static void
nss_select_method(const char *uhp)
{
char *cp;
enum {
SSL2 = 01,
SSL3 = 02,
TLS1 = 03
} methods;
methods = SSL2|SSL3|TLS1;
cp = ssl_method_string(uhp);
if (cp != NULL) {
if (equal(cp, "ssl2"))
methods = SSL2;
else if (equal(cp, "ssl3"))
methods = SSL3;
else if (equal(cp, "tls1"))
methods = TLS1;
else {
fprintf(stderr, catgets(catd, CATSET, 244,
"Invalid SSL method \"%s\"\n"), cp);
}
}
if (value("ssl-v2-allow") == NULL)
methods &= ~SSL2;
SSL_OptionSetDefault(SSL_ENABLE_SSL2, methods&SSL2 ? PR_TRUE:PR_FALSE);
SSL_OptionSetDefault(SSL_ENABLE_SSL3, methods&SSL3 ? PR_TRUE:PR_FALSE);
SSL_OptionSetDefault(SSL_ENABLE_TLS, methods&TLS1 ? PR_TRUE:PR_FALSE);
}
void * tls_init(const struct tls_config *conf) {
char *dir;
tls_nss_ref_count++;
if (tls_nss_ref_count > 1)
return (void *) 1;
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
nss_layer_id = PR_GetUniqueIdentity("wpa_supplicant");
PK11_SetPasswordFunc(nss_password_cb);
dir = getenv("SSL_DIR");
if (dir) {
if (NSS_Init(dir) != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: NSS_Init(cert_dir=%s) "
"failed", dir);
return NULL;
}
} else {
if (NSS_NoDB_Init(NULL) != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: NSS_NoDB_Init(NULL) "
"failed");
return NULL;
}
}
if (SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, PR_FALSE) !=
SECSuccess ||
SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_FALSE) != SECSuccess ||
SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess ||
SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE) != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: SSL_OptionSetDefault failed");
return NULL;
}
if (NSS_SetDomesticPolicy() != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: NSS_SetDomesticPolicy() failed");
return NULL;
}
return (void *) 1;
}
void MozillaRenderer::initialize(void)
{
// Initialize NSPR and NSS
PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
if (NSS_InitReadWrite(NULL) == SECFailure)
{
if (NSS_NoDB_Init(NULL) == SECFailure)
{
#ifdef DEBUG
cout << "MozillaRenderer::ctor: couldn't initialize NSS" << endl;
#endif
}
}
NSS_SetDomesticPolicy();
SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
}
JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SSLSocket_setSSLDefaultOption(JNIEnv *env,
jclass clazz, jint joption, jint on)
{
SECStatus status;
/* set the option */
status = SSL_OptionSetDefault(JSSL_enums[joption], on);
if( status != SECSuccess ) {
JSSL_throwSSLSocketException(env, "SSL_OptionSet failed");
goto finish;
}
finish:
return;
}
gint
camel_init (const gchar *configdir,
gboolean nss_init)
{
CamelCertDB *certdb;
gchar *path;
if (initialised)
return 0;
bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
camel_debug_init ();
if (nss_init) {
static gchar v2_enabled = -1, weak_ciphers = -1;
gchar *nss_configdir = NULL;
gchar *nss_sql_configdir = NULL;
SECStatus status = SECFailure;
#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
/* NSS pre-3.14 has most of the ciphers disabled, thus enable
* weak ciphers, if it's compiled against such */
weak_ciphers = 1;
#endif
/* check camel-tcp-stream-ssl.c for the same "CAMEL_SSL_V2_ENABLE" */
if (v2_enabled == -1)
v2_enabled = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_ENABLE"), "1") == 0 ? 1 : 0;
if (weak_ciphers == -1)
weak_ciphers = g_strcmp0 (g_getenv ("CAMEL_SSL_WEAK_CIPHERS"), "1") == 0 ? 1 : 0;
if (nss_initlock == NULL) {
PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
nss_initlock = PR_NewLock ();
}
PR_Lock (nss_initlock);
if (NSS_IsInitialized ())
goto skip_nss_init;
#ifndef G_OS_WIN32
nss_configdir = g_strdup (configdir);
#else
nss_configdir = g_win32_locale_filename_from_utf8 (configdir);
#endif
if (nss_has_system_db ()) {
nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB );
} else {
/* On Windows, we use the Evolution configdir. On other
* operating systems we use ~/.pki/nssdb/, which is where
* the user-specific part of the "shared system db" is
* stored and is what Chrome uses too.
