static void ssl_init(void)
{
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_library_init();
}
static int apps_startup()
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
CRYPTO_malloc_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
if (!app_load_modules(NULL)) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error loading default configuration\n");
return 0;
}
OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms();
setup_ui_method();
/*SSL_library_init();*/
return 1;
}
int SocketServer::initSSL()
{
int ret;
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
ctx = SSL_CTX_new(SSLv23_server_method());
if (!ctx) {
LOG("SSL_CTX_new fail");
return -1;
}
SSL_CTX_set_default_passwd_cb(ctx, passwd_cb);
ret = SSL_CTX_use_certificate_file(ctx, PEMFILE, SSL_FILETYPE_PEM);
if (ret != 1) {
LOG("SSL_CTX_use_certificate_file %d", ret);
return ret;
}
ret = SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM);
if (ret != 1) {
LOG("SSL_CTX_use_PrivateKey_file %d", ret);
return ret;
}
LOG("%s:initSSL OK", __FUNCTION__);
return 0;
}
void SSL_load_error_strings(void)
{
#ifndef OPENSSL_NO_ERR
ERR_load_crypto_strings();
ERR_load_SSL_strings();
#endif
}
static void
httpsinit(void)
{
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_load_error_strings();
SSL_library_init();
}
splatclient::splatclient(string windowstyle,nCursesWindow *window, string ip, unsigned int port)
{
//SSL stuff
SSL_library_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
// init receive buffer
recv_buff.iMessageid=recv_buff.tSize=0;
memset(&(recv_buff.cMesg), '\0',CHUNK);
sessionID=0;
win=window;
sockfd=-1;
log= new cLogfile("splatclient.log",false);
msgID=0;
server_ip=ip;
server_port=port;
// vParseWindowstyle(windowstyle, window);
if (!win)
{
sLogelement C1(-1, "Keine Windowfunktion übergeben", false);
(*log)<<C1;
exit(1);
}
sLogelement C1(0, "Splatclient erschaffen", true);
(*log)<<C1;
*win<<C1;
if (!bConnect(port, ip))
{
win->windowstack.back()->nCgetwin().~nCursesWindow();
exit(1);
}
else
{
sLogelement C1(-1, "Verbindung hergestellt", true);
*win<<C1;
}
keypad(stdscr,true);
nodelay(win->windowstack.back()->win, true);
if (!iGetsocket())
{
sLogelement t1(-1,"No socket found!",false);//FATAL
*win<<t1;
win->windowstack.back()->nCgetwin().~nCursesWindow();
(*log) << t1;
exit(1);
}
//cFlow_client
bkgactive=true; //still need to be active for ping/pong messages
//MENU
menu=NULL;
vCreateMenu();
bDirty=true;
}
/** Main routine for petal */
int main(int argc, char* argv[])
{
int c;
int port = 443;
char* addr = "127.0.0.1", *key = "petal.key", *cert = "petal.pem";
#ifdef USE_WINSOCK
WSADATA wsa_data;
if((c=WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
{ printf("WSAStartup failed\n"); exit(1); }
atexit((void (*)(void))WSACleanup);
#endif
/* parse the options */
while( (c=getopt(argc, argv, "a:c:k:hp:v")) != -1) {
switch(c) {
case 'a':
addr = optarg;
break;
case 'c':
cert = optarg;
break;
case 'k':
key = optarg;
break;
case 'p':
port = atoi(optarg);
break;
case 'v':
verb++;
break;
case '?':
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
if(argc != 0)
usage();
#ifdef SIGPIPE
(void)signal(SIGPIPE, SIG_IGN);
#endif
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
(void)SSL_library_init();
do_service(addr, port, key, cert);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
ERR_free_strings();
RAND_cleanup();
return 0;
}
void SSL_load_error_strings(void)
{
#ifndef OPENSSL_NO_ERR
//[MS_CHANGE] - added ERR_initialize to zero out global
// variables for soft reboot
ERR_initialize();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
#endif
}
static void ossl_init_load_ssl_strings(void)
{
/*
* OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
* pulling in all the error strings during static linking
*/
#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
"ERR_load_SSL_strings()\n");
# endif
ERR_load_SSL_strings();
#endif
ssl_strings_inited = 1;
}
static void apps_startup()
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
CRYPTO_malloc_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms();
OPENSSL_load_builtin_modules();
setup_ui_method();
/*SSL_library_init();*/
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
}
void openSslInit()
/* do only once */
{
static boolean done = FALSE;
static pthread_mutex_t osiMutex = PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_lock( &osiMutex );
if (!done)
{
SSL_library_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
openssl_pthread_setup();
done = TRUE;
}
pthread_mutex_unlock( &osiMutex );
}
bool BaseSSLProtocol::Initialize(Variant ¶meters) {
//1. Initialize the SSL library
if (!_libraryInitialized) {
//3. This is the first time we use the library. So we have to
//initialize it first
SSL_library_init();
//init readable error messages
SSL_load_error_strings();
ERR_load_SSL_strings();
ERR_load_CRYPTO_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
//initialize the random numbers generator
InitRandGenerator();
_libraryInitialized = true;
}
//2. Initialize the global context
if (!InitGlobalContext(parameters)) {
FATAL("Unable to initialize global context");
return false;
}
//3. create connection SSL context
_pSSL = SSL_new(_pGlobalSSLContext);
if (_pSSL == NULL) {
FATAL("Unable to create SSL connection context");
return false;
}
//4. setup the I/O buffers
SSL_set_bio(_pSSL, BIO_new(BIO_s_mem()), BIO_new(BIO_s_mem()));
return DoHandshake();
}
int main(int argc, char **argv)
{
struct sockaddr_in pulladdr;
