/**
* @brief SSL servlet (contexts can be shared)
* @decription THIS IS NOT MY CODE (from page 2)
* @param *ssl[in] Pointer to ssl
*/
void ssl_handshake(SSL* ssl){
char buf[1024];
char reply[1024];
int client, bytes;
if(SSL_accept(ssl) < 0){
printf("\n\nERROR: SSL_accept() failed (server.c - ssl_handshake)\n");
}
else{
bytes = SSL_read(ssl, buf, sizeof(buf));
if (bytes > 0){
buf[bytes] = 0;
printf("Client: %s\n", buf);
long check = atol(buf) + 1;
sprintf(reply, "%ld", check);
SSL_write(ssl, reply, strlen(reply));
}
else{
printf("\n\nERROR: SSL_read() failed (server.c - ssl_handshake)\n");
printf("A client has closed.\n\n");
}
}
client = SSL_get_fd(ssl);
SSL_free(ssl);
close(client);
}
static int est_ssl_read (SSL *ssl, unsigned char *buf, int buf_max,
int sock_read_timeout)
{
int timeout;
int read_fd;
int rv;
struct pollfd pfd;
/*
* load up the timeval struct to be passed to the select
*/
timeout = sock_read_timeout * 1000;
read_fd = SSL_get_fd(ssl);
pfd.fd = read_fd;
pfd.events = POLLIN;
pfd.revents = 0;
errno = 0;
rv = POLL(&pfd, 1, timeout);
if (rv == 0) {
EST_LOG_ERR("Socket poll timeout. No data received from server.");
return -1;
} else if ( rv == -1) {
EST_LOG_ERR("Socket read failure. errno = %d", errno);
return -1;
} else {
return (SSL_read(ssl, buf, buf_max));
}
}
LWS_VISIBLE int
lws_ssl_close(struct lws *wsi)
{
lws_sockfd_type n;
if (!wsi->ssl)
return 0; /* not handled */
#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK)
/* kill ssl callbacks, becausse we will remove the fd from the
* table linking it to the wsi
*/
if (wsi->vhost->ssl_info_event_mask)
SSL_set_info_callback(wsi->ssl, NULL);
#endif
n = SSL_get_fd(wsi->ssl);
if (!wsi->socket_is_permanently_unusable)
SSL_shutdown(wsi->ssl);
compatible_close(n);
SSL_free(wsi->ssl);
wsi->ssl = NULL;
if (wsi->context->simultaneous_ssl_restriction &&
wsi->context->simultaneous_ssl-- ==
wsi->context->simultaneous_ssl_restriction)
/* we made space and can do an accept */
lws_gate_accepts(wsi->context, 1);
#if defined(LWS_WITH_STATS)
wsi->context->updated = 1;
#endif
return 1; /* handled */
}
void Servlet(SSL* ssl) /* Serve the connection -- threadable */
{ char buf[1024];
char reply[1024];
int sd, bytes;
const char* HTMLecho="<html><body><pre>%s</pre></body></html>\n\n";
if ( SSL_accept(ssl) == FAIL ) /* do SSL-protocol accept */
ERR_print_errors_fp(stderr);
else
{
ShowCerts(ssl); /* get any certificates */
bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */
if ( bytes > 0 )
{
buf[bytes] = 0;
printf("Client msg: \"%s\"\n", buf);
sprintf(reply, HTMLecho, buf); /* construct reply */
SSL_write(ssl, reply, strlen(reply)); /* send reply */
}
else
ERR_print_errors_fp(stderr);
}
sd = SSL_get_fd(ssl); /* get socket connection */
SSL_free(ssl); /* release SSL state */
close(sd); /* close connection */
}
LWS_VISIBLE int
lws_ssl_close(struct lws *wsi)
{
int n;
if (!wsi->ssl)
return 0; /* not handled */
#if defined(LWS_USE_POLARSSL)
ssl_close_notify(wsi->ssl);
(void)n; /* we need to close the fd? */
ssl_free(wsi->ssl);
#else
#if defined(LWS_USE_MBEDTLS)
#else
n = SSL_get_fd(wsi->ssl);
SSL_shutdown(wsi->ssl);
compatible_close(n);
SSL_free(wsi->ssl);
#endif
#endif
wsi->ssl = NULL;
return 1; /* handled */
}
// Retrying versions of the SSL I/O operations, using
// non-blocking sockets and select().
