const SSL_METHOD * hb_ssl_method_id_to_ptr( int n ) { const SSL_METHOD * p; switch( n ) { #if OPENSSL_VERSION_NUMBER < 0x10000000L case HB_SSL_CTX_NEW_METHOD_SSLV2: p = SSLv2_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER: p = SSLv2_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT: p = SSLv2_client_method(); break; #endif case HB_SSL_CTX_NEW_METHOD_SSLV3: p = SSLv3_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER: p = SSLv3_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT: p = SSLv3_client_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1: p = TLSv1_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER: p = TLSv1_server_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT: p = TLSv1_client_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23: p = SSLv23_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break; default: p = SSLv23_method(); } return p; }
static const SSL_METHOD *tls1_get_method(int ver) { if (ver == TLS1_VERSION) return(TLSv1_method()); else return(NULL); }
void ContextImpl::setProtocol(Protocol protocol) { bool v2 = false; switch(protocol) { case SSLv2: // SSLv2_method is not available everywhere (check OPENSSL_NO_SSL2) SSL_CTX_set_ssl_version(_ctx, SSLv23_method() ); v2 = true; break; case SSLv3or2: SSL_CTX_set_ssl_version( _ctx, SSLv23_method() ); v2 = true; break; default: case SSLv3: SSL_CTX_set_ssl_version( _ctx, SSLv3_method() ); break; case TLSv1: SSL_CTX_set_ssl_version( _ctx, TLSv1_method() ); break; } _protocol = protocol; const char* ciphers = v2 ? "ALL:!aNULL:!eNULL" : "ALL:!aNULL:!eNULL:!SSLv2"; SSL_CTX_set_cipher_list(_ctx, ciphers); }
/* ** ctx = ssl.context.new("sslv23/sslv3/tlsv1") */ static int l_new(lua_State *L) { const char *str = luaL_checkstring(L, 1); SSL_METHOD *method; SSL_CTX *ctx; if (strcasecmp(str, "sslv3") == 0) method = SSLv3_method(); else if (strcasecmp(str, "sslv23") == 0) method = SSLv23_method(); else if (strcasecmp(str, "tlsv1") == 0) method = TLSv1_method(); else luaL_error(L, "invalid arugment #1, should be sslv3/sslv23/tlsv1"); ctx = SSL_CTX_new(method); if (ctx != NULL) { Object *obj = (Object*)lua_newuserdata(L, sizeof(Object)); obj->ctx = ctx; luaL_getmetatable(L, META_NAME); lua_setmetatable(L, -2); } else { lua_pushnil(L); } return 1; }
static const SSL_METHOD *tls1_get_method(int ver) { if (ver == TLS1_1_VERSION) return TLSv1_1_method(); if (ver == TLS1_VERSION) return TLSv1_method(); return NULL; }
void Context::createSSLContext() { if (SSLManager::isFIPSEnabled()) { _pSSLContext = SSL_CTX_new(TLSv1_method()); } else { switch (_usage) { case CLIENT_USE: _pSSLContext = SSL_CTX_new(SSLv23_client_method()); break; case SERVER_USE: _pSSLContext = SSL_CTX_new(SSLv23_server_method()); break; #if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1) case TLSV1_CLIENT_USE: _pSSLContext = SSL_CTX_new(TLSv1_client_method()); break; case TLSV1_SERVER_USE: _pSSLContext = SSL_CTX_new(TLSv1_server_method()); break; #endif #if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1) /* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1. * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line * if TLS1.x was removed at OpenSSL library build time via Configure options. */ case TLSV1_1_CLIENT_USE: _pSSLContext = SSL_CTX_new(TLSv1_1_client_method()); break; case TLSV1_1_SERVER_USE: _pSSLContext = SSL_CTX_new(TLSv1_1_server_method()); break; #endif #if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1) case TLSV1_2_CLIENT_USE: _pSSLContext = SSL_CTX_new(TLSv1_2_client_method()); break; case TLSV1_2_SERVER_USE: _pSSLContext = SSL_CTX_new(TLSv1_2_server_method()); break; #endif default: throw Poco::InvalidArgumentException("Invalid or unsupported usage"); } } if (!_pSSLContext) { unsigned long err = ERR_get_error(); throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0)); } SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback); Utility::clearErrorStack(); SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL); }
