本文整理汇总了C++中SSL_accept函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_accept函数的具体用法?C++ SSL_accept怎么用?C++ SSL_accept使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_accept函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: handle_connection
/* handles a client connection */
void handle_connection(int sock){
u_int32_t calculated_crc32;
command *temp_command;
packet receive_packet;
packet send_packet;
int bytes_to_send;
int bytes_to_recv;
char buffer[MAX_INPUT_BUFFER];
char raw_command[MAX_INPUT_BUFFER];
char processed_command[MAX_INPUT_BUFFER];
int result=STATE_OK;
int early_timeout=FALSE;
int rc;
int x;
#ifdef DEBUG
FILE *errfp;
#endif
#ifdef HAVE_SSL
SSL *ssl=NULL;
#endif
/* log info to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"Handling the connection...");
#ifdef OLDSTUFF
/* socket should be non-blocking */
fcntl(sock,F_SETFL,O_NONBLOCK);
#endif
/* set connection handler */
signal(SIGALRM,my_connection_sighandler);
alarm(connection_timeout);
#ifdef HAVE_SSL
/* do SSL handshake */
if(result==STATE_OK && use_ssl==TRUE){
if((ssl=SSL_new(ctx))!=NULL){
SSL_set_fd(ssl,sock);
/* keep attempting the request if needed */
while(((rc=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ));
if(rc!=1){
syslog(LOG_ERR,"Error: Could not complete SSL handshake. %d\n",SSL_get_error(ssl,rc));
#ifdef DEBUG
errfp=fopen("/tmp/err.log","w");
ERR_print_errors_fp(errfp);
fclose(errfp);
#endif
return;
}
}
else{
syslog(LOG_ERR,"Error: Could not create SSL connection structure.\n");
#ifdef DEBUG
errfp=fopen("/tmp/err.log","w");
ERR_print_errors_fp(errfp);
fclose(errfp);
#endif
return;
}
}
#endif
bytes_to_recv=sizeof(receive_packet);
if(use_ssl==FALSE)
rc=recvall(sock,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
#ifdef HAVE_SSL
else{
while(((rc=SSL_read(ssl,&receive_packet,bytes_to_recv))<=0) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ));
}
#endif
/* recv() error or client disconnect */
if(rc<=0){
/* log error to syslog facility */
syslog(LOG_ERR,"Could not read request from client, bailing out...");
#ifdef HAVE_SSL
if(ssl){
SSL_shutdown(ssl);
SSL_free(ssl);
syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
}
#endif
return;
}
/* we couldn't read the correct amount of data, so bail out */
else if(bytes_to_recv!=sizeof(receive_packet)){
/* log error to syslog facility */
syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
#ifdef HAVE_SSL
//.........这里部分代码省略.........
示例2: main
//.........这里部分代码省略.........
if(ssl_socket<0){
fprintf(stderr, "Could not make secure client "
"socket non-blocking.\n");
return -1;
}
// Create epoll interface for the secure client connection
ssl_event.data.fd = insocket_fd;
ssl_event.events = EPOLLIN;
ssl_socket = epoll_ctl(epoll_fd, EPOLL_CTL_ADD,
insocket_fd, &ssl_event);
if(ssl_socket<0) {
fprintf(stderr, "Could not create "
"epoll interface for client.\n");
return -1;
}
printf("Added client!(%d)\n", insocket_fd);
c = create_client(insocket_fd, &client_addr);
// Set up ssl.
c->ssl_status=STATUS_HANDSHAKE;
c->ssl = SSL_new(ctx);
SSL_set_fd(c->ssl, insocket_fd);
SSL_set_mode(c->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
hash_insert(c, clients);
}
continue;
}
// If an incoming message has caused an event.
else {
int done = 0;
while (1) {
ssize_t count;
char buf[MAXBUFSIZE];
memset(buf, '\0', MAXBUFSIZE);
clientconn_t *c = hash_get(events[i].data.fd, clients);
// If the client is trying to make an ssl handshake.
if(c->ssl_status==STATUS_HANDSHAKE) {
int r=1;
r=SSL_accept(c->ssl);
if (r<0) {
if(SSL_get_error(c->ssl, r)!=SSL_ERROR_WANT_READ &&
SSL_get_error(c->ssl, r)!=SSL_ERROR_WANT_WRITE ){
done=1;
printf("Could not accept ssl "
"connection\n");
break;
}
} else {
// Handshake is done.
c->ssl_status=STATUS_ACCEPTED;
}
}
else {
// Read data from client.
