DLLEXPORT const char * tqsl_getErrorString_v(int err) { static char buf[256]; unsigned long openssl_err; int adjusted_err; if (err == 0) return "NO ERROR"; if (err == TQSL_CUSTOM_ERROR) { if (tQSL_CustomError[0] == 0) return "Unknown custom error"; else { strncpy(buf, tQSL_CustomError, sizeof buf); return buf; } } if (err == TQSL_SYSTEM_ERROR) { strcpy(buf, "System error: "); if (strlen(tQSL_ErrorFile) > 0) { strncat(buf, tQSL_ErrorFile, sizeof buf - strlen(buf)); strncat(buf, ": ", sizeof buf - strlen(buf)); } strncat(buf, strerror(errno), sizeof buf - strlen(buf)); return buf; } if (err == TQSL_OPENSSL_ERROR) { openssl_err = ERR_get_error(); strcpy(buf, "OpenSSL error: "); if (openssl_err) ERR_error_string_n(openssl_err, buf + strlen(buf), sizeof buf - strlen(buf)); else strncat(buf, "[error code not available]", sizeof buf - strlen(buf)); return buf; } if (err == TQSL_ADIF_ERROR) { buf[0] = 0; if (strlen(tQSL_ErrorFile) > 0) { strncpy(buf, tQSL_ErrorFile, sizeof buf); strncat(buf, ": ", sizeof buf - strlen(buf)); } strncat(buf, tqsl_adifGetError(tQSL_ADIF_Error), sizeof buf - strlen(buf)); return buf; } if (err == TQSL_CABRILLO_ERROR) { buf[0] = 0; if (strlen(tQSL_ErrorFile) > 0) { strncpy(buf, tQSL_ErrorFile, sizeof buf); strncat(buf, ": ", sizeof buf - strlen(buf)); } strncat(buf, tqsl_cabrilloGetError(tQSL_Cabrillo_Error), sizeof buf - strlen(buf)); return buf; } if (err == TQSL_OPENSSL_VERSION_ERROR) { sprintf(buf, "Incompatible OpenSSL Library version %d.%d.%d; expected %d.%d.%d", int(SSLeay() >> 28) & 0xff, int(SSLeay() >> 20) & 0xff, int(SSLeay() >> 12) & 0xff, int(OPENSSL_VERSION_NUMBER >> 28) & 0xff, int(OPENSSL_VERSION_NUMBER >> 20) & 0xff, int(OPENSSL_VERSION_NUMBER >> 12) & 0xff); return buf; }
static void regress_bufferevent_openssl(void *arg) { struct basic_test_data *data = arg; struct bufferevent *bev1, *bev2; SSL *ssl1, *ssl2; X509 *cert = getcert(); EVP_PKEY *key = getkey(); const int start_open = strstr((char*)data->setup_data, "open")!=NULL; const int filter = strstr((char*)data->setup_data, "filter")!=NULL; int flags = BEV_OPT_DEFER_CALLBACKS; struct bufferevent *bev_ll[2] = { NULL, NULL }; evutil_socket_t *fd_pair = NULL; tt_assert(cert); tt_assert(key); init_ssl(); if (strstr((char*)data->setup_data, "renegotiate")) { if (SSLeay() >= 0x10001000 && SSLeay() < 0x1000104f) { /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 * can't renegotiate with themselves. Disable. */ disable_tls_11_and_12 = 1; } renegotiate_at = 600; } ssl1 = SSL_new(get_ssl_ctx()); ssl2 = SSL_new(get_ssl_ctx()); SSL_use_certificate(ssl2, cert); SSL_use_PrivateKey(ssl2, key); if (! start_open) flags |= BEV_OPT_CLOSE_ON_FREE; if (!filter) { tt_assert(strstr((char*)data->setup_data, "socketpair")); fd_pair = data->pair; } else { bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], BEV_OPT_CLOSE_ON_FREE); bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], BEV_OPT_CLOSE_ON_FREE); } open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, fd_pair, bev_ll); if (!filter) { tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); } else {
void ssl_check_version(void) { if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { msyslog(LOG_WARNING, "OpenSSL version mismatch. Built against %lx, you have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); fprintf(stderr, "OpenSSL version mismatch. Built against %lx, you have %lx\n", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); } INIT_SSL(); }