/** * Find the protocol. */ static LSEC_SSL_METHOD* str2method(const char *method) { if (!strcmp(method, "sslv23")) return SSLv23_method(); if (!strcmp(method, "sslv3")) return SSLv3_method(); if (!strcmp(method, "tlsv1")) return TLSv1_method(); #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method(); if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method(); #endif return NULL; }
static SSL_METHOD *ssl23_get_method(int ver) { if (ver == SSL2_VERSION) return(SSLv2_method()); else if (ver == SSL3_VERSION) return(SSLv3_method()); else if (ver == TLS1_VERSION) return(TLSv1_method()); else return(NULL); }
// nassl.SSL_CTX.new() static PyObject* nassl_SSL_CTX_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { nassl_SSL_CTX_Object *self; int sslVersion; SSL_CTX *sslCtx; self = (nassl_SSL_CTX_Object *)type->tp_alloc(type, 0); if (self == NULL) return NULL; self->sslCtx = NULL; self->pkeyPasswordBuf = NULL; if (!PyArg_ParseTuple(args, "I", &sslVersion)) { Py_DECREF(self); return NULL; } switch (sslVersion) { case sslv23: sslCtx = SSL_CTX_new(SSLv23_method()); break; case sslv2: sslCtx = SSL_CTX_new(SSLv2_method()); break; case sslv3: sslCtx = SSL_CTX_new(SSLv3_method()); break; case tlsv1: sslCtx = SSL_CTX_new(TLSv1_method()); break; case tlsv1_1: sslCtx = SSL_CTX_new(TLSv1_1_method()); break; case tlsv1_2: sslCtx = SSL_CTX_new(TLSv1_2_method()); break; default: PyErr_SetString(PyExc_ValueError, "Invalid value for ssl version"); Py_DECREF(self); return NULL; } if (sslCtx == NULL) { raise_OpenSSL_error(); Py_DECREF(self); return NULL; } // Add the client certificate callback SSL_CTX_set_client_cert_cb(sslCtx, client_cert_cb); self->sslCtx = sslCtx; return (PyObject *)self; }
static const SSL_METHOD * ssl23_get_method(int ver) { if (ver == SSL3_VERSION) return (SSLv3_method()); if (ver == TLS1_VERSION) return (TLSv1_method()); if (ver == TLS1_1_VERSION) return (TLSv1_1_method()); if (ver == TLS1_2_VERSION) return (TLSv1_2_method()); return (NULL); }
static const SSL_METHOD *swSSL_get_method(int method) { switch (method) { #ifndef OPENSSL_NO_SSL3_METHOD case SW_SSLv3_METHOD: return SSLv3_method(); case SW_SSLv3_SERVER_METHOD: return SSLv3_server_method(); case SW_SSLv3_CLIENT_METHOD: return SSLv3_client_method(); #endif case SW_SSLv23_SERVER_METHOD: return SSLv23_server_method(); case SW_SSLv23_CLIENT_METHOD: return SSLv23_client_method(); case SW_TLSv1_METHOD: return TLSv1_method(); case SW_TLSv1_SERVER_METHOD: return TLSv1_server_method(); case SW_TLSv1_CLIENT_METHOD: return TLSv1_client_method(); #ifdef TLS1_1_VERSION case SW_TLSv1_1_METHOD: return TLSv1_1_method(); case SW_TLSv1_1_SERVER_METHOD: return TLSv1_1_server_method(); case SW_TLSv1_1_CLIENT_METHOD: return TLSv1_1_client_method(); #endif #ifdef TLS1_2_VERSION case SW_TLSv1_2_METHOD: return TLSv1_2_method(); case SW_TLSv1_2_SERVER_METHOD: return TLSv1_2_server_method(); case SW_TLSv1_2_CLIENT_METHOD: return TLSv1_2_client_method(); #endif case SW_DTLSv1_METHOD: return DTLSv1_method(); case SW_DTLSv1_SERVER_METHOD: return DTLSv1_server_method(); case SW_DTLSv1_CLIENT_METHOD: return DTLSv1_client_method(); case SW_SSLv23_METHOD: default: return SSLv23_method(); } return SSLv23_method(); }
