当前位置: 首页>>代码示例>>C++>>正文

C++ SSL_load_client_CA_file函数代码示例

本文整理汇总了C++中SSL_load_client_CA_file函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_load_client_CA_file函数的具体用法?C++ SSL_load_client_CA_file怎么用?C++ SSL_load_client_CA_file使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了SSL_load_client_CA_file函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: verify_init

/**
 * Init verification of transmitted client certs
 */
static int verify_init(ssl_server_connection *ssl_server) {
  struct stat stat_buf;

  if (!ssl_server->clientpemfile) {
    SSL_CTX_set_verify(ssl_server->ctx, SSL_VERIFY_NONE, NULL);
    return TRUE;
  }

  if (stat(ssl_server->clientpemfile, &stat_buf) == -1) {
    LogError("%s: Cannot stat the SSL pem path '%s' -- %s\n", prog, Run.httpsslclientpem, STRERROR);
    return FALSE;
  }
  
  if (S_ISDIR(stat_buf.st_mode)) {

    if (!SSL_CTX_load_verify_locations(ssl_server->ctx, NULL , ssl_server->clientpemfile)) {
      LogError("%s: Error setting verify directory to %s -- %s\n", prog, Run.httpsslclientpem, SSLERROR);
      return FALSE;
    }

    LogInfo("%s: Loaded SSL client pem directory '%s'\n", prog, ssl_server->clientpemfile);

    /* Monit's server cert for cli support */

    if (!SSL_CTX_load_verify_locations(ssl_server->ctx, ssl_server->pemfile, NULL)) {
      LogError("%s: Error loading verify certificates from %s -- %s\n", prog, ssl_server->pemfile, SSLERROR);
      return FALSE;
    }

    LogInfo("%s: Loaded monit's SSL pem server file '%s'\n", prog, ssl_server->pemfile);

  } else if (S_ISREG(stat_buf.st_mode)) {

    if (!SSL_CTX_load_verify_locations(ssl_server->ctx, ssl_server->clientpemfile, NULL)) {
      LogError("%s: Error loading verify certificates from %s -- %s\n", prog, Run.httpsslclientpem, SSLERROR);
      return FALSE;
    }

    LogInfo("%s: Loaded SSL pem client file '%s'\n", prog, ssl_server->clientpemfile);

    /* Monits server cert for cli support ! */

    if (!SSL_CTX_load_verify_locations(ssl_server->ctx, ssl_server->pemfile, NULL)) {
      LogError("%s: Error loading verify certificates from %s -- %s\n", prog, ssl_server->pemfile, SSLERROR);
      return FALSE;
    }

    LogInfo("%s: Loaded monit's SSL pem server file '%s'\n", prog, ssl_server->pemfile);

    SSL_CTX_set_client_CA_list(ssl_server->ctx, SSL_load_client_CA_file(ssl_server->clientpemfile));

  } else {
    LogError("%s: SSL client pem path is no file or directory %s\n", prog, ssl_server->clientpemfile);
    return FALSE;
  }

  SSL_CTX_set_verify(ssl_server->ctx, SSL_VERIFY_PEER, verify_callback);

  return TRUE;
}
开发者ID:bruce2008github,项目名称:monit,代码行数:63,代码来源:ssl.c

示例2: STACK_OF

static STACK_OF(X509_NAME) *
tlso_ca_list( char * bundle, char * dir )
{
	STACK_OF(X509_NAME) *ca_list = NULL;

	if ( bundle ) {
		ca_list = SSL_load_client_CA_file( bundle );
	}
#if defined(HAVE_DIRENT_H) || defined(dirent)
	if ( dir ) {
		int freeit = 0;

		if ( !ca_list ) {
			ca_list = sk_X509_NAME_new_null();
			freeit = 1;
		}
		if ( !SSL_add_dir_cert_subjects_to_stack( ca_list, dir ) &&
			freeit ) {
			sk_X509_NAME_free( ca_list );
			ca_list = NULL;
		}
	}
#endif
	return ca_list;
}
开发者ID:cptaffe,项目名称:openldap,代码行数:25,代码来源:tls_o.c

