static gboolean ssl_connected(gpointer data, gint source,
b_input_condition cond)
{
struct scd *conn = data;
/* Right now we don't have any verification functionality for NSS. */
if (conn->verify) {
conn->func(conn->data, 1, NULL, cond);
if (source >= 0) {
closesocket(source);
}
g_free(conn->hostname);
g_free(conn);
return FALSE;
}
if (source == -1) {
goto ssl_connected_failure;
}
/* Until we find out how to handle non-blocking I/O with NSS... */
sock_make_blocking(conn->fd);
conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source));
if (!conn->prfd) {
goto ssl_connected_failure;
}
SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE);
SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
SSL_BadCertHook(conn->prfd, (SSLBadCertHandler) nss_bad_cert, NULL);
SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate) nss_auth_cert,
(void *) CERT_GetDefaultCertDB());
SSL_SetURL(conn->prfd, conn->hostname);
SSL_ResetHandshake(conn->prfd, PR_FALSE);
if (SSL_ForceHandshake(conn->prfd)) {
goto ssl_connected_failure;
}
conn->established = TRUE;
conn->func(conn->data, 0, conn, cond);
return FALSE;
ssl_connected_failure:
conn->func(conn->data, 0, NULL, cond);
if (conn->prfd) {
PR_Close(conn->prfd);
} else if (source >= 0) {
/* proxy_disconnect() would be redundant here */
closesocket(source);
}
g_free(conn->hostname);
g_free(conn);
return FALSE;
}
enum okay
ssl_open(const char *server, struct sock *sp, const char *uhp)
{
PRFileDesc *fdp, *fdc;
if (nss_init() == STOP)
return STOP;
ssl_set_vrfy_level(uhp);
nss_select_method(uhp);
if ((fdp = PR_ImportTCPSocket(sp->s_fd)) == NULL) {
nss_gen_err("Error importing OS file descriptor");
return STOP;
}
if ((fdc = SSL_ImportFD(NULL, fdp)) == NULL) {
nss_gen_err("Error importing NSPR file descriptor");
PR_Close(fdp);
return STOP;
}
SSL_SetURL(fdc, server);
SSL_SetPKCS11PinArg(fdc, NULL);
SSL_BadCertHook(fdc, bad_cert_cb, NULL);
if (SSL_ResetHandshake(fdc, PR_FALSE) != SECSuccess) {
nss_gen_err("Cannot reset NSS handshake");
PR_Close(fdc);
return STOP;
}
if (SSL_ForceHandshake(fdc) != 0) {
nss_gen_err("SSL/TLS handshake failed");
PR_Close(fdc);
return STOP;
}
sp->s_prfd = fdc;
if (nss_check_host(server, sp) != OKAY && ssl_vrfy_decide() != OKAY) {
PR_Close(fdc);
sp->s_prfd = NULL;
return STOP;
}
sp->s_use_ssl = 1;
if (verbose) {
char *cipher, *issuer, *subject;
int keysize, secretkeysize;
if (SSL_SecurityStatus(fdc, NULL, &cipher,
&keysize, &secretkeysize,
&issuer, &subject) == SECSuccess) {
fprintf(stderr, "SSL parameters: cipher=%s, "
"keysize=%d, secretkeysize=%d,\n"
"issuer=%s\n"
"subject=%s\n",
cipher, keysize, secretkeysize,
issuer, subject);
PR_Free(cipher);
PR_Free(issuer);
PR_Free(subject);
} else
nss_gen_err("Could not read status information");
}
return OKAY;
}
/*
** Same as above, but with an I/O timeout.
*/
SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
PRIntervalTime timeout)
{
if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
return SECFailure;
}
return SSL_ForceHandshake(fd);
}
void TransportLayerDtls::Handshake() {
// Clear the retransmit timer
timer_->Cancel();
SECStatus rv = SSL_ForceHandshake(ssl_fd_);
if (rv == SECSuccess) {
MOZ_MTLOG(ML_NOTICE,
LAYER_INFO << "****** SSL handshake completed ******");
if (!cert_ok_) {
MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Certificate check never occurred");
TL_SET_STATE(TS_ERROR);
return;
}
if (!CheckAlpn()) {
// Despite connecting, the connection doesn't have a valid ALPN label.
