当前位置: 首页>>代码示例>>C++>>正文

C++ SSL_CTX_set_tmp_ecdh函数代码示例

本文整理汇总了C++中SSL_CTX_set_tmp_ecdh函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_CTX_set_tmp_ecdh函数的具体用法?C++ SSL_CTX_set_tmp_ecdh怎么用?C++ SSL_CTX_set_tmp_ecdh使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了SSL_CTX_set_tmp_ecdh函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: OBJ_sn2nid

void Context::initECDH(const std::string& curve)
{
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
	int nid = 0;
	if (!curve.empty()) 
	{
		nid = OBJ_sn2nid(curve.c_str());
	} 
	else 
	{
		nid = OBJ_sn2nid("prime256v1");
	}
	if (nid == 0) 
	{
		throw SSLContextException("Unknown ECDH curve name", curve);
	}

	EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid);
	if (!ecdh) 
	{
		throw SSLContextException("Cannot create ECDH curve");
	}
	SSL_CTX_set_tmp_ecdh(_pSSLContext, ecdh);
	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
	EC_KEY_free(ecdh);
#endif
#endif
}
开发者ID:RobertAcksel,项目名称:poco,代码行数:29,代码来源:Context.cpp

示例2: listen_sslctx_setup_2

void
listen_sslctx_setup_2(void* ctxt)
{
#ifdef HAVE_SSL
	SSL_CTX* ctx = (SSL_CTX*)ctxt;
	(void)ctx;
#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
	if(!SSL_CTX_set_ecdh_auto(ctx,1)) {
		log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE");
	}
#elif defined(USE_ECDSA)
	if(1) {
		EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
		if (!ecdh) {
			log_crypto_err("could not find p256, not enabling ECDHE");
		} else {
			if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) {
				log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE");
			}
			EC_KEY_free (ecdh);
		}
	}
#endif
#else
	(void)ctxt;
#endif /* HAVE_SSL */
}
开发者ID:derekmarcotte,项目名称:freebsd,代码行数:27,代码来源:net_help.c

示例3: set_curve

static int set_curve(lua_State *L)
{
  long ret;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *str = luaL_checkstring(L, 2);
  EC_KEY *key = find_ec_key(str);

  if (!key) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "elliptic curve %s not supported", str);
    return 2;
  }

  ret = SSL_CTX_set_tmp_ecdh(ctx, key);
  /* SSL_CTX_set_tmp_ecdh takes its own reference */
  EC_KEY_free(key);

  if (!ret) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "error setting elliptic curve (%s)",
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
}
开发者ID:armatys,项目名称:luasec,代码行数:26,代码来源:context.c

示例4: cmd_ECDHParameters

/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
{
    int rv = 1;
    EC_KEY *ecdh;
    int nid;

    /* Ignore values supported by 1.0.2 for the automatic selection */
    if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
        strcasecmp(value, "+automatic") == 0)
        return 1;
    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
        strcmp(value, "auto") == 0)
        return 1;

    nid = EC_curve_nist2nid(value);
    if (nid == NID_undef)
        nid = OBJ_sn2nid(value);
    if (nid == 0)
        return 0;
    ecdh = EC_KEY_new_by_curve_name(nid);
    if (!ecdh)
        return 0;
    if (cctx->ctx)
        rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
    else if (cctx->ssl)
        rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
    EC_KEY_free(ecdh);

    return rv > 0;
}
开发者ID:matthauck,项目名称:openssl,代码行数:31,代码来源:ssl_conf.c

示例5: lws_context_ssl_init_ecdh_curve

static int
lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
				struct lws_vhost *vhost)
{
#ifdef LWS_HAVE_OPENSSL_ECDH_H
	EC_KEY *ecdh;
	int ecdh_nid;
	const char *ecdh_curve = "prime256v1";

	if (info->ecdh_curve)
		ecdh_curve = info->ecdh_curve;

	ecdh_nid = OBJ_sn2nid(ecdh_curve);
	if (NID_undef == ecdh_nid) {
		lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve);
		return 1;
	}

	ecdh = EC_KEY_new_by_curve_name(ecdh_nid);
	if (NULL == ecdh) {
		lwsl_err("SSL: Unable to create curve '%s'", ecdh_curve);
		return 1;
	}
	SSL_CTX_set_tmp_ecdh(vhost->ssl_ctx, ecdh);
	EC_KEY_free(ecdh);

	SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);

	lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve);
#else
	lwsl_notice(" OpenSSL doesn't support ECDH\n");
#endif
	return 0;
}
开发者ID:bd5times,项目名称:libwebsockets,代码行数:34,代码来源:ssl-server.c

示例6: engine_init_server

VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
    VALUE obj;
    SSL_CTX* ctx;
    SSL* ssl;

    ms_conn* conn = engine_alloc(self, &obj);

    ID sym_key = rb_intern("key");
    VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);

    ID sym_cert = rb_intern("cert");
    VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);

    ID sym_ca = rb_intern("ca");
    VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);

    ID sym_verify_mode = rb_intern("verify_mode");
    VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);

    ctx = SSL_CTX_new(SSLv23_server_method());
    conn->ctx = ctx;

    SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
    SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);

    if (!NIL_P(ca)) {
        SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
    }

    SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION);
    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);

    SSL_CTX_set_cipher_list(ctx, "HIGH:[email protected]");

    DH *dh = get_dh1024();
    SSL_CTX_set_tmp_dh(ctx, dh);

#ifndef OPENSSL_NO_ECDH
    EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
    if (ecdh) {
        SSL_CTX_set_tmp_ecdh(ctx, ecdh);
        EC_KEY_free(ecdh);
    }
#endif

    ssl = SSL_new(ctx);
    conn->ssl = ssl;
    SSL_set_app_data(ssl, NULL);

    if (NIL_P(verify_mode)) {
        /* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */
    } else {
        SSL_set_verify(ssl, NUM2INT(verify_mode), engine_verify_callback);
    }

    SSL_set_bio(ssl, conn->read, conn->write);

    SSL_set_accept_state(ssl);
    return obj;
}
开发者ID:zendesk,项目名称:puma,代码行数:60,代码来源:mini_ssl.c

示例7: initialize_ecdh

/*
 * Set ECDH parameters for generating ephemeral Elliptic Curve DH
 * keys.  This is much simpler than the DH parameters, as we just
 * need to provide the name of the curve to OpenSSL.
 */
static bool
initialize_ecdh(SSL_CTX *context, bool isServerStart)
{
#ifndef OPENSSL_NO_ECDH
	EC_KEY	   *ecdh;
	int			nid;

	nid = OBJ_sn2nid(SSLECDHCurve);
	if (!nid)
	{
		ereport(isServerStart ? FATAL : LOG,
				(errcode(ERRCODE_CONFIG_FILE_ERROR),
				 errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
		return false;
	}

	ecdh = EC_KEY_new_by_curve_name(nid);
	if (!ecdh)
	{
		ereport(isServerStart ? FATAL : LOG,
				(errcode(ERRCODE_CONFIG_FILE_ERROR),
				 errmsg("ECDH: could not create key")));
		return false;
	}

	SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
	SSL_CTX_set_tmp_ecdh(context, ecdh);
	EC_KEY_free(ecdh);
#endif

	return true;
}
开发者ID:adityavs,项目名称:postgres,代码行数:37,代码来源:be-secure-openssl.c

示例8: swSSL_set_ecdh_curve

static int swSSL_set_ecdh_curve(SSL_CTX* ssl_context)
{
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH

    EC_KEY *ecdh;
    /*
     * Elliptic-Curve Diffie-Hellman parameters are either "named curves"
     * from RFC 4492 section 5.1.1, or explicitly described curves over
     * binary fields. OpenSSL only supports the "named curves", which provide
     * maximum interoperability.
     */
    int nid = OBJ_sn2nid(SW_SSL_ECDH_CURVE);
    if (nid == 0)
    {
        swWarn("Unknown curve name \"%s\"", SW_SSL_ECDH_CURVE);
        return SW_ERR;
    }

    ecdh = EC_KEY_new_by_curve_name(nid);
    if (ecdh == NULL)
    {
        swWarn("Unable to create curve \"%s\"", SW_SSL_ECDH_CURVE);
        return SW_ERR;
    }

