本文整理汇总了C++中SSL_get_verify_result函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_get_verify_result函数的具体用法?C++ SSL_get_verify_result怎么用?C++ SSL_get_verify_result使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_get_verify_result函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl_validate_peer_cert_phase1
int ssl_validate_peer_cert_phase1(struct client_t *c)
{
X509 *cert;
int rc = SSL_get_verify_result(c->ssl_con->connection);
if (rc != X509_V_OK) {
/* client gave a certificate, but it's not valid */
hlog(LOG_DEBUG, "%s/%s: Peer SSL certificate verification error %d: %s",
c->addr_rem, c->username, rc, X509_verify_cert_error_string(rc));
c->ssl_con->ssl_err_code = rc;
return SSL_VALIDATE_CLIENT_CERT_UNVERIFIED;
}
cert = SSL_get_peer_certificate(c->ssl_con->connection);
if (cert == NULL) {
/* client did not give a certificate */
return SSL_VALIDATE_NO_CLIENT_CERT;
}
X509_free(cert);
return 0;
}示例2: check_cert
int check_cert(SSL *ssl, char *host)
{
X509 *peer;
char peer_CN[256];
int verifyResult = SSL_get_verify_result(ssl);
if (verifyResult != X509_V_OK)
{
fprintf(stderr,"Certificate doesn't verify, result=%d\n", verifyResult);
return FALSE;
}
/*Check the cert chain. The chain length
is automatically checked by OpenSSL when
we set the verify depth in the ctx */
/*Check the common name*/
peer=SSL_get_peer_certificate(ssl);
X509_NAME_get_text_by_NID( X509_get_subject_name(peer),
NID_commonName, peer_CN, 256);
if (strcasecmp(peer_CN,host))
{
fprintf(stderr,"Common name %s doesn't match host name %s\n",peer_CN,host);
return FALSE;
}
return TRUE;
}示例3: CheckCertification
void SslClient:: CheckCertification(const char *host_)
{
X509 *peer;
char peer_CN[256];
int retval;
// 校验对方证书
if( (retval = SSL_get_verify_result(ssl_m)) != X509_V_OK)
{
char err_msg[128];
sprintf(err_msg,"Certificate doesn't verify. Code: %d", retval);
Throw(err_msg, MException::ME_INVARG);
}
// 校验域名与证书中的common name是否相同
peer = SSL_get_peer_certificate(ssl_m);
X509_NAME_get_text_by_NID( X509_get_subject_name(peer), NID_commonName, peer_CN, 256);
#ifdef SslClient_DEBUG
printf("peer: %s\n", peer_CN);
printf("host: %s\n", host_);
#endif
// 默认为校验Common Name字段
if(check_cname_m == true)
{
if(strcasecmp(peer_CN, host_))
{
Throw("Common name doesn't match hostname", MException::ME_INVARG);
}
}
}示例4: describeCertificates
void describeCertificates(SSL* ssl, bool isServer)
{
// Resumed sessions don't necessarily have chains (not included in session ticket)
X509 *cert = SSL_get_peer_certificate(ssl);
if (cert == NULL) {
fprintf(stderr,"No peer certificates.\n");
} else {
fprintf(stderr,"Peer certificates:\n");
describeCertificate(0, cert);
X509_free(cert);
STACK_OF(X509) *certs = SSL_get_peer_cert_chain(ssl); // We don't have to free this apparently
// Cached sessions may not have a chain
if (certs != NULL) {
// On server, chain doesn't include client certificate
if (isServer) {
for (int i = 0; i < sk_X509_num(certs); i++) {
describeCertificate(i+1, sk_X509_value(certs,i));
}
} else {
for (int i = 1; i < sk_X509_num(certs); i++) {
describeCertificate(i, sk_X509_value(certs,i));
}
}
}
long verify_result = SSL_get_verify_result(ssl);
if (verify_result == X509_V_OK) {
fprintf(stderr,"Certificate OK\n");
} else {
// See 'man verify(1SSL)' for meanings of the codes
fprintf(stderr,"Verification error %ld\n", verify_result);
ERR_print_errors_fp(stderr);
}
}
}示例5: tls_start
int tls_start(tls_t *tls)
{
int error;
int ret;
long x509_res;
/* Since we're non-blocking, loop the connect call until it
succeeds or fails */
while (1) {
ret = SSL_connect(tls->ssl);
error = ret <= 0 ? SSL_get_error(tls->ssl, ret) : 0;
