Esempio n. 1
0
const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
{
   const SSL_METHOD * p;

   switch( n )
   {
#if OPENSSL_VERSION_NUMBER < 0x10000000L
      case HB_SSL_CTX_NEW_METHOD_SSLV2:         p = SSLv2_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER:  p = SSLv2_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT:  p = SSLv2_client_method();  break;
#endif
      case HB_SSL_CTX_NEW_METHOD_SSLV3:         p = SSLv3_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER:  p = SSLv3_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT:  p = SSLv3_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1:         p = TLSv1_method();         break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER:  p = TLSv1_server_method();  break;
      case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT:  p = TLSv1_client_method();  break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
      default: p = SSLv23_method();
   }

   return p;
}
static const SSL_METHOD *tls1_get_method(int ver)
	{
	if (ver == TLS1_VERSION)
		return(TLSv1_method());
	else
		return(NULL);
	}
Esempio n. 3
0
void ContextImpl::setProtocol(Protocol protocol)
{
    bool v2 = false;

    switch(protocol) 
    {
        case SSLv2: 
            // SSLv2_method is not available everywhere (check OPENSSL_NO_SSL2)
            SSL_CTX_set_ssl_version(_ctx, SSLv23_method() );
            v2 = true;
            break;
        
        case SSLv3or2: 
            SSL_CTX_set_ssl_version( _ctx, SSLv23_method() ); 
            v2 = true;
            break;

        default:
        case SSLv3: 
            SSL_CTX_set_ssl_version( _ctx, SSLv3_method() ); 
            break;
        
        case TLSv1: 
            SSL_CTX_set_ssl_version( _ctx, TLSv1_method() ); 
            break;
    }

    _protocol = protocol;

    const char* ciphers = v2 ? "ALL:!aNULL:!eNULL" : "ALL:!aNULL:!eNULL:!SSLv2";
    SSL_CTX_set_cipher_list(_ctx, ciphers);
}
Esempio n. 4
0
/*
** ctx = ssl.context.new("sslv23/sslv3/tlsv1")
*/
static int l_new(lua_State *L)
{
	const char *str = luaL_checkstring(L, 1);
	SSL_METHOD *method;
	SSL_CTX *ctx;
	
	if (strcasecmp(str, "sslv3") == 0)
		method = SSLv3_method();
	else if (strcasecmp(str, "sslv23") == 0)
		method = SSLv23_method();
	else if (strcasecmp(str, "tlsv1") == 0)
		method = TLSv1_method();
	else
		luaL_error(L, "invalid arugment #1, should be sslv3/sslv23/tlsv1");
		
	ctx = SSL_CTX_new(method);
	if (ctx != NULL) {
		Object *obj = (Object*)lua_newuserdata(L, sizeof(Object));
		obj->ctx = ctx;
		luaL_getmetatable(L, META_NAME);
		lua_setmetatable(L, -2);
	} else {
		lua_pushnil(L);
	}
	return 1;
}
Esempio n. 5
0
static const SSL_METHOD *tls1_get_method(int ver)
	{
	if (ver == TLS1_1_VERSION)
		return TLSv1_1_method();
	if (ver == TLS1_VERSION)
		return TLSv1_method();
	return NULL;
	}
Esempio n. 6
0
void Context::createSSLContext()
{
	if (SSLManager::isFIPSEnabled())
	{
		_pSSLContext = SSL_CTX_new(TLSv1_method());
	}
	else
	{
		switch (_usage)
		{
		case CLIENT_USE:
			_pSSLContext = SSL_CTX_new(SSLv23_client_method());
			break;
		case SERVER_USE:
			_pSSLContext = SSL_CTX_new(SSLv23_server_method());
			break;
#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1)
		case TLSV1_CLIENT_USE:
			_pSSLContext = SSL_CTX_new(TLSv1_client_method());
			break;
		case TLSV1_SERVER_USE:
			_pSSLContext = SSL_CTX_new(TLSv1_server_method());
			break;
#endif
#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1.
 * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line
 * if TLS1.x was removed at OpenSSL library build time via Configure options.
 */
        case TLSV1_1_CLIENT_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_1_client_method());
            break;
        case TLSV1_1_SERVER_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_1_server_method());
            break;
#endif
#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1)
        case TLSV1_2_CLIENT_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_2_client_method());
            break;
        case TLSV1_2_SERVER_USE:
            _pSSLContext = SSL_CTX_new(TLSv1_2_server_method());
            break;
#endif
		default:
			throw Poco::InvalidArgumentException("Invalid or unsupported usage");
		}
	}
	if (!_pSSLContext) 
	{
		unsigned long err = ERR_get_error();
		throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0));
	}

	SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback);
	Utility::clearErrorStack();
	SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL);
}
Esempio n. 7
0
/**
 * Find the protocol.
 */
static LSEC_SSL_METHOD* str2method(const char *method)
{
  if (!strcmp(method, "sslv23"))  return SSLv23_method();
  if (!strcmp(method, "sslv3"))   return SSLv3_method();
  if (!strcmp(method, "tlsv1"))   return TLSv1_method();
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
  if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method();
#endif
  return NULL;
}
Esempio n. 8
0
static SSL_METHOD *ssl23_get_method(int ver)
	{
	if (ver == SSL2_VERSION)
		return(SSLv2_method());
	else if (ver == SSL3_VERSION)
		return(SSLv3_method());
	else if (ver == TLS1_VERSION)
		return(TLSv1_method());
	else
		return(NULL);
	}
Esempio n. 9
0
// nassl.SSL_CTX.new()
static PyObject* nassl_SSL_CTX_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
	nassl_SSL_CTX_Object *self;
	int sslVersion;
	SSL_CTX *sslCtx;

    self = (nassl_SSL_CTX_Object *)type->tp_alloc(type, 0);
    if (self == NULL)
    	return NULL;

    self->sslCtx = NULL;
    self->pkeyPasswordBuf = NULL;

	if (!PyArg_ParseTuple(args, "I", &sslVersion)) {
		Py_DECREF(self);
    	return NULL;
    }

    switch (sslVersion) {
		case sslv23:
			sslCtx = SSL_CTX_new(SSLv23_method());
			break;
		case sslv2:
			sslCtx = SSL_CTX_new(SSLv2_method());
			break;
		case sslv3:
			sslCtx = SSL_CTX_new(SSLv3_method());
			break;
		case tlsv1:
			sslCtx = SSL_CTX_new(TLSv1_method());
			break;
		case tlsv1_1:
			sslCtx = SSL_CTX_new(TLSv1_1_method());
			break;
		case tlsv1_2:
			sslCtx = SSL_CTX_new(TLSv1_2_method());
			break;
		default:
        	PyErr_SetString(PyExc_ValueError, "Invalid value for ssl version");
        	Py_DECREF(self);
			return NULL;
	}
	if (sslCtx == NULL) {
        raise_OpenSSL_error();
        Py_DECREF(self);
		return NULL;
	}

    // Add the client certificate callback
    SSL_CTX_set_client_cert_cb(sslCtx, client_cert_cb);

    self->sslCtx = sslCtx;
    return (PyObject *)self;
}
Esempio n. 10
0
static const SSL_METHOD *
ssl23_get_method(int ver)
{
	if (ver == SSL3_VERSION)
		return (SSLv3_method());
	if (ver == TLS1_VERSION)
		return (TLSv1_method());
	if (ver == TLS1_1_VERSION)
		return (TLSv1_1_method());
	if (ver == TLS1_2_VERSION)
		return (TLSv1_2_method());
	return (NULL);
}
Esempio n. 11
0
static const SSL_METHOD *swSSL_get_method(int method)
{
    switch (method)
    {
#ifndef OPENSSL_NO_SSL3_METHOD
    case SW_SSLv3_METHOD:
        return SSLv3_method();
    case SW_SSLv3_SERVER_METHOD:
        return SSLv3_server_method();
    case SW_SSLv3_CLIENT_METHOD:
        return SSLv3_client_method();
#endif
    case SW_SSLv23_SERVER_METHOD:
        return SSLv23_server_method();
    case SW_SSLv23_CLIENT_METHOD:
        return SSLv23_client_method();
    case SW_TLSv1_METHOD:
        return TLSv1_method();
    case SW_TLSv1_SERVER_METHOD:
        return TLSv1_server_method();
    case SW_TLSv1_CLIENT_METHOD:
        return TLSv1_client_method();
#ifdef TLS1_1_VERSION
    case SW_TLSv1_1_METHOD:
        return TLSv1_1_method();
    case SW_TLSv1_1_SERVER_METHOD:
        return TLSv1_1_server_method();
    case SW_TLSv1_1_CLIENT_METHOD:
        return TLSv1_1_client_method();
#endif
#ifdef TLS1_2_VERSION
    case SW_TLSv1_2_METHOD:
        return TLSv1_2_method();
    case SW_TLSv1_2_SERVER_METHOD:
        return TLSv1_2_server_method();
    case SW_TLSv1_2_CLIENT_METHOD:
        return TLSv1_2_client_method();
#endif
    case SW_DTLSv1_METHOD:
        return DTLSv1_method();
    case SW_DTLSv1_SERVER_METHOD:
        return DTLSv1_server_method();
    case SW_DTLSv1_CLIENT_METHOD:
        return DTLSv1_client_method();
    case SW_SSLv23_METHOD:
    default:
        return SSLv23_method();
    }
    return SSLv23_method();
}
Esempio n. 12
0
P_ST_TLS_STRUCT st_tls_create_ctx(P_ST_TLS_STRUCT p_st_tls)
{
    P_SSL_CTX p_ctx = NULL;

