本文整理汇总了C++中SSL_CTX_use_certificate函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_CTX_use_certificate函数的具体用法?C++ SSL_CTX_use_certificate怎么用?C++ SSL_CTX_use_certificate使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_CTX_use_certificate函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: LOG_ASSERT
bool VSslServer::setKeyCrtStuff(VError& error, SSL_CTX* ctx, EVP_PKEY* key, X509* crt)
{
LOG_ASSERT(key != NULL);
LOG_ASSERT(crt != NULL);
int res = SSL_CTX_use_certificate(ctx, crt);
if (res <= 0)
{
error = VSslError(QString("SSL_CTX_use_certificate return %1").arg(res), VSslError::IN_SSL_CTX_USE_CERTIFICATE);
return false;
}
res = SSL_CTX_use_PrivateKey(ctx, key);
if (res <= 0)
{
error = VSslError(QString("SSL_CTX_use_PrivateKey return %1").arg(res), VSslError::SSL_CTX_USER_PRIVATEKEY);
return false;
}
res = SSL_CTX_check_private_key(ctx);
if (!res)
{
error = VSslError(QString("SSL_CTX_check_private_key return %1").arg(res), VSslError::SSL_CTX_CHECK_PRIVATEKEY);
return false;
}
return true;
}示例2: loadCertFile
static int loadCertFile(SSL_CTX *pCtx, const char *pFile, int type)
{
char *pBegin, buf[MAX_CERT_LENGTH];
BIO *in;
X509 *cert = NULL;
int len;
int ret;
unsigned int digestlen;
unsigned char digest[EVP_MAX_MD_SIZE];
/* THIS FILE TYPE WILL NOT BE HANDLED HERE.
* Just left this here in case of future implementation.*/
if (translateType(type) == SSL_FILETYPE_ASN1)
return LS_FAIL;
len = loadPemWithMissingDash(pFile, buf, MAX_CERT_LENGTH, &pBegin);
if (len == -1)
return LS_FAIL;
in = BIO_new_mem_buf((void *)pBegin, len);
cert = PEM_read_bio_X509(in, NULL, 0, NULL);
BIO_free(in);
if (!cert)
return LS_FAIL;
if (( ret = SSL_CTX_use_certificate(pCtx, cert)) == 1 )
{
if ( X509_digest(cert, EVP_sha1(), digest, &digestlen) == 0)
LS_DBG_L("Creating cert digest failed");
else if (SslContext::setupIdContext(pCtx, digest, digestlen) != LS_OK)
LS_DBG_L("Digest id context failed");
}
X509_free(cert);
return ret;
}示例3: bio
void SSLContext::loadCertificateFromBufferPEM(folly::StringPiece cert) {
if (cert.data() == nullptr) {
throw std::invalid_argument("loadCertificate: <cert> is nullptr");
}
ssl::BioUniquePtr bio(BIO_new(BIO_s_mem()));
if (bio == nullptr) {
throw std::runtime_error("BIO_new: " + getErrors());
}
int written = BIO_write(bio.get(), cert.data(), cert.size());
if (written <= 0 || static_cast<unsigned>(written) != cert.size()) {
throw std::runtime_error("BIO_write: " + getErrors());
}
ssl::X509UniquePtr x509(
PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
if (x509 == nullptr) {
throw std::runtime_error("PEM_read_bio_X509: " + getErrors());
}
if (SSL_CTX_use_certificate(ctx_, x509.get()) == 0) {
throw std::runtime_error("SSL_CTX_use_certificate: " + getErrors());
}
}示例4: tls_ctx_load_cert_file
void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
#if ENABLE_INLINE_FILES
const char *cert_file_inline,
#endif
X509 **x509
)
{
BIO *in = NULL;
X509 *x = NULL;
int ret = 0;
bool inline_file = false;
ASSERT (NULL != ctx);
if (NULL != x509)
ASSERT (NULL == *x509);
#if ENABLE_INLINE_FILES
inline_file = (strcmp (cert_file, INLINE_FILE_TAG) == 0);
if (inline_file && cert_file_inline)
in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
else
#endif /* ENABLE_INLINE_FILES */
in = BIO_new_file (cert_file, "r");
if (in == NULL)
{
SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
x = PEM_read_bio_X509 (in, NULL, ctx->ctx->default_passwd_callback,
ctx->ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
goto end;
}
ret = SSL_CTX_use_certificate (ctx->ctx, x);
if (ret)
tls_ctx_add_extra_certs (ctx, in);
end:
if (!ret)
{
if (inline_file)
msg (M_SSLERR, "Cannot load inline certificate file");
else
msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
}
if (in != NULL)
BIO_free(in);
if (x509)
*x509 = x;
else if (x)
X509_free (x);
}示例5: sslctxfun
static CURLcode sslctxfun( CURL * curl, void * sslctx, void * parm ) {
sslctxparm * p = (sslctxparm *) parm;
SSL_CTX * ctx = (SSL_CTX *) sslctx ;
if ( !SSL_CTX_use_certificate( ctx,p->usercert ) ) {
BIO_printf( p->errorbio, "SSL_CTX_use_certificate problem\n" ); goto err;
}
if ( !SSL_CTX_use_PrivateKey( ctx,p->pkey ) ) {
BIO_printf( p->errorbio, "SSL_CTX_use_PrivateKey\n" ); goto err;
}
if ( !SSL_CTX_check_private_key( ctx ) ) {
BIO_printf( p->errorbio, "SSL_CTX_check_private_key\n" ); goto err;
}
SSL_CTX_set_quiet_shutdown( ctx,1 );
SSL_CTX_set_cipher_list( ctx,"RC4-MD5" );
SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY );
X509_STORE_add_cert( ctx->cert_store,sk_X509_value( p->ca,sk_X509_num( p->ca ) - 1 ) );
SSL_CTX_set_verify_depth( ctx,2 );
SSL_CTX_set_verify( ctx,SSL_VERIFY_PEER,NULL );
SSL_CTX_set_cert_verify_callback( ctx, ssl_app_verify_callback, parm );
return CURLE_OK ;
err:
ERR_print_errors( p->errorbio );
return CURLE_SSL_CERTPROBLEM;
}示例6: validate_client_server_cert
int validate_client_server_cert(SSL_CTX* ctx, X509 *client_cert, const char *keyfile)
{
if ( client_cert != NULL )
{
if (SSL_CTX_use_certificate(ctx, client_cert) <= 0)
{
ERR_print_errors_fp(stderr);
abort();
}
else
printf("SSL_CTX_use_certificate OK\n");
if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
abort();
}
else
printf("SSL_CTX_use_PrivateKey_file OK\n");
/* verify private key between client certificate and stored private key to see if they match*/
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr, "Private key of server does not match the public client certificate\n");
abort();
}
return 0;
}
return 1;
}示例7: ELOG_DEBUG
// memory is only valid for duration of callback; must be copied if queueing
// is required
DtlsSocketContext::DtlsSocketContext() {
started = false;
mSocket = NULL;
receiver = NULL;
DtlsSocketContext::Init();
ELOG_DEBUG("Creating Dtls factory, Openssl v %s", OPENSSL_VERSION_TEXT);
mContext = SSL_CTX_new(DTLSv1_method());
assert(mContext);
int r = SSL_CTX_use_certificate(mContext, mCert);
assert(r == 1);
r = SSL_CTX_use_PrivateKey(mContext, privkey);
assert(r == 1);
SSL_CTX_set_cipher_list(mContext, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSL_CTX_set_info_callback(mContext, SSLInfoCallback);
SSL_CTX_set_verify(mContext, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
SSLVerifyCallback);
// SSL_CTX_set_session_cache_mode(mContext, SSL_SESS_CACHE_OFF);
// SSL_CTX_set_options(mContext, SSL_OP_NO_TICKET);
// Set SRTP profiles
r = SSL_CTX_set_tlsext_use_srtp(mContext, DefaultSrtpProfile);
assert(r == 0);
SSL_CTX_set_verify_depth(mContext, 2);
SSL_CTX_set_read_ahead(mContext, 1);
ELOG_DEBUG("DtlsSocketContext %p created", this);
}示例8: InvalidCertificate
void ContextImpl::setIdentity(const Certificate& cert)
