本文整理汇总了C++中SSL_free函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_free函数的具体用法?C++ SSL_free怎么用?C++ SSL_free使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: g_return_val_if_fail
//.........这里部分代码省略.........
FILE *fp;
scert = convert_home(mycert);
if (mypkey && *mypkey)
spkey = convert_home(mypkey);
if ((fp = fopen(scert, "r"))) {
X509 *cert;
/* Let's parse the certificate by hand instead of using
* SSL_CTX_use_certificate_file so that we can validate
* some parts of it. */
cert = PEM_read_X509(fp, NULL, get_pem_password_callback, (void *)mypass);
if (cert != NULL) {
/* Only the expiration date is checked right now */
if (X509_cmp_current_time(X509_get_notAfter(cert)) <= 0 ||
X509_cmp_current_time(X509_get_notBefore(cert)) >= 0)
g_warning("The client certificate is expired");
ERR_clear_error();
if (! SSL_CTX_use_certificate(ctx, cert))
g_warning("Loading of client certificate '%s' failed: %s", mycert, ERR_reason_error_string(ERR_get_error()));
else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM))
g_warning("Loading of private key '%s' failed: %s", mypkey ? mypkey : mycert, ERR_reason_error_string(ERR_get_error()));
else if (! SSL_CTX_check_private_key(ctx))
g_warning("Private key does not match the certificate");
X509_free(cert);
} else
g_warning("Loading of client certificate '%s' failed: %s", mycert, ERR_reason_error_string(ERR_get_error()));
fclose(fp);
} else
g_warning("Could not find client certificate '%s'", scert);
g_free(scert);
g_free(spkey);
}
if ((cafile && *cafile) || (capath && *capath)) {
char *scafile = NULL;
char *scapath = NULL;
if (cafile && *cafile)
scafile = convert_home(cafile);
if (capath && *capath)
scapath = convert_home(capath);
if (! SSL_CTX_load_verify_locations(ctx, scafile, scapath)) {
g_warning("Could not load CA list for verifying TLS server certificate");
g_free(scafile);
g_free(scapath);
SSL_CTX_free(ctx);
return NULL;
}
g_free(scafile);
g_free(scapath);
verify = TRUE;
} else if (store != NULL) {
/* Make sure to increment the refcount every time the store is
* used, that's essential not to get it free'd by OpenSSL when
* the SSL_CTX is destroyed. */
X509_STORE_up_ref(store);
SSL_CTX_set_cert_store(ctx, store);
}
if(!(ssl = SSL_new(ctx)))
{
g_warning("Failed to allocate SSL structure");
SSL_CTX_free(ctx);
return NULL;
}
if(!SSL_set_fd(ssl, fd))
{
g_warning("Failed to associate socket to SSL stream");
SSL_free(ssl);
SSL_CTX_free(ctx);
return NULL;
}
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name(ssl, server->connrec->address);
#endif
SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
chan = g_new0(GIOSSLChannel, 1);
chan->fd = fd;
chan->giochan = handle;
chan->ssl = ssl;
chan->ctx = ctx;
chan->server = server;
chan->port = port;
chan->verify = verify;
gchan = (GIOChannel *)chan;
gchan->funcs = &irssi_ssl_channel_funcs;
g_io_channel_init(gchan);
gchan->is_readable = gchan->is_writeable = TRUE;
gchan->use_buffer = FALSE;
return gchan;
}示例2: fetch_uri
/*
* Fetches the resource denoted by |uri|.
*/
static void fetch_uri(const struct URI *uri)
{
nghttp2_session_callbacks callbacks;
int fd;
SSL_CTX *ssl_ctx;
SSL *ssl;
struct Request req;
struct Connection connection;
int rv;
nfds_t npollfds = 1;
struct pollfd pollfds[1];
request_init(&req, uri);
setup_nghttp2_callbacks(&callbacks);
/* Establish connection and setup SSL */
fd = connect_to(req.host, req.port);
if(fd == -1) {
die("Could not open file descriptor");
}
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if(ssl_ctx == NULL) {
dief("SSL_CTX_new", ERR_error_string(ERR_get_error(), NULL));
}
init_ssl_ctx(ssl_ctx);
ssl = SSL_new(ssl_ctx);
if(ssl == NULL) {
dief("SSL_new", ERR_error_string(ERR_get_error(), NULL));
}
/* To simplify the program, we perform SSL/TLS handshake in blocking
I/O. */
ssl_handshake(ssl, fd);
connection.ssl = ssl;
connection.want_io = IO_NONE;
/* Send connection header in blocking I/O mode */
SSL_write(ssl, NGHTTP2_CLIENT_CONNECTION_PREFACE,
NGHTTP2_CLIENT_CONNECTION_PREFACE_LEN);
/* Here make file descriptor non-block */
make_non_block(fd);
set_tcp_nodelay(fd);
printf("[INFO] SSL/TLS handshake completed\n");
rv = nghttp2_session_client_new(&connection.session, &callbacks,
&connection);
if(rv != 0) {
diec("nghttp2_session_client_new", rv);
}
/* Submit the HTTP request to the outbound queue. */
submit_request(&connection, &req);
pollfds[0].fd = fd;
ctl_poll(pollfds, &connection);
/* Event loop */
while(nghttp2_session_want_read(connection.session) ||
nghttp2_session_want_write(connection.session)) {
int nfds = poll(pollfds, npollfds, -1);
if(nfds == -1) {
dief("poll", strerror(errno));
}
if(pollfds[0].revents & (POLLIN | POLLOUT)) {
exec_io(&connection);
}
if((pollfds[0].revents & POLLHUP) || (pollfds[0].revents & POLLERR)) {
die("Connection error");
}
ctl_poll(pollfds, &connection);
}
/* Resource cleanup */
nghttp2_session_del(connection.session);
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ssl_ctx);
shutdown(fd, SHUT_WR);
close(fd);
request_free(&req);
}示例3: child_cycle
//.........这里部分代码省略.........
