Ejemplo n.º 1
0
int encrypt_connect_server()
{
    //return -1;
    /* SSL initialization*/
    SSL_library_init();
    OpenSSL_add_all_algorithms();
    SSL_load_error_strings();
    ctx = SSL_CTX_new(TLSv1_client_method());
    if (ctx == NULL)
    {
        ERR_print_errors_fp(stdout);
        exit(1);
    }
    /* creat a new SSL based on ctx */
    ssl = SSL_new(ctx);
    // connect ssl to TCP SOCKET
    SSL_set_fd(ssl, sockfd);
    /* create ssl connection */
    if (SSL_connect(ssl) == -1 || strcmp("(NONE)",SSL_get_cipher(ssl)) == 0)
    {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    DEBUG_printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
    ShowCerts(ssl);
    return 1;
}
Ejemplo n.º 2
0
datum_t
ssl_cipher(PG_FUNC_ARGS)
{
	if (proc_port->ssl == NULL)
		RET_NULL();
	RET_TEXT_P(cstring_to_text(SSL_get_cipher(proc_port->ssl)));
}
Ejemplo n.º 3
0
bool SSLSocket::waitAccepted(uint64_t millis) {
	if(!ssl) {
		if(!Socket::waitAccepted(millis)) {
			return false;
		}
		ssl.reset(SSL_new(ctx));
		if(!ssl)
			checkSSL(-1);

		checkSSL(SSL_set_fd(ssl, sock));
	}

	if(SSL_is_init_finished(ssl)) {
		return true;
	}

	while(true) {
		int ret = SSL_accept(ssl);
		if(ret == 1) {
			dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl));
#ifndef HEADER_OPENSSLV_H
			finished = true;
#endif
			return true;
		}
		if(!waitWant(ret, millis)) {
			return false;
		}
	}
}
Ejemplo n.º 4
0
bool SSLSocket::waitConnected(uint64_t millis) {
	if(!ssl) {
		if(!Socket::waitConnected(millis)) {
			return false;
		}
		ssl.reset(SSL_new(ctx));
		if(!ssl)
			checkSSL(-1);

		checkSSL(SSL_set_fd(ssl, sock));
	}

	if(SSL_is_init_finished(ssl)) {
		return true;
	}

	while(true) {
		// OpenSSL needs server handshake for NAT traversal
		int ret = ssl->server ? SSL_accept(ssl) : SSL_connect(ssl);
		if(ret == 1) {
			dcdebug("Connected to SSL server using %s as %s\n", SSL_get_cipher(ssl), ssl->server?"server":"client");
#ifndef HEADER_OPENSSLV_H			
			finished = true;
#endif
			return true;
		}
		if(!waitWant(ret, millis)) {
			return false;
		}
	}
}
Ejemplo n.º 5
0
std::string TLSSocket::Cipher() const
{
  if (!session) return "NONE";
  const char* cipher = SSL_get_cipher(session);
  if (!cipher) return "NONE";
  return cipher;
}
Ejemplo n.º 6
0
bool SSLSocket::waitAccepted(uint64_t millis) {
	if(!ssl) {
		if(!Socket::waitAccepted(millis)) {
			return false;
		}
		ssl.reset(SSL_new(ctx));
		if(!ssl)
			checkSSL(-1);

		if(!verifyData) {
			SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
		} else SSL_set_ex_data(ssl, CryptoManager::idxVerifyData, verifyData.get());

