本文整理汇总了C++中SSL_set_tlsext_host_name函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_set_tlsext_host_name函数的具体用法?C++ SSL_set_tlsext_host_name怎么用?C++ SSL_set_tlsext_host_name使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_set_tlsext_host_name函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: h2o_socket_ssl_handshake
void h2o_socket_ssl_handshake(h2o_socket_t *sock, SSL_CTX *ssl_ctx, const char *server_name, h2o_socket_cb handshake_cb)
{
sock->ssl = h2o_mem_alloc(sizeof(*sock->ssl));
memset(sock->ssl, 0, offsetof(struct st_h2o_socket_ssl_t, output.pool));
/* setup the buffers; sock->input should be empty, sock->ssl->input.encrypted should contain the initial input, if any */
h2o_buffer_init(&sock->ssl->input.encrypted, &h2o_socket_buffer_prototype);
if (sock->input->size != 0) {
h2o_buffer_t *tmp = sock->input;
sock->input = sock->ssl->input.encrypted;
sock->ssl->input.encrypted = tmp;
}
h2o_mem_init_pool(&sock->ssl->output.pool);
create_ssl(sock, ssl_ctx);
sock->ssl->handshake.cb = handshake_cb;
if (server_name == NULL) {
/* is server */
if (SSL_CTX_sess_get_get_cb(ssl_ctx) != NULL)
sock->ssl->handshake.server.async_resumption.state = ASYNC_RESUMPTION_STATE_RECORD;
if (sock->ssl->input.encrypted->size != 0)
proceed_handshake(sock, 0);
else
h2o_socket_read_start(sock, proceed_handshake);
} else {
sock->ssl->handshake.client.server_name = h2o_strdup(NULL, server_name, SIZE_MAX).base;
SSL_set_tlsext_host_name(sock->ssl->ssl, sock->ssl->handshake.client.server_name);
proceed_handshake(sock, 0);
}
}示例2: swClient_ssl_handshake
int swClient_ssl_handshake(swClient *cli)
{
if (!cli->socket->ssl)
{
if (swSSL_create(cli->socket, cli->ssl_context, SW_SSL_CLIENT) < 0)
{
return SW_ERR;
}
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (cli->ssl_option.tls_host_name)
{
SSL_set_tlsext_host_name(cli->socket->ssl, cli->ssl_option.tls_host_name);
}
#endif
}
if (swSSL_connect(cli->socket) < 0)
{
return SW_ERR;
}
if (cli->socket->ssl_state == SW_SSL_STATE_READY && cli->ssl_option.verify_peer)
{
if (swClient_ssl_verify(cli, cli->ssl_option.allow_self_signed) < 0)
{
return SW_ERR;
}
}
return SW_OK;
}示例3: HsOpenSSL_SSL_set_tlsext_host_name
/* OpenSSL < 1.0.0 does not have SSL_set_tlsext_host_name() */
long HsOpenSSL_SSL_set_tlsext_host_name(SSL* ssl, char* host_name) {
#if defined(SSL_set_tlsext_host_name)
return SSL_set_tlsext_host_name(ssl, host_name);
#else
return 0;
#endif
}示例4: stream_enable_ssl
/* Initiate an SSL handshake on this stream and encrypt all subsequent data */
int stream_enable_ssl(PTSTREAM *pts) {
#ifdef USE_SSL
SSL *ssl;
SSL_CTX *ctx;
int ret;
/* Initialise the connection */
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
ctx = SSL_CTX_new (SSLv3_client_method());
ssl = SSL_new (ctx);
if (args_info.verbose_flag) {
message("Set SNI hostname to %s\n", args_info.proxyhost_arg);
}
ret = SSL_set_tlsext_host_name(ssl, args_info.proxyhost_arg);
if (!ret) {
message("TLS SNI error, giving up: SSL_set_tlsext_host_name failed\n");
exit(1);
}
SSL_set_rfd (ssl, stream_get_incoming_fd(pts));
SSL_set_wfd (ssl, stream_get_outgoing_fd(pts));
SSL_connect (ssl);
/* Store ssl and ctx parameters */
pts->ssl = ssl;
pts->ctx = ctx;
#else
message("Warning: stream_open(): SSL stream requested but no SSL support available; using unencrypted connection");
#endif /* USE_SSL */
return 1;
}示例5: ssl_connect_wget
bool
ssl_connect_wget (int fd, const char *hostname)
{
SSL *conn;
struct scwt_context scwt_ctx;
struct openssl_transport_context *ctx;
DEBUGP (("Initiating SSL handshake.\n"));
assert (ssl_ctx != NULL);
conn = SSL_new (ssl_ctx);
if (!conn)
goto error;
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
/* If the SSL library was build with support for ServerNameIndication
then use it whenever we have a hostname. If not, don't, ever. */
if (! is_valid_ip_address (hostname))
{
if (! SSL_set_tlsext_host_name (conn, hostname))
{
DEBUGP (("Failed to set TLS server-name indication."));
goto error;
}
}
#endif
#ifndef FD_TO_SOCKET
# define FD_TO_SOCKET(X) (X)
#endif
if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
goto error;