    OpenSSL_add_ssl_algorithms();
    SSL_load_error_strings();
    SSL_library_init();     //SSL_library_init() always returns "1"

    tls_rand_seed();

    if ( p_st_tls->work_status == WORK_SERVER )
    {
        st_print("Initialize with TLSv1_server_method() \n");
        RET_NULL_IF_TRUE_S(!(p_ctx = SSL_CTX_new(TLSv1_server_method()))); 
    }
    else if ( p_st_tls->work_status == WORK_CLIENT )
    {
        st_print("Initialize with TLSv1_client_method() \n");
        RET_NULL_IF_TRUE_S(!(p_ctx = SSL_CTX_new(TLSv1_client_method())));
    }
    else
    {
        st_print("Initialize with TLSv1_method() \n");
        RET_NULL_IF_TRUE_S(!(p_ctx = SSL_CTX_new(TLSv1_method())));
    }


    //SSL_CTX_set_default_passwd_cb(p_ctx, no_passphrase_callback);
    SSL_CTX_set_mode(p_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);

    if ( strlen(p_st_tls->ca_file) )
    {
        RET_NULL_IF_TRUE_S( !SSL_CTX_load_verify_locations(p_ctx, p_st_tls->ca_file, NULL));
    }
    else
    {
        st_print("No CAfile Verify!\n");
    }

    RET_NULL_IF_TRUE_S( !SSL_CTX_use_PrivateKey_file(p_ctx, p_st_tls->key_file, SSL_FILETYPE_PEM)); 

    RET_NULL_IF_TRUE_S( !SSL_CTX_use_certificate_chain_file(p_ctx, p_st_tls->cert_file));

    // 判定私钥是否正确  
    RET_NULL_IF_TRUE_S( !SSL_CTX_check_private_key(p_ctx));

    p_st_tls->p_ctx = p_ctx;

    return p_st_tls;
}
int TlsInit( char* cacertPath )
{
    e_TlsError    vl_Error;
    char a_DefaultCertPath[] = DEFAULT_CERT_PATH;
    char *p_CertToUse;

    DEBUG_LOG_PRINT_LEV2(("TlsInit : Entry"));

    SSL_load_error_strings();
    SSL_library_init();

    gp_SSL_CTX = SSL_CTX_new(TLSv1_method());
    if( NULL == gp_SSL_CTX )
    {
        DEBUG_LOG_PRINT_LEV2(("SSL_CTX_new returned NULL!\n"));
         return FALSE;
    }
    if ( SSL_CTX_set_cipher_list(gp_SSL_CTX, DEFAULT_CIPHER_LIST ) != 1 )
    {
        DEBUG_LOG_PRINT_LEV2(("SSL_CTX_set_cipher_list returned NULL!\n"));
        SSL_CTX_free(gp_SSL_CTX);
        return FALSE;  // ERROR selecting SUPL cipher list
    }
    SSL_CTX_set_info_callback(gp_SSL_CTX, Tls_openssl_info_callback);
#ifdef AGPS_DISABLE_TLS_CA_CERT_VERIFY
    /* In this mode, even if a CA cert is not found, a secure connection is established */
    SSL_CTX_set_verify( gp_SSL_CTX , SSL_VERIFY_NONE , NULL );
#else
    /* If a CA cert is not found matching the server certificate, the handshake is shutdown */
    SSL_CTX_set_verify( gp_SSL_CTX , SSL_VERIFY_PEER , Tls_openssl_certificate_verify_callback );
#endif


    p_CertToUse = ( cacertPath == NULL ) ? a_DefaultCertPath : cacertPath;