int count = client_read(c, buf, sizeof buf);
if(count<0) {
if(errno!=EAGAIN) {
fprintf(stderr, "Could not read"
" from socket!\n");
done=1;
}
break;
}
if(buf[MAXBUFSIZE-1] != '\0') {
write(events[i].data.fd, "* BAD Buffer will "
"overflow\r\n", 28);
break;
}
else if (count==0) {
done=1;
break;
}
if (handle_input(events[i].data.fd,
buf, count, clients, topic)==CLIENTCLOSED) {
done=1;
break;
}
if(server_socket<0) {
fprintf(stderr, "Could get input.\n");
return -1;
}
}
}
// Client connection is done, wants to disconnect.
if(done) {
printf("Closed connection!\n");
clientconn_t *closeclient = hash_get(events[i].data.fd,
clients);
if(closeclient != NULL) {
hash_remove(closeclient, clients);
client_close(closeclient);
}
close(events[i].data.fd);
}
}
}
}
free(events);
close(server_socket_fd);
return 0;
}示例3: init_ssl
static void init_ssl(CLI *c) {
int i, err;
SSL_SESSION *old_session;
int unsafe_openssl;
c->ssl=SSL_new(c->opt->ctx);
if(!c->ssl) {
sslerror("SSL_new");
longjmp(c->err, 1);
}
SSL_set_ex_data(c->ssl, cli_index, c); /* for callbacks */
if(c->opt->option.client) {
#ifndef OPENSSL_NO_TLSEXT
if(c->opt->sni) {
s_log(LOG_DEBUG, "SNI: host name: %s", c->opt->sni);
if(!SSL_set_tlsext_host_name(c->ssl, c->opt->sni)) {
sslerror("SSL_set_tlsext_host_name");
longjmp(c->err, 1);
}
}
#endif
if(c->opt->session) {
enter_critical_section(CRIT_SESSION);
SSL_set_session(c->ssl, c->opt->session);
leave_critical_section(CRIT_SESSION);
}
SSL_set_fd(c->ssl, c->remote_fd.fd);
SSL_set_connect_state(c->ssl);
} else {
if(c->local_rfd.fd==c->local_wfd.fd)
SSL_set_fd(c->ssl, c->local_rfd.fd);
else {
/* does it make sense to have SSL on STDIN/STDOUT? */
SSL_set_rfd(c->ssl, c->local_rfd.fd);
SSL_set_wfd(c->ssl, c->local_wfd.fd);
}
SSL_set_accept_state(c->ssl);
}
/* setup some values for transfer() function */
if(c->opt->option.client) {
c->sock_rfd=&(c->local_rfd);
c->sock_wfd=&(c->local_wfd);
c->ssl_rfd=c->ssl_wfd=&(c->remote_fd);
} else {
c->sock_rfd=c->sock_wfd=&(c->remote_fd);
c->ssl_rfd=&(c->local_rfd);
c->ssl_wfd=&(c->local_wfd);
}
unsafe_openssl=SSLeay()<0x0090810fL ||
(SSLeay()>=0x10000000L && SSLeay()<0x1000002fL);
while(1) {
/* critical section for OpenSSL version < 0.9.8p or 1.x.x < 1.0.0b *
* this critical section is a crude workaround for CVE-2010-3864 *
* see http://www.securityfocus.com/bid/44884 for details *
* alternative solution is to disable internal session caching *
* NOTE: this critical section also covers callbacks (e.g. OCSP) */
if(unsafe_openssl)
enter_critical_section(CRIT_SSL);
if(c->opt->option.client)
i=SSL_connect(c->ssl);
else
i=SSL_accept(c->ssl);
if(unsafe_openssl)
leave_critical_section(CRIT_SSL);
err=SSL_get_error(c->ssl, i);
if(err==SSL_ERROR_NONE)
break; /* ok -> done */
if(err==SSL_ERROR_WANT_READ || err==SSL_ERROR_WANT_WRITE) {
s_poll_init(c->fds);
s_poll_add(c->fds, c->ssl_rfd->fd,
err==SSL_ERROR_WANT_READ,
err==SSL_ERROR_WANT_WRITE);
switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) {
case -1:
sockerror("init_ssl: s_poll_wait");
longjmp(c->err, 1);
case 0:
s_log(LOG_INFO, "init_ssl: s_poll_wait:"
" TIMEOUTbusy exceeded: sending reset");
longjmp(c->err, 1);
case 1:
break; /* OK */
default:
s_log(LOG_ERR, "init_ssl: s_poll_wait: unknown result");
longjmp(c->err, 1);
}
continue; /* ok -> retry */
}
if(err==SSL_ERROR_SYSCALL) {
switch(get_last_socket_error()) {
case S_EINTR:
case S_EWOULDBLOCK:
#if S_EAGAIN!=S_EWOULDBLOCK
case S_EAGAIN:
#endif
//.........这里部分代码省略.........