P_ST_TLS_STRUCT st_tls_create_ctx(P_ST_TLS_STRUCT p_st_tls) { P_SSL_CTX p_ctx = NULL; OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); SSL_library_init(); //SSL_library_init() always returns "1" tls_rand_seed(); if ( p_st_tls->work_status == WORK_SERVER ) { st_print("Initialize with TLSv1_server_method() \n"); RET_NULL_IF_TRUE_S(!(p_ctx = SSL_CTX_new(TLSv1_server_method()))); } else if ( p_st_tls->work_status == WORK_CLIENT ) { st_print("Initialize with TLSv1_client_method() \n"); RET_NULL_IF_TRUE_S(!(p_ctx = SSL_CTX_new(TLSv1_client_method()))); } else { st_print("Initialize with TLSv1_method() \n"); RET_NULL_IF_TRUE_S(!(p_ctx = SSL_CTX_new(TLSv1_method()))); } //SSL_CTX_set_default_passwd_cb(p_ctx, no_passphrase_callback); SSL_CTX_set_mode(p_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); if ( strlen(p_st_tls->ca_file) ) { RET_NULL_IF_TRUE_S( !SSL_CTX_load_verify_locations(p_ctx, p_st_tls->ca_file, NULL)); } else { st_print("No CAfile Verify!\n"); } RET_NULL_IF_TRUE_S( !SSL_CTX_use_PrivateKey_file(p_ctx, p_st_tls->key_file, SSL_FILETYPE_PEM)); RET_NULL_IF_TRUE_S( !SSL_CTX_use_certificate_chain_file(p_ctx, p_st_tls->cert_file)); // 判定私钥是否正确 RET_NULL_IF_TRUE_S( !SSL_CTX_check_private_key(p_ctx)); p_st_tls->p_ctx = p_ctx; return p_st_tls; }
int TlsInit( char* cacertPath ) { e_TlsError vl_Error; char a_DefaultCertPath[] = DEFAULT_CERT_PATH; char *p_CertToUse; DEBUG_LOG_PRINT_LEV2(("TlsInit : Entry")); SSL_load_error_strings(); SSL_library_init(); gp_SSL_CTX = SSL_CTX_new(TLSv1_method()); if( NULL == gp_SSL_CTX ) { DEBUG_LOG_PRINT_LEV2(("SSL_CTX_new returned NULL!\n")); return FALSE; } if ( SSL_CTX_set_cipher_list(gp_SSL_CTX, DEFAULT_CIPHER_LIST ) != 1 ) { DEBUG_LOG_PRINT_LEV2(("SSL_CTX_set_cipher_list returned NULL!\n")); SSL_CTX_free(gp_SSL_CTX); return FALSE; // ERROR selecting SUPL cipher list } SSL_CTX_set_info_callback(gp_SSL_CTX, Tls_openssl_info_callback); #ifdef AGPS_DISABLE_TLS_CA_CERT_VERIFY /* In this mode, even if a CA cert is not found, a secure connection is established */ SSL_CTX_set_verify( gp_SSL_CTX , SSL_VERIFY_NONE , NULL ); #else /* If a CA cert is not found matching the server certificate, the handshake is shutdown */ SSL_CTX_set_verify( gp_SSL_CTX , SSL_VERIFY_PEER , Tls_openssl_certificate_verify_callback ); #endif p_CertToUse = ( cacertPath == NULL ) ? a_DefaultCertPath : cacertPath; DEBUG_LOG_PRINT_LEV2(("TlsInit : Certificate %s\n" , p_CertToUse)); if( SSL_CTX_load_verify_locations(gp_SSL_CTX, p_CertToUse ,NULL) != 1 ) { DEBUG_LOG_PRINT_LEV2(("SSL_CTX_load_verify_locations failed!\n")); return FALSE; } DEBUG_LOG_PRINT_LEV2(("SSL_CTX_get_options : %ld" , SSL_CTX_get_options( gp_SSL_CTX ) )); SSL_CTX_set_options( gp_SSL_CTX,SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) ; DEBUG_LOG_PRINT_LEV2(("SSL_CTX_get_options : %ld" , SSL_CTX_get_options( gp_SSL_CTX ) )); DEBUG_LOG_PRINT_LEV2(("TlsInit : Exit")); return TRUE; }
static SSLTransport * _ssl_init(AppTransportPluginHelper * helper, AppTransportMode mode, char const * name) { SSLTransport * ssl; int res; #ifdef DEBUG fprintf(stderr, "DEBUG: %s(%u, \"%s\")\n", __func__, mode, name); #endif if((ssl = object_new(sizeof(*ssl))) == NULL) return NULL; memset(ssl, 0, sizeof(*ssl)); ssl->helper = helper; if((ssl->ssl_ctx = SSL_CTX_new(TLSv1_method())) == NULL || SSL_CTX_set_cipher_list(ssl->ssl_ctx, SSL_DEFAULT_CIPHER_LIST) != 1 || SSL_CTX_load_verify_locations(ssl->ssl_ctx, NULL, "/etc/openssl/certs") != 1) /* FIXME report the underlying error */ res = -error_set_code(1, "Could not initialize SSL"); else switch((ssl->mode = mode)) { case ATM_CLIENT: res = _init_client(ssl, name); break; case ATM_SERVER: res = _init_server(ssl, name); break; default: res = -error_set_code(1, "Unknown transport mode"); break; } /* check for errors */ if(res != 0) { #ifdef DEBUG fprintf(stderr, "DEBUG: %s() => %d (%s)\n", __func__, res, error_get(NULL)); #endif _ssl_destroy(ssl); return NULL; } #if 0 /* XXX may be useful */ SSL_CTX_set_mode(ssl->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); #endif return ssl; }
