Beispiel #1
0
wi_boolean_t wi_socket_context_set_ssl_type(wi_socket_context_t *context, wi_socket_ssl_type_t type) {
#ifdef WI_SSL
	SSL_METHOD		*method = NULL;
	
	switch(type) {
		case WI_SOCKET_SSL_CLIENT:
			method = TLSv1_client_method();
			break;

		case WI_SOCKET_SSL_SERVER:
			method = TLSv1_server_method();
			break;
	}
	
	context->ssl_ctx = SSL_CTX_new(method);
	
	if(!context->ssl_ctx)
		wi_error_set_ssl_error();
	
	return (context->ssl_ctx != NULL);
#else
	wi_error_set_lib_error(WI_ERROR_SOCKET_NOSSL);
	
	return false;
#endif
}
Beispiel #2
0
const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
{
   const SSL_METHOD * p;

   switch( n )
   {
#if OPENSSL_VERSION_NUMBER < 0x10000000L
      case HB_SSL_CTX_NEW_METHOD_SSLV2:         p = SSLv2_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER:  p = SSLv2_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT:  p = SSLv2_client_method();  break;
#endif
      case HB_SSL_CTX_NEW_METHOD_SSLV3:         p = SSLv3_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER:  p = SSLv3_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT:  p = SSLv3_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1:         p = TLSv1_method();         break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER:  p = TLSv1_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT:  p = TLSv1_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
      default: p = SSLv23_method();
   }

   return p;
}
Beispiel #3
0
Datei: stud.c Projekt: djs55/stud
/* Init library and load specified certificate.
 * Establishes a SSL_ctx, to act as a template for
 * each connection */
static SSL_CTX * init_openssl() {
    SSL_library_init();
    SSL_load_error_strings();
    SSL_CTX *ctx = NULL;

    if (OPTIONS.ETYPE == ENC_TLS)
        ctx = SSL_CTX_new(TLSv1_server_method());
    else if (OPTIONS.ETYPE == ENC_SSL)
        ctx = SSL_CTX_new(SSLv23_server_method());
    else
        assert(OPTIONS.ETYPE == ENC_TLS || OPTIONS.ETYPE == ENC_SSL);
    
    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_ALL |
                        SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
    
    if (SSL_CTX_use_certificate_file(ctx, OPTIONS.CERT_FILE, SSL_FILETYPE_PEM) <= 0)
        ERR_print_errors_fp(stderr);
    if (SSL_CTX_use_RSAPrivateKey_file(ctx, OPTIONS.CERT_FILE, SSL_FILETYPE_PEM) <= 0)
        ERR_print_errors_fp(stderr);
    
    if (OPTIONS.CIPHER_SUITE)
        if (SSL_CTX_set_cipher_list(ctx, OPTIONS.CIPHER_SUITE) != 1)
            ERR_print_errors_fp(stderr);            

    return ctx;
}
Beispiel #4
0
SSL_METHOD *sycTLSv1_server_method(void) {
   SSL_METHOD *result;
   Debug("TLSv1_server_method()");
   result = TLSv1_server_method();
   Debug1("TLSv1_server_method() -> %p", result);
   return result;
}
Beispiel #5
0
void SSLContext::createSSLContext()
{
    switch (_usage)
    {
    case CLIENT_USE:
        _sslContext = SSL_CTX_new(SSLv23_client_method());
        break;
    case SERVER_USE:
        _sslContext = SSL_CTX_new(SSLv23_server_method());
        break;
    case TLSV1_CLIENT_USE:
        _sslContext = SSL_CTX_new(TLSv1_client_method());
        break;
    case TLSV1_SERVER_USE:
        _sslContext = SSL_CTX_new(TLSv1_server_method());
        break;
    default:
        throw std::runtime_error("SSL Exception: Invalid usage");
    }
    if (!_sslContext)  {
        unsigned long err = ERR_get_error();
        throw std::runtime_error("SSL Exception: Cannot create SSL_CTX object: " + std::string(ERR_error_string(err, 0)));
    }

