/*
* Pass the key-size and the password and this function returns
* the PKCS12 structure as a stream.
*/
PKCS12* create_PKCS12_stream(int keysize, const char *password)
{
EVP_PKEY *privkey = NULL;
X509 *x509_cert = NULL;
STACK_OF(X509) *cacertstack = NULL;
PKCS12 *pkcs12bundle = NULL;
if(!keysize || !password)
{
fprintf(stderr,"Invalid key-size and/or password.\n");
return NULL;
}
if(keysize > MAX_KEY_SIZE)
{
fprintf(stderr,"Limit the keysize to 4096 bits.\n");
return NULL;
}
init_openssl();
privkey = create_rsa_key(keysize);
if(privkey == NULL)
{
return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
}
fprintf(stdout,"Successfully created rsa key.\n");
x509_cert = create_x509_cert(privkey);
if(x509_cert == NULL)
{
return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
}
fprintf(stdout,"Successfully created x509 certificate.\n");
cacertstack = create_ca_cert_stack(x509_cert);
if(cacertstack == NULL)
{
return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
}
fprintf(stdout,"Successfully created stack-of-x509.\n");
if ((pkcs12bundle = PKCS12_new()) == NULL)
{
fprintf(stderr,"PKCS12_new failed.\n");
return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
}
pkcs12bundle = PKCS12_create(
(char*)password, // certbundle access password
"thali", // friendly certname
privkey, // the certificate private key
x509_cert, // the main certificate
cacertstack, // stack of CA cert chain
0, // int nid_key (default 3DES)
0, // int nid_cert (40bitRC2)
0, // int iter (default 2048)
0, // int mac_iter (default 1)
0 // int keytype (default no flag)
);
if (pkcs12bundle == NULL)
{
fprintf(stderr,"PKCS12_create failed.\n");
return (PKCS12*)free_openssl_resources(privkey, x509_cert, cacertstack);
}
fprintf(stdout,"Successfully created pkcs12 bundle.\n");
free_openssl_resources(privkey, x509_cert, cacertstack);
return pkcs12bundle; //TODO: Make this a stream (char *)
}
int main(int argc, char **argv)
{
BIO *acc, *client;
SSL *ssl;
SSL_CTX *ctx;
pthread_t tid;
init_openssl();
seed_prng(64);
ctx = setup_server_ctx();
acc = BIO_new_accept(PORT);
if(!acc)
log_err("Error creating server socket.");
/* first call BIO_do_accept() setup accept BIO */
if(BIO_do_accept(acc) <= 0)
log_err("Error binding server socket.");
for(;;) {
if(BIO_do_accept(acc) <= 0)
log_err("Error accepting connection.");
client = BIO_pop(acc);
if(!(ssl = SSL_new(ctx)))
log_err("Error creating SSL context.");
SSL_set_bio(ssl, client, client);
pthread_create(&tid, NULL, server_thread, ssl);
}
SSL_CTX_free(ctx);
BIO_free(acc);
return 0;
}
int main(int argc, char** argv) {
char* host_and_port = argv[1];
char* store_path = "/etc/ssl/certs/";
char store_type = 'd';
char connection_type = 'e';
char buffer[4096];
buffer[0] = 0;
BIO* bio;
SSL_CTX* ctx = NULL;
SSL* ssl = NULL;
init_openssl();
if ((bio = connect_encrypted(host_and_port, store_path, store_type, &ctx, &ssl)) == NULL)
return (EXIT_FAILURE);
HeartbeatMessage * hbmsg = malloc(sizeof(HeartbeatMessage));