struct sockaddr_in pushaddr;
int pullsock;
int pushsock;
int err;
int recovering = 0;
struct arguments args;
struct log *log = NULL;
#ifdef TCPR
int tcprsock;
struct tcpr_ip4 state;
#endif
//OpenSSL
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
/////////
memset(&args, 0, sizeof(args));
parse_arguments(&args, argc, argv);
err = resolve_address(&pulladdr, args.pullhost, args.pullport);
if (err) {
fprintf(stderr, "%s:%s: %s\n", args.pullhost, args.pullport,
gai_strerror(err));
exit(EXIT_FAILURE);
}
err = resolve_address(&pushaddr, args.pushhost, args.pushport);
if (err) {
fprintf(stderr, "%s:%s: %s\n", args.pushhost, args.pushport,
gai_strerror(err));
exit(EXIT_FAILURE);
}
if (!args.port)
args.port = 10000;
#ifdef TCPR
printf("Connecting to TCPR.\n");
tcprsock = connect_to_tcpr(&pulladdr);
if (tcprsock < 0) {
perror("Connecting to TCPR");
exit(EXIT_FAILURE);
}
pulladdr1 = pulladdr;
port1 = args.port;
tcpr_sock = tcprsock;
printf("Waiting for existing master, if any.\n");
if (get_tcpr_state(&state, tcprsock, &pulladdr, args.port) < 0) {
perror("Getting TCPR state");
exit(EXIT_FAILURE);
}
recovering = wait_for_master(&state);
if (recovering) {
printf("Recovering from failed master.\n");
if (claim_tcpr_state(&state, tcprsock, &pulladdr, args.port) < 0) {
perror("Claiming TCPR state");
exit(EXIT_FAILURE);
}
} else {
printf("Creating fresh connection.\n");
}
handle_slaves();
#endif /* TCPR */
printf("Connecting to data source.\n");
pullsock = connect_to_peer(&pulladdr, args.port);
if (pullsock < 0) {
perror("Connecting to data source");
exit(EXIT_FAILURE);
}
printf("Connecting to data sink.\n");
pushsock = connect_to_peer(&pushaddr, 0);
if (pushsock < 0) {
perror("Connecting to data sink");
exit(EXIT_FAILURE);
}
if (args.logprefix) {
printf("Opening log.\n");
log = log_start(args.logprefix, args.logbytes, args.logcount);
}
#ifdef TCPR
if (get_tcpr_state(&state, tcprsock, &pulladdr, args.port) < 0) {
perror("Getting TCPR state");
exit(EXIT_FAILURE);
}
#endif
if (!recovering) {
printf("Sending ID to data source.\n");
if (send(pullsock, args.id, strlen(args.id), 0) < 0) {
perror("Sending session ID");
exit(EXIT_FAILURE);
}
}
get_tcpr_state(&state1, tcpr_sock, &pulladdr1, port1);
get_tcpr_state(&state, tcpr_sock, &pulladdr, args.port);
//BIO_set_callback(sbio,test_write);
//BIO_set_callback(sbio1,test_write);
printf("Copying data from source to sink.\n");
#ifdef TCPR
if (copy_data(&state, log, pullsock, pushsock, tcprsock) < 0) {
#else
if (copy_data(log, pullsock, pushsock) < 0) {
#endif
perror("Copying data");
exit(EXIT_FAILURE);
}
printf("Done.\n");
#ifdef TCPR
close(tcprsock);
#endif
close(pullsock);
close(pushsock);
return EXIT_SUCCESS;
}
struct daemon*
daemon_init(void)
{
struct daemon* daemon = (struct daemon*)calloc(1,
sizeof(struct daemon));
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
#endif
if(!daemon)
return NULL;
#ifdef USE_WINSOCK
r = WSAStartup(MAKEWORD(2,2), &wsa_data);
if(r != 0) {
fatal_exit("could not init winsock. WSAStartup: %s",
wsa_strerror(r));
}
#endif /* USE_WINSOCK */
signal_handling_record();
checklock_start();
#ifdef HAVE_SSL
# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
# endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
ERR_load_SSL_strings();
#endif
# ifdef USE_GOST
(void)sldns_key_EVP_load_gost_id();
# endif
# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
# else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
/* grab the COMP method ptr because openssl leaks it */
comp_meth = (void*)SSL_COMP_get_compression_methods();
# endif
# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
# else
(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
if(!ub_openssl_lock_init())
fatal_exit("could not init openssl locks");
# endif
#elif defined(HAVE_NSS)
if(NSS_NoDB_Init(NULL) != SECSuccess)
fatal_exit("could not init NSS");
#endif /* HAVE_SSL or HAVE_NSS */
#ifdef HAVE_TZSET
/* init timezone info while we are not chrooted yet */
tzset();
#endif
/* open /dev/random if needed */
ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67);
daemon->need_to_exit = 0;
modstack_init(&daemon->mods);
if(!(daemon->env = (struct module_env*)calloc(1,
sizeof(*daemon->env)))) {
free(daemon);
return NULL;
}
/* init edns_known_options */
if(!edns_known_options_init(daemon->env)) {
free(daemon->env);
free(daemon);
return NULL;
}
alloc_init(&daemon->superalloc, NULL, 0);
daemon->acl = acl_list_create();
if(!daemon->acl) {
edns_known_options_delete(daemon->env);
free(daemon->env);
free(daemon);
return NULL;
}
if(gettimeofday(&daemon->time_boot, NULL) < 0)
log_err("gettimeofday: %s", strerror(errno));
daemon->time_last_stat = daemon->time_boot;
if((daemon->env->auth_zones = auth_zones_create()) == 0) {
acl_list_delete(daemon->acl);
edns_known_options_delete(daemon->env);
free(daemon->env);
free(daemon);
return NULL;
}
return daemon;
}
/*
* Initialize SSL sub module
*
* Arguments: None
* Returns: None
*/
void
initSSL(void)
{
static void *ssl_API[ssl_API_pointers];
PyObject *ssl_api_object;
PyObject *module;
SSL_library_init();
ERR_load_SSL_strings();
import_crypto();
if ((module = Py_InitModule3("SSL", ssl_methods, ssl_doc)) == NULL) {
return;
}
/* Initialize the C API pointer array */
ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
if (ssl_api_object != NULL)
PyModule_AddObject(module, "_C_API", ssl_api_object);
/* Exceptions */
/*
* ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
* inserting OpenSSL.SSL.name into dict, derviving the exception from base.
