本文整理汇总了C++中SSL_set_options函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_set_options函数的具体用法?C++ SSL_set_options怎么用?C++ SSL_set_options使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_set_options函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: qCritical
const bool QFrankSSL::K_SSLStrukturAufbauen()
{
if(K_OpenSSLStruktur==NULL)
{
K_OpenSSLFehlerText=K_KeineOpenSSLStrukturText+K_SSLFehlertext();
#ifndef QT_NO_DEBUG
qCritical("%s K_SSLStrukturAufbauen: OpenSSL Struktur fehlt",this->metaObject()->className());
qCritical(qPrintable(K_SSLFehlertext()));
#endif
K_AllesZuruecksetzen();
return false;
}
K_SSLStruktur=SSL_new(K_OpenSSLStruktur);
if(K_SSLStruktur==NULL)
{
K_OpenSSLFehlerText=K_SSLFehlertext();
#ifndef QT_NO_DEBUG
qWarning("%s K_SSLStrukturAufbauen: fehlgeschlagen",this->metaObject()->className());
qWarning()<<K_OpenSSLFehlerText;
#endif
K_AllesZuruecksetzen();
return false;
}
long Parameter=0;
if(!(K_ZuBenutzendeSSLVersionen&QFrankSSL::SSLv2))
Parameter=Parameter|SSL_OP_NO_SSLv2;
if(!(K_ZuBenutzendeSSLVersionen&QFrankSSL::SSLv3))
Parameter=Parameter|SSL_OP_NO_SSLv3;
if(!(K_ZuBenutzendeSSLVersionen&QFrankSSL::TLSv1))
Parameter=Parameter|SSL_OP_NO_TLSv1;
//Damit die Callbackfunktion denn Zugriff auf die Klasse hat.
K_ListeDerSSLVerbindungen.insert(K_SSLStruktur,this);
SSL_set_info_callback(K_SSLStruktur,K_SSL_Info_Callback);
#ifndef QT_NO_DEBUG
qDebug("%s K_SSLStrukturAufbauen: erfolgreich",this->metaObject()->className());
QString SSLOptionen="SSL Optionen:";
long Optionen=SSL_set_options(K_SSLStruktur,Parameter);
if(Optionen&SSL_OP_NO_SSLv2)
SSLOptionen.append("\r\n\tKein SSLv2");
else
SSLOptionen.append("\r\n\tSSLv2");
if(Optionen&SSL_OP_NO_SSLv3)
SSLOptionen.append("\r\n\tKein SSLv3");
else
SSLOptionen.append("\r\n\tSSLv3");
if(Optionen&SSL_OP_NO_TLSv1)
SSLOptionen.append("\r\n\tKein TLSv1");
else
SSLOptionen.append("\r\n\tTLSv1");
qDebug(SSLOptionen.toLatin1().constData());
#else
SSL_set_options(K_SSLStruktur,Parameter);
#endif
//Nur hohlen, wenn die Liste leer ist, da sonst die Nutzervorgaben überschrieben werden.
if(K_VerfuegbareAlgorithmen.isEmpty())
K_VerfuegbareAlgorithmenHohlen();
return true;
}示例2: select_server_ctx
/* Select the appropriate server CTX.
* Returns SSL_TLSEXT_ERR_OK if a match was found.
* If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
* Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
* An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK.