hbmsg->type = 1;
hbmsg->payload_length = 0xffff;
BIO_write(bio,hbmsg,sizeof(HeartbeatMessage));
int err = 0;
while(1) {
err = BIO_read(bio,buffer,4*1024);
if (err <= 0)
break;
fwrite(buffer,1,err,stdout);
fflush(stdout);
}
return (EXIT_SUCCESS);
}
/*
* Class: EmU_Login
* Method: init_backend
* Signature: ()V
*/
JNIEXPORT void JNICALL Java_EmU_1Login_init_1backend(JNIEnv *env, jobject obj)
{
set_using_safety_threads_for_openssl(true);
seed_prng();
init_openssl();
assert_cache_directory_existence();
}
static SSL_CTX *on_config_listen_setup_ssl(h2o_configurator_command_t *cmd, const char *config_file, yoml_t *config_node)
{
SSL_CTX *ssl_ctx = NULL;
const char *cert_file = NULL, *key_file = NULL;
yoml_t *t;
/* parse */
if (config_node->type != YOML_TYPE_MAPPING) {
h2o_config_print_error(cmd, config_file, config_node, "`ssl` is not a mapping");
goto Error;
}
if ((t = yoml_get(config_node, "certificate-file")) == NULL) {
h2o_config_print_error(cmd, config_file, config_node, "could not find mandatory property `certificate-file`");
goto Error;
} else if (t->type != YOML_TYPE_SCALAR) {
h2o_config_print_error(cmd, config_file, t, "the property must be a string");
goto Error;
}
cert_file = t->data.scalar;
if ((t = yoml_get(config_node, "key-file")) == NULL) {
h2o_config_print_error(cmd, config_file, config_node, "could not find mandatory property `key-file`");
goto Error;
} else if (t->type != YOML_TYPE_SCALAR) {
h2o_config_print_error(cmd, config_file, t, "the property must be a string");
goto Error;
}
key_file = t->data.scalar;
/* setup */
init_openssl();
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
setup_ecc_key(ssl_ctx);
if (SSL_CTX_use_certificate_file(ssl_ctx, cert_file, SSL_FILETYPE_PEM) != 1) {
h2o_config_print_error(cmd, config_file, config_node, "failed to load certificate file:%s\n", cert_file);
ERR_print_errors_fp(stderr);
goto Error;
}
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, key_file, SSL_FILETYPE_PEM) != 1) {
h2o_config_print_error(cmd, config_file, config_node, "failed to load private key file:%s\n", key_file);
ERR_print_errors_fp(stderr);
goto Error;
}
/* setup protocol negotiation methods */
#if H2O_USE_NPN
h2o_ssl_register_npn_protocols(ssl_ctx, h2o_http2_npn_protocols);
#endif
#if H2O_USE_ALPN
h2o_ssl_register_alpn_protocols(ssl_ctx, h2o_http2_alpn_protocols);
#endif
return ssl_ctx;
Error:
if (ssl_ctx != NULL)
SSL_CTX_free(ssl_ctx);
return NULL;
}
void rand_bytes(char* buf, int count)
{
static int init = init_openssl();
(void)init;
int result = RAND_bytes((unsigned char*)buf, count);
if (result != 1)
FC_THROW("Error calling OpenSSL's RAND_bytes(): ${code}", ("code", (uint32_t)ERR_get_error()));
}
/* Process command line args, create the bound socket,
* spawn child (worker) processes, and wait for them all to die
* (which they shouldn't!) */
int main(int argc, char **argv) {
parse_cli(argc, argv);
if (OPTIONS.SYSLOG)
openlog("stud", LOG_CONS | LOG_PID | LOG_NDELAY, LOG_DAEMON);
