本文整理汇总了C++中SSL_get_options函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_get_options函数的具体用法?C++ SSL_get_options怎么用?C++ SSL_get_options使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_get_options函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: dtls1_query_mtu
int dtls1_query_mtu(SSL *s)
{
if (s->d1->link_mtu) {
s->d1->mtu =
s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
s->d1->link_mtu = 0;
}
/* AHA! Figure out the MTU, and stick to the right size */
if (s->d1->mtu < dtls1_min_mtu(s)) {
if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
s->d1->mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
/*
* I've seen the kernel return bogus numbers when it doesn't know
* (initial write), so just make sure we have a reasonable number
*/
if (s->d1->mtu < dtls1_min_mtu(s)) {
/* Set to min mtu */
s->d1->mtu = dtls1_min_mtu(s);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
(long)s->d1->mtu, NULL);
}
} else
return 0;
}
return 1;
}示例2: tls_construct_stoc_cryptopro_bug
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx, int *al)
{
const unsigned char cryptopro_ext[36] = {
0xfd, 0xe8, /* 65000 */
0x00, 0x20, /* 32 bytes length */
0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
};
if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80
&& (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81)
|| (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
return EXT_RETURN_NOT_SENT;
if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
return EXT_RETURN_SENT;
}示例3: dtls1_clear
void dtls1_clear(SSL *s)
{
pqueue unprocessed_rcds;
pqueue processed_rcds;
pqueue buffered_messages;
pqueue sent_messages;
pqueue buffered_app_data;
unsigned int mtu;
if (s->d1) {
unprocessed_rcds = s->d1->unprocessed_rcds.q;
processed_rcds = s->d1->processed_rcds.q;
buffered_messages = s->d1->buffered_messages;
sent_messages = s->d1->sent_messages;
buffered_app_data = s->d1->buffered_app_data.q;
mtu = s->d1->mtu;
dtls1_clear_queues(s);
pq_64bit_free(&(s->d1->bitmap.map));
pq_64bit_free(&(s->d1->bitmap.max_seq_num));
pq_64bit_free(&(s->d1->next_bitmap.map));
pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
memset(s->d1, 0, sizeof(*(s->d1)));
if (s->server) {
s->d1->cookie_len = sizeof(s->d1->cookie);
}
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
s->d1->mtu = mtu;
}
s->d1->unprocessed_rcds.q = unprocessed_rcds;
s->d1->processed_rcds.q = processed_rcds;
s->d1->buffered_messages = buffered_messages;
s->d1->sent_messages = sent_messages;
s->d1->buffered_app_data.q = buffered_app_data;
#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
s->d1->bitmap.length = 64;
#else
s->d1->bitmap.length = sizeof(s->d1->bitmap.map) * 8;
#endif
pq_64bit_init(&(s->d1->bitmap.map));
pq_64bit_init(&(s->d1->bitmap.max_seq_num));
s->d1->next_bitmap.length = s->d1->bitmap.length;
pq_64bit_init(&(s->d1->next_bitmap.map));
pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
}
ssl3_clear(s);
if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->version = DTLS1_BAD_VER;
else
s->version = DTLS1_VERSION;
}示例4: s2n
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
{
int extdatalen=0;
unsigned char *ret = p;
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
{
if (limit - ret - 4 < 0) return NULL;
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
}
if (s->tlsext_ticket_expected
&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))
{
if (limit - ret - 4 < 0) return NULL;
s2n(TLSEXT_TYPE_session_ticket,ret);
s2n(0,ret);
}
if ((extdatalen = ret-p-2)== 0)
return p;
s2n(extdatalen,p);
return ret;
}示例5: HsOpenSSL_SSL_clear_options
/* OpenSSL < 0.9.8m does not have SSL_clear_options() */
long HsOpenSSL_SSL_clear_options(SSL* ssl, long options) {
#if defined(SSL_clear_options)
return SSL_clear_options(ssl, options);
#else
long tmp = SSL_get_options(ssl);
return SSL_set_options(ssl, tmp & ~options);
#endif
}示例6: checksslv2
static int checksslv2(int test, int sslv2)
{
int options;
if (test == TEST_SSL_CTX) {
options = SSL_CTX_get_options(ctx);
} else {
options = SSL_get_options(ssl);
}
return ((options & SSL_OP_NO_SSLv2) == 0) ^ (sslv2 == SSLV2OFF);
}示例7: tls1_process_ticket
int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
const unsigned char *limit, SSL_SESSION **ret)
{
/* Point after session ID in client hello */
const unsigned char *p = session_id + len;
unsigned short i;
/* If tickets disabled behave as if no ticket present
* to permit stateful resumption.