* Start listening for connections
*/
result = listen(local_socket, 5);
if (result < 0)
{
message = -1;
result = write(channel, &message, sizeof(int));
exit(0);
}
/*
* Signal the parent that we are ok.
*/
result = write(channel, &message, sizeof(int));
/*
* If this did not work, then we abort.
*/
if (result < 0)
{
exit(0);
}
/*
* Send the name of the public key file.
*/
result = write(channel, server_name_template_public, strlen(server_name_template_public));
if (result < 0)
{
exit(0);
}
/*
* Send the name of the certificate file.
*/
result = write(channel, server_certificate_template_public, strlen(server_certificate_template_public));
if (result < 0)
{
exit(0);
}
/*
* Now wait until somebody calls.
*/
peer_addr_size = sizeof(struct sockaddr_in);
while (true)
{
remote_socket = accept(local_socket, (struct sockaddr *)&peer_addr, &peer_addr_size);
if (remote_socket < 0)
{
Log (LOG_LEVEL_CRIT, "Could not accept connection");
continue;
}
/*
* We are not testing the server, we are testing the functions to send and receive data
* over TLS. We do not need a full fletched server for that, we just need to send and
* receive data and try the error conditions.
*/
SSL *ssl = SSL_new(SSLSERVERCONTEXT);
if (!ssl)
{
Log(LOG_LEVEL_CRIT, "Could not create SSL structure on the server side");
SSL_free(ssl);
close (remote_socket);
remote_socket = -1;
continue;
}
SSL_set_fd(ssl, remote_socket);
result = SSL_accept(ssl);
if (result < 0)
{
Log(LOG_LEVEL_CRIT, "Could not accept a TLS connection");
close (remote_socket);
remote_socket = -1;
continue;
}
/*
* Our mission is pretty simple, receive data and send it back.
*/
int received = 0;
int sent = 0;
char buffer[4096];
do {
received = SSL_read(ssl, buffer, 4096);
if (received < 0)
{
Log(LOG_LEVEL_CRIT, "Failure while receiving data over TLS");
break;
}
sent = SSL_write(ssl, buffer, received);
if (sent < 0)
{
Log(LOG_LEVEL_CRIT, "Failure while sending data over TLS");
break;
}
} while (received > 0);
/*
* Mission completed, start again.
*/
SSL_shutdown(ssl);
SSL_free(ssl);
remote_socket = -1;
}
exit(0);
}示例4: proceed_handshake
static void proceed_handshake(h2o_socket_t *sock, const char *err)
{
h2o_iovec_t first_input = {};
int ret;
sock->_cb.write = NULL;
if (err != NULL) {
goto Complete;
}
if (sock->ssl->handshake.server.async_resumption.state == ASYNC_RESUMPTION_STATE_RECORD) {
if (sock->ssl->input.encrypted->size <= 1024) {
/* retain a copy of input if performing async resumption */
first_input = h2o_iovec_init(alloca(sock->ssl->input.encrypted->size), sock->ssl->input.encrypted->size);
memcpy(first_input.base, sock->ssl->input.encrypted->bytes, first_input.len);
} else {
sock->ssl->handshake.server.async_resumption.state = ASYNC_RESUMPTION_STATE_COMPLETE;
}
}
Redo:
if (sock->ssl->ssl->server) {
ret = SSL_accept(sock->ssl->ssl);
} else {
ret = SSL_connect(sock->ssl->ssl);
}
switch (sock->ssl->handshake.server.async_resumption.state) {
case ASYNC_RESUMPTION_STATE_RECORD:
/* async resumption has not been triggered; proceed the state to complete */
sock->ssl->handshake.server.async_resumption.state = ASYNC_RESUMPTION_STATE_COMPLETE;
break;
case ASYNC_RESUMPTION_STATE_REQUEST_SENT: {
/* sent async request, reset the ssl state, and wait for async response */
assert(ret < 0);
SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(sock->ssl->ssl);
SSL_free(sock->ssl->ssl);
create_ssl(sock, ssl_ctx);
clear_output_buffer(sock->ssl);
h2o_buffer_consume(&sock->ssl->input.encrypted, sock->ssl->input.encrypted->size);
h2o_buffer_reserve(&sock->ssl->input.encrypted, first_input.len);
memcpy(sock->ssl->input.encrypted->bytes, first_input.base, first_input.len);
sock->ssl->input.encrypted->size = first_input.len;
h2o_socket_read_stop(sock);
return;
}
default:
break;
}
if (ret == 0 || (ret < 0 && SSL_get_error(sock->ssl->ssl, ret) != SSL_ERROR_WANT_READ)) {
/* failed */
long verify_result = SSL_get_verify_result(sock->ssl->ssl);
if (verify_result != X509_V_OK) {
err = X509_verify_cert_error_string(verify_result);
} else {
err = "ssl handshake failure";
}
goto Complete;
}
if (sock->ssl->output.bufs.size != 0) {
h2o_socket_read_stop(sock);
flush_pending_ssl(sock, ret == 1 ? on_handshake_complete : proceed_handshake);
} else {
if (ret == 1) {
if (!sock->ssl->ssl->server) {
X509 *cert = SSL_get_peer_certificate(sock->ssl->ssl);
if (cert != NULL) {
switch (validate_hostname(sock->ssl->handshake.client.server_name, cert)) {
case MatchFound:
/* ok */
break;
case MatchNotFound:
err = h2o_socket_error_ssl_cert_name_mismatch;
break;
default:
err = h2o_socket_error_ssl_cert_invalid;
break;
}
X509_free(cert);
} else {
err = h2o_socket_error_ssl_no_cert;
}
}
goto Complete;
}
if (sock->ssl->input.encrypted->size != 0)
goto Redo;
h2o_socket_read_start(sock, proceed_handshake);
}
return;
Complete:
h2o_socket_read_stop(sock);
on_handshake_complete(sock, err);
}示例5: lws_server_socket_service_ssl
//.........这里部分代码省略.........
lws_latency_pre(context, wsi);
n = recv(wsi->sock, (char *)pt->serv_buf, context->pt_serv_buf_size,
MSG_PEEK);
/*
* optionally allow non-SSL connect on SSL listening socket
* This is disabled by default, if enabled it goes around any
* SSL-level access control (eg, client-side certs) so leave
* it disabled unless you know it's not a problem for you
*/
if (wsi->vhost->allow_non_ssl_on_ssl_port) {
if (n >= 1 && pt->serv_buf[0] >= ' ') {
/*
* TLS content-type for Handshake is 0x16, and
* for ChangeCipherSpec Record, it's 0x14
*
* A non-ssl session will start with the HTTP
* method in ASCII. If we see it's not a legit
* SSL handshake kill the SSL for this
* connection and try to handle as a HTTP
* connection upgrade directly.
*/
wsi->use_ssl = 0;
#if defined(LWS_USE_POLARSSL)
ssl_close_notify(wsi->ssl);
ssl_free(wsi->ssl);
#else
#if defined(LWS_USE_MBEDTLS)
#else
SSL_shutdown(wsi->ssl);
SSL_free(wsi->ssl);
#endif
#endif
wsi->ssl = NULL;
if (lws_check_opt(context->options,
LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
wsi->redirect_to_https = 1;
goto accepted;
}
if (!n) /*
* connection is gone, or nothing to read
* if it's gone, we will timeout on
* PENDING_TIMEOUT_SSL_ACCEPT
*/
break;
if (n < 0 && (LWS_ERRNO == LWS_EAGAIN ||
LWS_ERRNO == LWS_EWOULDBLOCK)) {
/*
* well, we get no way to know ssl or not
* so go around again waiting for something
* to come and give us a hint, or timeout the
* connection.
*/
m = SSL_ERROR_WANT_READ;
goto go_again;
}
}
/* normal SSL connection processing path */
#if defined(LWS_USE_POLARSSL)
n = ssl_handshake(wsi->ssl);
#else
#if defined(LWS_USE_MBEDTLS)示例6: main
//.........这里部分代码省略.........