*/
#define ADD_EXCEPTION(_name, _base) \
do { \
ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
if (ssl_##_name == NULL) \
goto error; \
if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
goto error; \
} while (0)
ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
if (ssl_Error == NULL)
goto error;
if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
goto error;
ADD_EXCEPTION(ZeroReturnError, ssl_Error);
ADD_EXCEPTION(WantReadError, ssl_Error);
ADD_EXCEPTION(WantWriteError, ssl_Error);
ADD_EXCEPTION(WantX509LookupError, ssl_Error);
ADD_EXCEPTION(SysCallError, ssl_Error);
#undef ADD_EXCEPTION
/* Method constants */
PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
/* Verify constants */
PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
SSL_VERIFY_CLIENT_ONCE);
/* File type constants */
PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
/* SSL option constants */
PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
/* More SSL option constants */
PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
/* DTLS related options. The first two of these were introduced in
* 2005, the third in 2007. To accomodate systems which are still using
* older versions, make them optional. */
#ifdef SSL_OP_NO_QUERY_MTU
PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU);
#endif
#ifdef SSL_OP_COOKIE_EXCHANGE
PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE);
#endif
#ifdef SSL_OP_NO_TICKET
PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET);
#endif
/* For SSL_set_shutdown */
PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
if (!init_ssl_context(module))
goto error;
if (!init_ssl_connection(module))
goto error;
#ifdef WITH_THREAD
/*
* Initialize this module's threading support structures.
*/
_pyOpenSSL_tstate_key = PyThread_create_key();
#endif
error:
;
}
int main(int argc, char *argv[])
{
SSL_CTX *ctx;
SSL *ssl;
BIO *bio;
int (*callback)(char *, int, int, void *) = &password_callback;
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
printf("Attempting to create SSL context...\n");
ctx = SSL_CTX_new(SSLv3_client_method());
if(ctx == NULL) {
printf("Failed. Aborting.\n");
ERR_print_errors_fp(stdout);
return 0;
}
printf("\nLoading certificates...\n");
SSL_CTX_set_default_passwd_cb(ctx, callback);
if (!SSL_CTX_load_verify_locations(ctx, "./CAtest/cacert.pem", NULL)) {
/* Handle failed load here */
ERR_print_errors_fp(stdout);
exit(1);
}
if (SSL_CTX_use_certificate_file(ctx, "./CAtest/client_cert.pem", SSL_FILETYPE_PEM) != 1) {
//if (SSL_CTX_use_certificate_chain_file(ctx, "./CA/client_cert.pem") != 1) {
/* Handle failed load here */
ERR_print_errors_fp(stdout);
exit(1);
}
if (SSL_CTX_use_PrivateKey_file(ctx, "./CAtest/private/client_key.pem", SSL_FILETYPE_PEM) != 1) {
/* Handle failed load here */
ERR_print_errors_fp(stdout);
exit(1);
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
SSL_CTX_set_verify_depth(ctx, 5);
//SSL_CTX_set_default_passwd_cb(ctx, callback);
printf("Attempting to create BIO object...\n");
bio = BIO_new_ssl_connect(ctx);
if(bio == NULL) {
printf("Failed. Aborting.\n");
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
printf("\nAttempting to set up BIO for SSL...\n");
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(bio, "127.0.0.1:4422");
if (BIO_do_connect(bio) <= 0) {
printf("BIO_do_connect failed\n");
/* Handle failed connection */
ERR_print_errors_fp(stdout);
exit (1);
}
if(SSL_get_verify_result(ssl) != X509_V_OK) {
printf("SSL_get_verify_result failed\n");
/* Handle the failed verification */
ERR_print_errors_fp(stdout);
//exit (1);
}
SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
if (cipher) {
char buf[1204];
printf("Cipher Name: %s\n", SSL_CIPHER_get_name(cipher));
printf("Cipher Desc: %s\n", SSL_CIPHER_description(cipher, buf, 1024));
}
int len = 1024;
char buf[len];
BIO_puts(bio, "Hello Server, this is just for test!");
BIO_flush(bio);
BIO_read(bio, buf, len);
printf("Received: %s\n", buf);
SSL_CTX_free(ctx);
/* To reuse the connection, use this line */
BIO_reset(bio);
/* To free it from memory, use this line */
BIO_free_all(bio);
return 0;
}
int main(int argc, char **argv)
{
BIO *sbio = NULL, *out = NULL;
int i, len, rv;
char tmpbuf[1024];
SSL_CTX *ctx = NULL;
SSL_CONF_CTX *cctx = NULL;
SSL *ssl = NULL;
CONF *conf = NULL;
STACK_OF(CONF_VALUE) *sect = NULL;
CONF_VALUE *cnf;
const char *connect_str = "localhost:4433";
long errline = -1;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_library_init();
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
if (errline <= 0)
fprintf(stderr, "Error processing config file\n");
else
fprintf(stderr, "Error on line %ld\n", errline);
goto end;
}
sect = NCONF_get_section(conf, "default");
if (sect == NULL) {
fprintf(stderr, "Error retrieving default section\n");
goto end;
}
ctx = SSL_CTX_new(SSLv3_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
cnf = sk_CONF_VALUE_value(sect, i);
rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
if (rv > 0)
continue;
if (rv != -2) {
fprintf(stderr, "Error processing %s = %s\n",
cnf->name, cnf->value);
ERR_print_errors_fp(stderr);
goto end;
}
if (!strcmp(cnf->name, "Connect")) {
connect_str = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
goto end;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
/*
* We'd normally set some stuff like the verify paths and * mode here
* because as things stand this will connect to * any server whose
* certificate is signed by any CA.