示例3: load_ca_list

/**
 * @brief Load CA list from file
 * @param d domain
 * @return 0 if not configured or on success, -1 on error
 */
static int load_ca_list(tls_domain_t* d)
{
	int i;
	int procs_no;

	if (!d->ca_file.s || !d->ca_file.len) {
		DBG("%s: No CA list configured\n", tls_domain_str(d));
		return 0;
	}
	if (fix_shm_pathname(&d->ca_file) < 0)
		return -1;
	procs_no=get_max_procs();
	for(i = 0; i < procs_no; i++) {
		if (SSL_CTX_load_verify_locations(d->ctx[i], d->ca_file.s, 0) != 1) {
			ERR("%s: Unable to load CA list '%s'\n", tls_domain_str(d),
					d->ca_file.s);
			TLS_ERR("load_ca_list:");
			return -1;
		}
		SSL_CTX_set_client_CA_list(d->ctx[i],
				SSL_load_client_CA_file(d->ca_file.s));
		if (SSL_CTX_get_client_CA_list(d->ctx[i]) == 0) {
			ERR("%s: Error while setting client CA list\n", tls_domain_str(d));
			TLS_ERR("load_ca_list:");
			return -1;
		}
	}
	return 0;
}
开发者ID:albertollamaso,项目名称:kamailio,代码行数:34,代码来源:tls_domain.c

示例4: swSSL_set_client_certificate

int swSSL_set_client_certificate(SSL_CTX *ctx, char *cert_file, int depth)
{
    STACK_OF(X509_NAME) *list;

    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, swSSL_verify_callback);
    SSL_CTX_set_verify_depth(ctx, depth);

    if (SSL_CTX_load_verify_locations(ctx, cert_file, NULL) == 0)
    {
        swWarn("SSL_CTX_load_verify_locations(\"%s\") failed.", cert_file);
        return SW_ERR;
    }

    ERR_clear_error();
    list = SSL_load_client_CA_file(cert_file);
    if (list == NULL)
    {
        swWarn("SSL_load_client_CA_file(\"%s\") failed.", cert_file);
        return SW_ERR;
    }

    ERR_clear_error();
    SSL_CTX_set_client_CA_list(ctx, list);

    return SW_OK;
}
开发者ID:2yeslater,项目名称:swoole-src,代码行数:26,代码来源:SSL.c

示例5: ssl_ca_certificate

int ssl_ca_certificate(struct ssl_t *ssl, const char *cafile, int depth)
{
	STACK_OF(X509_NAME)  *list;
	
	SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ssl_verify_callback);
	SSL_CTX_set_verify_depth(ssl->ctx, depth);
	
	if (SSL_CTX_load_verify_locations(ssl->ctx, cafile, NULL) == 0) {
		hlog(LOG_ERR, "Failed to load trusted CA list from \"%s\"", cafile);
		ssl_error(LOG_ERR, "SSL_CTX_load_verify_locations");
		return -1;
	}
	
	list = SSL_load_client_CA_file(cafile);
	
	if (list == NULL) {
		hlog(LOG_ERR, "Failed to load client CA file from \"%s\"", cafile);
		ssl_error(LOG_ERR, "SSL_load_client_CA_file");
		return -1;
	}
	
	/*
	 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file()
	 * always leaved an error in the error queue
	 */
	
	ERR_clear_error();
	
	SSL_CTX_set_client_CA_list(ssl->ctx, list);
	
	ssl->validate = 1;
	
	return 0;
}
开发者ID:N0NB,项目名称:aprx,代码行数:34,代码来源:ssl.c

示例6: _hssl_server_context_init

static herror_t
_hssl_server_context_init(void)
{
  log_verbose3("enabled=%i, certificate=%p", enabled, certificate);

  if (!enabled || !certificate)
    return H_OK;

  if (!(context = SSL_CTX_new(SSLv23_method())))
  {
    log_error1("Cannot create SSL context");
    return herror_new("_hssl_server_context_init", HSSL_ERROR_CONTEXT,
                      "Unable to create SSL context");
  }

  if (!(SSL_CTX_use_certificate_file(context, certificate, SSL_FILETYPE_PEM)))
  {
    log_error2("Cannot read certificate file: \"%s\"", certificate);
    SSL_CTX_free(context);
    return herror_new("_hssl_server_context_init", HSSL_ERROR_CERTIFICATE,
                      "Unable to use SSL certificate \"%s\"", certificate);
  }