		checkSSL(SSL_set_fd(ssl, static_cast<int>(getSock())));
	}

	if(SSL_is_init_finished(ssl)) {
		return true;
	}

	while(true) {
		int ret = SSL_accept(ssl);
		if(ret == 1) {
			dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl));
			return true;
		}
		if(!waitWant(ret, millis)) {
			return false;
		}
	}
}
Ejemplo n.º 7
0
int      kn_sock_sslconnect(//engine_t e,
		                  handle_t h,
		                  kn_sockaddr *remote,
		                  kn_sockaddr *local){
	if(h->type != KN_SOCKET && ((kn_socket*)h)->type != SOCK_STREAM)
		return 0;
	kn_socket *s = (kn_socket*)h;
	if(h->status != SOCKET_NONE) return -1;
	//if(s->e) return -1;
	SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());
	if (ctx == NULL) {
	    ERR_print_errors_fp(stdout);
	    return -1;
	}
    	((kn_stream_socket*)s)->ctx = ctx;		
	s->addr_remote = *remote;
	int ret = stream_socket_connect((kn_stream_socket*)s,local,remote);
	if(ret == 1){
		((kn_stream_socket*)s)->ssl = SSL_new(ctx);
		SSL_set_fd(((kn_stream_socket*)s)->ssl,h->fd);
		if (SSL_connect(((kn_stream_socket*)s)->ssl) == -1){
		        ERR_print_errors_fp(stderr);
		        ret = -1;
		}
		else {
		        kn_set_noblock(h->fd,0);
		        h->status = SOCKET_ESTABLISH;
		        printf("Connected with %s encryption/n", SSL_get_cipher(((kn_stream_socket*)s)->ssl));
		        ShowCerts(((kn_stream_socket*)s)->ssl);
		}		
	}else{
		ret = -1;
	}	
	return ret;	
}
Ejemplo n.º 8
0
int 
openhost(char *host, int port)
{
	struct hostent *hp;
	register int s;
	struct sockaddr_in sin;
	int     err;
	X509   *server_cert;
	char   *str;

	if ((hp = gethostbyname(host)) == NULL) {
		printf("ERR: gethostbyname\n");
		return (-1);
	}
	if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
		perror("socket");
		return (-1);
	}
	sin.sin_family = AF_INET;
	sin.sin_port = htons(port);
	bcopy(hp->h_addr, &sin.sin_addr, hp->h_length);

	alarm(30);
	if (connect(s, (struct sockaddr *) &sin, sizeof(sin)) < 0)
		return (-1);
	alarm(0);

	SSLeay_add_ssl_algorithms();
	SSL_load_error_strings();
	/* ctx = SSL_CTX_new (SSLv23_method());                     CHK_NULL(ctx);
	 */
	ctx = SSL_CTX_new(SSLv2_method());
	CHK_NULL(ctx);

	ssl = SSL_new(ctx);
	CHK_NULL(ssl);
	SSL_set_fd(ssl, s);
	err = SSL_connect(ssl);
	CHK_SSL(err);

	printf("SSL connection using %s\n", SSL_get_cipher(ssl));

	server_cert = SSL_get_peer_certificate(ssl);
	CHK_NULL(server_cert);
	printf("Server certificate:\n");

	str = X509_NAME_oneline(X509_get_subject_name(server_cert), NULL, 0);
	CHK_NULL(str);
	printf("\t subject: %s\n", str);
	Free(str);

	str = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0);
	CHK_NULL(str);
	printf("\t issuer: %s\n", str);
	Free(str);

	X509_free(server_cert);

	return (s);
}
Ejemplo n.º 9
0
int
tls_get_conninfo(struct tls *ctx) {
	const char * tmp;

	tls_free_conninfo(ctx->conninfo);

	if (ctx->ssl_peer_cert != NULL) {
		if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)
			goto err;
		if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject)
		    == -1)
			goto err;
		if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
			goto err;
		if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
		    &ctx->conninfo->notafter) == -1)
			goto err;
	}
	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
		goto err;
	ctx->conninfo->version = strdup(tmp);
	if (ctx->conninfo->version == NULL)
		goto err;
	if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
		goto err;
	ctx->conninfo->cipher = strdup(tmp);
	if (ctx->conninfo->cipher == NULL)
		goto err;
	return (0);
err:
	tls_free_conninfo(ctx->conninfo);
	return (-1);
}
Ejemplo n.º 10
0
Archivo: command.c Proyecto: 50wu/gpdb
/*
 * printSSLInfo
 *
 * Prints information about the current SSL connection, if SSL is in use
 */
static void
printSSLInfo(void)
{
#ifdef USE_SSL
	int			sslbits = -1;
	SSL		   *ssl;

	ssl = PQgetssl(pset.db);
	if (!ssl)
		return;					/* no SSL */

	SSL_get_cipher_bits(ssl, &sslbits);
	printf(_("SSL connection (cipher: %s, bits: %i)\n"),
		   SSL_get_cipher(ssl), sslbits);
#else

