本文整理汇总了C++中SSL_load_error_strings函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_load_error_strings函数的具体用法?C++ SSL_load_error_strings怎么用?C++ SSL_load_error_strings使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_load_error_strings函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: lws_context_init_client_ssl
int lws_context_init_client_ssl(struct lws_context_creation_info *info,
struct libwebsocket_context *context)
{
int error;
int n;
SSL_METHOD *method;
if (info->provided_client_ssl_ctx) {
/* use the provided OpenSSL context if given one */
context->ssl_client_ctx = info->provided_client_ssl_ctx;
/* nothing for lib to delete */
context->user_supplied_ssl_ctx = 1;
return 0;
}
if (info->port != CONTEXT_PORT_NO_LISTEN)
return 0;
/* basic openssl init */
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
method = (SSL_METHOD *)SSLv23_client_method();
if (!method) {
error = ERR_get_error();
lwsl_err("problem creating ssl method %lu: %s\n",
error, ERR_error_string(error,
(char *)context->service_buffer));
return 1;
}
/* create context */
context->ssl_client_ctx = SSL_CTX_new(method);
if (!context->ssl_client_ctx) {
error = ERR_get_error();
lwsl_err("problem creating ssl context %lu: %s\n",
error, ERR_error_string(error,
(char *)context->service_buffer));
return 1;
}
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(context->ssl_client_ctx,
SSL_OP_NO_COMPRESSION);
#endif
SSL_CTX_set_options(context->ssl_client_ctx,
SSL_OP_CIPHER_SERVER_PREFERENCE);
if (info->ssl_cipher_list)
SSL_CTX_set_cipher_list(context->ssl_client_ctx,
info->ssl_cipher_list);
#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS
if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS))
/* loads OS default CA certs */
SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
#endif
/* openssl init for cert verification (for client sockets) */
if (!info->ssl_ca_filepath) {
if (!SSL_CTX_load_verify_locations(
context->ssl_client_ctx, NULL,
LWS_OPENSSL_CLIENT_CERTS))
lwsl_err(
"Unable to load SSL Client certs from %s "
"(set by --with-client-cert-dir= "
"in configure) -- client ssl isn't "
"going to work", LWS_OPENSSL_CLIENT_CERTS);
} else
if (!SSL_CTX_load_verify_locations(
context->ssl_client_ctx, info->ssl_ca_filepath,
NULL))
lwsl_err(
"Unable to load SSL Client certs "
"file from %s -- client ssl isn't "
"going to work", info->ssl_ca_filepath);
else
lwsl_info("loaded ssl_ca_filepath\n");
/*
* callback allowing user code to load extra verification certs
* helping the client to verify server identity
*/
/* support for client-side certificate authentication */
if (info->ssl_cert_filepath) {
n = SSL_CTX_use_certificate_chain_file(
context->ssl_client_ctx,
info->ssl_cert_filepath);
if (n != 1) {
lwsl_err("problem getting cert '%s' %lu: %s\n",
info->ssl_cert_filepath,
ERR_get_error(),
ERR_error_string(ERR_get_error(),
(char *)context->service_buffer));
return 1;
}
}
if (info->ssl_private_key_filepath) {
//.........这里部分代码省略.........
示例2: lws_context_init_server_ssl
LWS_VISIBLE int
lws_context_init_server_ssl(struct lws_context_creation_info *info,
struct libwebsocket_context *context)
{
SSL_METHOD *method;
int error;
int n;
if (info->port != CONTEXT_PORT_NO_LISTEN) {
context->use_ssl = info->ssl_cert_filepath != NULL;
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
lwsl_notice(" Compiled with CyaSSL support\n");
#else
lwsl_notice(" Compiled with wolfSSL support\n");
#endif
#else
lwsl_notice(" Compiled with OpenSSL support\n");
#endif
if (info->ssl_cipher_list)
lwsl_notice(" SSL ciphers: '%s'\n", info->ssl_cipher_list);
if (context->use_ssl)
lwsl_notice(" Using SSL mode\n");
else
lwsl_notice(" Using non-SSL mode\n");
}
/* basic openssl init */
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
openssl_websocket_private_data_index =
SSL_get_ex_new_index(0, "libwebsockets", NULL, NULL, NULL);
/*
* Firefox insists on SSLv23 not SSLv3
* Konq disables SSLv2 by default now, SSLv23 works
*
* SSLv23_server_method() is the openssl method for "allow all TLS
* versions", compared to e.g. TLSv1_2_server_method() which only allows
* tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options()
*/
method = (SSL_METHOD *)SSLv23_server_method();
if (!method) {
error = ERR_get_error();
lwsl_err("problem creating ssl method %lu: %s\n",
error, ERR_error_string(error,
(char *)context->service_buffer));
return 1;
}
context->ssl_ctx = SSL_CTX_new(method); /* create context */
if (!context->ssl_ctx) {
error = ERR_get_error();
lwsl_err("problem creating ssl context %lu: %s\n",
error, ERR_error_string(error,
(char *)context->service_buffer));
return 1;
}
/* Disable SSLv2 and SSLv3 */
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
SSL_CTX_set_options(context->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (info->ssl_cipher_list)
SSL_CTX_set_cipher_list(context->ssl_ctx,
info->ssl_cipher_list);
/* as a server, are we requiring clients to identify themselves? */
if (info->options &
LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT) {
int verify_options = SSL_VERIFY_PEER;
if (!(info->options & LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_CTX_set_session_id_context(context->ssl_ctx,
(unsigned char *)context, sizeof(void *));
/* absolutely require the client cert */
SSL_CTX_set_verify(context->ssl_ctx,
verify_options, OpenSSL_verify_callback);
/*
* give user code a chance to load certs into the server
* allowing it to verify incoming client certs
*/
//.........这里部分代码省略.........
