/* * This callback is issued during the TLS-SRP handshake. * We can use this to get the userid from the TLS-SRP handshake. * If a verifier file as provided, we must pull the SRP verifier * parameters and invoke SSL_set_srp_server_param() with these * values to allow the TLS handshake to succeed. If the application * layer wants to use their own verifier store, they would * hook into it here. They would lookup the verifier parameters * based on the userid and return those parameters by invoking * SSL_set_srp_server_param(). */ static int process_ssl_srp_auth (SSL *s, int *ad, void *arg) { char *login = SSL_get_srp_username(s); SRP_user_pwd *user; if (!login) return (-1); user = SRP_VBASE_get_by_user(srp_db, login); if (user == NULL) { printf("User doesn't exist in SRP database\n"); return SSL3_AL_FATAL; } /* * Get the SRP parameters for the user from the verifier database. * Provide these parameters to TLS to complete the handshake */ if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v, user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; return SSL3_AL_FATAL; } printf("SRP parameters set: username = \"%s\" info=\"%s\" \n", login, user->info); user = NULL; login = NULL; fflush(stdout); return SSL_ERROR_NONE; }
static int SSLSRPServerParamCallback(SSL *s, int *ad, void *arg) { const char* userName = SSL_get_srp_username(s); LOG(INFO) << "User " << userName; const User* user = GetUser(userName); if (!user) { LOG(ERROR) << "User " << userName << " doesn't exist"; *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; return SSL3_AL_FATAL; } SRP_gN *GN = SRP_get_default_gN(FLAGS_srp_default_gN.c_str()); if(GN == NULL) { *ad = SSL_AD_INTERNAL_ERROR; return SSL3_AL_FATAL; } if (!SSL_set_srp_server_param(s, GN->N, GN->g, user->GetSalt(), user->GetVerifier(), NULL)) { *ad = SSL_AD_INTERNAL_ERROR; return SSL3_AL_FATAL; } return SSL_ERROR_NONE; }