int main(int argc, char *argv[]) { SSL_CTX *ctx; const SSL_METHOD *method = SSLv3_client_method(); int client_fd; char *host; char *portnum; int bench_send = 0; int bench_recv = 0; int i; enum cipher_choice cipher_choice = CIPHER_ALL; if (argc < 3) { printf("Usage: %s <host_ip> <portnum> [opts]\n", argv[0]); exit(-1); } host = argv[1]; portnum = argv[2]; lib_init(); for (i = 3; i < argc; i++) { if (strcmp("tls-1.2", argv[i]) == 0) { method = TLSv1_2_client_method(); } else if (strcmp("tls-1.1", argv[i]) == 0) { method = TLSv1_1_client_method(); } else if (strcmp("tls-1.0", argv[i]) == 0) { method = TLSv1_client_method(); } else if (strcmp("ssl-3.0", argv[i]) == 0) { method = SSLv3_client_method(); } else if (strcmp("bench-send", argv[i]) == 0) { bench_send = atoi(argv[++i]); } else if (strcmp("bench-recv", argv[i]) == 0) { bench_recv = atoi(argv[++i]); } else { printf("warning: unknown option: \"%s\"\n", argv[i]); } } ctx = client_init(method, cipher_choice); client_fd = connect_socket(host, atoi(portnum)); printf("[status] connected. handshaking\n"); SSL *ssl; ssl = SSL_new(ctx); SSL_set_fd(ssl, client_fd); if (bench_send > 0 || bench_recv > 0) benchmark(ssl, bench_send, bench_recv); else process(ssl); close(client_fd); SSL_CTX_free(ctx); return 0; }
const SSL_METHOD *anubis_string_to_SSL_METOHD(const char *method, int role) { if(!method) return NULL; if(!strcasecmp(method, "SSLv23")) return role == ANUBIS_ROLE_SERVER ? SSLv23_server_method() : role == ANUBIS_ROLE_CLIENT ? SSLv23_client_method() : NULL; #ifndef OPENSSL_NO_SSL2_METHOD if(!strcasecmp(method, "SSLv2")) return role == ANUBIS_ROLE_SERVER ? SSLv3_server_method() : role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL; #endif #ifndef OPENSSL_NO_SSL3_METHOD if(!strcasecmp(method, "SSLv3")) return role == ANUBIS_ROLE_SERVER ? SSLv3_server_method() : role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL; #endif if(!strcasecmp(method, "TLSv1.0")) return role == ANUBIS_ROLE_SERVER ? TLSv1_server_method() : role == ANUBIS_ROLE_CLIENT ? TLSv1_client_method() : NULL; #if OPENSSL_VERSION_NUMBER >= 0x10001000L if(!strcasecmp(method, "TLSv1.1")) return role == ANUBIS_ROLE_SERVER ? TLSv1_1_server_method() : role == ANUBIS_ROLE_CLIENT ? TLSv1_1_client_method() : NULL; if(!strcasecmp(method, "TLSv1.2")) return role == ANUBIS_ROLE_SERVER ? TLSv1_2_server_method() : role == ANUBIS_ROLE_CLIENT ? TLSv1_2_client_method() : NULL; #endif /* if(!strcasecmp(method, "DTLS1.0")) return role == ANUBIS_ROLE_SERVER ? DTLSv1_server_method() : role == ANUBIS_ROLE_CLIENT ? DTLSv1_client_method() : NULL; if(!strcasecmp(method, "DTLS1.2")) return role == ANUBIS_ROLE_SERVER ? DTLSv1_2_server_method() : role == ANUBIS_ROLE_CLIENT ? DTLSv1_2_client_method() : NULL; if(!strcasecmp(method, "DTLS")) return role == ANUBIS_ROLE_SERVER ? DTLS_server_method() : role == ANUBIS_ROLE_CLIENT ? DTLS_client_method() : NULL; */ return NULL; }//end anubis_string_to_SSL_METOHD