signal(SIGPIPE, SIG_IGN);
listener_socket = create_main_socket();
struct addrinfo hints;
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = 0;
const int gai_err = getaddrinfo(OPTIONS.BACK_IP, OPTIONS.BACK_PORT,
&hints, &backaddr);
if (gai_err != 0) {
ERR("{getaddrinfo}: [%s]", gai_strerror(gai_err));
exit(1);
}
/* load certificate, pass to handle_connections */
SSL_CTX * ctx = init_openssl();
master_pid = getpid();
if (OPTIONS.CHROOT && OPTIONS.CHROOT[0])
change_root();
if (OPTIONS.UID || OPTIONS.GID)
drop_privileges();
for (child_num=0; child_num < OPTIONS.NCORES; child_num++) {
int pid = fork();
if (pid == -1) {
ERR("{core} fork() failed! Goodbye cruel world!\n");
exit(1);
}
else if (pid == 0) // child
goto handle;
}
int child_status;
int dead_child_pid = wait(&child_status);
ERR("{core} A child (%d) died! This should not happen! Goodbye cruel world!\n", dead_child_pid);
kill(0, SIGTERM);
exit(2);
handle:
handle_connections(ctx);
return 0;
}
static void
init_ssl(void)
{
#if defined LIBCURL_USE_OPENSSL || defined SSL_SECURITY
init_openssl();
#endif
#if defined LIBCURL_USE_GNUTLS
init_gnutls();
#endif
}
DWORD create_netconn(BOOL useSSL, server_t *server, DWORD security_flags, netconn_t **ret)
{
netconn_t *netconn;
int result, flag;
if(useSSL) {
DWORD res;
TRACE("using SSL connection\n");
EnterCriticalSection(&init_ssl_cs);
res = init_openssl();
LeaveCriticalSection(&init_ssl_cs);
if(res != ERROR_SUCCESS)
return res;
}
netconn = heap_alloc_zero(sizeof(*netconn));
if(!netconn)
return ERROR_OUTOFMEMORY;
netconn->useSSL = useSSL;
netconn->socketFD = -1;
netconn->security_flags = security_flags;
list_init(&netconn->pool_entry);
assert(server->addr_len);
result = netconn->socketFD = socket(server->addr.ss_family, SOCK_STREAM, 0);
if(result != -1) {
result = connect(netconn->socketFD, (struct sockaddr*)&server->addr, server->addr_len);
if(result == -1)
closesocket(netconn->socketFD);
}
if(result == -1) {
heap_free(netconn);
return sock_get_error(errno);
}
#ifdef TCP_NODELAY
flag = 1;
result = setsockopt(netconn->socketFD, IPPROTO_TCP, TCP_NODELAY, (void*)&flag, sizeof(flag));
if(result < 0)
WARN("setsockopt(TCP_NODELAY) failed\n");
#endif
server_addref(server);
netconn->server = server;
*ret = netconn;
return ERROR_SUCCESS;
}
void rand_pseudo_bytes(char* buf, int count)
{
static int init = init_openssl();
(void)init;
// RAND_pseudo_bytes is deprecated in favor of RAND_bytes as of OpenSSL 1.1.0
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int result = RAND_pseudo_bytes((unsigned char*)buf, count);
if (result == -1)
FC_THROW("Error calling OpenSSL's RAND_pseudo_bytes(): ${code}", ("code", (uint32_t)ERR_get_error()));
#else
rand_bytes(buf, count);
#endif
}
static void init_server()
{
set_using_safety_threads_for_openssl(true);
seed_prng();
init_openssl();
assert_cache_directory_existence();
get_necessary_info();
load_pub_key();
// Initial the e-mail sending lock mutex