    SSL_CTX_set_default_passwd_cb(_sslContext, &SSLManager::privateKeyPassphraseCallback);
    clearErrorStack();
    SSL_CTX_set_options(_sslContext, SSL_OP_ALL);
}
MSC_BOOL msc_secure_socket_library_init(MSC_LIBRARY_MODE mode)
{
	if (g_ssl_ctx) return MSC_TRUE;

	SSL_library_init();
	SSL_load_error_strings();

	if (mode == MSC_LIBRARY_CLIENT)
	{
		g_ssl_ctx = SSL_CTX_new(TLSv1_client_method());
	}
	else
	{
		g_ssl_ctx = SSL_CTX_new(TLSv1_server_method());
	}

	if (!g_ssl_ctx)
	{
		fprintf(stderr, "Error initializing OpenSSL\n");
		ERR_print_errors_fp(stderr);
		return MSC_FALSE;
	}

	return MSC_TRUE;
}
Beispiel #7
0
wi_socket_tls_t * wi_socket_tls_init_with_type(wi_socket_tls_t *tls, wi_socket_tls_type_t type) {
	SSL_METHOD		*method;
	
	switch(type) {
		default:
		case WI_SOCKET_TLS_CLIENT:
			method = TLSv1_client_method();
			break;

		case WI_SOCKET_TLS_SERVER:
			method = TLSv1_server_method();
			break;
	}
	
	tls->ssl_ctx = SSL_CTX_new(method);
	
	if(!tls->ssl_ctx) {
		wi_error_set_openssl_error();
		
		wi_release(NULL);
		
		return NULL;
	}
	
	SSL_CTX_set_mode(tls->ssl_ctx, SSL_MODE_AUTO_RETRY);
	SSL_CTX_set_quiet_shutdown(tls->ssl_ctx, 1);
	
	return tls;
}
BOOL CSSLTcpSocket::CreateSSLTcpSocketForServer( LPCSTR pszCertFile , LPCSTR pszKeyFile )
{
	SSL_load_error_strings(); /*为打印调试信息作准备*/ 
	OpenSSL_add_ssl_algorithms(); /*初始化*/ 

	m_meth = (SSL_METHOD *)TLSv1_server_method(); /*采用什么协议(SSLv2/SSLv3/TLSv1)在此指定,TLSv1_server_method,SSLv23_server_method()*/ 

	m_ctx = SSL_CTX_new (m_meth);

	//设置为要求强制校验对方(客户端)证书SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT
	SSL_CTX_set_verify(m_ctx,SSL_VERIFY_NONE,NULL); /*验证与否SSL_VERIFY_PEER*/ 
	//SSL_CTX_load_verify_locations(ctx,CACERT,NULL); /*若验证,则放置CA证书*/

	if (SSL_CTX_use_certificate_file(m_ctx, pszCertFile, SSL_FILETYPE_PEM) <= 0) 
	{
		printf("加载证书失败!\n");
		
	}

	if (SSL_CTX_use_PrivateKey_file(m_ctx, pszKeyFile, SSL_FILETYPE_PEM) <= 0)
	{
		printf("加载私钥失败!\n");
		
	}

	if (!SSL_CTX_check_private_key(m_ctx)) {
		printf("密钥证书不匹配!\n");
	}

	SSL_CTX_set_cipher_list(m_ctx,"DES-CBC3-SHA"); 
	SSL_CTX_set_mode(m_ctx, SSL_MODE_AUTO_RETRY);

	return CreateTcpSocket();
}
Beispiel #9
0
/*
 * initialize ssl methods
 */
static void
init_ssl_methods(void)
{
	LM_DBG("entered\n");

#ifndef OPENSSL_NO_SSL2
	ssl_methods[TLS_USE_SSLv2_cli - 1] = (SSL_METHOD*)SSLv2_client_method();
	ssl_methods[TLS_USE_SSLv2_srv - 1] = (SSL_METHOD*)SSLv2_server_method();
	ssl_methods[TLS_USE_SSLv2 - 1] = (SSL_METHOD*)SSLv2_method();
#endif

	ssl_methods[TLS_USE_SSLv3_cli - 1] = (SSL_METHOD*)SSLv3_client_method();
	ssl_methods[TLS_USE_SSLv3_srv - 1] = (SSL_METHOD*)SSLv3_server_method();
	ssl_methods[TLS_USE_SSLv3 - 1] = (SSL_METHOD*)SSLv3_method();

