const SSL_METHOD *anubis_string_to_SSL_METOHD(const char *method, int role) {
    if(!method)
        return NULL;
    
    if(!strcasecmp(method, "SSLv23"))
        return role == ANUBIS_ROLE_SERVER ?
        SSLv23_server_method() :
        role == ANUBIS_ROLE_CLIENT ? SSLv23_client_method() : NULL;
#ifndef OPENSSL_NO_SSL2_METHOD
    if(!strcasecmp(method, "SSLv2"))
        return role == ANUBIS_ROLE_SERVER ?
        SSLv3_server_method() :
        role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL;
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
    if(!strcasecmp(method, "SSLv3"))
        return role == ANUBIS_ROLE_SERVER ?
        SSLv3_server_method() :
        role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL;
#endif
    if(!strcasecmp(method, "TLSv1.0"))
        return role == ANUBIS_ROLE_SERVER ?
        TLSv1_server_method() :
        role == ANUBIS_ROLE_CLIENT ? TLSv1_client_method() : NULL;
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
    if(!strcasecmp(method, "TLSv1.1"))
        return role == ANUBIS_ROLE_SERVER ?
        TLSv1_1_server_method() :
        role == ANUBIS_ROLE_CLIENT ? TLSv1_1_client_method() : NULL;
    if(!strcasecmp(method, "TLSv1.2"))
        return role == ANUBIS_ROLE_SERVER ?
        TLSv1_2_server_method() :
        role == ANUBIS_ROLE_CLIENT ? TLSv1_2_client_method() : NULL;
#endif
    
    /*
    if(!strcasecmp(method, "DTLS1.0"))
        return role == ANUBIS_ROLE_SERVER ?
        DTLSv1_server_method() :
        role == ANUBIS_ROLE_CLIENT ? DTLSv1_client_method() : NULL;
    if(!strcasecmp(method, "DTLS1.2"))
        return role == ANUBIS_ROLE_SERVER ?
        DTLSv1_2_server_method() :
        role == ANUBIS_ROLE_CLIENT ? DTLSv1_2_client_method() : NULL;
    if(!strcasecmp(method, "DTLS"))
        return role == ANUBIS_ROLE_SERVER ?
        DTLS_server_method() :
        role == ANUBIS_ROLE_CLIENT ? DTLS_client_method() : NULL;
     */
    
    return NULL;
}//end anubis_string_to_SSL_METOHD
Beispiel #2
0
/**
 * @desc Initialize OpenSSL lib
 * @throw Char *
 */
void IOSocketSSL::initSSL(const bool force_server_method = false) {

	TRACE_CALL();

	SSL_load_error_strings();
	ERR_load_BIO_strings();
	OpenSSL_add_all_algorithms();
	OpenSSL_add_ssl_algorithms();

	switch (socket_t) {
		case IOSOCKET_LISTEN_T:
			ctx = SSL_CTX_new(SSLv3_server_method());
			break;

		case IOSOCKET_CONNECT_T:
			if (force_server_method)
				ctx = SSL_CTX_new(SSLv3_server_method());
			else
				ctx = SSL_CTX_new(SSLv3_client_method());
			break;

		default:
			/* Shouln't happen, mother class constructor should have thrown
			 * an exception earlier */
			throw("Unknown socket type");
			break;
	}

	/**
	 * Should use a loop on ERR_get_error()
	 * to retrieve the whole error process
	 */
	if (ctx == NULL)
		throw(new_SSL_error("initializing ssl context"));

	if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) != 1)
		throw(new_SSL_error("loading cert file"));

	if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) != 1)
		throw(new_SSL_error("loading private key file"));

	if (SSL_CTX_check_private_key(ctx) != 1)
		throw(new_SSL_error("verifying private key"));

	/* Don't bother with renego */
	SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

	init_ssl = true;
}
Beispiel #3
0
const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
{
   const SSL_METHOD * p;

   switch( n )
   {
#if OPENSSL_VERSION_NUMBER < 0x10000000L
      case HB_SSL_CTX_NEW_METHOD_SSLV2:         p = SSLv2_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER:  p = SSLv2_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT:  p = SSLv2_client_method();  break;
#endif
      case HB_SSL_CTX_NEW_METHOD_SSLV3:         p = SSLv3_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER:  p = SSLv3_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT:  p = SSLv3_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1:         p = TLSv1_method();         break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER:  p = TLSv1_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT:  p = TLSv1_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
      default: p = SSLv23_method();
   }

   return p;
}
Beispiel #4
0
SSL_CTX *
_SSL_context_init (void (*info_cb_func), int server)
{
	SSL_CTX *ctx;
#ifdef WIN32
	int i, r;
#endif