if(sem_init(&email_sending_lock_mutex, 0, 1) != 0)
int_error("Initial a mutex failed");
}
/**
* Main SSL demonstration code entry point
*/
int main(int argc, char** argv) {
// char* host_and_port = argv[1]; /* localhost:4422 */
// char* server_request = argv[2]; /* "GET / \r\n\r\n" */
// char* store_path = argv[3]; /* /home/user/projects/sslclient/certificate.pem */
// char store_type = argv[4][0]; /* f = file, anything else is a directory structure */
// char connection_type = argv[5][0]; /* e = encrypted, anything else is unencrypted */
char buffer[4096];
buffer[0] = 0;
BIO* bio;
SSL_CTX* ctx = NULL;
SSL* ssl = NULL;
/* initilise the OpenSSL library */
init_openssl();
/* encrypted link */
/*
if (connection_type == 'e') {
if ((bio = connect_encrypted(host_and_port, store_path, store_type, &ctx, &ssl)) == NULL)
return (EXIT_FAILURE);
}*/
/* unencrypted link */
//else if ((bio = connect_unencrypted(host_and_port)) == NULL)
//return (EXIT_FAILURE);
if ((bio = connect_encrypted("127.0.0.1:7543" , &ctx , &ssl)) == NULL)
return (EXIT_FAILURE);
char* server_request = "GET / \r\n\r\n";
write_to_stream(bio, server_request, strlen(server_request));
read_from_stream(bio, buffer, 4096);
printf("%s\r\n", buffer);
if (close_connection(bio) == 0)
return (EXIT_FAILURE);
/* clean up the SSL context resources for the encrypted link */
//if (connection_type == 'e')
SSL_CTX_free(ctx);
return (EXIT_SUCCESS);
}
void print_license_info()
{
license_struct lstr;
int license_valid;
fputs("License information:\n", stderr);
init_openssl();
load_license(&lstr);
print_license(&lstr);
license_valid = verify_license(&lstr);
free_license(&lstr);
free_openssl();
if (!license_valid) {
exit(EXIT_FAILURE);
}
fputs("The license key is valid.\n", stderr);
}
/* Process command line args, create the bound socket,
* spawn child (worker) processes, and wait for them all to die
* (which they shouldn't!) */
int main(int argc, char **argv) {
parse_cli(argc, argv);
int s = create_main_socket();
int x;
struct addrinfo hints;
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = 0;
const int gai_err = getaddrinfo(OPTIONS.BACK_IP, OPTIONS.BACK_PORT,
&hints, &backaddr);
if (gai_err != 0) {
fprintf(stderr, "{getaddrinfo}: [%s]", gai_strerror(gai_err));
exit(1);
}
/* load certificate, pass to handle_connections */
SSL_CTX * ctx = init_openssl();
for (x=0; x < OPTIONS.NCORES; x++) {
int pid = fork();
if (pid == -1) {
fprintf(stderr, "{core} fork() failed! Goodbye cruel world!\n");
exit(1);
}
else if (pid == 0) // child
goto handle;
}
int child_status;
for (x=0; x < OPTIONS.NCORES; x++) {
wait(&child_status);
fprintf(stderr, "{core} A child died! This should not happen! Goodbye cruel world!\n");
exit(2);
}
handle:
handle_connections(x, s, ctx);
return 0;
}
/* ---------------------------------------------------------------------
* ModuleInit
* Initialize module
* ---------------------------------------------------------------------
*/
int
ModuleInit(MODULEINIT_T* modinit)