    DEBUG_LOG_PRINT_LEV2(("TlsInit : Certificate %s\n" , p_CertToUse));

    if( SSL_CTX_load_verify_locations(gp_SSL_CTX, p_CertToUse ,NULL) != 1 )
    {
        DEBUG_LOG_PRINT_LEV2(("SSL_CTX_load_verify_locations failed!\n"));
         return FALSE;
    }
    DEBUG_LOG_PRINT_LEV2(("SSL_CTX_get_options : %ld" , SSL_CTX_get_options( gp_SSL_CTX ) ));
    SSL_CTX_set_options( gp_SSL_CTX,SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) ;
    DEBUG_LOG_PRINT_LEV2(("SSL_CTX_get_options : %ld" , SSL_CTX_get_options( gp_SSL_CTX ) ));

    DEBUG_LOG_PRINT_LEV2(("TlsInit : Exit"));
    return TRUE;
}
Esempio n. 14
0
static SSLTransport * _ssl_init(AppTransportPluginHelper * helper,
		AppTransportMode mode, char const * name)
{
	SSLTransport * ssl;
	int res;

#ifdef DEBUG
	fprintf(stderr, "DEBUG: %s(%u, \"%s\")\n", __func__, mode, name);
#endif
	if((ssl = object_new(sizeof(*ssl))) == NULL)
		return NULL;
	memset(ssl, 0, sizeof(*ssl));
	ssl->helper = helper;
	if((ssl->ssl_ctx = SSL_CTX_new(TLSv1_method())) == NULL
			|| SSL_CTX_set_cipher_list(ssl->ssl_ctx,
				SSL_DEFAULT_CIPHER_LIST) != 1
			|| SSL_CTX_load_verify_locations(ssl->ssl_ctx, NULL,
				"/etc/openssl/certs") != 1)
		/* FIXME report the underlying error */
		res = -error_set_code(1, "Could not initialize SSL");
	else
		switch((ssl->mode = mode))
		{
			case ATM_CLIENT:
				res = _init_client(ssl, name);
				break;
			case ATM_SERVER:
				res = _init_server(ssl, name);
				break;
			default:
				res = -error_set_code(1,
						"Unknown transport mode");
				break;
		}
	/* check for errors */
	if(res != 0)
	{
#ifdef DEBUG
		fprintf(stderr, "DEBUG: %s() => %d (%s)\n", __func__, res,
				error_get(NULL));
#endif
		_ssl_destroy(ssl);
		return NULL;
	}
#if 0 /* XXX may be useful */
	SSL_CTX_set_mode(ssl->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
#endif
	return ssl;
}
Esempio n. 15
0
/**
 * Initializes an SSL context using the specified certificates.
 *
 * @param pubkey The public key.
 * @param privkey The matching private key.
 * @param cakey CA certificate chain file.
 * @returns An SSL context.
 */
shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey)
{
	InitializeOpenSSL();

	shared_ptr<SSL_CTX> sslContext = shared_ptr<SSL_CTX>(SSL_CTX_new(TLSv1_method()), SSL_CTX_free);

	SSL_CTX_set_mode(sslContext.get(), 0);

	if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_use_certificate_chain_file")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(pubkey));
	}

	if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_use_PrivateKey_file")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(privkey));
	}

	if (!SSL_CTX_check_private_key(sslContext.get())) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_check_private_key")
		    << errinfo_openssl_error(ERR_get_error()));
	}

	if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_CTX_load_verify_locations")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(cakey));
	}

	STACK_OF(X509_NAME) *cert_names;

	cert_names = SSL_load_client_CA_file(cakey.CStr());
	if (cert_names == NULL) {
		BOOST_THROW_EXCEPTION(openssl_error()
		    << boost::errinfo_api_function("SSL_load_client_CA_file")
		    << errinfo_openssl_error(ERR_get_error())
		    << boost::errinfo_file_name(cakey));
	}