int sslWait(SSL *ssl, int ret, const char *op)
{
int err = SSL_get_error(ssl, ret);
bool doread;
switch (err) {
case SSL_ERROR_WANT_READ:
if (debuglevel > 4) fprintf(stderr, "%s wants read\n", op);
doread = true;
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_CONNECT:
if (debuglevel > 4) fprintf(stderr, "%s wants write\n", op);
doread = false;
break;
default:
return ret;
}
int fd = SSL_get_fd(ssl);
fd_set fds;
FD_ZERO(&fds); FD_SET(fd, &fds);
if (doread) {
ret = select(fd+1,&fds,NULL,NULL,NULL);
} else {
ret = select(fd+1,NULL,&fds,NULL,NULL);
}
assert(ret == 1);
assert(FD_ISSET(fd, &fds));
return SSL_OK;
}
void Servlet(int client, SSL* ssl)/* Serve the connection -- threadable */
{
char buf[16384];
int sd, bytes;
if ( SSL_accept(ssl) == -1 ) {
ERR_print_errors_fp(stderr);
} else {
// Send a little data to test reads
bytes = SSL_write(ssl, buf, 1);
bytes = SSL_write(ssl, buf, 1);
bytes = SSL_write(ssl, buf, 1);
bytes = SSL_write(ssl, buf, 1);
do {
bytes = SSL_read(ssl, buf, sizeof(buf));/* get request */
if ( bytes > 0 )
{
} else if (bytes == 0) {
printf("Bytes recv: %i\n", bytes_recv);
}
else {
printf("ERROR\n");
ERR_print_errors_fp(stderr);
break;
}
bytes_recv += bytes;
} while (bytes > 0 );
}
sd = SSL_get_fd(ssl);/* get socket connection */
SSL_free(ssl);/* release SSL state */
close(sd);/* close connection */
}
static void
tls_loop(int sockfd, SSL *tcpssl)
{
fd_set fds;
int maxfd, tcpfd;
tcpfd = SSL_get_fd(tcpssl);
PJDLOG_ASSERT(tcpfd >= 0);
for (;;) {
FD_ZERO(&fds);
FD_SET(sockfd, &fds);
FD_SET(tcpfd, &fds);
maxfd = MAX(sockfd, tcpfd);
PJDLOG_ASSERT(maxfd + 1 <= (int)FD_SETSIZE);
if (select(maxfd + 1, &fds, NULL, NULL, NULL) == -1) {
if (errno == EINTR)
continue;
pjdlog_exit(EX_TEMPFAIL, "select() failed");
}
if (FD_ISSET(sockfd, &fds))
tcp_recv_ssl_send(sockfd, tcpssl);
if (FD_ISSET(tcpfd, &fds))
ssl_recv_tcp_send(tcpssl, sockfd);
}
}
static int ssl_close(void *cookie)
{
close(SSL_get_fd(cookie));
SSL_shutdown(cookie);
SSL_free(cookie);
return 0;
}
static int ssl_close(void *cookie)
{
int cookie_fd = SSL_get_fd(cookie);
int ret;
if (cookie_fd > -1) {
/*
* According to the TLS standard, it is acceptable for an application to only send its shutdown
* alert and then close the underlying connection without waiting for the peer's response (this
* way resources can be saved, as the process can already terminate or serve another connection).