	/*
	 * If psql is compiled without SSL but is using a libpq with SSL, we
	 * cannot figure out the specifics about the connection. But we know it's
	 * SSL secured.
	 */
	if (PQgetssl(pset.db))
		printf(_("SSL connection (unknown cipher)\n"));
#endif
}
Ejemplo n.º 11
0
bool SSLSocket::waitAccepted(uint32_t millis) {
    if(!ssl) {
        if(!Socket::waitAccepted(millis)) {
            return false;
        }
        ssl.reset(SSL_new(ctx));
        if(!ssl)
            checkSSL(-1);

        checkSSL(SSL_set_fd(ssl, getSock()));
    }

    if(SSL_is_init_finished(ssl)) {
        return true;
    }

    while(true) {
        int ret = SSL_accept(ssl);
        if(ret == 1) {
            dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl));
            return true;
        }
        if(!waitWant(ret, millis)) {
            return false;
        }
    }
}
Ejemplo n.º 12
0
/*---------------------------------------------------------------------*/
bool MakeSSLRequest(const char* hostname, int port, 
    ClientFunction client_func, void* client_data)
{   
    // Set up context
    SSL_CTX* ctx = InitCTX();
    CHECK_CALL(ctx);

    // Connect to server
    int server = OpenConnection(hostname, port);
    if(server < 0) return false;
    CHECK_CALL(server);

    SSL* ssl = SSL_new(ctx);
    SSL_set_fd(ssl, server);

    // Do handshake
    if ( SSL_connect(ssl) == FAIL ) {
        ERR_print_errors_fp(stderr);
        return false;
    }

    client_func(ssl, client_data);

    fprintf(stderr, "Connected with %s encryption\n", SSL_get_cipher(ssl));

    SSL_free(ssl);
    
    close(server);

    SSL_CTX_free(ctx);
    ERR_free_strings();
    EVP_cleanup();

    return true;
}
Ejemplo n.º 13
0
Datum
ssl_cipher(PG_FUNCTION_ARGS)
{
	if (MyProcPort->ssl == NULL)
		PG_RETURN_NULL();
	PG_RETURN_TEXT_P(cstring_to_text(SSL_get_cipher(MyProcPort->ssl)));
}
Ejemplo n.º 14
0
static int ssl_connect(int sd)
{
	char buf[256];
	X509 *cert;

	SSL_set_fd(ssl, sd);
	if (-1 == SSL_connect(ssl))
		return -1;

	DBG("SSL connection using %s", SSL_get_cipher(ssl));

	/* Get server's certificate (note: beware of dynamic allocation) - opt */
	cert = SSL_get_peer_certificate(ssl);
	if (!cert)
		return -1;

	/* Logging some cert details. Please note: X509_NAME_oneline doesn't
	   work when giving NULL instead of a buffer. */
	X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
	DBG("SSL server cert subject: %s", buf);
	X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
	DBG("SSL server cert issuer: %s", buf);

	/* We could do all sorts of certificate verification stuff here before
	   deallocating the certificate. */
	X509_free(cert);

	return 0;
}
Ejemplo n.º 15
0
THREAD_RETURN YASSL_API server_test(void* args)
{
#ifdef _WIN32
    WSADATA wsd;
    WSAStartup(0x0002, &wsd);
#endif

    SOCKET_T sockfd   = 0;
    SOCKET_T clientfd = 0;
    int      argc     = 0;
    char**   argv     = 0;

    set_args(argc, argv, *static_cast<func_args*>(args));
    tcp_accept(sockfd, clientfd, *static_cast<func_args*>(args));

    tcp_close(sockfd);

    SSL_METHOD* method = TLSv1_server_method();
    SSL_CTX*    ctx = SSL_CTX_new(method);

    //SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5");
    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
    set_serverCerts(ctx);
    DH* dh = set_tmpDH(ctx);

    SSL* ssl = SSL_new(ctx);
    SSL_set_fd(ssl, clientfd);

