本文整理汇总了C++中SSL_get_error函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_get_error函数的具体用法?C++ SSL_get_error怎么用?C++ SSL_get_error使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_get_error函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: handle_data
static int handle_data(SSL *ssl)
{
int retval;
char sendbuf[1024] = {0};
fprintf (stderr, "%s(): received a call...\n", __func__);
strncpy (sendbuf, "MSG from CLIENT: Hello Server!\n", sizeof (sendbuf));
while (1)
{
retval = SSL_write (ssl, sendbuf, sizeof (sendbuf));
fprintf (stderr, "%s: %s(): count: %d\n", __FILE__, __func__, retval);
switch (SSL_get_error (ssl, retval))
{
case SSL_ERROR_NONE:
if (retval == sizeof (sendbuf))
{
fprintf (stderr, "%s(): Am done with my write\n", __func__);
goto WRITEDONE;
}
break;
case SSL_ERROR_WANT_READ:
fprintf (stderr, "%s: %s(): Want read - am now @ %d\n", __FILE__, __func__, __LINE__);
break;
case SSL_ERROR_WANT_X509_LOOKUP:
case SSL_ERROR_WANT_WRITE:
fprintf (stderr, "%s: %s(): Want write - am now @ %d\n", __FILE__, __func__, __LINE__);
break;
case SSL_ERROR_ZERO_RETURN:
goto WRITEDONE;
case SSL_ERROR_SSL:
case SSL_ERROR_SYSCALL:
dtls_report_err ("%s: %s(): Data send failed.\n", __FILE__, __func__);
return -1;
}
}
WRITEDONE:
memset (sendbuf, 0, sizeof (sendbuf));
for (;;)
{
retval = SSL_read (ssl, sendbuf, sizeof (sendbuf));
switch (SSL_get_error (ssl, retval))
{
case SSL_ERROR_NONE:
write (fileno (stderr), sendbuf, (unsigned int )retval);
if (SSL_pending (ssl))
{
fprintf (stderr, "%s(): Some more stuff yet to come... letz wait for "\
"that..\n", __func__);
break;
}
else
{
fprintf (stderr, "%s(): mmm ... no more to come... letz finish it "\
"off...\n", __func__);
return 0;
}
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_X509_LOOKUP:
fprintf (stderr, "%s: %s(): Read BLOCK - am now @ %d\n", __FILE__, __func__, __LINE__);
break;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
dtls_report_err ("%s: %s(): Data READ failed - am now @ %d\n", __FILE__, __func__, \
__LINE__);
return -1;
case SSL_ERROR_ZERO_RETURN:
fprintf (stderr, "%s: %s(): Am DONE\n", __FILE__, __func__);
return 0;
}
}
return 0;
}示例2: CreateSslSocket
void
CreateSslSocket(int argc, char **argv)
{
struct hostent *hp;
unsigned long hostAddr = 0;
int serverport = atoi(argv[2]);
int fd = 0;
struct sockaddr_in inaddr;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
// create ip socket
//
if((fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
{
printf("unable to create a socket %s\n", strerror(errno));
exit(0);
}
// reuse the socket address if possible
//
int yes = 1;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,(char*) &yes, sizeof(yes))
== -1)
{
printf("couldn't set the SO_REUSEADDR: %s\n", strerror(errno));
}
// connect to the server
//
if((hp = gethostbyname(argv[1])) == NULL)
{
printf("unable to resolve host address(%s)\n", argv[1]);
exit(0);
}
hostAddr = ((struct in_addr*)hp->h_addr)->s_addr;
inaddr.sin_family = AF_INET;
inaddr.sin_addr.s_addr = hostAddr;
inaddr.sin_port = htons(serverport);
if(connect(fd, (struct sockaddr*)&inaddr, sizeof(inaddr)) == -1)
{
printf("unable to connect to the server(%s)\n", strerror(errno));
close(fd);
exit(0);
}
// Create SSL context and setup with fd
//
ssl_ctx = SSL_CTX_new(TLSv1_client_method());
ssl = SSL_new(ssl_ctx);
// set the servername per ssl context
//
if (strlen(argv[3])) {
if (!SSL_set_tlsext_host_name(ssl, argv[3])) {
char buf[160];
printf("Error with SSL_set_tlsext_host_name: %s\n",
ERR_error_string(ERR_get_error(), buf));
exit(0);
}
}
SSL_set_fd(ssl, fd);
int ret = SSL_connect(ssl);
if (ret <=0) {
char buf[250];
printf("Error connecting via SSL: %s\n",
ERR_error_string(SSL_get_error(ssl, ret), buf));
SSL_free(ssl);
SSL_CTX_free(ssl_ctx);