示例4: ServerTLSSessionEstablish
/**
* @brief Accept a TLS connection and authenticate and identify.
* @note Various fields in #conn are set, like username and keyhash.
*/
int ServerTLSSessionEstablish(ServerConnectionState *conn)
{
int ret;
if (ConnectionInfoConnectionStatus(conn->conn_info) != CF_CONNECTION_ESTABLISHED)
{
assert(ConnectionInfoSSL(conn->conn_info) == NULL);
SSL *ssl = SSL_new(SSLSERVERCONTEXT);
if (ssl == NULL)
{
Log(LOG_LEVEL_ERR, "SSL_new: %s",
TLSErrorString(ERR_get_error()));
return -1;
}
ConnectionInfoSetSSL(conn->conn_info, ssl);
/* Pass conn_info inside the ssl struct for TLSVerifyCallback(). */
SSL_set_ex_data(ssl, CONNECTIONINFO_SSL_IDX, conn->conn_info);
/* Now we are letting OpenSSL take over the open socket. */
SSL_set_fd(ssl, ConnectionInfoSocket(conn->conn_info));
ret = SSL_accept(ssl);
if (ret <= 0)
{
TLSLogError(ssl, LOG_LEVEL_ERR,
"Failed to accept TLS connection", ret);
return -1;
}
Log(LOG_LEVEL_VERBOSE, "TLS cipher negotiated: %s, %s",
SSL_get_cipher_name(ssl),
SSL_get_cipher_version(ssl));
Log(LOG_LEVEL_VERBOSE, "TLS session established, checking trust...");
/* Send/Receive "CFE_v%d" version string, agree on version, receive
identity (username) of peer. */
char username[sizeof(conn->username)] = "";
bool b = ServerIdentificationDialog(conn->conn_info,
username, sizeof(username));
if (b != true)
{
return -1;
}
/* We *now* (maybe a bit late) verify the key that the client sent us in
* the TLS handshake, since we need the username to do so. TODO in the
* future store keys irrelevant of username, so that we can match them
* before IDENTIFY. */
ret = TLSVerifyPeer(conn->conn_info, conn->ipaddr, username);
if (ret == -1) /* error */
{
return -1;
}
if (ret == 1) /* trusted key */
{
Log(LOG_LEVEL_VERBOSE,
"%s: Client is TRUSTED, public key MATCHES stored one.",
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
}
if (ret == 0) /* untrusted key */
{
if ((SV.trustkeylist != NULL) &&
(IsMatchItemIn(SV.trustkeylist, conn->ipaddr)))
{
Log(LOG_LEVEL_VERBOSE,
"Peer was found in \"trustkeysfrom\" list");
Log(LOG_LEVEL_NOTICE, "Trusting new key: %s",
KeyPrintableHash(ConnectionInfoKey(conn->conn_info)));
SavePublicKey(username, KeyPrintableHash(conn->conn_info->remote_key),
KeyRSA(ConnectionInfoKey(conn->conn_info)));
}
else
{
Log(LOG_LEVEL_NOTICE,
"TRUST FAILED, peer presented an untrusted key, dropping connection!");
Log(LOG_LEVEL_VERBOSE,
"Add peer to \"trustkeysfrom\" if you really want to start trusting this new key.");
return -1;
}
}
/* All checks succeeded, set conn->uid (conn->sid for Windows)
* according to the received USERNAME identity. */
SetConnIdentity(conn, username);
/* No CAUTH, SAUTH in non-classic protocol. */
conn->user_data_set = 1;
conn->rsa_auth = 1;
LastSaw1(conn->ipaddr, KeyPrintableHash(ConnectionInfoKey(conn->conn_info)),
LAST_SEEN_ROLE_ACCEPT);
//.........这里部分代码省略.........
示例5: lws_server_socket_service_ssl
//.........这里部分代码省略.........