	SSLeay_add_ssl_algorithms ();
	SSL_load_error_strings ();
	ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());

	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
	SSL_CTX_set_timeout (ctx, 300);

	/* used in SSL_connect(), SSL_accept() */
	SSL_CTX_set_info_callback (ctx, info_cb_func);

#ifdef WIN32
	/* under win32, OpenSSL needs to be seeded with some randomness */
	for (i = 0; i < 128; i++)
	{
		r = rand ();
		RAND_seed ((unsigned char *)&r, sizeof (r));
	}
#endif

	return(ctx);
}
Beispiel #5
0
SSL_CTX* InitServerCTX(void)
{
    const SSL_METHOD *method;
    SSL_CTX *ctx;
    char server_key[] = "server.key";
    char server_crt[] = "server.crt";

    SSL_library_init(); /* this functions always returns 1. */

    OpenSSL_add_all_algorithms();  /* void return values */
    SSL_load_error_strings();

    if((method = SSLv3_server_method()) == NULL)
    {
        ERR_print_errors_fp(stderr);
        abort();
    }

    if((ctx = SSL_CTX_new(method)) == NULL)
    {
        ERR_print_errors_fp(stderr);
        abort();
    }

    LoadCertificates(ctx, server_crt, server_key); /* load certs */
    return ctx;
}
Beispiel #6
0
SSL_METHOD *sycSSLv3_server_method(void) {
   SSL_METHOD *result;
   Debug("SSLv3_server_method()");
   result = SSLv3_server_method();
   Debug1("SSLv3_server_method() -> %p", result);
   return result;
}
Beispiel #7
0
static int _init_server(OpenSSL * openssl, char const * name)
{
	String * crt;
	struct sockaddr_in sa;

	if((crt = string_new_append(SYSCONFDIR, "/AppServer/", name, ".crt"))
			== NULL)
		return -1;
	if((openssl->ssl_ctx = SSL_CTX_new(SSLv3_server_method())) == NULL
			|| SSL_CTX_set_cipher_list(openssl->ssl_ctx,
				SSL_DEFAULT_CIPHER_LIST) != 1
			|| SSL_CTX_use_certificate_file(openssl->ssl_ctx, crt,
				SSL_FILETYPE_PEM) == 0
			|| SSL_CTX_use_PrivateKey_file(openssl->ssl_ctx, crt,
				SSL_FILETYPE_PEM) == 0)
	{
		string_delete(crt);
		return -_openssl_error_ssl(1);
	}
	string_delete(crt);
	if((openssl->fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
		return -_openssl_error("socket", 1);
	sa.sin_family = AF_INET;
	sa.sin_port = htons(4242); /* XXX hard-coded */
	sa.sin_addr.s_addr = htonl(INADDR_ANY);
	if(bind(openssl->fd, (struct sockaddr *)&sa, sizeof(sa)) != 0)
		return -_openssl_error("bind", 1);
	if(listen(openssl->fd, 5) != 0)
		return -_openssl_error("listen", 1);
	event_register_io_read(openssl->helper->event, openssl->fd,
			(EventIOFunc)_openssl_callback_accept, openssl);
	return 0;
}
Beispiel #8
0
/*
 * initialize ssl methods
 */
static void
init_ssl_methods(void)
{
	LM_DBG("entered\n");

#ifndef OPENSSL_NO_SSL2
	ssl_methods[TLS_USE_SSLv2_cli - 1] = (SSL_METHOD*)SSLv2_client_method();
	ssl_methods[TLS_USE_SSLv2_srv - 1] = (SSL_METHOD*)SSLv2_server_method();
	ssl_methods[TLS_USE_SSLv2 - 1] = (SSL_METHOD*)SSLv2_method();
#endif

	ssl_methods[TLS_USE_SSLv3_cli - 1] = (SSL_METHOD*)SSLv3_client_method();
	ssl_methods[TLS_USE_SSLv3_srv - 1] = (SSL_METHOD*)SSLv3_server_method();
	ssl_methods[TLS_USE_SSLv3 - 1] = (SSL_METHOD*)SSLv3_method();

	ssl_methods[TLS_USE_TLSv1_cli - 1] = (SSL_METHOD*)TLSv1_client_method();
	ssl_methods[TLS_USE_TLSv1_srv - 1] = (SSL_METHOD*)TLSv1_server_method();
	ssl_methods[TLS_USE_TLSv1 - 1] = (SSL_METHOD*)TLSv1_method();

	ssl_methods[TLS_USE_SSLv23_cli - 1] = (SSL_METHOD*)SSLv23_client_method();
	ssl_methods[TLS_USE_SSLv23_srv - 1] = (SSL_METHOD*)SSLv23_server_method();
	ssl_methods[TLS_USE_SSLv23 - 1] = (SSL_METHOD*)SSLv23_method();