} else if (argc!=1) {
if (strcmp(argv[1], "-c") == 0) {
printf (gettext("\nnetUstad: Invalid Number Of Arguments\n\n"));
} else {
printf(gettext("\nnetUstad: Invalid Argument\n\n"));
}
exit(1);
}
/**********************/
/* Start Main Program */
/**********************/
readconfig(conffile);
if (setlocale (LC_ALL, (const char*) lc_all) == NULL) {
log_msg(mainlogfile, gettext("setlocale failed\n"), 1);
printf(gettext("setlocale failed\n"));
}
bindtextdomain (PACKAGE, PACKAGE_LOCALE_DIR);
textdomain ( PACKAGE );
nameoftty = ttyname(0);
daemonize();
#ifndef WITHOUT_SSL
ssl = nunetwork_init_ssl( nunetwork_init_ctx( cert_file, key_file) );
#endif
server_sock = startup(&port); /* Open Socket & Listen */
log_msg(mainlogfile, "<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>\n", 0);
snprintf(log_msg_text, sizeof(log_msg_text)-1, "netUstad-%s\n", NUVERSION);
log_msg(mainlogfile, log_msg_text, 0);
snprintf(log_msg_text, sizeof (log_msg_text)-1, "%s",
gettext("netUstad is started\n"));
log_msg(mainlogfile, log_msg_text, 1);
snprintf(log_msg_text, sizeof (log_msg_text)-1, gettext("\nListening port %d\n"), port);
log_msg(mainlogfile, log_msg_text, 0);
log_msg(mainlogfile, gettext("Ready for requests...\n\n"), 0);
snprintf(log_msg_text, sizeof(log_msg_text)-1, "netUstad-%s\n", NUVERSION);
log_msg(nameoftty, log_msg_text, 0);
snprintf(log_msg_text, sizeof (log_msg_text)-1,
gettext("\nnetUstad is started\nListening port %d\n"), port);
log_msg(nameoftty, log_msg_text, 0);
while (1) {
client_sock = accept(server_sock,
(struct sockaddr *) &client_name,
(socklen_t *)&client_name_len);
if (client_sock == -1)
continue;
#ifndef WITHOUT_SSL
SSL_set_fd(ssl, client_sock);
sslerror = SSL_accept(ssl);
if ( sslerror <= 0 ) {
sslerror= SSL_get_error(ssl, sslerror);
ERR_error_string(sslerror, log_msg_text);
log_msg(mainlogfile, log_msg_text, 1);
log_msg(mainlogfile, "\n",0);
SSL_shutdown(ssl);
SSL_free(ssl);
close(client_sock);
ssl = nunetwork_init_ssl(ctx);
continue;
}
request = nunetwork_getheaders(ssl, header_buf, nu_acceptedheaders);
if (request > 0)
accept_request(ssl, header_buf);
else if (request==-2 || request==0)
bad_request(ssl);
nunetwork_close(ssl);
#else
request = nunetwork_getheaders(client_sock, header_buf, nu_acceptedheaders);
if (request > 0)
accept_request(client_sock, header_buf);
else if (request==-2 || request==0 )
bad_request(ssl);
nunetwork_close(client_sock);
#endif
}
#ifndef WITHOUT_SSL
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
#else
close(server_sock);
#endif
return (0);
}示例7: memset
void DataPlaneServer::readyRead(int) {
memset(&client_addr, 0, sizeof(struct sockaddr_storage));
/* Create BIO */
bio = BIO_new_dgram(fd, BIO_NOCLOSE);
/* Set and activate timeouts */
timeout.tv_sec = 5;
timeout.tv_usec = 0;
BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
ssl = SSL_new(ctx);
SSL_set_bio(ssl, bio, bio);
SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
int dtlsRet;
errno = 0;
while ((dtlsRet = DTLSv1_listen(ssl, &client_addr)) <= 0) {
if (errno != EAGAIN) {
qWarning() << "DTLSv1_listen error";
qWarning() << SSL_get_error(ssl, dtlsRet);
qWarning() << "Errno is" << errno;
if (errno == EINVAL) {
qWarning() << "!!!!!!!!!!! Your openssl library does not support DTLSv1_listen !!!!!!!!!!!";
qWarning() << "Cannot accept new connection";
SSL_shutdown(ssl);
close(fd);
SSL_free(ssl);
ERR_remove_state(0);
return;
}
}
}
QThread* workerThread = new QThread();
threads.append(workerThread);
addrUnion infServer_addr;
addrUnion infClient_addr;
memcpy(&infServer_addr, &server_addr, sizeof(struct sockaddr_storage));
memcpy(&infClient_addr, &client_addr, sizeof(struct sockaddr_storage));
// get UID from friend using his IP to create worker thread
// if IP is not in DB we close the connection
char friendIp[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &infClient_addr.s6.sin6_addr, friendIp, INET6_ADDRSTRLEN);
ConnectionInitiator* init = ConnectionInitiator::getInstance();
QString friendUid = qSql->getUidFromIP(QHostAddress(QString(friendIp)));
ControlPlaneConnection* cp = init->getConnection(friendUid);
if (friendUid.isEmpty() || cp->getMode() == Closed) {
qDebug() << "friendUId NOT in DB or no control plane connection!";
SSL_shutdown(ssl);
close(fd);
//free(info);
SSL_free(ssl);
ERR_remove_state(0);
qDebug("done, connection closed.");
fflush(stdout);
return;
}
// associate with dataplaneconnection
DataPlaneConnection* dpc = init->getDpConnection(friendUid);
ServerWorker* worker = new ServerWorker(infServer_addr, infClient_addr, ssl, dpc);
worker->moveToThread(workerThread);
connect(workerThread, SIGNAL(started()), worker, SLOT(connection_handle()));
connect(workerThread, SIGNAL(finished()), workerThread, SLOT(deleteLater()));
//connect(worker, SIGNAL(bufferReady(const char*, int)), dpc, SLOT(readBuffer(const char*, int)));
UnixSignalHandler* u = UnixSignalHandler::getInstance();
connect(u, SIGNAL(exiting()), workerThread, SLOT(quit()));
workerThread->start();
}示例8: main
/* The program expects at most four arguments: host in IP format, port
* number to connect to, proxy in IP format and proxy port number.
