Example #1
0
static LUA_FUNCTION(openssl_bio_shutdown)
{
  BIO* bio = CHECK_OBJECT(1, BIO, "openssl.bio");

  if (BIO_method_type(bio) & BIO_TYPE_SSL)
  {
    BIO_ssl_shutdown(bio);
  }
  else if (BIO_method_type(bio) & (BIO_TYPE_SOCKET | BIO_TYPE_FD))
  {
    BIO_shutdown_wr(bio);;
  }
  else
    luaL_error(L, "don't know how to shutdown");
  return 0;
}
//--------------------------------------------------------------------------------------------------
le_result_t secSocket_Disconnect
(
    secSocket_Ctx_t* ctxPtr      ///< [INOUT] Secure socket context pointer
)
{
    if (!ctxPtr)
    {
        return LE_BAD_PARAMETER;
    }

    OpensslCtx_t* contextPtr = GetContext(ctxPtr);
    if (!contextPtr)
    {
        return LE_BAD_PARAMETER;
    }

    BIO_ssl_shutdown(contextPtr->bioPtr);
    return LE_OK;
}
Example #3
0
static int start_ssl_shutdown( pn_ssl_t *ssl )
{
  if (!ssl->ssl_shutdown) {
    _log(ssl, "Shutting down SSL connection...\n");
    if (ssl->session_id) {
      // save the negotiated credentials before we close the connection
      pn_ssl_session_t *ssn = (pn_ssl_session_t *)calloc( 1, sizeof(pn_ssl_session_t));
      if (ssn) {
        ssn->id = pn_strdup( ssl->session_id );
        ssn->session = SSL_get1_session( ssl->ssl );
        if (ssn->session) {
          _log( ssl, "Saving SSL session as %s\n", ssl->session_id );
          LL_ADD( ssl->domain, ssn_cache, ssn );
        } else {
          ssl_session_free( ssn );
        }
      }
    }
    ssl->ssl_shutdown = true;
    BIO_ssl_shutdown( ssl->bio_ssl );
  }
  return 0;
}
Example #4
0
int main(int argc, char *argv[]) {

  if (argc < 4) {
    printf("UNSUPPORTED");  //for now at least
    return 3;
  }

  BIO *sbio;
	SSL_CTX *ssl_ctx;
	SSL *ssl;
	X509 *cert;

  int returncode = 0;

  char url[256]; sprintf(url, "%s:%s", argv[1], argv[2]);
  char ca_bundle[256]; strcpy(ca_bundle, argv[3]);

//init:

  SSL_library_init();
  SSL_load_error_strings();

  ssl_ctx = SSL_CTX_new(TLSv1_client_method());
  SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
  if (SSL_CTX_load_verify_locations(ssl_ctx, ca_bundle, NULL) != 1) {
    printf("Couldn't load certificate trust store.");
    returncode=1;
    goto end;
  } else {
    goto connect;
  }

connect:

  sbio = BIO_new_ssl_connect(ssl_ctx);
  BIO_get_ssl(sbio, &ssl);
  if (!ssl) {
    printf("Connection failed");
    returncode=2;
    goto connect_end;
  }

  SSL_set_tlsext_host_name(ssl, url);
  BIO_set_conn_hostname(sbio, url);

  if(SSL_do_handshake(ssl) <= 0 || !verify_cert_hostname(SSL_get_peer_certificate(ssl), argv[1])) {
    printf ("VERIFY FAILURE");
  } else {
    printf ("VERIFY SUCCESS");
  }

  X509_free(cert);
	BIO_ssl_shutdown(sbio);

connect_end:

  BIO_free_all(sbio);

end:

  SSL_CTX_free(ssl_ctx);
  EVP_cleanup();
  ERR_free_strings();

	return returncode;
}
Example #5
0
int main(int argc, char *argv[]) {
	BIO *sbio;
	SSL_CTX *ssl_ctx;
	SSL *ssl;
	X509 *server_cert;

	// Initialize OpenSSL
	OpenSSL_add_all_algorithms();
	SSL_library_init();
	SSL_load_error_strings();

 	// Check OpenSSL PRNG
	if(RAND_status() != 1) {
		fprintf(stderr, "OpenSSL PRNG not seeded with enough data.");
		goto error_1;
	}

	ssl_ctx = SSL_CTX_new(TLSv1_client_method());
	
	// Enable certificate validation
	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
	// Configure the CA trust store to be used
	if (SSL_CTX_load_verify_locations(ssl_ctx, TRUSTED_CA_PATHNAME, NULL) != 1) {
		fprintf(stderr, "Couldn't load certificate trust store.\n");
		goto error_2;
	}

	// Only support secure cipher suites
	if (SSL_CTX_set_cipher_list(ssl_ctx, SECURE_CIPHER_LIST) != 1)
		goto error_2;