#ifdef NON_BLOCKING
    NonBlockingSSL_Accept(ssl, ctx, clientfd);
#else
    if (SSL_accept(ssl) != SSL_SUCCESS)
        ServerError(ctx, ssl, clientfd, "SSL_accept failed");
#endif
     
    showPeer(ssl);
    printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));

    char command[1024];
    int input = SSL_read(ssl, command, sizeof(command));
    if (input > 0) {
        command[input] = 0;
        printf("First client command: %s\n", command);
    }

    char msg[] = "I hear you, fa shizzle!";
    if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
        ServerError(ctx, ssl, clientfd, "SSL_write failed");

    DH_free(dh);
    SSL_CTX_free(ctx);
    SSL_shutdown(ssl);
    SSL_free(ssl);

    tcp_close(clientfd);

    ((func_args*)args)->return_code = 0;
    return 0;
}
Ejemplo n.º 16
0
void
be_tls_get_cipher(Port *port, char *ptr, size_t len)
{
	if (port->ssl)
		strlcpy(ptr, SSL_get_cipher(port->ssl), len);
	else
		ptr[0] = '\0';
}
Ejemplo n.º 17
0
const char *
be_tls_get_cipher(Port *port)
{
	if (port->ssl)
		return SSL_get_cipher(port->ssl);
	else
		return NULL;
}
Ejemplo n.º 18
0
int ssl_open(http_t *client, char *msg)
{
	char buf[256];
	const char *sn;
	X509 *cert;

	if (!client->ssl_enabled)
		return tcp_init(&client->tcp, msg);

	tcp_set_port(&client->tcp, HTTPS_DEFAULT_PORT);
	DO(tcp_init(&client->tcp, msg));

	logit(LOG_INFO, "%s, initiating HTTPS ...", msg);
	client->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
	if (!client->ssl_ctx)
		return RC_HTTPS_OUT_OF_MEMORY;

	/* POODLE, only allow TLSv1.x or later */
	SSL_CTX_set_options(client->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);

	SSL_CTX_set_verify(client->ssl_ctx, SSL_VERIFY_PEER, verify_callback);
	SSL_CTX_set_verify_depth(client->ssl_ctx, 150);

	/* Try to figure out location of trusted CA certs on system */
	if (ssl_set_ca_location(client))
		return RC_HTTPS_NO_TRUSTED_CA_STORE;

	client->ssl = SSL_new(client->ssl_ctx);
	if (!client->ssl)
		return RC_HTTPS_OUT_OF_MEMORY;

	/* SSL SNI support: tell the servername we want to speak to */
	http_get_remote_name(client, &sn);
	if (!SSL_set_tlsext_host_name(client->ssl, sn))
		return RC_HTTPS_SNI_ERROR;

	SSL_set_fd(client->ssl, client->tcp.ip.socket);
	if (-1 == SSL_connect(client->ssl))
		return RC_HTTPS_FAILED_CONNECT;

	logit(LOG_INFO, "SSL connection using %s", SSL_get_cipher(client->ssl));

	cert = SSL_get_peer_certificate(client->ssl);
	if (!cert)
		return RC_HTTPS_FAILED_GETTING_CERT;

	if (SSL_get_verify_result(client->ssl) == X509_V_OK)
		logit(LOG_DEBUG, "Certificate OK");

	X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
	logit(LOG_INFO, "SSL server cert subject: %s", buf);
	X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
	logit(LOG_INFO, "SSL server cert issuer: %s", buf);

	X509_free(cert);

	return 0;
}
Ejemplo n.º 19
0
/**
 * Embeds a socket in a ssl connection.
 * @param socket the socket to be used.
 * @return The ssl connection or NULL if an error occured.
 */
int embed_ssl_socket(ssl_connection *ssl, int socket) {
  int ssl_error;
  time_t ssl_time;
  
  if (!ssl)
    return FALSE;
  
  if (!ssl_initialized)
    start_ssl();

  if (socket >= 0) {
    ssl->socket = socket;
  } else {
    LogError("%s: Socket error!\n", prog);
    goto sslerror;
  }

  if ((ssl->handler = SSL_new (ssl->ctx)) == NULL) {
    LogError("%s: Cannot initialize the SSL handler -- %s\n", prog, SSLERROR);
    goto sslerror;
  }

  set_noblock(ssl->socket);

  if ((ssl->socket_bio = BIO_new_socket(ssl->socket, BIO_NOCLOSE)) == NULL) {
    LogError("%s: Cannot generate IO buffer -- %s\n", prog, SSLERROR);
    goto sslerror;
  }

  SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio);
  ssl_time = time(NULL);

  while ((ssl_error = SSL_connect (ssl->handler)) < 0) {
    if ((time(NULL) - ssl_time) > SSL_TIMEOUT) {
      LogError("%s: SSL service timeout!\n", prog);
      goto sslerror;
    }

    if (!handle_error(ssl_error, ssl))
      goto sslerror;

    if (!BIO_should_retry(ssl->socket_bio))
      goto sslerror;
  }

  ssl->cipher = (char *) SSL_get_cipher(ssl->handler);

  if (! update_ssl_cert_data(ssl)) {
    LogError("%s: Cannot get the SSL server certificate!\n", prog);
    goto sslerror;
  }

  return TRUE;

sslerror:
  cleanup_ssl_socket(ssl);
  return FALSE;
} 
Ejemplo n.º 20
0
/*
 * Enable SSL on a connection.
 */
int
fetch_ssl(conn_t *conn, int verbose)
{
#ifdef WITH_SSL
	int ret, ssl_err;

	/* Init the SSL library and context */
	if (!SSL_library_init()){
		fprintf(stderr, "SSL library init failed\n");
		return (-1);
	}

	SSL_load_error_strings();

	conn->ssl_meth = SSLv23_client_method();
	conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
	SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);

	conn->ssl = SSL_new(conn->ssl_ctx);
	if (conn->ssl == NULL){
		fprintf(stderr, "SSL context creation failed\n");
		return (-1);
	}
	SSL_set_fd(conn->ssl, conn->sd);
	while ((ret = SSL_connect(conn->ssl)) == -1) {
		ssl_err = SSL_get_error(conn->ssl, ret);
		if (ssl_err != SSL_ERROR_WANT_READ &&
		    ssl_err != SSL_ERROR_WANT_WRITE) {
			ERR_print_errors_fp(stderr);
			return (-1);
		}
	}

	if (verbose) {
		X509_NAME *name;
		char *str;

		fprintf(stderr, "SSL connection established using %s\n",
		    SSL_get_cipher(conn->ssl));
		conn->ssl_cert = SSL_get_peer_certificate(conn->ssl);
		name = X509_get_subject_name(conn->ssl_cert);
		str = X509_NAME_oneline(name, 0, 0);
		printf("Certificate subject: %s\n", str);
		free(str);
		name = X509_get_issuer_name(conn->ssl_cert);
		str = X509_NAME_oneline(name, 0, 0);
		printf("Certificate issuer: %s\n", str);
		free(str);
	}

	return (0);
#else
	(void)conn;
	(void)verbose;
	fprintf(stderr, "SSL support disabled\n");
	return (-1);
#endif
}
Ejemplo n.º 21
0
int ssl_client_handshake(struct Client *cptr) {

  char *str;
  int err;

  cptr->ssl = (struct SSL*)SSL_new (ctx);                         CHK_NULL(cptr->ssl);    
  SSL_set_fd ((SSL*)cptr->ssl, cptr->fd);
  set_blocking(cptr->fd);
  err = SSL_connect ((SSL*)cptr->ssl);                     
  set_non_blocking(cptr->fd);
  if ((err)==-1) {
     irclog(L_NOTICE,"Could connect to %s:Error in SSL_connect()", 
                  get_client_name(cptr, TRUE));
     return 0;
     }
    
  /* Following two steps are optional and not required for
     data exchange to be successful. */
  
  /* Get the cipher - opt */
  set_blocking(cptr->fd);
  irclog (L_NOTICE,"SSL connection using %s", SSL_get_cipher ((SSL*)cptr->ssl));
  