	ssl_methods[TLS_USE_TLSv1_cli - 1] = (SSL_METHOD*)TLSv1_client_method();
	ssl_methods[TLS_USE_TLSv1_srv - 1] = (SSL_METHOD*)TLSv1_server_method();
	ssl_methods[TLS_USE_TLSv1 - 1] = (SSL_METHOD*)TLSv1_method();

	ssl_methods[TLS_USE_SSLv23_cli - 1] = (SSL_METHOD*)SSLv23_client_method();
	ssl_methods[TLS_USE_SSLv23_srv - 1] = (SSL_METHOD*)SSLv23_server_method();
	ssl_methods[TLS_USE_SSLv23 - 1] = (SSL_METHOD*)SSLv23_method();

#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = (SSL_METHOD*)TLSv1_2_client_method();
	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = (SSL_METHOD*)TLSv1_2_server_method();
	ssl_methods[TLS_USE_TLSv1_2 - 1] = (SSL_METHOD*)TLSv1_2_method();
#endif

}
Beispiel #10
0
static SSL_METHOD *tls1_get_server_method(int ver)
	{
	if (ver == TLS1_VERSION)
		return(TLSv1_server_method());
	else
		return(NULL);
	}
Beispiel #11
0
static int nixio_tls_ctx(lua_State * L) {
    const char *method = luaL_optlstring(L, 1, "client", NULL);

    luaL_getmetatable(L, NIXIO_TLS_CTX_META);
    SSL_CTX **ctx = lua_newuserdata(L, sizeof(SSL_CTX *));
    if (!ctx) {
        return luaL_error(L, "out of memory");
    }

    /* create userdata */
    lua_pushvalue(L, -2);
    lua_setmetatable(L, -2);

    if (!strcmp(method, "client")) {
        *ctx = SSL_CTX_new(TLSv1_client_method());
    } else if (!strcmp(method, "server")) {
        *ctx = SSL_CTX_new(TLSv1_server_method());
    } else {
        return luaL_argerror(L, 1, "supported values: client, server");
    }

    if (!(*ctx)) {
        return luaL_error(L, "unable to create TLS context");
    }

    return 1;
}
Beispiel #12
0
ws_ctx_t *ws_socket_ssl(int socket, char * certfile, char * keyfile) {
   int ret;
   char msg[1024];
   char * use_keyfile;
   ws_ctx_t *ctx;
   ctx = ws_socket(socket);

   if (keyfile && (keyfile[0] != '\0')) {
      // Separate key file
      use_keyfile = keyfile;
   } else {
      // Combined key and cert file
      use_keyfile = certfile;
   }

   // Initialize the library
   if (! ssl_initialized) {
      SSL_library_init();
      OpenSSL_add_all_algorithms();
      SSL_load_error_strings();
      ssl_initialized = 1;

   }

   ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
   if (ctx->ssl_ctx == NULL) {
      ERR_print_errors_fp(stderr);
      fatal("Failed to configure SSL context");
   }

   if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, use_keyfile,
      SSL_FILETYPE_PEM) <= 0) {
         sprintf(msg, "Unable to load private key file %s\n", use_keyfile);
         fatal(msg);
   }

   if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, certfile,
      SSL_FILETYPE_PEM) <= 0) {
         sprintf(msg, "Unable to load certificate file %s\n", certfile);
         fatal(msg);
   }

   //    if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, "DEFAULT") != 1) {
   //        sprintf(msg, "Unable to set cipher\n");
   //        fatal(msg);
   //    }

   // Associate socket and ssl object
   ctx->ssl = SSL_new(ctx->ssl_ctx);
   SSL_set_fd(ctx->ssl, socket);

   ret = SSL_accept(ctx->ssl);
   if (ret < 0) {
      ERR_print_errors_fp(stderr);
      return NULL;
   }

   return ctx;
}
Beispiel #13
0
bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) {
  if (m_handle) {
    raise_warning("SSL/TLS already set-up for this stream");
    return false;
  }