  SSL_CTX_set_default_passwd_cb(context, _hssl_password_callback);

  if (!(SSL_CTX_use_PrivateKey_file(context, certificate, SSL_FILETYPE_PEM)))
  {
    log_error2("Cannot read key file: \"%s\"", certificate);
    SSL_CTX_free(context);
    return herror_new("_hssl_server_context_init", HSSL_ERROR_PEM,
                      "Unable to use private key");
  }

  if (ca_list != NULL && *ca_list != '\0')
  {
    if (!(SSL_CTX_load_verify_locations(context, ca_list, NULL)))
    {
      SSL_CTX_free(context);
      log_error2("Cannot read CA list: \"%s\"", ca_list);
      return herror_new("_hssl_server_context_init", HSSL_ERROR_CA_LIST,
                        "Unable to read certification authorities \"%s\"");
    }

    SSL_CTX_set_client_CA_list(context, SSL_load_client_CA_file(ca_list));
    log_verbose1("Certification authority contacted");
  }

  SSL_CTX_set_verify(context, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
                     _hssl_cert_verify_callback);
  log_verbose1("Certificate verification callback registered");

  SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);

  SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);

  _hssl_superseed();

  return H_OK;
}
开发者ID:GENI-GEMINI,项目名称:LAMP,代码行数:59,代码来源:nanohttp-ssl.c

示例7: pn_ssl_domain_set_peer_authentication

int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
                                          const pn_ssl_verify_mode_t mode,
                                          const char *trusted_CAs)
{
  if (!domain) return -1;

  switch (mode) {
  case PN_SSL_VERIFY_PEER:
  case PN_SSL_VERIFY_PEER_NAME:

    if (!domain->has_ca_db) {
      pn_transport_logf(NULL, "Error: cannot verify peer without a trusted CA configured.\n"
                 "       Use pn_ssl_domain_set_trusted_ca_db()");
      return -1;
    }

    if (domain->mode == PN_SSL_MODE_SERVER) {
      // openssl requires that server connections supply a list of trusted CAs which is
      // sent to the client
      if (!trusted_CAs) {
        pn_transport_logf(NULL, "Error: a list of trusted CAs must be provided.");
        return -1;
      }
      if (!domain->has_certificate) {
        pn_transport_logf(NULL, "Error: Server cannot verify peer without configuring a certificate.\n"
                   "       Use pn_ssl_domain_set_credentials()");
      }

      if (domain->trusted_CAs) free(domain->trusted_CAs);
      domain->trusted_CAs = pn_strdup( trusted_CAs );
      STACK_OF(X509_NAME) *cert_names;
      cert_names = SSL_load_client_CA_file( domain->trusted_CAs );
      if (cert_names != NULL)
        SSL_CTX_set_client_CA_list(domain->ctx, cert_names);
      else {
        pn_transport_logf(NULL, "Error: Unable to process file of trusted CAs: %s", trusted_CAs);
        return -1;
      }
    }

    SSL_CTX_set_verify( domain->ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        verify_callback);
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
    SSL_CTX_set_verify_depth(domain->ctx, 1);
#endif
    break;

  case PN_SSL_ANONYMOUS_PEER:   // hippie free love mode... :)
    SSL_CTX_set_verify( domain->ctx, SSL_VERIFY_NONE, NULL );
    break;

  default:
    pn_transport_logf(NULL, "Invalid peer authentication mode given." );
    return -1;
  }

  domain->verify_mode = mode;
  return 0;
}
开发者ID:flaper87,项目名称:qpid-proton,代码行数:59,代码来源:openssl.c

示例8: SSL_load_client_CA_file

void SSLContext::loadClientCAList(const char* path) {
  auto clientCAs = SSL_load_client_CA_file(path);
  if (clientCAs == nullptr) {
    LOG(ERROR) << "Unable to load ca file: " << path;
    return;
  }
  SSL_CTX_set_client_CA_list(ctx_, clientCAs);
}
开发者ID:axiak,项目名称:folly,代码行数:8,代码来源:SSLContext.cpp