示例3: main
int main(int argc, char *argv[])
{
int ret;
/* fn pointers */
gi = &global_info;
fns_load_defaults();
debug_trace_init_mandatory();
/* XXX
debug_trace_init ();
*/
/* XXX
bot_alloc_on ();
bot_alloc_verbose_on ();
*/
srand(getpid());
SSL_library_init();
SSL_load_error_strings();
// OpenSSL_add_all_algorithms ();
setlocale(LC_ALL, "");
global_signal_hooks();
global_defaults();
global_getopt(argc, argv);
global_set_proc_ptrs(&argc, argv, environ);
global_conf_parse();
if (global_chroot() < 0) {
debug_err(NULL, "main: bot_chroot: Failed\n");
}
global_on();
/*
event_dispatch ();
*/
setjmp(gi->sigprotect_buf);
sigsetjmp(gi->sigprotect_sigbuf, 1);
while (1) {
/*trying to fix gmod_grelinkd reload */
/*
global_gcmd();
*/
gi->bot_current = NULL;
pmodule_cur_clear();
ret = event_loop(EVLOOP_ONCE);
if (ret) {
global_set_evhook_console();
}
timer_shouldwerun();
}
return 0;
}示例4: main
int main(int argc, char *argv[])
{
bmd_conf *konfiguracja=NULL;
struct soap soap;
char *serverURL = NULL;
char *host = NULL;
long int ssl_enabled=0;
long int authenticate=0;
char *keyfile=NULL;
char *keyfile_passwd=NULL;
char *keyfile_ssl=NULL;
char *keyfile_passwd_ssl=NULL;
char *cacert=NULL;
char *capath=NULL;
int status = 0;
struct xsd__base64Binary *base64Cert = NULL;
struct bmd230__manyCascadeLinksResult* result=NULL;
long i=0;
long iter=0;
struct bmd230__deleteCascadeLinksList deleteCascadeLinksList;
deleteCascadeLinksList.__size=1;
deleteCascadeLinksList.__ptr=(struct bmd230__deleteCascadeLinksElement*)calloc(deleteCascadeLinksList.__size, sizeof(struct bmd230__deleteCascadeLinksElement));
deleteCascadeLinksList.__ptr[0].ownerIdentityId="1";
deleteCascadeLinksList.__ptr[0].ownerCertificateId=NULL;
deleteCascadeLinksList.__ptr[0].correspondingFilesMaxLevel=0;
deleteCascadeLinksList.__ptr[0].visible=ALL;
deleteCascadeLinksList.__ptr[0].fileId="57";
// deleteCascadeLinksList.__ptr[1].ownerIdentityId="1";
// deleteCascadeLinksList.__ptr[1].ownerCertificateId=NULL;
// deleteCascadeLinksList.__ptr[1].correspondingFilesMaxLevel=0;
// deleteCascadeLinksList.__ptr[1].visible=ALL;
// deleteCascadeLinksList.__ptr[1].fileId="58";
_GLOBAL_debug_level=4;
/*załadowanie bibliotek ssl-owych*/
SSL_load_error_strings();
SSL_library_init();
/*funkcje konfiguracyjne*/
load_soap_configuration(&konfiguracja);
configuration(konfiguracja,&host,&keyfile,&keyfile_passwd,&keyfile_ssl,&keyfile_passwd_ssl,&cacert,&capath,&ssl_enabled);
/*funkcja ustanowienia połaczenia z serwerem*/
status=connection(&soap,ssl_enabled,authenticate,keyfile_ssl,keyfile_passwd_ssl,cacert,capath);
if (status!=SOAP_OK)
{
PRINT_DEBUG("SOAPCLIENTERR Connection error\n");
return 0;
}
GenBuf_t *cert_pem=NULL;
base64Cert = (struct xsd__base64Binary *)malloc(sizeof(struct xsd__base64Binary));
status = bmd_load_binary_content(keyfile,&cert_pem);
if (status != BMD_OK)
{
PRINT_DEBUG("SOAPCLIENTERR Error while reading certificate file\n");
return 0;
}
base64Cert->__ptr=(unsigned char*)(cert_pem->buf);
base64Cert->__size=cert_pem->size;
soap_set_namespaces(&soap, bmd230_namespaces);
status = soap_call_bmd230__bmdDeleteCascadeLinks(&soap, host, NULL, base64Cert, NULL, NULL, NULL, &deleteCascadeLinksList, &result);
if (status == SOAP_OK)
{
if(result == NULL)
{ printf("result = NULL\n"); }
else
{
for(i=0; i< result->__size; i++)
{
if(result->__ptr[i].idsList != NULL)
{
if(result->__ptr[i].idsList->__size == 0)
{
printf("Dla elementu %li nie usunieto zadnego linka\n", i);
}
for(iter=0; iter<result->__ptr[i].idsList->__size; iter++)
{
printf("Dla %li elementu usunieto link z id: %i\n", i, result->__ptr[i].idsList->__ptr[iter]);
}
}
else
{
printf("Dla %li elementu otrzymano kod bledu: %li\n", i, result->__ptr[i].errorCode);
}
}
//.........这里部分代码省略.........