/* Initiate an SSL handshake on this stream and encrypt all subsequent data */ int stream_enable_ssl(PTSTREAM *pts) { #ifdef USE_SSL SSL *ssl; SSL_CTX *ctx; int ret; /* Initialise the connection */ SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); ctx = SSL_CTX_new (SSLv3_client_method()); ssl = SSL_new (ctx); if (args_info.verbose_flag) { message("Set SNI hostname to %s\n", args_info.proxyhost_arg); } ret = SSL_set_tlsext_host_name(ssl, args_info.proxyhost_arg); if (!ret) { message("TLS SNI error, giving up: SSL_set_tlsext_host_name failed\n"); exit(1); } SSL_set_rfd (ssl, stream_get_incoming_fd(pts)); SSL_set_wfd (ssl, stream_get_outgoing_fd(pts)); SSL_connect (ssl); /* Store ssl and ctx parameters */ pts->ssl = ssl; pts->ctx = ctx; #else message("Warning: stream_open(): SSL stream requested but no SSL support available; using unencrypted connection"); #endif /* USE_SSL */ return 1; }
int init_ssl(char *cert_file_svr, char *key_file_svr, char *cert_file_clt, char *key_file_clt) { int rc = 0; SSLeay_add_ssl_algorithms(); //ssl_client_meth = SSLv2_client_method(); ssl_client_meth = SSLv3_client_method(); ssl_client_ctx = SSL_CTX_new(ssl_client_meth); ssl_server_meth = SSLv23_server_method(); ssl_server_ctx = SSL_CTX_new(ssl_server_meth); SSL_load_error_strings(); if(!ssl_client_ctx || !ssl_server_ctx) { ERR_print_errors_fp(stderr); return -1; } debug(DBG_SSL, 1, "Loading the key/cert for the client SSL context..."); rc = load_ssl_ctx_certkey(ssl_client_ctx, cert_file_clt, key_file_clt); if(rc < 0) { return rc - 10; } debug(DBG_SSL, 1, "SSL client context successfully loaded"); debug(DBG_SSL, 1, "Loading the key/cert for the server SSL context..."); rc = load_ssl_ctx_certkey(ssl_server_ctx, cert_file_svr, key_file_svr); if(rc < 0) { return rc - 20; } debug(DBG_SSL, 1, "SSL server context successfully loaded"); return 0; }
void init_options(void) { if((option.cafiles = malloc(sizeof(char *) * 1)) == (char **) 0) { fprintf(stderr, "malloc: %.100s (%i)\n", strerror(errno), errno); exit(EXIT_FAILURE); } option.cafiles[0] = 0; if((option.log_servers = malloc(sizeof(char *) * 1)) == (char **) 0) { fprintf(stderr, "malloc: %.100s (%i)\n", strerror(errno), errno); exit(EXIT_FAILURE); } option.log_servers[0] = 0; /* default options */ option.port = 5554; option.banner_pause = -1; option.facility = LOG_AUTH; option.priority = LOG_INFO; option.method = SSLv3_client_method(); option.pemfile = "/etc/eas/certs/client.pem"; option.egdfile = 0; option.randomfile = 0; option.cipher = "HIGH:MEDIUM"; option.method = 0; option.default_shell = "/bin/sh"; option.banner = 0; option.tcptimeout = 2; return; }
int get_ssl_method_name(const SSL_METHOD *ssl_method, char *name, size_t len) { len--; name[len] = '\0'; #ifndef OPENSSL_NO_SSL2 if (ssl_method == SSLv2_client_method()) { strncpy(name, "SSLv2", len); return 1; } #endif // #ifndef OPENSSL_NO_SSL2 if (ssl_method == SSLv3_client_method()) { strncpy(name, "SSLv3", len); return 2; } if (ssl_method == TLSv1_client_method()) { strncpy(name, "TLSv1", len); return 3; } #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL if (ssl_method == TLSv1_1_client_method()) { strncpy(name, "TLS11", len); return 4; } if (ssl_method == TLSv1_2_client_method()) { strncpy(name, "TLS12", len); return 5; } #endif // #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL return 0; }