示例9: SSL_load_client_CA_file

void SecuredServerSession::verifyPeer(const std::string &caFile)
{
    if (!caFile.empty()) {
        auto certs = SSL_load_client_CA_file(caFile.c_str());
        if (!certs)
            throw std::runtime_error(ERR_error_string(ERR_get_error(), nullptr));
        SSL_set_client_CA_list(m_SSL, certs);
    }
    SSL_set_verify(m_SSL, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, &verify_callback);
    SSL_set_verify_depth(m_SSL, 10);
    m_renegotiate = true;
}
开发者ID:bog-dan-ro,项目名称:getodac,代码行数:12,代码来源:secured_server_session.cpp

示例10: MakeSSLContext

/**
 * Initializes an SSL context using the specified certificates.
 *
 * @param pubkey The public key.
 * @param privkey The matching private key.
 * @param cakey CA certificate chain file.
 * @returns An SSL context.
 */
shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey)
{
	InitializeOpenSSL();

	shared_ptr<SSL_CTX> sslContext = shared_ptr<SSL_CTX>(SSL_CTX_new(TLSv1_method()), SSL_CTX_free);

	SSL_CTX_set_mode(sslContext.get(), 0);

	if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_use_certificate_chain_file")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(pubkey));
	}

	if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_use_PrivateKey_file")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(privkey));
	}

	if (!SSL_CTX_check_private_key(sslContext.get())) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_check_private_key")
		    << errinfo_openssl_error(ERR_get_error()));
	}

	if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_load_verify_locations")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(cakey));
	}

	STACK_OF(X509_NAME) *cert_names;

	cert_names = SSL_load_client_CA_file(cakey.CStr());
	if (cert_names == NULL) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_load_client_CA_file")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(cakey));
	}

	SSL_CTX_set_client_CA_list(sslContext.get(), cert_names);

	return sslContext;
}
开发者ID:carroarmato0,项目名称:icinga2,代码行数:57,代码来源:tlsutility.cpp

示例11: ssl_cca

int ssl_cca(SSL_CTX *ctx,const char *certfile)
{
  STACK_OF(X509_NAME) *x;

  if (!certfile) return 1;

  x = SSL_load_client_CA_file(certfile);
  if (!x) return 0;

  SSL_CTX_set_client_CA_list(ctx,x);

  SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,0);

  return 1;
}
开发者ID:Safari77,项目名称:ucspi-ssl-safari,代码行数:15,代码来源:ssl_cca.c

示例12: ocaml_ssl_ctx_set_client_CA_list_from_file

CAMLprim value ocaml_ssl_ctx_set_client_CA_list_from_file(value context, value vfilename)
{
  CAMLparam2(context, vfilename);
  SSL_CTX *ctx = Ctx_val(context);
  char *filename = String_val(vfilename);
  STACK_OF(X509_NAME) *cert_names;

  caml_enter_blocking_section();
  cert_names = SSL_load_client_CA_file(filename);
  if (cert_names != 0)
    SSL_CTX_set_client_CA_list(ctx, cert_names);
  else
  {
    caml_leave_blocking_section();
    caml_raise_constant(*caml_named_value("ssl_exn_certificate_error"));
  }
  caml_leave_blocking_section();

  CAMLreturn(Val_unit);
}
开发者ID:marcolinoas,项目名称:libres3,代码行数:20,代码来源:ssl_stubs.c

示例13: mailstream_ssl_set_client_certicate

int mailstream_ssl_set_client_certicate(struct mailstream_ssl_context * ssl_context,
    char * filename)
{
#ifdef USE_SSL
#ifdef USE_GNUTLS
  /* not implemented */
  return -1;
#else
  SSL_CTX * ctx = (SSL_CTX *)ssl_context->openssl_ssl_ctx;
  STACK_OF(X509_NAME) *cert_names;
  
  cert_names = SSL_load_client_CA_file(filename);
  if (cert_names != NULL) {
    SSL_CTX_set_client_CA_list(ctx, cert_names);
    return 0;
  }
  else {
    return -1;
  }
#endif /* USE_GNUTLS */
#else
  return -1;
#endif /* USE_SSL */
}
开发者ID:SEA2GH,项目名称:libetpan,代码行数:24,代码来源:mailstream_ssl.c

