Esempio n. 1
0
const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
{
   const SSL_METHOD * p;

   switch( n )
   {
#if OPENSSL_VERSION_NUMBER < 0x10000000L
      case HB_SSL_CTX_NEW_METHOD_SSLV2:         p = SSLv2_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER:  p = SSLv2_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT:  p = SSLv2_client_method();  break;
#endif
      case HB_SSL_CTX_NEW_METHOD_SSLV3:         p = SSLv3_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER:  p = SSLv3_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT:  p = SSLv3_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1:         p = TLSv1_method();         break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER:  p = TLSv1_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT:  p = TLSv1_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
      default: p = SSLv23_method();
   }

   return p;
}
Esempio n. 2
0
void ContextImpl::setProtocol(Protocol protocol)
{
    bool v2 = false;

    switch(protocol) 
    {
        case SSLv2: 
            // SSLv2_method is not available everywhere (check OPENSSL_NO_SSL2)
            SSL_CTX_set_ssl_version(_ctx, SSLv23_method() );
            v2 = true;
            break;
        
        case SSLv3or2: 
            SSL_CTX_set_ssl_version( _ctx, SSLv23_method() ); 
            v2 = true;
            break;

        default:
        case SSLv3: 
            SSL_CTX_set_ssl_version( _ctx, SSLv3_method() ); 
            break;
        
        case TLSv1: 
            SSL_CTX_set_ssl_version( _ctx, TLSv1_method() ); 
            break;
    }

    _protocol = protocol;

    const char* ciphers = v2 ? "ALL:!aNULL:!eNULL" : "ALL:!aNULL:!eNULL:!SSLv2";
    SSL_CTX_set_cipher_list(_ctx, ciphers);
}
Esempio n. 3
0
bool SecureSocket::DoReinitialize()
{
	SOCKET newSocket = ::socket(m_af, m_type, m_protocol);
	if (INVALID_SOCKET == newSocket)
	{
		return false;
	}

	#ifdef _MSC_VER
	SSL_METHOD* method = SSLv23_method();
	#else
	SSL_METHOD* method = SSLv23_method();
	#endif

	SSL_CTX* context = SSL_CTX_new(method);
	SSL* ssl = SSL_new(m_context);
	BIO* bio = BIO_new_socket(static_cast<int>(newSocket), BIO_NOCLOSE);
	SSL_set_bio(ssl, bio, bio);

	SetSocket(newSocket);

	SSL_free(m_ssl);
	SSL_CTX_free(m_context);


	m_method = method;
	m_context = context;
	m_ssl = ssl;
	m_bio = bio;
	return true;
}
Esempio n. 4
0
static const SSL_METHOD *swSSL_get_method(int method)
{
    switch (method)
    {
#ifndef OPENSSL_NO_SSL3_METHOD
    case SW_SSLv3_METHOD:
        return SSLv3_method();
    case SW_SSLv3_SERVER_METHOD:
        return SSLv3_server_method();
    case SW_SSLv3_CLIENT_METHOD:
        return SSLv3_client_method();
#endif
    case SW_SSLv23_SERVER_METHOD:
        return SSLv23_server_method();
    case SW_SSLv23_CLIENT_METHOD:
        return SSLv23_client_method();
    case SW_TLSv1_METHOD:
        return TLSv1_method();
    case SW_TLSv1_SERVER_METHOD:
        return TLSv1_server_method();
    case SW_TLSv1_CLIENT_METHOD:
        return TLSv1_client_method();
#ifdef TLS1_1_VERSION
    case SW_TLSv1_1_METHOD:
        return TLSv1_1_method();
    case SW_TLSv1_1_SERVER_METHOD:
        return TLSv1_1_server_method();
    case SW_TLSv1_1_CLIENT_METHOD:
        return TLSv1_1_client_method();
#endif
#ifdef TLS1_2_VERSION
    case SW_TLSv1_2_METHOD:
        return TLSv1_2_method();
    case SW_TLSv1_2_SERVER_METHOD:
        return TLSv1_2_server_method();
    case SW_TLSv1_2_CLIENT_METHOD:
        return TLSv1_2_client_method();
#endif
    case SW_DTLSv1_METHOD:
        return DTLSv1_method();
    case SW_DTLSv1_SERVER_METHOD:
        return DTLSv1_server_method();
    case SW_DTLSv1_CLIENT_METHOD:
        return DTLSv1_client_method();
    case SW_SSLv23_METHOD:
    default:
        return SSLv23_method();
    }
    return SSLv23_method();
}
Esempio n. 5
0
/**
 * Find the protocol.
 */
static LSEC_SSL_METHOD* str2method(const char *method)
{
  if (!strcmp(method, "any"))     return SSLv23_method();
  if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
#ifndef OPENSSL_NO_SSL3
  if (!strcmp(method, "sslv3"))   return SSLv3_method();
#endif
  if (!strcmp(method, "tlsv1"))   return TLSv1_method();
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
  if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method();
#endif
  return NULL;
}
Esempio n. 6
0
File: hub.c Progetto: q3k/uhub
static int load_ssl_certificates(struct hub_info* hub, struct hub_config* config)
{
	if (config->tls_enable)
	{
		hub->ssl_method = SSLv23_method(); /* TLSv1_method() */
		hub->ssl_ctx = SSL_CTX_new(hub->ssl_method);

