bool Socket::CreateAndConnectTCPSocket(const AdressImplementation& p_connectAdress) { // Create Socket CreateTCPSocket(); // Connect to adress return ConnectTCPSocket(p_connectAdress); }
ResponseCode OpenSSLConnection::ConnectInternal() { ResponseCode networkResponse = ResponseCode::SUCCESS; X509_VERIFY_PARAM *param = nullptr; server_tcp_socket_fd_ = socket(AF_INET, SOCK_STREAM, 0); if (-1 == server_tcp_socket_fd_) { return ResponseCode::NETWORK_TCP_SETUP_ERROR; } AWS_LOG_DEBUG(OPENSSL_WRAPPER_LOG_TAG, "Root CA : %s", root_ca_location_.c_str()); if (!SSL_CTX_load_verify_locations(p_ssl_context_, root_ca_location_.c_str(), NULL)) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, " Root CA Loading error"); return ResponseCode::NETWORK_SSL_ROOT_CRT_PARSE_ERROR; } if (0 < device_cert_location_.length() && 0 < device_private_key_location_.length()) { AWS_LOG_DEBUG(OPENSSL_WRAPPER_LOG_TAG, "Device crt : %s", device_cert_location_.c_str()); if (!SSL_CTX_use_certificate_file(p_ssl_context_, device_cert_location_.c_str(), SSL_FILETYPE_PEM)) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, " Device Certificate Loading error"); return ResponseCode::NETWORK_SSL_DEVICE_CRT_PARSE_ERROR; } AWS_LOG_DEBUG(OPENSSL_WRAPPER_LOG_TAG, "Device privkey : %s", device_private_key_location_.c_str()); if (1 != SSL_CTX_use_PrivateKey_file(p_ssl_context_, device_private_key_location_.c_str(), SSL_FILETYPE_PEM)) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, " Device Private Key Loading error"); return ResponseCode::NETWORK_SSL_KEY_PARSE_ERROR; } } p_ssl_handle_ = SSL_new(p_ssl_context_); // Requires OpenSSL v1.0.2 and above if (server_verification_flag_) { param = SSL_get0_param(p_ssl_handle_); // Enable automatic hostname checks X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); // Check if it is an IPv4 or an IPv6 address to enable ip checking // Enable host name check otherwise char dst[INET6_ADDRSTRLEN]; if (inet_pton(AF_INET, endpoint_.c_str(), (void *) dst) || inet_pton(AF_INET6, endpoint_.c_str(), (void *) dst)) { X509_VERIFY_PARAM_set1_ip_asc(param, endpoint_.c_str()); } else { X509_VERIFY_PARAM_set1_host(param, endpoint_.c_str(), 0); } } // Configure a non-zero callback if desired SSL_set_verify(p_ssl_handle_, SSL_VERIFY_PEER, nullptr); networkResponse = ConnectTCPSocket(); if (ResponseCode::SUCCESS != networkResponse) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, "TCP Connection error"); return networkResponse; } SSL_set_fd(p_ssl_handle_, server_tcp_socket_fd_); networkResponse = SetSocketToNonBlocking(); if (ResponseCode::SUCCESS != networkResponse) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, " Unable to set the socket to Non-Blocking"); return networkResponse; } networkResponse = AttemptConnect(); if (X509_V_OK != SSL_get_verify_result(p_ssl_handle_)) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, " Server Certificate Verification failed."); networkResponse = ResponseCode::NETWORK_SSL_CONNECT_ERROR; } else { // ensure you have a valid certificate returned, otherwise no certificate exchange happened if (nullptr == SSL_get_peer_certificate(p_ssl_handle_)) { AWS_LOG_ERROR(OPENSSL_WRAPPER_LOG_TAG, " No certificate exchange happened"); networkResponse = ResponseCode::NETWORK_SSL_CONNECT_ERROR; } } if (ResponseCode::SUCCESS == networkResponse) { is_connected_ = true; } return networkResponse; }