SSL_CTX * _SSL_context_init (void (*info_cb_func), int server) { SSL_CTX *ctx; #ifdef WIN32 int i, r; #endif SSLeay_add_ssl_algorithms (); SSL_load_error_strings (); ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ()); SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout (ctx, 300); /* used in SSL_connect(), SSL_accept() */ SSL_CTX_set_info_callback (ctx, info_cb_func); #ifdef WIN32 /* under win32, OpenSSL needs to be seeded with some randomness */ for (i = 0; i < 128; i++) { r = rand (); RAND_seed ((unsigned char *)&r, sizeof (r)); } #endif return(ctx); }
SSL_METHOD *sycSSLv3_client_method(void) { SSL_METHOD *result; Debug("SSLv3_client_method()"); result = SSLv3_client_method(); Debug1("SSLv3_client_method() -> %p", result); return result; }
/* * initialize ssl methods */ static void init_ssl_methods(void) { LM_DBG("entered\n"); #ifndef OPENSSL_NO_SSL2 ssl_methods[TLS_USE_SSLv2_cli - 1] = (SSL_METHOD*)SSLv2_client_method(); ssl_methods[TLS_USE_SSLv2_srv - 1] = (SSL_METHOD*)SSLv2_server_method(); ssl_methods[TLS_USE_SSLv2 - 1] = (SSL_METHOD*)SSLv2_method(); #endif ssl_methods[TLS_USE_SSLv3_cli - 1] = (SSL_METHOD*)SSLv3_client_method(); ssl_methods[TLS_USE_SSLv3_srv - 1] = (SSL_METHOD*)SSLv3_server_method(); ssl_methods[TLS_USE_SSLv3 - 1] = (SSL_METHOD*)SSLv3_method(); ssl_methods[TLS_USE_TLSv1_cli - 1] = (SSL_METHOD*)TLSv1_client_method(); ssl_methods[TLS_USE_TLSv1_srv - 1] = (SSL_METHOD*)TLSv1_server_method(); ssl_methods[TLS_USE_TLSv1 - 1] = (SSL_METHOD*)TLSv1_method(); ssl_methods[TLS_USE_SSLv23_cli - 1] = (SSL_METHOD*)SSLv23_client_method(); ssl_methods[TLS_USE_SSLv23_srv - 1] = (SSL_METHOD*)SSLv23_server_method(); ssl_methods[TLS_USE_SSLv23 - 1] = (SSL_METHOD*)SSLv23_method(); #if OPENSSL_VERSION_NUMBER >= 0x10001000L ssl_methods[TLS_USE_TLSv1_2_cli - 1] = (SSL_METHOD*)TLSv1_2_client_method(); ssl_methods[TLS_USE_TLSv1_2_srv - 1] = (SSL_METHOD*)TLSv1_2_server_method(); ssl_methods[TLS_USE_TLSv1_2 - 1] = (SSL_METHOD*)TLSv1_2_method(); #endif }
int sock_SSL_connect(SSL **ssl_con, int sockfd) { int ssl_err; SSL_CTX *ssl_ctx = NULL; ssl_ctx = SSL_CTX_new(SSLv3_client_method()); if(!ssl_ctx) { net_log(NET_LOG_ERR, "sock_SSL_connect: !ssl_ctx\n"); return WSOCK_ERROR; } *ssl_con = SSL_new(ssl_ctx); if(!(*ssl_con)) { net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_new() failed.\n"); SSL_CTX_free(ssl_ctx); return WSOCK_ERROR; } SSL_set_fd (*ssl_con, sockfd); SSL_set_connect_state(*ssl_con); ssl_err = SSL_connect(*ssl_con); if(ssl_err < 0) SSL_set_shutdown(*ssl_con,SSL_SENT_SHUTDOWN); if(ssl_err <= 0) { net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_connect() failed.\n"); SSL_free(*ssl_con); SSL_CTX_free(ssl_ctx); return WSOCK_ERROR; } return WSOCK_OK; }
SSL_CTX* EdSSLContext::buildClientCtx(int ver) { SSL_CTX *pctx; const SSL_METHOD *method; switch (ver) { case SSL_VER_TLSV1: method = TLSv1_method(); break; case SSL_VER_TLSV11: method = TLSv1_1_client_method(); break; case SSL_VER_V23: method = SSLv23_client_method(); break; case SSL_VER_V3: method = SSLv3_client_method(); break; case SSL_VER_DTLSV1: method = DTLSv1_client_method(); break; default: method = NULL; break; } if (method == NULL) return NULL; pctx = SSL_CTX_new(method); return pctx; }