#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = (SSL_METHOD*)TLSv1_2_client_method();
	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = (SSL_METHOD*)TLSv1_2_server_method();
	ssl_methods[TLS_USE_TLSv1_2 - 1] = (SSL_METHOD*)TLSv1_2_method();
#endif

}
	acceptor_impl( tcode::io::engine& l ) 
		: pipeline_acceptor( l )
        , e(l)
        , _ssl_context( SSLv3_server_method() )
	{
		_ssl_context.use_generate_key();
	}
Beispiel #10
0
int easyssl_bind(EASYSSL *ctx, char *ip, int port, int max_cli)
{
    if(port < 0 || port > 65535) return -SSL_ERR_PARAM;
    struct sockaddr_in addr;

    ctx->fd = socket(AF_INET, SOCK_STREAM, 0);
    if(ctx->fd < 0)
    {
        printf("create socket error %d(%s)\n", errno, strerror(errno));
        return -SSL_ERR_SOCK;
    }

    bzero(&addr, sizeof(addr));
    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr.s_addr = INADDR_ANY;
    //FIXME bind on specified IP address
    if ( bind(ctx->fd, (struct sockaddr*)&addr, sizeof(addr)) != 0 )
    {
        printf("bind socket error %d(%s)\n", errno, strerror(errno));
        return -SSL_ERR_BIND;
    }
    if ( listen(ctx->fd, max_cli) != 0 )
    {
        printf("listen socket error %d(%s)\n", errno, strerror(errno));
        return -SSL_ERR_LISTEN;
    }
    if(SSL_library_init() != 1) {
        printf("Error: SSL lib init failure\n");
        return -SSL_ERR_INIT;
    }

    const SSL_METHOD          *method;
    OpenSSL_add_all_algorithms();
    SSL_load_error_strings();
    method = SSLv3_server_method();
    ctx->ctx = SSL_CTX_new(method);
    if ( ctx->ctx == NULL )
    {
        ERR_print_errors_fp(stderr);
        return -SSL_ERR_NEW;
    }

    if ( SSL_CTX_use_certificate_file(ctx->ctx, ctx->cert_path, SSL_FILETYPE_PEM) <= 0 )
    {
        ERR_print_errors_fp(stderr);
        return -SSL_ERR_CERT;
    }
    if ( SSL_CTX_use_PrivateKey_file(ctx->ctx, ctx->pkey_path, SSL_FILETYPE_PEM) <= 0 )
    {
        ERR_print_errors_fp(stderr);
        return -SSL_ERR_PKEY;
    }
    if ( !SSL_CTX_check_private_key(ctx->ctx) )
    {
        printf("Private key does not match the public certificate\n");
        return -SSL_ERR_PKEY;
    }
    return SSL_ERR_SUCCESS;
}
Beispiel #11
0
bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) {
  if (m_handle) {
    raise_warning("SSL/TLS already set-up for this stream");
    return false;
  }

  /* need to do slightly different things, based on client/server method,
   * so lets remember which method was selected */
#if OPENSSL_VERSION_NUMBER < 0x00909000L
  SSL_METHOD *smethod;
#else
  const SSL_METHOD *smethod;
#endif
  switch (m_method) {
  case ClientSSLv23: m_client = true;  smethod = SSLv23_client_method(); break;
  case ClientSSLv3:  m_client = true;  smethod = SSLv3_client_method();  break;
  case ClientTLS:    m_client = true;  smethod = TLSv1_client_method();  break;
  case ServerSSLv23: m_client = false; smethod = SSLv23_server_method(); break;
  case ServerSSLv3:  m_client = false; smethod = SSLv3_server_method();  break;