* If last two are specified, host can be in any format proxy will
* understand (since this is an example for SSL programming, host name
* resolving code is left out).
*
* Default values are "127.0.0.1", 443. If any proxy parameter is
* omitted, the program will connect directly to the host.
*/
int main(int argc, char *argv[])
{
char buffer[4096]; /* This should be dynamically allocated */
const char *request = "GET / HTTP/1.0\r\n\r\n";
BOOL is_ok = FALSE;
X509 *server_cert;
SSL_CTX *ctx;
BIO *bio_err;
SSL *ssl;
if (Init())
{
/* Basic intialization. Next few steps (up to SSL_new()) need
* to be done only once per AmiSSL opener.
*/
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
/* Note: BIO writing routines are prepared for NULL BIO handle */
if((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp_amiga(bio_err, GetStdErr(), BIO_NOCLOSE | BIO_FP_TEXT);
/* Get a new SSL context */
if((ctx = SSL_CTX_new(SSLv23_client_method())) != NULL)
{
/* Basic certificate handling. OpenSSL documentation has more
* information on this.
*/
SSL_CTX_set_default_verify_paths(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
/* The following needs to be done once per socket */
if((ssl = SSL_new(ctx)) != NULL)
{
int sock;
/* Connect to the HTTPS server, directly or through a proxy */
if (argc > 4)
sock = ConnectToServer(argv[1], atol(argv[2]), argv[3],
atol(argv[4]));
else
sock = ConnectToServer(argv[1] ? argv[1] : (char *)"127.0.0.1",
argc > 2 ? atol(argv[2]) : 443,
NULL, 0);
/* Check if connection was established */
if (sock >= 0)
{
int ssl_err = 0;
/* Associate the socket with the ssl structure */
SSL_set_fd(ssl, sock);
/* Perform SSL handshake */
if((ssl_err = SSL_connect(ssl)) >= 0)
{
Printf("SSL connection using %s\n", SSL_get_cipher(ssl));
/* Certificate checking. This example is *very* basic */
if((server_cert = SSL_get_peer_certificate(ssl)))
{
char *str;
Printf("Server certificate:\n");
if((str = X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0)))
{
Printf("\tSubject: %s\n", str);
OPENSSL_free(str);
}
else
FPrintf(GetStdErr(), "Warning: couldn't read subject name in certificate!\n");
if((str = X509_NAME_oneline(X509_get_issuer_name(server_cert),
0, 0)) != NULL)
{
Printf("\tIssuer: %s\n", str);
OPENSSL_free(str);
}
else
FPrintf(GetStdErr(), "Warning: couldn't read issuer name in certificate!\n");
X509_free(server_cert);
/* Send a HTTP request. Again, this is just
* a very basic example.
*/
if ((ssl_err = SSL_write(ssl, request, strlen(request)))
> 0)
{
//.........这里部分代码省略.........
示例9: idevice_connection_enable_ssl
LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection)
{
if (!connection || connection->ssl_data)
return IDEVICE_E_INVALID_ARG;
idevice_error_t ret = IDEVICE_E_SSL_ERROR;
uint32_t return_me = 0;
plist_t pair_record = NULL;
userpref_read_pair_record(connection->udid, &pair_record);
if (!pair_record) {
debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid);
return ret;
}
#ifdef HAVE_OPENSSL
key_data_t root_cert = { NULL, 0 };
key_data_t root_privkey = { NULL, 0 };
pair_record_import_crt_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert);
pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_privkey);
if (pair_record)
plist_free(pair_record);
BIO *ssl_bio = BIO_new(BIO_s_socket());
if (!ssl_bio) {
debug_info("ERROR: Could not create SSL bio.");
return ret;
}
BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method());
if (ssl_ctx == NULL) {
debug_info("ERROR: Could not create SSL context.");
BIO_free(ssl_bio);
return ret;
}
BIO* membp;
X509* rootCert = NULL;
membp = BIO_new_mem_buf(root_cert.data, root_cert.size);
PEM_read_bio_X509(membp, &rootCert, NULL, NULL);
BIO_free(membp);
if (SSL_CTX_use_certificate(ssl_ctx, rootCert) != 1) {
debug_info("WARNING: Could not load RootCertificate");
}
X509_free(rootCert);
free(root_cert.data);
RSA* rootPrivKey = NULL;
membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size);
