int sock_SSL_connect(SSL **ssl_con, int sockfd) { int ssl_err; SSL_CTX *ssl_ctx = NULL; ssl_ctx = SSL_CTX_new(SSLv3_client_method()); if(!ssl_ctx) { net_log(NET_LOG_ERR, "sock_SSL_connect: !ssl_ctx\n"); return WSOCK_ERROR; } *ssl_con = SSL_new(ssl_ctx); if(!(*ssl_con)) { net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_new() failed.\n"); SSL_CTX_free(ssl_ctx); return WSOCK_ERROR; } SSL_set_fd (*ssl_con, sockfd); SSL_set_connect_state(*ssl_con); ssl_err = SSL_connect(*ssl_con); if(ssl_err < 0) SSL_set_shutdown(*ssl_con,SSL_SENT_SHUTDOWN); if(ssl_err <= 0) { net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_connect() failed.\n"); SSL_free(*ssl_con); SSL_CTX_free(ssl_ctx); return WSOCK_ERROR; } return WSOCK_OK; }
SfRequestContext::SfRequestContext() { mUserAgent = MakeUserAgent().c_str(); set_net_log(new SfNetLog()); set_host_resolver( net::CreateSystemHostResolver( net::HostResolver::kDefaultParallelism, NULL /* resolver_proc */, net_log())); set_ssl_config_service( net::SSLConfigService::CreateSystemSSLConfigService()); mProxyConfigService = new net::ProxyConfigServiceAndroid; set_proxy_service(net::ProxyService::CreateWithoutProxyResolver( mProxyConfigService, net_log())); set_http_transaction_factory(new net::HttpCache( host_resolver(), new net::CertVerifier(), dnsrr_resolver(), dns_cert_checker(), proxy_service(), ssl_config_service(), net::HttpAuthHandlerFactory::CreateDefault(host_resolver()), network_delegate(), net_log(), NULL)); // backend_factory set_cookie_store(new net::CookieMonster(NULL, NULL)); }
int Sock_socketpair(Sock *pair[]) { int sdpair[2], i, res; if (!pair) return -1; if ((res = socketpair(AF_UNIX, SOCK_DGRAM, 0, sdpair)) < 0) { net_log(NET_LOG_ERR, "Sock_socketpair() failure.\n"); return res; } if (!(pair[0] = calloc(1, sizeof(Sock)))) { net_log(NET_LOG_FATAL, "Unable to allocate first Sock struct in Sock_socketpair().\n"); close (sdpair[0]); close (sdpair[1]); return -1; } if (!(pair[1] = calloc(1, sizeof(Sock)))) { net_log(NET_LOG_FATAL, "Unable to allocate second Sock struct in Sock_socketpair().\n"); close (sdpair[0]); close (sdpair[1]); free(pair[0]); return -1; } for (i = 0; i < 2; i++) { pair[i]->fd = sdpair[i]; pair[i]->socktype = LOCAL; } return res; }
/** * It initializes the global context ssl * @param : path of the server certificate * @param : cert verification mode @see SSL_CTX_set_verify * @return: 0 on success; */ SSL_CTX * Sock_init_ctx(char *key, char * cafile, char * capath) { SSL_CTX *global_ctx = NULL; char cipher[] = "ALL:eNULL"; int s_server_session_id_context = 1; SSL_METHOD *method; SSL_load_error_strings(); SSL_library_init(); method = SSLv23_method(); global_ctx = SSL_CTX_new(method); if(!global_ctx) { net_log(NET_LOG_ERR,"Creation of a new SSL_CTX object failed"); return NULL; } /* Loads a certificate chain from file into ctx */ if(!(SSL_CTX_use_certificate_chain_file(global_ctx,key))) { net_log(NET_LOG_ERR,"Failure in reading certificate file"); return NULL; } /* Adds the first private key found in file to ctx */ if(!(SSL_CTX_use_PrivateKey_file(global_ctx,key,SSL_FILETYPE_PEM))) { net_log(NET_LOG_ERR,"Failure in reading key file"); return NULL; } /* Set default locations for trusted CA certificates */ if(!(SSL_CTX_load_verify_locations(global_ctx, cafile, capath))) { net_log(NET_LOG_ERR,"Failure in reading CA list"); return NULL; } /* Set context within which session can be reused */ SSL_CTX_set_session_id_context(global_ctx, (void*)&s_server_session_id_context, sizeof(s_server_session_id_context)); /* Choose list of available SSL_CIPHER */ SSL_CTX_set_cipher_list(global_ctx,cipher); /* Manipulate SSL engine options */ //SSL_CTX_set_options(ctx,SSL_OP_ALL); SSL_CTX_set_verify(global_ctx,SSL_VERIFY_PEER,0); return global_ctx; }