*/
sbio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(sbio, &ssl);
if (!ssl) {
fprintf(stderr, "Can't locate SSL pointer\n");
goto end;
}
/* Don't want any retries */
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* We might want to do other things with ssl here */
BIO_set_conn_hostname(sbio, connect_str);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (BIO_do_connect(sbio) <= 0) {
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
goto end;
}
if (BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
goto end;
}
/* Could examine ssl here to get connection info */
BIO_puts(sbio, "GET / HTTP/1.0\n\n");
for (;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if (len <= 0)
break;
BIO_write(out, tmpbuf, len);
}
end:
SSL_CONF_CTX_free(cctx);
BIO_free_all(sbio);
BIO_free(out);
NCONF_free(conf);
return 0;
}
int main(int argc, char **argv)
{
BIO *sslbio;
SSL_CTX *ctx;
SSL *ssl;
//SSL_METHOD *meth;
unsigned long totl;
int i, p;
char hostname[BUF_SIZE + 1];
char server[16];
char choice;
int ret;
if (argc != 2) {
printf("Usage: %s ClientName\n", argv[0]);
printf("eg: '%s client1'\n", argv[0]);
return -1;
}
if (strlen(argv[1]) >= NAME_SIZE) {
fprintf(stderr, "%s is too long! \nPick a shorter client name.\n",argv[1]);
} else {
strcpy(CLIENT_NAME, argv[1]);
}
printf("client name: %s\n", CLIENT_NAME);
/* Formatting required certificates for client ...
certificates are matched to client with file names */
int length = strlen(CLIENT_NAME) + 10;
char CLIENT_CERT_FILE2[length];
strcpy(CLIENT_CERT_FILE2, "cert/");
strcat(CLIENT_CERT_FILE2, CLIENT_NAME);
strcat(CLIENT_CERT_FILE2, ".pem");
printf("This client CERT file is required: %s\n", CLIENT_CERT_FILE2);
// Checking for required certificate
if( access( CLIENT_CERT_FILE2, F_OK ) != -1 ) {
// file exists
printf("CERT file verified present\n");
} else {
// file doesn't exist
printf("CERT NOT FOUND....\n"
"Perhaps this client does not have valid\n"
"certificates present at this location\n"
">>> ./%s\n",CLIENT_CERT_FILE2);
exit(4);
}
char CLIENT_KEY_FILE2[length];
strcpy(CLIENT_KEY_FILE2, "cert/");
strcat(CLIENT_KEY_FILE2, CLIENT_NAME);
strcat(CLIENT_KEY_FILE2, ".key");
printf("This client KEY file is required: %s\n", CLIENT_KEY_FILE2);
// Checking for required certificate
if( access( CLIENT_KEY_FILE2, F_OK ) != -1 ) {
// file exists
printf("KEY file verified present\n\n");
} else {
// file doesn't exist
printf("KEY NOT FOUND....\n"
"Perhaps this client does not have valid"
"certificates present at this location\n"
">>> ./%s\n",CLIENT_KEY_FILE2);
exit(4);
}
/* Give initial menu to user; get hostname for connection */
choice = getchoice("Please select an action", imenu);
printf("You have chosen: %c\n", choice);
if (choice == 'q')
{
printf("Ending Program... Goodbye.\n");
}
else // choice == 'a'
{
printf("Initializing connection...\n");
// NOTE: 45 is the max length of a IPv4 address
getInput(server, "Enter server hostname to connect \n (e.g., '127.0.0.1')", 15);
SSL_library_init();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
ctx = SSL_CTX_new(SSLv3_client_method());
// ctx = SSL_CTX_new(SSLv3_method());
//ctx = SSL_CTX_new(meth);
assert(ctx != NULL);
/* Verify the server */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
/* Load CA Certificate */
if (!SSL_CTX_load_verify_locations(ctx, CA_CERT_FILE, NULL)) {
printf("Load CA file failed.\r\n");
//goto free_ctx;
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
return 0;
}
/* Load Client Certificate with Public Key */
if (SSL_CTX_use_certificate_file(ctx, CLIENT_CERT_FILE2, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stdout);
printf("ssl_ctx_use_certificate_file failed.\r\n");
//goto free_ctx;
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
return 0;
}
/* Load Private Key */
if (SSL_CTX_use_PrivateKey_file(ctx, CLIENT_KEY_FILE2, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stdout);
printf("ssl_ctx_use_privatekey_file failed.\r\n");
//goto free_ctx;
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
return 0;
}
/* Check the validity of Private Key */
if (!SSL_CTX_check_private_key(ctx)) {
ERR_print_errors_fp(stdout);
printf("ssl_ctx_check_private_key failed.\r\n");
//goto free_ctx;
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
return 0;
}
/* Create the connection */
sslbio = BIO_new_ssl_connect(ctx);
/* Get SSL from sslbio */
BIO_get_ssl(sslbio, &ssl);
/* Set the SSL mode into SSL_MODE_AUTO_RETRY */
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
//////////////////////////////////////////////////
// NOTE: Port# hardcoded here; change if necessary
//////////////////////////////////////////////////
BIO_set_conn_port(sslbio, "7777");
BIO_set_conn_hostname(sslbio, server);
/* Request Connection */
if(BIO_do_connect(sslbio) <= 0)
{
fprintf(stderr, "Error attempting to connect\n");
ERR_print_errors_fp(stderr);
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
return 0;
}
else
{
printf("Connection to server successful!\n");
}
/* Verify Server Certificate Validity */
if(SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("Certificate Verification Error: %ld\n", SSL_get_verify_result(ssl));
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
return 0;
}
else
{
printf("verify server cert successful\n");
}
//Send hostname to server
printf("Sending client name to server.\n");
BIO_write(sslbio, CLIENT_NAME, strlen(CLIENT_NAME));
do
{
choice = getchoice("Please select an action", menu);
printf("You have chosen: %c\n", choice);
if (choice == 'a')
{
printf("Check-in function will be executed\n");
choiceProcess (sslbio, buffer, choice);
ret = checkin_file(ssl, sslbio, buffer);
}
else if (choice == 'b')
{
printf("Check-out function will be executed\n");
choiceProcess (sslbio, buffer, choice);
ret = checkout_file(ssl, sslbio, buffer);
}
else if (choice == 'c')
{
printf("Delegate function will be executed\n");
choiceProcess (sslbio, buffer, choice);
}
else if (choice == 'd')
{
printf("Safe-delete function will be executed\n");
choiceProcess (sslbio, buffer, choice);
}
else
{
printf("Terminate function will be executed\n");
}
} while (choice != 'q');
/* Terminate the connection by sending message */
clientTerminate (sslbio, buffer);