		/* Disable SSLv2 */
		SSL_CTX_set_options(hub->ssl_ctx, SSL_OP_NO_SSLv2);

		if (SSL_CTX_use_certificate_file(hub->ssl_ctx, config->tls_certificate, SSL_FILETYPE_PEM) < 0)
		{
			LOG_ERROR("SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(), NULL));
		}

		if (SSL_CTX_use_PrivateKey_file(hub->ssl_ctx, config->tls_private_key, SSL_FILETYPE_PEM) < 0)
		{
			LOG_ERROR("SSL_CTX_use_PrivateKey_file: %s", ERR_error_string(ERR_get_error(), NULL));
		}

		if (SSL_CTX_check_private_key(hub->ssl_ctx) != 1)
		{
			LOG_FATAL("SSL_CTX_check_private_key: Private key does not match the certificate public key: %s", ERR_error_string(ERR_get_error(), NULL));
			return 0;
		}
		LOG_INFO("Enabling TLS, using certificate: %s, private key: %s", config->tls_certificate, config->tls_private_key);
	}
	return 1;
}
Esempio n. 7
0
/*
 * initialize ssl methods
 */
static void
init_ssl_methods(void)
{
	LM_DBG("entered\n");

#ifndef OPENSSL_NO_SSL2
	ssl_methods[TLS_USE_SSLv2_cli - 1] = (SSL_METHOD*)SSLv2_client_method();
	ssl_methods[TLS_USE_SSLv2_srv - 1] = (SSL_METHOD*)SSLv2_server_method();
	ssl_methods[TLS_USE_SSLv2 - 1] = (SSL_METHOD*)SSLv2_method();
#endif

	ssl_methods[TLS_USE_SSLv3_cli - 1] = (SSL_METHOD*)SSLv3_client_method();
	ssl_methods[TLS_USE_SSLv3_srv - 1] = (SSL_METHOD*)SSLv3_server_method();
	ssl_methods[TLS_USE_SSLv3 - 1] = (SSL_METHOD*)SSLv3_method();

	ssl_methods[TLS_USE_TLSv1_cli - 1] = (SSL_METHOD*)TLSv1_client_method();
	ssl_methods[TLS_USE_TLSv1_srv - 1] = (SSL_METHOD*)TLSv1_server_method();
	ssl_methods[TLS_USE_TLSv1 - 1] = (SSL_METHOD*)TLSv1_method();

	ssl_methods[TLS_USE_SSLv23_cli - 1] = (SSL_METHOD*)SSLv23_client_method();
	ssl_methods[TLS_USE_SSLv23_srv - 1] = (SSL_METHOD*)SSLv23_server_method();
	ssl_methods[TLS_USE_SSLv23 - 1] = (SSL_METHOD*)SSLv23_method();

