本文整理汇总了C++中SSL_set_verify函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_set_verify函数的具体用法?C++ SSL_set_verify怎么用?C++ SSL_set_verify使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_set_verify函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: dtls_flow_start
int dtls_flow_start(struct dtls_flow *flow, const struct sa *peer, bool active)
{
int r, err = 0;
if (!flow || !peer)
return EINVAL;
flow->peer = *peer;
if (active) {
r = SSL_connect(flow->ssl);
if (r < 0) {
int ssl_err = SSL_get_error(flow->ssl, r);
ERR_clear_error();
if (ssl_err != SSL_ERROR_WANT_READ) {
warning("dtls: SSL_connect() failed"
" (err=%d)\n", ssl_err);
}
}
check_timer(flow);
}
else {
SSL_set_accept_state(flow->ssl);
SSL_set_verify_depth(flow->ssl, 0);
SSL_set_verify(flow->ssl,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
verify_callback);
}
return err;
}示例2: er_dtls_connection_set_property
static void er_dtls_connection_set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec)
{
ErDtlsConnection *self = ER_DTLS_CONNECTION(object);
ErDtlsAgent *agent;
ErDtlsConnectionPrivate *priv = self->priv;
SSL_CTX *ssl_context;
switch (prop_id) {
case PROP_AGENT:
g_return_if_fail(!priv->ssl);
agent = ER_DTLS_AGENT(g_value_get_object(value));
g_return_if_fail(ER_IS_DTLS_AGENT(agent));
ssl_context = _er_dtls_agent_peek_context(agent);
priv->ssl = SSL_new(ssl_context);
g_return_if_fail(priv->ssl);
priv->bio = BIO_new(BIO_s_er_dtls_connection());
g_return_if_fail(priv->bio);
priv->bio->ptr = self;
SSL_set_bio(priv->ssl, priv->bio, priv->bio);
SSL_set_verify(priv->ssl,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, openssl_verify_callback);
SSL_set_ex_data(priv->ssl, connection_ex_index, self);
log_state(self, "connection created");
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(self, prop_id, pspec);
}
}示例3: DBUG_ENTER
/*
allocates a new ssl object
SYNOPSIS
my_ssl_init
mysql connection object
RETURN VALUES
NULL on error
SSL new SSL object
*/
SSL *my_ssl_init(MYSQL *mysql)
{
int verify;
SSL *ssl= NULL;
DBUG_ENTER("my_ssl_init");
DBUG_ASSERT(mysql->net.vio->ssl == NULL);
if (!my_ssl_initialized)
my_ssl_start(mysql);
if (!(ssl= SSL_new(SSL_context)))
goto error;
if (!SSL_set_app_data(ssl, mysql))
goto error;
if (my_ssl_set_certs(ssl))
goto error;
verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ?
SSL_VERIFY_NONE : SSL_VERIFY_PEER;
SSL_set_verify(ssl, verify, my_verify_callback);
SSL_set_verify_depth(ssl, 1);
DBUG_RETURN(ssl);
error:
if (ssl)
SSL_free(ssl);
DBUG_RETURN(NULL);
} 示例4: engine_init_server
VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
VALUE obj;
SSL_CTX* ctx;
SSL* ssl;
ms_conn* conn = engine_alloc(self, &obj);
ID sym_key = rb_intern("key");
VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);
ID sym_cert = rb_intern("cert");
VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);
ID sym_ca = rb_intern("ca");
VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);
ID sym_verify_mode = rb_intern("verify_mode");
VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
ctx = SSL_CTX_new(SSLv23_server_method());
conn->ctx = ctx;
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
if (!NIL_P(ca)) {
SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
}
SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_cipher_list(ctx, "HIGH:[email protected]");
DH *dh = get_dh1024();
SSL_CTX_set_tmp_dh(ctx, dh);
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
if (ecdh) {
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
EC_KEY_free(ecdh);
}
#endif
ssl = SSL_new(ctx);