  
  SetSecure(cptr);      
  /* Get server's certificate (note: beware of dynamic allocation) - opt */

  cptr->client_cert = (struct X509*)SSL_get_peer_certificate ((SSL *)cptr->ssl);
  set_non_blocking(cptr->fd);

  if (cptr->client_cert != NULL)
    {
      irclog (L_NOTICE,"Server certificate:");
  
      str = X509_NAME_oneline (X509_get_subject_name ((X509*)cptr->client_cert),0,0);
      CHK_NULL(str);
      irclog (L_NOTICE, "\t subject: %s", str);
      // Free (str);
      free (str);
  
      str = X509_NAME_oneline (X509_get_issuer_name  ((X509*)cptr->client_cert),0,0);
      CHK_NULL(str);
      irclog (L_NOTICE, "\t issuer: %s", str);
      // Free (str);
      free (str);
      /* We could do all sorts of certificate verification stuff here before
      deallocating the certificate. */

      X509_free ((X509*)cptr->client_cert);

    }
    else
      irclog (L_NOTICE, "Server does not have certificate.");
      
  
  return 1;
}
Ejemplo n.º 22
0
static void setSecured(MprSocket *sp)
{
    OpenSocket    *osp;

    sp->secured = 1;
    osp = sp->sslSocket;
    sp->cipher = sclone(SSL_get_cipher(osp->handle));
    sp->session = getOssSession(sp);
}
Ejemplo n.º 23
0
void kul::https::Server::loop() throw(kul::tcp::Exception){
    KUL_DBG_FUNC_ENTER
    int32_t newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
    if(newsockfd < 0) KEXCEPTION("HTTPS Server error on accept");

    ssl = SSL_new(ctx);
    SSL_set_fd(ssl, newsockfd);
    //Here is the SSL Accept portion.  Now all reads and writes must use SSL
    int16_t ssl_err = SSL_accept(ssl);
    if(ssl_err <= 0){
        short se = 0;
        SSL_get_error(ssl, se);
        KERR << "HTTPS Server SSL ERROR on SSL_ACCEPT error: " << se;
        close(newsockfd);
        return;
    }

    KLOG(DBG) << "SSL_get_cipher: " << SSL_get_cipher(ssl);
    cc = SSL_get_peer_certificate (ssl);

    if(cc != NULL) {
        KLOG(DBG) << "Client certificate:";
        KLOG(DBG) << "\t subject: " << X509_NAME_oneline (X509_get_subject_name (cc), 0, 0);
        KLOG(DBG) << "\t issuer: %s\n" << X509_NAME_oneline (X509_get_issuer_name  (cc), 0, 0);
        X509_free(cc);
    }else KLOG(ERR) << "Client does not have certificate.";

    KOUT(DBG) << "New connection , socket fd is " << newsockfd << ", is : " << inet_ntoa(cli_addr.sin_addr) << ", port : "<< ntohs(cli_addr.sin_port);
    onConnect(inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
    int16_t e;
    char buffer[_KUL_HTTPS_READ_BUFFER_];
    std::stringstream cnt;
    do{
        bzero(buffer,_KUL_HTTPS_READ_BUFFER_);
        e = SSL_read(ssl, buffer, _KUL_HTTPS_READ_BUFFER_ - 1);
        if(e) cnt << buffer;
    }while(e == (_KUL_HTTPS_READ_BUFFER_ - 1));
    if (e < 0){ 
        short se = 0;
        SSL_get_error(ssl, se);
        if(se) KLOG(ERR) << "SSL_get_error: " << se;
        e = -1;
    }else
        try{
            std::string res;
            std::shared_ptr<kul::http::ARequest> req = handleRequest(cnt.str(), res);
            const kul::http::AResponse& rs(respond(*req.get()));
            std::string ret(rs.toString());
            e = SSL_write(ssl, ret.c_str(), ret.length());
        }catch(const kul::http::Exception& e1){
            KERR << e1.what(); 
            e = -1;
        }
    close(newsockfd);
    KOUT(DBG) << "Disconnect , socket fd is " << newsockfd << ", is : " << inet_ntoa(cli_addr.sin_addr) << ", port : "<< ntohs(cli_addr.sin_port);
    onDisconnect(inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port));
}
Ejemplo n.º 24
0
int	MaOpenSslSocket::read(char *buf, int len)
{
	int		rc;

	if (bio == 0 || ssl == 0) {
		return -1;
	}

	rc = BIO_read(bio, buf, len);