*/
static int select_server_ctx(SSL *s, void *arg, int ignore)
{
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
HANDSHAKE_EX_DATA *ex_data =
(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
if (servername == NULL) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return SSL_TLSEXT_ERR_NOACK;
}
if (strcmp(servername, "server2") == 0) {
SSL_CTX *new_ctx = (SSL_CTX*)arg;
SSL_set_SSL_CTX(s, new_ctx);
/*
* Copy over all the SSL_CTX options - reasonable behavior
* allows testing of cases where the options between two
* contexts differ/conflict
*/
SSL_clear_options(s, 0xFFFFFFFFL);
SSL_set_options(s, SSL_CTX_get_options(new_ctx));
ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
return SSL_TLSEXT_ERR_OK;
} else if (strcmp(servername, "server1") == 0) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return SSL_TLSEXT_ERR_OK;
} else if (ignore) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return SSL_TLSEXT_ERR_NOACK;
} else {
/* Don't set an explicit alert, to test library defaults. */
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
}示例3: ssl_server_listen
ssl_server_client * ssl_server_listen(ssl_server * serv){
BIO * bio = BIO_new_dgram(serv->fd, BIO_NOCLOSE);
{
struct timeval timeout;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
}
SSL * ssl = SSL_new(serv->ctx);
SSL_set_bio(ssl, bio, bio);
SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
struct sockaddr_storage client_addr;
while (DTLSv1_listen(ssl, &client_addr) <= 0){
SSL_free(ssl);
return NULL;
}
ssl_server_client * con = alloc0(sizeof(ssl_server_client));
con->ssl = ssl;
con->addr = client_addr;
con->bio = bio;
return con;
}示例4: openssl_iostream_set
static int
openssl_iostream_set(struct ssl_iostream *ssl_io,
const struct ssl_iostream_settings *set,
const char **error_r)
{
const struct ssl_iostream_settings *ctx_set = ssl_io->ctx->set;
int verify_flags;
if (set->verbose)
SSL_set_info_callback(ssl_io->ssl, openssl_info_callback);
if (set->cipher_list != NULL &&
strcmp(ctx_set->cipher_list, set->cipher_list) != 0) {
if (!SSL_set_cipher_list(ssl_io->ssl, set->cipher_list)) {
*error_r = t_strdup_printf(
"Can't set cipher list to '%s': %s",
set->cipher_list, openssl_iostream_error());
return -1;
}
}
if (set->protocols != NULL) {
SSL_clear_options(ssl_io->ssl, OPENSSL_ALL_PROTOCOL_OPTIONS);
SSL_set_options(ssl_io->ssl,
openssl_get_protocol_options(set->protocols));
}
if (set->cert != NULL && strcmp(ctx_set->cert, set->cert) != 0) {
if (openssl_iostream_use_certificate(ssl_io, set->cert, error_r) < 0)
return -1;
}
if (set->key != NULL && strcmp(ctx_set->key, set->key) != 0) {
if (openssl_iostream_use_key(ssl_io, set, error_r) < 0)
return -1;
}
if (set->verify_remote_cert) {
if (ssl_io->ctx->client_ctx)
verify_flags = SSL_VERIFY_NONE;
else
verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
SSL_set_verify(ssl_io->ssl, verify_flags,
openssl_iostream_verify_client_cert);
}
if (set->cert_username_field != NULL) {
ssl_io->username_nid = OBJ_txt2nid(set->cert_username_field);
if (ssl_io->username_nid == NID_undef) {
*error_r = t_strdup_printf(
"Invalid cert_username_field: %s",
set->cert_username_field);
return -1;
}
} else {
ssl_io->username_nid = ssl_io->ctx->username_nid;
}
ssl_io->verbose = set->verbose;
ssl_io->verbose_invalid_cert = set->verbose_invalid_cert || set->verbose;