// Forcibly close the connection so that the peer isn't left hanging
// (assuming the close_notify isn't dropped).
ssl_fd_ = nullptr;
TL_SET_STATE(TS_ERROR);
return;
}
TL_SET_STATE(TS_OPEN);
} else {
int32_t err = PR_GetError();
switch(err) {
case SSL_ERROR_RX_MALFORMED_HANDSHAKE:
MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Malformed DTLS message; ignoring");
// If this were TLS (and not DTLS), this would be fatal, but
// here we're required to ignore bad messages, so fall through
MOZ_FALLTHROUGH;
case PR_WOULD_BLOCK_ERROR:
MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "Handshake would have blocked");
PRIntervalTime timeout;
rv = DTLS_GetHandshakeTimeout(ssl_fd_, &timeout);
if (rv == SECSuccess) {
uint32_t timeout_ms = PR_IntervalToMilliseconds(timeout);
MOZ_MTLOG(ML_DEBUG,
LAYER_INFO << "Setting DTLS timeout to " << timeout_ms);
timer_->SetTarget(target_);
timer_->InitWithFuncCallback(TimerCallback,
this, timeout_ms,
nsITimer::TYPE_ONE_SHOT);
}
break;
default:
MOZ_MTLOG(ML_ERROR, LAYER_INFO << "SSL handshake error "<< err);
TL_SET_STATE(TS_ERROR);
break;
}
}
}
void TransportLayerDtls::Handshake() {
SetState(TS_CONNECTING);
// Clear the retransmit timer
timer_->Cancel();
SECStatus rv = SSL_ForceHandshake(ssl_fd_);
if (rv == SECSuccess) {
MOZ_MTLOG(PR_LOG_NOTICE, LAYER_INFO << "****** SSL handshake completed ******");
if (!cert_ok_) {
MOZ_MTLOG(PR_LOG_ERROR, LAYER_INFO << "Certificate check never occurred");
SetState(TS_ERROR);
return;
}
SetState(TS_OPEN);
} else {
int32_t err = PR_GetError();
switch(err) {
case SSL_ERROR_RX_MALFORMED_HANDSHAKE:
if (mode_ != DGRAM) {
MOZ_MTLOG(PR_LOG_ERROR, LAYER_INFO << "Malformed TLS message");
SetState(TS_ERROR);
} else {
MOZ_MTLOG(PR_LOG_ERROR, LAYER_INFO << "Malformed DTLS message; ignoring");
}
// Fall through
case PR_WOULD_BLOCK_ERROR:
MOZ_MTLOG(PR_LOG_NOTICE, LAYER_INFO << "Would have blocked");
if (mode_ == DGRAM) {
PRIntervalTime timeout;
rv = DTLS_GetHandshakeTimeout(ssl_fd_, &timeout);
if (rv == SECSuccess) {
uint32_t timeout_ms = PR_IntervalToMilliseconds(timeout);
MOZ_MTLOG(PR_LOG_DEBUG, LAYER_INFO << "Setting DTLS timeout to " <<
timeout_ms);
timer_->SetTarget(target_);
timer_->InitWithFuncCallback(TimerCallback,
this, timeout_ms,
nsITimer::TYPE_ONE_SHOT);
}
}
break;
default:
MOZ_MTLOG(PR_LOG_ERROR, LAYER_INFO << "SSL handshake error "<< err);
SetState(TS_ERROR);
break;
}
}
}
struct wpabuf * tls_connection_handshake(void *tls_ctx,
struct tls_connection *conn,
const struct wpabuf *in_data,
struct wpabuf **appl_data) {
struct wpabuf *out_data;
wpa_printf(MSG_DEBUG, "NSS: handshake: in_len=%u",
in_data ? (unsigned int) wpabuf_len(in_data) : 0);
if (appl_data)
*appl_data = NULL;
if (in_data && wpabuf_len(in_data) > 0) {
if (conn->pull_buf) {
wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in "
"pull_buf", __func__,
(unsigned long) conn->pull_buf_len);
os_free(conn->pull_buf);
}
conn->pull_buf = os_malloc(wpabuf_len(in_data));
if (conn->pull_buf == NULL)
return NULL;
os_memcpy(conn->pull_buf, wpabuf_head(in_data),
wpabuf_len(in_data));
conn->pull_buf_offset = conn->pull_buf;