  /* SSLv2 protocol might be disabled in the OpenSSL library */
#ifndef OPENSSL_NO_SSL2
  case ClientSSLv2:  m_client = true;  smethod = SSLv2_client_method();  break;
  case ServerSSLv2:  m_client = false; smethod = SSLv2_server_method();  break;
#else
  case ClientSSLv2:
  case ServerSSLv2:
    raise_warning("OpenSSL library does not support SSL2 protocol");
    return false;
  break;
#endif

  case ServerTLS:    m_client = false; smethod = TLSv1_server_method();  break;
  default:
    return false;
  }

  SSL_CTX *ctx = SSL_CTX_new(smethod);
  if (ctx == nullptr) {
    raise_warning("failed to create an SSL context");
    return false;
  }

  SSL_CTX_set_options(ctx, SSL_OP_ALL);
  m_handle = createSSL(ctx);
  if (m_handle == nullptr) {
    raise_warning("failed to create an SSL handle");
    SSL_CTX_free(ctx);
    return false;
  }

  if (!SSL_set_fd(m_handle, m_fd)) {
    handleError(0, true);
  }
  if (session) {
    SSL_copy_session_id(m_handle, session->m_handle);
  }
  return true;
}
Beispiel #12
0
	SSLContext::SSLContext(int _method){
#ifdef USE_EMBEDDED_CLASSNAMES
		setClassName(__xvr2_Net_SSLContext);
#endif
		__init_ssl_library(this);
		pem = 0;
		method = _method;
		ctx = 0;
		mydata = 0;
		switch(method){
			case SSL_V2:
				ctx = SSL_CTX_new(SSLv2_method());
				break;
			case SSL_V2_CLIENT:
				ctx = SSL_CTX_new(SSLv2_client_method());
				break;
			case SSL_V2_SERVER:
				ctx = SSL_CTX_new(SSLv2_server_method());
				break;
			case SSL_V3:
				ctx = SSL_CTX_new(SSLv3_method());
				break;
			case SSL_V3_CLIENT:
				ctx = SSL_CTX_new(SSLv3_client_method());
				break;
			case SSL_V3_SERVER:
				ctx = SSL_CTX_new(SSLv3_server_method());
				break;
			case SSL_V23_CLIENT:
				ctx = SSL_CTX_new(SSLv23_client_method());
				break;
			case SSL_V23_SERVER:
				ctx = SSL_CTX_new(SSLv23_server_method());
				break;
			case SSL_V23:
			default:
				ctx = SSL_CTX_new(SSLv23_method());
		}
		if(ctx == 0){
			throw SSLContextCreation();
		}
		//Initialize password callback
		__ssl_ctx_cb_args *x;
		x = new __ssl_ctx_cb_args(this, 0, 0);
		mydata = x;
#ifdef USE_DEBUG
		debugmsgln(this, "Initializing password callback...");
#endif
		SSL_CTX_set_default_passwd_cb((SSL_CTX *)ctx, passwdCB);
#ifdef USE_DEBUG
		debugmsgln(this, "Initializing default password callback userdata...");
#endif
		SSL_CTX_set_default_passwd_cb_userdata((SSL_CTX *)ctx, mydata);
	}
Beispiel #13
0
bool VSslServer::doOpen()
{
  VLock lock(stateOpenCs); // gilgil temp 2014.03.14

  //
  // Set server method
  //
  LOG_DEBUG("method=%s", qPrintable(methodType.str()));
  switch (methodType)
  {
    #ifdef _WIN32 // Linux openssl does not support SSLv2_server_method
    case VSslMethodType::mtSSLv2   : m_meth = (SSL_METHOD*)SSLv2_server_method();   break;
    #endif // _WIN32
    case VSslMethodType::mtSSLv3   : m_meth = (SSL_METHOD*)SSLv3_server_method();   break;
    case VSslMethodType::mtSSLv23  : m_meth = (SSL_METHOD*)SSLv23_server_method();  break;
    case VSslMethodType::mtTLSv1   : m_meth = (SSL_METHOD*)TLSv1_server_method();   break;
    case VSslMethodType::mtTLSv1_1 : m_meth = (SSL_METHOD*)TLSv1_1_server_method(); break;
    case VSslMethodType::mtTLSv1_2 : m_meth = (SSL_METHOD*)TLSv1_2_server_method(); break;
    case VSslMethodType::mtDTLSv1  : m_meth = (SSL_METHOD*)DTLSv1_server_method();  break;
    case VSslMethodType::mtNone    :
    default                        :
      SET_ERROR(VSslError, QString("client method error(%1)").arg(methodType.str()), VSslError::INVALID_SSL_METHOD);
      return false;
  }

