static void
regress_bufferevent_openssl(void *arg)
{
struct basic_test_data *data = arg;
struct bufferevent *bev1, *bev2;
SSL *ssl1, *ssl2;
X509 *cert = getcert();
EVP_PKEY *key = getkey();
const int start_open = strstr((char*)data->setup_data, "open")!=NULL;
const int filter = strstr((char*)data->setup_data, "filter")!=NULL;
int flags = BEV_OPT_DEFER_CALLBACKS;
struct bufferevent *bev_ll[2] = { NULL, NULL };
evutil_socket_t *fd_pair = NULL;
tt_assert(cert);
tt_assert(key);
init_ssl();
if (strstr((char*)data->setup_data, "renegotiate")) {
if (SSLeay() >= 0x10001000 &&
SSLeay() < 0x1000104f) {
/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
* can't renegotiate with themselves. Disable. */
disable_tls_11_and_12 = 1;
}
renegotiate_at = 600;
}
ssl1 = SSL_new(get_ssl_ctx());
ssl2 = SSL_new(get_ssl_ctx());
SSL_use_certificate(ssl2, cert);
SSL_use_PrivateKey(ssl2, key);
if (! start_open)
flags |= BEV_OPT_CLOSE_ON_FREE;
if (!filter) {
tt_assert(strstr((char*)data->setup_data, "socketpair"));
fd_pair = data->pair;
} else {
bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
BEV_OPT_CLOSE_ON_FREE);
bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
BEV_OPT_CLOSE_ON_FREE);
}
open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
fd_pair, bev_ll);
if (!filter) {
tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);
} else {
static void
regress_bufferevent_openssl(void *arg)
{
struct basic_test_data *data = arg;
struct bufferevent *bev1, *bev2;
SSL *ssl1, *ssl2;
X509 *cert = getcert();
EVP_PKEY *key = getkey();
const int start_open = strstr((char*)data->setup_data, "open")!=NULL;
const int filter = strstr((char*)data->setup_data, "filter")!=NULL;
int flags = BEV_OPT_DEFER_CALLBACKS;
struct bufferevent *bev_ll[2] = { NULL, NULL };
int *fd_pair = NULL;
tt_assert(cert);
tt_assert(key);
init_ssl();
ssl1 = SSL_new(get_ssl_ctx());
ssl2 = SSL_new(get_ssl_ctx());
SSL_use_certificate(ssl2, cert);
SSL_use_PrivateKey(ssl2, key);
if (! start_open)
flags |= BEV_OPT_CLOSE_ON_FREE;
if (strstr((char*)data->setup_data, "renegotiate"))
renegotiate_at = 600;
if (!filter) {
tt_assert(strstr((char*)data->setup_data, "socketpair"));
fd_pair = data->pair;
} else {
bev_ll[0] = bufferevent_socket_new(data->base, data->pair[0],
BEV_OPT_CLOSE_ON_FREE);
bev_ll[1] = bufferevent_socket_new(data->base, data->pair[1],
BEV_OPT_CLOSE_ON_FREE);
}
open_ssl_bufevs(&bev1, &bev2, data->base, 0, flags, ssl1, ssl2,
fd_pair, bev_ll);
if (!filter) {
tt_int_op(bufferevent_getfd(bev1), ==, data->pair[0]);
} else {
int main(int argc,char** argv){
evbase = event_base_new();
if(!evbase){
fprintf(stderr, "create evbase error!\n");
exit(0);
}
// 创建http server实例
ev_ssl = evhttp_new(evbase);
if(!ev_ssl){
exit(0);
}
// openssl 初始化
SSL_library_init();
ERR_load_crypto_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
if (SSLeay() != OPENSSL_VERSION_NUMBER){
}
ev_ssl->ctx = get_ssl_ctx(certfile_url.c_str(),keyfile_url.c_str());
ev_ssl->ssl_cb = bufferevent_openssl_socket_new;
std::string ev_ssl_ip="192.168.1.10"; int ev_ssl_port = 8080;
// evhttp_bind_socket_with_handle这个函数在原基础上追加一个参数,标示http server知否支持ssl(0:不支持 1:支持)
struct evhttp_bound_socket *ssl_handle = evhttp_bind_socket_with_handle(ev_ssl, ev_ssl_ip.c_str(), ev_ssl_port,1);
if(!ssl_handle){
exit(0);
}
struct evconnlistener *ssl_listener = evhttp_bound_socket_get_listener(ssl_handle);
evconnlistener_set_error_cb(ssl_listener, ssl_accept_error_cb);
evhttp_set_cb(ev_ssl, "/ping", ping_handler, NULL);
event_base_dispatch(evbase);
evhttp_free(ev_ssl); event_base_free(evbase);
return 0;
}
static lagopus_result_t
connect_tls(struct session *s, const char *host, const char *port) {
int ret;
BIO *sbio;
(void) host;
(void) port;
lagopus_msg_info("tls handshake start.\n");
if (IS_TLS_NOT_INIT(s)) {
SSL_CTX *ssl_ctx;
ssl_ctx = get_ssl_ctx(GET_TLS_CTX(s)->ca_dir, GET_TLS_CTX(s)->cert,
GET_TLS_CTX(s)->key);
if (ssl_ctx == NULL) {
lagopus_msg_warning("get_ssl_ctx() fail.\n");
return LAGOPUS_RESULT_TLS_CONN_ERROR;
}
GET_TLS_CTX(s)->ctx = ssl_ctx;
}
if (GET_TLS_CTX(s)->ssl == NULL) {
SSL *ssl;
ssl = SSL_new(GET_TLS_CTX(s)->ctx);
if (ssl == NULL) {
lagopus_msg_warning("no memory.\n");
return LAGOPUS_RESULT_TLS_CONN_ERROR;
}
GET_TLS_CTX(s)->ssl = ssl;
}
if (SSL_get_rbio(GET_TLS_CTX(s)->ssl) == NULL) {
sbio = BIO_new_socket(s->sock, BIO_NOCLOSE);
SSL_set_bio(GET_TLS_CTX(s)->ssl, sbio, sbio);
}
ret = SSL_connect(GET_TLS_CTX(s)->ssl);
if (ret == 0) {
lagopus_msg_warning("tls handshake failed.\n");
return LAGOPUS_RESULT_TLS_CONN_ERROR;
} else if (ret < 0
&& (SSL_get_error(GET_TLS_CTX(s)->ssl, ret) != SSL_ERROR_WANT_READ
&& SSL_get_error(GET_TLS_CTX(s)->ssl, ret) != SSL_ERROR_WANT_READ)) {
lagopus_msg_warning("tls error (%s:%d).\n", ERR_error_string((unsigned long)
SSL_get_error(GET_TLS_CTX(s)->ssl, ret), NULL),
(int) SSL_get_error(GET_TLS_CTX(s)->ssl, ret));
return LAGOPUS_RESULT_TLS_CONN_ERROR;
} else if (ret < 0) {
lagopus_msg_info("tls error (%s:%d), but continue.\n",
ERR_error_string((unsigned long)
SSL_get_error(GET_TLS_CTX(s)->ssl, ret), NULL),
(int) SSL_get_error(GET_TLS_CTX(s)->ssl, ret));
return LAGOPUS_RESULT_EINPROGRESS;
} else {
ret = check_cert_chain(GET_TLS_CTX(s)->ssl);
if (ret < 0) {
lagopus_msg_warning("certificate error.\n");
return LAGOPUS_RESULT_TLS_CONN_ERROR;
}
GET_TLS_CTX(s)->verified = true;
lagopus_msg_info("tls handshake end.\n");
}
return LAGOPUS_RESULT_OK;
}