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
bio = SSL_get_rbio(wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
bio = SSL_get_wbio(wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
#endif
#endif
/*
* we are not accepted yet, but we need to enter ourselves
* as a live connection. That way we can retry when more
* pieces come if we're not sorted yet
*/
if (wsi->mode == LWSCM_SSL_INIT)
wsi->mode = LWSCM_SSL_ACK_PENDING;
else
wsi->mode = LWSCM_SSL_ACK_PENDING_RAW;
if (insert_wsi_socket_into_fds(context, wsi)) {
lwsl_err("%s: failed to insert into fds\n", __func__);
goto fail;
}
lws_set_timeout(wsi, PENDING_TIMEOUT_SSL_ACCEPT,
context->timeout_secs);
lwsl_debug("inserted SSL accept into fds, trying SSL_accept\n");
/* fallthru */
case LWSCM_SSL_ACK_PENDING:
case LWSCM_SSL_ACK_PENDING_RAW:
if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) {
lwsl_err("%s: lws_change_pollfd failed\n", __func__);
goto fail;
}
lws_latency_pre(context, wsi);
if (wsi->vhost->allow_non_ssl_on_ssl_port) {
n = recv(wsi->desc.sockfd, (char *)pt->serv_buf,
context->pt_serv_buf_size, MSG_PEEK);
/*
* optionally allow non-SSL connect on SSL listening socket
* This is disabled by default, if enabled it goes around any
* SSL-level access control (eg, client-side certs) so leave
* it disabled unless you know it's not a problem for you
*/
if (n >= 1 && pt->serv_buf[0] >= ' ') {
/*
* TLS content-type for Handshake is 0x16, and
* for ChangeCipherSpec Record, it's 0x14
*
* A non-ssl session will start with the HTTP
* method in ASCII. If we see it's not a legit
* SSL handshake kill the SSL for this示例6: server
void server(int protocol)
{
int sock,s;
BIO *sbio;
SSL_CTX *ctx;
SSL *ssl;
int r;
pid_t pid;
/* Build our SSL context*/
ctx=initialize_ctx(KEYFILE,PASSWORD);
load_dh_params(ctx,DHFILE);
SSL_CTX_set_cipher_list(ctx,"ALL");
long options = SSL_OP_NO_TICKET | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
int port;
switch (protocol)
{
case SSL2_VERSION:
options |= SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
port = 4434;
break;
case SSL3_VERSION:
options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
port = 4435;
break;
case TLS1_VERSION:
options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
port = 4436;
break;
case TLS1_1_VERSION:
options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2;
port = 4437;
break;
case TLS1_2_VERSION:
options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
port = 4438;
break;
default:
err_exit("Unexpected protocol value");
}
SSL_CTX_set_options(ctx, options);
sock=tcp_listen(port);
while(1){
if((s=accept(sock,0,0))<0)
err_exit("Problem accepting");
if((pid=fork())){
close(s);
}
else {
sbio=BIO_new_socket(s,BIO_NOCLOSE);
ssl=SSL_new(ctx);
SSL_set_bio(ssl,sbio,sbio);
if((r=SSL_accept(ssl)<=0))
berr_exit("SSL accept error");
http_serve(ssl,s);
exit(0);
}
}
destroy_ctx(ctx);
}示例7: main
int main(int argc , char *argv[])
{
int sfd;
char *P_num;
SSL_CTX * ctx;
struct sockaddr_in cli_addr;
socklen_t len ;
int cli;
pid_t pid;
struct sigaction sa;
//Innitiliaze Server
if (checkFileStruct() == -1){
printf("Server: Problem With OldTrusty File Structure\n");
exit(1);
}
//Initialize the Vouch Structure
initVouchStruct();
//Initialize SSL
if (argc != 2) {
printf("Usage %s <portNUMBER> \n" , argv[0]);
exit(1);
}
P_num = argv[1]; //Set Port
ctx = InitSSL();
load_Certs(ctx, "OldTrusty/ServerCerts/server.crt", "OldTrusty/ServerCerts/server.key"); //ALL IN ONE ?
//Get A regular tcp socket. already bound and listening.
sfd = sock_setup(P_num);
sa.sa_handler = sigchld_handler; // reap all dead processes
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
if (sigaction(SIGCHLD, &sa, NULL) == -1) {
perror("sigaction");
exit(1); }
printf("Server: OldTrusty Awaiting Connections on Port: %s\n" , P_num);
//***********************************MAIN ACCEPT LOOP STARTS HERE *****************************/
for(;;) {
len = sizeof(cli_addr);
cli = accept(sfd, (struct sockaddr *)&cli_addr, &len);
if (cli == -1) {
perror("accept");
continue;
}
printf("Server: OLDTRUSTY recieved A Connection from: %s:%d\n",inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
SSL *ssl;
if ( ( pid = fork()) == 0 ){
//WE ARE THE CHILD
close(sfd); //Child doesnt need listner
//Layer SSL Over Client Socket
ssl = SSL_new(ctx);
SSL_set_fd(ssl, cli);
//HANDSHAKE..
if ( SSL_accept(ssl) == -1)
ERR_print_errors_fp(stderr);
//Show Client Certs (If any) // CAN ADDif require client auth then //for now jsut show client certs if has any
ShowCerts(ssl);
// Here is a connection to the client
do_clients_bidding(ssl);
SSL_free(ssl);
close(cli);
exit(0); // kill child.