  m_ctx = SSL_CTX_new(m_meth);
  if (!SSL_CTX_set_tlsext_servername_callback(m_ctx, ssl_servername_cb))
  {
    LOG_ERROR("SSL_CTX_set_tlsext_servername_callback return false");
  }
  if (!SSL_CTX_set_tlsext_servername_arg(m_ctx, this))
  {
    LOG_ERROR("SSL_CTX_set_tlsext_servername_arg return false");
  }

  if (defaultKeyCrtFileName != "")
  {
    QString fileName = certificatePath;
    QFileInfo fi(fileName);
    // if (!fi.isAbsolute()) fileName = VApp::_filePath() + fileName; // gilgil temp 2014.12.25
    if (!fi.isAbsolute()) fileName = QCoreApplication::applicationDirPath() + QDir::separator() + fileName; // gilgil temp 2014.12.25
    if (!fileName.endsWith('/') && !fileName.endsWith('\\'))
    {
      fileName += QDir::separator();
    }
    fileName += defaultKeyCrtFileName;
    if (!setup(fileName)) return false;
  }

  if (!VTcpServer::doOpen()) return false;

  return true;
}
Beispiel #14
0
static SSL_METHOD *ssl23_get_server_method(int ver)
	{
#ifndef OPENSSL_NO_SSL2
	if (ver == SSL2_VERSION)
		return(SSLv2_server_method());
#endif
	if (ver == SSL3_VERSION)
		return(SSLv3_server_method());
	else if (ver == TLS1_VERSION)
		return(TLSv1_server_method());
	else
		return(NULL);
	}
Beispiel #15
0
static const SSL_METHOD *
ssl23_get_server_method(int ver)
{
	if (ver == SSL3_VERSION)
		return (SSLv3_server_method());
	else if (ver == TLS1_VERSION)
		return (TLSv1_server_method());
	else if (ver == TLS1_1_VERSION)
		return (TLSv1_1_server_method());
	else if (ver == TLS1_2_VERSION)
		return (TLSv1_2_server_method());
	else
		return (NULL);
}
Beispiel #16
0
static const SSL_METHOD *swSSL_get_method(int method)
{
    switch (method)
    {
#ifndef OPENSSL_NO_SSL3_METHOD
    case SW_SSLv3_METHOD:
        return SSLv3_method();
    case SW_SSLv3_SERVER_METHOD:
        return SSLv3_server_method();
    case SW_SSLv3_CLIENT_METHOD:
        return SSLv3_client_method();
#endif
    case SW_SSLv23_SERVER_METHOD:
        return SSLv23_server_method();
    case SW_SSLv23_CLIENT_METHOD:
        return SSLv23_client_method();
    case SW_TLSv1_METHOD:
        return TLSv1_method();
    case SW_TLSv1_SERVER_METHOD:
        return TLSv1_server_method();
    case SW_TLSv1_CLIENT_METHOD:
        return TLSv1_client_method();
#ifdef TLS1_1_VERSION
    case SW_TLSv1_1_METHOD:
        return TLSv1_1_method();
    case SW_TLSv1_1_SERVER_METHOD:
        return TLSv1_1_server_method();
    case SW_TLSv1_1_CLIENT_METHOD:
        return TLSv1_1_client_method();
#endif
#ifdef TLS1_2_VERSION
    case SW_TLSv1_2_METHOD:
        return TLSv1_2_method();
    case SW_TLSv1_2_SERVER_METHOD:
        return TLSv1_2_server_method();
    case SW_TLSv1_2_CLIENT_METHOD:
        return TLSv1_2_client_method();
#endif
    case SW_DTLSv1_METHOD:
        return DTLSv1_method();
    case SW_DTLSv1_SERVER_METHOD:
        return DTLSv1_server_method();
    case SW_DTLSv1_CLIENT_METHOD:
        return DTLSv1_client_method();
    case SW_SSLv23_METHOD:
    default:
        return SSLv23_method();
    }
    return SSLv23_method();
}
Beispiel #17
0
/**
 *	@brief initialize SSL server and create context
 *  @decription THIS IS NOT MY CODE (from page 1)
 *  @return ctx					The SSL_CTX object
 */
SSL_CTX* initialize_server(){
	SSL_METHOD *method = SSLv3_server_method();
	SSL_CTX *ctx = SSL_CTX_new(method);	
	OpenSSL_add_all_algorithms();	
	SSL_load_error_strings();	