/* Close the connection and free the context */
BIO_ssl_shutdown(sslbio);
BIO_free_all(sslbio);
SSL_CTX_free(ctx);
}
return 0;
}
int main(int argc, char *argv[]) {
/* master file descriptor list */
fd_set master;
/* temp file descriptor list for select() */
fd_set read_fds;
/* server & client address */
struct sockaddr_in serv_addr, cli_addr;
struct timeval timeout;
/* maximum file descriptor number */
int fdmax;
/* listening socket descriptor */
int sockfd;
/* newly accept()ed socket descriptor */
int newsockfd;
/* buffer for client data */
char buf[1024];
int nbytes;
/* for setsockopt() SO_REUSEADDR, below */
int yes = 1;
socklen_t clilen;
int i, j;
/* clear the master and temp sets */
FD_ZERO(&master);
FD_ZERO(&read_fds);
//ssl initiation
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_METHOD *meth = SSLv3_server_method();
SSL_CTX *ctx = SSL_CTX_new(meth);
SSL_CTX_use_certificate_file(ctx, "TrustStore.pem", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "privatekey.key", SSL_FILETYPE_PEM);
if(argc < 2)
{
printf("USAGE: %s + <portno>\n", argv[0]);
exit(EXIT_FAILURE);
}
timeout.tv_sec = 300;
timeout.tv_usec = 0;
/* get the listener */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if(sockfd < 0)
{
printf("%s. SOCKET()", strerror(errno));
exit(EXIT_FAILURE);
}
else if(sockfd)
{
do
{
{
printf("Waiting for a connection.\n");
}
} while(!accept);
}
printf("Server-socket() is OK...\n");
/*"address already in use" error message */
if(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) < 0)
{
printf("SETSOCKOPT() ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("Server-setsockopt() is OK...\n");
/* bind */
int portno = atoi(argv[1]);
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
serv_addr.sin_port = htons(portno);
memset(&(serv_addr.sin_zero), '\0', 8);
int binder;
binder = bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
if(binder == -1)
{
printf("BIND() ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("Server-bind() is OK...\n");
/* listen */
int listener = listen(sockfd, 10);
if(listener < 0)
{
printf("LISTEN() ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("Server-listen() is OK...\n");
/* add the listener to the master set */
FD_SET(sockfd, &master);
/* keep track of the biggest file descriptor */
fdmax = sockfd; /* so far, it's this one*/
/* Main loop */
for( ; ; )
{
/* copy it */
read_fds = master;
int selector = select(fdmax+1, &read_fds, NULL, NULL, &timeout);
if(selector < 0)
{
printf("SELECT(-1) ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
if(selector == 0)
{
printf("SELECT(0) ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
else
{
printf("Server-select() is OK...\n");
printf("Waiting for data...\n");
}
/*run through the existing connections looking for data to be read*/
for(i = 0; i <= fdmax; i++)
{//2nd for loop
if(FD_ISSET(i, &read_fds))
{ /* we got one... */
if(i == sockfd)
{
/* handle new connections */
clilen = sizeof(cli_addr);
if((newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen)) == -1)
{
printf("ACCEPT() ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
else
{
printf("Server-accept() is OK...\n");
FD_SET(newsockfd, &master); /* add to master set */
if(newsockfd > fdmax)
{
/* keep track of the maximum */
fdmax = newsockfd;
}
printf("%s: New connection from %s on socket %d\n", argv[0], inet_ntoa(cli_addr.sin_addr), newsockfd);
SSL* ssl;
ssl = SSL_new(ctx);
SSL_set_fd(ssl, newsockfd);
SSL_accept(ssl);
printf("\nHandshake Done\n");
}
}
else
{
/* handle data from a client */
if((nbytes = recv(i, buf, sizeof(buf), 0)) <= 0)
{
/* got error or connection closed by client */
if(nbytes == 0)
/* connection closed */
printf("%s: socket %d hung up\n", argv[0], i);
else
printf("RECV() ---> %s.\n", strerror(errno));
/* close it... */
close(i);
/* remove from master set */
FD_CLR(i, &master);
}
else
{
/* we got some data from a client*/
for(j = 0; j <= fdmax; j++)
{//3rd for loop
/* send to everyone! */
if(FD_ISSET(j, &master))
{
/* except the listener and ourselves */
if(j != sockfd && j != i)
{
if(send(j, buf, nbytes, 0) == -1)
{
printf("SEND() ---> %s.\n", strerror(errno));
exit(EXIT_FAILURE);
}
}
}
}//3rd for loop
}
}
}
}//2nd for loop
}//Main loop
return 0;
}
LUA_API int luaopen_openssl(lua_State*L)
{
char * config_filename;
#ifdef ENABLE_CRYPTO_THREAD
CRYPTO_thread_setup();
CRYPTO_lock(CRYPTO_LOCK,CRYPTO_LOCK_ERR,__FILE__,__LINE__);
#endif
if(g_init==0)
{
g_init = 1;
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
SSL_library_init();
ERR_load_ERR_strings();
ERR_load_crypto_strings();
ERR_load_EVP_strings();
ERR_load_SSL_strings();
ENGINE_load_dynamic();
ENGINE_load_openssl();
}
#ifdef ENABLE_CRYPTO_THREAD
CRYPTO_lock(CRYPTO_UNLOCK,CRYPTO_LOCK_ERR,__FILE__,__LINE__);
#endif
/* Determine default SSL configuration file */
config_filename = getenv("OPENSSL_CONF");
if (config_filename == NULL) {
config_filename = getenv("SSLEAY_CONF");
}
/* default to 'openssl.cnf' if no environment variable is set */
if (config_filename == NULL) {
snprintf(default_ssl_conf_filename, sizeof(default_ssl_conf_filename), "%s/%s",
X509_get_default_cert_area(),
"openssl.cnf");
} else {
strncpy(default_ssl_conf_filename, config_filename, sizeof(default_ssl_conf_filename));
}
openssl_register_pkey(L);
openssl_register_x509(L);
openssl_register_csr(L);
openssl_register_digest(L);
openssl_register_cipher(L);
openssl_register_sk_x509(L);
openssl_register_bio(L);
openssl_register_crl(L);
#ifdef OPENSSL_HAVE_TS
openssl_register_ts(L);
#endif
openssl_register_conf(L);
openssl_register_pkcs7(L);
openssl_register_misc(L);
openssl_register_engine(L);
openssl_register_ssl(L);
openssl_register_ocsp(L);
#if LUA_VERSION_NUM==501
luaL_register(L,"openssl",eay_functions);
#elif LUA_VERSION_NUM==502
lua_newtable(L);
luaL_setfuncs(L, eay_functions, 0);
#endif
setNamedIntegers(L, consts);
/* third part */
luaopen_bn(L);
lua_setfield(L, -2, "bn");
return 1;
}
/** Main routine for petal */
int main(int argc, char* argv[])
{
int c;
int port = 443;
char* addr = "127.0.0.1", *key = "petal.key", *cert = "petal.pem";
#ifdef USE_WINSOCK
WSADATA wsa_data;
if((c=WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
