static LUA_FUNCTION(openssl_bio_shutdown) { BIO* bio = CHECK_OBJECT(1, BIO, "openssl.bio"); if (BIO_method_type(bio) & BIO_TYPE_SSL) { BIO_ssl_shutdown(bio); } else if (BIO_method_type(bio) & (BIO_TYPE_SOCKET | BIO_TYPE_FD)) { BIO_shutdown_wr(bio);; } else luaL_error(L, "don't know how to shutdown"); return 0; }
//-------------------------------------------------------------------------------------------------- le_result_t secSocket_Disconnect ( secSocket_Ctx_t* ctxPtr ///< [INOUT] Secure socket context pointer ) { if (!ctxPtr) { return LE_BAD_PARAMETER; } OpensslCtx_t* contextPtr = GetContext(ctxPtr); if (!contextPtr) { return LE_BAD_PARAMETER; } BIO_ssl_shutdown(contextPtr->bioPtr); return LE_OK; }
static int start_ssl_shutdown( pn_ssl_t *ssl ) { if (!ssl->ssl_shutdown) { _log(ssl, "Shutting down SSL connection...\n"); if (ssl->session_id) { // save the negotiated credentials before we close the connection pn_ssl_session_t *ssn = (pn_ssl_session_t *)calloc( 1, sizeof(pn_ssl_session_t)); if (ssn) { ssn->id = pn_strdup( ssl->session_id ); ssn->session = SSL_get1_session( ssl->ssl ); if (ssn->session) { _log( ssl, "Saving SSL session as %s\n", ssl->session_id ); LL_ADD( ssl->domain, ssn_cache, ssn ); } else { ssl_session_free( ssn ); } } } ssl->ssl_shutdown = true; BIO_ssl_shutdown( ssl->bio_ssl ); } return 0; }
int main(int argc, char *argv[]) { if (argc < 4) { printf("UNSUPPORTED"); //for now at least return 3; } BIO *sbio; SSL_CTX *ssl_ctx; SSL *ssl; X509 *cert; int returncode = 0; char url[256]; sprintf(url, "%s:%s", argv[1], argv[2]); char ca_bundle[256]; strcpy(ca_bundle, argv[3]); //init: SSL_library_init(); SSL_load_error_strings(); ssl_ctx = SSL_CTX_new(TLSv1_client_method()); SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); if (SSL_CTX_load_verify_locations(ssl_ctx, ca_bundle, NULL) != 1) { printf("Couldn't load certificate trust store."); returncode=1; goto end; } else { goto connect; } connect: sbio = BIO_new_ssl_connect(ssl_ctx); BIO_get_ssl(sbio, &ssl); if (!ssl) { printf("Connection failed"); returncode=2; goto connect_end; } SSL_set_tlsext_host_name(ssl, url); BIO_set_conn_hostname(sbio, url); if(SSL_do_handshake(ssl) <= 0 || !verify_cert_hostname(SSL_get_peer_certificate(ssl), argv[1])) { printf ("VERIFY FAILURE"); } else { printf ("VERIFY SUCCESS"); } X509_free(cert); BIO_ssl_shutdown(sbio); connect_end: BIO_free_all(sbio); end: SSL_CTX_free(ssl_ctx); EVP_cleanup(); ERR_free_strings(); return returncode; }
int main(int argc, char *argv[]) { BIO *sbio; SSL_CTX *ssl_ctx; SSL *ssl; X509 *server_cert; // Initialize OpenSSL OpenSSL_add_all_algorithms(); SSL_library_init(); SSL_load_error_strings(); // Check OpenSSL PRNG if(RAND_status() != 1) { fprintf(stderr, "OpenSSL PRNG not seeded with enough data."); goto error_1; } ssl_ctx = SSL_CTX_new(TLSv1_client_method()); // Enable certificate validation SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); // Configure the CA trust store to be used if (SSL_CTX_load_verify_locations(ssl_ctx, TRUSTED_CA_PATHNAME, NULL) != 1) { fprintf(stderr, "Couldn't load certificate trust store.