	//check if CTX object is valid
	if(ctx == NULL){
		printf("\n\nERROR: SSL_CTX_new() failed (server.c - initialize_server\n");
		printf("Couldn't create a new SSL_CTX object.\n\n");
		exit(1);
	}
	return ctx;
}
Beispiel #18
0
SSL_CTX* InitServerCTX(void)
{   SSL_METHOD *method;
    SSL_CTX *ctx;
 
    OpenSSL_add_all_algorithms();  /* load & register all cryptos, etc. */
    SSL_load_error_strings();   /* load all error messages */
    method = const_cast<SSL_METHOD*>(SSLv3_server_method());  /* create new server-method instance */
    ctx = SSL_CTX_new(method);   /* create new context from method */
    if ( ctx == NULL )
    {
        ERR_print_errors_fp(stderr);
        abort();
    }
    return ctx;
}
Beispiel #19
0
void rcp_ssl_ctx_init()
{
	const SSL_METHOD *method = SSLv3_server_method();
	if (method == NULL){
		rcp_error("e1\n");
	}
	ctx = SSL_CTX_new(method);
	if (ctx== NULL){
		rcp_error("e2\n");
	}
	SSL_CTX_use_certificate_file(ctx, 
			RCP_SSL_CERTIFICATE_FILE_PATH, SSL_FILETYPE_PEM);
	SSL_CTX_use_PrivateKey_file(ctx, 
			RCP_SSL_PRIVATEKEY_FILE_PATH, SSL_FILETYPE_PEM);
}
Beispiel #20
0
void init_options(void)
{
	if((option.cafiles = malloc(sizeof(char *) * 1)) == (char **) 0)
	{
		fprintf(stderr, "malloc: %.100s (%i)\n", strerror(errno), errno);
		exit(EXIT_FAILURE);
	}

	option.cafiles[0] = 0;

	/* default options */
        option.mysql_IP = "127.0.0.1";
        option.mysql_user = "******";
        option.mysql_pass = "******";
        option.mysql_db = "eas";
        option.mysql_port = 3306;
	option.port = 5555;
	option.lock_fd = -1;
	option.pidfile = "/var/run/easd.pid";
	option.facility = LOG_AUTH;
	option.priority = LOG_INFO;
	option.method = SSLv3_server_method();
	option.pemfile = "/etc/eas/certs/server.pem";
	option.egdfile = 0;
	option.randomfile = 0;
	option.cipher = "HIGH:MEDIUM";
	option.hook = 0;
	option.hook_timeout = 5;
	option.sessiondirectory = "/var/log/easd";
	option.listenaddress = "localhost";
	option.keepalive = 1;
	option.idletimeout = 7200;
	option.uid = -1;
	option.hook_failure_critical = 1;
	option.sync = _IONBF;
        option.strict_mode = 1;
        option.strict_owner = 1;
        option.strict_inode = 0;
        option.strict_ctime = 0;
        option.strict_mtime = 0;

	option.uid = 0;
	option.gid = 0;
	option.level = eINFO;


	return;
}
Beispiel #21
0
SSL_CTX *
InitCTX (void)
{
  SSL_METHOD *method;
  X509 *cert;
  EVP_PKEY *key;

  SSL_library_init ();
  OpenSSL_add_all_algorithms ();	/* Load cryptos, et.al. */
  SSL_load_error_strings ();	/* Bring in and register error messages */
  method = SSLv3_server_method ();
  ctx = SSL_CTX_new (method);	/* Create new context */

  if (ctx == NULL) {
#ifdef DEBUG
    ERR_print_errors_fp (stderr);
#endif
    abort ();
  }

  SSL_CTX_set_options (ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
  SSL_CTX_set_cipher_list (ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");

  if (gen_cert (&cert, &key) == 0) {
#ifdef DEBUG
    printf ("Error w/ gen_cert()\n");
#endif
    exit (1);
  }

  if (SSL_CTX_use_certificate (ctx, cert) != 1) {
#ifdef DEBUG
    fprintf (stderr, "SSL_CTX_use_certificate failed.\n");
#endif
    exit (1);
  }
  if (SSL_CTX_use_PrivateKey (ctx, key) != 1) {
#ifdef DEBUG
    fprintf (stderr, "SSL_CTX_use_PrivateKey failed.\n");
#endif
    exit (1);
  }