SfRequestContext::SfRequestContext() { #ifndef ANDROID_DEFAULT_CODE mWapProfile = ""; mUserAgent = ""; initStreamingInfo(); #else mUserAgent = MakeUserAgent().c_str(); #endif set_net_log(new SfNetLog()); set_host_resolver( net::CreateSystemHostResolver( net::HostResolver::kDefaultParallelism, NULL /* resolver_proc */, net_log())); set_ssl_config_service( net::SSLConfigService::CreateSystemSSLConfigService()); #ifdef HTTP_STREAM_SUPPORT_PROXY gProxyConfigService.reset( new (net::ProxyConfigServiceAndroid)); set_proxy_service(net::ProxyService::CreateWithoutProxyResolver( gProxyConfigService.get(), net_log())); #else mProxyConfigService = new net::ProxyConfigServiceAndroid; set_proxy_service(net::ProxyService::CreateWithoutProxyResolver( mProxyConfigService, net_log())); #endif set_http_transaction_factory(new net::HttpCache( host_resolver(), new net::CertVerifier(), dnsrr_resolver(), dns_cert_checker(), proxy_service(), ssl_config_service(), net::HttpAuthHandlerFactory::CreateDefault(host_resolver()), network_delegate(), net_log(), NULL)); // backend_factory set_cookie_store(new net::CookieMonster(NULL, NULL)); }
SSL *SSL_sock_accept(int sockfd, SSL_CTX * global_ctx) { SSL *ssl; ssl = SSL_new(global_ctx); if(!ssl) { net_log(NET_LOG_ERR, "Sock SSL_connect: SSL_new() failed.\n"); return 0; } if((SSL_set_fd(ssl,sockfd))==0) { net_log(NET_LOG_ERR,"Operation failed\n"); return 0; } if((SSL_accept(ssl)<=0)) { net_log(NET_LOG_ERR,"SSL accept error"); return 0; } return(ssl); }
int SSL_close_connection(SSL *ssl, int sockfd) { int exit; exit = SSL_shutdown(ssl); if(!exit) { shutdown(sockfd,SHUT_WR); SSL_shutdown(ssl); } else { net_log(NET_LOG_ERR,"Shutdown failed"); return 0; } SSL_free(ssl); return 1; }
int Sock_set_dest(Sock *s, struct sockaddr *sa) { if (!s) return -1; if (s->socktype != UDP) { net_log(NET_LOG_FATAL, "Only UDP socket can change destination address\n"); return -1; } switch (sa->sa_family) { case AF_INET: memcpy(&(s->remote_stg), sa, sizeof(struct sockaddr_in)); break; case AF_INET6: memcpy(&(s->remote_stg), sa, sizeof(struct sockaddr_in6)); break; default: break; } return 0; }
Sock * Sock_connect(char *host, char *port, Sock *binded, sock_type socktype, sock_flags ssl_flag) { Sock *s; char remote_host[128]; /*Unix Domain is largest*/ char local_host[128]; /*Unix Domain is largest*/ int sockfd = -1; struct sockaddr *sa_p = NULL; socklen_t sa_len = 0; int32_t local_port; int32_t remote_port; #if HAVE_SSL SSL *ssl_con; #endif if(binded) { sockfd = binded->fd; } if (sock_connect(host, port, &sockfd, socktype)) { net_log(NET_LOG_ERR, "Sock_connect() failure.\n"); return NULL; } #if HAVE_SSL if(ssl_flag & IS_SSL) { if (sock_SSL_connect(&ssl_con)) net_log (NET_LOG_ERR, "Sock_connect() failure in SSL init.