{
if( ! cert.impl()->pkey() )
throw InvalidCertificate("invalid certificate");
if(_pkey)
EVP_PKEY_free(_pkey);
_pkey = 0;
if(_x509)
X509_free(_x509);
_x509 = 0;
_x509 = copyX509( cert.impl()->x509() );
_pkey = copyPrivateKey( cert.impl()->pkey() );
if( ! SSL_CTX_use_certificate(_ctx, _x509) )
{
throw InvalidCertificate("invalid certificate");
}
if( ! SSL_CTX_use_PrivateKey( _ctx, _pkey ) )
{
throw InvalidCertificate("invalid certificate");
}
// openssl will not check the private key of this context against the
// certifictate. TO do so call SSL_CTX_check_private_key(_ctx)
}示例9: CRYPTO_num_locks
bool
SSLContext::Init(X509 *pCert, EVP_PKEY *pPrivatekey){
int nLockCt = CRYPTO_num_locks();
InitializeCryptoLocks(nLockCt);
#ifdef _DEBUG
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options (V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl (CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_locking_callback (&ssl_lock_callback);
CRYPTO_set_dynlock_create_callback (&ssl_lock_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback (&ssl_lock_dyn_callback);
CRYPTO_set_dynlock_destroy_callback (&ssl_lock_dyn_destroy_callback);
SSL_load_error_strings ();
SSL_library_init ();
// Initialize and verify SSL context. {{
const SSL_METHOD* meth = SSLv23_method();
m_pssl_ctx = SSL_CTX_new(meth);
SSL_CTX_set_verify(m_pssl_ctx, SSL_VERIFY_NONE, nullptr);
// }}
#ifdef _SERVER
SSL_CTX_set_options(m_pssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
if( pCert )
SSL_CTX_use_certificate (m_pssl_ctx, pCert);
if( pPrivatekey )
SSL_CTX_use_PrivateKey (m_pssl_ctx, pPrivatekey);
return true;
}示例10: set_cert_key_stuff
int
set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
{
if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
BIO_printf(bio_err, "error setting certificate\n");
ERR_print_errors(bio_err);
return 0;
}
if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
BIO_printf(bio_err, "error setting private key\n");
ERR_print_errors(bio_err);
return 0;
}
/*
* Now we know that a key and cert have been set against the SSL
* context
*/
if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,
"Private key does not match the certificate public key\n");
return 0;
}
return 1;
}示例11: useCertFile
int
useCertFile(SSL_CTX* ctx, const char* path, const char* passphrase, const char* cacertfile)
{
FILE *p12_file;
PKCS12 *p12_cert = NULL;
EVP_PKEY *pkey;
X509 *x509_cert;
p12_file = fopen(path, "r");
if (!p12_file)
{
timestamp_f(stderr);
perror(path);
return -1;
}
d2i_PKCS12_fp(p12_file, &p12_cert);
fclose(p12_file);
if (!PKCS12_parse(p12_cert, passphrase, &pkey, &x509_cert, NULL))
{
int error = ERR_get_error();
timestamp_f(stderr);
fprintf(stderr, "failed to parse p12 file; error %d\n", error);
PKCS12_free(p12_cert);
return -1;
}
PKCS12_free(p12_cert);
if (!SSL_CTX_use_certificate(ctx, x509_cert))
{
int error = ERR_get_error();
timestamp_f(stderr);
fprintf(stderr, "failed to set cert for SSL context; error %d\n", error);
X509_free(x509_cert);
EVP_PKEY_free(pkey);
return -1;
}
X509_free(x509_cert);
if (!SSL_CTX_use_PrivateKey(ctx, pkey))
{
int error = ERR_get_error();
timestamp_f(stderr);
fprintf(stderr, "failed to set private key for SSL context; error %d\n", error);
EVP_PKEY_free(pkey);
return -1;
}
EVP_PKEY_free(pkey);