	SSL_CTX_set_client_CA_list(sslContext.get(), cert_names);

	return sslContext;
}
Esempio n. 16
0
static const SSL_METHOD *ssl23_get_method(int ver)
{
#ifndef OPENSSL_NO_SSL3
    if (ver == SSL3_VERSION)
        return (SSLv3_method());
    else
#endif
    if (ver == TLS1_VERSION)
        return (TLSv1_method());
    else if (ver == TLS1_1_VERSION)
        return (TLSv1_1_method());
    else if (ver == TLS1_2_VERSION)
        return (TLSv1_2_method());
    else
        return (NULL);
}
Esempio n. 17
0
static void init()
{
    if (gSSL_CTX) return;
    SSL_load_error_strings();
    SSL_library_init();
    gSSL_CTX = SSL_CTX_new(TLSv1_method());
#if OPENSSL_VERSION_NUMBER >= 0x00905000L
    SSL_CTX_set_cipher_list(gSSL_CTX, "ADH:@STRENGTH");
#else
    SSL_CTX_set_cipher_list(gSSL_CTX, "ADH");
#endif
    SSL_CTX_set_info_callback(gSSL_CTX, (void (*)())ssl_info_callback);
    DH *dh = get_dh512();
    SSL_CTX_set_tmp_dh(gSSL_CTX, dh);
    DH_free(dh);
}
Esempio n. 18
0
static int
handshake (struct stream_data *data)
{
	int ret;
	int finished;

	SSL_library_init();
	SSL_load_error_strings();
	
	data->ssl_ctx = SSL_CTX_new(TLSv1_method());
	if(!data->ssl_ctx) return IKS_NOMEM;
	
	data->ssl = SSL_new(data->ssl_ctx);
	if(!data->ssl) return IKS_NOMEM;
	
	if( SSL_set_fd(data->ssl, (int)(intptr_t)data->sock) != 1 ) return IKS_NOMEM;
	
	/* Set both the read and write BIO's to non-blocking mode */
	BIO_set_nbio(SSL_get_rbio(data->ssl), 1);
	BIO_set_nbio(SSL_get_wbio(data->ssl), 1);

	finished = 0;
	
	do
	{
		ret = SSL_connect(data->ssl);
		
		if( ret != 1 ) 
		{
			if( wait_for_data(data, ret, 1) != IKS_OK ) 
			{
				finished = 1; 
				SSL_free(data->ssl);
			}
		}
	} while( ret != 1 && finished != 1 );
	
	if( ret == 1 )
	{
		data->flags &= (~SF_TRY_SECURE);
		data->flags |= SF_SECURE;
	
		iks_send_header (data->prs, data->server);
	}
	
	return ret == 1 ? IKS_OK : IKS_NET_TLSFAIL;
}
Esempio n. 19
0
static const SSL_METHOD *tls1_get_method(int ver)
{
    if (ver == TLS_ANY_VERSION)
        return TLS_method();
    if (ver == TLS1_2_VERSION)
        return TLSv1_2_method();
    if (ver == TLS1_1_VERSION)
        return TLSv1_1_method();
    if (ver == TLS1_VERSION)
        return TLSv1_method();
#ifndef OPENSSL_NO_SSL3
    if (ver == SSL3_VERSION)
        return (SSLv3_method());
    else
#endif
    return NULL;
}
MMGSSLConnection::MMGSSLConnection(const std::string& hostname, const unsigned short port, const std::string& certsPath, const std::string& certFile, const std::string& keyFile, const std::string& keyPassword)
{
	this->_hostname = hostname;
	this->_port = port;
	this->_certsPath = certsPath;
	this->_certFile = certFile;
	this->_keyFile = keyFile;
	this->_keyPassword = keyPassword;
	this->_socket = -1;
	this->_hostent = NULL;
	this->_sslCtx = NULL;
	this->_ssl = NULL;
	this->_serverCert = NULL;
	this->_privateKey = NULL;
	// Choose a SSL/TLS protocol version
	this->_sslMethod = (SSL_METHOD*)TLSv1_method();
}
Esempio n. 21
0
int neo4j_openssl_init(void)
{
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();

    int num_locks = CRYPTO_num_locks();
    thread_locks = calloc(num_locks, sizeof(neo4j_mutex_t));
    if (thread_locks == NULL)
    {
        return -1;
    }

    for (int i = 0; i < num_locks; i++)
    {
        int err = neo4j_mutex_init(&(thread_locks[i]));
        if (err)
        {
            for (; i > 0; --i)
            {
                neo4j_mutex_destroy(&(thread_locks[i-1]));
            }
            free(thread_locks);
            errno = err;
            return -1;
        }
    }

    if (CRYPTO_get_locking_callback() == NULL)
    {
        CRYPTO_set_locking_callback(locking_callback);
        CRYPTO_set_id_callback(neo4j_current_thread_id);
    }