conn->ssl = ssl;
SSL_set_app_data(ssl, NULL);
if (NIL_P(verify_mode)) {
/* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */
} else {
SSL_set_verify(ssl, NUM2INT(verify_mode), engine_verify_callback);
}
SSL_set_bio(ssl, conn->read, conn->write);
SSL_set_accept_state(ssl);
return obj;
}示例5: upscli_sslcert
/* set the paths for the certs to verify the server */
int upscli_sslcert(UPSCONN *ups, const char *file, const char *path, int verify)
{
int ret, ssl_mode = SSL_VERIFY_NONE;
if (!ups)
return -1;
if (!ups->ssl_ctx) {
ups->upserror = UPSCLI_ERR_INVALIDARG;
return -1;
}
switch(verify) {
case 0: ssl_mode = SSL_VERIFY_NONE; break;
case 1: ssl_mode = SSL_VERIFY_PEER; break;
default:
ups->upserror = UPSCLI_ERR_INVALIDARG;
return -1;
}
ret = SSL_CTX_load_verify_locations(ups->ssl_ctx, file, path);
if (ret != 1) {
ups->upserror = UPSCLI_ERR_SSLERR;
return -1;
}
SSL_set_verify(ups->ssl, ssl_mode, NULL);
return 1;
}示例6: checkSSL
bool SSLSocket::waitAccepted(uint64_t millis) {
if(!ssl) {
if(!Socket::waitAccepted(millis)) {
return false;
}
ssl.reset(SSL_new(ctx));
if(!ssl)
checkSSL(-1);
if(!verifyData) {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
} else SSL_set_ex_data(ssl, CryptoManager::idxVerifyData, verifyData.get());
checkSSL(SSL_set_fd(ssl, static_cast<int>(getSock())));
}
if(SSL_is_init_finished(ssl)) {
return true;
}
while(true) {
int ret = SSL_accept(ssl);
if(ret == 1) {
dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl));
return true;
}
if(!waitWant(ret, millis)) {
return false;
}
}
}示例7: bIsServer
SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
bIsServer (is_server),
bHandshakeCompleted (false),
bVerifyPeer (verify_peer),
pSSL (NULL),
pbioRead (NULL),
pbioWrite (NULL)
{
/* TODO someday: make it possible to re-use SSL contexts so we don't have to create
* a new one every time we come here.
*/
Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
assert (Context);
pbioRead = BIO_new (BIO_s_mem());
assert (pbioRead);
pbioWrite = BIO_new (BIO_s_mem());
assert (pbioWrite);
pSSL = SSL_new (Context->pCtx);
assert (pSSL);
SSL_set_bio (pSSL, pbioRead, pbioWrite);
// Store a pointer to the binding signature in the SSL object so we can retrieve it later
SSL_set_ex_data(pSSL, 0, (void*) binding);
if (bVerifyPeer)
SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
if (!bIsServer)
SSL_connect (pSSL);
}示例8: throw
SSLClient::SSLClient(int sock, SSLClient::ERole role, const SSLConfig &ctx)
throw(SocketConnectionClosed, SSLError)
: SSLSocket(ctx), TCPSocket::TCPSocket(sock)
{
m_SSL = SSL_new(m_CTX);
SSL_set_mode(m_SSL, SSL_MODE_AUTO_RETRY);
m_BIO = BIO_new_socket(GetSocket(), BIO_NOCLOSE);
SSL_set_bio(m_SSL, m_BIO, m_BIO);
switch(role)
{
case SSLClient::CLIENT:
if(SSL_connect(m_SSL) < 0)
throw SSLError("Connect error");
break;
case SSLClient::SERVER_FORCE_CERT:
SSL_set_verify(m_SSL,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
0);
case SSLClient::SERVER:
{
if(SSL_accept(m_SSL) < 0)
throw SSLError("Accept error");
}
break;
}
}示例9: SSL_clear
int AC_CLD_Connector::connect_svc_handler
(AC_Output_Handler *&svc_handler,
const ACE_SOCK_Connector::PEER_ADDR &remote_addr,
ACE_Time_Value *timeout,
const ACE_SOCK_Connector::PEER_ADDR &local_addr,
int reuse_addr, int flags, int perms) {
if (PARENT::connect_svc_handler
(svc_handler, remote_addr, timeout,
local_addr, reuse_addr, flags, perms) == -1) return -1;
SSL_clear (ssl_);
#if defined (ACE_WIN32)
// ACE_WIN32 is the only platform where ACE_HANDLE is not an int.
// See ace/config-lite.h for the typedefs.