void SockSSLConnect( struct Sock* out_sock ) { #ifdef TK_CONFIG_SOCK_SSL_ENABLE SSL_CTX* ctx; SSL* ssl; SSL_load_error_strings(); VCK( SSL_library_init() != 1 ,return); ctx = SSL_CTX_new (SSLv3_client_method()); VCK( ctx == NULL ,return); ssl = SSL_new (ctx); VCK( ssl == NULL ,return); VCK( SSL_set_fd ( ssl, out_sock->socket ) != 1 , return); //enable socket SSL VCK( SSL_connect (ssl) != 1 , TK_EXCEPTION("SSLConnect failed or be shutdown"); return); //connect SSL out_sock->ctx = ctx; out_sock->ssl = ssl; #endif }
const SSL_METHOD * hb_ssl_method_id_to_ptr( int n ) { const SSL_METHOD * p; switch( n ) { #if OPENSSL_VERSION_NUMBER < 0x10000000L case HB_SSL_CTX_NEW_METHOD_SSLV2: p = SSLv2_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER: p = SSLv2_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT: p = SSLv2_client_method(); break; #endif case HB_SSL_CTX_NEW_METHOD_SSLV3: p = SSLv3_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER: p = SSLv3_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT: p = SSLv3_client_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1: p = TLSv1_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER: p = TLSv1_server_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT: p = TLSv1_client_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23: p = SSLv23_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break; default: p = SSLv23_method(); } return p; }
/* * This test attempts to create a SSL 3.0 connection * with the EST server. This should fail, as TLS 1.0 * is not allowed. */ static void us1190_test1 (void) { LOG_FUNC_NM ; us1190_test_sslversion(SSLv3_client_method(), 1); }
bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) { if (m_handle) { raise_warning("SSL/TLS already set-up for this stream"); return false; } /* need to do slightly different things, based on client/server method, * so lets remember which method was selected */ #if OPENSSL_VERSION_NUMBER < 0x00909000L SSL_METHOD *smethod; #else const SSL_METHOD *smethod; #endif switch (m_method) { case ClientSSLv23: m_client = true; smethod = SSLv23_client_method(); break; case ClientSSLv3: m_client = true; smethod = SSLv3_client_method(); break; case ClientTLS: m_client = true; smethod = TLSv1_client_method(); break; case ServerSSLv23: m_client = false; smethod = SSLv23_server_method(); break; case ServerSSLv3: m_client = false; smethod = SSLv3_server_method(); break; /* SSLv2 protocol might be disabled in the OpenSSL library */ #ifndef OPENSSL_NO_SSL2 case ClientSSLv2: m_client = true; smethod = SSLv2_client_method(); break; case ServerSSLv2: m_client = false; smethod = SSLv2_server_method(); break; #else case ClientSSLv2: case ServerSSLv2: raise_warning("OpenSSL library does not support SSL2 protocol"); return false; break; #endif case ServerTLS: m_client = false; smethod = TLSv1_server_method(); break; default: return false; } SSL_CTX *ctx = SSL_CTX_new(smethod); if (ctx == nullptr) { raise_warning("failed to create an SSL context"); return false; } SSL_CTX_set_options(ctx, SSL_OP_ALL); m_handle = createSSL(ctx); if (m_handle == nullptr) { raise_warning("failed to create an SSL handle"); SSL_CTX_free(ctx); return false; } if (!SSL_set_fd(m_handle, m_fd)) { handleError(0, true); } if (session) { SSL_copy_session_id(m_handle, session->m_handle); } return true; }