{ printf("WSAStartup failed\n"); exit(1); }
atexit((void (*)(void))WSACleanup);
#endif
/* parse the options */
while( (c=getopt(argc, argv, "a:c:k:hp:v")) != -1) {
switch(c) {
case 'a':
addr = optarg;
break;
case 'c':
cert = optarg;
break;
case 'k':
key = optarg;
break;
case 'p':
port = atoi(optarg);
break;
case 'v':
verb++;
break;
case '?':
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
if(argc != 0)
usage();
#ifdef SIGPIPE
(void)signal(SIGPIPE, SIG_IGN);
#endif
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
#endif
ERR_load_SSL_strings();
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
(void)OPENSSL_init_ssl(0, NULL);
#endif
do_service(addr, port, key, cert);
#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
CRYPTO_cleanup_all_ex_data();
#endif
#ifdef HAVE_ERR_FREE_STRINGS
ERR_free_strings();
#endif
return 0;
}
/** main program for streamtcp */
int main(int argc, char** argv)
{
int c;
const char* svr = "127.0.0.1";
int udp = 0;
int noanswer = 0;
int usessl = 0;
#ifdef USE_WINSOCK
WSADATA wsa_data;
if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) {
printf("WSAStartup failed\n");
return 1;
}
#endif
/* lock debug start (if any) */
log_init(0, 0, 0);
checklock_start();
#ifdef SIGPIPE
if(signal(SIGPIPE, &sigh) == SIG_ERR) {
perror("could not install signal handler");
return 1;
}
#endif
/* command line options */
if(argc == 1) {
usage(argv);
}
while( (c=getopt(argc, argv, "f:hnsu")) != -1) {
switch(c) {
case 'f':
svr = optarg;
break;
case 'n':
noanswer = 1;
break;
case 'u':
udp = 1;
break;
case 's':
usessl = 1;
break;
case 'h':
case '?':
default:
usage(argv);
}
}
argc -= optind;
argv += optind;
if(argc % 3 != 0) {
printf("queries must be multiples of name,type,class\n");
return 1;
}
if(usessl) {
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
SSL_library_init();
}
send_em(svr, udp, usessl, noanswer, argc, argv);
checklock_stop();
#ifdef USE_WINSOCK
WSACleanup();
#endif
return 0;
}
int main(int argc, char *argv[])
{
SSL *ssl;
SSL_CTX *ctx;
BIO *bio, *abio, *cbio;
pthread_t t;
X509 *peer;
int (*callback)(char *, int, int, void *) = &password_callback;
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
printf("Attempting to create SSL context...\n");
ctx = SSL_CTX_new(SSLv3_server_method());
if(ctx == NULL) {
printf("Failed. Aborting.\n");
ERR_print_errors_fp(stdout);
return 0;
}
printf("Loading certificates...\n");
SSL_CTX_set_default_passwd_cb(ctx, callback);
//if (SSL_CTX_use_certificate_file(ctx, "./CA/server_cert.pem", SSL_FILETYPE_PEM) != 1) {
if (SSL_CTX_use_certificate_chain_file(ctx, "./CAtest/server_cert.pem") != 1) {
/* Handle failed load here */
ERR_print_errors_fp(stdout);
exit(1);
}
if (SSL_CTX_use_PrivateKey_file(ctx, "./CAtest/private/server_key.pem", SSL_FILETYPE_PEM) != 1) {
/* Handle failed load here */
ERR_print_errors_fp(stdout);
exit(1);
}
if (!SSL_CTX_load_verify_locations(ctx, "./CAtest/cacert.pem", "./CA/")) {
/* Handle failed load here */
ERR_print_errors_fp(stdout);
exit(1);
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, verify_callback);
SSL_CTX_set_verify_depth(ctx, 5);
printf("Attempting to create BIO object...\n");
bio = BIO_new_ssl(ctx, 0);
if(bio == NULL) {
printf("Failed. Aborting.\n");
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
printf("Attempting to set up BIO for SSL...\n");
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
abio = BIO_new_accept("4422");
BIO_set_accept_bios(abio, bio);
/* First call to BIO_accept() sets up accept BIO */
if (BIO_do_accept(abio) <= 0) {
fprintf(stderr, "Error setting up accept\n");
ERR_print_errors_fp(stderr);
exit(0);
}
do {
/* Wait for incoming connection */
if (BIO_do_accept(abio) <= 0) {
fprintf(stderr, "Error accepting connection\n");
ERR_print_errors_fp(stderr);
exit(0);
}
fprintf(stderr, "Connection 1 established\n");
/* Retrieve BIO for connection */
cbio = BIO_pop(abio);
pthread_create(&t, NULL, handle_connection, cbio);
} while (1);
SSL_shutdown(ssl);
BIO_free_all(bio);
BIO_free_all(abio);
SSL_CTX_free(ctx);
SSL_free(ssl);
return 0;
}
/** Main routine for unbound-control */
int main(int argc, char* argv[])
{
int c, ret;
int quiet = 0;
const char* cfgfile = CONFIGFILE;
char* svr = NULL;
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
#endif
#ifdef USE_THREAD_DEBUG
/* stop the file output from unbound-control, overwrites the servers */
extern int check_locking_order;
check_locking_order = 0;
#endif /* USE_THREAD_DEBUG */
log_ident_set("unbound-control");
log_init(NULL, 0, NULL);
checklock_start();
#ifdef USE_WINSOCK
/* use registry config file in preference to compiletime location */
if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile")))
cfgfile = CONFIGFILE;
#endif
/* parse the options */
while( (c=getopt(argc, argv, "c:s:qh")) != -1) {
switch(c) {
case 'c':
cfgfile = optarg;
break;
case 's':
svr = optarg;
break;
case 'q':
quiet = 1;
break;
case '?':
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
if(argc == 0)
usage();
if(argc >= 1 && strcmp(argv[0], "start")==0) {
if(execlp("unbound", "unbound", "-c", cfgfile,
(char*)NULL) < 0) {
fatal_exit("could not exec unbound: %s",
strerror(errno));
}
}
if(argc >= 1 && strcmp(argv[0], "stats_shm")==0) {
print_stats_shm(cfgfile);
return 0;
}
#ifdef USE_WINSOCK
if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
fatal_exit("WSAStartup failed: %s", wsa_strerror(r));
#endif
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
ERR_load_SSL_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
(void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
#endif
if(!RAND_status()) {
/* try to seed it */
unsigned char buf[256];
unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid();
unsigned int v = seed;
size_t i;
for(i=0; i<256/sizeof(v); i++) {
memmove(buf+i*sizeof(v), &v, sizeof(v));
v = v*seed + (unsigned int)i;
}
RAND_seed(buf, 256);
log_warn("no entropy, seeding openssl PRNG with time\n");
}
ret = go(cfgfile, svr, quiet, argc, argv);
#ifdef USE_WINSOCK
WSACleanup();
#endif
checklock_stop();
return ret;
}
struct dyString *bio(char *host, char *url, char *certFile, char *certPath)
/*
This SSL/TLS client example, attempts to retrieve a page from an SSL/TLS web server.