#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = (SSL_METHOD*)TLSv1_2_client_method();
	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = (SSL_METHOD*)TLSv1_2_server_method();
	ssl_methods[TLS_USE_TLSv1_2 - 1] = (SSL_METHOD*)TLSv1_2_method();
#endif

}
Esempio n. 8
0
status_t
SSLConnection::Connect(const char* server, uint32 port)
{
	if (fSSL != NULL)
		Disconnect();

	if (gInitSSL.InitCheck() != B_OK)
		return B_ERROR;

	status_t status = SocketConnection::Connect(server, port);
	if (status != B_OK)
		return status;

	fCTX = SSL_CTX_new(SSLv23_method());
	fSSL = SSL_new(fCTX);
	fBIO = BIO_new_socket(fSocket, BIO_NOCLOSE);
	SSL_set_bio(fSSL, fBIO, fBIO);

	if (SSL_connect(fSSL) <= 0) {
		TRACE("SSLConnection can't connect\n");
		SocketConnection::Disconnect();
    	return B_ERROR;
	}

	TRACE("SSLConnection connected\n");
	return B_OK;
}
Esempio n. 9
0
int CSSLContext::AddContext(int iVerifyMode, LPCTSTR lpszPemCertFile, LPCTSTR lpszPemKeyFile, LPCTSTR lpszKeyPasswod, LPCTSTR lpszCAPemCertFileOrPath)
{
	int iIndex		= -1;
	SSL_CTX* sslCtx	= SSL_CTX_new(SSLv23_method());

	SSL_CTX_set_quiet_shutdown(sslCtx, 1);
	SSL_CTX_set_verify(sslCtx, iVerifyMode, nullptr);
	SSL_CTX_set_cipher_list(sslCtx, "ALL:!aNULL:!eNULL");

	if(m_enSessionMode == SSL_SM_SERVER)
	{
		static volatile ULONG s_session_id_context = 0;
		ULONG session_id_context = ::InterlockedIncrement(&s_session_id_context);

		SSL_CTX_set_session_id_context(sslCtx, (BYTE*)&session_id_context, sizeof(session_id_context));
	}

	if(!LoadCertAndKey(sslCtx, iVerifyMode, lpszPemCertFile, lpszPemKeyFile, lpszKeyPasswod, lpszCAPemCertFileOrPath))
		SSL_CTX_free(sslCtx);
	else
	{
		iIndex = (int)m_lsSslCtxs.size();
		m_lsSslCtxs.push_back(sslCtx);
	}
	
	return iIndex;
}
Esempio n. 10
0
int main(int argc, char *argv[])
{
	BIO *bio_err = NULL;

	SSL_library_init();
	SSL_load_error_strings();
	ERR_load_crypto_strings();

	/* error write context */
	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

	const SSL_METHOD *meth = SSLv23_method();

	SSL_CTX *ctx = SSL_CTX_new(meth);

	/***/

	BIO_free(bio_err);

	ERR_free_strings();

	ERR_remove_state(0);
	ENGINE_cleanup();
	CONF_modules_free();
	EVP_cleanup();
	CRYPTO_cleanup_all_ex_data();

	return 0;
}
Esempio n. 11
0
SSL_CTX * initialize_ctx(char ask_compression)
{
	const SSL_METHOD *meth = NULL;
	SSL_CTX *ctx = NULL;

	if (!bio_err)
	{
		SSL_library_init();
		SSL_load_error_strings();
		ERR_load_crypto_strings();

		/* error write context */
		bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
	}

	/* create context */
	meth = SSLv23_method();
	ctx = SSL_CTX_new(meth);

