static void regress_bufferevent_openssl(void *arg) { struct basic_test_data *data = arg; struct bufferevent *bev1, *bev2; SSL *ssl1, *ssl2; X509 *cert = getcert(); EVP_PKEY *key = getkey(); const int start_open = strstr((char*)data->setup_data, "open")!=NULL; const int filter = strstr((char*)data->setup_data, "filter")!=NULL; int flags = BEV_OPT_DEFER_CALLBACKS; struct bufferevent *bev_ll[2] = { NULL, NULL }; evutil_socket_t *fd_pair = NULL; tt_assert(cert); tt_assert(key); init_ssl(); if (strstr((char*)data->setup_data, "renegotiate")) { if (SSLeay() >= 0x10001000 && SSLeay() < 0x1000104f) { /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2 * can't renegotiate with themselves. Disable. */ disable_tls_11_and_12 = 1; } renegotiate_at = 600; } ssl1 = SSL_new(get_ssl_ctx()); ssl2 = SSL_new(get_ssl_ctx()); SSL_use_certificate(ssl2, cert); SSL_use_PrivateKey(ssl2, key); if (! start_open) flags |= BEV_OPT_CLOSE_ON_FREE; if (!filter) { tt_assert(strstr((char*)data->setup_data, "socketpair")); fd_pair = data->pair; } else { bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], BEV_OPT_CLOSE_ON_FREE); bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], BEV_OPT_CLOSE_ON_FREE); } open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, fd_pair, bev_ll); if (!filter) { tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); } else {
static void regress_bufferevent_openssl(void *arg) { struct basic_test_data *data = arg; struct bufferevent *bev1, *bev2; SSL *ssl1, *ssl2; X509 *cert = getcert(); EVP_PKEY *key = getkey(); const int start_open = strstr((char*)data->setup_data, "open")!=NULL; const int filter = strstr((char*)data->setup_data, "filter")!=NULL; int flags = BEV_OPT_DEFER_CALLBACKS; struct bufferevent *bev_ll[2] = { NULL, NULL }; int *fd_pair = NULL; tt_assert(cert); tt_assert(key); init_ssl(); ssl1 = SSL_new(get_ssl_ctx()); ssl2 = SSL_new(get_ssl_ctx()); SSL_use_certificate(ssl2, cert); SSL_use_PrivateKey(ssl2, key); if (! start_open) flags |= BEV_OPT_CLOSE_ON_FREE; if (strstr((char*)data->setup_data, "renegotiate")) renegotiate_at = 600; if (!filter) { tt_assert(strstr((char*)data->setup_data, "socketpair")); fd_pair = data->pair; } else { bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0], BEV_OPT_CLOSE_ON_FREE); bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1], BEV_OPT_CLOSE_ON_FREE); } open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2, fd_pair, bev_ll); if (!filter) { tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]); } else {
int main(int argc,char** argv){ evbase = event_base_new(); if(!evbase){ fprintf(stderr, "create evbase error!\n"); exit(0); } // 创建http server实例 ev_ssl = evhttp_new(evbase); if(!ev_ssl){ exit(0); } // openssl 初始化 SSL_library_init(); ERR_load_crypto_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); if (SSLeay() != OPENSSL_VERSION_NUMBER){ } ev_ssl->ctx = get_ssl_ctx(certfile_url.c_str(),keyfile_url.c_str()); ev_ssl->ssl_cb = bufferevent_openssl_socket_new; std::string ev_ssl_ip="192.168.1.10"; int ev_ssl_port = 8080; // evhttp_bind_socket_with_handle这个函数在原基础上追加一个参数,标示http server知否支持ssl(0:不支持 1:支持) struct evhttp_bound_socket *ssl_handle = evhttp_bind_socket_with_handle(ev_ssl, ev_ssl_ip.c_str(), ev_ssl_port,1); if(!ssl_handle){ exit(0); } struct evconnlistener *ssl_listener = evhttp_bound_socket_get_listener(ssl_handle); evconnlistener_set_error_cb(ssl_listener, ssl_accept_error_cb); evhttp_set_cb(ev_ssl, "/ping", ping_handler, NULL); event_base_dispatch(evbase); evhttp_free(ev_ssl); event_base_free(evbase); return 0; }
static lagopus_result_t connect_tls(struct session *s, const char *host, const char *port) { int ret; BIO *sbio; (void) host; (void) port; lagopus_msg_info("tls handshake start.\n"); if (IS_TLS_NOT_INIT(s)) { SSL_CTX *ssl_ctx; ssl_ctx = get_ssl_ctx(GET_TLS_CTX(s)->ca_dir, GET_TLS_CTX(s)->cert, GET_TLS_CTX(s)->key); if (ssl_ctx == NULL) { lagopus_msg_warning("get_ssl_ctx() fail.\n"); return LAGOPUS_RESULT_TLS_CONN_ERROR; } GET_TLS_CTX(s)->ctx = ssl_ctx; } if (GET_TLS_CTX(s)->ssl == NULL) { SSL *ssl; ssl = SSL_new(GET_TLS_CTX(s)->ctx); if (ssl == NULL) { lagopus_msg_warning("no memory.\n"); return LAGOPUS_RESULT_TLS_CONN_ERROR; } GET_TLS_CTX(s)->ssl = ssl; } if (SSL_get_rbio(GET_TLS_CTX(s)->ssl) == NULL) { sbio = BIO_new_socket(s->sock, BIO_NOCLOSE); SSL_set_bio(GET_TLS_CTX(s)->ssl, sbio, sbio); } ret = SSL_connect(GET_TLS_CTX(s)->ssl); if (ret == 0) { lagopus_msg_warning("tls handshake failed.\n"); return LAGOPUS_RESULT_TLS_CONN_ERROR; } else if (ret < 0 && (SSL_get_error(GET_TLS_CTX(s)->ssl, ret) != SSL_ERROR_WANT_READ && SSL_get_error(GET_TLS_CTX(s)->ssl, ret) != SSL_ERROR_WANT_READ)) { lagopus_msg_warning("tls error (%s:%d).\n", ERR_error_string((unsigned long) SSL_get_error(GET_TLS_CTX(s)->ssl, ret), NULL), (int) SSL_get_error(GET_TLS_CTX(s)->ssl, ret)); return LAGOPUS_RESULT_TLS_CONN_ERROR; } else if (ret < 0) { lagopus_msg_info("tls error (%s:%d), but continue.\n", ERR_error_string((unsigned long) SSL_get_error(GET_TLS_CTX(s)->ssl, ret), NULL), (int) SSL_get_error(GET_TLS_CTX(s)->ssl, ret)); return LAGOPUS_RESULT_EINPROGRESS; } else { ret = check_cert_chain(GET_TLS_CTX(s)->ssl); if (ret < 0) { lagopus_msg_warning("certificate error.\n"); return LAGOPUS_RESULT_TLS_CONN_ERROR; } GET_TLS_CTX(s)->verified = true; lagopus_msg_info("tls handshake end.\n"); } return LAGOPUS_RESULT_OK; }