    SSL_CTX_set_options(ssl_context, SSL_OP_SINGLE_ECDH_USE);
    SSL_CTX_set_tmp_ecdh(ssl_context, ecdh);

    EC_KEY_free(ecdh);
#endif
#endif

    return SW_OK;
}
开发者ID:2yeslater,项目名称:swoole-src,代码行数:35,代码来源:SSL.c

示例9: ribs_ssl_set_options

int ribs_ssl_set_options(SSL_CTX *ssl_ctx, char *cipher_list) {
    /* bugs */
    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); /* almost all bugs */
    SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); /* disable SSLv2 per RFC 6176 */
    SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); /* disable SSLv3. goodbye IE6 */
    SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
    SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);

    /* ciphers */
    if (!cipher_list)
        cipher_list = _HTTP_SERVER_SSL_CIPHERS;
    SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
    if (0 == SSL_CTX_set_cipher_list(ssl_ctx, cipher_list))
        return LOGGER_ERROR("failed to initialize SSL:cipher_list"), -1;

    /* DH 2048 bits */
    SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_DH_USE);
    DH *dh = DH_new();
    dh->p = get_rfc3526_prime_2048(NULL);
    BN_dec2bn(&dh->g, "2");
    if (0 == SSL_CTX_set_tmp_dh(ssl_ctx, dh))
        return LOGGER_ERROR("failed to initialize SSL:dh"), -1;
    DH_free(dh);

    /* Ecliptic Curve DH */
    SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
    EC_KEY *ecdh = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime256v1"));
    if (ecdh == NULL)
        return LOGGER_ERROR("failed to initialize SSL:edch"), -1;
    SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
    EC_KEY_free(ecdh);

    return 0;
}
开发者ID:TrueSkills,项目名称:ribs2,代码行数:34,代码来源:ribs_ssl.c

示例10: setup_ctx

/** setup SSL context */
static SSL_CTX*
setup_ctx(char* key, char* cert)
{
	SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
	if(!ctx) print_exit("out of memory");
	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
	if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
		print_exit("cannot read cert");
	if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
		print_exit("cannot read key");
	if(!SSL_CTX_check_private_key(ctx))
		print_exit("private key is not correct");
#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
	if (!SSL_CTX_set_ecdh_auto(ctx,1))
		if(verb>=1) printf("failed to set_ecdh_auto, not enabling ECDHE\n");
#elif defined(USE_ECDSA)
	if(1) {
		EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
		if (!ecdh) {
			if(verb>=1) printf("could not find p256, not enabling ECDHE\n");
		} else {
			if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) {
				if(verb>=1) printf("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE\n");
			}
			EC_KEY_free(ecdh);
		}
	}
#endif
	if(!SSL_CTX_load_verify_locations(ctx, cert, NULL))
		print_exit("cannot load cert verify locations");
	return ctx;
}
开发者ID:Bluecoreg,项目名称:monero,代码行数:34,代码来源:petal.c

示例11: OBJ_sn2nid

void SSLContext::setServerECCurve(const std::string& curveName) {
  bool validCall = false;
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
  validCall = true;
#endif
#endif
  if (!validCall) {
    throw std::runtime_error("Elliptic curve encryption not allowed");
  }

  EC_KEY* ecdh = nullptr;
  int nid;

  /*
   * Elliptic-Curve Diffie-Hellman parameters are either "named curves"
   * from RFC 4492 section 5.1.1, or explicitly described curves over
   * binary fields. OpenSSL only supports the "named curves", which provide
   * maximum interoperability.
   */

  nid = OBJ_sn2nid(curveName.c_str());
  if (nid == 0) {
    LOG(FATAL) << "Unknown curve name:" << curveName.c_str();
    return;
  }
  ecdh = EC_KEY_new_by_curve_name(nid);
  if (ecdh == nullptr) {
    LOG(FATAL) << "Unable to create curve:" << curveName.c_str();
    return;
  }

  SSL_CTX_set_tmp_ecdh(ctx_, ecdh);
  EC_KEY_free(ecdh);
}
开发者ID:1Hgm,项目名称:folly,代码行数:35,代码来源:SSLContext.cpp