  X509_free (cert);
  EVP_PKEY_free (key);

  return ctx;
}
Beispiel #22
0
static const SSL_METHOD *tls1_get_server_method(int ver)
{
    if (ver == TLS_ANY_VERSION)
        return TLS_server_method();
    if (ver == TLS1_2_VERSION)
        return TLSv1_2_server_method();
    if (ver == TLS1_1_VERSION)
        return TLSv1_1_server_method();
    if (ver == TLS1_VERSION)
        return TLSv1_server_method();
#ifndef OPENSSL_NO_SSL3
    if (ver == SSL3_VERSION)
        return (SSLv3_server_method());
#endif
    return NULL;
}
Beispiel #23
0
    SSL_CTX* initServerContext()
    {   
        SSL_METHOD *method;
        SSL_CTX *ctx;

        OpenSSL_add_all_algorithms(); 
        SSL_load_error_strings();   
        method = const_cast<SSL_METHOD*>(SSLv3_server_method());  
        ctx = SSL_CTX_new(method); 
        if ( ctx == NULL )
        {
            ERR_print_errors_fp(stderr);
            abort();
        }
        return ctx;
    }
Beispiel #24
0
SSL_CTX* EdSSLContext::buildServerCtx(int sslmethod, const char* certfile, const char* privkeyfile)
{
	const SSL_METHOD *method;
	switch (sslmethod)
	{
	case SSL_VER_TLSV1:
		method = TLSv1_server_method();
		break;
	case SSL_VER_TLSV11:
		method = TLSv1_1_server_method();
		break;
	case SSL_VER_V23:
		method = SSLv23_server_method();
		break;
	case SSL_VER_V3:
		method = SSLv3_server_method();
		break;
	case SSL_VER_DTLSV1:
		method = DTLSv1_server_method();
		break;
	default:
		method = NULL;
		break;
	}

	if (method == NULL)
		return NULL;

	SSL_CTX* pctx = SSL_CTX_new(method);

	int ret;
	ret = SSL_CTX_use_certificate_file(pctx, certfile, SSL_FILETYPE_PEM);
	dbgd("set cert file, ret=%d", ret);
	ret = SSL_CTX_use_PrivateKey_file(pctx, privkeyfile, SSL_FILETYPE_PEM);
	dbgd("set key file, ret=%d", ret);

	if (!SSL_CTX_check_private_key(pctx))
	{
		dbge("### private key check error......");
		SSL_CTX_free(pctx);
		return NULL;
	}
	return pctx;
}
Beispiel #25
0
SSL_CTX* setupSSL(void){
	SSL_CTX *ssl_ctx;
	const SSL_METHOD *method;

	SSL_library_init();

	/* loading cryptos and error messages*/
	OpenSSL_add_all_algorithms();
	SSL_load_error_strings();

	/* create new server-method instance */
	method = SSLv3_server_method();

	/* create new context from method */
	ssl_ctx = SSL_CTX_new(method);

	if (ssl_ctx == NULL){
		perror("ssl_ctx");
		exit(EXIT_FAILURE);
	}

	/* specifying what certificate to use, get from CERT_FILE*/
	if(SSL_CTX_use_certificate_file(ssl_ctx, CERT_FILE, SSL_FILETYPE_PEM) <= 0){
		perror("CERT_FILE error\n");
		exit(EXIT_FAILURE);
	}

    /*Load the password for the Private Key*/
    SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx,KEY_PASSWD);

	/* specifying what private key to use, get from KEY_FILE */
    if(SSL_CTX_use_PrivateKey_file(ssl_ctx, KEY_FILE, SSL_FILETYPE_PEM) <= 0){
		perror("KEY_FILE error\n");
		exit(EXIT_FAILURE);
	}

	/* verifying that the private key matches the public certificate */
	if (!SSL_CTX_check_private_key(ssl_ctx)){
		perror("private key not matching the public certificate\n");
		exit(EXIT_FAILURE);
	}