*/
if ((ret = SSL_shutdown(cookie)) < 0) {
ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret));
}
if (!((SSL*)cookie)->server) {
/* For client threads, ensure that the error stack is cleared */
ERR_remove_state(0);
}
SSL_free(cookie);
/* adding shutdown(2) here has no added benefit */
if (close(cookie_fd)) {
ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
}
}
return 0;
}
/* Set up an io for polling. */
int
io_before_poll(struct io *io, struct pollfd *pfd)
{
/* If io is NULL, don't let poll do anything with this one. */
if (io == NULL) {
memset(pfd, 0, sizeof *pfd);
pfd->fd = -1;
return (1);
}
/* Check for errors or closure. */
if (io->error != NULL)
return (-1);
if (IO_CLOSED(io))
return (0);
/* Fill in pollfd. */
memset(pfd, 0, sizeof *pfd);
if (io->ssl != NULL)
pfd->fd = SSL_get_fd(io->ssl);
else
pfd->fd = io->fd;
if (io->rd != NULL)
pfd->events |= POLLIN;
if (io->wr != NULL && (BUFFER_USED(io->wr) != 0 ||
(io->flags & (IOF_NEEDFILL|IOF_NEEDPUSH|IOF_MUSTWR)) != 0))
pfd->events |= POLLOUT;
IO_DEBUG(io, "poll in: 0x%03x", pfd->events);
return (1);
}
BST_IP_ERR_T BST_IP_SslClose( BST_FD_T fd, BST_ARG_T Arg )
{
SSL *pstSsl;
SSL_CTX *pstCtx;
BST_FD_T lSocketFd;
if ( BST_NULL_PTR == fd.pFd )
{
BST_RLS_LOG("BST_IP_SslClose fd.pFd is NULL");
return BST_IP_ERR_ARG;
}
if ( BST_NULL_PTR == Arg )
{
BST_RLS_LOG("BST_IP_SslClose Arg is NULL");
return BST_IP_ERR_ARG;
}
pstSsl = (SSL *)fd.pFd;
pstCtx = (SSL_CTX *)Arg;
/*获取协议栈中socket的fd*/
lSocketFd.lFd = SSL_get_fd( pstSsl );
SSL_shutdown( pstSsl );
if ( BST_IP_ERR_OK !=BST_IP_BsdClose( lSocketFd, BST_NULL_PTR ) )
{
BST_RLS_LOG( "BST_IP_SslClose BST_IP_BsdClose is not OK" );
return BST_IP_ERR_MEM;
}
SSL_set_session( pstSsl, BST_NULL_PTR );
SSL_free(pstSsl);
SSL_CTX_free(pstCtx);
return BST_IP_ERR_OK;
}
BST_IP_ERR_T BST_IP_SslConnect( BST_FD_T fd, BST_ARG_T Arg, BST_IP_SOCKET_ADD_T *pAdd )
{
SSL *pstSsl;
BST_INT32 ret;
BST_FD_T lSocketFd;
pstSsl = (SSL *)fd.pFd;
lSocketFd.lFd = SSL_get_fd(pstSsl);
if (BST_IP_ERR_OK != BST_IP_BsdConnect(lSocketFd, Arg, pAdd) )
{
BST_RLS_LOG( "BST_IP_SslConnect BST_IP_BsdConnect error" );
return BST_IP_ERR_MEM;
}
ret = SSL_connect( pstSsl );
/* 返回值等于1表示connect成功 */
if ( 1 == ret )
{
return BST_IP_ERR_OK;
}
ret = SSL_get_error( pstSsl, ret );
BST_RLS_LOG1( "BST_IP_SslConnect Err No. is %d", ret );
return BST_IP_ERR_VAL;
}
/**
* \brief Free TLS related things when TLS connection fails from some reason
*
* \param[in] config plugin configuration structure
* \param[in] maid structure containing all pointers to free
* \return nothing
*/
void input_listen_tls_cleanup(void *config, struct cleanup *maid)
{
struct plugin_conf *conf;
int fd;
int ret;
conf = (struct plugin_conf *) config;
/* TLS enabled? */
if (conf->tls) {
if (maid->address != NULL) {
free(maid->address);
}
if (maid->ssl != NULL) {
fd = SSL_get_fd(maid->ssl);
if (fd >=0) {
/* TLS shutdown */
ret = SSL_shutdown(maid->ssl);
if (ret == -1) {
MSG_WARNING(msg_module, "Error during TLS connection teardown");
}
}
SSL_free(maid->ssl);
}
if (maid->peer_cert != NULL) {
X509_free(maid->peer_cert);
}
}
}
static void process(SSL* ssl)
{
char buf[1024];
int sd, bytes;
strcpy(buf, "Hello World\n");
if (SSL_connect(ssl) != 1) {
ERR_print_errors_fp(stderr);
goto out;
}
show_certificates(ssl);
while (1) {
bytes = SSL_write(ssl, buf, sizeof(buf));
if (bytes > 0) {
printf("received from client: \"%s\"\n", buf);
SSL_write(ssl, buf, bytes);
} else {
ERR_print_errors_fp(stderr);
break;
}
if (SSL_get_shutdown(ssl) == SSL_RECEIVED_SHUTDOWN) {
SSL_shutdown(ssl);
break;
}
}
out:
sd = SSL_get_fd(ssl);
SSL_free(ssl);
close(sd);
}
void
lws_ssl_info_callback(const SSL *ssl, int where, int ret)
{
struct lws *wsi;
struct lws_context *context;
struct lws_ssl_info si;
context = (struct lws_context *)SSL_CTX_get_ex_data(
SSL_get_SSL_CTX(ssl),
openssl_SSL_CTX_private_data_index);
if (!context)
return;
wsi = wsi_from_fd(context, SSL_get_fd(ssl));
if (!wsi)
return;
if (!(where & wsi->vhost->ssl_info_event_mask))
return;
si.where = where;
si.ret = ret;
if (user_callback_handle_rxflow(wsi->protocol->callback,
wsi, LWS_CALLBACK_SSL_INFO,
wsi->user_space, &si, 0))
lws_set_timeout(wsi, PENDING_TIMEOUT_KILLED_BY_SSL_INFO, -1);
}
/*
* Take care of the blocking IO aspect of ssl_read. Make sure there's
* something waiting to be read from the socket before calling ssl_read.