}
close(cli); //Parent closes connected socket (Being Handled in child)
} ///***END MAIN ACCEPT LOOP *****//
SSL_CTX_free(ctx); //release context TODO never get hear?? graceful shutdown of server?
return 0;
} 示例8: SSL_set_connect_state
bool SSLSocket::enableCrypto(bool activate /* = true */) {
if (activate && !m_data->m_ssl_active) {
double timeout = m_data->m_connect_timeout;
bool blocked = m_data->m_is_blocked;
if (!m_data->m_state_set) {
if (m_data->m_client) {
SSL_set_connect_state(m_data->m_handle);
} else {
SSL_set_accept_state(m_data->m_handle);
}
m_data->m_state_set = true;
}
if (m_data->m_client && setBlocking(false)) {
m_data->m_is_blocked = false;
}
int n;
bool retry = true;
do {
if (m_data->m_client) {
struct timeval tvs, tve;
struct timezone tz;
gettimeofday(&tvs, &tz);
n = SSL_connect(m_data->m_handle);
gettimeofday(&tve, &tz);
timeout -= (tve.tv_sec + (double) tve.tv_usec / 1000000) -
(tvs.tv_sec + (double) tvs.tv_usec / 1000000);
if (timeout < 0) {
raise_warning("SSL: connection timeout");
return false;
}
} else {
n = SSL_accept(m_data->m_handle);
}
if (n <= 0) {
retry = handleError(n, true);
} else {
break;
}
} while (retry);
if (m_data->m_client &&
m_data->m_is_blocked != blocked &&
setBlocking(blocked)) {
m_data->m_is_blocked = blocked;
}
if (n == 1) {
X509 *peer_cert = SSL_get_peer_certificate(m_data->m_handle);
if (!applyVerificationPolicy(peer_cert)) {
SSL_shutdown(m_data->m_handle);
} else {
m_data->m_ssl_active = true;
/* allow the script to capture the peer cert
* and/or the certificate chain */
if (m_context[s_capture_peer_cert].toBoolean()) {
m_context.set(s_peer_certificate,
Variant(req::make<Certificate>(peer_cert)));
peer_cert = nullptr;
}
if (m_context[s_capture_peer_cert_chain].toBoolean()) {
Array arr;
STACK_OF(X509) *chain = SSL_get_peer_cert_chain(m_data->m_handle);
if (chain) {
for (int i = 0; i < sk_X509_num(chain); i++) {
X509 *mycert = X509_dup(sk_X509_value(chain, i));
arr.append(Variant(req::make<Certificate>(mycert)));
}
}
m_context.set(s_peer_certificate_chain, arr);
}
}
if (peer_cert) {
X509_free(peer_cert);
}
} else {
n = errno == EAGAIN ? 0 : -1;
}
return n >= 0;
} else if (!activate && m_data->m_ssl_active) {
/* deactivate - common for server/client */
SSL_shutdown(m_data->m_handle);
m_data->m_ssl_active = false;
}
return true;
}示例9: echoserver_test
THREAD_RETURN YASSL_API echoserver_test(void* args)
{
#ifdef _WIN32
WSADATA wsd;
WSAStartup(0x0002, &wsd);
#endif
SOCKET_T sockfd = 0;
int argc = 0;
char** argv = 0;
set_args(argc, argv, *static_cast<func_args*>(args));
#ifdef ECHO_OUT
FILE* fout = stdout;
if (argc >= 2) fout = fopen(argv[1], "w");
if (!fout) err_sys("can't open output file");
#endif
tcp_listen(sockfd);
SSL_METHOD* method = SSLv23_server_method();
SSL_CTX* ctx = SSL_CTX_new(method);
set_serverCerts(ctx);
DH* dh = set_tmpDH(ctx);
bool shutdown(false);
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
// signal ready to tcp_accept
func_args& server_args = *((func_args*)args);
tcp_ready& ready = *server_args.signal_;
pthread_mutex_lock(&ready.mutex_);
ready.ready_ = true;
pthread_cond_signal(&ready.cond_);
pthread_mutex_unlock(&ready.mutex_);
#endif
while (!shutdown) {
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
SOCKET_T clientfd = accept(sockfd, (sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
if (clientfd == (SOCKET_T) -1) {
SSL_CTX_free(ctx);
tcp_close(sockfd);
err_sys("tcp accept failed");
}
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
if (SSL_accept(ssl) != SSL_SUCCESS) {
printf("SSL_accept failed\n");
SSL_free(ssl);
tcp_close(clientfd);
continue;
}
char command[1024];
int echoSz(0);
while ( (echoSz = SSL_read(ssl, command, sizeof(command))) > 0) {
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutdown = true;
break;
}
else if ( strncmp(command, "GET", 3) == 0) {
char type[] = "HTTP/1.0 200 ok\r\nContent-type:"
" text/html\r\n\r\n";
char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
char body[] = "greetings from yaSSL\n";
char footer[] = "</body></html>\r\n\r\n";
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
strncpy(&command[echoSz], header, sizeof(header));
echoSz += sizeof(header) - 1;
strncpy(&command[echoSz], body, sizeof(body));
echoSz += sizeof(body) - 1;
strncpy(&command[echoSz], footer, sizeof(footer));
echoSz += sizeof(footer);
if (SSL_write(ssl, command, echoSz) != echoSz)
EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
break;
}
command[echoSz] = 0;
#ifdef ECHO_OUT
fputs(command, fout);
#endif
if (SSL_write(ssl, command, echoSz) != echoSz)
EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
}
SSL_shutdown(ssl);
//.........这里部分代码省略.........