void rb_get_ssl_info(char *buf, size_t len) { rb_snprintf(buf, len, "Using SSL: %s compiled: 0x%lx, library 0x%lx", SSLeay_version(SSLEAY_VERSION), (long)OPENSSL_VERSION_NUMBER, SSLeay()); }
static void init(struct fmt_main *self) { /* OpenSSL init, cleanup part is left to OS */ SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); #if defined(_OPENMP) && OPENSSL_VERSION_NUMBER >= 0x10000000 if (SSLeay() < 0x10000000) { fprintf(stderr, "Warning: compiled against OpenSSL 1.0+, " "but running with an older version -\n" "disabling OpenMP for pfx because of thread-safety issues " "of older OpenSSL\n"); fmt_pfx.params.min_keys_per_crypt = fmt_pfx.params.max_keys_per_crypt = 1; fmt_pfx.params.flags &= ~FMT_OMP; } else { int omp_t = 1; omp_t = omp_get_max_threads(); self->params.min_keys_per_crypt *= omp_t; omp_t *= OMP_SCALE; self->params.max_keys_per_crypt *= omp_t; } #endif saved_key = mem_calloc_tiny(sizeof(*saved_key) * self->params.max_keys_per_crypt, MEM_ALIGN_NONE); any_cracked = 0; cracked_size = sizeof(*cracked) * self->params.max_keys_per_crypt; cracked = mem_calloc_tiny(cracked_size, MEM_ALIGN_WORD); }
void init_rng(void) { /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status * We match major, minor, fix and status (not patch) */ if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); #ifndef OPENSSL_PRNG_ONLY original_uid = getuid(); original_euid = geteuid(); #endif }
END_TEST START_TEST(ssl_features_01) { long vdiff = ((OPENSSL_VERSION_NUMBER ^ SSLeay()) & 0xfffff000L); fail_unless(!vdiff, "OpenSSL version mismatch at runtime"); }
/** * @internal * @brief Initialize libcrypto's subsystem */ int ssh_crypto_init(void) { size_t i; if (libcrypto_initialized) { return SSH_OK; } if (SSLeay() != OPENSSL_VERSION_NUMBER){ SSH_LOG(SSH_LOG_WARNING, "libssh compiled with %s " "headers, currently running with %s.", OPENSSL_VERSION_TEXT, SSLeay_version(SSLeay()) ); } #ifdef CAN_DISABLE_AESNI /* * disable AES-NI when running within Valgrind, because they generate * too many "uninitialized memory access" false positives */ if (RUNNING_ON_VALGRIND){ SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, disabling AES-NI"); /* Bit #57 denotes AES-NI instruction set extension */ OPENSSL_ia32cap &= ~(1LL << 57); } #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L OpenSSL_add_all_algorithms(); #endif for (i = 0; ssh_ciphertab[i].name != NULL; i++) { int cmp; cmp = strcmp(ssh_ciphertab[i].name, "*****@*****.**"); if (cmp == 0) { memcpy(&ssh_ciphertab[i], ssh_get_chacha20poly1305_cipher(), sizeof(struct ssh_cipher_struct)); break; } } libcrypto_initialized = 1; return SSH_OK; }
void init_rng(void) { #if defined (DISABLED_BY_DEBIAN) /* drow: Is this check still too strict for Debian? */ /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status * We match major, minor, fix and status (not patch) */ if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); #endif #ifndef OPENSSL_PRNG_ONLY original_uid = getuid(); original_euid = geteuid(); #endif }
static void init_ssl(void) { SSL_library_init(); ERR_load_crypto_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); if (SSLeay() != OPENSSL_VERSION_NUMBER) { TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long)SSLeay())); } }