#ifdef SSL_OP_NO_COMPRESSION
	if (!ask_compression)
		SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
#endif

	return ctx;
}
Esempio n. 12
0
bool SecureSocket::Initialize(SOCKET s, const char* ceritificateFileName, const char* password)
{
	m_method = SSLv23_method();
	m_context = SSL_CTX_new(m_method);

	int status = SSL_CTX_use_certificate_file(m_context, ceritificateFileName, SSL_FILETYPE_PEM);
	if (!status)
	{
		return false;
	}
	SSL_CTX_set_default_passwd_cb_userdata(m_context, const_cast<char*>(password));
	SSL_CTX_set_default_passwd_cb(m_context, Password); 
	status = SSL_CTX_use_PrivateKey_file(m_context, ceritificateFileName, SSL_FILETYPE_PEM);
	if(!status)
	{
		return false;
	}

	m_ssl = SSL_new(m_context);
	m_bio = BIO_new_socket(static_cast<int>(s), BIO_NOCLOSE);
	SSL_set_bio(m_ssl, m_bio, m_bio);

	m_socket = s;
	m_isAccepting = true;

	u_long opt = 1;
	::ioctlsocket(s, FIONBIO, &opt);
	return true;
}
Esempio n. 13
0
int ipfix_ssl_setup_server_ctx( SSL_CTX **ssl_ctx,
                                SSL_METHOD *method,
                                ipfix_ssl_opts_t *ssl_details )
{
    SSL_CTX *ctx;

    if ( ipfix_ssl_setup_ctx( &ctx, method?method:SSLv23_method(),
                              ssl_details ) <0 ) {
        return -1;
    }

    SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        ipfix_ssl_verify_callback );
    SSL_CTX_set_verify_depth( ctx, 4 );
    SSL_CTX_set_options( ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 |
                         SSL_OP_SINGLE_DH_USE);
    if (!dh512 || !dh1024) {
        init_dhparams();
    }
    SSL_CTX_set_tmp_dh_callback( ctx, ipfix_ssl_tmp_dh_callback );
    if (SSL_CTX_set_cipher_list( ctx, CIPHER_LIST) != 1) {
        mlogf( 0, "[ipfix] error setting cipher list (no valid ciphers)");
        goto err;
    }

    *ssl_ctx = ctx;
    return 0;

 err:
    SSL_CTX_free( ctx );
    return -1;
}
Esempio n. 14
0
int ipfix_ssl_setup_client_ctx( SSL_CTX **ssl_ctx,
                                SSL_METHOD *method,
                                ipfix_ssl_opts_t *ssl_details )
{
    SSL_CTX *ctx;

    if ( ipfix_ssl_setup_ctx( &ctx, method?method:SSLv23_method(),
                              ssl_details ) <0 )
        return -1;

    SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER,
                        ipfix_ssl_verify_callback);
    SSL_CTX_set_verify_depth( ctx, 4);
    SSL_CTX_set_options( ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
    if (SSL_CTX_set_cipher_list( ctx, CIPHER_LIST) != 1) {
        mlogf( 0, "[ipfix] Error setting cipher list (no valid ciphers)");
        goto err;
    }

    *ssl_ctx = ctx;
    return 0;

 err:
    SSL_CTX_free( ctx );
    return -1;
}
Esempio n. 15
0
int evt_ctx_init(evt_ctx_t *tls)
{
    tls_begin();

    //Currently we support only TLS, No DTLS
    tls->ctx = SSL_CTX_new(SSLv23_method());
    if(!tls->ctx) {
        return ENOMEM;
    }
    
    long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
    SSL_CTX_set_options(tls->ctx, options);

    SSL_CTX_set_mode(tls->ctx, SSL_MODE_AUTO_RETRY |
         SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER       |
         SSL_MODE_ENABLE_PARTIAL_WRITE             |
         SSL_MODE_RELEASE_BUFFERS
    );

    tls->cert_set = 0;
    tls->key_set = 0;
    tls->ssl_err_ = 0;
    tls->writer = NULL;

    QUEUE_INIT(&(tls->live_con));

    return 0;
}
Esempio n. 16
0
/* sqSetupSSL: Common SSL setup tasks */
sqInt sqSetupSSL(sqSSL *ssl, int server) {