ssl_io->require_valid_cert = set->require_valid_cert;
return 0;
}示例5: Connection
SslConnection::SslConnection(asio::io_service& io_service, Server *server,
asio::ssl::context& context,
ConnectionManager& manager, RequestHandler& handler)
: Connection(io_service, server, manager, handler),
socket_(io_service, context),
sslShutdownTimer_(io_service)
{
// avoid CRIME attack, get A rating on SSL analysis tools
#ifdef SSL_OP_NO_COMPRESSION
#if BOOST_VERSION >= 104700
SSL_set_options(socket_.native_handle(), SSL_OP_NO_COMPRESSION);
#else
SSL_set_options(socket_.impl()->ssl, SSL_OP_NO_COMPRESSION);
#endif
#endif
}示例6: tnet_dtls_socket_create
tnet_dtls_socket_handle_t* tnet_dtls_socket_create(struct tnet_socket_s* wrapped_sock, struct ssl_ctx_st* ssl_ctx)
{
#if !HAVE_OPENSSL || !HAVE_OPENSSL_DTLS
TSK_DEBUG_ERROR("OpenSSL or DTLS not enabled");
return tsk_null;
#else
tnet_dtls_socket_t* socket;
if (!wrapped_sock || !ssl_ctx){
TSK_DEBUG_ERROR("Invalid parameter");
return tsk_null;
}
if ((socket = tsk_object_new(tnet_dtls_socket_def_t))) {
const tsk_bool_t set_mtu = TNET_SOCKET_TYPE_IS_DGRAM(wrapped_sock->type) || 1; //!\ This is required even if the local transport is TCP/TLS because the relayed (TURN) transport could be UDP
socket->wrapped_sock = tsk_object_ref(wrapped_sock);
if (!(socket->ssl = SSL_new(ssl_ctx))) {
TSK_DEBUG_ERROR("SSL_new(CTX) failed [%s]", ERR_error_string(ERR_get_error(), tsk_null));
TSK_OBJECT_SAFE_FREE(socket);
return tsk_null;
}
if (set_mtu) {
SSL_set_options(socket->ssl, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(socket->ssl, TNET_DTLS_MTU - 28);
socket->ssl->d1->mtu = TNET_DTLS_MTU - 28;
}
if (!(socket->rbio = BIO_new(BIO_s_mem())) || !(socket->wbio = BIO_new(BIO_s_mem()))){
TSK_DEBUG_ERROR("BIO_new_socket(%d) failed [%s]", socket->wrapped_sock->fd, ERR_error_string(ERR_get_error(), tsk_null));
if (socket->rbio){
BIO_free(socket->rbio);
}
if (socket->wbio){
BIO_free(socket->wbio);
}
TSK_OBJECT_SAFE_FREE(socket);
return tsk_null;
}
BIO_set_mem_eof_return(socket->rbio, -1);
BIO_set_mem_eof_return(socket->wbio, -1);
SSL_set_bio(socket->ssl, socket->rbio, socket->wbio);
SSL_set_mode(socket->ssl, SSL_MODE_AUTO_RETRY);
SSL_set_read_ahead(socket->ssl, 1);
if (set_mtu) {
BIO_ctrl(SSL_get_wbio(socket->ssl), BIO_CTRL_DGRAM_SET_MTU, TNET_DTLS_MTU - 28, NULL);
}
if ((socket->verify_peer = (SSL_CTX_get_verify_mode(ssl_ctx) != SSL_VERIFY_NONE))){
TSK_DEBUG_INFO("SSL cert verify: ON");
socket->verify_peer = tsk_true;
SSL_set_verify(socket->ssl, (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), _tnet_dtls_verify_cert);
}
else {
TSK_DEBUG_ERROR("Verity not enabled");
}
SSL_set_app_data(socket->ssl, socket);
}
return socket;
#endif
}示例7: dtls_server_input_handler
static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_type* server,
ioa_socket_handle s,
ioa_network_buffer_handle nbh)
{
FUNCSTART;
if (!server || !nbh) {
return NULL;
}
SSL* connecting_ssl = NULL;
BIO *wbio = NULL;
struct timeval timeout;
/* Create BIO */
wbio = BIO_new_dgram(s->fd, BIO_NOCLOSE);
(void)BIO_dgram_set_peer(wbio, (struct sockaddr*) &(server->sm.m.sm.nd.src_addr));
/* Set and activate timeouts */
timeout.tv_sec = DTLS_MAX_RECV_TIMEOUT;
timeout.tv_usec = 0;
BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
#if DTLSv1_2_SUPPORTED
if(get_dtls_version(ioa_network_buffer_data(nbh),