	return ssl_ctx;
}
Beispiel #26
0
static const SSL_METHOD *swSSL_get_method(int method)
{
    switch (method)
    {
    case SW_SSLv3_METHOD:
        return SSLv3_method();
    case SW_SSLv3_SERVER_METHOD:
        return SSLv3_server_method();
    case SW_SSLv3_CLIENT_METHOD:
        return SSLv3_client_method();
    case SW_SSLv23_SERVER_METHOD:
        return SSLv23_server_method();
    case SW_SSLv23_CLIENT_METHOD:
        return SSLv23_client_method();
    case SW_TLSv1_METHOD:
        return TLSv1_method();
    case SW_TLSv1_SERVER_METHOD:
        return TLSv1_server_method();
    case SW_TLSv1_CLIENT_METHOD:
        return TLSv1_client_method();
    case SW_TLSv1_1_METHOD:
        return TLSv1_1_method();
    case SW_TLSv1_1_SERVER_METHOD:
        return TLSv1_1_server_method();
    case SW_TLSv1_1_CLIENT_METHOD:
        return TLSv1_1_client_method();
    case SW_TLSv1_2_METHOD:
        return TLSv1_2_method();
    case SW_TLSv1_2_SERVER_METHOD:
        return TLSv1_2_server_method();
    case SW_TLSv1_2_CLIENT_METHOD:
        return TLSv1_2_client_method();
    case SW_DTLSv1_METHOD:
        return DTLSv1_method();
    case SW_DTLSv1_SERVER_METHOD:
        return DTLSv1_server_method();
    case SW_DTLSv1_CLIENT_METHOD:
        return DTLSv1_client_method();
    case SW_SSLv23_METHOD:
    default:
        return SSLv23_method();
    }
    return SSLv23_method();
}
Beispiel #27
0
SSL_CTX *
_SSL_context_init (void (*info_cb_func), int server)
{
    SSL_CTX *ctx;

    SSLeay_add_ssl_algorithms ();
    SSL_load_error_strings ();
    ctx =
        SSL_CTX_new (server ? SSLv3_server_method () :
                     SSLv3_client_method ());

    SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
    SSL_CTX_set_timeout (ctx, 300);

    /* used in SSL_connect(), SSL_accept() */
    SSL_CTX_set_info_callback (ctx, info_cb_func);

    return (ctx);
}
void PosixSslServerSocket::loadCertificates( const std::string & certificateFile,
                                             const std::string & keyFile ) {
    SSL_CTX * sslContext;
    int rc;

    sslContext = SSL_CTX_new(SSLv3_server_method());
    rc = SSL_CTX_load_verify_locations(sslContext,certificateFile.c_str(),keyFile.c_str());
    if( rc <= 0 )
        ERR_print_errors_fp(stdout);
    rc = SSL_CTX_set_default_verify_paths(sslContext);
    if( rc <= 0 )
        ERR_print_errors_fp(stdout);
    rc = SSL_CTX_use_certificate_file(sslContext,certificateFile.c_str(),SSL_FILETYPE_PEM);
    if( rc <= 0 )
        ERR_print_errors_fp(stdout);
    rc = SSL_CTX_use_PrivateKey_file(sslContext,keyFile.c_str(),SSL_FILETYPE_PEM);
    if( rc <= 0 )
        ERR_print_errors_fp(stdout);
    setSslContext(sslContext);
}
Beispiel #29
0
/*
 * initialize ssl methods 
 */
static void
init_ssl_methods(void)
{
	DBG("init_methods: Entered\n");
	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
	ssl_methods[TLS_USE_SSLv2 - 1] = SSLv2_method();
	
	ssl_methods[TLS_USE_SSLv3_cli - 1] = SSLv3_client_method();
	ssl_methods[TLS_USE_SSLv3_srv - 1] = SSLv3_server_method();
	ssl_methods[TLS_USE_SSLv3 - 1] = SSLv3_method();
	
	ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method();
	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
	
	ssl_methods[TLS_USE_SSLv23_cli - 1] = SSLv23_client_method();
	ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method();
	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
}
Beispiel #30
0
int TPC_Logging_Acceptor::open
    (const ACE_SOCK_Acceptor::PEER_ADDR &local_addr,
           ACE_Reactor *reactor,
           int flags, int use_select, int reuse_addr) {
  if (PARENT::open (local_addr, reactor, flags,
                    use_select, reuse_addr) != 0)
    return -1;
  OpenSSL_add_ssl_algorithms ();
  ssl_ctx_ = SSL_CTX_new (SSLv3_server_method ());
  if (ssl_ctx_ == 0) return -1;

  if (SSL_CTX_use_certificate_file (ssl_ctx_,
                                    TPC_CERTIFICATE_FILENAME,
                                    SSL_FILETYPE_PEM) <= 0
      || SSL_CTX_use_PrivateKey_file (ssl_ctx_,
                                      TPC_KEY_FILENAME,
                                      SSL_FILETYPE_PEM) <= 0
      || !SSL_CTX_check_private_key (ssl_ctx_))
    return -1;
  ssl_ = SSL_new (ssl_ctx_);
  return ssl_ == 0 ? -1 : 0;
}