conn->pull_buf_len = wpabuf_len(in_data);
}
SSL_ForceHandshake(conn->fd);
if (conn->established && conn->push_buf == NULL) {
/* Need to return something to get final TLS ACK. */
conn->push_buf = os_malloc(1);
}
if (conn->push_buf == NULL)
return NULL;
out_data = wpabuf_alloc_ext_data(conn->push_buf, conn->push_buf_len);
if (out_data == NULL)
os_free(conn->push_buf);
conn->push_buf = NULL;
conn->push_buf_len = 0;
return out_data;
}
JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake(JNIEnv *env, jobject self)
{
JSSL_SocketData *sock = NULL;
int rv;
/* get my fd */
if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS ) goto finish;
/* do the work */
rv = SSL_ForceHandshake(sock->fd);
if( rv != SECSuccess ) {
JSSL_throwSSLSocketException(env, "SSL_ForceHandshake failed");
goto finish;
}
finish:
EXCEPTION_CHECK(env, sock)
return;
}
static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
{
struct scd *conn = data;
if( source == -1 )
goto ssl_connected_failure;
/* Until we find out how to handle non-blocking I/O with NSS... */
sock_make_blocking( conn->fd );
conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source));
SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE);
SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
SSL_BadCertHook(conn->prfd, (SSLBadCertHandler)nss_bad_cert, NULL);
SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate)nss_auth_cert, (void *)CERT_GetDefaultCertDB());
SSL_ResetHandshake(conn->prfd, PR_FALSE);
if (SSL_ForceHandshake(conn->prfd)) {
goto ssl_connected_failure;
}
conn->established = TRUE;
conn->func( conn->data, conn, cond );
return FALSE;
ssl_connected_failure:
conn->func( conn->data, NULL, cond );
PR_Close( conn -> prfd );
if( source >= 0 ) closesocket( source );
g_free( conn );
return FALSE;
}
void SslSocket::finishConnect(const SocketAddress& addr) const
{
nssSocket = SSL_ImportFD(0, PR_ImportTCPSocket(fd));
void* arg;
// Use the connection's cert-name if it has one; else use global cert-name
if (certname != "") {
arg = const_cast<char*>(certname.c_str());
} else if (SslOptions::global.certName.empty()) {
arg = 0;
} else {
arg = const_cast<char*>(SslOptions::global.certName.c_str());
}
NSS_CHECK(SSL_GetClientAuthDataHook(nssSocket, NSS_GetClientAuthData, arg));
url = addr.getHost();
if (!hostnameVerification) {
NSS_CHECK(SSL_BadCertHook(nssSocket, bad_certificate, const_cast<char*>(url.data())));
}
NSS_CHECK(SSL_SetURL(nssSocket, url.data()));
NSS_CHECK(SSL_ResetHandshake(nssSocket, PR_FALSE));
NSS_CHECK(SSL_ForceHandshake(nssSocket));
}
/* Called when the socket is handhaking and has signaled that it
is ready to continue. */
void
SSLSocket::handshakeContinue()
{
assert (_state == State::Handshaking);
if (SSL_ForceHandshake(_fd.get()) != SECSuccess) {
PRErrorCode err = PR_GetError();
if(PR_GetError() == PR_WOULD_BLOCK_ERROR) {
/* Try again later */
} else {
/* Error while handshaking */
close(make_nss_error(err));
}
} else {
if (!is_negotiated_protocol_http2(_fd.get())) {
close(make_mist_error(MIST_ERR_NOT_HTTP2));
} else {
_state = State::Open;
if (_h.cb) {
_h.cb(boost::system::error_code());
_h.cb = nullptr;