/** Initialize OpenSSL, unless it has already been initialized. */ static void tor_tls_init(void) { if (!tls_library_is_initialized) { long version; SSL_library_init(); SSL_load_error_strings(); crypto_global_init(-1); version = SSLeay(); /* OpenSSL 0.9.8l introdeced SSL3_FLAGS_ALLOW_UNSAGE_LEGACY_RENEGOTIATION * here, but without thinking too hard about it: it turns out that the * flag in question needed to be set at the last minute, and that it * conflicted with an existing flag number that had already been added * in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced * the flag with an option and (it seems) broke anything that used * SSL3_FLAGS_* for the purpose. So we need to know how to do both, * and we mustn't use the SSL3_FLAGS option with anything besides * OpenSSL 0.9.8l. * * No, we can't just set flag 0x0010 everywhere. It breaks Tor with * OpenSSL 1.0.0beta, since i. No, we can't just set option * 0x00040000L everywhere: before 0.9.8m, it meant something else. * * No, we can't simply detect whether the flag or the option is present * in the headers at build-time: some vendors (notably Apple) like to * leave their headers out of sync with their libraries. * * Yes, it _is_ almost as if the OpenSSL developers decided that no * program should be allowed to use renegotiation its first passed an * test of intelligence and determination. */ if (version >= 0x009080c0L && version < 0x009080d0L) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " "I will try SSL3_FLAGS to enable renegotation.", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_op = 1; } else if (version >= 0x009080d0L) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " "I will try SSL_OP to enable renegotiation", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_op = 1; } else { log_info(LD_GENERAL, "OpenSSL %s has version %lx", SSLeay_version(SSLEAY_VERSION), version); } tls_library_is_initialized = 1; } }
int version_main(int argc, char **argv) { memset(&version_config, 0, sizeof(version_config)); if (options_parse(argc, argv, version_options, NULL, NULL) != 0) { version_usage(); return (1); } if (argc == 1) version_config.version = 1; if (version_config.version) { if (SSLeay() == SSLEAY_VERSION_NUMBER) { printf("%s\n", SSLeay_version(SSLEAY_VERSION)); } else { printf("%s (Library: %s)\n", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); } } if (version_config.date) printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON)); if (version_config.platform) printf("%s\n", SSLeay_version(SSLEAY_PLATFORM)); if (version_config.options) { printf("options: "); printf("%s ", BN_options()); #ifndef OPENSSL_NO_RC4 printf("%s ", RC4_options()); #endif #ifndef OPENSSL_NO_DES printf("%s ", DES_options()); #endif #ifndef OPENSSL_NO_IDEA printf("%s ", idea_options()); #endif #ifndef OPENSSL_NO_BF printf("%s ", BF_options()); #endif printf("\n"); } if (version_config.cflags) printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); if (version_config.dir) printf("%s\n", SSLeay_version(SSLEAY_DIR)); return (0); }
static void setup_ecdh(SSL_CTX *ctx) { EC_KEY *ecdh; if (SSLeay() < 0x1000005fL) { return; } ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); SSL_CTX_set_tmp_ecdh(ctx, ecdh); EC_KEY_free(ecdh); }
static int verify_lib_version(void) { const unsigned long libv = SSLeay(); const unsigned long hdrv = OPENSSL_VERSION_NUMBER; # define MAJOR_VER(V) ((unsigned long)(V) >> (7*4)) if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) { PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION" " lib=%lx header=%lx\n", libv, hdrv); return 0; } return 1; }
