int BSckSendData(BSOCK_HANDLE hBSock, char const *pszBuffer, int iSize, int iTimeout) { BuffSocketData *pBSD = (BuffSocketData *) hBSock; SysLogMessage(LOG_LEV_DEBUG, "socket write data (len = %d)\n", iSize); if (BSckWriteLL(pBSD, pszBuffer, iSize, iTimeout) != iSize) return ErrGetErrorCode(); return iSize; }
static int BSslCertVerifyCB(int iOK, X509_STORE_CTX *pXsCtx) { int iError, iDepth; SSL *pSSL; SSL_CTX *pSCtx; SslServerBind const *pSSLB; X509 *pCert; iError = X509_STORE_CTX_get_error(pXsCtx); iDepth = X509_STORE_CTX_get_error_depth(pXsCtx); if ((pSSL = (SSL *) X509_STORE_CTX_get_ex_data(pXsCtx, SSL_get_ex_data_X509_STORE_CTX_idx())) == NULL) return iOK; pSCtx = SSL_get_SSL_CTX(pSSL); pSSLB = (SslServerBind const *) SSL_CTX_get_app_data(pSCtx); pCert = X509_STORE_CTX_get_current_cert(pXsCtx); #ifdef DEBUG_OSSL char *pszVal; pszVal = X509_NAME_oneline(X509_get_issuer_name(pCert), 0, 0); SysLogMessage(LOG_LEV_MESSAGE, "CERT Issuer: %s\n", pszVal); OPENSSL_free(pszVal); pszVal = X509_NAME_oneline(X509_get_subject_name(pCert), 0, 0); SysLogMessage(LOG_LEV_MESSAGE, "CERT Subject: %s\n", pszVal); OPENSSL_free(pszVal); #endif if (!iOK) { SysLogMessage(LOG_LEV_MESSAGE, "CERT verify error: depth = %d error = '%s'\n", iDepth, X509_verify_cert_error_string(iError)); if (iError == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && pSSLB->ulFlags & BSSLF_ALLOW_SEFLSIGNED) { SysLogMessage(LOG_LEV_MESSAGE, "Self signed CERT allowed (override)\n"); iOK = 1; } } return iOK; }
int BSckSendString(BSOCK_HANDLE hBSock, char const *pszBuffer, int iTimeout) { BuffSocketData *pBSD = (BuffSocketData *) hBSock; char *pszSendBuffer = (char *) SysAlloc(strlen(pszBuffer) + 3); if (pszSendBuffer == NULL) return ErrGetErrorCode(); SysLogMessage(LOG_LEV_DEBUG, "socket write line: [%s]\n", pszBuffer); sprintf(pszSendBuffer, "%s\r\n", pszBuffer); int iSendLength = (int)strlen(pszSendBuffer); if (BSckWriteLL(pBSD, pszSendBuffer, iSendLength, iTimeout) != iSendLength) { SysFree(pszSendBuffer); return ErrGetErrorCode(); } SysFree(pszSendBuffer); return iSendLength; }
char *BSckGetString(BSOCK_HANDLE hBSock, char *pszBuffer, int iMaxChars, int iTimeout, int *pLineLength, int *piGotNL) { int i; BuffSocketData *pBSD = (BuffSocketData *) hBSock; for (i = 0, iMaxChars--; i < iMaxChars;) { /* Verify to have something to read */ if (pBSD->iBytesInBuffer == 0 && BSckFetchData(pBSD, iTimeout) <= 0) return NULL; int iBytesLookup = Min(pBSD->iBytesInBuffer, iMaxChars - i); if (iBytesLookup > 0) { char *pszNL = (char *) memchr(pBSD->pszBuffer + pBSD->iReadIndex, '\n', iBytesLookup); if (pszNL != NULL) { int iCopySize = (int) (pszNL - (pBSD->pszBuffer + pBSD->iReadIndex)); memcpy(pszBuffer + i, pBSD->pszBuffer + pBSD->iReadIndex, iCopySize); i += iCopySize; pBSD->iReadIndex += iCopySize + 1; pBSD->iBytesInBuffer -= iCopySize + 1; /* Line cleanup */ for (; i > 0 && pszBuffer[i - 1] == '\r'; i--); pszBuffer[i] = '\0'; if (pLineLength != NULL) *pLineLength = i; if (piGotNL != NULL) *piGotNL = 1; SysLogMessage(LOG_LEV_DEBUG, "socket read line: [%s]\n", pszBuffer); return pszBuffer; } else { memcpy(pszBuffer + i, pBSD->pszBuffer + pBSD->iReadIndex, iBytesLookup); i += iBytesLookup; pBSD->iReadIndex += iBytesLookup; pBSD->iBytesInBuffer -= iBytesLookup; } } } pszBuffer[i] = '\0'; if (pLineLength != NULL) *pLineLength = i; if (piGotNL != NULL) { *piGotNL = 0; SysLogMessage(LOG_LEV_DEBUG, "socket read line: [%s]\n", pszBuffer); return pszBuffer; } ErrSetErrorCode(ERR_LINE_TOO_LONG); return NULL; }