}
}
}
}
/* one copy of this function is launched in a separate thread for each
** connection to be made.
*/
SECStatus
do_connects(void *a, int connection)
{
PRNetAddr *addr = (PRNetAddr *)a;
PRFileDesc *sslSocket;
PRHostEnt hostEntry;
char buffer[PR_NETDB_BUF_SIZE];
PRStatus prStatus;
PRIntn hostenum;
PRInt32 ip;
SECStatus secStatus;
/* Set up SSL secure socket. */
sslSocket = setupSSLSocket(addr);
if (sslSocket == NULL) {
errWarn("setupSSLSocket");
return SECFailure;
}
secStatus = SSL_SetPKCS11PinArg(sslSocket, &pwdata);
if (secStatus != SECSuccess) {
errWarn("SSL_SetPKCS11PinArg");
return secStatus;
}
secStatus = SSL_SetURL(sslSocket, hostName);
if (secStatus != SECSuccess) {
errWarn("SSL_SetURL");
return secStatus;
}
/* Prepare and setup network connection. */
prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
if (prStatus != PR_SUCCESS) {
errWarn("PR_GetHostByName");
return SECFailure;
}
hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
if (hostenum == -1) {
errWarn("PR_EnumerateHostEnt");
return SECFailure;
}
ip = PR_ntohl(addr->inet.ip);
fprintf(stderr,
"Connecting to host %s (addr %d.%d.%d.%d) on port %d\n",
hostName, BYTE(3,ip), BYTE(2,ip), BYTE(1,ip),
BYTE(0,ip), PR_ntohs(addr->inet.port));
prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Connect");
return SECFailure;
}
/* Established SSL connection, ready to send data. */
#if 0
secStatus = SSL_ForceHandshake(sslSocket);
if (secStatus != SECSuccess) {
errWarn("SSL_ForceHandshake");
return secStatus;
}
#endif
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
if (secStatus != SECSuccess) {
errWarn("SSL_ResetHandshake");
prStatus = PR_Close(sslSocket);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Close");
}
return secStatus;
}
secStatus = handle_connection(sslSocket, connection);
if (secStatus != SECSuccess) {
/* error already printed out in handle_connection */
/* errWarn("handle_connection"); */
prStatus = PR_Close(sslSocket);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Close");
}
return secStatus;
}
PR_Close(sslSocket);
return SECSuccess;
}
/* make the connection.
*/
static SECStatus
do_connect(PRNetAddr *addr)
{
PRFileDesc *sslSocket;
PRStatus prStatus;
#if 0
PRHostEnt hostEntry;
char buffer[PR_NETDB_BUF_SIZE];
PRIntn hostenum;
#endif
SECStatus secStatus;
secStatus = SECSuccess;
/* Set up SSL secure socket. */
sslSocket = setupSSLSocket();
if (sslSocket == NULL)
return SECFailure;
#if 0 /* no client authentication */
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
if (secStatus != SECSuccess)
goto done;
#endif
secStatus = SSL_SetURL(sslSocket, hostName);
if (secStatus != SECSuccess)
goto done;
#if 0 /* Already done */
/* Prepare and setup network connection. */
prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
if (prStatus != PR_SUCCESS)
{
secStatus = SECFailure;
goto done;
}
hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
if (hostenum == -1)
{
secStatus = SECFailure;
goto done;
}
#endif
prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
if (prStatus != PR_SUCCESS)
{
secStatus = SECFailure;
goto done;
}
/* Established SSL connection, ready to send data. */
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
if (secStatus != SECSuccess)
goto done;
/* This is normally done automatically on the first I/O operation,
but doing it here catches any authentication problems early. */
secStatus = SSL_ForceHandshake(sslSocket);
if (secStatus != SECSuccess)
goto done;
secStatus = handle_connection(sslSocket);
if (secStatus != SECSuccess)
goto done;
done:
prStatus = PR_Close(sslSocket);
return secStatus;
}
/** Create socket and connect to it.
@param hostname Hostname to connect
@param port Port name/number to connect
@param mode Connection mode. Bit-array of MODE_NO_SSL, MODE_IP6MODE, MODE_IP4MODE.
@return NULL on error, otherwise connected socket.