*
* We have to create the configdir if it does not exist,
* to prevent camel from bailing out on first run. */
#ifdef G_OS_WIN32
g_mkdir_with_parents (configdir, 0700);
nss_sql_configdir = g_strconcat (
"sql:", nss_configdir, NULL);
#else
gchar *user_nss_dir = g_build_filename (
g_get_home_dir (), ".pki/nssdb", NULL );
if (g_mkdir_with_parents (user_nss_dir, 0700))
g_warning (
"Failed to create SQL "
"database directory %s: %s\n",
user_nss_dir, strerror (errno));
nss_sql_configdir = g_strconcat (
"sql:", user_nss_dir, NULL);
g_free (user_nss_dir);
#endif
}
#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12)
/* See: https://wiki.mozilla.org/NSS_Shared_DB,
* particularly "Mode 3A". Note that the target
* directory MUST EXIST. */
status = NSS_InitWithMerge (
nss_sql_configdir, /* dest dir */
"", "", /* new DB name prefixes */
SECMOD_DB, /* secmod name */
nss_configdir, /* old DB dir */
"", "", /* old DB name prefixes */
nss_configdir, /* unique ID for old DB */
"Evolution S/MIME", /* UI name for old DB */
0); /* flags */
if (status == SECFailure) {
g_warning (
"Failed to initialize NSS SQL database in %s: NSS error %d",
nss_sql_configdir, PORT_GetError ());
/* Fall back to opening the old DBM database */
}
#endif
/* Support old versions of libnss, pre-sqlite support. */
if (status == SECFailure)
status = NSS_InitReadWrite (nss_configdir);
if (status == SECFailure) {
/* Fall back to using volatile dbs? */
status = NSS_NoDB_Init (nss_configdir);
if (status == SECFailure) {
g_free (nss_configdir);
g_free (nss_sql_configdir);
g_warning ("Failed to initialize NSS");
PR_Unlock (nss_initlock);
return -1;
}
}
nss_initialized = TRUE;
skip_nss_init:
NSS_SetDomesticPolicy ();
if (weak_ciphers) {
PRUint16 indx;
/* enable SSL3/TLS cipher-suites */
for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
if (!SSL_IS_SSL2_CIPHER (SSL_ImplementedCiphers[indx]) &&
SSL_ImplementedCiphers[indx] != SSL_RSA_WITH_NULL_SHA &&
SSL_ImplementedCiphers[indx] != SSL_RSA_WITH_NULL_MD5)
SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
}
}
SSL_OptionSetDefault (SSL_ENABLE_SSL2, v2_enabled ? PR_TRUE : PR_FALSE);
SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
PR_Unlock (nss_initlock);
g_free (nss_configdir);
g_free (nss_sql_configdir);
}
path = g_strdup_printf ("%s/camel-cert.db", configdir);
certdb = camel_certdb_new ();
camel_certdb_set_filename (certdb, path);
g_free (path);
/* if we fail to load, who cares? it'll just be a volatile certdb */
camel_certdb_load (certdb);
/* set this certdb as the default db */
camel_certdb_set_default (certdb);
g_object_unref (certdb);
initialised = TRUE;
return 0;
}
int FileSSLDoublePoint_main(char * strUserPin, char * strNickName)
{
#if 1
int isServer = 0;
SECStatus rv = SECSuccess;
char * buffer = malloc(1024 * 1024);
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(GetModulePassword);
rv = NSS_Initialize(GetSystemDBDir(),
"", "",
"secmod.db", 0);
rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_SOCKS, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_FDX, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
rv = NSS_SetDomesticPolicy();
rv = NSS_SetExportPolicy();
rv = NSS_SetFrancePolicy();
// rv = SSL_CipherPolicySet();
SSL_ClearSessionCache();
rv = SSL_ConfigServerSessionIDCache(10, 30 , 30, ".");
PRFileDesc * tcp_socket = PR_NewTCPSocket();
PRFileDesc * ssl_socket = SSL_ImportFD(NULL,tcp_socket);
if (isServer) {
CERTCertDBHandle *certHandle;
certHandle = CERT_GetDefaultCertDB();
char * nickname = "4914afeedee988071490b98f1120ddac_e73f20c7-176d-4342-ac89-ea7c00bb570a";/*nickname*/
CERTCertificate* cert = NULL;
cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, nickname);
SECKEYPrivateKey *prvKey = NULL;
prvKey = PK11_FindKeyByAnyCert(cert, NULL);
rv = SSL_ConfigSecureServer(ssl_socket, cert,prvKey,ssl_kea_rsa);
PRNetAddr netAddr;
PRNetAddr netAddrLocal;
rv = PR_InitializeNetAddr(0, 8888, &netAddr);
rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal);
rv = PR_Bind(tcp_socket,&netAddr);