示例10: fprintf
fprintf(stderr, "SSL_set_fd failed\n");
goto err;
}
return conn;
err:
ssl_display_errors();
return NULL;
}
void ssl_setup_accept(SSL_CTX *ctx __attribute__ ((unused)), SSL *conn){
int sslaccept = 0;
X509 *cert;
char *line;
sslaccept = SSL_accept(conn);
if(sslaccept < 0){
ssl_display_errors();
fprintf(stderr, "SSL_accept failed with error %d\n", SSL_get_error(conn, sslaccept));
cleanup_ssl();
exit(EXIT_FAILURE);
}
printf("SSL connection using %s\n", SSL_get_cipher (conn));
/* if present, get certs and display some info about them */
if ( (cert = SSL_get_peer_certificate(conn)) ) {
printf("Server certs:\n");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("Subject: %s\n", line);示例11: main
int main()
{
struct sockaddr_in server;
struct sockaddr_in dest;
int socket_fd, client_fd,num;
socklen_t size;
SSL_CTX *ctx;
/******* START SSL ***************/
/* http://mooon.blog.51cto.com/1246491/909932 */
/* SSL Libraries Init */
SSL_library_init();
/* add all SSL algorithms */
OpenSSL_add_all_algorithms();
/* add all SSL ciphers */
OpenSSL_add_all_ciphers();
/* add all digests */
OpenSSL_add_all_digests();
/* load all SSL errors */
SSL_load_error_strings();
/* Build SSL_CTX -> SSL Content Text
* SSLv2_server_method() or SSLv3_server_method() relative to SSL V2
* and SSL V3
*/
ctx = SSL_CTX_new(SSLv23_server_method());
if(ctx == NULL){
ERR_print_errors_fp(stdout);
exit(EXIT_FAILURE);
}
/* Load the server certificate into the SSL_CTX structure */
if(SSL_CTX_use_certificate_file(ctx,RSA_SERVER_CERT,SSL_FILETYPE_PEM) <= 0){
ERR_print_errors_fp(stdout);
exit(EXIT_FAILURE);
}
/* Load the private-key corresponding to the server certificate */
if(SSL_CTX_use_PrivateKey_file(ctx,RSA_SERVER_KEY,SSL_FILETYPE_PEM) <= 0){
ERR_print_errors_fp(stdout);
exit(EXIT_FAILURE);
}
/* Check if the server certificate and private-key matches */
if(!SSL_CTX_check_private_key(ctx)){
ERR_print_errors_fp(stdout);
exit(EXIT_FAILURE);
}
/*********** END SSL ****************/
int yes =1;
/* Open a socket to listen */
if ((socket_fd = socket(AF_INET, SOCK_STREAM, 0))== -1) {
fprintf(stderr, "Socket failure!!\n");
exit(EXIT_FAILURE);
}
if (setsockopt(socket_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) {
perror("setsockopt");
exit(EXIT_FAILURE);
}
/* init memory for server and dest */
memset(&server, 0, sizeof(server));
memset(&dest,0,sizeof(dest));
server.sin_family = AF_INET; //same to PF_INET
server.sin_port = htons(PORT);
server.sin_addr.s_addr = INADDR_ANY;
/* BIND SOCKET */
if ((bind(socket_fd, (struct sockaddr *)&server, sizeof(struct sockaddr )))== -1) { //sizeof(struct sockaddr)
fprintf(stderr, "Binding Failure\n");
exit(EXIT_FAILURE);
}
/* START LISTENING */
if ((listen(socket_fd, BACKLOG))== -1){
fprintf(stderr, "Listening Failure\n");
exit(EXIT_FAILURE);
}
while(1) {
SSL *ssl;
size = sizeof(struct sockaddr_in);
/* Waiting for client to connect */
if ((client_fd = accept(socket_fd, (struct sockaddr *)&dest, &size))==-1 ) {
perror("accept");
continue;
//exit(EXIT_FAILURE);
}
else{
printf("Server got connection from client %s, port %d, socket %d\n", inet_ntoa(dest.sin_addr),ntohs(dest.sin_port),client_fd);
}
/* /connection complete */
/* create a new ssl based on ctx */
ssl = SSL_new(ctx);
/* add socket : client_fd to SSL */
SSL_set_fd(ssl,client_fd);
/* Build up SSL connection */
if(SSL_accept(ssl) == -1){
perror("accept");
//.........这里部分代码省略.........