示例5: vs_init_ssl
/*
* \brief Initialize OpenSSl of Verse server
*/
static int vs_init_ssl(VS_CTX *vs_ctx)
{
/* Set up the library */
SSL_library_init();
ERR_load_BIO_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
/* Set up SSL context for TLS */
if( (vs_ctx->tls_ctx = SSL_CTX_new(TLSv1_server_method())) == NULL ) {
v_print_log(VRS_PRINT_ERROR, "Setting up SSL_CTX failed.\n");
ERR_print_errors_fp(v_log_file());
return -1;
}
/* Load certificate chain file from CA */
if(vs_ctx->ca_cert_file != NULL) {
if(SSL_CTX_use_certificate_chain_file(vs_ctx->tls_ctx, vs_ctx->ca_cert_file) != 1) {
v_print_log(VRS_PRINT_ERROR, "TLS: Loading certificate chain file: %s failed.\n",
vs_ctx->ca_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
}
/* Load certificate with public key for TLS */
if(SSL_CTX_use_certificate_file(vs_ctx->tls_ctx, vs_ctx->public_cert_file, SSL_FILETYPE_PEM) != 1) {
v_print_log(VRS_PRINT_ERROR, "TLS: Loading certificate file: %s failed.\n",
vs_ctx->public_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
/* Load private key for TLS */
if(SSL_CTX_use_PrivateKey_file(vs_ctx->tls_ctx, vs_ctx->private_cert_file, SSL_FILETYPE_PEM) != 1) {
v_print_log(VRS_PRINT_ERROR, "TLS: Loading private key file: %s failed.\n",
vs_ctx->private_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
/* Check the consistency of a private key with the corresponding
* certificate loaded into ssl_ctx */
if(SSL_CTX_check_private_key(vs_ctx->tls_ctx) != 1) {
v_print_log(VRS_PRINT_ERROR, "TLS: Private key does not match the certificate public key\n");
ERR_print_errors_fp(v_log_file());
return -1;
}
/* When CA certificate file was set, then try to load it */
if(vs_ctx->ca_cert_file != NULL) {
if(SSL_CTX_load_verify_locations(vs_ctx->tls_ctx, vs_ctx->ca_cert_file, NULL) != 1) {
v_print_log(VRS_PRINT_ERROR, "TLS: Loading CA certificate file: %s failed.\n",
vs_ctx->ca_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
}
#if OPENSSL_VERSION_NUMBER>=0x10000000
/* Set up SSL context for DTLS */
if( (vs_ctx->dtls_ctx = SSL_CTX_new(DTLSv1_server_method())) == NULL ) {
v_print_log(VRS_PRINT_ERROR, "Setting up SSL_CTX failed.\n");
ERR_print_errors_fp(v_log_file());
return -1;
}
/* Load certificate chain file from CA */
if(vs_ctx->ca_cert_file != NULL) {
if(SSL_CTX_use_certificate_chain_file(vs_ctx->dtls_ctx, vs_ctx->ca_cert_file) != 1) {
v_print_log(VRS_PRINT_ERROR, "DTLS: Loading certificate chain file: %s failed.\n",
vs_ctx->ca_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
}
/* Load certificate with public key for DTLS */
if (SSL_CTX_use_certificate_file(vs_ctx->dtls_ctx, vs_ctx->public_cert_file, SSL_FILETYPE_PEM) != 1) {
v_print_log(VRS_PRINT_ERROR, "DTLS: Loading certificate file: %s failed.\n",
vs_ctx->public_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
/* Load private key for DTLS */
if(SSL_CTX_use_PrivateKey_file(vs_ctx->dtls_ctx, vs_ctx->private_cert_file, SSL_FILETYPE_PEM) != 1) {
v_print_log(VRS_PRINT_ERROR, "DTLS: Loading private key file: %s failed.\n",
vs_ctx->private_cert_file);
ERR_print_errors_fp(v_log_file());
return -1;
}
/* Check the consistency of a private key with the corresponding
* certificate loaded into ssl_ctx */
if(SSL_CTX_check_private_key(vs_ctx->dtls_ctx) != 1) {
//.........这里部分代码省略.........