void init_ssl(void) { #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) SSL_library_init(); ERR_load_crypto_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); if (SSLeay() != OPENSSL_VERSION_NUMBER) { TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay())); } #endif }
void checkVersion() { const char *header = OPENSSL_VERSION_TEXT; unsigned long header_num = SSLEAY_VERSION_NUMBER; const char *library = SSLeay_version(SSLEAY_VERSION); unsigned long library_num = SSLeay(); // If this check fails, we have probably got a header/library mismatch if (strcmp(header,library) != 0 || header_num != library_num) { fprintf(stderr,"Version mismatch:\n"); fprintf(stderr,"Header: %lx: %s\n", header_num, header); fprintf(stderr,"Library: %lx: %s\n", library_num, library); abort(); } }
void crypto_warn_openssl_version_changed(void) { /* * Check that the OpenSSL headers used match the version of the * OpenSSL library used. * Output a warning if not. */ if (SSLeay() != OPENSSL_VERSION_NUMBER) { log_info("Note: compiled using OpenSSL version '%s' headers, but linked to " "OpenSSL version '%s' library", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); } }
sxc_client_t *sxc_init(const char *client_version, const sxc_logger_t *func, int (*confirm)(const char *prompt, int def)) { uint32_t runtime_ver = SSLeay(); uint32_t compile_ver = SSLEAY_VERSION_NUMBER; sxc_client_t *sx; struct sxi_logger l; if (!func) return NULL; memset(&l, 0, sizeof(l)); l.max_level = SX_LOG_DEBUG; l.func = func; const char *this_version = sxc_get_version(); if (!client_version || strcmp(client_version, this_version)) { sxi_log_msg(&l, "sxc_init", SX_LOG_CRIT, "Version mismatch: our version '%s' - library version '%s'", client_version, this_version); return NULL; } /* FIXME THIS IS NOT THREAD SAFE */ srand(time(NULL)); signal(SIGPIPE, SIG_IGN); /* TODO: have a way to log this */ if((runtime_ver & 0xff0000000) != (compile_ver & 0xff0000000)) { return NULL; } CURLcode rc = curl_global_init(CURL_GLOBAL_ALL); if (rc) { sxi_log_msg(&l, "sxc_init", SX_LOG_CRIT, "Failed to initialize libcurl: %s", curl_easy_strerror(rc)); return NULL; } sx = calloc(1, sizeof(struct _sxc_client_t)); if (!sx) { sxi_log_syserr(&l, "sxc_init", SX_LOG_CRIT, "Failed to allocate sx structure"); return NULL; } if(lt_dlinit()) { const char *err = lt_dlerror(); sx->fctx.filter_cnt = -1; sxi_log_syserr(&l, "sxc_init", SX_LOG_CRIT, "Failed to initialize libltdl: %s", err ? err : ""); } sx->log.max_level = SX_LOG_NOTICE; sx->log.func = func; sx->confirm = confirm; return sx; }
/** Check build and linked versions of OpenSSL match * * Startup check for whether the linked version of OpenSSL matches the * version the server was built against. * * @return 0 if ok, else -1 */ int ssl_check_version(void) { long ssl_linked; ssl_linked = SSLeay(); if (ssl_linked != ssl_built) { ERROR("libssl version mismatch." " Built with: %lx\n Linked: %lx", (unsigned long) ssl_built, (unsigned long) ssl_linked); return -1; }; return 0; }
int main(int argc,char** argv){ evbase = event_base_new(); if(!evbase){ fprintf(stderr, "create evbase error!\n"); exit(0); } // 创建http server实例 ev_ssl = evhttp_new(evbase); if(!ev_ssl){ exit(0); } // openssl 初始化 SSL_library_init(); ERR_load_crypto_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); if (SSLeay() != OPENSSL_VERSION_NUMBER){ } ev_ssl->ctx = get_ssl_ctx(certfile_url.c_str(),keyfile_url.c_str()); ev_ssl->ssl_cb = bufferevent_openssl_socket_new; std::string ev_ssl_ip="192.168.1.10"; int ev_ssl_port = 8080; // evhttp_bind_socket_with_handle这个函数在原基础上追加一个参数,标示http server知否支持ssl(0:不支持 1:支持) struct evhttp_bound_socket *ssl_handle = evhttp_bind_socket_with_handle(ev_ssl, ev_ssl_ip.c_str(), ev_ssl_port,1); if(!ssl_handle){ exit(0); } struct evconnlistener *ssl_listener = evhttp_bound_socket_get_listener(ssl_handle); evconnlistener_set_error_cb(ssl_listener, ssl_accept_error_cb); evhttp_set_cb(ev_ssl, "/ping", ping_handler, NULL); event_base_dispatch(evbase); evhttp_free(ev_ssl); event_base_free(evbase); return 0; }