*/
static int est_ssl_read (SSL *ssl, unsigned char *buf, int buf_max,
int sock_read_timeout)
{
struct timeval timeout;
fd_set set;
int read_fd;
int rv;
/*
* load up the timeval struct to be passed to the select
*/
timeout.tv_sec = sock_read_timeout;
timeout.tv_usec = 0;
read_fd = SSL_get_fd(ssl);
FD_ZERO(&set);
FD_SET(read_fd, &set);
rv = select(read_fd + 1, &set, NULL, NULL, &timeout);
if (rv == 0) {
EST_LOG_ERR("Socket read timeout. No data received from server.");
return -1;
}
return (SSL_read(ssl, buf, buf_max));
}
/*
Cleans up the SSL functions at the tear
down of a connection
*/
void sslClose(SSL *ssl)
{
int sd;
sd = SSL_get_fd(ssl);
SSL_free(ssl);
close(sd);
}
static int sock_read_ready(SSL *ssl, uint32_t ms)
{
int r = 0;
fd_set fds;
struct timeval tv;
FD_ZERO(&fds);
FD_SET(SSL_get_fd(ssl), &fds);
tv.tv_sec = ms / 1000;
tv.tv_usec = (ms % 1000) * ms;
r = select (SSL_get_fd(ssl) + 1, &fds, NULL, NULL, &tv);
return r;
}
/*-
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
* Returns:
* SSL * = the connection pointer.
*/
static SSL *doConnection(SSL *scon)
{
BIO *conn;
SSL *serverCon;
int width, i;
fd_set readfds;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
/* BIO_set_conn_port(conn,port);*/
BIO_set_conn_hostname(conn, host);
if (scon == NULL)
serverCon = SSL_new(tm_ctx);
else {
serverCon = scon;
SSL_set_connect_state(serverCon);
}
SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */
for (;;) {
i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) {
BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon);
width = i + 1;
FD_ZERO(&readfds);
openssl_fdset(i, &readfds);
/*
* Note: under VMS with SOCKETSHR the 2nd parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
select(width, (void *)&readfds, NULL, NULL, NULL);
continue;
}
break;
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
return serverCon;
}
int ssl_timeoutaccept(SSL *ssl,unsigned int timeout)
{
struct taia now;
struct taia deadline;
iopause_fd x;
int r;
int rfd;
int wfd;
taia_now(&now);
taia_uint(&deadline,timeout);
taia_add(&deadline,&now,&deadline);
rfd = SSL_get_fd(ssl); /* XXX */
wfd = SSL_get_fd(ssl); /* XXX */
SSL_set_accept_state(ssl);
for (;;) {
r = SSL_accept(ssl);
if (r == 1) return 0;
ssl_errno = SSL_get_error(ssl,r);
errno = error_proto;
if ((ssl_errno != SSL_ERROR_WANT_READ) && (ssl_errno != SSL_ERROR_WANT_WRITE))
return -1;
if (ssl_errno == SSL_ERROR_WANT_READ) {
x.events = IOPAUSE_READ;
x.fd = rfd;
if (x.fd == -1) return -1;
}
else {
x.events = IOPAUSE_WRITE;
x.fd = wfd;
if (x.fd == -1) return -1;
}
for (;;) {
taia_now(&now);
iopause(&x,1,&deadline,&now);
if (x.revents) break;
if (taia_less(&deadline,&now))
return -1;
}
}
}
/***********************************************************************
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
* Returns:
* SSL * = the connection pointer.