close(fd);
return;
}
// print out the CN, OU, emailAddress
//
// get the server cert
//
X509* servercert = SSL_get_peer_certificate(ssl);
// get the subject
//
X509_NAME* subject = X509_get_subject_name(servercert);
// get the various components within subject
//
char sbuf[256];
int sbuflen = sizeof(sbuf);
printf("Server certificate\n");
if (X509_NAME_get_text_by_NID(subject, NID_commonName, sbuf, sbuflen) != -1)
{
printf("CN: %s\n", sbuf);
} else {
printf("CN: NOT FOUND\n");
}
if (X509_NAME_get_text_by_NID(subject, NID_organizationName,
sbuf, sbuflen) != -1)
{
//.........这里部分代码省略.........
示例3: tls_connect
/*
* wrapper around SSL_connect, returns 0 on success, -1 on error
*/
static int tls_connect(struct tcp_connection *c, short *poll_events)
{
int ret, err;
SSL *ssl;
X509* cert;
if ( (c->proto_flags&F_TLS_DO_CONNECT)==0 ) {
LM_BUG("invalid connection state (bug in TLS code)\n");
return -1;
}
ssl = (SSL *) c->extra_data;
ret = SSL_connect(ssl);
if (ret > 0) {
LM_INFO("New TLS connection to %s:%d established\n",
ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
c->proto_flags &= ~F_TLS_DO_CONNECT;
LM_DBG("new TLS connection to %s:%d using %s %s %d\n",
ip_addr2a(&c->rcv.src_ip), c->rcv.src_port,
SSL_get_cipher_version(ssl), SSL_get_cipher_name(ssl),
SSL_get_cipher_bits(ssl, 0)
);
LM_DBG("sending socket: %s:%d \n",
ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port
);
cert = SSL_get_peer_certificate(ssl);
if (cert != 0) {
tls_dump_cert_info("tls_connect: server TLS certificate", cert);
if (SSL_get_verify_result(ssl) != X509_V_OK) {
LM_WARN("TLS server certificate verification failed\n");
tls_dump_verification_failure(SSL_get_verify_result(ssl));
}
X509_free(cert);
} else {
/* this should not happen, servers always present a cert */
LM_ERR("server did not present a TLS certificate\n");
}
cert = SSL_get_certificate(ssl);
if (cert != 0) {
tls_dump_cert_info("tls_connect: local TLS client certificate",
cert);
} else {
LM_INFO("local TLS client domain does not have a certificate\n");
}
return 0;
} else {
err = SSL_get_error(ssl, ret);
switch (err) {
case SSL_ERROR_ZERO_RETURN:
LM_INFO("New TLS connection to %s:%d failed cleanly\n",
ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
c->state = S_CONN_BAD;
return -1;
case SSL_ERROR_WANT_READ:
if (poll_events)
*poll_events = POLLIN;
return 0;
case SSL_ERROR_WANT_WRITE:
if (poll_events)
*poll_events = POLLOUT;
return 0;
case SSL_ERROR_SYSCALL:
LM_ERR("SSL_ERROR_SYSCALL err=%s(%d)\n",
strerror(errno), errno);
default:
LM_ERR("New TLS connection to %s:%d failed\n",
ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
LM_ERR("TLS error: %d (ret=%d) err=%s(%d)\n",
err,ret,strerror(errno), errno);
c->state = S_CONN_BAD;
tls_print_errstack();
return -1;
}
}
LM_BUG("bug\n");
return -1;
}示例4: cyassl_connect_step2
static CURLcode
cyassl_connect_step2(struct connectdata *conn,
int sockindex)
{
int ret = -1;
struct SessionHandle *data = conn->data;
struct ssl_connect_data* conssl = &conn->ssl[sockindex];
infof(data, "CyaSSL: Connecting to %s:%d\n",
conn->host.name, conn->remote_port);
conn->recv[sockindex] = cyassl_recv;
conn->send[sockindex] = cyassl_send;
/* Enable RFC2818 checks */
if(data->set.ssl.verifyhost) {
ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name);
if(ret == SSL_FAILURE)
return CURLE_OUT_OF_MEMORY;
}
ret = SSL_connect(conssl->handle);
if(ret != 1) {
char error_buffer[80];
int detail = SSL_get_error(conssl->handle, ret);
if(SSL_ERROR_WANT_READ == detail) {
conssl->connecting_state = ssl_connect_2_reading;
return CURLE_OK;
}
else if(SSL_ERROR_WANT_WRITE == detail) {
conssl->connecting_state = ssl_connect_2_writing;
return CURLE_OK;
}
/* There is no easy way to override only the CN matching.