示例12: echoserver_test
THREAD_RETURN CYASSL_API echoserver_test(void* args)
{
SOCKET_T sockfd = 0;
SSL_METHOD* method = 0;
SSL_CTX* ctx = 0;
int shutdown = 0;
int argc = 0;
char** argv = 0;
#ifdef ECHO_OUT
FILE* fout = stdout;
if (argc >= 2) fout = fopen(argv[1], "w");
if (!fout) err_sys("can't open output file");
#endif
((func_args*)args)->return_code = -1; /* error state */
argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv;
tcp_listen(&sockfd);
#if defined(CYASSL_DTLS)
method = DTLSv1_server_method();
#elif !defined(NO_TLS)
method = TLSv1_server_method();
#else
method = SSLv3_server_method();
#endif
ctx = SSL_CTX_new(method);
/* SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file");
if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file");
if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file");
SignalReady(args);
while (!shutdown) {
SSL* ssl = 0;
char command[1024];
int echoSz = 0;
int clientfd;
#ifndef CYASSL_DTLS
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
#else
clientfd = udp_read_connect(sockfd);
#endif
if (clientfd == -1) err_sys("tcp accept failed");
ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
if (SSL_accept(ssl) != SSL_SUCCESS) {
printf("SSL_accept failed");
SSL_free(ssl);
CloseSocket(clientfd);
continue;
}
while ( (echoSz = SSL_read(ssl, command, sizeof(command))) > 0) {
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutdown = 1;
break;
}
if ( strncmp(command, "break", 5) == 0) {
printf("client sent break command: closing session!\n");
break;
}
else if ( strncmp(command, "GET", 3) == 0) {
char type[] = "HTTP/1.0 200 ok\r\nContent-type:"
" text/html\r\n\r\n";
char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
char body[] = "greetings from CyaSSL\n";
char footer[] = "</body></html>\r\n\r\n";
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
strncpy(&command[echoSz], header, sizeof(header));
echoSz += sizeof(header) - 1;
strncpy(&command[echoSz], body, sizeof(body));
echoSz += sizeof(body) - 1;
strncpy(&command[echoSz], footer, sizeof(footer));
echoSz += sizeof(footer);
if (SSL_write(ssl, command, echoSz) != echoSz)
err_sys("SSL_write failed");
//.........这里部分代码省略.........
示例13: lws_server_socket_service
//.........这里部分代码省略.........
SSL_set_ex_data(new_wsi->ssl,
openssl_websocket_private_data_index, context);
SSL_set_fd(new_wsi->ssl, accept_fd);
#ifdef USE_CYASSL
CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
#else
bio = SSL_get_rbio(new_wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
bio = SSL_get_wbio(new_wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
#endif
/*
* we are not accepted yet, but we need to enter ourselves
* as a live connection. That way we can retry when more
* pieces come if we're not sorted yet
*/
wsi = new_wsi;
wsi->mode = LWS_CONNMODE_SSL_ACK_PENDING;
insert_wsi_socket_into_fds(context, wsi);
libwebsocket_set_timeout(wsi, PENDING_TIMEOUT_SSL_ACCEPT,
AWAITING_TIMEOUT);
lwsl_info("inserted SSL accept into fds, trying SSL_accept\n");
/* fallthru */
case LWS_CONNMODE_SSL_ACK_PENDING:
lws_change_pollfd(wsi, POLLOUT, 0);
lws_latency_pre(context, wsi);
n = recv(wsi->sock, context->service_buffer,
sizeof(context->service_buffer), MSG_PEEK);
/*
* optionally allow non-SSL connect on SSL listening socket
* This is disabled by default, if enabled it goes around any
* SSL-level access control (eg, client-side certs) so leave
* it disabled unless you know it's not a problem for you
*/
if (context->allow_non_ssl_on_ssl_port && n >= 1 &&
context->service_buffer[0] >= ' ') {
/*
* TLS content-type for Handshake is 0x16
* TLS content-type for ChangeCipherSpec Record is 0x14
*
* A non-ssl session will start with the HTTP method in
* ASCII. If we see it's not a legit SSL handshake
* kill the SSL for this connection and try to handle
* as a HTTP connection upgrade directly.