SSL_set_connect_state (conn);
scwt_ctx.ssl = conn;
if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback,
&scwt_ctx)) {
DEBUGP (("SSL handshake timed out.\n"));
goto timeout;
}
if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK)
goto error;
ctx = xnew0 (struct openssl_transport_context);
ctx->conn = conn;
/* Register FD with Wget's transport layer, i.e. arrange that our
functions are used for reading, writing, and polling. */
fd_register_transport (fd, &openssl_transport, ctx);
DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n",
fd, PTR_FORMAT (conn)));
return true;
error:
DEBUGP (("SSL handshake failed.\n"));
print_errors ();
timeout:
if (conn)
SSL_free (conn);
return false;
}示例6: configure_handshake_ssl
/* Configure per-SSL callbacks and other properties. */
static void configure_handshake_ssl(SSL *server, SSL *client,
const SSL_TEST_EXTRA_CONF *extra)
{
if (extra->client.servername != SSL_TEST_SERVERNAME_NONE)
SSL_set_tlsext_host_name(client,
ssl_servername_name(extra->client.servername));
}示例7: np_net_ssl_init_with_hostname
int np_net_ssl_init_with_hostname (int sd, char *host_name) {
if (!initialized) {
/* Initialize SSL context */
SSLeay_add_ssl_algorithms ();
SSL_load_error_strings ();
OpenSSL_add_all_algorithms ();
initialized = 1;
}
if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) {
printf ("%s\n", _("CRITICAL - Cannot create SSL context."));
return STATE_CRITICAL;
}
if ((s = SSL_new (c)) != NULL){
#ifdef SSL_set_tlsext_host_name
if (host_name != NULL)
SSL_set_tlsext_host_name(s, host_name);
#endif
SSL_set_fd (s, sd);
if (SSL_connect(s) == 1){
return OK;
} else {
printf ("%s\n", _("CRITICAL - Cannot make SSL connection "));
# ifdef USE_OPENSSL /* XXX look into ERR_error_string */
ERR_print_errors_fp (stdout);
# endif /* USE_OPENSSL */
}
} else {
printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
}
return STATE_CRITICAL;
}示例8: ASSERT
CSSLSession* CSSLSession::Renew(const CSSLContext& sslCtx, LPCSTR lpszHostName)
{
ASSERT(!IsValid());
m_ssl = SSL_new(sslCtx.GetDefaultContext());
m_bioSend = BIO_new(BIO_s_mem());
m_bioRecv = BIO_new(BIO_s_mem());
SSL_set_bio(m_ssl, m_bioRecv, m_bioSend);
if(sslCtx.GetSessionMode() == SSL_SM_SERVER)
SSL_accept(m_ssl);
else
{
USES_CONVERSION;
if(lpszHostName && lpszHostName[0] != 0 && !::IsIPAddress(A2CT(lpszHostName)))
SSL_set_tlsext_host_name(m_ssl, lpszHostName);
SSL_connect(m_ssl);
}
m_pitSend = m_itPool.PickFreeItem();
m_pitRecv = m_itPool.PickFreeItem();
m_bufSend.buf = (char*)m_pitSend->Ptr();
m_bufRecv.buf = (char*)m_pitRecv->Ptr();
m_enStatus = SSL_HSS_PROC;
return this;
}示例9: SSL_free
status_t
BSecureSocket::_SetupCommon(const char* host)
{
// Do this only after BSocket::Connect has checked wether we're already
// connected. We don't want to kill an existing SSL session, as that would
// likely crash the protocol loop for it.
if (fPrivate->fSSL != NULL) {
SSL_free(fPrivate->fSSL);
}
fPrivate->fSSL = SSL_new(BSecureSocket::Private::Context());
if (fPrivate->fSSL == NULL) {
BSocket::Disconnect();
return B_NO_MEMORY;
}
BIO_set_fd(fPrivate->fBIO, fSocket, BIO_NOCLOSE);
SSL_set_bio(fPrivate->fSSL, fPrivate->fBIO, fPrivate->fBIO);
SSL_set_ex_data(fPrivate->fSSL, Private::sDataIndex, this);
if (host != NULL) {
BString hostString = host;
if (hostString != "")
SSL_set_tlsext_host_name(fPrivate->fSSL, host);
}
return B_OK;
}示例10: openssl_connect
int openssl_connect(git_stream *stream)
{
int ret;
BIO *bio;
openssl_stream *st = (openssl_stream *) stream;
if ((ret = git_stream_connect(st->io)) < 0)
return ret;
st->connected = true;
bio = BIO_new(&git_stream_bio_method);
GITERR_CHECK_ALLOC(bio);
bio->ptr = st->io;
SSL_set_bio(st->ssl, bio, bio);
/* specify the host in case SNI is needed */
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name(st->ssl, st->host);
#endif
if ((ret = SSL_connect(st->ssl)) <= 0)
return ssl_set_error(st->ssl, ret);
return verify_server_cert(st->ssl, st->host);
}示例11: configure_handshake_ssl
/* Configure per-SSL callbacks and other properties. */
static void configure_handshake_ssl(SSL *server, SSL *client,
const SSL_TEST_CTX *test_ctx)