{
LibPMStartFrame = modinit->StartFrame;
LibPMInsertStr = modinit->InsertStr;
LibPMInsertInt = modinit->InsertInt;
LibPMInsertLong = modinit->InsertLong;
LibPMSendFrame = modinit->SendFrame;
LibPMExecFrame = modinit->ExecFrame;
LibPMWriteError = modinit->WriteError;
LibPMStubCreate = modinit->StubCreate;
LibPMStubCheck = modinit->StubCheck;
LibPMStubDelete = modinit->StubDelete;
LibPMStubSetHook = modinit->StubSetHook;
LibPMStubSetProc = modinit->StubSetProc;
LibPMStubFind = modinit->StubFind;
init_openssl();
PMApiInit();
return TRUE;
}
int main(int argc, char **argv)
{
BIO *conn;
SSL *ssl;
SSL_CTX *ctx;
init_openssl();
seed_prng(64);
ctx = setup_client_ctx();
conn = BIO_new_connect(SERVER ":" PORT);
if(!conn)
log_err("Failed create bio connection");
if(BIO_do_connect(conn) <= 0)
log_err("Failed connecting to remote host");
if(!(ssl = SSL_new(ctx)))
log_err("Error creating an SSL context.");
SSL_set_bio(ssl, conn, conn);
if(SSL_connect(ssl) <= 0)
log_err("Error connecting SSL object.");
fprintf(stderr, "Connection opened\n");
if(do_client(ssl))
SSL_shutdown(ssl);
else
SSL_clear(ssl);
fprintf(stderr, "Connection closed\n");
//BIO_free(conn);
SSL_free(ssl);
SSL_CTX_free(ctx);
return 0;
}
void config_parse_cli(int argc, char **argv, stud_config *cfg) {
static int tls = 0, ssl = 0;
static int client = 0;
int c, i;
int test_only = 0;
char *prog;
struct option long_options[] = {
#ifndef NO_CONFIG_FILE
{ CFG_CONFIG, 1, NULL, CFG_PARAM_CFGFILE },
{ CFG_CONFIG_DEFAULT, 0, NULL, CFG_PARAM_DEFCFG },
#endif
{ "tls", 0, &tls, 1},
{ "ssl", 0, &ssl, 1},
{ "client", 0, &client, 1},
{ CFG_CIPHERS, 1, NULL, 'c' },
{ CFG_PREFER_SERVER_CIPHERS, 0, NULL, 'O' },
{ CFG_BACKEND, 1, NULL, 'b' },
{ CFG_FRONTEND, 1, NULL, 'f' },
{ CFG_WORKERS, 1, NULL, 'n' },
{ CFG_BACKLOG, 1, NULL, 'B' },
#ifdef USE_SHARED_CACHE
{ CFG_SHARED_CACHE, 1, NULL, 'C' },
{ CFG_SHARED_CACHE_LISTEN, 1, NULL, 'U' },
{ CFG_SHARED_CACHE_PEER, 1, NULL, 'P' },
{ CFG_SHARED_CACHE_MCASTIF, 1, NULL, 'M' },
#endif
{ CFG_KEEPALIVE, 1, NULL, 'k' },
{ CFG_CHROOT, 1, NULL, 'r' },
{ CFG_USER, 1, NULL, 'u' },
{ CFG_GROUP, 1, NULL, 'g' },
{ CFG_QUIET, 0, NULL, 'q' },
{ CFG_SYSLOG, 0, NULL, 's' },
{ CFG_SYSLOG_FACILITY, 1, NULL, CFG_PARAM_SYSLOG_FACILITY },
{ CFG_DAEMON, 0, &cfg->DAEMONIZE, 1 },
{ CFG_WRITE_IP, 0, &cfg->WRITE_IP_OCTET, 1 },
{ CFG_WRITE_PROXY, 0, &cfg->WRITE_PROXY_LINE, 1 },
{ CFG_WRITE_XFF, 0, &cfg->WRITE_XFF_LINE, 1 },
{ CFG_PROXY_PROXY, 0, &cfg->PROXY_PROXY_LINE, 1 },
{ CFG_READ_PROXY, 0, &cfg->READ_PROXY_LINE, 1 },
{ "test", 0, NULL, 't' },
{ "version", 0, NULL, 'V' },
{ "help", 0, NULL, 'h' },
{ 0, 0, 0, 0 }
};
while (1) {
int option_index = 0;
c = getopt_long(
argc, argv,
"c:e:Ob:f:n:B:C:U:P:M:k:r:u:g:qstVh",
long_options, &option_index
);
if (c == -1)
break;
switch (c) {
case 0:
break;
#ifndef NO_CONFIG_FILE
case CFG_PARAM_CFGFILE:
if (!config_file_parse(optarg, cfg))
config_die("%s", config_error_get());
break;
case CFG_PARAM_DEFCFG:
config_print_default(stdout, cfg);
exit(0);
break;
#endif
case CFG_PARAM_SYSLOG_FACILITY:
config_param_validate(CFG_SYSLOG_FACILITY, optarg, cfg, NULL, 0);
break;
case 'c':
config_param_validate(CFG_CIPHERS, optarg, cfg, NULL, 0);
break;
case 'e':
config_param_validate(CFG_SSL_ENGINE, optarg, cfg, NULL, 0);
break;
case 'O':
config_param_validate(CFG_PREFER_SERVER_CIPHERS, CFG_BOOL_ON, cfg, NULL, 0);
break;
case 'b':
config_param_validate(CFG_BACKEND, optarg, cfg, NULL, 0);
break;
case 'f':
config_param_validate(CFG_FRONTEND, optarg, cfg, NULL, 0);
break;
case 'n':
config_param_validate(CFG_WORKERS, optarg, cfg, NULL, 0);
break;
case 'B':
config_param_validate(CFG_BACKLOG, optarg, cfg, NULL, 0);
break;
#ifdef USE_SHARED_CACHE
case 'C':
config_param_validate(CFG_SHARED_CACHE, optarg, cfg, NULL, 0);
break;
case 'U':
config_param_validate(CFG_SHARED_CACHE_LISTEN, optarg, cfg, NULL, 0);
break;
case 'P':
config_param_validate(CFG_SHARED_CACHE_PEER, optarg, cfg, NULL, 0);
break;
case 'M':
config_param_validate(CFG_SHARED_CACHE_MCASTIF, optarg, cfg, NULL, 0);
break;
#endif
case 'k':
config_param_validate(CFG_KEEPALIVE, optarg, cfg, NULL, 0);
break;
case 'r':
config_param_validate(CFG_CHROOT, optarg, cfg, NULL, 0);
break;
case 'u':
config_param_validate(CFG_USER, optarg, cfg, NULL, 0);
break;
case 'g':
config_param_validate(CFG_GROUP, optarg, cfg, NULL, 0);
break;
case 'q':
config_param_validate(CFG_QUIET, CFG_BOOL_ON, cfg, NULL, 0);
break;
case 's':
config_param_validate(CFG_SYSLOG, CFG_BOOL_ON, cfg, NULL, 0);
break;
case 't':
test_only = 1;
break;
case 'V':
printf("%s %s\n", basename(argv[0]), STUD_VERSION);
exit(0);
break;
case 'h':
config_print_usage(argv[0], cfg);
exit(0);
break;
default:
config_die("Invalid command line parameters. Run %s --help for instructions.", basename(argv[0]));
}
}
prog = argv[0];
if (tls && ssl)
config_die("Options --tls and --ssl are mutually exclusive.");
else {
if (ssl)
cfg->ETYPE = ENC_SSL;
else if (tls)
cfg->ETYPE = ENC_TLS;
}
if (client) {
cfg->PMODE = SSL_CLIENT;
}
if (cfg->WRITE_IP_OCTET && cfg->WRITE_PROXY_LINE)
config_die("Options --write-ip and --write-proxy are mutually exclusive.");
if (cfg->WRITE_PROXY_LINE && cfg->PROXY_PROXY_LINE)
config_die("Options --write-proxy and --proxy-proxy are mutually exclusive.");
if (cfg->WRITE_IP_OCTET && cfg->PROXY_PROXY_LINE)
config_die("Options --write-ip and --proxy-proxy are mutually exclusive.");
if (cfg->DAEMONIZE) {
cfg->SYSLOG = 1;
cfg->QUIET = 1;
}
#ifdef USE_SHARED_CACHE
if (cfg->SHCUPD_IP != NULL && ! cfg->SHARED_CACHE)
config_die("Shared cache update listener is defined, but shared cache is disabled.");
#endif
// Any arguments left are presumed to be PEM files
argc -= optind;
argv += optind;
for (i = 0; i < argc; i++) {
config_param_validate(CFG_PEM_FILE, argv[i], cfg, NULL, 0);
}
if (cfg->PMODE == SSL_SERVER && cfg->CERT_FILES == NULL) {
config_die("No x509 certificate PEM file specified!");
}
// was this only a test?