\n"); sock_close(sockfd); return NULL; } else #endif if (binded) { s = binded; free(s->local_host); s->local_host = NULL; free(s->remote_host); s->remote_host = NULL; } else if (!(s = calloc(1, sizeof(Sock)))) { net_log(NET_LOG_FATAL, "Unable to allocate a Sock struct in Sock_connect().\n"); #if HAVE_SSL if(ssl_flag & IS_SSL) sock_SSL_close(ssl_con); #endif sock_close (sockfd); return NULL; } s->fd = sockfd; s->socktype = socktype; #if HAVE_SSL if(ssl_flag & IS_SSL) s->ssl = ssl_con; #endif s->flags = ssl_flag; sa_p = (struct sockaddr *) &(s->local_stg); sa_len = sizeof(struct sockaddr_storage); if(getsockname(s->fd, sa_p, &sa_len)) { net_log(NET_LOG_ERR, "Unable to get remote port in Sock_connect().\n"); Sock_close(s); return NULL; } if(!sock_ntop_host(sa_p, local_host, sizeof(local_host))) memset(local_host, 0, sizeof(local_host)); if (!(s->local_host = strdup(local_host))) { net_log(NET_LOG_FATAL, "Unable to allocate local host in Sock_connect().\n"); Sock_close(s); return NULL; } local_port = sock_get_port(sa_p); if(local_port < 0) { net_log(NET_LOG_ERR, "Unable to get local port in Sock_connect().\n"); Sock_close(s); return NULL; } else s->local_port = ntohs(local_port); sa_p = (struct sockaddr *) &(s->remote_stg); sa_len = sizeof(struct sockaddr_storage); if(getpeername(s->fd, sa_p, &sa_len)) { net_log(NET_LOG_ERR, "Unable to get remote address in Sock_connect().\n"); Sock_close(s); return NULL; } if(!sock_ntop_host(sa_p, remote_host, sizeof(remote_host))) memset(remote_host, 0, sizeof(remote_host)); if (!(s->remote_host = strdup(remote_host))) { net_log(NET_LOG_FATAL, "Unable to allocate remote host in Sock_connect().\n"); Sock_close(s); return NULL; } remote_port = sock_get_port(sa_p); if(remote_port < 0) { net_log(NET_LOG_ERR, "Unable to get remote port in Sock_connect().\n"); Sock_close(s); return NULL; } else s->remote_port = ntohs(remote_port); net_log(NET_LOG_DEBUG, "Socket connected between local=\"%s\":%u and " "remote=\"%s\":%u.\n", s->local_host, s->local_port, s->remote_host, s->remote_port); if(is_multicast_address(sa_p, s->remote_stg.ss_family)) { //fprintf(stderr,"IS MULTICAST\n"); if(mcast_join(s->fd, sa_p, NULL, 0, &(s->addr))!=0) { Sock_close(s); return NULL; } s->flags |= IS_MULTICAST; } return s; }
/** * Create a new socket accepting a new connection from a listening socket. * @param main Listening socket. * @param octx optional ssl global context * @return the newly allocated Sock */ Sock * Sock_accept(Sock *s, void * octx) { int res = -1; char remote_host[128]; /*Unix Domain is largest*/ char local_host[128]; /*Unix Domain is largest*/ int remote_port = -1; int local_port = -1; Sock *new_s = NULL; struct sockaddr *sa_p = NULL; socklen_t sa_len = 0; #if ENABLE_SSL SSL_CTX * ctx = octx; SSL *ssl_con = NULL; #endif if (!s) return NULL; if ((res = sock_accept(s->fd)) < 0) { net_log(NET_LOG_ERR, "System error in sock_accept().\n"); return NULL; } #if ENABLE_SSL if(ctx) { if( !(ssl_con = SSL_sock_accept(res, ctx)) ) { net_log(NET_LOG_ERR, "Unable to accept SSL connection.\n"); sock_close(res); return NULL; } } #endif if (!(new_s = calloc(1, sizeof(Sock)))) { net_log(NET_LOG_FATAL, "Unable to allocate a Sock struct in Sock_accept().