* This will enable the override of both mismatching SubjectAltNames
* as also mismatching CN fields */
else if(DOMAIN_NAME_MISMATCH == detail) {
#if 1
failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
conn->host.dispname);
return CURLE_PEER_FAILED_VERIFICATION;
#else
/* When the CyaSSL_check_domain_name() is used and you desire to continue
* on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0',
* CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
* way to do this is currently to switch the CyaSSL_check_domain_name()
* in and out based on the 'data->set.ssl.verifyhost' value. */
if(data->set.ssl.verifyhost) {
failf(data,
"\tsubject alt name(s) or common name do not match \"%s\"\n",
conn->host.dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
else {
infof(data,
"\tsubject alt name(s) and/or common name do not match \"%s\"\n",
conn->host.dispname);
return CURLE_OK;
}
#endif
}
#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
else if(ASN_NO_SIGNER_E == detail) {
if(data->set.ssl.verifypeer) {
failf(data, "\tCA signer not available for verification\n");
return CURLE_SSL_CACERT_BADFILE;
}
else {
/* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "CA signer not available for verification, "
"continuing anyway\n");
}
}
#endif
else {
failf(data, "SSL_connect failed with error %d: %s", detail,
ERR_error_string(detail, error_buffer));
return CURLE_SSL_CONNECT_ERROR;
}
}
conssl->connecting_state = ssl_connect_3;
infof(data, "SSL connected\n");
return CURLE_OK;
}示例5: LOG
void Socket::_handleSendError(int ret, const char* context) {
#ifdef MONGO_SSL
if (_ssl) {
LOG(_logLevel) << "SSL Error ret: " << ret << " err: " << SSL_get_error(_ssl , ret)
<< " " << ERR_error_string(ERR_get_error(), NULL)
<< endl;
throw SocketException(SocketException::SEND_ERROR , remoteString());
}
#endif
#if defined(_WIN32)
const int mongo_errno = WSAGetLastError();
if ( mongo_errno == WSAETIMEDOUT && _timeout != 0 ) {
#else
const int mongo_errno = errno;
if ( ( mongo_errno == EAGAIN || mongo_errno == EWOULDBLOCK ) && _timeout != 0 ) {
#endif
LOG(_logLevel) << "Socket " << context <<
" send() timed out " << remoteString() << endl;
throw SocketException(SocketException::SEND_TIMEOUT , remoteString());
}
else {
LOG(_logLevel) << "Socket " << context << " send() "
<< errnoWithDescription(mongo_errno) << ' ' << remoteString() << endl;
throw SocketException(SocketException::SEND_ERROR , remoteString());
}
}
void Socket::_handleRecvError(int ret, int len, int* retries) {
if (ret == 0) {
LOG(3) << "Socket recv() conn closed? " << remoteString() << endl;