/** * Initializes an SSL context using the specified certificates. * * @param pubkey The public key. * @param privkey The matching private key. * @param cakey CA certificate chain file. * @returns An SSL context. */ shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey) { InitializeOpenSSL(); shared_ptr<SSL_CTX> sslContext = shared_ptr<SSL_CTX>(SSL_CTX_new(TLSv1_method()), SSL_CTX_free); SSL_CTX_set_mode(sslContext.get(), 0); if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) { BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_use_certificate_chain_file") << errinfo_openssl_error(ERR_get_error()) << boost::errinfo_file_name(pubkey)); } if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) { BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_use_PrivateKey_file") << errinfo_openssl_error(ERR_get_error()) << boost::errinfo_file_name(privkey)); } if (!SSL_CTX_check_private_key(sslContext.get())) { BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_check_private_key") << errinfo_openssl_error(ERR_get_error())); } if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) { BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_load_verify_locations") << errinfo_openssl_error(ERR_get_error()) << boost::errinfo_file_name(cakey)); } STACK_OF(X509_NAME) *cert_names; cert_names = SSL_load_client_CA_file(cakey.CStr()); if (cert_names == NULL) { BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_load_client_CA_file") << errinfo_openssl_error(ERR_get_error()) << boost::errinfo_file_name(cakey)); } SSL_CTX_set_client_CA_list(sslContext.get(), cert_names); return sslContext; }
static const SSL_METHOD *ssl23_get_method(int ver) { #ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return (SSLv3_method()); else #endif if (ver == TLS1_VERSION) return (TLSv1_method()); else if (ver == TLS1_1_VERSION) return (TLSv1_1_method()); else if (ver == TLS1_2_VERSION) return (TLSv1_2_method()); else return (NULL); }
static void init() { if (gSSL_CTX) return; SSL_load_error_strings(); SSL_library_init(); gSSL_CTX = SSL_CTX_new(TLSv1_method()); #if OPENSSL_VERSION_NUMBER >= 0x00905000L SSL_CTX_set_cipher_list(gSSL_CTX, "ADH:@STRENGTH"); #else SSL_CTX_set_cipher_list(gSSL_CTX, "ADH"); #endif SSL_CTX_set_info_callback(gSSL_CTX, (void (*)())ssl_info_callback); DH *dh = get_dh512(); SSL_CTX_set_tmp_dh(gSSL_CTX, dh); DH_free(dh); }
static int handshake (struct stream_data *data) { int ret; int finished; SSL_library_init(); SSL_load_error_strings(); data->ssl_ctx = SSL_CTX_new(TLSv1_method()); if(!data->ssl_ctx) return IKS_NOMEM; data->ssl = SSL_new(data->ssl_ctx); if(!data->ssl) return IKS_NOMEM; if( SSL_set_fd(data->ssl, (int)(intptr_t)data->sock) != 1 ) return IKS_NOMEM; /* Set both the read and write BIO's to non-blocking mode */ BIO_set_nbio(SSL_get_rbio(data->ssl), 1); BIO_set_nbio(SSL_get_wbio(data->ssl), 1); finished = 0; do { ret = SSL_connect(data->ssl); if( ret != 1 ) { if( wait_for_data(data, ret, 1) != IKS_OK ) { finished = 1; SSL_free(data->ssl); } } } while( ret != 1 && finished != 1 ); if( ret == 1 ) { data->flags &= (~SF_TRY_SECURE); data->flags |= SF_SECURE; iks_send_header (data->prs, data->server); } return ret == 1 ? IKS_OK : IKS_NET_TLSFAIL; }