if (cacertfile && *cacertfile && !SSL_CTX_load_verify_locations(ctx, cacertfile, NULL))
{
timestamp_f(stderr);
fprintf(stderr, "failed to load root cert for verification from %s\n", cacertfile);
return -1;
}
return 0;
}示例12: SSL_CTX_use_certificate_chain_mem
int
SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *data, int data_len)
{
pem_password_cb *psw_fn = ctx->default_passwd_callback;
void *psw_arg = ctx->default_passwd_callback_userdata;
X509 *cert;
BIO *bio = NULL;
int ok;
ERR_clear_error();
/* Read from memory */
bio = BIO_new_mem_buf(data, data_len);
if (!bio) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
goto failed;
}
/* Load primary cert */
cert = PEM_read_bio_X509_AUX(bio, NULL, psw_fn, psw_arg);
if (!cert) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
goto failed;
}
/* Increments refcount */
ok = SSL_CTX_use_certificate(ctx, cert);
X509_free(cert);
if (!ok || ERR_peek_error())
goto failed;
/* Load extra certs */
ok = SSL_CTX_clear_extra_chain_certs(ctx);
while (ok) {
cert = PEM_read_bio_X509(bio, NULL, psw_fn, psw_arg);
if (!cert) {
/* Is it EOF? */
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) != ERR_LIB_PEM)
break;
if (ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
break;
/* On EOF do successful exit */
BIO_free(bio);
ERR_clear_error();
return 1;
}
/* Does not increment refcount */
ok = SSL_CTX_add_extra_chain_cert(ctx, cert);
if (!ok)
X509_free(cert);
}
failed:
if (bio)
BIO_free(bio);
return 0;
}示例13: create_dtls_context
struct dtls_context *
create_dtls_context(const char *common)
{
if (common == NULL)
return NULL;
struct dtls_context *context = (struct dtls_context *)calloc(1, sizeof *context);
if (context == NULL)
return NULL;
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_CTX *ctx = SSL_CTX_new(DTLSv1_method());
if (ctx == NULL)
goto ctx_err;
context->ctx = ctx;
// ALL:NULL:eNULL:aNULL
if (SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1)
goto ctx_err;
SSL_CTX_set_read_ahead(ctx, 1); // for DTLS
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_certificate_cb);
EVP_PKEY *key = gen_key();
if (key == NULL)
goto ctx_err;
SSL_CTX_use_PrivateKey(ctx, key);
X509 *cert = gen_cert(key, common, 365);
if (cert == NULL)
goto ctx_err;
SSL_CTX_use_certificate(ctx, cert);
if (SSL_CTX_check_private_key(ctx) != 1)
goto ctx_err;
unsigned int len;
unsigned char buf[BUFFER_SIZE];
X509_digest(cert, EVP_sha256(), buf, &len);
char *p = context->fingerprint;
for (int i = 0; i < len; ++i) {
snprintf(p, 4, "%02X:", buf[i]);
p += 3;
}
*(p - 1) = 0;
if (0) {
ctx_err:
SSL_CTX_free(ctx);
free(context);
context = NULL;
}
return context;
}示例14: SSL_CTX_use_certificate
void SSLContext::useCertificate(const crypto::X509Certificate& certificate)
{
int errCode = SSL_CTX_use_certificate(_sslContext, const_cast<X509*>(certificate.certificate()));
if (errCode != 1)
{
std::string msg = getLastError();
throw std::runtime_error("SSL Error: Cannot set certificate for Context: " + msg);
}
}示例15: ConfigureIdentity
bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) {
// 1 is the documented success return code.
if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 ||
SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) {
LogSSLErrors("Configuring key and certificate");
return false;
}
return true;
}