    SSL_CTX *ctx = SSL_CTX_new(TLSv1_method());
    if (ctx == NULL)
    {
        errno = openssl_error(NULL, NEO4J_LOG_ERROR, __FILE__, __LINE__);
        return -1;
    }
    SSL_CTX_free(ctx);

    return 0;
}
Esempio n. 22
0
int easyssl_setup(EASYSSL *ctx) {
    SSL_load_error_strings();
    if(SSL_library_init() != 1) {
        printf("Error: SSL lib init failure\n");
        return -SSL_ERR_INIT;
    }
    if((ctx->ctx = SSL_CTX_new(SSLv3_method())) == NULL) {
        printf("Create SSLv3 failure\n");
        if((ctx->ctx = SSL_CTX_new(TLSv1_method())) == NULL) {
            printf("Create TLSv1 failure\n");
            return -SSL_ERR_TLS;
        }
    }
    if(ctx->cert_auth == 0){
        SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_NONE, NULL);
    }else{
        SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER, easyssl_ca_verify_cb);
        SSL_CTX_set_verify_depth(ctx->ctx, EASYSSL_DEPTH);
        if(SSL_CTX_load_verify_locations(ctx->ctx, ctx->cert_path, NULL) != 1) {
            return -SSL_ERR_CERT;
        }
    }
    SSL_CTX_set_default_passwd_cb_userdata(ctx->ctx, ctx->passwd);
    if(SSL_CTX_use_certificate_chain_file(ctx->ctx, ctx->cert_path) == 1){
        printf("Load certificate success\n");
    }
    if(SSL_CTX_use_PrivateKey_file(ctx->ctx, ctx->pkey_path, SSL_FILETYPE_PEM) == 1) {
        printf("Load private key success\n");
    }
    if(SSL_CTX_check_private_key(ctx->ctx) == 1) {
        printf("Check private key success\n");
    }
    if((ctx->ssl = SSL_new(ctx->ctx)) == NULL) {
        printf("Error: create SSL failure\n");
        return -SSL_ERR_NEW;
    }
    if(SSL_set_fd(ctx->ssl, ctx->fd) != 1) {
        printf("Error: set SSL fd failure\n");
    }
    if(SSL_connect(ctx->ssl) != 1) {
        return -SSL_ERR_CONN;
    }
    printf("Connected to SSL success\n");
    return SSL_ERR_SUCCESS;
}
Esempio n. 23
0
int ssl_connect(int sock, SSL ** ssl_con)
{
   SSL_METHOD *meth;
   SSL_CTX *ctx;

   SSL_library_init();
   SSL_load_error_strings();

   meth = (SSL_METHOD *) TLSv1_method();
   ctx = SSL_CTX_new(meth);

   *ssl_con = SSL_new(ctx);
   SSL_set_fd(*ssl_con, sock);
   if (SSL_connect(*ssl_con) <= 0)
      return -1;

   return 0;
}
Esempio n. 24
0
File: openssl.c Progetto: Tilka/uhub
static const SSL_METHOD* get_ssl_method(const char* tls_version)
{
	if (!tls_version || !*tls_version)
	{
		LOG_ERROR("tls_version is not set.");
		return 0;
	}

	if (!strcmp(tls_version, "1.0"))
	  return TLSv1_method();
	if (!strcmp(tls_version, "1.1"))
	  return TLSv1_1_method();
	if (!strcmp(tls_version, "1.2"))
	  return TLSv1_2_method();