*/
wsi->use_ssl = 0;
SSL_shutdown(wsi->ssl);示例14: doPKIServer
//pki server
void doPKIServer(pid_t cpid, int* pipefd,char* newkeyiv, int port, int PORT, char* ip)//(int argc, char* argv[])
{
int i;
int err;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
size_t client_len;
SSL_CTX* ctx;
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
/* SSL preliminaries. We keep the certificate and key with the context. */
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
}
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); /* whether verify the certificate */
SSL_CTX_load_verify_locations(ctx,SCACERT,NULL);
if (SSL_CTX_use_certificate_file(ctx, SCERTF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, SKEYF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}
if (!SSL_CTX_check_private_key(ctx)) {
fprintf(stderr,"Private key does not match the certificate public key\n");
exit(5);
}
/* ----------------------------------------------- */
/* Prepare TCP socket for receiving connections */
listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (PORT); /* Server Port number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv,
sizeof (sa_serv)); CHK_ERR(err, "bind");
/* Receive a TCP connection. */
err = listen (listen_sd, 5); CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
close (listen_sd);
printf ("Connection from %lx, port %x\n",
(long unsigned int)sa_cli.sin_addr.s_addr, sa_cli.sin_port);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");
//blx verify the common name
char commonName[512];
X509_NAME *name=X509_get_subject_name (client_cert);
X509_NAME_get_text_by_NID(name,NID_commonName,commonName,512);
//printf("%s\n",commonName);
if(strcmp(commonName,ClientCN)!=0)
{
printf("wrong CN\n");
exit(-1);
}
printf("right CN\n");
//.........这里部分代码省略.........
示例15: Test_OpenSSL_ClientServerAuth
//.........这里部分代码省略.........
//Create server bio and set as non-blocking
BIO* server_bio = BIO_new(BIO_s_socket());
if (server_bio == NULL) goto cleanup;
//CHK_NULL(bio);
BIO_set_nbio(server_bio,1);
BIO_set_fd(server_bio, server_sd, BIO_NOCLOSE);
SSL_set_bio(server_ssl,server_bio,server_bio);
// create client ssl & connect
client_ssl = SSL_new(client_ctx);
if (client_ssl == NULL) goto cleanup;
SSL_set_fd(client_ssl, client_sd);
//Create client bio and set as non-blocking
BIO* client_bio = BIO_new(BIO_s_socket());
if (client_bio == NULL) goto cleanup;
BIO_set_nbio(client_bio,1);
BIO_set_fd(client_bio, client_sd, BIO_NOCLOSE);
SSL_set_bio(client_ssl,client_bio,client_bio);
// loop until server accepts ssl client connect
int ssl_err =0;
do
{
err = SSL_connect(client_ssl);
if (err <= 0)
{
ssl_err = SSL_get_error(client_ssl,err);
TINYCLR_SSL_PRINTF("SSL_Connect error: %d\n", ssl_err);
}
Events_WaitForEvents(0,1000);
err = SSL_accept (server_ssl);
if (err <= 0)
{
ssl_err = SSL_get_error(server_ssl, err);
TINYCLR_SSL_PRINTF("SSL_Accept error: %d\n", ssl_err);
}
Events_WaitForEvents(0,1000);
} while (err != 1);
//Get the cipher - opt
TINYCLR_SSL_PRINTF("SSL connection using %s\n", SSL_get_cipher (server_ssl));
//Get client's certificate (note: beware of dynamic allocation) - opt
client_cert = SSL_get_peer_certificate (server_ssl);
if (client_cert != NULL)
{
TINYCLR_SSL_PRINTF("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
if (str == NULL) goto cleanup;
TINYCLR_SSL_PRINTF("subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
if (str == NULL) goto cleanup;
TINYCLR_SSL_PRINTF("issuer: %s\n", str);
OPENSSL_free (str);
//We could do all sorts of certificate verification stuff here before
// deallocating the certificate.
X509_free (client_cert);