*/
static PRFileDesc *create_connected_socket(char *hostname,int port,int mode) {
PRAddrInfo *addr_info;
void *addr_iter;
PRNetAddr addr;
PRFileDesc *localsocket;
int can_exit,valid_socket;
PRUint16 af_spec;
localsocket=NULL;
addr_info=NULL;
af_spec=PR_AF_UNSPEC;
if (!(mode&MODE_IP6MODE)) af_spec=PR_AF_INET;
addr_info=PR_GetAddrInfoByName(hostname,af_spec,PR_AI_ADDRCONFIG);
if (addr_info == NULL) {
print_nspr_error();
return NULL;
}
/*We have socket -> enumerate and try to connect*/
addr_iter=NULL;
can_exit=0;
valid_socket=0;
while (!can_exit) {
addr_iter=PR_EnumerateAddrInfo(addr_iter,addr_info,port,&addr);
if (addr_iter==NULL) {
can_exit=1;
} else {
if ((PR_NetAddrFamily(&addr)==PR_AF_INET && (mode&MODE_IP4MODE)) ||
(PR_NetAddrFamily(&addr)==PR_AF_INET6 && (mode&MODE_IP6MODE))) {
/*Type of address is what user want, try to create socket and make connection*/
/*Create socket*/
localsocket=create_socket(!(mode&MODE_NO_SSL),(PR_NetAddrFamily(&addr)==PR_AF_INET6));
if (localsocket) {
/*Try to connect*/
if (PR_Connect(localsocket,&addr,PR_INTERVAL_NO_TIMEOUT)==PR_SUCCESS) {
/*Force handshake*/
if ((!(mode&MODE_NO_SSL)) && SSL_ForceHandshake(localsocket)!=SECSuccess) {
/*Handhake failure -> fail*/
print_nspr_error();
if (PR_Close(localsocket)!=PR_SUCCESS) {
print_nspr_error();
can_exit=1;
}
localsocket=NULL;
}
/*Socket is connected -> we can return it*/
can_exit=1;
} else {
/*Try another address*/
if (PR_Close(localsocket)!=PR_SUCCESS) {
print_nspr_error();
can_exit=1;
}
localsocket=NULL;
}
}
}
}
}
if (!localsocket) {
/*Socket is unvalid -> we don't found any usable address*/
fprintf(stderr,"Can't connect to host %s on port %d!\n",hostname,port);
}
PR_FreeAddrInfo(addr_info);
return localsocket;
}
int FileSSLDoublePoint_main(char * strUserPin, char * strNickName)
{
#if 1
int isServer = 0;
SECStatus rv = SECSuccess;
char * buffer = malloc(1024 * 1024);
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(GetModulePassword);
rv = NSS_Initialize(GetSystemDBDir(),
"", "",
"secmod.db", 0);
rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_SOCKS, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_FDX, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
rv = NSS_SetDomesticPolicy();
rv = NSS_SetExportPolicy();
rv = NSS_SetFrancePolicy();
// rv = SSL_CipherPolicySet();
SSL_ClearSessionCache();
rv = SSL_ConfigServerSessionIDCache(10, 30 , 30, ".");
PRFileDesc * tcp_socket = PR_NewTCPSocket();
PRFileDesc * ssl_socket = SSL_ImportFD(NULL,tcp_socket);
if (isServer) {
CERTCertDBHandle *certHandle;
certHandle = CERT_GetDefaultCertDB();
char * nickname = "4914afeedee988071490b98f1120ddac_e73f20c7-176d-4342-ac89-ea7c00bb570a";/*nickname*/
CERTCertificate* cert = NULL;
cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, nickname);
SECKEYPrivateKey *prvKey = NULL;
prvKey = PK11_FindKeyByAnyCert(cert, NULL);
rv = SSL_ConfigSecureServer(ssl_socket, cert,prvKey,ssl_kea_rsa);
PRNetAddr netAddr;
PRNetAddr netAddrLocal;
rv = PR_InitializeNetAddr(0, 8888, &netAddr);
rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal);
rv = PR_Bind(tcp_socket,&netAddr);
rv = PR_Listen(tcp_socket, 100);
while (1) {
PRFileDesc * client = PR_Accept(tcp_socket, &netAddr, 6000000);
PRNetAddr addr;
rv = PR_GetSockName(client, &addr);
rv = SSL_ForceHandshake(client);
rv = PR_Write(client,"123", 4);
sleep(1);
}
}
else
{
rv = SSL_AuthCertificateHook(ssl_socket, OwnAuthCertHandler, NULL);
char * nickname = "nickname";/*nickname*/
rv = SSL_SetURL(ssl_socket, "192.168.18.22");
char * str = malloc(1024) ;
memset(str, 0, 1024);
