本文整理汇总了C++中SSL_CTX_set_session_id_context函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_CTX_set_session_id_context函数的具体用法?C++ SSL_CTX_set_session_id_context怎么用?C++ SSL_CTX_set_session_id_context使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_CTX_set_session_id_context函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: SSL_CTX_new
SSL_CTX *SSLSocket::sslCreateCtx(bool client, bool verify, const char *CAfile, const char *CRTfile, const char *KEYfile, void *passwd) {
SSL_CTX *sctx = SSL_CTX_new(client ? SSLv23_client_method() : SSLv23_server_method());
if (sctx == NULL) {
throw SSLSocketException ( "Could not create SSL context." );
}
else {
// Generate a new DH key during each handshake
SSL_CTX_set_options(sctx, SSL_OP_SINGLE_DH_USE);
// The verification contextof certificates is activated
if (verify) SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
// Sets the password of the private key
SSL_CTX_set_default_passwd_cb_userdata(sctx, passwd);
if (!client) {
int s_server_session_id_context = 1;
SSL_CTX_set_session_id_context(sctx, (const unsigned char*) &s_server_session_id_context, sizeof(s_server_session_id_context));
}
if (SSL_CTX_load_verify_locations(sctx, CAfile, NULL) == 0) {
throw CertificateException ( "CA file could not be loaded." );
}
if (SSL_CTX_use_certificate_file(sctx, CRTfile, SSL_FILETYPE_PEM) == 0) {
ERR_print_errors_fp(stderr);
throw CertificateException ( "CRT file could not be loaded." );
}
if (SSL_CTX_use_PrivateKey_file(sctx, KEYfile, SSL_FILETYPE_PEM) == 0) {
throw CertificateException ( "KEY file could not be loaded." );
}
}
return sctx;
}示例2: SSLModule
SSLModule(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, EXTRA | VENDOR)
, service(this, "ssl")
{
me = this;
this->SetPermanent(true);
SSL_library_init();
SSL_load_error_strings();
client_ctx = SSL_CTX_new(SSLv23_client_method());
server_ctx = SSL_CTX_new(SSLv23_server_method());
if (!client_ctx || !server_ctx)
throw ModuleException("Error initializing SSL CTX");
long opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE;
SSL_CTX_set_options(client_ctx, opts);
SSL_CTX_set_options(server_ctx, opts);
SSL_CTX_set_mode(client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_mode(server_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
Anope::string context_name = "Anope";
SSL_CTX_set_session_id_context(client_ctx, reinterpret_cast<const unsigned char *>(context_name.c_str()), context_name.length());
SSL_CTX_set_session_id_context(server_ctx, reinterpret_cast<const unsigned char *>(context_name.c_str()), context_name.length());
}示例3: ssl_setup
int
ssl_setup(SSL_CTX **ctxp, struct pki *pki)
{
DH *dh;
SSL_CTX *ctx;
ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len);
if (!SSL_CTX_set_session_id_context(ctx,
(const unsigned char *)pki->pki_name,
strlen(pki->pki_name) + 1))
goto err;
if (pki->pki_dhparams_len == 0)
dh = get_dh1024();
else
dh = get_dh_from_memory(pki->pki_dhparams,
pki->pki_dhparams_len);
ssl_set_ephemeral_key_exchange(ctx, dh);