\n"); #if ENABLE_SSL if(ctx) SSL_close_connection(ssl_con, res); #endif sock_close(res); return NULL; } new_s->fd = res; new_s->socktype = s->socktype; new_s->flags = s->flags; #if ENABLE_SSL if(ctx) new_s->ssl = ssl_con; #endif sa_p = (struct sockaddr *) &(new_s->remote_stg); sa_len = sizeof(struct sockaddr_storage); if(getpeername(res, sa_p, &sa_len)) { net_log(NET_LOG_ERR, "Unable to get remote address in Sock_accept().\n"); Sock_close(new_s); return NULL; } if(!sock_ntop_host(sa_p, remote_host, sizeof(remote_host))) memset(remote_host, 0, sizeof(remote_host)); if (!(new_s->remote_host = strdup(remote_host))) { net_log(NET_LOG_FATAL, "Unable to allocate remote host in Sock_accept().\n"); Sock_close(new_s); return NULL; } remote_port = sock_get_port(sa_p); if(remote_port < 0) { net_log(NET_LOG_ERR, "Unable to get remote port in Sock_accept().\n"); Sock_close(new_s); return NULL; } else new_s->remote_port = ntohs(remote_port); sa_p = (struct sockaddr *) &(new_s->remote_stg); sa_len = sizeof(struct sockaddr_storage); if(getsockname(res, sa_p, &sa_len)) { net_log(NET_LOG_ERR, "Unable to get remote port in Sock_accept().\n"); Sock_close(new_s); return NULL; } if(!sock_ntop_host(sa_p, local_host, sizeof(local_host))) memset(local_host, 0, sizeof(local_host)); if (!(new_s->local_host = strdup(local_host))) { net_log(NET_LOG_FATAL, "Unable to allocate local host in Sock_accept().\n"); Sock_close(new_s); return NULL; } local_port = sock_get_port(sa_p); if(local_port < 0) { net_log(NET_LOG_ERR, "Unable to get local port in Sock_accept().\n"); Sock_close(new_s); return NULL; } else new_s->local_port = ntohs(local_port); net_log(NET_LOG_DEBUG, "Socket accepted between local=\"%s\":%u and " "remote=\"%s\":%u.\n", new_s->local_host, new_s->local_port, new_s->remote_host, new_s->remote_port); return new_s; }
Sock * Sock_bind(char const *host, char const *port, Sock *sock, sock_type socktype, void * octx) { Sock *s = NULL; int sockfd = -1; struct sockaddr *sa_p; socklen_t sa_len; char local_host[128]; int local_port; #if ENABLE_SSL if ((octx)) { if(socktype != TCP) { net_log(NET_LOG_ERR, "SSL can't work on this protocol.\n"); return NULL; } } #endif if(sock) { sockfd = sock->fd; } if (sock_bind(host, port, &sockfd, socktype)) { net_log(NET_LOG_ERR, "Error in low level sock_bind().\n"); return NULL; } if (!(s = calloc(1, sizeof(Sock)))) { net_log(NET_LOG_FATAL, "Unable to allocate a Sock struct in Sock_bind().\n"); sock_close(sockfd); return NULL; } s->fd = sockfd; s->socktype = socktype; s->flags = 0; sa_p = (struct sockaddr *)&(s->local_stg); sa_len = sizeof(struct sockaddr_storage); if(getsockname(s->fd, sa_p, &sa_len) < 0) { Sock_close(s); return NULL; } if(!sock_ntop_host(sa_p, local_host, sizeof(local_host))) memset(local_host, 0, sizeof(local_host)); if (!(s->local_host = strdup(local_host))) { net_log(NET_LOG_FATAL, "Unable to allocate local host in Sock_bind().\n"); Sock_close(s); return NULL; } local_port = sock_get_port(sa_p); if(local_port < 0) { net_log(NET_LOG_ERR, "Unable to get local port in Sock_bind().\n"); Sock_close(s); return NULL; } else s->local_port = ntohs(local_port); net_log(NET_LOG_DEBUG, "Socket bound with addr=\"%s\" and port=\"%u\".\n", s->local_host, s->local_port); if(is_multicast_address(sa_p, s->local_stg.ss_family)) { if(mcast_join(s->fd, sa_p)) { Sock_close(s); return NULL; } s->flags |= IS_MULTICAST; } return s; }