bool CSSLClient::Initial(unsigned long encryptionType) { //初始SSL s_Lock.Lock(); if (0 == s_objectCount) { SSL_library_init(); const SSL_METHOD * pSSLMethod = NULL; if (TVT_ENCRYPTION_SSL == encryptionType) { pSSLMethod = TLSv1_client_method(); } else if(TVT_ENCRYPTION_TLS == encryptionType) { pSSLMethod = SSLv3_client_method(); } SSL_load_error_strings(); s_SSLCTX = SSL_CTX_new(pSSLMethod); if(NULL == s_SSLCTX) { int errNum = ERR_get_error(); printf("%s:%s:%d, ssl connect error:%s\n", __FUNCTION__, __FILE__, __LINE__, ERR_reason_error_string(errNum)); printf("%s:%s:%d, error function=%s\n", __FUNCTION__, __FILE__, __LINE__, ERR_func_error_string(errNum)); s_Lock.UnLock(); return false; } /* if (SSL_CTX_use_certificate_file(s_SSLCTX, CA_CERT_FILE, SSL_FILETYPE_PEM) <= 0) { printf("Error: %s\n", ERR_reason_error_string(ERR_get_error())); s_Lock.UnLock(); return false; } if (SSL_CTX_use_PrivateKey_file_pass(s_SSLCTX, CA_KEY_FILE, "123456") <= 0) { printf("use_PrivateKey_file err\n"); s_Lock.UnLock(); return false; } */ for (int i=0; i < CRYPTO_num_locks(); ++i) { CPUB_Lock *pLock = new CPUB_Lock; s_vecLock.push_back(pLock); } CRYPTO_set_id_callback(GetThreadId); CRYPTO_set_locking_callback(pthreads_locking_callback); s_bHasInitial = true; } s_objectCount++; s_Lock.UnLock(); return true; }
/* ** Create an SSL application context if not already done */ PUBLIC BOOL HTSSL_init (void) { char rnd_filename[HT_MAX_PATH]; /* ** Initialise OpenSSL 0.9.5 random number generator. ** The random generator of OpenSSL had to be initialised on platforms ** that do not support /dev/random, like Compaq True64 Unix. ** This is done in the default way, and means that the user of the ** libwww-ssl library needs to have a .rnd file in his/her home-directory. */ RAND_file_name(rnd_filename, sizeof(rnd_filename)); RAND_load_file(rnd_filename, -1); if (!app_ctx) { SSL_METHOD * meth = NULL; SSLeay_add_ssl_algorithms(); /* Seems to provide English error messages */ SSL_load_error_strings(); /* select the protocol method */ switch (ssl_prot_method) { case HTSSL_V2: meth = SSLv2_client_method(); break; case HTSSL_V3: meth = SSLv3_client_method(); break; case HTSSL_V23: meth = SSLv23_client_method(); break; default: case HTTLS_V1: meth = TLSv1_client_method(); break; } /* set up the application context */ if ((app_ctx = SSL_CTX_new(meth)) == NULL) { HTTRACE(PROT_TRACE, "HTSSLContext Could not create context\n"); return NO; } HTTRACE(PROT_TRACE, "HTSSLContext Created context %p" _ app_ctx); /* See the SSL states in our own callback */ #ifdef HTDEBUG SSL_CTX_set_info_callback(app_ctx, apps_ssl_info_callback); #endif /* Set the certificate verification callback */ SSL_CTX_set_verify(app_ctx, SSL_VERIFY_PEER, verify_callback); /* Not sure what this does */ SSL_CTX_set_session_cache_mode(app_ctx, SSL_SESS_CACHE_CLIENT); } return YES; }
static void sl_ssl_client (void){ // create an ssl object and return the memory managed type back to // SLang. It needs the file descriptor of the object upon which // communication will occur, and the protocol to use. // SSL_CTX *ctx; SSL *ssl; int proto, cret; SLang_MMT_Type *mmt, *sslmmt; SLsslctx_Type *slctx; char *cadir=NULL, *cafile=NULL; if (SLang_Num_Function_Args == 3) if (SLang_pop_slstring(&cadir) == -1) return; if (SLang_Num_Function_Args > 1) if (SLANG_NULL_TYPE==SLang_peek_at_stack()) SLdo_pop(); else if (SLang_pop_slstring(&cafile) == -1) goto free; if (SLang_pop_integer(&proto) == -1) goto free; if (proto==SSL_PROTO_SSL2) ctx = SSL_CTX_new(SSLv23_client_method()); else if (proto==SSL_PROTO_SSL3) ctx = SSL_CTX_new(SSLv3_client_method()); else if (proto==SSL_PROTO_TLS1) ctx = SSL_CTX_new(TLSv1_client_method()); else if (proto==SSL_PROTO_ANY) ctx = SSL_CTX_new(SSLv23_client_method()); cret = SSL_CTX_load_verify_locations(ctx, cafile, cadir); if (cret == 0 && SLang_Num_Function_Args > 1){ SLang_verror(SL_APPLICATION_ERROR, "Failed to load CA file or path"); goto free; } slctx = (SLsslctx_Type *)malloc(sizeof(SLsslctx_Type)); slctx->is_server = 0; slctx->ctx = (void *)ctx; sslmmt = SLang_create_mmt(SLsslctx_Type_Id, (VOID_STAR) slctx); if (0!=SLang_push_mmt(sslmmt)) SLang_free_mmt(sslmmt); free: if (NULL!=cadir) SLang_free_slstring(cadir); if (NULL!=cafile) SLang_free_slstring(cafile); }
SSL_CTX* InitCTX(void) { SSL_METHOD *method; SSL_CTX *ctx; OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */ SSL_load_error_strings(); /* Bring in and register error messages */ method = SSLv3_client_method(); /* Create new client-method instance */ ctx = SSL_CTX_new(method); /* Create new context */ return ctx; }
SSLContext::SSLContext(int _method){ #ifdef USE_EMBEDDED_CLASSNAMES setClassName(__xvr2_Net_SSLContext); #endif __init_ssl_library(this); pem = 0; method = _method; ctx = 0; mydata = 0; switch(method){ case SSL_V2: ctx = SSL_CTX_new(SSLv2_method()); break; case SSL_V2_CLIENT: ctx = SSL_CTX_new(SSLv2_client_method()); break; case SSL_V2_SERVER: ctx = SSL_CTX_new(SSLv2_server_method()); break; case SSL_V3: ctx = SSL_CTX_new(SSLv3_method()); break; case SSL_V3_CLIENT: ctx = SSL_CTX_new(SSLv3_client_method()); break; case SSL_V3_SERVER: ctx = SSL_CTX_new(SSLv3_server_method()); break; case SSL_V23_CLIENT: ctx = SSL_CTX_new(SSLv23_client_method()); break; case SSL_V23_SERVER: ctx = SSL_CTX_new(SSLv23_server_method()); break; case SSL_V23: default: ctx = SSL_CTX_new(SSLv23_method()); } if(ctx == 0){ throw SSLContextCreation(); } //Initialize password callback __ssl_ctx_cb_args *x; x = new __ssl_ctx_cb_args(this, 0, 0); mydata = x; #ifdef USE_DEBUG debugmsgln(this, "Initializing password callback..."); #endif SSL_CTX_set_default_passwd_cb((SSL_CTX *)ctx, passwdCB); #ifdef USE_DEBUG debugmsgln(this, "Initializing default password callback userdata..."); #endif SSL_CTX_set_default_passwd_cb_userdata((SSL_CTX *)ctx, mydata); }
static int _init_client(OpenSSL * openssl, char const * name) { if((openssl->ssl_ctx = SSL_CTX_new(SSLv3_client_method())) == NULL || SSL_CTX_set_cipher_list(openssl->ssl_ctx, SSL_DEFAULT_CIPHER_LIST) != 1 || (openssl->ssl = SSL_new(openssl->ssl_ctx)) == NULL) return -_openssl_error_ssl(1); if((openssl->fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) return -_openssl_error("socket", 1); /* FIXME implement the rest */ return -1; }