示例12: tls_init_ecdh_curve

static int tls_init_ecdh_curve(void)
{
#ifdef SSL_CTRL_SET_ECDH_AUTO
    SSL_CTX_ctrl(tls_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
    return 0;
#else
# ifndef SSL_OP_SINGLE_ECDH_USE
    errno = ENOTSUP;
    return -1;
# else
    const char *curve_name;
    EC_KEY     *curve;
    int         nid;

    curve_name = TLS_DEFAULT_ECDH_CURVE;
    if ((nid = OBJ_sn2nid(curve_name)) == NID_undef) {
        logfile(LOG_INFO, "Curve [%s] not supported", curve_name);
        errno = ENOTSUP;
        return -1;
    }
    if ((curve = EC_KEY_new_by_curve_name(nid)) == NULL) {
        logfile(LOG_INFO, "Curve [%s] is not usable", curve_name);
        errno = ENOTSUP;
        return -1;
    }
    SSL_CTX_set_options(tls_ctx, SSL_OP_SINGLE_ECDH_USE);
    SSL_CTX_set_tmp_ecdh(tls_ctx, curve);
    EC_KEY_free(curve);

    return 0;
# endif
#endif
}
开发者ID:jedisct1,项目名称:pure-ftpd,代码行数:33,代码来源:tls.c

示例13: ocaml_ssl_ctx_init_ec_from_named_curve

CAMLprim value ocaml_ssl_ctx_init_ec_from_named_curve(value context, value curve_name)
{
  CAMLparam2(context, curve_name);
  EC_KEY *ecdh = NULL;
  int nid = 0;
  SSL_CTX *ctx = Ctx_val(context);
  char *ec_curve_name = String_val(curve_name);

  if(*ec_curve_name == 0)
    caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));

  nid = OBJ_sn2nid(ec_curve_name);
  if(nid == 0){
    caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
  }

  caml_enter_blocking_section();
  ecdh = EC_KEY_new_by_curve_name(nid);
  if(ecdh != NULL){
    if(SSL_CTX_set_tmp_ecdh(ctx,ecdh) != 1){
      caml_leave_blocking_section();
      caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
    }
    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
    caml_leave_blocking_section();
    EC_KEY_free(ecdh);
  }
  else{
    caml_leave_blocking_section();
    caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error"));
  }
  CAMLreturn(Val_unit);
}
开发者ID:marcolinoas,项目名称:libres3,代码行数:33,代码来源:ssl_stubs.c

示例14: ssl_set_ecdh_curve

void
ssl_set_ecdh_curve(SSL_CTX *ctx, const char *curve)
{
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
	int	nid;
	EC_KEY *ecdh;

	if (curve == NULL)
		curve = SSL_ECDH_CURVE;
	if ((nid = OBJ_sn2nid(curve)) == 0) {
		ssl_error("ssl_set_ecdh_curve");
		fatal("ssl_set_ecdh_curve: unknown curve name %s", curve);
	}

	if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
		ssl_error("ssl_set_ecdh_curve");
		fatal("ssl_set_ecdh_curve: unable to create curve %s", curve);
	}

	SSL_CTX_set_tmp_ecdh(ctx, ecdh);
	SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
	EC_KEY_free(ecdh);
#endif
#endif
}
开发者ID:nmandery,项目名称:deb-opensmtpd,代码行数:26,代码来源:ssl.c

示例15: init_ssl

int
init_ssl(void *ssl_context, void *user_data)
{
	/* Add application specific SSL initialization */
	struct ssl_ctx_st *ctx = (struct ssl_ctx_st *)ssl_context;

#ifdef USE_SSL_DH
	/* example from https://github.com/civetweb/civetweb/issues/347 */
	DH *dh = get_dh2236();
	if (!dh)
		return -1;
	if (1 != SSL_CTX_set_tmp_dh(ctx, dh))
		return -1;
	DH_free(dh);

	EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
	if (!ecdh)
		return -1;
	if (1 != SSL_CTX_set_tmp_ecdh(ctx, ecdh))
		return -1;
	EC_KEY_free(ecdh);

	printf("ECDH ciphers initialized\n");
#endif
	return 0;
}
开发者ID:apache,项目名称:nifi-minifi-cpp,代码行数:26,代码来源:embedded_c.c


注:本文中的SSL_CTX_set_tmp_ecdh函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。