strcpy(str ,"GET /test/test2.html HTTP/1.1\r\n");//注意\r\n为回车换行
// str = [str stringByAppendingString:@"Accept-Language: zh-cn\r\n"];
// str = [str stringByAppendingString:@"Connection: Keep-Alive\r\n"];
//str = [str stringByAppendingString:@"Host: 192.168.0.106\r\n"];
strcat(str ,"Host: 192.168.18.22:8443\r\n");
// str = [str stringByAppendingString:@"Content-Length: 0\r\n"];
strcat(str ,"\r\n");
// str = [str stringByAppendingString:@"userName=liqiangqiang&password=new_andy\r\n"];
// str = [str stringByAppendingString:@"\r\n"];
PRNetAddr netAddr;
rv = PR_StringToNetAddr("192.168.18.22", &netAddr);
rv = PR_InitializeNetAddr(0, 8443, &netAddr);
// rv = PR_GetHostByName();
// PR_EnumerateHostEnt
rv = PR_Connect(tcp_socket,&netAddr, 300000);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = SSL_GetClientAuthDataHook(ssl_socket,NSS_GetClientAuthData,strNickName);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = SSL_ForceHandshake(ssl_socket);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = PR_Write(tcp_socket, str, strlen(str));
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = PR_Read(tcp_socket,buffer, 1024 * 1024);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
FILE * file = fopen("/sdcard/ssl_read.txt", "wb");
//fwrite(buffer, 1, rv, file);
//rv = PR_Read(tcp_socket,buffer, 1024 * 1024);
fwrite(buffer, 1, rv, file);
fclose(file);
sleep(1);
rv = SSL_InvalidateSession(ssl_socket);
rv = PR_Shutdown(tcp_socket, PR_SHUTDOWN_BOTH);
rv = PR_Close(tcp_socket);
rv = ssl_FreeSessionCacheLocks();
rv = NSS_Shutdown();
}
#endif
return 0;
}
int FileSSL_main(int argc, char * argv[])
{
bool isServer = true;
SECStatus rv = SECSuccess;
char buffer[32] = {0};
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(GetModulePassword);
rv = NSS_Initialize(GetSystemDBDir(),
"", "",
"secmod.db", 0);
rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_SOCKS, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_FDX, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
rv = NSS_SetDomesticPolicy();
rv = NSS_SetExportPolicy();
rv = NSS_SetFrancePolicy();
// rv = SSL_CipherPolicySet();
SSL_ClearSessionCache();
rv = SSL_ConfigServerSessionIDCache(10, 30 , 30, ".");
PRFileDesc * socket = PR_NewTCPSocket();
socket = SSL_ImportFD(NULL,socket);
if (isServer) {
CERTCertDBHandle *certHandle;
certHandle = CERT_GetDefaultCertDB();
char * nickname = "itrus Certificate DB:2013-11-15 12:44:10";/*nickname*/
CERTCertificate* cert = NULL;
cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, nickname);
SECKEYPrivateKey *prvKey = NULL;
prvKey = PK11_FindKeyByAnyCert(cert, NULL);
rv = SSL_ConfigSecureServer(socket, cert,prvKey,ssl_kea_rsa);
PRNetAddr netAddr;
PRNetAddr netAddrLocal;
rv = PR_InitializeNetAddr(0, 8888, &netAddr);
rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal);
rv = PR_Bind(socket,&netAddr);
rv = PR_Listen(socket, 100);
while (1) {
PRFileDesc * client = PR_Accept(socket, &netAddr, 6000000);
PRNetAddr addr;
rv = PR_GetSockName(client, &addr);
rv = SSL_ForceHandshake(client);
rv = PR_Write(client,"123", 4);
sleep(1);
}
}
else
{
rv = SSL_SetURL(socket, "127.0.0.1");
PRNetAddr netAddr;
PRNetAddr netAddrLocal;
rv = PR_InitializeNetAddr(0, 8888, &netAddr);
rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal);
// rv = PR_GetHostByName();
// PR_EnumerateHostEnt
rv = PR_Connect(socket,&netAddr, 300000);
rv = SSL_AuthCertificateHook(socket, OwnAuthCertHandler, NULL);
rv = SSL_ForceHandshake(socket);
while (1) {
rv = PR_Read(socket,buffer, 32);
sleep(1);
}
}
return 0;
}