	// Create the SSL connection
	sbio = BIO_new_ssl_connect(ssl_ctx);
	BIO_get_ssl(sbio, &ssl); 
	if(!ssl) {
	  fprintf(stderr, "Can't locate SSL pointer\n");
		goto error_3;
	}

	// Do the SSL handshake
	BIO_set_conn_hostname(sbio, TARGET_SERVER);
	if(SSL_do_handshake(ssl) <= 0) {
		// SSL Handshake failed
		long verify_err = SSL_get_verify_result(ssl);
		if (verify_err != X509_V_OK) { 
			// It failed because the certificate chain validation failed
			fprintf(stderr, "Certificate chain validation failed: %s\n", X509_verify_cert_error_string(verify_err));
		}
		else {
			// It failed for another reason
			ERR_print_errors_fp(stderr);
		}
		goto error_3;
	}

	// Recover the server's certificate
	server_cert =  SSL_get_peer_certificate(ssl);
	if (server_cert == NULL) {
		// The handshake was successful although the server did not provide a certificate
		// Most likely using an insecure anonymous cipher suite... get out!
		goto error_4;
	}

	// Validate the hostname
	if (validate_hostname(TARGET_HOST, server_cert) != MatchFound) {
		fprintf(stderr, "Hostname validation failed.\n");
		goto error_5;
	}

	// Hostname validation succeeded; we can start sending data
	send_http_get_and_print(sbio);


error_5:
	X509_free(server_cert);

error_4:
	BIO_ssl_shutdown(sbio);

error_3:
	BIO_free_all(sbio);

error_2:
	SSL_CTX_free(ssl_ctx);

error_1: // OpenSSL cleanup
    EVP_cleanup();
    ERR_free_strings();

	return 0;
}
Example #6
0
int main(int argc, char **argv)  
{
    BIO *sslbio;
    SSL_CTX *ctx;  
    SSL *ssl;  
    //SSL_METHOD *meth;  
    unsigned long totl;  
    int i, p;
    char hostname[BUF_SIZE + 1];
    char server[16];
    char choice;
    int ret;    

  
    if (argc != 2) {  
        printf("Usage: %s ClientName\n", argv[0]);  
        printf("eg: '%s client1'\n", argv[0]);  
        return -1;  
    }

    if (strlen(argv[1]) >= NAME_SIZE) {
        fprintf(stderr, "%s is too long! \nPick a shorter client name.\n",argv[1]);
    } else {
        strcpy(CLIENT_NAME, argv[1]);    
    }
    printf("client name: %s\n", CLIENT_NAME);

    /* Formatting required certificates for client ...
       certificates are matched to client with file names */
    int length = strlen(CLIENT_NAME) + 10;
    char CLIENT_CERT_FILE2[length];
    strcpy(CLIENT_CERT_FILE2, "cert/");
    strcat(CLIENT_CERT_FILE2, CLIENT_NAME);
    strcat(CLIENT_CERT_FILE2, ".pem");
    printf("This client CERT file is required: %s\n", CLIENT_CERT_FILE2);
    // Checking for required certificate
    if( access( CLIENT_CERT_FILE2, F_OK ) != -1 ) {
    // file exists
	printf("CERT file verified present\n");
    } else {
    // file doesn't exist
	printf("CERT NOT FOUND....\n"
		"Perhaps this client does not have valid\n"
		"certificates present at this location\n"
		">>> ./%s\n",CLIENT_CERT_FILE2);
	exit(4);
    }
    char CLIENT_KEY_FILE2[length];
    strcpy(CLIENT_KEY_FILE2, "cert/");
    strcat(CLIENT_KEY_FILE2, CLIENT_NAME);
    strcat(CLIENT_KEY_FILE2, ".key");
    printf("This client KEY file is required: %s\n", CLIENT_KEY_FILE2);
    // Checking for required certificate
    if( access( CLIENT_KEY_FILE2, F_OK ) != -1 ) {
    // file exists
	printf("KEY file verified present\n\n");
    } else {
    // file doesn't exist
	printf("KEY NOT FOUND....\n"
		"Perhaps this client does not have valid"
		"certificates present at this location\n"
		">>> ./%s\n",CLIENT_KEY_FILE2);
	exit(4);
    }

    /* Give initial menu to user; get hostname for connection */
    choice = getchoice("Please select an action", imenu);
    printf("You have chosen: %c\n", choice);
    if (choice == 'q')
    {
	printf("Ending Program... Goodbye.\n");
    } 
    else // choice == 'a' 
    {
	printf("Initializing connection...\n");
    