	/* Fixme. Needs to use specified version */
	if(ssl->loglevel) printf("sqSetupSSL: setting method\n");
	ssl->method = SSLv23_method();
	if(ssl->loglevel) printf("sqSetupSSL: Creating context\n");
	ssl->ctx = SSL_CTX_new(ssl->method);

	if(!ssl->ctx) ERR_print_errors_fp(stdout);

	if(ssl->loglevel) printf("sqSetupSSL: setting cipher list\n");
	SSL_CTX_set_cipher_list(ssl->ctx, "!ADH:HIGH:MEDIUM:@STRENGTH");

	/* if a cert is provided, use it */
	if(ssl->certName) {
		if(ssl->loglevel) printf("sqSetupSSL: Using cert file %s\n", ssl->certName);
		if(SSL_CTX_use_certificate_file(ssl->ctx, ssl->certName, SSL_FILETYPE_PEM)<=0)
		  ERR_print_errors_fp(stderr);

		if(SSL_CTX_use_PrivateKey_file(ssl->ctx, ssl->certName, SSL_FILETYPE_PEM)<=0)
		  ERR_print_errors_fp(stderr);
	}

	/* Set up trusted CA */
	if(ssl->loglevel) printf("sqSetupSSL: No root CA given; using default verify paths\n");
	if(SSL_CTX_set_default_verify_paths(ssl->ctx) <=0)
	  ERR_print_errors_fp(stderr);

	if(ssl->loglevel) printf("sqSetupSSL: Creating SSL\n");
	ssl->ssl = SSL_new(ssl->ctx);
	if(ssl->loglevel) printf("sqSetupSSL: setting bios\n");
	SSL_set_bio(ssl->ssl, ssl->bioRead, ssl->bioWrite);
	return 1;
}
Esempio n. 17
0
File: netops.c Progetto: aep/libgit2
static int ssl_setup(gitno_socket *socket, const char *host, int flags)
{
	int ret;

	SSL_library_init();
	SSL_load_error_strings();
	socket->ssl.ctx = SSL_CTX_new(SSLv23_method());
	if (socket->ssl.ctx == NULL)
		return ssl_set_error(&socket->ssl, 0);

	SSL_CTX_set_mode(socket->ssl.ctx, SSL_MODE_AUTO_RETRY);
	SSL_CTX_set_verify(socket->ssl.ctx, SSL_VERIFY_NONE, NULL);
	if (!SSL_CTX_set_default_verify_paths(socket->ssl.ctx))
		return ssl_set_error(&socket->ssl, 0);

	socket->ssl.ssl = SSL_new(socket->ssl.ctx);
	if (socket->ssl.ssl == NULL)
		return ssl_set_error(&socket->ssl, 0);

	if((ret = SSL_set_fd(socket->ssl.ssl, socket->socket)) == 0)
		return ssl_set_error(&socket->ssl, ret);

	if ((ret = SSL_connect(socket->ssl.ssl)) <= 0)
		return ssl_set_error(&socket->ssl, ret);

	if (GITNO_CONNECT_SSL_NO_CHECK_CERT & flags)
		return 0;

	return verify_server_cert(&socket->ssl, host);
}
Esempio n. 18
0
int ssl_ctx_init() {
	config.dstsslctx = SSL_CTX_new(SSLv23_method());
	if (!config.dstsslctx) {
		return 1;
	}

	SSL_CTX_set_options(config.dstsslctx, SSL_OP_ALL);
#ifdef SSL_OP_TLS_ROLLBACK_BUG
	SSL_CTX_set_options(config.dstsslctx, SSL_OP_TLS_ROLLBACK_BUG);
#endif /* SSL_OP_TLS_ROLLBACK_BUG */
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
	SSL_CTX_set_options(config.dstsslctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
#endif /* SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION */
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
	SSL_CTX_set_options(config.dstsslctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
#endif /* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
#ifdef SSL_OP_NO_TICKET
	SSL_CTX_set_options(config.dstsslctx, SSL_OP_NO_TICKET);
#endif /* SSL_OP_NO_TICKET */
#ifdef DISABLE_SSLV2_CLIENT
	SSL_CTX_set_options(config.dstsslctx, SSL_OP_NO_SSLv2);
#endif /* DISABLE_SSLV2_CLIENT */
	SSL_CTX_set_verify(config.dstsslctx, SSL_VERIFY_NONE, NULL);