*/
static SSL *
doConnection(SSL * scon)
{
BIO *conn;
SSL *serverCon;
int width, i;
fd_set readfds;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
/* BIO_set_conn_port(conn,port);*/
BIO_set_conn_hostname(conn, host);
if (scon == NULL)
serverCon = SSL_new(tm_ctx);
else {
serverCon = scon;
SSL_set_connect_state(serverCon);
}
SSL_set_bio(serverCon, conn, conn);
#if 0
if (scon != NULL)
SSL_set_session(serverCon, SSL_get_session(scon));
#endif
/* ok, lets connect */
for (;;) {
i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) {
BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon);
width = i + 1;
FD_ZERO(&readfds);
FD_SET(i, &readfds);
select(width, &readfds, NULL, NULL, NULL);
continue;
}
break;
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
return serverCon;
}
int platform_ssl_recv(void *ssl, char *buf, uint32_t len, int timeout_ms)
{
int ret, err_code;
uint32_t len_recv;
uint64_t t_end, t_left;
fd_set sets;
struct timeval timeout;
int fd = SSL_get_fd(ssl);
t_end = GetTickCount() + timeout_ms;
len_recv = 0;
err_code = 0;
if ((uint32_t)SSL_pending(ssl) >= len) {
len_recv = SSL_read(ssl, buf, len);
} else {
do {
t_left = time_left(t_end, GetTickCount());
FD_ZERO(&sets);
FD_SET(fd, &sets);
timeout.tv_sec = t_left / 1000;
timeout.tv_usec = (t_left % 1000) * 1000;
ret = select(fd + 1, &sets, NULL, NULL, &timeout);
if (ret > 0) {
ret = SSL_read((SSL *)ssl, buf + len_recv, len - len_recv);
if (ret > 0) {
len_recv += ret;
} else if (0 == ret) {
PLATFORM_WINSOCK_LOG("connection is closed");
err_code = -1;
break;
} else {
if (SSL_ERROR_WANT_READ == SSL_get_error(ssl, ret)) {
continue;
}
PLATFORM_WINSOCK_PERROR("recv fail");
err_code = -2;
break;
}
} else if (0 == ret) {
break;
} else {
PLATFORM_WINSOCK_PERROR("select-read fail");
err_code = -2;
break;
}
} while ((len_recv < len) && (time_left(t_end, GetTickCount()) > 0));
}
/* priority to return data bytes if any data be received from TCP connection. */
/* It will get error code on next calling */
return (0 != len_recv) ? len_recv : err_code;
}
int HandleLogin(SSL *ssl, cJSON *attr)
{
if(!ssl || !attr) return -1;
char *username=NULL, *password=NULL;
cJSON *child = attr->child;
while(child)
{
if(0==strcmp(child->string, "username"))
username = child->valuestring;
else if(0==strcmp(child->string, "password"))
password = child->valuestring;
child = child->next;
}
if(!username || !password)
return -1;
int status = DB_Login(username, password);
int sid=-1;
cJSON *respJson;
char *respStr=NULL;
switch(status) {
case -1: /*Unknown Error*/
HandleError(ssl, "Unknown error!");
break;
case -2: /*user not exists*/
HandleError(ssl, "User not exists.");
break;
case -3: /*password wrong*/
HandleError(ssl, "Password is not right.");
break;
case -4: /*cert status not ready*/
HandleError(ssl, "Certificate is not ready?");
break;
case 0: /*correct*/
sid = SSL_get_fd(ssl);
/*Add the session into the list*/
sid = Session_Add(sid, username);
/*Print all the session data for debug purpose*/
Session_Print_All();
respJson = cJSON_CreateObject();
cJSON_AddStringToObject(respJson, "cmd", "success");
cJSON *attr = cJSON_CreateObject();
cJSON_AddItemToObject(respJson, "attr", attr);
cJSON_AddNumberToObject(attr, "sid", sid);
respStr = cJSON_Print(respJson);
cJSON_Delete(respJson);
SSL_send(ssl, respStr, strlen(respStr));
free(respStr);
break;
default:
break;
}
return 0;
}
SSLSocket::~SSLSocket()
{
int fd = SSL_get_fd(ssl);
SSL_shutdown(ssl);
close(fd);
fd = -1;
SSL_free(ssl);
ssl = NULL;
SSL_CTX_free(ctx);
ctx = NULL;
}
CAMLprim value ocaml_ssl_get_file_descr(value socket)
{
CAMLparam1(socket);
SSL *ssl = SSL_val(socket);
int fd;
caml_enter_blocking_section();
fd = SSL_get_fd(ssl);
caml_leave_blocking_section();
CAMLreturn(Val_int(fd));
}
/***********************************************************************
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
* Returns:
* SSL * = the connection pointer.