/* * Negotiate SSL on the socket. */ static BOOL server_negotiate_ssl(Remote *remote) { BOOL success = TRUE; SOCKET fd = 0; DWORD ret = 0; lock_acquire( remote->lock ); do { fd = remote_get_fd(remote); remote->meth = SSLv3_client_method(); remote->ctx = SSL_CTX_new(remote->meth); SSL_CTX_set_mode(remote->ctx, SSL_MODE_AUTO_RETRY); remote->ssl = SSL_new(remote->ctx); SSL_set_verify(remote->ssl, SSL_VERIFY_NONE, NULL); if( SSL_set_fd(remote->ssl, remote->fd) == 0 ) { dprintf("[SERVER] set fd failed"); success = FALSE; break; } if( (ret = SSL_connect(remote->ssl)) != 1 ) { dprintf("[SERVER] connect failed %d\n", SSL_get_error(remote->ssl, ret)); success = FALSE; break; } dprintf("[SERVER] Sending a HTTP GET request to the remote side..."); if( (ret = SSL_write(remote->ssl, "GET /123456789 HTTP/1.0\r\n\r\n", 27)) <= 0 ) { dprintf("[SERVER] SSL write failed during negotiation with return: %d (%d)", ret, SSL_get_error(remote->ssl, ret)); } } while(0); lock_release( remote->lock ); dprintf("[SERVER] Completed writing the HTTP GET request: %d", ret); if( ret < 0 ) success = FALSE; return success; }
static const SSL_METHOD *ssl23_get_client_method(int ver) { #ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif if (ver == SSL3_VERSION) return(SSLv3_client_method()); else if (ver == TLS1_VERSION) return(TLSv1_client_method()); else return(NULL); }
static SSL_METHOD *ssl23_get_client_method(int ver) { #ifdef CONFIG_SSL2 if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif if (ver == SSL3_VERSION) return(SSLv3_client_method()); else if (ver == TLS1_VERSION) return(TLSv1_client_method()); else return(NULL); }
static const SSL_METHOD * ssl23_get_client_method(int ver) { if (ver == SSL3_VERSION) return (SSLv3_client_method()); if (ver == TLS1_VERSION) return (TLSv1_client_method()); if (ver == TLS1_1_VERSION) return (TLSv1_1_client_method()); if (ver == TLS1_2_VERSION) return (TLSv1_2_client_method()); return (NULL); }
static int ssl_init(GF_DownloadManager *dm, u32 mode) { SSL_METHOD *meth; if (!dm) return 0; /* The SSL has already been initialized. */ if (dm->ssl_ctx) return 1; /* Init the PRNG. If that fails, bail out. */ init_prng(); if (RAND_status() != 1) goto error; SSL_library_init(); SSL_load_error_strings(); SSLeay_add_all_algorithms(); SSLeay_add_ssl_algorithms(); switch (mode) { case 0: meth = SSLv23_client_method(); break; case 1: meth = SSLv2_client_method(); break; case 2: meth = SSLv3_client_method(); break; case 3: meth = TLSv1_client_method(); break; default: goto error; } dm->ssl_ctx = SSL_CTX_new(meth); if (!dm->ssl_ctx) goto error; SSL_CTX_set_default_verify_paths(dm->ssl_ctx); SSL_CTX_load_verify_locations (dm->ssl_ctx, NULL, NULL); /* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the certificate is invalid. We verify the certificate separately in ssl_check_certificate, which provides much better diagnostics than examining the error stack after a failed SSL_connect. */ SSL_CTX_set_verify(dm->ssl_ctx, SSL_VERIFY_NONE, NULL); /* Since fd_write unconditionally assumes partial writes (and handles them correctly), allow them in OpenSSL. */ SSL_CTX_set_mode(dm->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); return 1; error: if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx); dm->ssl_ctx = NULL; return 0; }