{
if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE)
SSL_set_tlsext_host_name(client,
ssl_servername_name(test_ctx->servername));
}示例12: server_setup_sni
static int server_setup_sni(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
/* set SNI at server side */
SSL_set_tlsext_host_name(serverssl, host);
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (!TEST_ptr_null(SSL_get_servername(serverssl,
TLSEXT_NAMETYPE_host_name))) {
/* SNI should have been cleared during handshake */
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}示例13: init_ssl_socket
static int init_ssl_socket( pn_ssl_t *ssl )
{
if (ssl->ssl) return 0;
if (!ssl->domain) return -1;
ssl->ssl = SSL_new(ssl->domain->ctx);
if (!ssl->ssl) {
_log_error( "SSL socket setup failure.\n" );
return -1;
}
// store backpointer to pn_ssl_t in SSL object:
SSL_set_ex_data(ssl->ssl, ssl_ex_data_index, ssl);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (ssl->peer_hostname && ssl->domain->mode == PN_SSL_MODE_CLIENT) {
SSL_set_tlsext_host_name(ssl->ssl, ssl->peer_hostname);
}
#endif
// restore session, if available
if (ssl->session_id) {
pn_ssl_session_t *ssn = ssn_cache_find( ssl->domain, ssl->session_id );
if (ssn) {
_log( ssl, "Restoring previous session id=%s\n", ssn->id );
int rc = SSL_set_session( ssl->ssl, ssn->session );
if (rc != 1) {
_log( ssl, "Session restore failed, id=%s\n", ssn->id );
}
LL_REMOVE( ssl->domain, ssn_cache, ssn );
ssl_session_free( ssn );
}
}
// now layer a BIO over the SSL socket
ssl->bio_ssl = BIO_new(BIO_f_ssl());
if (!ssl->bio_ssl) {
_log_error( "BIO setup failure.\n" );
return -1;
}
(void)BIO_set_ssl(ssl->bio_ssl, ssl->ssl, BIO_NOCLOSE);
// create the "lower" BIO "pipe", and attach it below the SSL layer
if (!BIO_new_bio_pair(&ssl->bio_ssl_io, 0, &ssl->bio_net_io, 0)) {
_log_error( "BIO setup failure.\n" );
return -1;
}
SSL_set_bio(ssl->ssl, ssl->bio_ssl_io, ssl->bio_ssl_io);
if (ssl->domain->mode == PN_SSL_MODE_SERVER) {
SSL_set_accept_state(ssl->ssl);
BIO_set_ssl_mode(ssl->bio_ssl, 0); // server mode
_log( ssl, "Server SSL socket created.\n" );
} else { // client mode
SSL_set_connect_state(ssl->ssl);
BIO_set_ssl_mode(ssl->bio_ssl, 1); // client mode
_log( ssl, "Client SSL socket created.\n" );
}
return 0;
}示例14: ssl_open
int ssl_open(http_t *client, char *msg)
{
char buf[256];
const char *sn;
X509 *cert;
if (!client->ssl_enabled)
return tcp_init(&client->tcp, msg);
tcp_set_port(&client->tcp, HTTPS_DEFAULT_PORT);
DO(tcp_init(&client->tcp, msg));
logit(LOG_INFO, "%s, initiating HTTPS ...", msg);
client->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (!client->ssl_ctx)
return RC_HTTPS_OUT_OF_MEMORY;
/* POODLE, only allow TLSv1.x or later */
SSL_CTX_set_options(client->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
SSL_CTX_set_verify(client->ssl_ctx, SSL_VERIFY_PEER, verify_callback);
SSL_CTX_set_verify_depth(client->ssl_ctx, 150);
/* Try to figure out location of trusted CA certs on system */
if (ssl_set_ca_location(client))
return RC_HTTPS_NO_TRUSTED_CA_STORE;
client->ssl = SSL_new(client->ssl_ctx);
if (!client->ssl)
return RC_HTTPS_OUT_OF_MEMORY;
/* SSL SNI support: tell the servername we want to speak to */
http_get_remote_name(client, &sn);
if (!SSL_set_tlsext_host_name(client->ssl, sn))
return RC_HTTPS_SNI_ERROR;
SSL_set_fd(client->ssl, client->tcp.ip.socket);
if (-1 == SSL_connect(client->ssl))
return RC_HTTPS_FAILED_CONNECT;
logit(LOG_INFO, "SSL connection using %s", SSL_get_cipher(client->ssl));
cert = SSL_get_peer_certificate(client->ssl);
if (!cert)
return RC_HTTPS_FAILED_GETTING_CERT;
if (SSL_get_verify_result(client->ssl) == X509_V_OK)
logit(LOG_DEBUG, "Certificate OK");
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
logit(LOG_INFO, "SSL server cert subject: %s", buf);
X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
logit(LOG_INFO, "SSL server cert issuer: %s", buf);
X509_free(cert);
return 0;
}示例15: SSL_set_tlsext_host_name
bool KSSLSocket::setHostName(const char *hostname)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name(ssl,hostname);
return true;
#else
return false;
#endif
}