static void SSLInfoCallback(const SSL *s, int where, int ret) { #else static void SSLInfoCallback(SSL *s, int where, int ret) { #endif if(where & SSL_CB_LOOP) printf("SSL state (%s): %s\r\n", where & SSL_ST_CONNECT ? "connect" : where & SSL_ST_ACCEPT ? "accept" : "undefined", SSL_state_string_long(s)); else if(where & SSL_CB_ALERT) printf("SSL alert (%s): %s: %s\r\n", where & SSL_CB_READ ? "read" : "write", SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); else if(where==SSL_CB_HANDSHAKE_DONE) print_stats(); else if (where & SSL_CB_EXIT) { if (ret == 0) printf("%failed in %s\r\n", SSL_state_string_long(s)); } } #endif /*DEBUG_SSL*/ static void CDECL LockSSL(int iMode, int iType, const char* pszFileName, int iLine) { if(iMode & CRYPTO_LOCK) { #ifdef _WIN32 EnterCriticalSection(&lock); #else pthread_mutex_lock(&lock); #endif } else { if(iMode & CRYPTO_UNLOCK) { #ifdef _WIN32 LeaveCriticalSection(&lock); #else pthread_mutex_unlock(&lock); #endif } } } SSL_CTX* SSLMakeCtx(const SSLOptions& sslOpt, int iServer) { SSL_CTX* pSSLCtx; if(iServer) { pSSLCtx = SSL_CTX_new(SSLv23_server_method()); } else { pSSLCtx = SSL_CTX_new(SSLv23_client_method()); } if(!pSSLCtx) { SysLogMessage(LOG_LEV_ERROR, "Cannot create SSL context, ssl support is disabled\r\n"); return (NULL); } int iSSLOpt = SSL_OP_ALL; #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS iSSLOpt |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; #endif SSL_CTX_set_options(pSSLCtx, iSSLOpt); #if SSLEAY_VERSION_NUMBER >= 0x00906000L SSL_CTX_set_mode(pSSLCtx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #endif /* OpenSSL-0.9.6 */ /* SSL_CTX_set_session_cache_mode(pSSLCtx, SSL_SESS_CACHE_OFF); */ SSL_CTX_set_session_cache_mode(pSSLCtx, SSL_SESS_CACHE_BOTH); SSL_CTX_sess_set_cache_size(pSSLCtx, 128); if(!sslOpt.pszCertFile) { SysLogMessage(LOG_LEV_ERROR, "Certificate file not found, ssl support is disabled\r\n"); SSL_CTX_free(pSSLCtx); return (NULL); } if(!SSL_CTX_use_certificate_chain_file(pSSLCtx, sslOpt.pszCertFile)) { SysLogMessage(LOG_LEV_ERROR, "Error reading certificate file: %s, ssl support is disabled\r\n", sslOpt.pszCertFile); SSL_CTX_free(pSSLCtx); return (NULL); } SSL_CTX_use_RSAPrivateKey_file(pSSLCtx, sslOpt.pszCertFile, SSL_FILETYPE_PEM); if(!SSL_CTX_check_private_key(pSSLCtx)) { SysLogMessage(LOG_LEV_ERROR, "Private key does not match the certificate, ssl support is disabled\r\n"); SSL_CTX_free(pSSLCtx); return (NULL); } #ifdef DEBUG_SSL SSL_CTX_set_info_callback(pSSLCtx, SSLInfoCallback); #endif if(!SSL_CTX_set_cipher_list(pSSLCtx, SSL_DEFAULT_CIPHER_LIST)) { SysLogMessage(LOG_LEV_ERROR, "Cannot set ciphers: %s, ssl support is disabled\r\n", SSL_DEFAULT_CIPHER_LIST); SSL_CTX_free(pSSLCtx); return (NULL); } return (pSSLCtx); }