*/
if (SSL_get_options(s) & SSL_OP_NO_TICKET)
return 1;
if ((s->version <= SSL3_VERSION) || !limit)
return 1;
if (p >= limit)
return -1;
/* Skip past cipher list */
n2s(p, i);
p+= i;
if (p >= limit)
return -1;
/* Skip past compression algorithm list */
i = *(p++);
p += i;
if (p > limit)
return -1;
/* Now at start of extensions */
if ((p + 2) >= limit)
return 1;
n2s(p, i);
while ((p + 4) <= limit)
{
unsigned short type, size;
n2s(p, type);
n2s(p, size);
if (p + size > limit)
return 1;
if (type == TLSEXT_TYPE_session_ticket)
{
/* If zero length note client will accept a ticket
* and indicate cache miss to trigger full handshake
*/
if (size == 0)
{
s->tlsext_ticket_expected = 1;
return 0; /* Cache miss */
}
return tls_decrypt_ticket(s, p, size, session_id, len,
ret);
}
p += size;
}
return 1;
}示例8: dtls1_clear
void dtls1_clear (SSL * s)
{
pqueue unprocessed_rcds;
pqueue processed_rcds;
pqueue buffered_messages;
pqueue sent_messages;
pqueue buffered_app_data;
unsigned int mtu;
unsigned int link_mtu;
if (s->d1)
{
unprocessed_rcds = s->d1->unprocessed_rcds.q;
processed_rcds = s->d1->processed_rcds.q;
buffered_messages = s->d1->buffered_messages;
sent_messages = s->d1->sent_messages;
buffered_app_data = s->d1->buffered_app_data.q;
mtu = s->d1->mtu;
link_mtu = s->d1->link_mtu;
dtls1_clear_queues (s);
memset (s->d1, 0, sizeof (*(s->d1)));
if (s->server)
{
s->d1->cookie_len = sizeof (s->d1->cookie);
}
if (SSL_get_options (s) & SSL_OP_NO_QUERY_MTU)
{
s->d1->mtu = mtu;
s->d1->link_mtu = link_mtu;
}
s->d1->unprocessed_rcds.q = unprocessed_rcds;
s->d1->processed_rcds.q = processed_rcds;
s->d1->buffered_messages = buffered_messages;
s->d1->sent_messages = sent_messages;
s->d1->buffered_app_data.q = buffered_app_data;
}
ssl3_clear (s);
if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->version = DTLS1_BAD_VER;
else
s->version = DTLS1_VERSION;
}示例9: dtls1_clear
void
dtls1_clear(SSL *s)
{
struct dtls1_state_internal_st *internal;
pqueue unprocessed_rcds;
pqueue processed_rcds;
pqueue buffered_messages;
pqueue sent_messages;
pqueue buffered_app_data;
unsigned int mtu;
if (s->d1) {
unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
processed_rcds = D1I(s)->processed_rcds.q;
buffered_messages = D1I(s)->buffered_messages;
sent_messages = s->d1->sent_messages;
buffered_app_data = D1I(s)->buffered_app_data.q;
mtu = D1I(s)->mtu;
dtls1_clear_queues(s);
memset(s->d1->internal, 0, sizeof(*s->d1->internal));
internal = s->d1->internal;
memset(s->d1, 0, sizeof(*s->d1));
s->d1->internal = internal;
if (s->server) {
D1I(s)->cookie_len = sizeof(D1I(s)->cookie);
}
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
D1I(s)->mtu = mtu;
}
D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
D1I(s)->processed_rcds.q = processed_rcds;
D1I(s)->buffered_messages = buffered_messages;
s->d1->sent_messages = sent_messages;
D1I(s)->buffered_app_data.q = buffered_app_data;
}
ssl3_clear(s);
s->version = DTLS1_VERSION;
}示例10: ssl_get_prev_session
enum ssl_session_result_t ssl_get_prev_session(
SSL *ssl, SSL_SESSION **out_session, int *out_tickets_supported,
int *out_renew_ticket, const SSL_CLIENT_HELLO *client_hello) {
/* This is used only by servers. */
assert(ssl->server);
SSL_SESSION *session = NULL;
int renew_ticket = 0;
