGZ_TLS_VERIFY_PEER) SSL_CTX_set_verify(_tlsctx, SSL_VERIFY_PEER, tls_verify);
else SSL_CTX_set_verify(_tlsctx, SSL_VERIFY_NONE, NULL);
}
openssllist = ggz_list_create(NULL, NULL, NULL, GGZ_LIST_ALLOW_DUPS);
}示例9: SSL_CTX_new
SSL_CTX *setup_client_ctx (void)
{
SSL_CTX *ctx;
ctx = SSL_CTX_new (SSLv23_method ());
/* Test de la passphrase */
SSL_CTX_set_default_passwd_cb (ctx, passwd_cb);
if (SSL_CTX_load_verify_locations (ctx, CAFILE, CADIR) != 1)
int_error ("ERREUR DE CHARGEMENT DU FICHIER");
if (SSL_CTX_set_default_verify_paths (ctx) != 1)
int_error ("ERREUR DE CHARGEMENT DU FICHIER default CA file");
if (SSL_CTX_use_certificate_chain_file (ctx, CERTFILE) != 1)
int_error ("ERREUR DE CHARGEMENT DU CERTIFICAT");
if (SSL_CTX_use_PrivateKey_file (ctx, CERTFILE, SSL_FILETYPE_PEM) != 1)
int_error ("ERREUR DE CHARGEMENT DE LA CLEF PRIVE");
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_verify_depth (ctx, 4);
SSL_CTX_set_options (ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 |
SSL_OP_SINGLE_DH_USE);
/*
SSL_CTX_set_tmp_dh_callback (ctx, tmp_dh_callback);
if (SSL_CTX_set_cipher_list (ctx, CIPHER_LIST) != 1)
int_error ("ERREUR DE LECTURE DE LA LISTE DE CHIPTER");
*/
return (ctx);
}示例10: LoadCertificates
void LoadCertificates(SSL_CTX* ctx, char* CertFile, char* KeyFile)
{
if (SSL_CTX_load_verify_locations(ctx, CertFile, KeyFile) != 1)
ERR_print_errors_fp(stderr);
if (SSL_CTX_set_default_verify_paths(ctx) != 1)
ERR_print_errors_fp(stderr);
/* set the local certificate from CertFile */
if ( SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0 ){
ERR_print_errors_fp(stderr);
abort();
}
/* set the private key from KeyFile (may be the same as CertFile) */
if ( SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0 ){
ERR_print_errors_fp(stderr);
abort();
}
/* verify private key */
if ( !SSL_CTX_check_private_key(ctx) ){
fprintf(stderr, "Private key does not match the public certificate\n");
abort();
}
}示例11: SSL_CTX_new
//=========================================
// setupClientCTX
//-----------------------------------------
void SSLClient::setupClientCTX (void) {
ctx = SSL_CTX_new(SSLv23_method( ));
SSL_CTX_set_default_passwd_cb (ctx, passwd_cb);
OpenSSL_add_all_algorithms();
if (SSL_CTX_load_verify_locations(
ctx, CAFILE.toLatin1().data(), CADIR) != 1
) {
qerror("Error loading CA file and/or directory");
}
if (SSL_CTX_set_default_verify_paths(ctx) != 1) {
qerror("Error loading default CA file and/or directory");
}
if (SSL_CTX_use_certificate_chain_file(
ctx, CLIENT_CERTFILE.toLatin1().data()) != 1
) {
qerror("Error loading certificate from file");
}
if (SSL_CTX_use_PrivateKey_file(
ctx,CLIENT_CERTFILE.toLatin1().data(),SSL_FILETYPE_PEM
) != 1) {
qerror("Error loading private key from file");
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
if (SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != 1) {
qerror("Error setting cipher list (no valid ciphers)");
}
}示例12: init_openssl
static void
init_openssl(struct module *module)
{
unsigned char f_randfile[PATH_MAX];
/* In a nutshell, on OS's without a /dev/urandom, the OpenSSL library
* cannot initialize the PRNG and so every attempt to use SSL fails.
* It's actually an OpenSSL FAQ, and according to them, it's up to the
* application coders to seed the RNG. -- William Yodlowsky */
RAND_file_name(f_randfile, sizeof(f_randfile));
#ifdef HAVE_RAND_EGD
if (RAND_egd(f_randfile) < 0) {
/* Not an EGD, so read and write to it */
#endif
if (RAND_load_file(f_randfile, -1))
RAND_write_file(f_randfile);
#ifdef HAVE_RAND_EGD
}
#endif
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);
SSL_CTX_set_default_verify_paths(context);
socket_SSL_ex_data_idx = SSL_get_ex_new_index(0, NULL,
NULL,
socket_SSL_ex_data_dup,
NULL);
}示例13: git_openssl_stream_global_init
int git_openssl_stream_global_init(void)
{
#ifdef GIT_OPENSSL
long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
const char *ciphers = git_libgit2__ssl_ciphers();
/* Older OpenSSL and MacOS OpenSSL doesn't have this */
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION;
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
#else
OPENSSL_init_ssl(0, NULL);
#endif
/*
* Load SSLv{2,3} and TLSv1 so that we can talk with servers
* which use the SSL hellos, which are often used for
* compatibility. We then disable SSL so we only allow OpenSSL
* to speak TLSv1 to perform the encryption itself.
*/
git__ssl_ctx = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_options(git__ssl_ctx, ssl_opts);
SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL);
if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) {
SSL_CTX_free(git__ssl_ctx);
git__ssl_ctx = NULL;
return -1;
}
if (!ciphers) {
ciphers = GIT_SSL_DEFAULT_CIPHERS;
}
if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) {
SSL_CTX_free(git__ssl_ctx);
git__ssl_ctx = NULL;
return -1;
}
if (init_bio_method() < 0) {
SSL_CTX_free(git__ssl_ctx);
git__ssl_ctx = NULL;
return -1;
}
#endif
git__on_shutdown(shutdown_ssl);
return 0;
}示例14: SSL_CTX_new
SSL_CTX* SSLListener::initSSLContext() {
SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
EC_KEY_free(ecdh);
SSL_CTX_set_default_verify_paths(ctx);
return ctx;
};示例15: ERR
SSL_CTX *initCTX() {
SSL_CTX *m_ctx;
ERR((m_ctx = SSL_CTX_new(SSLv23_method())) == NULL,
COMP("SSL_CTX_new():%1", SSLErrors()))
SSL_CTX_set_options(m_ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
ERR(SSL_CTX_set_default_verify_paths(m_ctx) == 0,
COMP("SSL_CTX_set_default_verify_paths():%1", SSLErrors()))
return m_ctx;
}