const bool QFrankSSL::K_OpenSSLMitBugs()const { /* Version 0.9.7c hat ein Bug in der Funktion SSL_set_cipher_list() es wird immer 1 geliefert. Egal ob der Algorithmus gültig ist oder nicht. */ //qDebug("0x%X",SSLeay()); if(SSLeay()==0x00090703f) { #ifndef QT_NO_DEBUG qCritical(qPrintable(trUtf8("QFrankSSL Bugprüfung: 0.9.7c gefunden!!!","debug"))); #endif emit SSLFehler(trUtf8("Die installierte OpenSSL Version: %1 enthält Bugs.\r\nWeitere Hinweise entnehmen Sie bitte der Datei Hinweise.txt") .arg(SSLeay_version(SSLEAY_VERSION))); return true; } return false; }
/** * @brief Configure generic SSL parameters * @param d domain * @return 0 */ static int set_ssl_options(tls_domain_t* d) { int i; int procs_no; long options; #if OPENSSL_VERSION_NUMBER >= 0x00908000L long ssl_version; STACK_OF(SSL_COMP)* comp_methods; #endif procs_no=get_max_procs(); options=SSL_OP_ALL; /* all the bug workarrounds by default */ #if OPENSSL_VERSION_NUMBER >= 0x00907000L options|=SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE; #if OPENSSL_VERSION_NUMBER >= 0x00908000L ssl_version=SSLeay(); if ((ssl_version >= 0x0090800L) && (ssl_version < 0x0090803fL)){ /* if 0.9.8 <= openssl version < 0.9.8c and compression support is * enabled disable SSL_OP_TLS_BLOCK_PADDING_BUG (set by SSL_OP_ALL), * see openssl #1204 http://rt.openssl.org/Ticket/Display.html?id=1204 */ comp_methods=SSL_COMP_get_compression_methods(); if (comp_methods && (sk_SSL_COMP_num(comp_methods) > 0)){ options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG; LOG(L_WARN, "tls: set_ssl_options: openssl " "SSL_OP_TLS_BLOCK_PADDING bug workaround enabled " "(openssl version %lx)\n", ssl_version); }else{ LOG(L_INFO, "tls: set_ssl_options: detected openssl version (%lx) " " has the SSL_OP_TLS_BLOCK_PADDING bug, but compression " " is disabled so no workaround is needed\n", ssl_version); } } # endif #endif for(i = 0; i < procs_no; i++) { SSL_CTX_set_options(d->ctx[i], options); if(sr_tls_renegotiation==0) SSL_CTX_set_info_callback(d->ctx[i], sr_ssl_ctx_info_callback); } return 0; }
static int getssl_version( char *ptr, size_t left, long *num ) { #if ( SSLEAY_VERSION_NUMBER >= 0x905000 ) { char sub[2]; unsigned long ssleay_value; sub[1] = '\0'; ssleay_value = SSLeay(); *num = (long)ssleay_value; if ( ssleay_value < 0x906000 ) { ssleay_value = SSLEAY_VERSION_NUMBER; sub[0] = '\0'; } else { if ( ssleay_value & 0xff0 ) { sub[0] = (char)( ( ssleay_value >> 4 ) & 0xff ) + 'a' - 1; } else { sub[0] = '\0'; } }
size_t Curl_ossl_version(char *buffer, size_t size) { #if (SSLEAY_VERSION_NUMBER >= 0x905000) { char sub[2]; unsigned long ssleay_value; sub[1]='\0'; ssleay_value=SSLeay(); if(ssleay_value < 0x906000) { ssleay_value=SSLEAY_VERSION_NUMBER; sub[0]='\0'; } else { if(ssleay_value&0xff0) { sub[0]=(char)((ssleay_value>>4)&0xff) + 'a' -1; } else sub[0]='\0'; }