throw SocketException(SocketException::CLOSED , remoteString());
}
// ret < 0
#ifdef MONGO_SSL
if (_ssl) {
LOG(_logLevel) << "SSL Error ret: " << ret << " err: " << SSL_get_error(_ssl , ret)
<< " " << ERR_error_string(ERR_get_error(), NULL)
<< endl;
throw SocketException(SocketException::RECV_ERROR, remoteString());
}
#endif
#if defined(_WIN32)
int e = WSAGetLastError();
#else
int e = errno;
# if defined(EINTR)
if (e == EINTR) {
LOG(_logLevel) << "EINTR retry " << ++*retries << endl;
return;
}
# endif
#endif
#if defined(_WIN32)
// Windows
if ((e == EAGAIN || e == WSAETIMEDOUT) && _timeout > 0) {
#else
if (e == EAGAIN && _timeout > 0) {
#endif
// this is a timeout
LOG(_logLevel) << "Socket recv() timeout " << remoteString() <<endl;
throw SocketException(SocketException::RECV_TIMEOUT, remoteString());
}
LOG(_logLevel) << "Socket recv() " <<
errnoWithDescription(e) << " " << remoteString() <<endl;
throw SocketException(SocketException::RECV_ERROR , remoteString());
}
void Socket::setTimeout( double secs ) {
setSockTimeouts( _fd, secs );
}
#if defined(_WIN32)
struct WinsockInit {
WinsockInit() {
WSADATA d;
if ( WSAStartup(MAKEWORD(2,2), &d) != 0 ) {
out() << "ERROR: wsastartup failed " << errnoWithDescription() << endl;
problem() << "ERROR: wsastartup failed " << errnoWithDescription() << endl;
_exit(EXIT_NTSERVICE_ERROR);
}
}
} winsock_init;
#endif
} // namespace mongo示例6: ssl_write
static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
{
int ret, r = 0;
int retry_reason = 0;
SSL *ssl;
BIO_SSL *bs;
if (buf == NULL)
return 0;
bs = BIO_get_data(b);
ssl = bs->ssl;
BIO_clear_retry_flags(b);
ret = ssl_write_internal(ssl, buf, size, written);
switch (SSL_get_error(ssl, ret)) {
case SSL_ERROR_NONE:
if (bs->renegotiate_count > 0) {
bs->byte_count += *written;
if (bs->byte_count > bs->renegotiate_count) {
bs->byte_count = 0;
bs->num_renegotiates++;
SSL_renegotiate(ssl);
r = 1;
}
}
if ((bs->renegotiate_timeout > 0) && (!r)) {
unsigned long tm;
tm = (unsigned long)time(NULL);
if (tm > bs->last_time + bs->renegotiate_timeout) {
bs->last_time = tm;
bs->num_renegotiates++;
SSL_renegotiate(ssl);
}
}
break;
case SSL_ERROR_WANT_WRITE:
BIO_set_retry_write(b);
break;
case SSL_ERROR_WANT_READ:
BIO_set_retry_read(b);
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_set_retry_special(b);
retry_reason = BIO_RR_SSL_X509_LOOKUP;
break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_CONNECT;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
default:
break;
}
BIO_set_retry_reason(b, retry_reason);
return ret;
}示例7: ssl_ctrl
//.........这里部分代码省略.........