示例6: MAIN
//.........这里部分代码省略.........
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-v") == 0)
verbose=1;
#ifndef NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
#ifndef NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
{
badops=1;
break;
}
else
{
ciphers= *argv;
}
argc--;
argv++;
}
if (badops)
{
for (pp=ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL) goto err;
if (ciphers != NULL) {
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl=SSL_new(ctx);
if (ssl == NULL) goto err;
if (!verbose)
{
for (i=0; ; i++)
{
p=SSL_get_cipher_list(ssl,i);
if (p == NULL) break;
if (i != 0) BIO_printf(STDout,":");
BIO_printf(STDout,"%s",p);
}
BIO_printf(STDout,"\n");
}
else
{
sk=SSL_get_ciphers(ssl);
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
BIO_puts(STDout,SSL_CIPHER_description(
sk_SSL_CIPHER_value(sk,i),
buf,512));
}
}
ret=0;
if (0)
{
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
OPENSSL_EXIT(ret);
}示例7: PL_MEMSET
void LibeventServer::StartServer() {
if (FLAGS_socket_family == "AF_INET") {
struct sockaddr_in sin;
PL_MEMSET(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
sin.sin_port = htons(port_);
int listen_fd;
listen_fd = socket(AF_INET, SOCK_STREAM, 0);
if (listen_fd < 0) {
throw ConnectionException("Failed to create listen socket");
}
int conn_backlog = 12;
int reuse = 1;
setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse));
/* Initialize SSL listener connection */
SSL_load_error_strings();
SSL_library_init();
if ((ssl_context = SSL_CTX_new(TLSv1_server_method())) == nullptr)
{
throw ConnectionException("Error creating SSL context.");
}
LOG_INFO("private key file path %s", private_key_file_.c_str());
/*
* Temporarily commented to pass tests START
// register private key
if (SSL_CTX_use_PrivateKey_file(ssl_context, private_key_file_.c_str(),
SSL_FILETYPE_PEM) == 0)
{
SSL_CTX_free(ssl_context);
throw ConnectionException("Error associating private key.\n");
}
LOG_INFO("certificate file path %s", certificate_file_.c_str());
// register public key (certificate)
if (SSL_CTX_use_certificate_file(ssl_context, certificate_file_.c_str(),
SSL_FILETYPE_PEM) == 0)
{
SSL_CTX_free(ssl_context);
throw ConnectionException("Error associating certificate.\n");
}
* Temporarily commented to pass tests END
*/
if (bind(listen_fd, (struct sockaddr *) &sin, sizeof(sin)) < 0)
{
SSL_CTX_free(ssl_context);
throw ConnectionException("Failed binding socket.");
}
if (listen(listen_fd, conn_backlog) < 0)
{
SSL_CTX_free(ssl_context);
throw ConnectionException("Error listening onsocket.");
}
master_thread_->Start();
LibeventServer::CreateNewConn(listen_fd, EV_READ | EV_PERSIST,
master_thread_.get(), CONN_LISTENING);
LOG_INFO("Listening on port %llu", (unsigned long long) port_);
event_base_dispatch(base_);
LibeventServer::GetConn(listen_fd)->CloseSocket();
// Free events and event base
event_free(LibeventServer::GetConn(listen_fd)->event);
event_free(ev_stop_);
event_free(ev_timeout_);
event_base_free(base_);
master_thread_->Stop();
LOG_INFO("Server Closed");
}
// This socket family code is not implemented yet
else {
throw ConnectionException("Unsupported socket family");
}
}示例8: sycSSL_load_error_strings
void sycSSL_load_error_strings(void) {
Debug("SSL_load_error_strings()");
SSL_load_error_strings();
Debug("SSL_load_error_strings() ->");
}示例9: main
int main(int argc, char *argv[])
{
bmd_conf *konfiguracja=NULL;
struct soap soap;
int result;
char *serverURL = NULL;
char *host = NULL;
long int ssl_enabled=0;
long int authenticate=0;
char *keyfile=NULL;
char *keyfile_passwd=NULL;
char *keyfile_ssl=NULL;
char *keyfile_passwd_ssl=NULL;
char *cacert=NULL;
char *capath=NULL;
int status = 0;
struct xsd__base64Binary *base64Cert = NULL;
int i=0;
_GLOBAL_debug_level=0;
if (argc==3)
{
for (i=1; i<argc; i++)
{
if (strcmp(argv[i],"-d")==0)
{
if (argc>i+1) _GLOBAL_debug_level=atoi(argv[i+1]);
}
}
}
else
{
printf("%s\n",argv[0]);
printf("\nniepoprawne wywołanie\n\nuzyj ponizszych parametrow\n");
printf("-------------------------------------------------------\n");