void print_version(void) { #ifdef OPENSSL_VERSION_NUMBER printf("OPENSSL_VERSION_NUMBER: %#08lx\n", OPENSSL_VERSION_NUMBER); #endif #ifdef LIBRESSL_VERSION_NUMBER printf("LIBRESSL_VERSION_NUMBER: %#08lx\n", LIBRESSL_VERSION_NUMBER); #endif #ifdef LIBRESSL_VERSION_TEXT printf("LIBRESSL_VERSION_TEXT: %s\n", LIBRESSL_VERSION_TEXT); #endif #if OPENSSL_VERSION_NUMBER >= 0x1010000f printf("OpenSSL_version_num: %#08lx\n", OpenSSL_version_num()); printf("OpenSSL_version OPENSSL_VERSION: %s\n", OpenSSL_version(OPENSSL_VERSION)); printf("OpenSSL_version OPENSSL_CFLAGS: %s\n", OpenSSL_version(OPENSSL_CFLAGS)); printf("OpenSSL_version OPENSSL_BUILT_ON: %s\n", OpenSSL_version(OPENSSL_BUILT_ON)); printf("OpenSSL_version OPENSSL_PLATFORM: %s\n", OpenSSL_version(OPENSSL_PLATFORM)); printf("OpenSSL_version OPENSSL_DIR: %s\n", OpenSSL_version(OPENSSL_DIR)); printf("OpenSSL_version OPENSSL_ENGINES_DIR: %s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); #endif printf("SSLeay: %#08lx\n", SSLeay()); printf("SSLeay_version SSLEAY_VERSION: %s\n", SSLeay_version(SSLEAY_VERSION)); printf("SSLeay_version SSLEAY_CFLAGS: %s\n", SSLeay_version(SSLEAY_CFLAGS)); printf("SSLeay_version SSLEAY_BUILT_ON: %s\n", SSLeay_version(SSLEAY_BUILT_ON)); printf("SSLeay_version SSLEAY_PLATFORM: %s\n", SSLeay_version(SSLEAY_PLATFORM)); printf("SSLeay_version SSLEAY_DIR: %s\n", SSLeay_version(SSLEAY_DIR)); }
static void TestDecrypt(const CCrypter& crypt, const std::vector<unsigned char>& vchCiphertext, \ const std::vector<unsigned char>& vchPlaintext = std::vector<unsigned char>()) { CKeyingMaterial vchDecrypted1; CKeyingMaterial vchDecrypted2; int result1, result2; result1 = crypt.Decrypt(vchCiphertext, vchDecrypted1); result2 = OldDecrypt(vchCiphertext, vchDecrypted2, crypt.vchKey.data(), crypt.vchIV.data()); BOOST_CHECK(result1 == result2); // These two should be equal. However, OpenSSL 1.0.1j introduced a change // that would zero all padding except for the last byte for failed decrypts. // This behavior was reverted for 1.0.1k. if (vchDecrypted1 != vchDecrypted2 && vchDecrypted1.size() >= AES_BLOCK_SIZE && SSLeay() == 0x100010afL) { for(CKeyingMaterial::iterator it = vchDecrypted1.end() - AES_BLOCK_SIZE; it != vchDecrypted1.end() - 1; it++) *it = 0; } BOOST_CHECK_MESSAGE(vchDecrypted1 == vchDecrypted2, HexStr(vchDecrypted1.begin(), vchDecrypted1.end()) + " != " + HexStr(vchDecrypted2.begin(), vchDecrypted2.end())); if (vchPlaintext.size()) BOOST_CHECK(CKeyingMaterial(vchPlaintext.begin(), vchPlaintext.end()) == vchDecrypted2); }
/** Check build and linked versions of OpenSSL match * * Startup check for whether the linked version of OpenSSL matches the * version the server was built against. * * @return 0 if ok, else -1 */ int ssl_check_version(void) { long ssl_linked; /* * Initialize the library before calling any library * functions. */ SSL_library_init(); SSL_load_error_strings(); ssl_linked = SSLeay(); if (ssl_linked != ssl_built) { radlog(L_ERR, "libssl version mismatch." " Built with: %lx\n Linked: %lx", (unsigned long) ssl_built, (unsigned long) ssl_linked); return -1; }; return 0; }