  /* need to do slightly different things, based on client/server method,
   * so lets remember which method was selected */
#if OPENSSL_VERSION_NUMBER < 0x00909000L
  SSL_METHOD *smethod;
#else
  const SSL_METHOD *smethod;
#endif
  switch (m_method) {
  case ClientSSLv23: m_client = true;  smethod = SSLv23_client_method(); break;
  case ClientSSLv3:  m_client = true;  smethod = SSLv3_client_method();  break;
  case ClientTLS:    m_client = true;  smethod = TLSv1_client_method();  break;
  case ServerSSLv23: m_client = false; smethod = SSLv23_server_method(); break;
  case ServerSSLv3:  m_client = false; smethod = SSLv3_server_method();  break;

  /* SSLv2 protocol might be disabled in the OpenSSL library */
#ifndef OPENSSL_NO_SSL2
  case ClientSSLv2:  m_client = true;  smethod = SSLv2_client_method();  break;
  case ServerSSLv2:  m_client = false; smethod = SSLv2_server_method();  break;
#else
  case ClientSSLv2:
  case ServerSSLv2:
    raise_warning("OpenSSL library does not support SSL2 protocol");
    return false;
  break;
#endif

  case ServerTLS:    m_client = false; smethod = TLSv1_server_method();  break;
  default:
    return false;
  }

  SSL_CTX *ctx = SSL_CTX_new(smethod);
  if (ctx == nullptr) {
    raise_warning("failed to create an SSL context");
    return false;
  }

  SSL_CTX_set_options(ctx, SSL_OP_ALL);
  m_handle = createSSL(ctx);
  if (m_handle == nullptr) {
    raise_warning("failed to create an SSL handle");
    SSL_CTX_free(ctx);
    return false;
  }

  if (!SSL_set_fd(m_handle, m_fd)) {
    handleError(0, true);
  }
  if (session) {
    SSL_copy_session_id(m_handle, session->m_handle);
  }
  return true;
}
Beispiel #14
0
THREAD_RETURN YASSL_API server_test(void* args)
{
#ifdef _WIN32
    WSADATA wsd;
    WSAStartup(0x0002, &wsd);
#endif

    SOCKET_T sockfd   = 0;
    SOCKET_T clientfd = 0;
    int      argc     = 0;
    char**   argv     = 0;

    set_args(argc, argv, *static_cast<func_args*>(args));
    tcp_accept(sockfd, clientfd, *static_cast<func_args*>(args));

    tcp_close(sockfd);

    SSL_METHOD* method = TLSv1_server_method();
    SSL_CTX*    ctx = SSL_CTX_new(method);

    //SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5");
    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
    set_serverCerts(ctx);
    DH* dh = set_tmpDH(ctx);

    SSL* ssl = SSL_new(ctx);
    SSL_set_fd(ssl, clientfd);

#ifdef NON_BLOCKING
    NonBlockingSSL_Accept(ssl, ctx, clientfd);
#else
    if (SSL_accept(ssl) != SSL_SUCCESS)
        ServerError(ctx, ssl, clientfd, "SSL_accept failed");
#endif
     
    showPeer(ssl);
    printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));

    char command[1024];
    int input = SSL_read(ssl, command, sizeof(command));
    if (input > 0) {
        command[input] = 0;
        printf("First client command: %s\n", command);
    }

    char msg[] = "I hear you, fa shizzle!";
    if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
        ServerError(ctx, ssl, clientfd, "SSL_write failed");

    DH_free(dh);
    SSL_CTX_free(ctx);
    SSL_shutdown(ssl);
    SSL_free(ssl);

    tcp_close(clientfd);