if (test_only) {
fprintf(stderr, "Trying to initialize SSL contexts with your certificates");
if (!init_openssl()) {
config_die("Error initializing OpenSSL.");
}
printf("%s configuration looks ok.\n", basename(prog));
exit(0);
}
}
int main(int argc,char *argv[])
{
int a,b,c,processed_files=0,filename_count=0;
char *outfile_name=NULL;
int vflag=0,oflag=0;
#ifdef LICENSE
license_struct lstr;
#endif
progname=argv[0];
atexit(DelTemp);
signal(SIGINT,ControlChandler);
while ((c = getopt(argc, argv, "vo:")) != -1) {
switch (c) {
case 'o':
outfile_name=optarg;
oflag = 1;
break;
case 'v':
vflag=1;
break;
default: Usage();return 0;
}
}
if(oflag&&vflag){Usage();return 0;}/*both switches are used*/
if(vflag) {
fputs("Log Merger for the TTCN-3 Test Executor\n"
"Product number: " PRODUCT_NUMBER "\n"
"Version: " VERSION_STRING "\n"
"Build date: " __DATE__ " " __TIME__ "\n"
"Compiled with: " C_COMPILER_VERSION "\n\n"
COPYRIGHT_STRING "\n\n", stderr);
#ifdef LICENSE
print_license_info();
#endif
return 0;
}
#ifdef LICENSE
init_openssl();
load_license(&lstr);
if (!verify_license(&lstr)) {
free_license(&lstr);
free_openssl();
exit(EXIT_FAILURE);
}
if (!check_feature(&lstr, FEATURE_LOGFORMAT)) {
fputs("The license key does not allow the merging of log files.\n",
stderr);
return 2;
}
free_license(&lstr);
free_openssl();
#endif
argc-=optind-1;argv+=optind-1;
if(argc<2){Usage();return 0;}/*executed when no input file is given*/
for(a=1;a<argc;a++) {/*find first file with a valid timestamp*/
TimeStampUsed=GetTimeStampFormat(argv[a]);
if(TimeStampUsed!=TSF_Undefined)break;
}
switch(TimeStampUsed) {
case TSF_Seconds: fputs("Merging logs with timestamp "
"format \"seconds\" has no sense.\n", stderr); return 0;
case TSF_Time: TimeStampLength=TIMELENGTH;break;
case TSF_DateTime: TimeStampLength=DATETIMELENGTH;break;
default: fputs("Unsupported timestamp format.\n", stderr); return 1;
}
for(a=1,c=0;a<argc;a++) {/*get files with valid timestamp format*/
b=GetTimeStampFormat(argv[a]);
if(TimeStampUsed==b) {/*file conains at least one valid timestamp*/
c++;
name_list_in=(char **)Realloc(name_list_in,c*sizeof(char *));
name_list_in[c-1] = mcopystr(argv[a]);
} else if(b==TSF_Undefined)/*file contains no timestamp or uses a
different format than the first match*/
fprintf(stderr,"Warning: unknown format in %s\n",argv[a]);
else fprintf(stderr,"Warning: format mismatch in %s\n",argv[a]);
}
num_allfiles=c;
if(num_allfiles<1){Usage();return 0;}/*no valid log file found*/
if(oflag){/*switch [-o outfile] is used -> create outfile*/
outfile = fopen(outfile_name, FOPEN_WRITE);
if(outfile==NULL) {
fprintf(stderr,"Error creating %s %s\n",outfile_name,strerror(errno));
return 1;
}
} else {
outfile = stdout;
}
while(1) {
filename_count=num_allfiles;start_file=0;
while(num_allfiles>0) {/*process files in name_list_in*/
processed_files=OpenMaxFiles(num_allfiles,name_list_in+start_file);
must_use_temp=True;/*if there are infiles remaining use tempfiles
for all*/
if((processed_files<2)&&(num_allfiles>1)){fprintf(stderr,"Error: "
"can not open enough files.\nMore descriptors required "
"(set with the command `limit descriptors\')\n");return 1;}
if(infiles_processed==True)
for(a=0;a<processed_files;a++) {
Free(EventList[a]->str_to_add);