case BIO_C_GET_SSL:
if (ptr != NULL) {
sslp = (SSL **)ptr;
*sslp = ssl;
} else
ret = 0;
break;
case BIO_CTRL_GET_CLOSE:
ret = BIO_get_shutdown(b);
break;
case BIO_CTRL_SET_CLOSE:
BIO_set_shutdown(b, (int)num);
break;
case BIO_CTRL_WPENDING:
ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
break;
case BIO_CTRL_PENDING:
ret = SSL_pending(ssl);
if (ret == 0)
ret = BIO_pending(ssl->rbio);
break;
case BIO_CTRL_FLUSH:
BIO_clear_retry_flags(b);
ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_PUSH:
if ((next != NULL) && (next != ssl->rbio)) {
/*
* We are going to pass ownership of next to the SSL object...but
* we don't own a reference to pass yet - so up ref
*/
BIO_up_ref(next);
SSL_set_bio(ssl, next, next);
}
break;
case BIO_CTRL_POP:
/* Only detach if we are the BIO explicitly being popped */
if (b == ptr) {
/* This will clear the reference we obtained during push */
SSL_set_bio(ssl, NULL, NULL);
}
break;
case BIO_C_DO_STATE_MACHINE:
BIO_clear_retry_flags(b);
BIO_set_retry_reason(b, 0);
ret = (int)SSL_do_handshake(ssl);
switch (SSL_get_error(ssl, (int)ret)) {
case SSL_ERROR_WANT_READ:
BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
break;
case SSL_ERROR_WANT_WRITE:
BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
BIO_set_retry_reason(b, BIO_get_retry_reason(next));
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_set_retry_special(b);
BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
break;
default:
break;
}
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
dbs = BIO_get_data(dbio);
SSL_free(dbs->ssl);
dbs->ssl = SSL_dup(ssl);
dbs->num_renegotiates = bs->num_renegotiates;
dbs->renegotiate_count = bs->renegotiate_count;
dbs->byte_count = bs->byte_count;
dbs->renegotiate_timeout = bs->renegotiate_timeout;
dbs->last_time = bs->last_time;
ret = (dbs->ssl != NULL);
break;
case BIO_C_GET_FD:
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
break;
case BIO_CTRL_SET_CALLBACK:
ret = 0; /* use callback ctrl */
break;
case BIO_CTRL_GET_CALLBACK:
{
void (**fptr) (const SSL *xssl, int type, int val);
fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
*fptr = SSL_get_info_callback(ssl);
}
break;
default:
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
break;
}
return ret;
}示例8: open_server_SSL
/*
* Attempt to negotiate SSL connection.
*/
static int
open_server_SSL(Port *port)
{
int r;
int err;
Assert(!port->ssl);
Assert(!port->peer);
if (!(port->ssl = SSL_new(SSL_context)))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not initialize SSL connection: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
if (!my_SSL_set_fd(port->ssl, port->sock))
{
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not set SSL socket: %s",
SSLerrmessage())));
close_SSL(port);
return -1;
}
aloop:
r = SSL_accept(port->ssl);
if (r <= 0)
{
err = SSL_get_error(port->ssl, r);
switch (err)
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto aloop;
case SSL_ERROR_SYSCALL:
if (r < 0)
ereport(COMMERROR,
(errcode_for_socket_access(),
errmsg("could not accept SSL connection: %m")));
else
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: EOF detected")));
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: %s",
SSLerrmessage())));
break;
case SSL_ERROR_ZERO_RETURN:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("could not accept SSL connection: EOF detected")));
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
break;
}
close_SSL(port);
return -1;
}
port->count = 0;
/* get client certificate, if available. */
port->peer = SSL_get_peer_certificate(port->ssl);
if (port->peer == NULL)
{
strlcpy(port->peer_dn, "(anonymous)", sizeof(port->peer_dn));
strlcpy(port->peer_cn, "(anonymous)", sizeof(port->peer_cn));
}
else
{
X509_NAME_oneline(X509_get_subject_name(port->peer),
port->peer_dn, sizeof(port->peer_dn));
port->peer_dn[sizeof(port->peer_dn) - 1] = '\0';
r = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer),
NID_commonName, port->peer_cn, sizeof(port->peer_cn));
port->peer_cn[sizeof(port->peer_cn) - 1] = '\0';
if (r == -1)
{
/* Unable to get the CN, set it to blank so it can't be used */
port->peer_cn[0] = '\0';
//.........这里部分代码省略.........
示例9: lws_server_socket_service
//.........这里部分代码省略.........