    ((func_args*)args)->return_code = 0;
    return 0;
}
Beispiel #15
0
  bool OpenSSLServer::setType()
  {
    m_ctx = SSL_CTX_new( TLSv1_server_method() );
    if( !m_ctx )
      return false;

    return true;
  }
Beispiel #16
0
void Context::createSSLContext()
{
	if (SSLManager::isFIPSEnabled())
	{
		_pSSLContext = SSL_CTX_new(TLSv1_method());
	}
	else
	{
		switch (_usage)
		{
		case CLIENT_USE:
			_pSSLContext = SSL_CTX_new(SSLv23_client_method());
			break;
		case SERVER_USE:
			_pSSLContext = SSL_CTX_new(SSLv23_server_method());
			break;
#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1)
		case TLSV1_CLIENT_USE:
			_pSSLContext = SSL_CTX_new(TLSv1_client_method());
			break;
		case TLSV1_SERVER_USE:
			_pSSLContext = SSL_CTX_new(TLSv1_server_method());
			break;
#endif
#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1.
 * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line
 * if TLS1.x was removed at OpenSSL library build time via Configure options.
 */
        case TLSV1_1_CLIENT_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_1_client_method());
            break;
        case TLSV1_1_SERVER_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_1_server_method());
            break;
#endif
#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1)
        case TLSV1_2_CLIENT_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_2_client_method());
            break;
        case TLSV1_2_SERVER_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_2_server_method());
            break;
#endif
		default:
			throw Poco::InvalidArgumentException("Invalid or unsupported usage");
		}
	}
	if (!_pSSLContext) 
	{
		unsigned long err = ERR_get_error();
		throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0));
	}

	SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback);
	Utility::clearErrorStack();
	SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL);
}
Beispiel #17
0
static void
tls_exec_server(const char *user, int startfd, const char *privkey,
    const char *cert, int debuglevel)
{
	SSL_CTX *sslctx;
	SSL *ssl;
	int sockfd, tcpfd, ret;

	pjdlog_debug_set(debuglevel);
	pjdlog_prefix_set("[TLS sandbox] (server) ");
#ifdef HAVE_SETPROCTITLE
	setproctitle("[TLS sandbox] (server) ");
#endif

	sockfd = startfd;
	tcpfd = startfd + 1;

	SSL_load_error_strings();
	SSL_library_init();

	sslctx = SSL_CTX_new(TLSv1_server_method());
	if (sslctx == NULL)
		pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed.");

	SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

	ssl = SSL_new(sslctx);
	if (ssl == NULL)
		pjdlog_exitx(EX_TEMPFAIL, "SSL_new() failed.");

	if (SSL_use_RSAPrivateKey_file(ssl, privkey, SSL_FILETYPE_PEM) != 1) {
		ssl_log_errors();
		pjdlog_exitx(EX_CONFIG,
		    "SSL_use_RSAPrivateKey_file(%s) failed.", privkey);
	}

	if (SSL_use_certificate_file(ssl, cert, SSL_FILETYPE_PEM) != 1) {
		ssl_log_errors();
		pjdlog_exitx(EX_CONFIG, "SSL_use_certificate_file(%s) failed.",
		    cert);
	}

	if (sandbox(user, true, "proto_tls server") != 0)
		pjdlog_exitx(EX_CONFIG, "Unable to sandbox TLS server.");
	pjdlog_debug(1, "Privileges successfully dropped.");

	nonblock(sockfd);
	nonblock(tcpfd);

	if (SSL_set_fd(ssl, tcpfd) != 1)
		pjdlog_exitx(EX_TEMPFAIL, "SSL_set_fd() failed.");

	ret = SSL_accept(ssl);
	ssl_check_error(ssl, ret);

	tls_loop(sockfd, ssl);
}
Beispiel #18
0
static const SSL_METHOD *tls1_get_server_method(int ver)
{
    if (ver == TLS1_2_VERSION)
        return TLSv1_2_server_method();
    if (ver == TLS1_1_VERSION)
        return TLSv1_1_server_method();
    if (ver == TLS1_VERSION)
        return TLSv1_server_method();
    return NULL;
}
Beispiel #19
0
SSL_CTX * ssl_ctx_new (int servermode, int usetls, const char * cert_file, const char *key_file){

#if OPENSSL_VERSION_NUMBER < 0x10000000
	SSL_METHOD      *meth = NULL;
#else
	const SSL_METHOD      *meth = NULL;
#endif
	SSL_CTX 	*ctx = NULL;