#if DEBUG
	if (rc > 0 && !connTraced) {
		X509_NAME	*xSubject;
		X509		*cert;
		char		subject[260], issuer[260], peer[260];

		mprLog(4, "%d: SSL Connected using: \"%s\"\n", 
			sock, SSL_get_cipher(ssl));

		cert = SSL_get_peer_certificate(ssl);
		if (cert == 0) {
			mprLog(4, "%d: SSL Details: client supplied no certificate\n", 
				sock);
		} else {
			xSubject = X509_get_subject_name(cert);
			X509_NAME_oneline(xSubject, subject, sizeof(subject) -1);
			X509_NAME_oneline(X509_get_issuer_name(cert), issuer, 
				sizeof(issuer) -1);
			X509_NAME_get_text_by_NID(xSubject, NID_commonName, peer, 
				sizeof(peer) - 1);
			mprLog(4, "%d: SSL Subject %s\n", sock, subject);
			mprLog(4, "%d: SSL Issuer: %s\n", sock, issuer);
			mprLog(4, "%d: SSL Peer: %s\n", sock, peer);
			X509_free(cert);
		}
		connTraced = 1;
	}
#endif

	if (rc > 0) {
		return rc;

	} else if (rc == 0) {
		if (BIO_should_retry(bio)) {
			return 0;
		}
		flags |= MPR_SOCKET_EOF;
		return 0;
	}
	if (BIO_should_retry(bio)) {
		return 0;
	}
	return rc;
}
Ejemplo n.º 25
0
Archivo: tlsIO.c Proyecto: fahkri/tls
/*
 *-------------------------------------------------------------------
 *
 * TlsGetOptionProc --
 *
 *	Computes an option value for a SSL socket based channel, or a
 *	list of all options and their values.
 *
 * Results:
 *	A standard Tcl result. The value of the specified option or a
 *	list of all options and	their values is returned in the
 *	supplied DString.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
static int
TlsGetOptionProc(ClientData instanceData,	/* Socket state. */
	Tcl_Interp *interp,		/* For errors - can be NULL. */
	CONST84 char *optionName,	/* Name of the option to
					 * retrieve the value for, or
					 * NULL to get all options and
					 * their values. */
	Tcl_DString *dsPtr)		/* Where to store the computed value
					 * initialized by caller. */
{
    State *statePtr = (State *) instanceData;

    if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	Tcl_Channel downChan = Tls_GetParent(statePtr);
	Tcl_DriverGetOptionProc *getOptionProc;

	getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(downChan));
	if (getOptionProc != NULL) {
	    return (*getOptionProc)(Tcl_GetChannelInstanceData(downChan),
		    interp, optionName, dsPtr);
	} else if (optionName == (char*) NULL) {
	    /*
	     * Request is query for all options, this is ok.
	     */
	    return TCL_OK;
	}
	/*
	 * Request for a specific option has to fail, we don't have any.
	 */
	return TCL_ERROR;
    } else {
	size_t len = 0;

	if (optionName != (char *) NULL) {
	    len = strlen(optionName);
	}
#if 0
	if ((len == 0) || ((len > 1) && (optionName[1] == 'c') &&
		(strncmp(optionName, "-cipher", len) == 0))) {
	    if (len == 0) {
		Tcl_DStringAppendElement(dsPtr, "-cipher");
	    }
	    Tcl_DStringAppendElement(dsPtr, SSL_get_cipher(statePtr->ssl));
	    if (len) {
		return TCL_OK;
	    }
	}
#endif
	return TCL_OK;
    }
}
Ejemplo n.º 26
0
int ssl_open(http_t *client, char *msg)
{
	char buf[256];
	const char *sn;
	const X509 *cert;

	if (!client->ssl_enabled)
		return tcp_init(&client->tcp, msg);

	tcp_set_port(&client->tcp, 443);
	DO(tcp_init(&client->tcp, msg));

	logit(LOG_INFO, "%s, initiating HTTPS ...", msg);
	client->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
	if (!client->ssl_ctx)
		return RC_HTTPS_OUT_OF_MEMORY;

	client->ssl = SSL_new(client->ssl_ctx);
	if (!client->ssl)
		return RC_HTTPS_OUT_OF_MEMORY;