The I/O routines are identical to those of the unencrypted example in BIO_s_connect(3).
*/
{
struct dyString *dy = dyStringNew(0);
char hostnameProto[256];
char requestLine[4096];
BIO *sbio;
int len;
char tmpbuf[1024];
SSL_CTX *ctx;
SSL *ssl;
SSL_library_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
/* We would seed the PRNG here if the platform didn't
* do it automatically
*/
ctx = SSL_CTX_new(SSLv23_client_method());
if (certFile || certPath)
{
SSL_CTX_load_verify_locations(ctx,certFile,certPath);
#if (OPENSSL_VERSION_NUMBER < 0x0090600fL)
SSL_CTX_set_verify_depth(ctx,1);
#endif
}
/* We'd normally set some stuff like the verify paths and
* mode here because as things stand this will connect to
* any server whose certificate is signed by any CA.
*/
sbio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(sbio, &ssl);
if(!ssl)
{
fprintf(stderr, "Can't locate SSL pointer\n");
return NULL;
}
/* Don't want any retries */
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* We might want to do other things with ssl here */
safef(hostnameProto,sizeof(hostnameProto),"%s:https",host);
BIO_set_conn_hostname(sbio, hostnameProto);
if(BIO_do_connect(sbio) <= 0)
{
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
return NULL;
}
if(BIO_do_handshake(sbio) <= 0)
{
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
return NULL;
}
if (certFile || certPath)
if (!check_cert(ssl, host))
return NULL;
/* Could examine ssl here to get connection info */
safef(requestLine,sizeof(requestLine),"GET %s HTTP/1.0\n\n",url);
BIO_puts(sbio, requestLine);
for(;;)
{
len = BIO_read(sbio, tmpbuf, 1024);
if(len <= 0) break;
dyStringAppendN(dy, tmpbuf, len);
}
BIO_free_all(sbio);
return dy;
}
/* Init necessary structures for SSL in WebIf*/
SSL_CTX *SSL_Webif_Init(void)
{
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_CTX *ctx;
static const char *cs_cert = "oscam.pem";
if(pthread_key_create(&getssl, NULL))
{
cs_log("Could not create getssl");
}
// set locking callbacks for SSL
int32_t i, num = CRYPTO_num_locks();
lock_cs = (CS_MUTEX_LOCK *) OPENSSL_malloc(num * sizeof(CS_MUTEX_LOCK));
for(i = 0; i < num; ++i)
{
cs_lock_create(&lock_cs[i], "ssl_lock_cs", 10000);
}
/* static lock callbacks */
CRYPTO_set_id_callback(SSL_id_function);
CRYPTO_set_locking_callback(SSL_locking_function);
/* dynamic lock callbacks */
CRYPTO_set_dynlock_create_callback(SSL_dyn_create_function);
CRYPTO_set_dynlock_lock_callback(SSL_dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(SSL_dyn_destroy_function);
if(cfg.http_force_sslv3)
{
ctx = SSL_CTX_new(SSLv3_server_method());
#ifdef SSL_CTX_clear_options
SSL_CTX_clear_options(ctx, SSL_OP_ALL); //we CLEAR all bug workarounds! This is for security reason
#else
cs_log("WARNING: You enabled to force sslv3 but your system does not support to clear the ssl workarounds! SSL security will be reduced!");
#endif
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); // we force SSL v3 !
SSL_CTX_set_cipher_list(ctx, SSL_TXT_RC4);
}
else
{ ctx = SSL_CTX_new(SSLv23_server_method()); }
char path[128];
if(!cfg.http_cert)
{ get_config_filename(path, sizeof(path), cs_cert); }
else
{ cs_strncpy(path, cfg.http_cert, sizeof(path)); }
if(!ctx)
{
ERR_print_errors_fp(stderr);
return NULL;
}
if(SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
return NULL;
}
if(SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
return NULL;
}
if(!SSL_CTX_check_private_key(ctx))
{
cs_log("SSL: Private key does not match the certificate public key");
return NULL;
}
cs_log("load ssl certificate file %s", path);
return ctx;
}
/* If called without arguments, listen for connections. Otherwise make a
* connection to the specified first argument.
*/
int main(int argc, char *argv[]) {
get_args(argc, argv);
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
int port = DFL_PORT;
if (prog_args.port != 0) {
if ((port = atoi(prog_args.port)) <= 0) {
fprintf(stderr, "%s: port must be positive integer\n",
prog_args.name);
exit(1);
}
}
/* Create and bind the socket.