if ((context->protocols[0].callback)(context, wsi,
LWS_CALLBACK_FILTER_NETWORK_CONNECTION,
NULL, (void *)(long)accept_fd, 0)) {
lwsl_debug("Callback denied network connection\n");
compatible_close(accept_fd);
break;
}
new_wsi = libwebsocket_create_new_server_wsi(context);
if (new_wsi == NULL) {
compatible_close(accept_fd);
break;
}
new_wsi->sock = accept_fd;
#ifdef LWS_OPENSSL_SUPPORT
new_wsi->ssl = NULL;
if (!context->use_ssl) {
#endif
lwsl_debug("accepted new conn port %u on fd=%d\n",
ntohs(cli_addr.sin_port), accept_fd);
insert_wsi_socket_into_fds(context, new_wsi);
break;
#ifdef LWS_OPENSSL_SUPPORT
}
new_wsi->ssl = SSL_new(context->ssl_ctx);
if (new_wsi->ssl == NULL) {
lwsl_err("SSL_new failed: %s\n",
ERR_error_string(SSL_get_error(
new_wsi->ssl, 0), NULL));
libwebsockets_decode_ssl_error();
free(new_wsi);
compatible_close(accept_fd);
break;
}
SSL_set_ex_data(new_wsi->ssl,
openssl_websocket_private_data_index, context);
SSL_set_fd(new_wsi->ssl, accept_fd);
#ifdef USE_CYASSL
CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
#else
bio = SSL_get_rbio(new_wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
bio = SSL_get_wbio(new_wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
#endif
/*
* we are not accepted yet, but we need to enter ourselves
* as a live connection. That way we can retry when more
* pieces come if we're not sorted yet
*/示例10: secure_write
/*
* Write data to a secure connection.
*/
ssize_t
secure_write(Port *port, void *ptr, size_t len)
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
{
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (SSL_do_handshake(port->ssl) <= 0)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
if (port->ssl->state != SSL_ST_OK)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL failed to send renegotiation request")));
port->ssl->state |= SSL_ST_ACCEPT;
SSL_do_handshake(port->ssl);
if (port->ssl->state != SSL_ST_OK)
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL renegotiation failure")));
port->count = 0;
}
wloop:
errno = 0;
n = SSL_write(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto wloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
n = -1;
break;
}
}
else
#endif
n = send(port->sock, ptr, len, 0);
return n;
}示例11: secure_read
/*
* Read data from a secure connection.
*/
ssize_t
secure_read(Port *port, void *ptr, size_t len)
{
ssize_t n;
#ifdef USE_SSL
if (port->ssl)
{
int err;
rloop:
errno = 0;
n = SSL_read(port->ssl, ptr, len);
err = SSL_get_error(port->ssl, n);
switch (err)
{
case SSL_ERROR_NONE:
port->count += n;
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
if (port->noblock)
{
errno = EWOULDBLOCK;
n = -1;
break;
}
#ifdef WIN32
pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
(err == SSL_ERROR_WANT_READ) ?
FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
INFINITE);
#endif
goto rloop;
case SSL_ERROR_SYSCALL:
/* leave it to caller to ereport the value of errno */
if (n != -1)
{
errno = ECONNRESET;
n = -1;
}
break;
case SSL_ERROR_SSL:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("SSL error: %s", SSLerrmessage())));
/* fall through */
case SSL_ERROR_ZERO_RETURN:
errno = ECONNRESET;
n = -1;
break;
default:
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("unrecognized SSL error code: %d",
err)));
n = -1;
break;
}
}
else
#endif
{
prepare_for_client_read();
n = recv(port->sock, ptr, len, 0);
client_read_ended();
}
return n;
}示例12: mqtt3_socket_accept
//.........这里部分代码省略.........