PEM_read_bio_RSAPrivateKey(membp, &rootPrivKey, NULL, NULL);
BIO_free(membp);
if (SSL_CTX_use_RSAPrivateKey(ssl_ctx, rootPrivKey) != 1) {
debug_info("WARNING: Could not load RootPrivateKey");
}
RSA_free(rootPrivKey);
free(root_privkey.data);
SSL *ssl = SSL_new(ssl_ctx);
if (!ssl) {
debug_info("ERROR: Could not create SSL object");
BIO_free(ssl_bio);
SSL_CTX_free(ssl_ctx);
return ret;
}
SSL_set_connect_state(ssl);
SSL_set_verify(ssl, 0, ssl_verify_callback);
SSL_set_bio(ssl, ssl_bio, ssl_bio);
return_me = SSL_do_handshake(ssl);
if (return_me != 1) {
debug_info("ERROR in SSL_do_handshake: %s", ssl_error_to_string(SSL_get_error(ssl, return_me)));
SSL_free(ssl);
SSL_CTX_free(ssl_ctx);
} else {
ssl_data_t ssl_data_loc = (ssl_data_t)malloc(sizeof(struct ssl_data_private));
ssl_data_loc->session = ssl;
ssl_data_loc->ctx = ssl_ctx;
connection->ssl_data = ssl_data_loc;
ret = IDEVICE_E_SUCCESS;
debug_info("SSL mode enabled, cipher: %s", SSL_get_cipher(ssl));
}
/* required for proper multi-thread clean up to prevent leaks */
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
#else
ssl_data_t ssl_data_loc = (ssl_data_t)malloc(sizeof(struct ssl_data_private));
/* Set up GnuTLS... */
debug_info("enabling SSL mode");
errno = 0;
gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
#if GNUTLS_VERSION_NUMBER >= 0x020b07
gnutls_certificate_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
#else
//.........这里部分代码省略.........
示例10: server_test
//.........这里部分代码省略.........
ret = SSL_read(ssl, input, sizeof(input)-1);
if (ret > 0) {
input[ret] = 0;
printf("Client message: %s\n", input);
}
else if (ret < 0) {
int readErr = SSL_get_error(ssl, 0);
if (readErr != SSL_ERROR_WANT_READ)
err_sys("SSL_read failed");
}
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
err_sys("SSL_write failed");
}
else {
ServerEchoData(ssl, clientfd, echoData, throughput);
}
#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
os_dly_wait(500) ;
#elif defined (CYASSL_TIRTOS)
Task_yield();
#endif
if (doDTLS == 0) {
ret = SSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
SSL_shutdown(ssl); /* bidirectional shutdown */
}
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n",ssl_stats.curAlloc);
fprintf(stderr, "total connection allocs = %d\n",ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
#endif
SSL_free(ssl);
CloseSocket(clientfd);
if (resume == 1 && resumeCount == 0) {
resumeCount++; /* only do one resume for testing */
continue;
}
resumeCount = 0;
if(!loopIndefinitely) {
break; /* out of while loop, done with normal and resume option */
}
} /* while(1) */
CloseSocket(sockfd);
SSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
#endif
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
ShowMemoryTracker();
#endif
#ifdef CYASSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
TicketCleanup();
#endif
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
(void) ourKey;
(void) verifyCert;
(void) doCliCertCheck;
(void) useNtruKey;
(void) ourDhParam;
(void) ourCert;
(void) trackMemory;
#ifndef CYASSL_TIRTOS
return 0;
#endif
}示例11: _SSLConnection
PEGASUS_NAMESPACE_BEGIN
//
// Basic SSL socket
//
SSLSocket::SSLSocket(
SocketHandle socket,
SSLContext * sslcontext,
ReadWriteSem * sslContextObjectLock,
const String& ipAddress)
:
_SSLConnection(0),
_socket(socket),
_SSLContext(sslcontext),
_sslContextObjectLock(sslContextObjectLock),
_ipAddress(ipAddress),
_certificateVerified(false)
{
PEG_METHOD_ENTER(TRC_SSL, "SSLSocket::SSLSocket()");
SSL* sslConnection;
SharedPtr<X509_STORE, FreeX509STOREPtr> tmpCrlStore;
_sslReadErrno = 0;
//
// create the SSLConnection area
//
if (!(sslConnection = SSL_new(_SSLContext->_rep->getContext())))
{
PEG_METHOD_EXIT();
MessageLoaderParms parms(
"Common.TLS.COULD_NOT_GET_SSL_CONNECTION_AREA",
"Could not get SSL Connection Area.");
throw SSLException(parms);
}
// This try/catch block is necessary so that we can free the SSL Connection
// Area if any exceptions are thrown.