*/
int s;
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("socket");
exit(1);
}
struct sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
perror("bind");
exit(1);
}
printf("Attempting to create SSL context... ");
ctx = SSL_CTX_new(SSLv23_server_method());
if(ctx == NULL) {
printf("Failed. Aborting.\n");
return 0;
}
printf("\nLoading certificates...\n");
if(!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) {
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
if(!SSL_CTX_use_PrivateKey_file(ctx, PRI_KEY, SSL_FILETYPE_PEM)) {
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_timeout(ctx, 6000);
ssl = SSL_new(ctx);
do_recv(s);
return 0;
}
/** Main routine for nsd-control */
int main(int argc, char* argv[])
{
int c;
const char* cfgfile = CONFIGFILE;
char* svr = NULL;
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
#endif
log_init("nsd-control");
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
#endif
ERR_load_SSL_strings();
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
OPENSSL_init_ssl(0, NULL);
#endif
if(!RAND_status()) {
/* try to seed it */
unsigned char buf[256];
unsigned int v, seed=(unsigned)time(NULL) ^ (unsigned)getpid();
size_t i;
v = seed;
for(i=0; i<256/sizeof(v); i++) {
memmove(buf+i*sizeof(v), &v, sizeof(v));
v = v*seed + (unsigned int)i;
}
RAND_seed(buf, 256);
fprintf(stderr, "warning: no entropy, seeding openssl PRNG with time\n");
}
/* parse the options */
while( (c=getopt(argc, argv, "c:s:h")) != -1) {
switch(c) {
case 'c':
cfgfile = optarg;
break;
case 's':
svr = optarg;
break;
case '?':
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
if(argc == 0)
usage();
if(argc >= 1 && strcmp(argv[0], "start")==0) {
if(execl(NSD_START_PATH, "nsd", "-c", cfgfile,
(char*)NULL) < 0) {
fprintf(stderr, "could not exec %s: %s\n",
NSD_START_PATH, strerror(errno));
exit(1);
}
}
return go(cfgfile, svr, argc, argv);
}
/** Main routine for unbound-control */
int main(int argc, char* argv[])
{
int c, ret;
const char* cfgfile = CONFIGFILE;
char* svr = NULL;
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
#endif
#ifdef USE_THREAD_DEBUG
/* stop the file output from unbound-control, overwites the servers */
extern int check_locking_order;
check_locking_order = 0;
#endif /* USE_THREAD_DEBUG */
log_ident_set("unbound-control");
log_init(NULL, 0, NULL);
checklock_start();
#ifdef USE_WINSOCK
if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
fatal_exit("WSAStartup failed: %s", wsa_strerror(r));
#endif
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
(void)SSL_library_init();
if(!RAND_status()) {
/* try to seed it */
unsigned char buf[256];
unsigned int v, seed=(unsigned)time(NULL) ^ (unsigned)getpid();
size_t i;
for(i=0; i<256/sizeof(v); i++) {
memmove(buf+i*sizeof(v), &v, sizeof(v));
v = v*seed + (unsigned int)i;
}
RAND_seed(buf, 256);
log_warn("no entropy, seeding openssl PRNG with time\n");
}
/* parse the options */
while( (c=getopt(argc, argv, "c:s:h")) != -1) {
switch(c) {
case 'c':
cfgfile = optarg;
break;
case 's':
svr = optarg;
break;
case '?':
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
if(argc == 0)
usage();
if(argc >= 1 && strcmp(argv[0], "start")==0) {
if(execlp("unbound", "unbound", "-c", cfgfile,
(char*)NULL) < 0) {
fatal_exit("could not exec unbound: %s",
strerror(errno));
}
}
ret = go(cfgfile, svr, argc, argv);
#ifdef USE_WINSOCK
WSACleanup();
#endif
checklock_stop();
return ret;
}
LUALIB_API int luaopen_openssl(lua_State*L)
{
if (atomic_fetch_add(&init, 1) == 0)
{
#if defined(OPENSSL_THREADS)
CRYPTO_thread_setup();
#endif
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
SSL_library_init();
ERR_load_ERR_strings();
ERR_load_EVP_strings();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
ENGINE_load_dynamic();
ENGINE_load_openssl();
#ifdef LOAD_ENGINE_CUSTOM
LOAD_ENGINE_CUSTOM
#endif
#ifdef OPENSSL_SYS_WINDOWS
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RAND_screen();
#endif
#endif
}
lua_newtable(L);
lua_newtable(L);
lua_pushcfunction(L, luaclose_openssl);
lua_setfield(L, -2, "__gc");
lua_setmetatable(L, -2);
luaL_setfuncs(L, eay_functions, 0);
openssl_register_lhash(L);
openssl_register_engine(L);
luaopen_bio(L);
lua_setfield(L, -2, "bio");
luaopen_asn1(L);
lua_setfield(L, -2, "asn1");
luaopen_digest(L);
lua_setfield(L, -2, "digest");
luaopen_cipher(L);
lua_setfield(L, -2, "cipher");
luaopen_hmac(L);
lua_setfield(L, -2, "hmac");
luaopen_pkey(L);
lua_setfield(L, -2, "pkey");
#ifdef EVP_PKEY_EC
luaopen_ec(L);
lua_setfield(L, -2, "ec");
#endif
luaopen_x509(L);
lua_setfield(L, -2, "x509");
luaopen_pkcs7(L);
lua_setfield(L, -2, "pkcs7");
luaopen_pkcs12(L);
lua_setfield(L, -2, "pkcs12");
luaopen_ocsp(L);
lua_setfield(L, -2, "ocsp");
#ifdef OPENSSL_HAVE_TS
/* timestamp handling */
luaopen_ts(L);
lua_setfield(L, -2, "ts");
#endif
luaopen_cms(L);
lua_setfield(L, -2, "cms");
luaopen_ssl(L);
lua_setfield(L, -2, "ssl");
/* third part */
luaopen_bn(L);
lua_setfield(L, -2, "bn");
luaopen_rsa(L);
lua_setfield(L, -2, "rsa");
luaopen_dsa(L);
lua_setfield(L, -2, "dsa");
luaopen_dh(L);
lua_setfield(L, -2, "dh");
#ifndef OPENSSL_NO_SRP
luaopen_srp(L);
lua_setfield(L, -2, "srp");
#endif
#ifdef ENABLE_OPENSSL_GLOBAL
lua_pushvalue(L, -1);
lua_setglobal(L, "openssl");
#endif
return 1;
}