	//TODO debug print state value here to see what is what
	//	whether we need one or the other, per esx version, etc
	if(usetls) {
		if(servermode)
			meth = TLSv1_server_method();
		else
			meth = TLSv1_client_method();

		fprintf(stderr, "if err occurs after this msg, may need"
				" SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2)"
				" or similar\n");
	} else {
		if(servermode)
			meth = SSLv23_server_method();
		else
			meth = SSLv23_client_method();
	}

	if ( !(ctx = SSL_CTX_new (meth)) )
		goto out;

	//NOTE first step when state = 0, apply these options. what about after?
	//NOTE ALSO required when steve => 1
	//	do not add if(!state) again
	SSL_CTX_set_options (ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2 /* Work around all known bugs */);
	//NOTE SSL_OP_NO_SSLv2 is specifically required for zware

	if (cert_file){
      		if (SSL_CTX_use_certificate_file (ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
			goto out;
		if (!key_file)
			key_file = cert_file;
		if (SSL_CTX_use_PrivateKey_file (ctx, key_file, SSL_FILETYPE_PEM) <= 0)
			goto out;
		if (!SSL_CTX_check_private_key (ctx))
			goto out;
	}

	SSL_CTX_set_verify (ctx, SSL_VERIFY_NONE, NULL);

	return ctx;

out:
	ERR_print_errors_fp(stderr);
	return NULL;
}
Beispiel #20
0
IoSecureServer *IoSecureServer_useTLS(IoSecureServer *self, IoObject *locals, IoMessage *msg)
{
	SSL_CTX *ctx = OCTX(self);
	if(SSL_CTX_set_ssl_version(ctx, TLSv1_server_method()) != 1)
	{
		ERR_print_errors_fp(stderr);
		IoState_error_(IOSTATE, msg, "Error using TLS");
		return IONIL(self);
	}
	return self;
}
Beispiel #21
0
SSL_CTX * uh_tls_ctx_init()
{
	SSL_CTX *c = NULL;
	SSL_load_error_strings();
	SSL_library_init();

	if( (c = SSL_CTX_new(TLSv1_server_method())) != NULL )
		SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);

	return c;
}
Beispiel #22
0
IoSecureServer *IoSecureServer_rawClone(IoSecureServer *proto) 
{ 
	IoObject *self = IoObject_rawClonePrimitive(proto);
	IoObject_setDataPointer_(self, (SecureServerData *)calloc(1, sizeof(SecureServerData)));
	SSL_CTX *ctx = SSL_CTX_new(TLSv1_server_method());
	DATA(self)->ssl_ctx = ctx;	
	SSL_CTX_set_default_passwd_cb(ctx, IoSecureSockets_Password_Callback);
	SSL_CTX_set_default_passwd_cb_userdata(ctx, self);
	SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(OCTX(proto)), SSL_CTX_get_verify_callback(OCTX(proto)));
	//need to do more work for the copy to be correct, also need to copy SSL method and certs.
	return self; 
}
Beispiel #23
0
SSL_CTX * uh_tls_ctx_init()
{
	SSL_CTX *c;

	SSL_load_error_strings();
	SSL_library_init();

	if ((c = SSL_CTX_new(TLSv1_server_method())) != NULL)
		uh_tls_ctx_setup(c);

	return c;
}
Beispiel #24
0
void
tls_ctx_server_new(struct tls_root_ctx *ctx)
{
  ASSERT(NULL != ctx);

  ctx->ctx = SSL_CTX_new (TLSv1_server_method ());

  if (ctx->ctx == NULL)
    msg (M_SSLERR, "SSL_CTX_new TLSv1_server_method");

  SSL_CTX_set_tmp_rsa_callback (ctx->ctx, tmp_rsa_cb);
}
Beispiel #25
0
bool VSslServer::doOpen()
{
  VLock lock(stateOpenCs); // gilgil temp 2014.03.14