/* If either fcntl fails, don't want to allow this client to connect. */
close(new_sock);
return -1;
}
#else
if(ioctlsocket(new_sock, FIONBIO, &opt)){
closesocket(new_sock);
return INVALID_SOCKET;
}
#endif
#ifdef WITH_WRAP
/* Use tcpd / libwrap to determine whether a connection is allowed. */
request_init(&wrap_req, RQ_FILE, new_sock, RQ_DAEMON, "mosquitto", 0);
fromhost(&wrap_req);
if(!hosts_access(&wrap_req)){
/* Access is denied */
_mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "Client connection denied access by tcpd.");
COMPAT_CLOSE(new_sock);
return -1;
}else{
#endif
new_context = mqtt3_context_init(new_sock);
if(!new_context){
COMPAT_CLOSE(new_sock);
return -1;
}
for(i=0; i<db->config->listener_count; i++){
for(j=0; j<db->config->listeners[i].sock_count; j++){
if(db->config->listeners[i].socks[j] == listensock){
new_context->listener = &db->config->listeners[i];
break;
}
}
}
if(!new_context->listener){
COMPAT_CLOSE(new_sock);
return -1;
}
if(new_context->listener->max_connections > 0 && new_context->listener->client_count >= new_context->listener->max_connections){
COMPAT_CLOSE(new_sock);
return -1;
}
_mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "New connection from %s.", new_context->address);
for(i=0; i<db->context_count; i++){
if(db->contexts[i] == NULL){
db->contexts[i] = new_context;
break;
}
}
if(i==db->context_count){
tmp_contexts = _mosquitto_realloc(db->contexts, sizeof(struct mosquitto*)*(db->context_count+1));
if(tmp_contexts){
db->context_count++;
db->contexts = tmp_contexts;
db->contexts[db->context_count-1] = new_context;
}else{
mqtt3_context_cleanup(NULL, new_context, true);
}
}
new_context->listener->client_count++;
#ifdef WITH_TLS
/* TLS init */
for(i=0; i<db->config->listener_count; i++){
for(j=0; j<db->config->listeners[i].sock_count; j++){
if(db->config->listeners[i].socks[j] == listensock){
if(db->config->listeners[i].ssl_ctx){
new_context->ssl = SSL_new(db->config->listeners[i].ssl_ctx);
if(!new_context->ssl){
COMPAT_CLOSE(new_sock);
return -1;
}
SSL_set_ex_data(new_context->ssl, tls_ex_index_context, new_context);
SSL_set_ex_data(new_context->ssl, tls_ex_index_listener, &db->config->listeners[i]);
new_context->want_read = true;
new_context->want_write = true;
bio = BIO_new_socket(new_sock, BIO_NOCLOSE);
SSL_set_bio(new_context->ssl, bio, bio);
rc = SSL_accept(new_context->ssl);
if(rc != 1){
rc = SSL_get_error(new_context->ssl, rc);
if(rc == SSL_ERROR_WANT_READ){
new_context->want_read = true;
}else if(rc == SSL_ERROR_WANT_WRITE){
new_context->want_write = true;
}
}
}
}
}
}
#endif
#ifdef WITH_WRAP
}
#endif
return new_sock;
}示例13: Test_OpenSSL_ClientServerAuth
//.........这里部分代码省略.........
server_ssl = SSL_new(server_ctx);
if (server_ssl == NULL) goto cleanup;
SSL_set_fd (server_ssl, server_sd);
//Create server bio and set as non-blocking
BIO* server_bio = BIO_new(BIO_s_socket());
if (server_bio == NULL) goto cleanup;
//CHK_NULL(bio);
BIO_set_nbio(server_bio,1);
BIO_set_fd(server_bio, server_sd, BIO_NOCLOSE);
SSL_set_bio(server_ssl,server_bio,server_bio);
// create client ssl & connect
client_ssl = SSL_new(client_ctx);
if (client_ssl == NULL) goto cleanup;
SSL_set_fd(client_ssl, client_sd);
//Create client bio and set as non-blocking
BIO* client_bio = BIO_new(BIO_s_socket());
if (client_bio == NULL) goto cleanup;
BIO_set_nbio(client_bio,1);
BIO_set_fd(client_bio, client_sd, BIO_NOCLOSE);
SSL_set_bio(client_ssl,client_bio,client_bio);
// loop until server accepts ssl client connect
int ssl_err =0;
do
{
err = SSL_connect(client_ssl);
if (err <= 0)
{
ssl_err = SSL_get_error(client_ssl,err);
TINYCLR_SSL_PRINTF("SSL_Connect error: %d\n", ssl_err);
}
Events_WaitForEvents(0,1000);
err = SSL_accept (server_ssl);
if (err <= 0)
{
ssl_err = SSL_get_error(server_ssl, err);
TINYCLR_SSL_PRINTF("SSL_Accept error: %d\n", ssl_err);
}
Events_WaitForEvents(0,1000);
} while (err != 1);