\n"); goto error_2; } // Only support secure cipher suites if (SSL_CTX_set_cipher_list(ssl_ctx, SECURE_CIPHER_LIST) != 1) goto error_2; // Create the SSL connection sbio = BIO_new_ssl_connect(ssl_ctx); BIO_get_ssl(sbio, &ssl); if(!ssl) { fprintf(stderr, "Can't locate SSL pointer\n"); goto error_3; } // Do the SSL handshake BIO_set_conn_hostname(sbio, TARGET_SERVER); if(SSL_do_handshake(ssl) <= 0) { // SSL Handshake failed long verify_err = SSL_get_verify_result(ssl); if (verify_err != X509_V_OK) { // It failed because the certificate chain validation failed fprintf(stderr, "Certificate chain validation failed: %s\n", X509_verify_cert_error_string(verify_err)); } else { // It failed for another reason ERR_print_errors_fp(stderr); } goto error_3; } // Recover the server's certificate server_cert = SSL_get_peer_certificate(ssl); if (server_cert == NULL) { // The handshake was successful although the server did not provide a certificate // Most likely using an insecure anonymous cipher suite... get out! goto error_4; } // Validate the hostname if (validate_hostname(TARGET_HOST, server_cert) != MatchFound) { fprintf(stderr, "Hostname validation failed.\n"); goto error_5; } // Hostname validation succeeded; we can start sending data send_http_get_and_print(sbio); error_5: X509_free(server_cert); error_4: BIO_ssl_shutdown(sbio); error_3: BIO_free_all(sbio); error_2: SSL_CTX_free(ssl_ctx); error_1: // OpenSSL cleanup EVP_cleanup(); ERR_free_strings(); return 0; }
int main(int argc, char **argv) { BIO *sslbio; SSL_CTX *ctx; SSL *ssl; //SSL_METHOD *meth; unsigned long totl; int i, p; char hostname[BUF_SIZE + 1]; char server[16]; char choice; int ret; if (argc != 2) { printf("Usage: %s ClientName\n", argv[0]); printf("eg: '%s client1'\n", argv[0]); return -1; } if (strlen(argv[1]) >= NAME_SIZE) { fprintf(stderr, "%s is too long! \nPick a shorter client name.\n",argv[1]); } else { strcpy(CLIENT_NAME, argv[1]); } printf("client name: %s\n", CLIENT_NAME); /* Formatting required certificates for client ... certificates are matched to client with file names */ int length = strlen(CLIENT_NAME) + 10; char CLIENT_CERT_FILE2[length]; strcpy(CLIENT_CERT_FILE2, "cert/"); strcat(CLIENT_CERT_FILE2, CLIENT_NAME); strcat(CLIENT_CERT_FILE2, ".pem"); printf("This client CERT file is required: %s\n", CLIENT_CERT_FILE2); // Checking for required certificate if( access( CLIENT_CERT_FILE2, F_OK ) != -1 ) { // file exists printf("CERT file verified present\n"); } else { // file doesn't exist printf("CERT NOT FOUND....\n" "Perhaps this client does not have valid\n" "certificates present at this location\n" ">>> ./%s\n",CLIENT_CERT_FILE2); exit(4); } char CLIENT_KEY_FILE2[length]; strcpy(CLIENT_KEY_FILE2, "cert/"); strcat(CLIENT_KEY_FILE2, CLIENT_NAME); strcat(CLIENT_KEY_FILE2, ".key"); printf("This client KEY file is required: %s\n", CLIENT_KEY_FILE2); // Checking for required certificate if( access( CLIENT_KEY_FILE2, F_OK ) != -1 ) { // file exists printf("KEY file verified present\n\n"); } else { // file doesn't exist printf("KEY NOT FOUND....\n" "Perhaps this client does not have valid" "certificates present at this location\n" ">>> ./%s\n",CLIENT_KEY_FILE2); exit(4); } /* Give initial menu to user; get hostname for connection */ choice = getchoice("Please select an action", imenu); printf("You have chosen: %c\n", choice); if (choice == 'q') { printf("Ending Program... Goodbye.\n"); } else // choice == 'a' { printf("Initializing connection...