try
{
//
// set the verification callback data
//
// we are only storing one set of data, so we can just use index 0,
// this is defined in SSLContext.h
//int index = SSL_get_ex_new_index(
// 0, (void*)"pegasus", NULL, NULL, NULL);
//
// Create a new callback info for each new connection
//
#ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
tmpCrlStore = _SSLContext->_rep->getCRLStore();
#endif
_SSLCallbackInfo.reset(new SSLCallbackInfo(
_SSLContext->getSSLCertificateVerifyFunction(),
tmpCrlStore.get(),
_ipAddress ));
if (SSL_set_ex_data(
sslConnection,
SSLCallbackInfo::SSL_CALLBACK_INDEX,
_SSLCallbackInfo.get()))
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"--->SSL: Set callback info");
}
else
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1,
"--->SSL: Error setting callback info");
}
//
// and connect the active socket with the ssl operation
//
if (!(SSL_set_fd(sslConnection, _socket) ))
{
PEG_METHOD_EXIT();
MessageLoaderParms parms(
"Common.TLS.COULD_NOT_LINK_SOCKET",
"Could not link socket to SSL Connection.");
throw SSLException(parms);
}
}
catch (...)
{
SSL_free(sslConnection);
throw;
}
_SSLConnection = sslConnection;
_crlStore = new SharedPtr<X509_STORE, FreeX509STOREPtr>(tmpCrlStore);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Created SSL socket");
PEG_METHOD_EXIT();
//.........这里部分代码省略.........
示例12: MAIN
//.........这里部分代码省略.........
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv, "-ssl3") == 0)
meth = SSLv3_client_method();
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1") == 0)
meth = TLSv1_client_method();
#endif
else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
badops = 1;
break;
} else {
ciphers = *argv;
}
argc--;
argv++;
}
if (badops) {
for (pp = ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (!verbose) {
for (i = 0;; i++) {
p = SSL_get_cipher_list(ssl, i);
if (p == NULL)
break;
if (i != 0)
BIO_printf(STDout, ":");
BIO_printf(STDout, "%s", p);
}
BIO_printf(STDout, "\n");
} else { /* verbose */
sk = SSL_get_ciphers(ssl);
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x02000000L) {
/* SSL2 cipher */
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1,
id2, id3);
} else if ((id & 0xff000000L) == 0x03000000L) {
/* SSL3 cipher */
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2,
id3);
} else {
/* whatever */
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
id1, id2, id3);
}
}
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
ret = 0;
if (0) {
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (ctx != NULL)
SSL_CTX_free(ctx);
if (ssl != NULL)
SSL_free(ssl);
if (STDout != NULL)
BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}示例13: ftp_login
/* {{{ ftp_login
*/
int
ftp_login(ftpbuf_t *ftp, const char *user, const char *pass)
{
#ifdef HAVE_FTP_SSL
SSL_CTX *ctx = NULL;
long ssl_ctx_options = SSL_OP_ALL;
int err, res;
zend_bool retry;
#endif
if (ftp == NULL) {
return 0;
}
#ifdef HAVE_FTP_SSL
if (ftp->use_ssl && !ftp->ssl_active) {
if (!ftp_putcmd(ftp, "AUTH", "TLS")) {
return 0;
}
if (!ftp_getresp(ftp)) {
return 0;
}
if (ftp->resp != 234) {
if (!ftp_putcmd(ftp, "AUTH", "SSL")) {
return 0;
}
if (!ftp_getresp(ftp)) {
return 0;
}
if (ftp->resp != 334) {
return 0;
} else {
ftp->old_ssl = 1;
ftp->use_ssl_for_data = 1;
}
}
ctx = SSL_CTX_new(SSLv23_client_method());
if (ctx == NULL) {
php_error_docref(NULL, E_WARNING, "failed to create the SSL context");
return 0;
}
#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
SSL_CTX_set_options(ctx, ssl_ctx_options);
ftp->ssl_handle = SSL_new(ctx);
if (ftp->ssl_handle == NULL) {
php_error_docref(NULL, E_WARNING, "failed to create the SSL handle");
SSL_CTX_free(ctx);
return 0;
}
SSL_set_fd(ftp->ssl_handle, ftp->fd);
do {
res = SSL_connect(ftp->ssl_handle);
err = SSL_get_error(ftp->ssl_handle, res);
/* TODO check if handling other error codes would make sense */
switch (err) {
case SSL_ERROR_NONE:
retry = 0;
break;
case SSL_ERROR_ZERO_RETURN:
retry = 0;
SSL_shutdown(ftp->ssl_handle);
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE: {
php_pollfd p;
int i;
p.fd = ftp->fd;
p.events = (err == SSL_ERROR_WANT_READ) ? (POLLIN|POLLPRI) : POLLOUT;
p.revents = 0;
i = php_poll2(&p, 1, 300);
retry = i > 0;
}
break;
default:
php_error_docref(NULL, E_WARNING, "SSL/TLS handshake failed");
SSL_shutdown(ftp->ssl_handle);
SSL_free(ftp->ssl_handle);
return 0;
}
} while (retry);
ftp->ssl_active = 1;
//.........这里部分代码省略.........