示例14: net_socketSSL_listen

net_socketSSL_t*
net_socketSSL_listen(const char* port, int type,
                     int backlog)
{
	assert(port);
	assert(backlog > 0);

	int socktype;
	if((type >= NET_SOCKETSSL_TCP) &&
	   (type <= NET_SOCKETSSL_TCP_BUFFERED))
	{
		socktype = SOCK_STREAM;
	}
	else
	{
		LOGE("invalid type=%i", type);
		return NULL;
	}

	net_socketSSL_t* self;
	self = (net_socketSSL_t*)
	       malloc(sizeof(net_socketSSL_t));
	if(self == NULL)
	{
		LOGE("malloc failed");
		return NULL;
	}

	// SIGPIPE causes the process to exit for broken streams
	// but we want to receive EPIPE instead
	signal(SIGPIPE, SIG_IGN);

	// init SSL ctx
#if NET_SOCKET_USE_OPENSSL_1_1
	self->ctx = SSL_CTX_new(TLS_server_method());
#else
	// app should call SSL_library_init(); prior to creating any
	// OpenSSL sockets with the old API
	self->ctx = SSL_CTX_new(SSLv23_server_method());
#endif
	if(self->ctx == NULL)
	{
		LOGE("SSL_CTX_new failed");
		goto fail_ctx;
	}
	self->method = NET_SOCKETSSL_METHOD_SERVER;
	self->ssl    = NULL;

	if(SSL_CTX_load_verify_locations(self->ctx,
	                                 "ca_cert.pem", NULL) != 1)
	{
		LOGE("SSL_CTX_load_verify_locations failed");
		goto fail_load_verify;
	}

#if NET_SOCKET_USE_OPENSSL_1_1
	if(SSL_CTX_set_default_verify_file(self->ctx) != 1)
	{
		LOGE("SSL_CTX_set_default_verify_file failed");
		goto fail_set_default_verify_file;
	}
#endif

	STACK_OF(X509_NAME)* cert_names;
	cert_names = SSL_load_client_CA_file("ca_cert.pem");
	if(cert_names == NULL)
	{
		LOGE("SSL_load_client_CA_file failed");
		goto fail_cert_names;
	}
	SSL_CTX_set_client_CA_list(self->ctx, cert_names);

	if(SSL_CTX_use_certificate_file(self->ctx,
	                                "server_cert.pem",
	                                SSL_FILETYPE_PEM) != 1)
	{
		LOGE("SSL_CTX_use_certificate_file failed");
		goto fail_use_cert;
	}

	if(SSL_CTX_use_PrivateKey_file(self->ctx,
	                               "server_key.pem",
	                               SSL_FILETYPE_PEM) != 1)
	{
		LOGE("SSL_CTX_use_PrivateKey_file failed");
		goto fail_use_priv;
	}

	if(SSL_CTX_check_private_key(self->ctx) != 1)
	{
		LOGE("SSL_CTX_check_private_key failed");
		goto fail_check_priv;
	}

	SSL_CTX_set_mode(self->ctx, SSL_MODE_AUTO_RETRY);
	SSL_CTX_set_verify(self->ctx,
	                   SSL_VERIFY_PEER |
	                   SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
	                   NULL);
	SSL_CTX_set_verify_depth(self->ctx, 1);
//.........这里部分代码省略.........
开发者ID:jeffboody,项目名称:net,代码行数:101,代码来源:net_socketSSL.c

示例15: eventer_ssl_ctx_new


//.........这里部分代码省略.........
#endif
    if(ctx->ssl_ctx == NULL)
      ctx->ssl_ctx = SSL_CTX_new(type == SSL_SERVER ?
                                 SSLv23_server_method() : SSLv23_client_method());
    if(!ctx->ssl_ctx) goto bail;

    for(part = strtok_r(opts, ",", &brkt);
        part;
        part = strtok_r(NULL, ",", &brkt)) {
      char *optname = part;
      int neg = 0;
      if(*optname == '!') neg = 1, optname++;