\n"); // NOTE: 45 is the max length of a IPv4 address getInput(server, "Enter server hostname to connect \n (e.g., '127.0.0.1')", 15); SSL_library_init(); ERR_load_BIO_strings(); ERR_load_SSL_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); ctx = SSL_CTX_new(SSLv3_client_method()); // ctx = SSL_CTX_new(SSLv3_method()); //ctx = SSL_CTX_new(meth); assert(ctx != NULL); /* Verify the server */ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); /* Load CA Certificate */ if (!SSL_CTX_load_verify_locations(ctx, CA_CERT_FILE, NULL)) { printf("Load CA file failed.\r\n"); //goto free_ctx; BIO_free_all(sslbio); SSL_CTX_free(ctx); return 0; } /* Load Client Certificate with Public Key */ if (SSL_CTX_use_certificate_file(ctx, CLIENT_CERT_FILE2, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stdout); printf("ssl_ctx_use_certificate_file failed.\r\n"); //goto free_ctx; BIO_free_all(sslbio); SSL_CTX_free(ctx); return 0; } /* Load Private Key */ if (SSL_CTX_use_PrivateKey_file(ctx, CLIENT_KEY_FILE2, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stdout); printf("ssl_ctx_use_privatekey_file failed.\r\n"); //goto free_ctx; BIO_free_all(sslbio); SSL_CTX_free(ctx); return 0; } /* Check the validity of Private Key */ if (!SSL_CTX_check_private_key(ctx)) { ERR_print_errors_fp(stdout); printf("ssl_ctx_check_private_key failed.\r\n"); //goto free_ctx; BIO_free_all(sslbio); SSL_CTX_free(ctx); return 0; } /* Create the connection */ sslbio = BIO_new_ssl_connect(ctx); /* Get SSL from sslbio */ BIO_get_ssl(sslbio, &ssl); /* Set the SSL mode into SSL_MODE_AUTO_RETRY */ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); ////////////////////////////////////////////////// // NOTE: Port# hardcoded here; change if necessary ////////////////////////////////////////////////// BIO_set_conn_port(sslbio, "7777"); BIO_set_conn_hostname(sslbio, server); /* Request Connection */ if(BIO_do_connect(sslbio) <= 0) { fprintf(stderr, "Error attempting to connect\n"); ERR_print_errors_fp(stderr); BIO_free_all(sslbio); SSL_CTX_free(ctx); return 0; } else { printf("Connection to server successful!\n"); } /* Verify Server Certificate Validity */ if(SSL_get_verify_result(ssl) != X509_V_OK) { printf("Certificate Verification Error: %ld\n", SSL_get_verify_result(ssl)); BIO_free_all(sslbio); SSL_CTX_free(ctx); return 0; } else { printf("verify server cert successful\n"); } //Send hostname to server printf("Sending client name to server.\n"); BIO_write(sslbio, CLIENT_NAME, strlen(CLIENT_NAME)); do { choice = getchoice("Please select an action", menu); printf("You have chosen: %c\n", choice); if (choice == 'a') { printf("Check-in function will be executed\n"); choiceProcess (sslbio, buffer, choice); ret = checkin_file(ssl, sslbio, buffer); } else if (choice == 'b') { printf("Check-out function will be executed\n"); choiceProcess (sslbio, buffer, choice); ret = checkout_file(ssl, sslbio, buffer); } else if (choice == 'c') { printf("Delegate function will be executed\n"); choiceProcess (sslbio, buffer, choice); } else if (choice == 'd') { printf("Safe-delete function will be executed\n"); choiceProcess (sslbio, buffer, choice); } else { printf("Terminate function will be executed\n"); } } while (choice != 'q'); /* Terminate the connection by sending message */ clientTerminate (sslbio, buffer); /* Close the connection and free the context */ BIO_ssl_shutdown(sslbio); BIO_free_all(sslbio); SSL_CTX_free(ctx); } return 0; }