printf("\t-d liczba\tpoziom logowania\n");
printf("-------------------------------------------------------\n");
return -1;
}
/*załadowanie bibliotek ssl-owych*/
SSL_load_error_strings();
SSL_library_init();
/*funkcje konfiguracyjne*/
load_soap_configuration(&konfiguracja);
configuration(konfiguracja,&host,&keyfile,&keyfile_passwd,&keyfile_ssl,&keyfile_passwd_ssl,&cacert,&capath,&ssl_enabled);
/*funkcja ustanowienia połaczenia z serwerem*/
status=connection(&soap,ssl_enabled,authenticate,keyfile_ssl,keyfile_passwd_ssl,cacert,capath);
if (status!=SOAP_OK)
{
PRINT_DEBUG("SOAPCLIENTERR Connection error\n");
return 0;
}
/*********************/
/* informacja o roli */
/*********************/
struct bmd230__singleGroupInfo *groupInfo = NULL;
groupInfo = (struct bmd230__singleGroupInfo *)calloc(1, sizeof(struct bmd230__singleGroupInfo));
groupInfo->groupName="nowa_nazwa";
groupInfo->groupParentIds=(struct bmd230__stringList *)calloc(1, sizeof(struct bmd230__stringList));
groupInfo->groupParentIds->__size=0;
//groupInfo->groupParentIds->__ptr=(xsd__string *)calloc(groupInfo->groupParentIds->__size, sizeof(xsd__string));
//groupInfo->groupParentIds->__ptr[0]=(xsd__string)calloc(2, sizeof(char*));
//groupInfo->groupParentIds->__ptr[0][0]='4';
groupInfo->groupChildIds=(struct bmd230__stringList *)calloc(1, sizeof(struct bmd230__stringList));
groupInfo->groupChildIds->__size=0;
//groupInfo->groupChildIds->__ptr=(xsd__string *)calloc(groupInfo->groupChildIds->__size, sizeof(xsd__string));
//groupInfo->groupChildIds->__ptr[0]=(xsd__string)calloc(2, sizeof(char*));
//groupInfo->groupChildIds->__ptr[0][0]='5';
GenBuf_t *cert_pem=NULL;
base64Cert = (struct xsd__base64Binary *)malloc(sizeof(struct xsd__base64Binary));
status = bmd_load_binary_content(keyfile,&cert_pem);
if (status != BMD_OK)
{
PRINT_DEBUG("SOAPCLIENTERR Error while reading certificate file\n");
return 0;
}
base64Cert->__ptr=(unsigned char*)cert_pem->buf;
base64Cert->__size=cert_pem->size;
soap_set_namespaces(&soap, bmd230_namespaces);
/*********************************************************************************/
/************************ funkcja testowa ****************************************/
status=soap_call_bmd230__bmdUpdateGroup(&soap, host, NULL, base64Cert, NULL, NULL, NULL, "11", groupInfo, &result);
/*********************************************************************************/
/*********************************************************************************/
if (status == SOAP_OK)
//.........这里部分代码省略.........
示例10: be_tls_init
/*
* Initialize global SSL context.
*/
void
be_tls_init(void)
{
struct stat buf;
STACK_OF(X509_NAME) *root_cert_list = NULL;
if (!SSL_context)
{
#if SSLEAY_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
SSL_library_init();
SSL_load_error_strings();
/*
* We use SSLv23_method() because it can negotiate use of the highest
* mutually supported protocol version, while alternatives like
* TLSv1_2_method() permit only one specific version. Note that we
* don't actually allow SSL v2 or v3, only TLS protocols (see below).
*/
SSL_context = SSL_CTX_new(SSLv23_method());
if (!SSL_context)
ereport(FATAL,
(errmsg("could not create SSL context: %s",
SSLerrmessage(ERR_get_error()))));
/*
* Disable OpenSSL's moving-write-buffer sanity check, because it
* causes unnecessary failures in nonblocking send cases.
*/
SSL_CTX_set_mode(SSL_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
/*
* Load and verify server's certificate and private key
*/
if (SSL_CTX_use_certificate_chain_file(SSL_context,
ssl_cert_file) != 1)
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not load server certificate file \"%s\": %s",
ssl_cert_file, SSLerrmessage(ERR_get_error()))));
if (stat(ssl_key_file, &buf) != 0)
ereport(FATAL,
(errcode_for_file_access(),
errmsg("could not access private key file \"%s\": %m",
ssl_key_file)));
if (!S_ISREG(buf.st_mode))
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("private key file \"%s\" is not a regular file",
ssl_key_file)));
/*
* Refuse to load files owned by users other than us or root.