	LOG_ERROR("Unable to recognize tls_version.");
	return 0;
}
Esempio n. 25
0
int mosquitto_ssl_set(struct mosquitto *mosq, const char *pemfile, const char *password)
{
#ifdef WITH_SSL
	if(!mosq || mosq->ssl) return MOSQ_ERR_INVAL; //FIXME

	mosq->ssl = _mosquitto_malloc(sizeof(struct _mosquitto_ssl));
	if(!mosq->ssl) return MOSQ_ERR_NOMEM;

	mosq->ssl->ssl_ctx = SSL_CTX_new(TLSv1_method());
	if(!mosq->ssl->ssl_ctx) return MOSQ_ERR_SSL;

	mosq->ssl->ssl = SSL_new(mosq->ssl->ssl_ctx);

	return MOSQ_ERR_SUCCESS;
#else
	return MOSQ_ERR_NOT_SUPPORTED;
#endif
}
Esempio n. 26
0
static const SSL_METHOD *swSSL_get_method(int method)
{
    switch (method)
    {
    case SW_SSLv3_METHOD:
        return SSLv3_method();
    case SW_SSLv3_SERVER_METHOD:
        return SSLv3_server_method();
    case SW_SSLv3_CLIENT_METHOD:
        return SSLv3_client_method();
    case SW_SSLv23_SERVER_METHOD:
        return SSLv23_server_method();
    case SW_SSLv23_CLIENT_METHOD:
        return SSLv23_client_method();
    case SW_TLSv1_METHOD:
        return TLSv1_method();
    case SW_TLSv1_SERVER_METHOD:
        return TLSv1_server_method();
    case SW_TLSv1_CLIENT_METHOD:
        return TLSv1_client_method();
    case SW_TLSv1_1_METHOD:
        return TLSv1_1_method();
    case SW_TLSv1_1_SERVER_METHOD:
        return TLSv1_1_server_method();
    case SW_TLSv1_1_CLIENT_METHOD:
        return TLSv1_1_client_method();
    case SW_TLSv1_2_METHOD:
        return TLSv1_2_method();
    case SW_TLSv1_2_SERVER_METHOD:
        return TLSv1_2_server_method();
    case SW_TLSv1_2_CLIENT_METHOD:
        return TLSv1_2_client_method();
    case SW_DTLSv1_METHOD:
        return DTLSv1_method();
    case SW_DTLSv1_SERVER_METHOD:
        return DTLSv1_server_method();
    case SW_DTLSv1_CLIENT_METHOD:
        return DTLSv1_client_method();
    case SW_SSLv23_METHOD:
    default:
        return SSLv23_method();
    }
    return SSLv23_method();
}
Esempio n. 27
0
/*
 * initialize ssl methods
 */
static void
init_ssl_methods(void)
{
	LM_DBG("entered\n");

	ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method();
	ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method();
	ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method();

	ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method();
	ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method();
	ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method();

#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method();
	ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method();
	ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method();
#endif
}
Esempio n. 28
0
static SSL_METHOD *ssl23_get_method(int ver)
	{
#ifndef OPENSSL_NO_SSL2
	if (ver == SSL2_VERSION)
		return(SSLv2_method());
	else
#endif
#ifndef OPENSSL_NO_SSL3
	if (ver == SSL3_VERSION)
		return(SSLv3_method());
	else
#endif
#ifndef OPENSSL_NO_TLS1
	if (ver == TLS1_VERSION)
		return(TLSv1_method());
	else
#endif
		return(NULL);
	}
Esempio n. 29
0
void
get_highest_preference_tls_cipher (char *buf, int size)
{
  SSL_CTX *ctx;
  SSL *ssl;
  const char *cipher_name;

  ctx = SSL_CTX_new (TLSv1_method ());
  if (!ctx)
    msg (M_SSLERR, "Cannot create SSL_CTX object");
  ssl = SSL_new (ctx);
  if (!ssl)
    msg (M_SSLERR, "Cannot create SSL object");

  cipher_name = SSL_get_cipher_list (ssl, 0);
  strncpynt (buf, cipher_name, size);

  SSL_free (ssl);
  SSL_CTX_free (ctx);
}
Esempio n. 30
0
/*
 * initialize ssl methods 
 */
static void
init_ssl_methods(void)
{
	DBG("init_methods: Entered\n");
	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
	ssl_methods[TLS_USE_SSLv2 - 1] = SSLv2_method();
	
	ssl_methods[TLS_USE_SSLv3_cli - 1] = SSLv3_client_method();
	ssl_methods[TLS_USE_SSLv3_srv - 1] = SSLv3_server_method();
	ssl_methods[TLS_USE_SSLv3 - 1] = SSLv3_method();
	
	ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method();
	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
	
	ssl_methods[TLS_USE_SSLv23_cli - 1] = SSLv23_client_method();
	ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method();
	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
}