	return 0;
}
Esempio n. 19
0
TLSInfo
init_tls(char* keyfile, char* password)
{
	TLSInfo tls = (TLSInfo)reserve(sizeof(struct tls_struct) + strlen(password) + 1);
	if (!tls) return tls;
	tls->pass_len = strlen(password) + 1;
	memcpy(tls->password,password,tls->pass_len);
	SSL_library_init();
	SSL_load_error_strings();
	tls->err = BIO_new_fp(stderr,BIO_NOCLOSE);	
	tls->method = SSLv23_method();
	tls->ctx = SSL_CTX_new(tls->method);
	if (!SSL_CTX_load_verify_locations(tls->ctx,"server.pem",NULL)) {
		error("Failed to use certificate chain file certs.pem");
		return NULL;
	}
	if (!SSL_CTX_use_certificate_file(tls->ctx,keyfile,SSL_FILETYPE_PEM)) {
		error("Failed to use certificate chain file %c\n",keyfile);
		return NULL;
	}
	SSL_CTX_set_default_passwd_cb(tls->ctx,password_callback);
	SSL_CTX_set_default_passwd_cb_userdata(tls->ctx,tls);
	if(!SSL_CTX_use_PrivateKey_file(tls->ctx,keyfile,SSL_FILETYPE_PEM)) {
		error("Failed to use private key file %c\n",keyfile);
		return NULL;
	}
	return tls;
}
Esempio n. 20
0
SSL_CTX *init_ssl_ctx(){
  //Allow ssl3, tls1, 1.1 or 1.2
  const SSL_METHOD* method = SSLv23_method();
  if(method == NULL){goto err;}
  ctx = SSL_CTX_new(method);
  if(ctx == NULL){goto err;}
  //Disable ssl2, ssl3 and forbid compression, ssl2 should already be disabled
  //but there's no harm in making sure
  const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
  SSL_CTX_set_options(ctx, flags);//can't fail
  //make sure that we actually verify the certificate
  //this uses the default verification prodecure (thus the NULL)
  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
  //Load the CA certificates file
  if(SSL_CTX_load_verify_locations(ctx, certificates_location, NULL) == 0){
    goto err;
  }
  if(SSL_CTX_set_cipher_list(ctx, prefered_ciphers) == 0){
    goto err;
  }
  return ctx;
 err:
  print_errors();//this might not actually print anything
  //There's no function to explicitly free an SSL_METHOD, I'm assuming they're
  //probably static anyway and we just get a pointer.
  SSL_CTX_free(ctx);
  return NULL;
}
Esempio n. 21
0
SSL_CTX *
evssl_init(void)
{
    SSL_CTX  *server_ctx;

    server_ctx = SSL_CTX_new(SSLv23_method());

    /* Load the certificate file. This is not needed now */
   /*! SSL_CTX_use_certificate_chain_file(server_ctx, "cert") ||*/
    if ((serv_opts.key_path != NULL && serv_opts.cert_path != NULL) &&
        (!SSL_CTX_use_certificate_chain_file(server_ctx, serv_opts.cert_path) ||
        !SSL_CTX_use_PrivateKey_file(server_ctx, serv_opts.key_path, SSL_FILETYPE_PEM)))
    {
        log_info("Couldn't read 'pkey' or 'cert' file.  To generate a key");
        log_info("and self-signed certificate, run:");
        log_info("  openssl genrsa -out pkey 2048");
        log_info("  openssl req -new -key pkey -out cert.req");
        log_info("  openssl x509 -req -days 365 -in cert.req -signkey pkey -out cert");
        return NULL;
    }
    //SSL_CTX_set_cert_verify_callback(server_ctx, server_verify_cert, NULL);
    SSL_CTX_set_verify(server_ctx,
                       SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                       server_preverify_cert);
    return server_ctx;
}
Esempio n. 22
0
static SSL_CTX *
get_ssl_ctx(void)
{
	if (the_ssl_ctx)
		return the_ssl_ctx;
	return (the_ssl_ctx = SSL_CTX_new(SSLv23_method()));
}
Esempio n. 23
0
bool
SSLSocketServer::SSL_Init(){
	int nLockCt = CRYPTO_num_locks();
	InitializeCryptoLocks(nLockCt);