(int)ioa_network_buffer_get_size(nbh)) == 1) {
connecting_ssl = SSL_NEW(server->dtls_ctx_v1_2);
} else {
connecting_ssl = SSL_NEW(server->dtls_ctx);
}
#else
{
connecting_ssl = SSL_NEW(server->dtls_ctx);
}
#endif
SSL_set_accept_state(connecting_ssl);
SSL_set_bio(connecting_ssl, NULL, wbio);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE);
SSL_set_max_cert_list(connecting_ssl, 655350);
ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
&(server->sm.m.sm.nd.src_addr),
&(server->addr),
nbh);
if (!rc) {
if (!(SSL_get_shutdown(connecting_ssl) & SSL_SENT_SHUTDOWN)) {
SSL_set_shutdown(connecting_ssl, SSL_RECEIVED_SHUTDOWN);
SSL_shutdown(connecting_ssl);
}
SSL_FREE(connecting_ssl);
}
return rc;
}示例8: HsOpenSSL_SSL_clear_options
/* OpenSSL < 0.9.8m does not have SSL_clear_options() */
long HsOpenSSL_SSL_clear_options(SSL* ssl, long options) {
#if defined(SSL_clear_options)
return SSL_clear_options(ssl, options);
#else
long tmp = SSL_get_options(ssl);
return SSL_set_options(ssl, tmp & ~options);
#endif
}示例9: cherokee_cryptor_libssl_find_vserver
ret_t
cherokee_cryptor_libssl_find_vserver (SSL *ssl,
cherokee_server_t *srv,
cherokee_buffer_t *servername,
cherokee_connection_t *conn)
{
ret_t ret;
cherokee_virtual_server_t *vsrv = NULL;
SSL_CTX *ctx;
/* Try to match the connection to a server
*/
ret = cherokee_server_get_vserver(srv, servername, conn, &vsrv);
if ((ret != ret_ok) || (vsrv == NULL)) {
LOG_ERROR (CHEROKEE_ERROR_SSL_SRV_MATCH, servername->buf);
return ret_error;
}
TRACE (ENTRIES, "Setting new TLS context. Virtual host='%s'\n",
vsrv->name.buf);
/* Check whether the Virtual Server supports TLS
*/
if ((vsrv->cryptor == NULL) ||
(CRYPTOR_VSRV_SSL(vsrv->cryptor)->context == NULL))
{
TRACE (ENTRIES, "Virtual server '%s' does not support SSL\n", servername->buf);
return ret_error;
}
/* Set the new SSL context
*/
ctx = SSL_set_SSL_CTX (ssl, CRYPTOR_VSRV_SSL(vsrv->cryptor)->context);
if (ctx != CRYPTOR_VSRV_SSL(vsrv->cryptor)->context) {
LOG_ERROR (CHEROKEE_ERROR_SSL_CHANGE_CTX, servername->buf);
}
/* SSL_set_SSL_CTX() only change certificates. We need to
* changes more options by hand.
*/
SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
(SSL_num_renegotiations(ssl) == 0)) {
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
SSL_CTX_get_verify_callback(ssl->ctx));
}
return ret_ok;
}示例10: dtls1_listen
int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;
ret = SSL_accept(s);
if (ret <= 0) return ret;
(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
return 1;
}示例11: dtls1_listen
int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;
/* Ensure there is no state left over from a previous invocation */
SSL_clear(s);
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;
ret = SSL_accept(s);
if (ret <= 0) return ret;
(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
return 1;
}示例12: dtls_server_input_handler
static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_type* server, u08bits *buf, int len)
{
FUNCSTART;
if (!server || !buf || len<1) {
return NULL;
}
SSL* connecting_ssl = NULL;
BIO *wbio = NULL;
struct timeval timeout;
/* Create BIO */
wbio = BIO_new_dgram(server->udp_listen_s->fd, BIO_NOCLOSE);
(void)BIO_dgram_set_peer(wbio, (struct sockaddr*) &(server->sm.m.sm.nd.src_addr));
/* Set and activate timeouts */
timeout.tv_sec = DTLS_MAX_RECV_TIMEOUT;