static const SSL_METHOD *tls1_get_method(int ver) { if (ver == TLS_ANY_VERSION) return TLS_method(); if (ver == TLS1_2_VERSION) return TLSv1_2_method(); if (ver == TLS1_1_VERSION) return TLSv1_1_method(); if (ver == TLS1_VERSION) return TLSv1_method(); #ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return (SSLv3_method()); else #endif return NULL; }
MMGSSLConnection::MMGSSLConnection(const std::string& hostname, const unsigned short port, const std::string& certsPath, const std::string& certFile, const std::string& keyFile, const std::string& keyPassword) { this->_hostname = hostname; this->_port = port; this->_certsPath = certsPath; this->_certFile = certFile; this->_keyFile = keyFile; this->_keyPassword = keyPassword; this->_socket = -1; this->_hostent = NULL; this->_sslCtx = NULL; this->_ssl = NULL; this->_serverCert = NULL; this->_privateKey = NULL; // Choose a SSL/TLS protocol version this->_sslMethod = (SSL_METHOD*)TLSv1_method(); }
int neo4j_openssl_init(void) { SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); int num_locks = CRYPTO_num_locks(); thread_locks = calloc(num_locks, sizeof(neo4j_mutex_t)); if (thread_locks == NULL) { return -1; } for (int i = 0; i < num_locks; i++) { int err = neo4j_mutex_init(&(thread_locks[i])); if (err) { for (; i > 0; --i) { neo4j_mutex_destroy(&(thread_locks[i-1])); } free(thread_locks); errno = err; return -1; } } if (CRYPTO_get_locking_callback() == NULL) { CRYPTO_set_locking_callback(locking_callback); CRYPTO_set_id_callback(neo4j_current_thread_id); } SSL_CTX *ctx = SSL_CTX_new(TLSv1_method()); if (ctx == NULL) { errno = openssl_error(NULL, NEO4J_LOG_ERROR, __FILE__, __LINE__); return -1; } SSL_CTX_free(ctx); return 0; }
int easyssl_setup(EASYSSL *ctx) { SSL_load_error_strings(); if(SSL_library_init() != 1) { printf("Error: SSL lib init failure\n"); return -SSL_ERR_INIT; } if((ctx->ctx = SSL_CTX_new(SSLv3_method())) == NULL) { printf("Create SSLv3 failure\n"); if((ctx->ctx = SSL_CTX_new(TLSv1_method())) == NULL) { printf("Create TLSv1 failure\n"); return -SSL_ERR_TLS; } } if(ctx->cert_auth == 0){ SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_NONE, NULL); }else{ SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER, easyssl_ca_verify_cb); SSL_CTX_set_verify_depth(ctx->ctx, EASYSSL_DEPTH); if(SSL_CTX_load_verify_locations(ctx->ctx, ctx->cert_path, NULL) != 1) { return -SSL_ERR_CERT; } } SSL_CTX_set_default_passwd_cb_userdata(ctx->ctx, ctx->passwd); if(SSL_CTX_use_certificate_chain_file(ctx->ctx, ctx->cert_path) == 1){ printf("Load certificate success\n"); } if(SSL_CTX_use_PrivateKey_file(ctx->ctx, ctx->pkey_path, SSL_FILETYPE_PEM) == 1) { printf("Load private key success\n"); } if(SSL_CTX_check_private_key(ctx->ctx) == 1) { printf("Check private key success\n"); } if((ctx->ssl = SSL_new(ctx->ctx)) == NULL) { printf("Error: create SSL failure\n"); return -SSL_ERR_NEW; } if(SSL_set_fd(ctx->ssl, ctx->fd) != 1) { printf("Error: set SSL fd failure\n"); } if(SSL_connect(ctx->ssl) != 1) { return -SSL_ERR_CONN; } printf("Connected to SSL success\n"); return SSL_ERR_SUCCESS; }
int ssl_connect(int sock, SSL ** ssl_con) { SSL_METHOD *meth; SSL_CTX *ctx; SSL_library_init(); SSL_load_error_strings(); meth = (SSL_METHOD *) TLSv1_method(); ctx = SSL_CTX_new(meth); *ssl_con = SSL_new(ctx); SSL_set_fd(*ssl_con, sock); if (SSL_connect(*ssl_con) <= 0) return -1; return 0; }