/* If tickets are disabled, always behave as if no tickets are present. */
const uint8_t *ticket = NULL;
size_t ticket_len = 0;
const int tickets_supported =
!(SSL_get_options(ssl) & SSL_OP_NO_TICKET) &&
ssl->version > SSL3_VERSION &&
SSL_early_callback_ctx_extension_get(
client_hello, TLSEXT_TYPE_session_ticket, &ticket, &ticket_len);
if (tickets_supported && ticket_len > 0) {
switch (ssl_process_ticket(ssl, &session, &renew_ticket, ticket, ticket_len,
client_hello->session_id,
client_hello->session_id_len)) {
case ssl_ticket_aead_success:
break;
case ssl_ticket_aead_ignore_ticket:
assert(session == NULL);
break;
case ssl_ticket_aead_error:
return ssl_session_error;
case ssl_ticket_aead_retry:
return ssl_session_ticket_retry;
}
} else {
/* The client didn't send a ticket, so the session ID is a real ID. */
enum ssl_session_result_t lookup_ret = ssl_lookup_session(
ssl, &session, client_hello->session_id, client_hello->session_id_len);
if (lookup_ret != ssl_session_success) {
return lookup_ret;
}
}
*out_session = session;
*out_tickets_supported = tickets_supported;
*out_renew_ticket = renew_ticket;
return ssl_session_success;
}示例11: dtls1_check_timeout_num
int dtls1_check_timeout_num(SSL *ssl) {
ssl->d1->num_timeouts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
if (ssl->d1->num_timeouts > DTLS1_MTU_TIMEOUTS &&
!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
long mtu = BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
if (mtu >= 0 && mtu <= (1 << 30) && (unsigned)mtu >= dtls1_min_mtu()) {
ssl->d1->mtu = (unsigned)mtu;
}
}
if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) {
/* fail the connection, enough alerts have been sent */
OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
}
return 0;
}示例12: dtls1_clear
void dtls1_clear(SSL *s)
{
pqueue buffered_messages;
pqueue sent_messages;
unsigned int mtu;
unsigned int link_mtu;
DTLS_RECORD_LAYER_clear(&s->rlayer);
if (s->d1) {
buffered_messages = s->d1->buffered_messages;
sent_messages = s->d1->sent_messages;
mtu = s->d1->mtu;
link_mtu = s->d1->link_mtu;
dtls1_clear_queues(s);
memset(s->d1, 0, sizeof(*s->d1));
if (s->server) {
s->d1->cookie_len = sizeof(s->d1->cookie);
}
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
s->d1->mtu = mtu;
s->d1->link_mtu = link_mtu;
}
s->d1->buffered_messages = buffered_messages;
s->d1->sent_messages = sent_messages;
}
ssl3_clear(s);
if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->client_version = s->version = DTLS1_BAD_VER;
else if (s->method->version == DTLS_ANY_VERSION)
s->version = DTLS1_2_VERSION;
else
s->version = s->method->version;
}示例13: dtls1_check_timeout_num
int dtls1_check_timeout_num(SSL *s)
{
unsigned int mtu;
s->d1->timeout.num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
if (s->d1->timeout.num_alerts > 2
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
if (mtu < s->d1->mtu)
s->d1->mtu = mtu;
}
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
/* fail the connection, enough alerts have been sent */
SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
}
return 0;
}示例14: handle_connect_result
//.........这里部分代码省略.........
}
} else {
fatal("Unknown status (%d)", status);
}
/* At this point the TCP connection is done, whether successful or not.