/// Launch the mangos server extern int main(int argc, char** argv) { ///- Command line parsing char const* cfg_file = _MANGOSD_CONFIG; char const* options = ":a:c:s:"; ACE_Get_Opt cmd_opts(argc, argv, options); cmd_opts.long_option("version", 'v', ACE_Get_Opt::NO_ARG); cmd_opts.long_option("ahbot", 'a', ACE_Get_Opt::ARG_REQUIRED); char serviceDaemonMode = '\0'; int option; while ((option = cmd_opts()) != EOF) { switch (option) { case 'a': sAuctionBotConfig.SetConfigFileName(cmd_opts.opt_arg()); break; case 'c': cfg_file = cmd_opts.opt_arg(); break; case 'v': printf("%s\n", _FULLVERSION(REVISION_DATE, REVISION_TIME, REVISION_NR, REVISION_ID)); return 0; case 's': { const char* mode = cmd_opts.opt_arg(); if (!strcmp(mode, "run")) { serviceDaemonMode = 'r'; } #ifdef WIN32 else if (!strcmp(mode, "install")) { serviceDaemonMode = 'i'; } else if (!strcmp(mode, "uninstall")) { serviceDaemonMode = 'u'; } #else else if (!strcmp(mode, "stop")) { serviceDaemonMode = 's'; } #endif else { sLog.outError("Runtime-Error: -%c unsupported argument %s", cmd_opts.opt_opt(), mode); usage(argv[0]); Log::WaitBeforeContinueIfNeed(); return 1; } break; } case ':': sLog.outError("Runtime-Error: -%c option requires an input argument", cmd_opts.opt_opt()); usage(argv[0]); Log::WaitBeforeContinueIfNeed(); return 1; default: sLog.outError("Runtime-Error: bad format of commandline arguments"); usage(argv[0]); Log::WaitBeforeContinueIfNeed(); return 1; } } #ifdef WIN32 // windows service command need execute before config read switch (serviceDaemonMode) { case 'i': if (WinServiceInstall()) { sLog.outString("Installing service"); } return 1; case 'u': if (WinServiceUninstall()) { sLog.outString("Uninstalling service"); } return 1; case 'r': WinServiceRun(); break; } #endif if (!sConfig.SetSource(cfg_file)) { sLog.outError("Could not find configuration file %s.", cfg_file); Log::WaitBeforeContinueIfNeed(); return 1; } #ifndef WIN32 // posix daemon commands need apply after config read switch (serviceDaemonMode) { case 'r': startDaemon(); break; case 's': stopDaemon(); break; } #endif sLog.outString("%s [world-daemon]", _FULLVERSION(REVISION_DATE, REVISION_TIME, REVISION_NR, REVISION_ID)); sLog.outString("<Ctrl-C> to stop.\n" " __ __ _ _ ___ ___ ___ \n" " | \\/ |__ _| \\| |/ __|/ _ \\/ __| \n" " | |\\/| / _` | .` | (_ | (_) \\__ \\ \n" " |_| |_\\__,_|_|\\_|\\___|\\___/|___/ \n" " ___ \n" " Visit our website for support: |_ /___ _ _ ___ \n" " http://getmangos.com/ / // -_) '_/ _ \\ \n" " /___\\___|_| \\___/ \n" " We love vanilla WoW! \n" ); sLog.outString("Using configuration file %s.", cfg_file); DETAIL_LOG("%s (Library: %s)", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); if (SSLeay() < 0x009080bfL) { DETAIL_LOG("WARNING: Outdated version of OpenSSL lib. Logins to server may not work!"); DETAIL_LOG("WARNING: Minimal required version [OpenSSL 0.9.8k]"); } DETAIL_LOG("Using ACE: %s", ACE_VERSION); ///- Set progress bars show mode BarGoLink::SetOutputState(sConfig.GetBoolDefault("ShowProgressBars", true)); ///- and run the 'Master' /// \todo Why do we need this 'Master'? Can't all of this be in the Main as for Realmd? return sMaster.Run(); // at sMaster return function exist with codes // 0 - normal shutdown // 1 - shutdown at error // 2 - restart command used, this code can be used by restarter for restart mangosd }
/// Launch the mangos server int main(int argc, char *argv[]) { std::string auctionBotConfig, configFile, serviceParameter; boost::program_options::options_description desc("Allowed options"); desc.add_options() ("ahbot,a", boost::program_options::value<std::string>(&auctionBotConfig), "ahbot configuration file") ("config,c", boost::program_options::value<std::string>(&configFile)->default_value(_MANGOSD_CONFIG), "configuration file") ("help,h", "prints usage") ("version,v", "print version and exit") #ifdef _WIN32 ("s", boost::program_options::value<std::string>(&serviceParameter), "<run, install, uninstall> service"); #else ("s", boost::program_options::value<std::string>(&serviceParameter), "<run, stop> service"); #endif boost::program_options::variables_map vm; try { boost::program_options::store(boost::program_options::parse_command_line(argc, argv, desc), vm); boost::program_options::notify(vm); if (vm.count("help")) { std::cout << desc << std::endl; return 0; } if (vm.count("version")) { std::cout << _FULLVERSION(REVISION_DATE, REVISION_TIME, REVISION_ID) << std::endl; std::cout << "Boost version " << (BOOST_VERSION / 10000) << "." << ((BOOST_VERSION / 100) % 1000) << "." << (BOOST_VERSION % 100) << std::endl; return 0; } } catch (boost::program_options::error const &e) { std::cerr << "ERROR: " << e.what() << std::endl << std::endl; std::cerr << desc << std::endl; return 1; } if (vm.count("ahbot")) sAuctionBotConfig.SetConfigFileName(auctionBotConfig); #ifdef _WIN32 // windows service command need execute before config read if (vm.count("s")) { switch (::tolower(serviceParameter[0])) { case 'i': if (WinServiceInstall()) sLog.outString("Installing service"); return 1; case 'u': if (WinServiceUninstall()) sLog.outString("Uninstalling service"); return 1; case 'r': WinServiceRun(); break; } } #endif if (!sConfig.SetSource(configFile)) { sLog.outError("Could not find configuration file %s.", configFile.c_str()); Log::WaitBeforeContinueIfNeed(); return 1; } #ifndef _WIN32 // posix daemon commands need apply after config read if (vm.count("s")) { switch (::tolower(serviceParameter[0])) { case 'r': startDaemon(); break; case 's': stopDaemon(); break; } } #endif sLog.outString("%s [world-daemon]", _FULLVERSION(REVISION_DATE, REVISION_TIME, REVISION_ID)); sLog.outString("<Ctrl-C> to stop."); sLog.outString("\n\n" " _____ __ __ _ _ _____ ____ _____ \n" " / ____| | \\/ | | \\ | |/ ____|/ __ \\ / ____|\n" " | | | \\ / | | \\| | | __ | | | (___ \n" " | |ontinued| |\\/| | __ _| . ` | | |_ | | | |\\___ \\ \n" " | |____ | | | |/ _` | |\\ | |__| | |__| |____) |\n" " \\_____| |_| |_| (_| |_| \\_|\\_____|\\____/ \\____/ \n" " http://cmangos.net\\__,_| Doing things right!\n\n"); sLog.outString("Using configuration file %s.", configFile.c_str()); DETAIL_LOG("%s (Library: %s)", OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); if (SSLeay() < 0x009080bfL) { DETAIL_LOG("WARNING: Outdated version of OpenSSL lib. Logins to server may not work!"); DETAIL_LOG("WARNING: Minimal required version [OpenSSL 0.9.8k]"); } DETAIL_LOG("Using Boost: %s", BOOST_LIB_VERSION); ///- Set progress bars show mode BarGoLink::SetOutputState(sConfig.GetBoolDefault("ShowProgressBars", true)); ///- and run the 'Master' /// \todo Why do we need this 'Master'? Can't all of this be in the Main as for Realmd? return sMaster.Run(); // at sMaster return function exist with codes // 0 - normal shutdown // 1 - shutdown at error // 2 - restart command used, this code can be used by restarter for restart mangosd }
if ( #ifdef DISABLE_SSL3_HANDSHAKE 1 || #endif SSLeay() < OPENSSL_V(0,9,8,'s') || (SSLeay() >= OPENSSL_V_SERIES(0,9,9) && SSLeay() < OPENSSL_V(1,0,0,'f'))) { /* And not SSL3 if it's subject to CVE-2011-4576. */ log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " "might otherwise be vulnerable to CVE-2011-4576 " "(compile-time version %08lx (%s); " "runtime version %08lx (%s))", (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, (unsigned long)SSLeay(), SSLeay_version(SSLEAY_VERSION)); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); }