*
* XXX surely we can check this on Windows somehow, too.
*/
#if !defined(WIN32) && !defined(__CYGWIN__)
if (buf.st_uid != geteuid() && buf.st_uid != 0)
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("private key file \"%s\" must be owned by the database user or root",
ssl_key_file)));
#endif
/*
* Require no public access to key file. If the file is owned by us,
* require mode 0600 or less. If owned by root, require 0640 or less
* to allow read access through our gid, or a supplementary gid that
* allows to read system-wide certificates.
*
* XXX temporarily suppress check when on Windows, because there may
* not be proper support for Unix-y file permissions. Need to think
* of a reasonable check to apply on Windows. (See also the data
* directory permission check in postmaster.c)
*/
#if !defined(WIN32) && !defined(__CYGWIN__)
if ((buf.st_uid == geteuid() && buf.st_mode & (S_IRWXG | S_IRWXO)) ||
(buf.st_uid == 0 && buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)))
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("private key file \"%s\" has group or world access",
ssl_key_file),
errdetail("File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.")));
#endif
if (SSL_CTX_use_PrivateKey_file(SSL_context,
ssl_key_file,
SSL_FILETYPE_PEM) != 1)
ereport(FATAL,
(errmsg("could not load private key file \"%s\": %s",
ssl_key_file, SSLerrmessage(ERR_get_error()))));
if (SSL_CTX_check_private_key(SSL_context) != 1)
//.........这里部分代码省略.........
示例11: web_server_init
/*
* This function initialize one web_server handler
*/
int web_server_init(struct web_server *server,int port,const char *logfile,int flags) {
#ifdef WIN32
unsigned long t=IOC_INOUT;
WSADATA WSAinfo;
WSAStartup(2,&WSAinfo); // Damn w32 sockets
#endif
current_web_server=server;
server->port=port;
server->conffile=NULL;
server->mimefile=NULL;
server->weblog=NULL;
server->usessl=0;
server->flags=flags;
server->dataconf="";
if((flags & WS_USEEXTCONF) == WS_USEEXTCONF) {
if(!(web_server_setup(server,logfile))) {
#ifdef WIN32
WSACleanup();
#endif
return 0;
};
_logfile=server->weblog; // Set current log stream
web_log("%s using config file %s\n",_libwebserver_version,logfile);
};
// Create a listen socket port 'port' and listen addr (0) (all interfaces)
server->socket=__ILWS_listensocket((short)server->port,0);
if(server->socket==-1) {
LWSERR(LE_NET);
#ifdef WIN32
WSACleanup();
#endif
return 0;
};
#ifdef WIN32
ioctlsocket(server->socket,FIONBIO,&t); //non blocking sockets for win32
#else
fcntl(server->socket,F_SETFL,O_NONBLOCK);
#endif
// Setup FILE structure of logfile
if(logfile!=NULL && !((flags & WS_USEEXTCONF) == WS_USEEXTCONF)) {
server->logfile=__ILWS_malloc(strlen(logfile)+1);
memcpy(server->logfile,logfile,strlen(logfile));
server->logfile[strlen(logfile)]=0;
server->weblog=open_weblog(logfile); // Create File stream for log
};
web_log("\n[%s] Server started at port %d (%s)\n",__ILWS_date(time(NULL),"%d/%b/%Y:%H:%M:%S %z"),server->port,_libwebserver_version);
// Setup Flags
// openssl
#ifdef HAVE_OPENSSL
if((server->flags & WS_USESSL) == WS_USESSL) {
web_log("[%s] (FLAG) Using SSL in connections\n",__ILWS_date(time(NULL),"%d/%b/%Y:%H:%M:%S %z"));
web_log(" +-- %s certificate file\n",server->cert_file);
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
server->ctx=SSL_CTX_new (SSLv23_server_method());
if (SSL_CTX_use_certificate_file(server->ctx, server->cert_file, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(server->ctx, server->cert_file, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}
if (SSL_CTX_check_private_key(server->ctx)<= 0) {
ERR_print_errors_fp(stderr);
exit(4);
};
server->usessl=1;
};
#endif
if((server->flags & WS_LOCAL) == WS_LOCAL) {
web_log("[%s] (FLAG) Accepting only local connections\n",__ILWS_date(time(NULL),"%d/%b/%Y:%H:%M:%S %z"));
};
server->client=__ILWS_init_client_list(); // Initializate client list
server->gethandler=__ILWS_init_handler_list(); // Initializate handlers list
web_server_addhandler(server,"* /libwebserver.gif",_web_server_logo,0,NULL); // Add logo default handler
#ifndef WIN32
signal(SIGPIPE,SIG_IGN);
#endif
return 1;
} 示例12: ssl_init
/*
* Initialize OpenSSL and verify the random number generator works.