  //
  // Set server method
  //
  LOG_DEBUG("method=%s", qPrintable(methodType.str()));
  switch (methodType)
  {
    #ifdef _WIN32 // Linux openssl does not support SSLv2_server_method
    case VSslMethodType::mtSSLv2   : m_meth = (SSL_METHOD*)SSLv2_server_method();   break;
    #endif // _WIN32
    case VSslMethodType::mtSSLv3   : m_meth = (SSL_METHOD*)SSLv3_server_method();   break;
    case VSslMethodType::mtSSLv23  : m_meth = (SSL_METHOD*)SSLv23_server_method();  break;
    case VSslMethodType::mtTLSv1   : m_meth = (SSL_METHOD*)TLSv1_server_method();   break;
    case VSslMethodType::mtTLSv1_1 : m_meth = (SSL_METHOD*)TLSv1_1_server_method(); break;
    case VSslMethodType::mtTLSv1_2 : m_meth = (SSL_METHOD*)TLSv1_2_server_method(); break;
    case VSslMethodType::mtDTLSv1  : m_meth = (SSL_METHOD*)DTLSv1_server_method();  break;
    case VSslMethodType::mtNone    :
    default                        :
      SET_ERROR(VSslError, QString("client method error(%1)").arg(methodType.str()), VSslError::INVALID_SSL_METHOD);
      return false;
  }

  m_ctx = SSL_CTX_new(m_meth);
  if (!SSL_CTX_set_tlsext_servername_callback(m_ctx, ssl_servername_cb))
  {
    LOG_ERROR("SSL_CTX_set_tlsext_servername_callback return false");
  }
  if (!SSL_CTX_set_tlsext_servername_arg(m_ctx, this))
  {
    LOG_ERROR("SSL_CTX_set_tlsext_servername_arg return false");
  }

  if (defaultKeyCrtFileName != "")
  {
    QString fileName = certificatePath;
    QFileInfo fi(fileName);
    // if (!fi.isAbsolute()) fileName = VApp::_filePath() + fileName; // gilgil temp 2014.12.25
    if (!fi.isAbsolute()) fileName = QCoreApplication::applicationDirPath() + QDir::separator() + fileName; // gilgil temp 2014.12.25
    if (!fileName.endsWith('/') && !fileName.endsWith('\\'))
    {
      fileName += QDir::separator();
    }
    fileName += defaultKeyCrtFileName;
    if (!setup(fileName)) return false;
  }

  if (!VTcpServer::doOpen()) return false;

  return true;
}
const SSL_METHOD *anubis_string_to_SSL_METOHD(const char *method, int role) {
    if(!method)
        return NULL;
    
    if(!strcasecmp(method, "SSLv23"))
        return role == ANUBIS_ROLE_SERVER ?
        SSLv23_server_method() :
        role == ANUBIS_ROLE_CLIENT ? SSLv23_client_method() : NULL;
#ifndef OPENSSL_NO_SSL2_METHOD
    if(!strcasecmp(method, "SSLv2"))
        return role == ANUBIS_ROLE_SERVER ?
        SSLv3_server_method() :
        role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL;
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
    if(!strcasecmp(method, "SSLv3"))
        return role == ANUBIS_ROLE_SERVER ?
        SSLv3_server_method() :
        role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL;
#endif
    if(!strcasecmp(method, "TLSv1.0"))
        return role == ANUBIS_ROLE_SERVER ?
        TLSv1_server_method() :
        role == ANUBIS_ROLE_CLIENT ? TLSv1_client_method() : NULL;
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
    if(!strcasecmp(method, "TLSv1.1"))
        return role == ANUBIS_ROLE_SERVER ?
        TLSv1_1_server_method() :
        role == ANUBIS_ROLE_CLIENT ? TLSv1_1_client_method() : NULL;
    if(!strcasecmp(method, "TLSv1.2"))
        return role == ANUBIS_ROLE_SERVER ?
        TLSv1_2_server_method() :
        role == ANUBIS_ROLE_CLIENT ? TLSv1_2_client_method() : NULL;
#endif
    