* Therefore decrease the read/write listen counts that were incremented in
* nsock_pool_add_event. In the SSL case, we may increase one of the counts depending
* on whether SSL_connect returns an error of SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. In that case we will re-enter this function, but we
* don't want to execute this block again. */
if (iod->sd != -1 && !sslconnect_inprogress) {
int ev = EV_NONE;
ev |= socket_count_read_dec(iod);
ev |= socket_count_write_dec(iod);
ev |= EV_EXCEPT;
update_events(iod, ms, EV_NONE, ev);
}
#if HAVE_OPENSSL
if (nse->type == NSE_TYPE_CONNECT_SSL && !nse->event_done) {
/* Lets now start/continue/finish the connect! */
if (iod->ssl_session) {
rc = SSL_set_session(iod->ssl, iod->ssl_session);
if (rc == 0)
nsock_log_error("Uh-oh: SSL_set_session() failed - please tell [email protected]");
iod->ssl_session = NULL; /* No need for this any more */
}
/* If this is a reinvocation of handle_connect_result, clear out the listen
* bits that caused it, based on the previous SSL desire. */
if (sslconnect_inprogress) {
int ev;
ev = socket_count_dec_ssl_desire(nse);
update_events(iod, ms, EV_NONE, ev);
}
rc = SSL_connect(iod->ssl);
if (rc == 1) {
/* Woop! Connect is done! */
nse->event_done = 1;
/* Check that certificate verification was okay, if requested. */
if (nsi_ssl_post_connect_verify(iod)) {
nse->status = NSE_STATUS_SUCCESS;
} else {
nsock_log_error("certificate verification error for EID %li: %s",
nse->id, ERR_error_string(ERR_get_error(), NULL));
nse->status = NSE_STATUS_ERROR;
}
} else {
long options = SSL_get_options(iod->ssl);
sslerr = SSL_get_error(iod->ssl, rc);
if (rc == -1 && sslerr == SSL_ERROR_WANT_READ) {
nse->sslinfo.ssl_desire = sslerr;
socket_count_read_inc(iod);
update_events(iod, ms, EV_READ, EV_NONE);
} else if (rc == -1 && sslerr == SSL_ERROR_WANT_WRITE) {
nse->sslinfo.ssl_desire = sslerr;
socket_count_write_inc(iod);
update_events(iod, ms, EV_WRITE, EV_NONE);
} else if (!(options & SSL_OP_NO_SSLv2)) {
int saved_ev;
/* SSLv3-only and TLSv1-only servers can't be connected to when the
* SSL_OP_NO_SSLv2 option is not set, which is the case when the pool
* was initialized with nsock_pool_ssl_init_max_speed. Try reconnecting
* with SSL_OP_NO_SSLv2. Never downgrade a NO_SSLv2 connection to one
* that might use SSLv2. */
nsock_log_info("EID %li reconnecting with SSL_OP_NO_SSLv2", nse->id);
saved_ev = iod->watched_events;
nsock_engine_iod_unregister(ms, iod);
close(iod->sd);
nsock_connect_internal(ms, nse, SOCK_STREAM, iod->lastproto, &iod->peer,
iod->peerlen, nsock_iod_get_peerport(iod));
nsock_engine_iod_register(ms, iod, saved_ev);
SSL_clear(iod->ssl);
if(!SSL_clear(iod->ssl))
fatal("SSL_clear failed: %s", ERR_error_string(ERR_get_error(), NULL));
SSL_set_options(iod->ssl, options | SSL_OP_NO_SSLv2);
socket_count_read_inc(nse->iod);
socket_count_write_inc(nse->iod);
update_events(iod, ms, EV_READ|EV_WRITE, EV_NONE);
nse->sslinfo.ssl_desire = SSL_ERROR_WANT_CONNECT;
} else {
nsock_log_info("EID %li %s",
nse->id, ERR_error_string(ERR_get_error(), NULL));
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = EIO;
}
}
}
#endif
}示例15: dtls1_accept
//.........这里部分代码省略.........
case SSL3_ST_SW_HELLO_REQ_A:
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown = 0;
dtls1_clear_record_buffer(s);
dtls1_start_timer(s);
ret = dtls1_send_hello_request(s);
if (ret <= 0)
goto end;
s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
s->state = SSL3_ST_SW_FLUSH;
s->init_num = 0;
if (!ssl3_init_finished_mac(s)) {
ret = -1;
goto end;
}
break;
case SSL3_ST_SW_HELLO_REQ_C:
s->state = SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
s->shutdown = 0;
ret = ssl3_get_client_hello(s);
if (ret <= 0)
goto end;
dtls1_stop_timer(s);
if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
else
s->state = SSL3_ST_SW_SRVR_HELLO_A;
s->init_num = 0;
/* Reflect ClientHello sequence to remain stateless while listening */
if (listen) {
memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
}
/* If we're just listening, stop here */
if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
s->d1->listen = 0;
/* Set expected sequence numbers
* to continue the handshake.
*/
s->d1->handshake_read_seq = 2;
s->d1->handshake_write_seq = 1;
s->d1->next_handshake_write_seq = 1;
goto end;
}
break;
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
ret = dtls1_send_hello_verify_request(s);
if (ret <= 0)
goto end;