timeout.tv_usec = 0;
BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
connecting_ssl = SSL_new(server->dtls_ctx);
SSL_set_accept_state(connecting_ssl);
SSL_set_bio(connecting_ssl, NULL, wbio);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE);
SSL_set_max_cert_list(connecting_ssl, 655350);
ioa_socket_handle rc = dtls_accept_client_connection(server, connecting_ssl,
&(server->sm.m.sm.nd.src_addr),
&(server->addr),
buf, len);
if (!rc) {
if (!(SSL_get_shutdown(connecting_ssl) & SSL_SENT_SHUTDOWN)) {
SSL_set_shutdown(connecting_ssl, SSL_RECEIVED_SHUTDOWN);
SSL_shutdown(connecting_ssl);
}
SSL_free(connecting_ssl);
}
return rc;
}示例13: create_dtls_transport
struct dtls_transport *
create_dtls_transport(struct rtcdc_peer_connection *peer,
const struct dtls_context *context)
{
if (peer == NULL || peer->transport == NULL || context == NULL || context->ctx == NULL)
return NULL;
struct dtls_transport *dtls = (struct dtls_transport *)calloc(1, sizeof *dtls);
if (dtls == NULL)
return NULL;
peer->transport->dtls = dtls;
SSL *ssl = SSL_new(context->ctx);
if (ssl == NULL)
goto trans_err;
dtls->ssl = ssl;
BIO *bio = BIO_new(BIO_s_mem());
if (bio == NULL)
goto trans_err;
BIO_set_mem_eof_return(bio, -1);
dtls->incoming_bio = bio;
bio = BIO_new(BIO_s_mem());
if (bio == NULL)
goto trans_err;
BIO_set_mem_eof_return(bio, -1);
dtls->outgoing_bio = bio;
SSL_set_bio(dtls->ssl, dtls->incoming_bio, dtls->outgoing_bio);
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_set_options(dtls->ssl, SSL_OP_SINGLE_ECDH_USE);
SSL_set_tmp_ecdh(dtls->ssl, ecdh);
EC_KEY_free(ecdh);
if (0) {
trans_err:
peer->transport->dtls = NULL;
SSL_free(ssl);
free(dtls);
dtls = NULL;
}
return dtls;
}示例14: SSL_set_options
void SecuredServerSession::messageComplete()
{
if (!m_renegotiate || !m_readYield)
return;
m_renegotiate = false;
SSL_set_options(m_SSL, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
SSL_renegotiate(m_SSL);
int ret;
int step = 0;
while ( (ret = SSL_do_handshake(m_SSL)) != 1) {
if (ret < 0) {
auto err = SSL_get_error(m_SSL, ret);
if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) {
if (++step > 5) {
(*m_readYield)();
step = 0;
}
continue;
}
}
return;
}
step = 0;
while ( (ret = SSL_do_handshake(m_SSL)) != 1) {
if (ret < 0) {
auto err = SSL_get_error(m_SSL, ret);
if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) {
if (++step > 5) {
(*m_readYield)();
step = 0;
}
continue;
}
}
break;
}
}示例15: DoSSLClientNegotiation
int DoSSLClientNegotiation(STREAM *S, int Flags)
{
int result=FALSE;
#ifdef HAVE_LIBSSL
const SSL_METHOD *Method;
SSL_CTX *ctx;
SSL *ssl;
//struct x509 *cert=NULL;
char *ptr;
if (S)
{
INTERNAL_SSL_INIT();
// SSL_load_ciphers();
Method=SSLv23_client_method();
ctx=SSL_CTX_new(Method);
if (! ctx) HandleSSLError();
else
{
STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(S,ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, OpenSSLVerifyCallback);
ssl=SSL_new(ctx);
SSL_set_fd(ssl,S->in_fd);
STREAMSetItem(S,"LIBUSEFUL-SSL-CTX",ssl);
SSL_set_options(ssl, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2); //SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1
ptr=LibUsefulGetValue("SSL-Permitted-Ciphers");
if (ptr) SSL_set_cipher_list(ssl, ptr);
result=SSL_connect(ssl);
S->Flags|=SF_SSL;
OpenSSLQueryCipher(S);
OpenSSLVerifyCertificate(S);
}
}
#endif
return(result);
}