	/* SSL SNI support: tell the servername we want to speak to */
	http_get_remote_name(client, &sn);
	if (gnutls_server_name_set(client->ssl->gnutls_state, GNUTLS_NAME_DNS, sn, strlen(sn)))
		return RC_HTTPS_SNI_ERROR;

	SSL_set_fd(client->ssl, client->tcp.ip.socket);
	if (-1 == SSL_connect(client->ssl))
		return RC_HTTPS_FAILED_CONNECT;

	logit(LOG_INFO, "SSL connection using %s", SSL_get_cipher(client->ssl));

	/* Get server's certificate (note: beware of dynamic allocation) - opt */
	cert = SSL_get_peer_certificate(client->ssl);
	if (!cert)
		return RC_HTTPS_FAILED_GETTING_CERT;

	/* Logging some cert details. Please note: X509_NAME_oneline doesn't
	   work when giving NULL instead of a buffer. */
	X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
	logit(LOG_INFO, "SSL server cert subject: %s", buf);
	X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
	logit(LOG_INFO, "SSL server cert issuer: %s", buf);

	/* We could do all sorts of certificate verification stuff here before
	   deallocating the certificate. */
	X509_free(cert);

	return 0;
}
Ejemplo n.º 27
0
void SSLSocket::accept(const Socket& listeningSocket) throw(SocketException) {
	Socket::accept(listeningSocket);

	if(ssl)
		SSL_free(ssl);

	ssl = SSL_new(ctx);
	if(!ssl)
		checkSSL(-1);

	checkSSL(SSL_set_fd(ssl, sock));
	checkSSL(SSL_accept(ssl));
	dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl));
}
Ejemplo n.º 28
0
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
		   char *buf, size_t buflen)
{
	const char *name;
	if (conn == NULL || conn->ssl == NULL)
		return -1;

	name = SSL_get_cipher(conn->ssl);
	if (name == NULL)
		return -1;

	snprintf(buf, buflen, "%s", name);
	return 0;
}
Ejemplo n.º 29
0
//~~~~~~~~~~~~~~~~~~~~~connect to server~~~~~~~~~~~~~~~~~~~
//成功返回1,失败返回0并且退出
int connectto(int argc,char *args[]) 
{
	//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~判断输入IP是否正确~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	int i,count=0;
	if(argc!=2)
		{
			printf("format error: you mast enter ipaddr like this : client 192.168.0.6\n");
			exit(0);
		}
	for(i=0;*(args[1]+i)!='\0';i++)
		{
			if(*(args[1]+i)=='.')
				count++;
		}
	if(count!=3)
		{
			printf("IP format error\n");
			exit(0);
		}
	//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	
	if((sockclient=socket(AF_INET,SOCK_STREAM,0))==-1)
		{
			perror("socket");	
			exit(0);
		}
	memset(&sockaddr1,0,sizeof(sockaddr1));
	sockaddr1.sin_family = AF_INET;
	sockaddr1.sin_addr.s_addr = inet_addr(args[1]);
	sockaddr1.sin_port = htons(port);
	
	if(connect(sockclient,(struct sockaddr* )&sockaddr1,sizeof(sockaddr1))==-1)
		{
			perror("connect");
			exit(0);
		}
		//-----------------------------------------------------------------------
	/* 基于 ctx 产生一个新的 SSL */
  ssl = SSL_new(ctx);
  SSL_set_fd(ssl, sockclient);
  /* 建立 SSL 连接 */
  if (SSL_connect(ssl) == -1)
    ERR_print_errors_fp(stderr);
  else
  {
    printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
    ShowCerts(ssl);
  }
	return 1;
}
Ejemplo n.º 30
0
void init_clinet_ssl(int server)
{
    SSL_library_init();
    ctx = InitCTX();
    ssl = SSL_new(ctx);      /* create new SSL connection state */
    SSL_set_fd(ssl, server);    /* attach the socket descriptor */
    if ( SSL_connect(ssl) == FAIL )   /* perform the connection */
        ERR_print_errors_fp(stderr);
    else {
        printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
        ShowCerts(ssl);        /* get any certs */
    }

}