SSL_set_fd (ssl_,
reinterpret_cast<int> (svc_handler->get_handle ()));
#else
SSL_set_fd (ssl_, svc_handler->get_handle ());
#endif /* ACE_WIN32 */
SSL_set_verify (ssl_, SSL_VERIFY_PEER, 0);
if (SSL_connect (ssl_) == -1
|| SSL_shutdown (ssl_) == -1) return -1;
remote_addr_ = remote_addr;
return 0;
}示例10: openssl_iostream_set
static int
openssl_iostream_set(struct ssl_iostream *ssl_io,
const struct ssl_iostream_settings *set,
const char **error_r)
{
const struct ssl_iostream_settings *ctx_set = ssl_io->ctx->set;
int verify_flags;
if (set->verbose)
SSL_set_info_callback(ssl_io->ssl, openssl_info_callback);
if (set->cipher_list != NULL &&
strcmp(ctx_set->cipher_list, set->cipher_list) != 0) {
if (!SSL_set_cipher_list(ssl_io->ssl, set->cipher_list)) {
*error_r = t_strdup_printf(
"Can't set cipher list to '%s': %s",
set->cipher_list, openssl_iostream_error());
return -1;
}
}
if (set->protocols != NULL) {
SSL_clear_options(ssl_io->ssl, OPENSSL_ALL_PROTOCOL_OPTIONS);
SSL_set_options(ssl_io->ssl,
openssl_get_protocol_options(set->protocols));
}
if (set->cert != NULL && strcmp(ctx_set->cert, set->cert) != 0) {
if (openssl_iostream_use_certificate(ssl_io, set->cert, error_r) < 0)
return -1;
}
if (set->key != NULL && strcmp(ctx_set->key, set->key) != 0) {
if (openssl_iostream_use_key(ssl_io, set, error_r) < 0)
return -1;
}
if (set->verify_remote_cert) {
if (ssl_io->ctx->client_ctx)
verify_flags = SSL_VERIFY_NONE;
else
verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
SSL_set_verify(ssl_io->ssl, verify_flags,
openssl_iostream_verify_client_cert);
}
if (set->cert_username_field != NULL) {
ssl_io->username_nid = OBJ_txt2nid(set->cert_username_field);
if (ssl_io->username_nid == NID_undef) {
*error_r = t_strdup_printf(
"Invalid cert_username_field: %s",
set->cert_username_field);
return -1;
}
} else {
ssl_io->username_nid = ssl_io->ctx->username_nid;
}
ssl_io->verbose = set->verbose;
ssl_io->verbose_invalid_cert = set->verbose_invalid_cert || set->verbose;
ssl_io->require_valid_cert = set->require_valid_cert;
return 0;
}示例11: krypt_set_rsa
// XXX Clean up this function, we MUST handle all errors possible
int krypt_set_rsa(krypt_t *kconn)
{
if (kconn->security_level == KRYPT_RSA) {
jlog(L_NOTICE, "the security level is already set to RSA");
return 0;
}
SSL_set_cipher_list(kconn->ssl, "AES256-SHA");
// Load the trusted certificate store into our SSL_CTX
SSL_CTX_set_cert_store(kconn->ctx, kconn->passport->trusted_authority);
// Force the peer cert verifying + fail if no cert is sent by the peer
SSL_set_verify(kconn->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback);
// Set the certificate and key
SSL_use_certificate(kconn->ssl, kconn->passport->certificate);
SSL_use_PrivateKey(kconn->ssl, kconn->passport->keyring);
if (kconn->conn_type == KRYPT_SERVER) {
jlog(L_NOTICE, "set verify");
// Change the session id to avoid resuming ADH session
SSL_set_session_id_context(kconn->ssl, (void*)&s_server_auth_session_id_context,
sizeof(s_server_auth_session_id_context));
}
kconn->security_level = KRYPT_RSA;
return 0;
}示例12: spice_openssl_verify_new
SpiceOpenSSLVerify* spice_openssl_verify_new(SSL *ssl, SPICE_SSL_VERIFY_OP verifyop,
const char *hostname,
const char *pubkey, size_t pubkey_size,
const char *subject)
{
SpiceOpenSSLVerify *v;
if (!verifyop)
return NULL;
v = spice_new0(SpiceOpenSSLVerify, 1);
v->ssl = ssl;
v->verifyop = verifyop;
v->hostname = spice_strdup(hostname);
v->pubkey = (char*)spice_memdup(pubkey, pubkey_size);
v->pubkey_size = pubkey_size;
v->subject = spice_strdup(subject);
v->all_preverify_ok = 1;
SSL_set_app_data(ssl, v);
SSL_set_verify(ssl,
SSL_VERIFY_PEER, openssl_verify);
return v;
}示例13: tnet_dtls_socket_create
tnet_dtls_socket_handle_t* tnet_dtls_socket_create(struct tnet_socket_s* wrapped_sock, struct ssl_ctx_st* ssl_ctx)
{
#if !HAVE_OPENSSL || !HAVE_OPENSSL_DTLS
TSK_DEBUG_ERROR("OpenSSL or DTLS not enabled");