rv = PR_Listen(tcp_socket, 100);
while (1) {
PRFileDesc * client = PR_Accept(tcp_socket, &netAddr, 6000000);
PRNetAddr addr;
rv = PR_GetSockName(client, &addr);
rv = SSL_ForceHandshake(client);
rv = PR_Write(client,"123", 4);
sleep(1);
}
}
else
{
rv = SSL_AuthCertificateHook(ssl_socket, OwnAuthCertHandler, NULL);
char * nickname = "nickname";/*nickname*/
rv = SSL_SetURL(ssl_socket, "192.168.18.22");
char * str = malloc(1024) ;
memset(str, 0, 1024);
strcpy(str ,"GET /test/test2.html HTTP/1.1\r\n");//注意\r\n为回车换行
// str = [str stringByAppendingString:@"Accept-Language: zh-cn\r\n"];
// str = [str stringByAppendingString:@"Connection: Keep-Alive\r\n"];
//str = [str stringByAppendingString:@"Host: 192.168.0.106\r\n"];
strcat(str ,"Host: 192.168.18.22:8443\r\n");
// str = [str stringByAppendingString:@"Content-Length: 0\r\n"];
strcat(str ,"\r\n");
// str = [str stringByAppendingString:@"userName=liqiangqiang&password=new_andy\r\n"];
// str = [str stringByAppendingString:@"\r\n"];
PRNetAddr netAddr;
rv = PR_StringToNetAddr("192.168.18.22", &netAddr);
rv = PR_InitializeNetAddr(0, 8443, &netAddr);
// rv = PR_GetHostByName();
// PR_EnumerateHostEnt
rv = PR_Connect(tcp_socket,&netAddr, 300000);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = SSL_GetClientAuthDataHook(ssl_socket,NSS_GetClientAuthData,strNickName);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = SSL_ForceHandshake(ssl_socket);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = PR_Write(tcp_socket, str, strlen(str));
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
rv = PR_Read(tcp_socket,buffer, 1024 * 1024);
FILE_LOG_NUMBER("/sdcard/ssl.log", rv);
FILE * file = fopen("/sdcard/ssl_read.txt", "wb");
//fwrite(buffer, 1, rv, file);
//rv = PR_Read(tcp_socket,buffer, 1024 * 1024);
fwrite(buffer, 1, rv, file);
fclose(file);
sleep(1);
rv = SSL_InvalidateSession(ssl_socket);
rv = PR_Shutdown(tcp_socket, PR_SHUTDOWN_BOTH);
rv = PR_Close(tcp_socket);
rv = ssl_FreeSessionCacheLocks();
rv = NSS_Shutdown();
}
#endif
return 0;
}
int FileSSL_main(int argc, char * argv[])
{
bool isServer = true;
SECStatus rv = SECSuccess;
char buffer[32] = {0};
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(GetModulePassword);
rv = NSS_Initialize(GetSystemDBDir(),
"", "",
"secmod.db", 0);
rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_SOCKS, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_FDX, PR_TRUE);
rv = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
rv = NSS_SetDomesticPolicy();
rv = NSS_SetExportPolicy();
rv = NSS_SetFrancePolicy();
// rv = SSL_CipherPolicySet();
SSL_ClearSessionCache();
rv = SSL_ConfigServerSessionIDCache(10, 30 , 30, ".");
PRFileDesc * socket = PR_NewTCPSocket();
socket = SSL_ImportFD(NULL,socket);
if (isServer) {
CERTCertDBHandle *certHandle;
certHandle = CERT_GetDefaultCertDB();
char * nickname = "itrus Certificate DB:2013-11-15 12:44:10";/*nickname*/
CERTCertificate* cert = NULL;
cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, nickname);
SECKEYPrivateKey *prvKey = NULL;
prvKey = PK11_FindKeyByAnyCert(cert, NULL);
rv = SSL_ConfigSecureServer(socket, cert,prvKey,ssl_kea_rsa);
PRNetAddr netAddr;
PRNetAddr netAddrLocal;
rv = PR_InitializeNetAddr(0, 8888, &netAddr);
rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal);
rv = PR_Bind(socket,&netAddr);
rv = PR_Listen(socket, 100);
while (1) {
PRFileDesc * client = PR_Accept(socket, &netAddr, 6000000);
PRNetAddr addr;
rv = PR_GetSockName(client, &addr);
rv = SSL_ForceHandshake(client);
rv = PR_Write(client,"123", 4);
sleep(1);
}
}
else
{
rv = SSL_SetURL(socket, "127.0.0.1");
PRNetAddr netAddr;
PRNetAddr netAddrLocal;
rv = PR_InitializeNetAddr(0, 8888, &netAddr);
rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal);
// rv = PR_GetHostByName();
// PR_EnumerateHostEnt
rv = PR_Connect(socket,&netAddr, 300000);
rv = SSL_AuthCertificateHook(socket, OwnAuthCertHandler, NULL);
rv = SSL_ForceHandshake(socket);
while (1) {
rv = PR_Read(socket,buffer, 32);
sleep(1);
}
}
return 0;
}