DH_free(dh);
ssl_set_ecdh_curve(ctx, SSL_ECDH_CURVE);
*ctxp = ctx;
return 1;
err:
SSL_CTX_free(ctx);
ssl_error("ssl_setup");
return 0;
}示例4: SSL_CTX_new
int CSSLContext::AddContext(int iVerifyMode, LPCTSTR lpszPemCertFile, LPCTSTR lpszPemKeyFile, LPCTSTR lpszKeyPasswod, LPCTSTR lpszCAPemCertFileOrPath)
{
int iIndex = -1;
SSL_CTX* sslCtx = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_quiet_shutdown(sslCtx, 1);
SSL_CTX_set_verify(sslCtx, iVerifyMode, nullptr);
SSL_CTX_set_cipher_list(sslCtx, "ALL:!aNULL:!eNULL");
if(m_enSessionMode == SSL_SM_SERVER)
{
static volatile ULONG s_session_id_context = 0;
ULONG session_id_context = ::InterlockedIncrement(&s_session_id_context);
SSL_CTX_set_session_id_context(sslCtx, (BYTE*)&session_id_context, sizeof(session_id_context));
}
if(!LoadCertAndKey(sslCtx, iVerifyMode, lpszPemCertFile, lpszPemKeyFile, lpszKeyPasswod, lpszCAPemCertFileOrPath))
SSL_CTX_free(sslCtx);
else
{
iIndex = (int)m_lsSslCtxs.size();
m_lsSslCtxs.push_back(sslCtx);
}
return iIndex;
}示例5: ssl_setup
int
ssl_setup(SSL_CTX **ctxp, struct pki *pki,
int (*sni_cb)(SSL *,int *,void *), const char *ciphers)
{
SSL_CTX *ctx;
uint8_t sid[SSL_MAX_SID_CTX_LENGTH];
ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len, ciphers);
/*
* Set session ID context to a random value. We don't support
* persistent caching of sessions so it is OK to set a temporary
* session ID context that is valid during run time.
*/
arc4random_buf(sid, sizeof(sid));
if (!SSL_CTX_set_session_id_context(ctx, sid, sizeof(sid)))
goto err;
if (sni_cb)
SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
SSL_CTX_set_dh_auto(ctx, pki->pki_dhe);
SSL_CTX_set_ecdh_auto(ctx, 1);
*ctxp = ctx;
return 1;
err:
SSL_CTX_free(ctx);
ssl_error("ssl_setup");
return 0;
}示例6: ssl_setup
static int ssl_setup(int *rfd, SSL **ssl, SSL_CTX **ctx, struct conf *conf)
{
BIO *sbio=NULL;
char buf[256]="";
ssl_load_globals();
if(!(*ctx=ssl_initialise_ctx(conf)))
{
logp("error initialising ssl ctx\n");
return -1;
}
SSL_CTX_set_session_id_context(*ctx,
(const unsigned char *)&s_server_session_id_context,
sizeof(s_server_session_id_context));
if((*rfd=init_client_socket(conf->server, conf->port))<0)
return -1;
if(!(*ssl=SSL_new(*ctx))
|| !(sbio=BIO_new_socket(*rfd, BIO_NOCLOSE)))
{
ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
logp("Problem joining SSL to the socket: %s\n", buf);
return -1;
}
SSL_set_bio(*ssl, sbio, sbio);
if(SSL_connect(*ssl)<=0)
{
ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
logp("SSL connect error: %s\n", buf);
return -1;
}
return 0;
}示例7: ssl_setup
static int ssl_setup(int *rfd, SSL **ssl, SSL_CTX **ctx,
enum action action, struct conf **confs)
{
BIO *sbio=NULL;
ssl_load_globals();
if(!(*ctx=ssl_initialise_ctx(confs)))
{
logp("error initialising ssl ctx\n");
return -1;
}
SSL_CTX_set_session_id_context(*ctx,
(const uint8_t *)&s_server_session_id_context,
sizeof(s_server_session_id_context));
if((*rfd=init_client_socket(get_string(confs[OPT_SERVER]),
action==ACTION_MONITOR?