//Get the cipher - opt
TINYCLR_SSL_PRINTF("SSL connection using %s\n", SSL_get_cipher (server_ssl));
//Get client's certificate (note: beware of dynamic allocation) - opt
client_cert = SSL_get_peer_certificate (server_ssl);
if (client_cert != NULL)
{
TINYCLR_SSL_PRINTF("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
if (str == NULL) goto cleanup;
TINYCLR_SSL_PRINTF("subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
if (str == NULL) goto cleanup;
TINYCLR_SSL_PRINTF("issuer: %s\n", str);
OPENSSL_free (str);
示例14: ssl_read
static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
{
int ret = 1;
BIO_SSL *sb;
SSL *ssl;
int retry_reason = 0;
int r = 0;
if (buf == NULL)
return 0;
sb = BIO_get_data(b);
ssl = sb->ssl;
BIO_clear_retry_flags(b);
ret = ssl_read_internal(ssl, buf, size, readbytes);
switch (SSL_get_error(ssl, ret)) {
case SSL_ERROR_NONE:
if (sb->renegotiate_count > 0) {
sb->byte_count += *readbytes;
if (sb->byte_count > sb->renegotiate_count) {
sb->byte_count = 0;
sb->num_renegotiates++;
SSL_renegotiate(ssl);
r = 1;
}
}
if ((sb->renegotiate_timeout > 0) && (!r)) {
unsigned long tm;
tm = (unsigned long)time(NULL);
if (tm > sb->last_time + sb->renegotiate_timeout) {
sb->last_time = tm;
sb->num_renegotiates++;
SSL_renegotiate(ssl);
}
}
break;
case SSL_ERROR_WANT_READ:
BIO_set_retry_read(b);
break;
case SSL_ERROR_WANT_WRITE:
BIO_set_retry_write(b);
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_set_retry_special(b);
retry_reason = BIO_RR_SSL_X509_LOOKUP;
break;
case SSL_ERROR_WANT_ACCEPT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_ACCEPT;
break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_retry_special(b);
retry_reason = BIO_RR_CONNECT;
break;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
case SSL_ERROR_ZERO_RETURN:
default:
break;
}
BIO_set_retry_reason(b, retry_reason);
return ret;
}示例15: ERR_clear_error
int sslsocket::sendsome(const void* buff, int len)
{
ERR_clear_error();
// the SSL_read operation may fail because SSL handshake
// is being done transparently and that requires IO on the socket
// which cannot be completed at the time. This is indicated by
// SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE. When this happens
// we need to wait utill the condition can be satisfied on the
// underlying socket object (can read/write) and then restart
// the SSL operation with the *same* parameters.
int sent = 0;
do
{
const int ret = SSL_write(ssl_, buff, len);
switch (SSL_get_error(ssl_, ret))
{
case SSL_ERROR_NONE:
sent += ret;
break;
case SSL_ERROR_WANT_READ:
ssl_wait_read();
break;
case SSL_ERROR_WANT_WRITE:
ssl_wait_write();
break;
// some I/O error occurred. The OpenSSL error queue may contain
// more information. If the error queue is empty (i.e. ERR_get_error returns 0)
// ret can be used to find more about the error. if ret == 0 an EOF was observed
// that violates the protocol. if err == -1 the underlying BIO reported an I/O
// error.
case SSL_ERROR_SYSCALL:
{
const auto ssl_err = ERR_get_error();
if (ssl_err == 0)
{
if (ret == 0)
throw std::runtime_error("socket was closed unexpectedly");
const auto sock_err = get_last_socket_error();
if (sock_err != std::errc::operation_would_block)
throw std::system_error(sock_err, "socket send");
}
else
{
throw std::runtime_error(get_ssl_error(ssl_err));
}
}
break;
default:
throw std::runtime_error("SSL_write");
}
}
while (!sent);
// on windows writeability is edge triggered,
// i.e. the event is signaled once when the socket is writeable and a call
// to send clears the signal. the signal remains cleared
// untill send fails with WSAEWOULDBLOCK which will schedule
// the event for signaling once the socket can write more.
#if defined(WINDOWS_OS)
// set the signal manually since the socket can write more,
// so that we have the same semantics with linux.
SetEvent(handle_);
#endif
return sent;
}