*/
static SSL *
doConnection(SSL * scon)
{
struct pollfd pfd[1];
SSL *serverCon;
BIO *conn;
long verify_error;
int i;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
/* BIO_set_conn_port(conn,port);*/
BIO_set_conn_hostname(conn, s_time_config.host);
if (scon == NULL)
serverCon = SSL_new(tm_ctx);
else {
serverCon = scon;
SSL_set_connect_state(serverCon);
}
SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */
for (;;) {
i = SSL_connect(serverCon);
if (BIO_sock_should_retry(i)) {
BIO_printf(bio_err, "DELAY\n");
i = SSL_get_fd(serverCon);
pfd[0].fd = i;
pfd[0].events = POLLIN;
poll(pfd, 1, -1);
continue;
}
break;
}
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
verify_error = SSL_get_verify_result(serverCon);
if (verify_error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
return serverCon;
}
/*-
* doConnection - make a connection
*/
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
{
BIO *conn;
SSL *serverCon;
int i;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return NULL;
BIO_set_conn_hostname(conn, host);
BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
if (scon == NULL)
serverCon = SSL_new(ctx);
else {
serverCon = scon;
SSL_set_connect_state(serverCon);
}
SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */
i = SSL_connect(serverCon);
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_args.error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
#if defined(SOL_SOCKET) && defined(SO_LINGER)
{
struct linger no_linger;
int fd;
no_linger.l_onoff = 1;
no_linger.l_linger = 0;
fd = SSL_get_fd(serverCon);
if (fd >= 0)
(void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
sizeof(no_linger));
}
#endif
return serverCon;
}
static void benchmark(SSL *ssl, uint64_t send_bytes, uint64_t recv_bytes)
{
uint64_t bytes = 0;
char buf[BENCH_CHUNK];
record_time_t t0, t1, t2;
int sd;
memset(buf, 'a', BENCH_CHUNK);
record_time(&t0);
if (SSL_connect(ssl) != 1) {
ERR_print_errors_fp(stderr);
goto out;
}
printf("cipher: %s\n", SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
record_time(&t1);
if (send_bytes) {
while (bytes < send_bytes) {
int to_send = (send_bytes - bytes > BENCH_CHUNK) ? BENCH_CHUNK : send_bytes - bytes;
if (SSL_write_all(ssl, buf, to_send))
break;
bytes += to_send;
}
} else {
while (bytes < recv_bytes) {
int to_recv = (recv_bytes - bytes > BENCH_CHUNK) ? BENCH_CHUNK : recv_bytes - bytes;
int recved;
recved = SSL_read(ssl, buf, sizeof(to_recv));
if (recved > 0)
bytes += recved;
else
break;
}
}
record_time(&t2);
print_time((send_bytes > 0) ? "sending" : "receiving",
(send_bytes > 0) ? send_bytes : recv_bytes,
&t1, &t2);
SSL_shutdown(ssl);
out:
sd = SSL_get_fd(ssl);
SSL_free(ssl);
close(sd);
}
int smbot_select(int sockfd,SSL *ssl,bool is_use_ssl)
{
fd_set reads;
struct timeval timeout;
FD_ZERO(&reads);
if(is_use_ssl)
sockfd=SSL_get_fd(ssl);
FD_SET(sockfd,&reads);
timeout.tv_sec=10*60;
timeout.tv_usec=0;
return select(sockfd+1,&reads,NULL,NULL,&timeout);
}