return tsk_null;
#else
tnet_dtls_socket_t* socket;
if (!wrapped_sock || !ssl_ctx){
TSK_DEBUG_ERROR("Invalid parameter");
return tsk_null;
}
if ((socket = tsk_object_new(tnet_dtls_socket_def_t))) {
const tsk_bool_t set_mtu = TNET_SOCKET_TYPE_IS_DGRAM(wrapped_sock->type) || 1; //!\ This is required even if the local transport is TCP/TLS because the relayed (TURN) transport could be UDP
socket->wrapped_sock = tsk_object_ref(wrapped_sock);
if (!(socket->ssl = SSL_new(ssl_ctx))) {
TSK_DEBUG_ERROR("SSL_new(CTX) failed [%s]", ERR_error_string(ERR_get_error(), tsk_null));
TSK_OBJECT_SAFE_FREE(socket);
return tsk_null;
}
if (set_mtu) {
SSL_set_options(socket->ssl, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(socket->ssl, TNET_DTLS_MTU - 28);
socket->ssl->d1->mtu = TNET_DTLS_MTU - 28;
}
if (!(socket->rbio = BIO_new(BIO_s_mem())) || !(socket->wbio = BIO_new(BIO_s_mem()))){
TSK_DEBUG_ERROR("BIO_new_socket(%d) failed [%s]", socket->wrapped_sock->fd, ERR_error_string(ERR_get_error(), tsk_null));
if (socket->rbio){
BIO_free(socket->rbio);
}
if (socket->wbio){
BIO_free(socket->wbio);
}
TSK_OBJECT_SAFE_FREE(socket);
return tsk_null;
}
BIO_set_mem_eof_return(socket->rbio, -1);
BIO_set_mem_eof_return(socket->wbio, -1);
SSL_set_bio(socket->ssl, socket->rbio, socket->wbio);
SSL_set_mode(socket->ssl, SSL_MODE_AUTO_RETRY);
SSL_set_read_ahead(socket->ssl, 1);
if (set_mtu) {
BIO_ctrl(SSL_get_wbio(socket->ssl), BIO_CTRL_DGRAM_SET_MTU, TNET_DTLS_MTU - 28, NULL);
}
if ((socket->verify_peer = (SSL_CTX_get_verify_mode(ssl_ctx) != SSL_VERIFY_NONE))){
TSK_DEBUG_INFO("SSL cert verify: ON");
socket->verify_peer = tsk_true;
SSL_set_verify(socket->ssl, (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), _tnet_dtls_verify_cert);
}
else {
TSK_DEBUG_ERROR("Verity not enabled");
}
SSL_set_app_data(socket->ssl, socket);
}
return socket;
#endif
}示例14: talloc_zero
/** Create a new client TLS session
*
* Configures a new client TLS session, configuring options, setting callbacks etc...
*
* @param ctx to alloc session data in. Should usually be NULL unless the lifetime of the
* session is tied to another talloc'd object.
* @param conf values for this TLS session.
* @return
* - A new session on success.
* - NULL on error.
*/
tls_session_t *tls_session_init_client(TALLOC_CTX *ctx, fr_tls_conf_t *conf)
{
int ret;
int verify_mode;
tls_session_t *session = NULL;
REQUEST *request;
session = talloc_zero(ctx, tls_session_t);
if (!session) return NULL;
talloc_set_destructor(session, _tls_session_free);
session->ctx = conf->ctx[(conf->ctx_count == 1) ? 0 : conf->ctx_next++ % conf->ctx_count]; /* mutex not needed */
rad_assert(session->ctx);
session->ssl = SSL_new(session->ctx);
if (!session->ssl) {
talloc_free(session);
return NULL;
}
request = request_alloc(session);
SSL_set_ex_data(session->ssl, FR_TLS_EX_INDEX_REQUEST, (void *)request);
/*
* Add the message callback to identify what type of
* message/handshake is passed
*/
SSL_set_msg_callback(session->ssl, tls_session_msg_cb);
SSL_set_msg_callback_arg(session->ssl, session);
SSL_set_info_callback(session->ssl, tls_session_info_cb);
/*
* Always verify the peer certificate.
*/
DEBUG2("Requiring Server certificate");
verify_mode = SSL_VERIFY_PEER;
verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_set_verify(session->ssl, verify_mode, tls_validate_cert_cb);
SSL_set_ex_data(session->ssl, FR_TLS_EX_INDEX_CONF, (void *)conf);
SSL_set_ex_data(session->ssl, FR_TLS_EX_INDEX_TLS_SESSION, (void *)session);
ret = SSL_connect(session->ssl);
if (ret <= 0) {
tls_log_io_error(NULL, session, ret, "Failed in SSL_connect");
talloc_free(session);
return NULL;
}
session->mtu = conf->fragment_size;
return session;
}示例15: ldappeerchain_tls_cb
/// TLS callback function
void ldappeerchain_tls_cb(LDAP * ld, SSL * ssl, SSL_CTX * ctx, void * arg)
{
ld = NULL;
*((SSL **)arg) = ssl;
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
return;
}