get_string(confs[OPT_STATUS_PORT]):get_string(confs[OPT_PORT])))<0)
return -1;
if(!(*ssl=SSL_new(*ctx))
|| !(sbio=BIO_new_socket(*rfd, BIO_NOCLOSE)))
{
logp_ssl_err("Problem joining SSL to the socket\n");
return -1;
}
SSL_set_bio(*ssl, sbio, sbio);
if(SSL_connect(*ssl)<=0)
{
logp_ssl_err("SSL connect error\n");
return -1;
}
return 0;
}示例8: SSL_CTX_set_session_id_context
void SSLContext::setSessionCacheContext(const std::string& context) {
SSL_CTX_set_session_id_context(
ctx_,
reinterpret_cast<const unsigned char*>(context.data()),
std::min(
static_cast<int>(context.length()), SSL_MAX_SSL_SESSION_ID_LENGTH));
}示例9: openssl_ssl_ctx_sessions
static int openssl_ssl_ctx_sessions(lua_State*L)
{
SSL_CTX* ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
if (lua_isstring(L, 2))
{
size_t s;
unsigned char* sid_ctx = (unsigned char*)luaL_checklstring(L, 2, &s);
int ret = SSL_CTX_set_session_id_context(ctx, sid_ctx, s);
lua_pushboolean(L, ret);
return 1;
}
else
{
SSL_SESSION *s = CHECK_OBJECT(2, SSL_SESSION, "openssl.ssl_session");
int add = 1;
if (!lua_isnoneornil(L, 3))
add = auxiliar_checkboolean(L, 3);
if (add)
add = SSL_CTX_add_session(ctx, s);
else
add = SSL_CTX_remove_session(ctx, s);
lua_pushboolean(L, add);
return 1;
}
}示例10: _validateCertificates
SSLManager::SSLManager(const Params& params) :
_validateCertificates(false),
_weakValidation(params.weakCertificateValidation) {
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
if (params.fipsMode) {
_setupFIPS();
}
// Add all digests and ciphers to OpenSSL's internal table
// so that encryption/decryption is backwards compatible
OpenSSL_add_all_algorithms();
_context = SSL_CTX_new(SSLv23_method());
massert(15864,
mongoutils::str::stream() << "can't create SSL Context: " <<
_getSSLErrorMessage(ERR_get_error()),
_context);
// Activate all bug workaround options, to support buggy client SSL's.
SSL_CTX_set_options(_context, SSL_OP_ALL);
// If renegotiation is needed, don't return from recv() or send() until it's successful.
// Note: this is for blocking sockets only.
SSL_CTX_set_mode(_context, SSL_MODE_AUTO_RETRY);
// Set context within which session can be reused
int status = SSL_CTX_set_session_id_context(
_context,
static_cast<unsigned char*>(static_cast<void*>(&_context)),
sizeof(_context));
if (!status) {
uasserted(16768,"ssl initialization problem");
}
SSLThreadInfo::init();
SSLThreadInfo::get();
if (!params.pemfile.empty()) {
if (!_setupPEM(params.pemfile, params.pempwd)) {
uasserted(16562, "ssl initialization problem");
}
}
if (!params.cafile.empty()) {
// Set up certificate validation with a certificate authority
if (!_setupCA(params.cafile)) {
uasserted(16563, "ssl initialization problem");
}
}
if (!params.crlfile.empty()) {
if (!_setupCRL(params.crlfile)) {
uasserted(16582, "ssl initialization problem");
}
}
}示例11: massert
bool SSLManager::_initSSLContext(SSL_CTX** context, const Params& params) {
*context = SSL_CTX_new(SSLv23_method());
massert(15864,
mongoutils::str::stream() << "can't create SSL Context: " <<
getSSLErrorMessage(ERR_get_error()),
context);
// SSL_OP_ALL - Activate all bug workaround options, to support buggy client SSL's.
// SSL_OP_NO_SSLv2 - Disable SSL v2 support
SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2);
// If renegotiation is needed, don't return from recv() or send() until it's successful.
// Note: this is for blocking sockets only.