static const SSL_METHOD* get_ssl_method(const char* tls_version) { if (!tls_version || !*tls_version) { LOG_ERROR("tls_version is not set."); return 0; } if (!strcmp(tls_version, "1.0")) return TLSv1_method(); if (!strcmp(tls_version, "1.1")) return TLSv1_1_method(); if (!strcmp(tls_version, "1.2")) return TLSv1_2_method(); LOG_ERROR("Unable to recognize tls_version."); return 0; }
int mosquitto_ssl_set(struct mosquitto *mosq, const char *pemfile, const char *password) { #ifdef WITH_SSL if(!mosq || mosq->ssl) return MOSQ_ERR_INVAL; //FIXME mosq->ssl = _mosquitto_malloc(sizeof(struct _mosquitto_ssl)); if(!mosq->ssl) return MOSQ_ERR_NOMEM; mosq->ssl->ssl_ctx = SSL_CTX_new(TLSv1_method()); if(!mosq->ssl->ssl_ctx) return MOSQ_ERR_SSL; mosq->ssl->ssl = SSL_new(mosq->ssl->ssl_ctx); return MOSQ_ERR_SUCCESS; #else return MOSQ_ERR_NOT_SUPPORTED; #endif }
static const SSL_METHOD *swSSL_get_method(int method) { switch (method) { case SW_SSLv3_METHOD: return SSLv3_method(); case SW_SSLv3_SERVER_METHOD: return SSLv3_server_method(); case SW_SSLv3_CLIENT_METHOD: return SSLv3_client_method(); case SW_SSLv23_SERVER_METHOD: return SSLv23_server_method(); case SW_SSLv23_CLIENT_METHOD: return SSLv23_client_method(); case SW_TLSv1_METHOD: return TLSv1_method(); case SW_TLSv1_SERVER_METHOD: return TLSv1_server_method(); case SW_TLSv1_CLIENT_METHOD: return TLSv1_client_method(); case SW_TLSv1_1_METHOD: return TLSv1_1_method(); case SW_TLSv1_1_SERVER_METHOD: return TLSv1_1_server_method(); case SW_TLSv1_1_CLIENT_METHOD: return TLSv1_1_client_method(); case SW_TLSv1_2_METHOD: return TLSv1_2_method(); case SW_TLSv1_2_SERVER_METHOD: return TLSv1_2_server_method(); case SW_TLSv1_2_CLIENT_METHOD: return TLSv1_2_client_method(); case SW_DTLSv1_METHOD: return DTLSv1_method(); case SW_DTLSv1_SERVER_METHOD: return DTLSv1_server_method(); case SW_DTLSv1_CLIENT_METHOD: return DTLSv1_client_method(); case SW_SSLv23_METHOD: default: return SSLv23_method(); } return SSLv23_method(); }
/* * initialize ssl methods */ static void init_ssl_methods(void) { LM_DBG("entered\n"); ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); #if OPENSSL_VERSION_NUMBER >= 0x10001000L ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); #endif }
static SSL_METHOD *ssl23_get_method(int ver) { #ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_method()); else #endif #ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_method()); else #endif #ifndef OPENSSL_NO_TLS1 if (ver == TLS1_VERSION) return(TLSv1_method()); else #endif return(NULL); }
void get_highest_preference_tls_cipher (char *buf, int size) { SSL_CTX *ctx; SSL *ssl; const char *cipher_name; ctx = SSL_CTX_new (TLSv1_method ()); if (!ctx) msg (M_SSLERR, "Cannot create SSL_CTX object"); ssl = SSL_new (ctx); if (!ssl) msg (M_SSLERR, "Cannot create SSL object"); cipher_name = SSL_get_cipher_list (ssl, 0); strncpynt (buf, cipher_name, size); SSL_free (ssl); SSL_CTX_free (ctx); }
/* * initialize ssl methods */ static void init_ssl_methods(void) { DBG("init_methods: Entered\n"); ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method(); ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method(); ssl_methods[TLS_USE_SSLv2 - 1] = SSLv2_method(); ssl_methods[TLS_USE_SSLv3_cli - 1] = SSLv3_client_method(); ssl_methods[TLS_USE_SSLv3_srv - 1] = SSLv3_server_method(); ssl_methods[TLS_USE_SSLv3 - 1] = SSLv3_method(); ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method(); ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method(); ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method(); ssl_methods[TLS_USE_SSLv23_cli - 1] = SSLv23_client_method(); ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method(); ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method(); }