if (ret == -1 && tls_is_recoverable(error)) {
/* wait for something to happen on the sock before looping back */
_tls_sock_wait(tls, error);
continue;
}
/* success or fatal error */
break;
}
x509_res = SSL_get_verify_result(tls->ssl);
xmpp_debug(tls->ctx, "tls", "Certificate verification %s",
x509_res == X509_V_OK ? "passed" : "FAILED");
_tls_set_error(tls, error);
return ret <= 0 ? 0 : 1;
}示例6: ShowCerts
int ShowCerts(SSL* ssl)
{ X509 *cert;
char *line;
int value;
cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
if ( cert != NULL )
{
printf("Server certificates:\n");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("Subject: %s\n", line);
free(line); /* free the malloc'ed string */
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("Issuer: %s\n", line);
if(SSL_get_verify_result(ssl) == X509_V_OK) {
printf("client verification with SSL_get_verify_result() succeeded.\n");
value = 1;
} else{
printf("client verification with SSL_get_verify_result() fail.\n");
value = 0;
}
free(line); /* free the malloc'ed string */
X509_free(cert); /* free the malloc'ed certificate copy */
return value;
}
else
printf("No certificates.\n");
return 0;
}示例7: verify_signature
uint32_t
verify_signature (SSL *ssl, const char *hostname)
{
long ssl_verify_result;
X509 *certificate;
certificate = SSL_get_peer_certificate(ssl);
if (NULL == certificate)
{
die ("Getting certificate failed\n");
}
// In theory, we verify that the cert is valid
ssl_verify_result = SSL_get_verify_result(ssl);
switch (ssl_verify_result)
{
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
die ("certificate is self signed\n");
case X509_V_OK:
verb ("V: certificate verification passed\n");
break;
default:
die ("certification verification error: %ld\n",
ssl_verify_result);
}
return 0;
}示例8: meth_getpeerverification
/**
* Return the verification state of the peer chain.
*/
static int meth_getpeerverification(lua_State *L)
{
long err;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushboolean(L, 0);
lua_pushstring(L, "closed");
return 2;
}
err = SSL_get_verify_result(ssl->ssl);
if (err == X509_V_OK) {
lua_pushboolean(L, 1);
return 1;
}
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_gettable(L, -2);
if (lua_isnil(L, -1))
lua_pushstring(L, X509_verify_cert_error_string(err));
else {
/* Copy the table of errors to avoid modifications */
lua_newtable(L);
copy_error_table(L, lua_gettop(L)-1, lua_gettop(L));
}
lua_pushboolean(L, 0);
lua_pushvalue(L, -2);
return 2;
}示例9: tls_check_cert
static inline int tls_check_cert(shout_tls_t *tls)
{
X509 *cert = SSL_get_peer_certificate(tls->ssl);
int cert_ok = 0;
if (!cert)
return SHOUTERR_TLSBADCERT;
do {
if (SSL_get_verify_result(tls->ssl) != X509_V_OK)
break;
#ifdef XXX_HAVE_X509_check_host
if (X509_check_host(cert, tls->host, 0, 0, NULL) != 1)
break;
#else
if (tls_check_host(cert, tls->host) != SHOUTERR_SUCCESS)
break;
#endif
/* ok, all test passed... */
cert_ok = 1;
} while (0);
X509_free(cert);
return cert_ok ? SHOUTERR_SUCCESS : SHOUTERR_TLSBADCERT;
}示例10: lws_tls_peer_cert_info
int
lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type,
union lws_tls_cert_info_results *buf, size_t len)
{
int rc = 0;
X509 *x509;
wsi = lws_get_network_wsi(wsi);
x509 = SSL_get_peer_certificate(wsi->tls.ssl);
if (!x509) {
lwsl_debug("no peer cert\n");
return -1;
}
switch (type) {
case LWS_TLS_CERT_INFO_VERIFIED:
buf->verified = SSL_get_verify_result(wsi->tls.ssl) ==
X509_V_OK;
break;
default:
rc = lws_tls_openssl_cert_info(x509, type, buf, len);
}
X509_free(x509);
return rc;
}示例11: ssl_connected