	// NOTE: 45 is the max length of a IPv4 address
        getInput(server, "Enter server hostname to connect \n (e.g., '127.0.0.1')", 15);
    	SSL_library_init();  
    	ERR_load_BIO_strings();
    	ERR_load_SSL_strings();  
    	SSL_load_error_strings();
    	OpenSSL_add_all_algorithms();
	ctx = SSL_CTX_new(SSLv3_client_method()); 
//    	ctx = SSL_CTX_new(SSLv3_method());
    	  
    	//ctx = SSL_CTX_new(meth);  
    	assert(ctx != NULL);  
          
    	/* Verify the server */  
    	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);  
    	/* Load CA Certificate */  
    	if (!SSL_CTX_load_verify_locations(ctx, CA_CERT_FILE, NULL)) {  
            printf("Load CA file failed.\r\n");  
            //goto free_ctx;
            BIO_free_all(sslbio);
            SSL_CTX_free(ctx);
            return 0;
        }  
  

    	/* Load Client Certificate with Public Key */  
    	if (SSL_CTX_use_certificate_file(ctx, CLIENT_CERT_FILE2, SSL_FILETYPE_PEM) <= 0) {  
            ERR_print_errors_fp(stdout);  
            printf("ssl_ctx_use_certificate_file failed.\r\n");  
            //goto free_ctx;
            BIO_free_all(sslbio);
            SSL_CTX_free(ctx);
            return 0;  
        }  
  
      
    	/* Load Private Key */  
    	if (SSL_CTX_use_PrivateKey_file(ctx, CLIENT_KEY_FILE2, SSL_FILETYPE_PEM) <= 0) {  
            ERR_print_errors_fp(stdout);  
            printf("ssl_ctx_use_privatekey_file failed.\r\n");  
            //goto free_ctx;
            BIO_free_all(sslbio);
            SSL_CTX_free(ctx);
            return 0;
        }  
  
      
    	/* Check the validity of Private Key */  
    	if (!SSL_CTX_check_private_key(ctx)) {  
            ERR_print_errors_fp(stdout);  
            printf("ssl_ctx_check_private_key failed.\r\n");  
            //goto free_ctx;
            BIO_free_all(sslbio);
            SSL_CTX_free(ctx);
            return 0;  
    	}

    	/* Create the connection */
    	sslbio = BIO_new_ssl_connect(ctx);
    	/* Get SSL from sslbio */
    	BIO_get_ssl(sslbio, &ssl);
    	/* Set the SSL mode into SSL_MODE_AUTO_RETRY */
    	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
 
    	//////////////////////////////////////////////////
    	// NOTE: Port# hardcoded here; change if necessary
    	////////////////////////////////////////////////// 
    	BIO_set_conn_port(sslbio, "7777");
    	BIO_set_conn_hostname(sslbio, server);
	
	/* Request Connection */
	if(BIO_do_connect(sslbio) <= 0)
    	{
            fprintf(stderr, "Error attempting to connect\n");
            ERR_print_errors_fp(stderr);
            BIO_free_all(sslbio);
            SSL_CTX_free(ctx);
            return 0;
    	}
    	else
    	{
            printf("Connection to server successful!\n");
    	}

    	/* Verify Server Certificate Validity */
    	if(SSL_get_verify_result(ssl) != X509_V_OK)
    	{
            printf("Certificate Verification Error: %ld\n", SSL_get_verify_result(ssl));
            BIO_free_all(sslbio);
            SSL_CTX_free(ctx);
            return 0;
    	}
    	else
    	{
    	    printf("verify server cert successful\n");
    	}

    	//Send hostname to server
    	printf("Sending client name to server.\n");
    	BIO_write(sslbio, CLIENT_NAME, strlen(CLIENT_NAME));
  
    	do
    	{
    	    choice = getchoice("Please select an action", menu);
    	    printf("You have chosen: %c\n", choice);
	
	    if (choice == 'a')
	    {
        	printf("Check-in function will be executed\n");
                choiceProcess (sslbio, buffer, choice);
                ret = checkin_file(ssl, sslbio, buffer);
            }
            else if (choice == 'b')
            {
                printf("Check-out function will be executed\n");
                choiceProcess (sslbio, buffer, choice);
		ret = checkout_file(ssl, sslbio, buffer);
            }
            else if (choice == 'c')
            {
                printf("Delegate function will be executed\n");
                choiceProcess (sslbio, buffer, choice);
            }
            else if (choice == 'd')
            {
                printf("Safe-delete function will be executed\n");
                choiceProcess (sslbio, buffer, choice);
            }
            else
            {
                printf("Terminate function will be executed\n");
            }

        } while (choice != 'q');

        /* Terminate the connection by sending message */
        clientTerminate (sslbio, buffer);

        /* Close the connection and free the context */
        BIO_ssl_shutdown(sslbio);
        BIO_free_all(sslbio);
    	SSL_CTX_free(ctx);
    }

    return 0;  
}