#define SETBITOPT(name, neg, opt) \
  if(!strcasecmp(optname, name)) { \
    if(neg) ctx_options &= ~(opt); \
    else    ctx_options |= (opt); \
  }

      SETBITOPT("all", neg, SSL_OP_ALL)
#ifdef SSL_TXT_SSLV2
      else SETBITOPT(SSL_TXT_SSLV2, !neg, SSL_OP_NO_SSLv2)
#endif
#ifdef SSL_TXT_SSLV3
      else SETBITOPT(SSL_TXT_SSLV3, !neg, SSL_OP_NO_SSLv3)
#endif
#ifdef SSL_TXT_TLSV1
      else SETBITOPT(SSL_TXT_TLSV1, !neg, SSL_OP_NO_TLSv1)
#endif
#ifdef SSL_TXT_TLSV1_1
      else SETBITOPT(SSL_TXT_TLSV1_1, !neg, SSL_OP_NO_TLSv1_1)
#endif
#ifdef SSL_TXT_TLSV1_2
      else SETBITOPT(SSL_TXT_TLSV1_2, !neg, SSL_OP_NO_TLSv1_2)
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
      else SETBITOPT("cipher_server_preference", neg, SSL_OP_CIPHER_SERVER_PREFERENCE)
#endif
      else {
        mtevL(mtev_error, "SSL layer part '%s' not understood.\n", optname);
      }
    }

    if (type == SSL_SERVER)
      SSL_CTX_set_session_id_context(ctx->ssl_ctx,
              (unsigned char *)EVENTER_SSL_DATANAME,
              sizeof(EVENTER_SSL_DATANAME)-1);
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
    ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
    ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
#endif
#ifdef SSL_OP_NO_COMPRESSION
    ctx_options |= SSL_OP_NO_COMPRESSION;
#endif
#ifdef SSL_OP_NO_TICKET
    ctx_options |= SSL_OP_NO_TICKET;
#endif
#ifdef SSL_OP_SINGLE_DH_USE
    ctx_options |= SSL_OP_SINGLE_DH_USE;
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
    ctx_options |= SSL_OP_SINGLE_ECDH_USE;
#endif
    SSL_CTX_set_options(ctx->ssl_ctx, ctx_options);
#ifdef SSL_MODE_RELEASE_BUFFERS
    SSL_CTX_set_mode(ctx->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
    if(certificate &&
       SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, certificate) != 1)
      goto bail;
    if(key &&
       SSL_CTX_use_RSAPrivateKey_file(ctx->ssl_ctx,key,
                                      SSL_FILETYPE_PEM) != 1)
      goto bail;
    if(ca) {
      STACK_OF(X509_NAME) *cert_stack;
      if(!SSL_CTX_load_verify_locations(ctx->ssl_ctx,ca,NULL) ||
         (cert_stack = SSL_load_client_CA_file(ca)) == NULL)
        goto bail;
      SSL_CTX_set_client_CA_list(ctx->ssl_ctx, cert_stack);
    }
    SSL_CTX_set_cipher_list(ctx->ssl_ctx, ciphers ? ciphers : "DEFAULT");
    SSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, verify_cb);
#ifndef OPENSSL_NO_EC
#if defined(SSL_CTX_set_ecdh_auto)
    SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);
#elif defined(NID_X9_62_prime256v1)
    EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
    SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ec_key);
    EC_KEY_free(ec_key);
#endif
#endif
    existing_ctx_cn = ssl_ctx_cache_set(ctx->ssl_ctx_cn);
    if(existing_ctx_cn != ctx->ssl_ctx_cn) {
      ssl_ctx_cache_node_free(ctx->ssl_ctx_cn);
      ctx->ssl_ctx_cn = existing_ctx_cn;
    }
  }
开发者ID:esproul,项目名称:libmtev,代码行数:101,代码来源:eventer_SSL_fd_opset.c


注:本文中的SSL_load_client_CA_file函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。