/** Called after the SSL connection and initial handshaking is complete. */
void
ssl_connected(struct conn *c)
{
X509 *peer;
SSL *ssl;
#if SSL_DEBUG_LEVEL > 0
errputs(stdout,
"SSL connection attempt completed. Resolving remote host name.");
errprintf(stdout, "ssl_slave: ssl error code: %ld\n",
bufferevent_get_openssl_error(c->remote_bev));
#endif
bufferevent_set_timeouts(c->remote_bev, NULL, NULL);
ssl = bufferevent_openssl_get_ssl(c->remote_bev);
/* Successful accept. Log peer certificate, if any. */
if ((peer = SSL_get_peer_certificate(ssl))) {
if (SSL_get_verify_result(ssl) == X509_V_OK) {
char buf[256];
/* The client sent a certificate which verified OK */
X509_NAME_oneline(X509_get_subject_name(peer), buf, 256);
errprintf(stdout, "SSL client certificate accepted: %s\n", buf);
}
}
c->state = C_HOSTNAME_LOOKUP;
c->resolver_req =
evdns_getnameinfo(resolver, &c->remote_addr.addr, 0, address_resolved, c);
}示例12: raise_error
void raise_error(SSL* ssl, int result) {
char buf[512];
char msg[512];
const char* err_str;
int err = errno;
int ssl_err = SSL_get_error(ssl, result);
int verify_err = SSL_get_verify_result(ssl);
if(SSL_ERROR_SYSCALL == ssl_err) {
snprintf(msg, sizeof(msg), "System error: %s - %d", strerror(err), err);
} else if(SSL_ERROR_SSL == ssl_err) {
if(X509_V_OK != verify_err) {
err_str = X509_verify_cert_error_string(verify_err);
snprintf(msg, sizeof(msg),
"OpenSSL certificate verification error: %s - %d",
err_str, verify_err);
} else {
err = ERR_get_error();
ERR_error_string_n(err, buf, sizeof(buf));
snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
}
} else {
snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
}
ERR_clear_error();
rb_raise(eError, "%s", msg);
}示例13: rb_get_ssl_certfp
int
rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN])
{
X509 *cert;
int res;
if (F->ssl == NULL)
return 0;
cert = SSL_get_peer_certificate((SSL *) F->ssl);
if(cert != NULL)
{
res = SSL_get_verify_result((SSL *) F->ssl);
if(
res == X509_V_OK ||
res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
{
unsigned int certfp_length = RB_SSL_CERTFP_LEN;
X509_digest(cert, EVP_sha1(), certfp, &certfp_length);
X509_free(cert);
return 1;
}
X509_free(cert);
}
return 0;
}示例14: BIO_get_ssl
void *handle_connection(void *arg)
{
char buf[1024];
BIO *bio = (BIO *)arg;
X509 *peer;
SSL *ssl;
BIO_get_ssl(bio, &ssl);
if (BIO_do_handshake(bio) <= 0) {
printf("Failed handshake.\n");
ERR_print_errors_fp(stdout);
return (void *)-1;
}
if ((peer = SSL_get_peer_certificate(ssl))) {
if (SSL_get_verify_result(ssl) == X509_V_OK) {
/* The client sent a certificate which verified OK */
printf("The client sent a certificate which verified OK\n");
} else {
printf("The client sent a certificate which verified failed\n");
}
} else {
fprintf(stderr, "cannot get peer certificate\n");
}
BIO_read(bio, buf, 1024);
printf("Received: %s\n", buf);
BIO_puts(bio, "Connection: Sending out Data on initial connection\n");
printf("Sent out data on connection\n");
BIO_free_all(bio);
return (void *)0;
}示例15: ShowCerts
void ShowCerts(SSL* ssl)
{ X509 *cert;
char *line;
cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
if ( cert != NULL )
{
printf("Client certificates:\n");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
printf("Subject: %s\n", line);
free(line);
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("Issuer: %s\n", line);
if(SSL_get_verify_result(ssl) == X509_V_OK) {
printf("client verification with SSL_get_verify_result() succeeded.\n");
} else{
printf("client verification with SSL_get_verify_result() fail.\n");
}
free(line);
X509_free(cert);
}
else
printf("No certificates.\n");
}