    /*
    if(!strcasecmp(method, "DTLS1.0"))
        return role == ANUBIS_ROLE_SERVER ?
        DTLSv1_server_method() :
        role == ANUBIS_ROLE_CLIENT ? DTLSv1_client_method() : NULL;
    if(!strcasecmp(method, "DTLS1.2"))
        return role == ANUBIS_ROLE_SERVER ?
        DTLSv1_2_server_method() :
        role == ANUBIS_ROLE_CLIENT ? DTLSv1_2_client_method() : NULL;
    if(!strcasecmp(method, "DTLS"))
        return role == ANUBIS_ROLE_SERVER ?
        DTLS_server_method() :
        role == ANUBIS_ROLE_CLIENT ? DTLS_client_method() : NULL;
     */
    
    return NULL;
}//end anubis_string_to_SSL_METOHD
CryptoManager::CryptoManager()
:
	clientContext(SSL_CTX_new(TLSv1_client_method())),
	serverContext(SSL_CTX_new(TLSv1_server_method())),
	clientVerContext(SSL_CTX_new(TLSv1_client_method())),
	serverVerContext(SSL_CTX_new(TLSv1_server_method())),
	dh(DH_new()),
	certsLoaded(false),
	lock("EXTENDEDPROTOCOLABCABCABCABCABCABC"),
	pk("DCPLUSPLUS" VERSIONSTRING "ABCABC")
{
	static unsigned char dh512_p[] =
	{
		0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
			0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
			0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
			0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
			0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
			0x47,0x74,0xE8,0x33,
	};

	static unsigned char dh512_g[] =
	{
		0x02,
	};

	if(dh) {
		dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0);
		dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), 0);

		if (!dh->p || !dh->g) {
			DH_free(dh);
			dh = 0;
		} else {
			SSL_CTX_set_tmp_dh(serverContext, dh);
			SSL_CTX_set_tmp_dh(serverVerContext, dh);
		}
	}
}
Beispiel #28
0
static SSL_METHOD *ssl23_get_server_method(int ver)
	{
#ifndef OPENSSL_NO_SSL2
	if (ver == SSL2_VERSION)
		return(SSLv2_server_method());
#endif
	if (ver == SSL3_VERSION)
		return(SSLv3_server_method());
	else if (ver == TLS1_VERSION)
		return(TLSv1_server_method());
	else
		return(NULL);
	}
Beispiel #29
0
static const SSL_METHOD *swSSL_get_method(int method)
{
    switch (method)
    {
#ifndef OPENSSL_NO_SSL3_METHOD
    case SW_SSLv3_METHOD:
        return SSLv3_method();
    case SW_SSLv3_SERVER_METHOD:
        return SSLv3_server_method();
    case SW_SSLv3_CLIENT_METHOD:
        return SSLv3_client_method();
#endif
    case SW_SSLv23_SERVER_METHOD:
        return SSLv23_server_method();
    case SW_SSLv23_CLIENT_METHOD:
        return SSLv23_client_method();
    case SW_TLSv1_METHOD:
        return TLSv1_method();
    case SW_TLSv1_SERVER_METHOD:
        return TLSv1_server_method();
    case SW_TLSv1_CLIENT_METHOD:
        return TLSv1_client_method();
#ifdef TLS1_1_VERSION
    case SW_TLSv1_1_METHOD:
        return TLSv1_1_method();
    case SW_TLSv1_1_SERVER_METHOD:
        return TLSv1_1_server_method();
    case SW_TLSv1_1_CLIENT_METHOD:
        return TLSv1_1_client_method();
#endif
#ifdef TLS1_2_VERSION
    case SW_TLSv1_2_METHOD:
        return TLSv1_2_method();
    case SW_TLSv1_2_SERVER_METHOD:
        return TLSv1_2_server_method();
    case SW_TLSv1_2_CLIENT_METHOD:
        return TLSv1_2_client_method();
#endif
    case SW_DTLSv1_METHOD:
        return DTLSv1_method();
    case SW_DTLSv1_SERVER_METHOD:
        return DTLSv1_server_method();
    case SW_DTLSv1_CLIENT_METHOD:
        return DTLSv1_client_method();
    case SW_SSLv23_METHOD:
    default:
        return SSLv23_method();
    }
    return SSLv23_method();
}
Beispiel #30
0
static const SSL_METHOD *
ssl23_get_server_method(int ver)
{
	if (ver == SSL3_VERSION)
		return (SSLv3_server_method());
	else if (ver == TLS1_VERSION)
		return (TLSv1_server_method());
	else if (ver == TLS1_1_VERSION)
		return (TLSv1_1_server_method());
	else if (ver == TLS1_2_VERSION)
		return (TLSv1_2_server_method());
	else
		return (NULL);
}