* Returns -1 on failure, 0 on success.
*/
int
ssl_init(void)
{
#ifndef PURIFY
int fd;
#endif /* !PURIFY */
char buf[256];
if (ssl_initialized)
return 0;
/* general initialization */
SSL_library_init();
#ifdef PURIFY
CRYPTO_umalloc_init();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif /* PURIFY */
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
/* thread-safety */
#ifdef OPENSSL_THREADS
ssl_mutex_num = CRYPTO_num_locks();
ssl_mutex = umalloc(ssl_mutex_num * sizeof(*ssl_mutex));
int i;
for (i = 0; i < ssl_mutex_num; i++) {
pthread_mutex_init(&ssl_mutex[i], NULL);
}
CRYPTO_set_locking_callback(ssl_thr_locking_cb);
CRYPTO_set_dynlock_create_callback(ssl_thr_dyn_create_cb);
CRYPTO_set_dynlock_lock_callback(ssl_thr_dyn_lock_cb);
CRYPTO_set_dynlock_destroy_callback(ssl_thr_dyn_destroy_cb);
#ifdef OPENSSL_NO_THREADID
CRYPTO_set_id_callback(ssl_thr_id_cb);
#else /* !OPENSSL_NO_THREADID */
CRYPTO_THREADID_set_callback(ssl_thr_id_cb);
#endif /* !OPENSSL_NO_THREADID */
#endif /* OPENSSL_THREADS */
/* randomness */
#ifndef PURIFY
if ((fd = open("/dev/urandom", O_RDONLY)) == -1) {
log_err_printf("Error opening /dev/urandom for reading: %s\n",
strerror(errno));
return -1;
}
while (!RAND_status()) {
if (read(fd, buf, sizeof(buf)) == -1) {
log_err_printf("Error reading from /dev/urandom: %s\n",
strerror(errno));
close(fd);
return -1;
}
RAND_seed(buf, sizeof(buf));
}
close(fd);
if (!RAND_poll()) {
log_err_printf("RAND_poll() failed.\n");
return -1;
}
#else /* PURIFY */
log_err_printf("Warning: not seeding OpenSSL RAND due to PURITY!\n");
memset(buf, 0, sizeof(buf));
while (!RAND_status()) {
RAND_seed(buf, sizeof(buf));
}
#endif /* PURIFY */
#ifdef USE_FOOTPRINT_HACKS
/* HACK: disable compression by zeroing the global comp algo stack.
* This lowers the per-connection memory footprint by ~500k. */
STACK_OF(SSL_COMP)* comp_methods = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(comp_methods);
#endif /* USE_FOOTPRINT_HACKS */
ssl_initialized = 1;
return 0;
}示例13: MAIN
//.........这里部分代码省略.........
break;
}
else
{
ciphers= *argv;
}
argc--;
argv++;
}
if (badops)
{
for (pp=ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL) goto err;
if (ciphers != NULL) {
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl=SSL_new(ctx);
if (ssl == NULL) goto err;
if (use_supported)
sk=SSL_get1_supported_ciphers(ssl);
else
sk=SSL_get_ciphers(ssl);
if (!verbose)
{
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
SSL_CIPHER *c = sk_SSL_CIPHER_value(sk,i);
p = SSL_CIPHER_get_name(c);
if (p == NULL) break;
if (i != 0) BIO_printf(STDout,":");
BIO_printf(STDout,"%s",p);
}
BIO_printf(STDout,"\n");
}
else /* verbose */
{
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk,i);
if (Verbose)
{
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x02000000L)
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
else if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
else
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname)
{
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(STDout, "%s - ", nm);
}
#endif
BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
}
}
ret=0;
if (0)
{
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (use_supported && sk)
sk_SSL_CIPHER_free(sk);
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}示例14: main
int
main(int argc, char **argv) {
int sockfd = 0;
int on = 1;
struct sockaddr_in6 listen_addr = { AF_INET6, htons(20220), 0, IN6ADDR_ANY_INIT, 0 };
size_t addr_size = sizeof(struct sockaddr_in6);
fd_set fds[2];
int result, flags;
int idx, res = 0;
struct timeval timeout;
struct sigaction act, oact;
#ifdef WITH_DTLS
SSL_CTX *ctx;
memset(ssl_peer_storage, 0, sizeof(ssl_peer_storage));
SSL_load_error_strings();
SSL_library_init();
ctx = SSL_CTX_new(DTLSv1_server_method());