static const SSL_METHOD *swSSL_get_method(int method) { switch (method) { #ifndef OPENSSL_NO_SSL3_METHOD case SW_SSLv3_METHOD: return SSLv3_method(); case SW_SSLv3_SERVER_METHOD: return SSLv3_server_method(); case SW_SSLv3_CLIENT_METHOD: return SSLv3_client_method(); #endif case SW_SSLv23_SERVER_METHOD: return SSLv23_server_method(); case SW_SSLv23_CLIENT_METHOD: return SSLv23_client_method(); case SW_TLSv1_METHOD: return TLSv1_method(); case SW_TLSv1_SERVER_METHOD: return TLSv1_server_method(); case SW_TLSv1_CLIENT_METHOD: return TLSv1_client_method(); #ifdef TLS1_1_VERSION case SW_TLSv1_1_METHOD: return TLSv1_1_method(); case SW_TLSv1_1_SERVER_METHOD: return TLSv1_1_server_method(); case SW_TLSv1_1_CLIENT_METHOD: return TLSv1_1_client_method(); #endif #ifdef TLS1_2_VERSION case SW_TLSv1_2_METHOD: return TLSv1_2_method(); case SW_TLSv1_2_SERVER_METHOD: return TLSv1_2_server_method(); case SW_TLSv1_2_CLIENT_METHOD: return TLSv1_2_client_method(); #endif case SW_DTLSv1_METHOD: return DTLSv1_method(); case SW_DTLSv1_SERVER_METHOD: return DTLSv1_server_method(); case SW_DTLSv1_CLIENT_METHOD: return DTLSv1_client_method(); case SW_SSLv23_METHOD: default: return SSLv23_method(); } return SSLv23_method(); }
/** * @desc Initialize OpenSSL lib * @throw Char * */ void IOSocketSSL::initSSL(const bool force_server_method = false) { TRACE_CALL(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_ssl_algorithms(); switch (socket_t) { case IOSOCKET_LISTEN_T: ctx = SSL_CTX_new(SSLv3_server_method()); break; case IOSOCKET_CONNECT_T: if (force_server_method) ctx = SSL_CTX_new(SSLv3_server_method()); else ctx = SSL_CTX_new(SSLv3_client_method()); break; default: /* Shouln't happen, mother class constructor should have thrown * an exception earlier */ throw("Unknown socket type"); break; } /** * Should use a loop on ERR_get_error() * to retrieve the whole error process */ if (ctx == NULL) throw(new_SSL_error("initializing ssl context")); if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) != 1) throw(new_SSL_error("loading cert file")); if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) != 1) throw(new_SSL_error("loading private key file")); if (SSL_CTX_check_private_key(ctx) != 1) throw(new_SSL_error("verifying private key")); /* Don't bother with renego */ SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); init_ssl = true; }
SSL_CTX* InitCTX(void) { SSL_METHOD *method; SSL_CTX *ctx; OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */ SSL_load_error_strings(); /* Bring in and register error messages */ method = const_cast<SSL_METHOD*>(SSLv3_client_method()); /* Create new client-method instance */ ctx = SSL_CTX_new(method); /* Create new context */ if ( ctx == NULL ) { ERR_print_errors_fp(stderr); abort(); } return ctx; }
int hipCfgFiles::loadCfg(struct hip_conf *hc) { const char *fnName = "hipCfgFiles::loadCfg: "; SSL_CTX *ctx = NULL; if (hc == NULL) { cout << "loadCfg: ERROR: HCNF not set" << endl; return(-1); } _hcfg = hc; /* SSL context. */ SSL_library_init(); SSL_load_error_strings(); ctx = SSL_CTX_new(SSLv3_client_method()); if (ctx == NULL) { cerr << fnName << "Error creating SSL context" << endl; return(-1); } _ssl = SSL_new(ctx); if (_ssl == NULL) { cerr << fnName << "Error open SSL connect" << endl; return(-1); } /* Don't need x509 store since not handling certs * _store = X509_STORE_new(); * if(!_store){ * cerr << fnName << "error calling X509_STORE_new" << endl; * return -1; * } * * X509_STORE_set_verify_cb_func(_store, hipCfgFiles::callb); * X509_STORE_set_default_paths(_store); */ hc->use_my_identities_file = 1; if (getEndboxMapsFromLocalFile() < 0) { return(-1); } return(0); }