#ifdef _DEBUG
    CRYPTO_malloc_debug_init();
    CRYPTO_dbg_set_options	(V_CRYPTO_MDEBUG_ALL);
    CRYPTO_mem_ctrl			(CRYPTO_MEM_CHECK_ON);
#endif
	
	CRYPTO_set_locking_callback			(&ssl_lock_callback);
    CRYPTO_set_dynlock_create_callback	(&ssl_lock_dyn_create_callback);
	CRYPTO_set_dynlock_lock_callback	(&ssl_lock_dyn_callback);
    CRYPTO_set_dynlock_destroy_callback	(&ssl_lock_dyn_destroy_callback);

    SSL_load_error_strings	();
    SSL_library_init		();

	// Initialize and verify SSL context. {{
	const SSL_METHOD* meth = SSLv23_method();
	m_pssl_ctx = SSL_CTX_new(meth);
	SSL_CTX_set_verify(m_pssl_ctx, SSL_VERIFY_NONE, nullptr);
	// }}

	::InitializeCriticalSection(&m_lock_connect_ex);
	return true;
	}
Esempio n. 24
0
// SSL握手前的环境准备 
SSL_CTX *get_ssl_ctx(const char *cert_file, const char *key_file){ 

	if(NULL == ev_ssl){ 
		return NULL; 
	}

	if (ev_ssl->ctx != NULL){
		return ev_ssl->ctx;
	}

	ev_ssl->ctx = SSL_CTX_new(SSLv23_method());
	if (NULL == ev_ssl->ctx){
	  return NULL;
	}

	if (SSL_CTX_use_certificate_file(ev_ssl->ctx, cert_file, SSL_FILETYPE_PEM) < 0) {
		SSL_CTX_free(ev_ssl->ctx);
		return NULL;
	}

	if (SSL_CTX_use_PrivateKey_file(ev_ssl->ctx, key_file, SSL_FILETYPE_PEM) < 0) {
		SSL_CTX_free(ev_ssl->ctx);
		return NULL;
	}

	if (!SSL_CTX_check_private_key(ev_ssl->ctx)){
		return NULL;
	}

	return ev_ssl->ctx;
}
Esempio n. 25
0
/**
 * Find the protocol.
 */
static SSL_METHOD* str2method(const char *method)
{
  if (!strcmp(method, "sslv3"))  return SSLv3_method();
  if (!strcmp(method, "tlsv1"))  return TLSv1_method();
  if (!strcmp(method, "sslv23")) return SSLv23_method();
  return NULL;
}
Esempio n. 26
0
SSL_CTX* EdSSLContext::buildCtx(int ver)
{
	SSL_CTX *pctx;
	const SSL_METHOD *method;
	switch (ver)
	{
	case SSL_VER_TLSV1:
		method = TLSv1_method();
		break;
	case SSL_VER_TLSV11:
		method = TLSv1_1_method();
		break;
	case SSL_VER_V23:
		method = SSLv23_method();
		break;
	case SSL_VER_V3:
		method = SSLv3_method();
		break;
	case SSL_VER_DTLSV1:
		method = DTLSv1_method();
		break;
	default:
		method = NULL;
		break;
	}
	if (method == NULL)
		return NULL;

	pctx = SSL_CTX_new(method);