示例14: data_accept
/* {{{ data_accept
*/
databuf_t*
data_accept(databuf_t *data, ftpbuf_t *ftp)
{
php_sockaddr_storage addr;
socklen_t size;
#ifdef HAVE_FTP_SSL
SSL_CTX *ctx;
zend_long ssl_ctx_options = SSL_OP_ALL;
int err, res;
zend_bool retry;
#endif
if (data->fd != -1) {
goto data_accepted;
}
size = sizeof(addr);
data->fd = my_accept(ftp, data->listener, (struct sockaddr*) &addr, &size);
closesocket(data->listener);
data->listener = -1;
if (data->fd == -1) {
efree(data);
return NULL;
}
data_accepted:
#ifdef HAVE_FTP_SSL
/* now enable ssl if we need to */
if (ftp->use_ssl && ftp->use_ssl_for_data) {
ctx = SSL_CTX_new(SSLv23_client_method());
if (ctx == NULL) {
php_error_docref(NULL, E_WARNING, "data_accept: failed to create the SSL context");
return 0;
}
#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
SSL_CTX_set_options(ctx, ssl_ctx_options);
data->ssl_handle = SSL_new(ctx);
if (data->ssl_handle == NULL) {
php_error_docref(NULL, E_WARNING, "data_accept: failed to create the SSL handle");
SSL_CTX_free(ctx);
return 0;
}
SSL_set_fd(data->ssl_handle, data->fd);
if (ftp->old_ssl) {
SSL_copy_session_id(data->ssl_handle, ftp->ssl_handle);
}
do {
res = SSL_connect(data->ssl_handle);
err = SSL_get_error(data->ssl_handle, res);
switch (err) {
case SSL_ERROR_NONE:
retry = 0;
break;
case SSL_ERROR_ZERO_RETURN:
retry = 0;
SSL_shutdown(data->ssl_handle);
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE: {
php_pollfd p;
int i;
p.fd = ftp->fd;
p.events = (err == SSL_ERROR_WANT_READ) ? (POLLIN|POLLPRI) : POLLOUT;
p.revents = 0;
i = php_poll2(&p, 1, 300);
retry = i > 0;
}
break;
default:
php_error_docref(NULL, E_WARNING, "data_accept: SSL/TLS handshake failed");
SSL_shutdown(data->ssl_handle);
SSL_free(data->ssl_handle);
return 0;
}
} while (retry);
data->ssl_active = 1;
}
#endif
//.........这里部分代码省略.........
示例15: main
int main(int argc, char *argv[])
{
/* deletes existeng ecents */
remove("ecents.txt");
SSL_CTX *ctx;
int type, server, localport, proxyport, bankport;
int i = 0;
SSL *ssl;
char buf[1024];
char buf2[33000];
int bytes;
char *proxyhost;
char *bankhost;
if ( argc <6 )
{
printf("usage: type localport proxyhost proxyport bankhost bankport \n");
exit(0);
}
/* initialises SSL library and copies line arguments */
SSL_library_init();
type = atoi(argv[1]);
localport=atoi(argv[2]);
proxyhost=argv[3];
proxyport = atoi(argv[4]);
bankhost = argv[5];
bankport = atoi(argv[6]);
registrationrequest(type, localport, proxyhost, proxyport);
int requestedecents = 1000;
while(1){
char msg[1024];
bzero(msg,1024);
ctx = InitCTX();
if(i == 0){
printf("\nrequested number of eCents: \n");
wait(3);
printf("\t%i\n", requestedecents);
wait(3);
sprintf(msg,"%c%i",'0',requestedecents);
server = OpenConnection(bankhost, localport, bankport);
}
else{
printf("\ninput:\n");
strcpy(msg, geteCent());
if(strlen(msg) != 32){
printf("no eCents\n");
}
else {
strcat(msg, getData());
server = OpenConnection(proxyhost, localport, proxyport);
}
}
/* creates ssl context and sets socket to it*/
ssl = SSL_new(ctx);
SSL_set_fd(ssl, server);
if ( SSL_connect(ssl) == -1 ){
ERR_print_errors_fp(stderr);
printf("connection error\n");
}
else
{
printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
printf("sending: %s\n", msg);
ShowCerts(ssl);
/* Write to Bank to verify ecent */
SSL_write(ssl, msg, sizeof(msg));
if(i == 0){
bzero(buf2, 33000);
/* Read from Bank, confirm verification*/
bytes = SSL_read(ssl, buf2, sizeof(buf2));
if(bytes < 1)
{
printf("Exit read error from Bank\n");
exit(1);
}
buf2[bytes] = '\0';
printf("eCents received: %s\n", buf2);
puteCents(buf2);
}
else{
/* Reads from Collector*/
bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
buf[bytes] = '\0';
if(bytes < 1)
{
printf("Exit: read error from Analyst\n");
exit(1);
}
if(strcmp(buf, "invalid eCent") == 0)
printf("\n%s\n", buf);
else
printf("\naverage: %s\n", buf);
}
SSL_free(ssl);
}
sleep(1);
close(server);
//.........这里部分代码省略.........