SSL_CTX_set_cipher_list(ctx, "ALL");
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
res = SSL_CTX_use_certificate_file(ctx, SERVER_CERT_PEM, SSL_FILETYPE_PEM);
if (res != 1) {
fprintf(stderr, "cannot read server certificate from file '%s' (%s)\n",
SERVER_CERT_PEM, ERR_error_string(res,NULL));
goto end;
}
res = SSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY_PEM, SSL_FILETYPE_PEM);
if (res != 1) {
fprintf(stderr, "cannot read server key from file '%s' (%s)\n",
SERVER_KEY_PEM, ERR_error_string(res,NULL));
goto end;
}
res = SSL_CTX_check_private_key (ctx);
if (res != 1) {
fprintf(stderr, "invalid private key\n");
goto end;
}
res = SSL_CTX_load_verify_locations(ctx, CA_CERT_PEM, NULL);
if (res != 1) {
fprintf(stderr, "cannot read ca file '%s'\n", CA_CERT_PEM);
goto end;
}
/* Client has to authenticate */
/* Client has to authenticate */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL);
SSL_CTX_set_read_ahead(ctx, 1); /* disable read-ahead */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);
SSL_CTX_use_psk_identity_hint(ctx, "Enter password for CoAP-Gateway");
SSL_CTX_set_psk_server_callback(ctx, psk_server_callback);
SSL_CTX_set_info_callback(ctx, info_callback);
#endif
sockfd = socket(listen_addr.sin6_family, SOCK_DGRAM, 0);
if ( sockfd < 0 ) {
perror("socket");
return -1;
}
if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on) ) < 0)
perror("setsockopt SO_REUSEADDR");
flags = fcntl(sockfd, F_GETFL, 0);
if (flags < 0 || fcntl(sockfd, F_SETFL, flags | O_NONBLOCK) < 0) {
perror("fcntl");
return -1;
}
on = 1;
if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on) ) < 0) {
perror("setsockopt IPV6_PKTINFO");
}
if (bind (sockfd, (const struct sockaddr *)&listen_addr, addr_size) < 0) {
perror("bind");
res = -2;
goto end;
}
act.sa_handler = handle_sigint;
sigemptyset(&act.sa_mask);
act.sa_flags = 0;
sigaction(SIGINT, &act, &oact);
while (!quit) {
FD_ZERO(&fds[READ]);
FD_ZERO(&fds[WRITE]);
FD_SET(sockfd, &fds[READ]);
//.........这里部分代码省略.........
示例15: tls_alloc
/**
* Allocate a new TLS context
*
* @param tlsp Pointer to allocated TLS context
* @param method TLS method
* @param keyfile Optional private key file
* @param pwd Optional password
*
* @return 0 if success, otherwise errorcode
*/
int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
const char *pwd)
{
struct tls *tls;
int r, err;
if (!tlsp)
return EINVAL;
tls = mem_zalloc(sizeof(*tls), destructor);
if (!tls)
return ENOMEM;
if (!tlsg.up) {
#ifdef SIGPIPE
/* Set up a SIGPIPE handler */
(void)signal(SIGPIPE, sigpipe_handle);
#endif
SSL_library_init();
tlsg.up = true;
}
if (tlsg.tlsc++ == 0) {
DEBUG_INFO("error strings loaded\n");
SSL_load_error_strings();
}
switch (method) {
case TLS_METHOD_SSLV23:
tls->ctx = SSL_CTX_new(SSLv23_method());
break;
#ifdef USE_OPENSSL_DTLS
case TLS_METHOD_DTLSV1:
tls->ctx = SSL_CTX_new(DTLSv1_method());
break;
#endif
default:
DEBUG_WARNING("tls method %d not supported\n", method);
err = ENOSYS;
goto out;
}
if (!tls->ctx) {
err = ENOMEM;
goto out;
}
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(tls->ctx, 1);
#endif
if (method == TLS_METHOD_DTLSV1) {
SSL_CTX_set_read_ahead(tls->ctx, 1);
}
/* Load our keys and certificates */
if (keyfile) {
if (pwd) {
err = str_dup(&tls->pass, pwd);
if (err)
goto out;
SSL_CTX_set_default_passwd_cb(tls->ctx, password_cb);
SSL_CTX_set_default_passwd_cb_userdata(tls->ctx, tls);
}
r = SSL_CTX_use_certificate_chain_file(tls->ctx, keyfile);
if (r <= 0) {
DEBUG_WARNING("Can't read certificate file: %s (%d)\n",
keyfile, r);
err = EINVAL;
goto out;
}
r = SSL_CTX_use_PrivateKey_file(tls->ctx, keyfile,
SSL_FILETYPE_PEM);
if (r <= 0) {
DEBUG_WARNING("Can't read key file: %s (%d)\n",
keyfile, r);
err = EINVAL;
goto out;
}
}
err = 0;
out:
//.........这里部分代码省略.........