SSL_CTX_set_mode(*context, SSL_MODE_AUTO_RETRY);
// Set context within which session can be reused
int status = SSL_CTX_set_session_id_context(
*context,
static_cast<unsigned char*>(static_cast<void*>(context)),
sizeof(*context));
if (!status) {
error() << "failed to set session id context: " <<
getSSLErrorMessage(ERR_get_error()) << endl;
return false;
}
// Use the clusterfile for internal outgoing SSL connections if specified
if (context == &_clientContext && !params.clusterfile.empty()) {
EVP_set_pw_prompt("Enter cluster certificate passphrase");
if (!_setupPEM(*context, params.clusterfile, params.clusterpwd)) {
return false;
}
}
// Use the pemfile for everything else
else if (!params.pemfile.empty()) {
EVP_set_pw_prompt("Enter PEM passphrase");
if (!_setupPEM(*context, params.pemfile, params.pempwd)) {
return false;
}
}
if (!params.cafile.empty()) {
// Set up certificate validation with a certificate authority
if (!_setupCA(*context, params.cafile)) {
return false;
}
}
if (!params.crlfile.empty()) {
if (!_setupCRL(*context, params.crlfile)) {
return false;
}
}
return true;
}示例12: Context
Context(SSL_CTX* context)
: ctx(context)
{
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify);
const unsigned char session_id[] = "inspircd";
SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1);
}示例13: tls_init_cache
static void tls_init_cache(void)
{
static const char *tls_ctx_id = "pure-ftpd";
SSL_CTX_set_session_cache_mode(tls_ctx, SSL_SESS_CACHE_SERVER);
SSL_CTX_set_session_id_context(tls_ctx, (unsigned char *) tls_ctx_id,
(unsigned int) strlen(tls_ctx_id));
SSL_CTX_sess_set_cache_size(tls_ctx, 10);
SSL_CTX_set_timeout(tls_ctx, 60 * 60L);
}示例14: start
void start() override {
if(set_session_id_context) {
// Creating session_id_context from address:port but reversed due to small SSL_MAX_SSL_SESSION_ID_LENGTH
session_id_context = std::to_string(config.port) + ':';
session_id_context.append(config.address.rbegin(), config.address.rend());
SSL_CTX_set_session_id_context(context.native_handle(), reinterpret_cast<const unsigned char *>(session_id_context.data()),
std::min<size_t>(session_id_context.size(), SSL_MAX_SSL_SESSION_ID_LENGTH));
}
ServerBase::start();
}示例15: init_ctx
SSL_CTX * KSSLSocket::init_server(const char *cert_file, const char *key_file,
const char *verified_file) {
SSL_CTX * ctx = init_ctx(true);
if (ctx == NULL) {
fprintf(stderr, "cann't init_ctx\n");
return NULL;
}
if (cert_file == NULL) {
cert_file = key_file;
}
if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
fprintf(stderr,
"SSL use certificate file : Error allocating handle: %s\n",
ERR_error_string(ERR_get_error(), NULL));
clean_ctx(ctx);
return NULL;
}
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
fprintf(stderr,
"SSL use privatekey file: Error allocating handle: %s\n",
ERR_error_string(ERR_get_error(), NULL));
clean_ctx(ctx);
return NULL;
}
if (!SSL_CTX_check_private_key(ctx)) {
fprintf(stderr, "SSL: Error allocating handle: %s\n", ERR_error_string(
ERR_get_error(), NULL));
clean_ctx(ctx);
return NULL;
}
if (verified_file) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
SSL_CTX_set_verify_depth(ctx, 1);
if (SSL_CTX_load_verify_locations(ctx, verified_file, NULL) <= 0) {
fprintf(stderr, "SSL error %s:%d: Error allocating handle: %s\n",
__FILE__, __LINE__, ERR_error_string(ERR_get_error(), NULL));
clean_ctx(ctx);
return NULL;
}
}
int session_context_len = strlen(cert_file);
const char *session_context = cert_file;
int pos = session_context_len - SSL_MAX_SSL_SESSION_ID_LENGTH;
if (pos>0) {
session_context_len -= pos;
session_context += pos;
}
SSL_CTX_set_session_id_context(ctx,(const unsigned char *)session_context,session_context_len);
SSL_CTX_set_session_cache_mode(ctx,SSL_SESS_CACHE_SERVER);
//SSL_CTX_sess_set_cache_size(ctx,1000);
return ctx;
}