	return pctx;
}
Esempio n. 27
0
apisock *api_connect_ssl(){
  apisock *ret;
  SSL *ssl;
  int sock;
  sock=connect_socket(API_HOST, API_PORT_SSL);
  if (sock==-1)
    return NULL;
  if (!globalctx){
    SSL_library_init();
    OpenSSL_add_all_algorithms();
    OpenSSL_add_all_ciphers();
    SSL_load_error_strings();
    globalctx=SSL_CTX_new(SSLv23_method());
    if (!globalctx)
      return NULL;
  }
  ssl=SSL_new(globalctx);
  if (!ssl){
    close(sock);
    return NULL;
  }
  SSL_set_fd(ssl, sock);
  if (SSL_connect(ssl)!=1){
    SSL_free(ssl);
    close(sock);
    return NULL;
  }
  ret=(apisock *)malloc(sizeof(apisock));
  ret->sock=sock;
  ret->ssl=ssl;
  return ret;
}
status_t
BSecureSocket::Connect(const BNetworkAddress& peer, bigtime_t timeout)
{
	if (fPrivate == NULL) {
		fPrivate = (BSecureSocket::Private*)calloc(1,
			sizeof(BSecureSocket::Private));
		if (fPrivate == NULL)
			return B_NO_MEMORY;
	}

	status_t status = BSocket::Connect(peer, timeout);
	if (status != B_OK)
		return status;

	fPrivate->fCTX = SSL_CTX_new(SSLv23_method());
	fPrivate->fSSL = SSL_new(fPrivate->fCTX);
	fPrivate->fBIO = BIO_new_socket(fSocket, BIO_NOCLOSE);
	SSL_set_bio(fPrivate->fSSL, fPrivate->fBIO, fPrivate->fBIO);

	if (SSL_connect(fPrivate->fSSL) <= 0) {
		TRACE("SSLConnection can't connect\n");
		BSocket::Disconnect();
		// TODO: translate ssl to Haiku error
		return B_ERROR;
	}

	return B_OK;
}
Esempio n. 29
0
int git_openssl_stream_global_init(void)
{
#ifdef GIT_OPENSSL
	long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;

	/* Older OpenSSL and MacOS OpenSSL doesn't have this */
#ifdef SSL_OP_NO_COMPRESSION
	ssl_opts |= SSL_OP_NO_COMPRESSION;
#endif

	SSL_load_error_strings();
	OpenSSL_add_ssl_algorithms();
	/*
	 * Load SSLv{2,3} and TLSv1 so that we can talk with servers
	 * which use the SSL hellos, which are often used for
	 * compatibility. We then disable SSL so we only allow OpenSSL
	 * to speak TLSv1 to perform the encryption itself.
	 */
	git__ssl_ctx = SSL_CTX_new(SSLv23_method());
	SSL_CTX_set_options(git__ssl_ctx, ssl_opts);
	SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY);
	SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL);
	if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) {
		SSL_CTX_free(git__ssl_ctx);
		git__ssl_ctx = NULL;
		return -1;
	}
#endif

	git__on_shutdown(shutdown_ssl);

	return 0;
}
Esempio n. 30
0
static int ssl_setup(git_transport *t, const char *host)
{
	int ret;

	SSL_library_init();
	SSL_load_error_strings();
	t->ssl.ctx = SSL_CTX_new(SSLv23_method());
	if (t->ssl.ctx == NULL)
		return ssl_set_error(&t->ssl, 0);

	SSL_CTX_set_mode(t->ssl.ctx, SSL_MODE_AUTO_RETRY);
	SSL_CTX_set_verify(t->ssl.ctx, SSL_VERIFY_PEER, NULL);
	if (!SSL_CTX_set_default_verify_paths(t->ssl.ctx))
		return ssl_set_error(&t->ssl, 0);

	t->ssl.ssl = SSL_new(t->ssl.ctx);
	if (t->ssl.ssl == NULL)
		return ssl_set_error(&t->ssl, 0);

	if((ret = SSL_set_fd(t->ssl.ssl, t->socket)) == 0)
		return ssl_set_error(&t->ssl, ret);

	if ((ret = SSL_connect(t->ssl.ssl)) <= 0)
		return ssl_set_error(&t->ssl, ret);

	if (t->check_cert && verify_server_cert(t, host) < 0)
		return -1;

	return 0;
}