EventList[a]->str_to_add = NULL;
}
num_allfiles-=processed_files;
ProcessOpenFiles();
CloseAllFiles();
start_file+=processed_files;
}
must_use_temp=False;/*all infiles processed*/
/*remove temporary files used in previous step*/
if(infiles_processed==True)
for(a=0;a<filename_count;a++)remove(name_list_in[a]);
infiles_processed=True;
for(a=0;a<filename_count;a++)Free(name_list_in[a]);
Free(name_list_in);
if(num_tempfiles==0)break;/*no more file to process*/
name_list_in=temp_file_list;/*process tempfiles*/
num_allfiles=num_tempfiles;
num_tempfiles=0;temp_file_list=NULL;
}
check_mem_leak(progname);
return 0;
}
int generate_rsa(void)
{
int iRet = EXIT_SUCCESS;
EVP_PKEY* pPrivKey = NULL;
EVP_PKEY* pPubKey = NULL;
FILE* pFile = NULL;
const EVP_CIPHER* pCipher = NULL;
init_openssl();
pPrivKey = create_rsa_key();
pPubKey = create_rsa_key();
if(pPrivKey && pPubKey)
{/* Save the keys */
if((pFile = fopen("privkey.pem","wt")) && (pCipher = EVP_aes_256_cbc()))
{
if(!PEM_write_PrivateKey(pFile,pPrivKey,pCipher,
(unsigned char*)pcszPassphrase,
(int)strlen(pcszPassphrase),NULL,NULL))
{
fprintf(stderr,"PEM_write_PrivateKey failed.\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
}
fclose(pFile);
pFile = NULL;
if(iRet == EXIT_SUCCESS)
{
if((pFile = fopen("pubkey.pem","wt")) && PEM_write_PUBKEY(pFile,pPubKey))
fprintf(stderr,"Both keys saved.\n");
else
{
handle_openssl_error();
iRet = EXIT_FAILURE;
}
if(pFile)
{
fclose(pFile);
pFile = NULL;
}
}
}
else
{
fprintf(stderr,"Cannot create \"privkey.pem\".\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
if(pFile)
{
fclose(pFile);
pFile = NULL;
}
}
if(iRet == EXIT_SUCCESS)
{/* Read the keys */
EVP_PKEY_free(pPrivKey);
pPrivKey = NULL;
EVP_PKEY_free(pPubKey);
pPubKey = NULL;
if((pFile = fopen("privkey.pem","rt")) &&
(pPrivKey = PEM_read_PrivateKey(pFile,NULL,passwd_callback,(void*)pcszPassphrase)))
{
fprintf(stderr,"Private key read.\n");
}
else
{
fprintf(stderr,"Cannot read \"privkey.pem\".\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
}
if(pFile)
{
fclose(pFile);
pFile = NULL;
}
if((pFile = fopen("pubkey.pem","rt")) &&
(pPubKey = PEM_read_PUBKEY(pFile,NULL,NULL,NULL)))
{
fprintf(stderr,"Public key read.\n");
}
else
{
fprintf(stderr,"Cannot read \"pubkey.pem\".\n");
handle_openssl_error();
iRet = EXIT_FAILURE;
}
char msg[2048/8]; // Get rid of the newline
int session_seed = rand();
sprintf(msg, "%d", session_seed);
// Encrypt the message
}
}
if(pPrivKey)
{
EVP_PKEY_free(pPrivKey);
pPrivKey = NULL;
}
if(pPubKey)
{
EVP_PKEY_free(pPubKey);
pPubKey = NULL;
}
cleanup_openssl();
return iRet;
}
int run_server(int port, dserve_global_p globalptr) {
struct sockaddr_in clientaddr;
int rc, sd, connsd, next;
thread_data_p tdata;
struct common_data *common;
long tid, maxtid, tcount, i;
size_t clientlen;
//struct timeval timeout;
#ifdef MULTI_THREAD
#if _MSC_VER
HANDLE thandle;
HANDLE thandlearray[MAX_THREADS];
DWORD threads[MAX_THREADS];
#else
pthread_t threads[MAX_THREADS];
pthread_attr_t attr;
struct timespec tim, tim2;
#endif
#ifdef USE_OPENSSL
SSL_CTX *ctx;
SSL *ssl;
#endif
#endif
#if _MSC_VER
void* db=NULL; // actual database pointer
WSADATA wsaData;
if (WSAStartup(MAKEWORD(2, 0),&wsaData) != 0) {
errprint(WSASTART_ERR,NULL);
exit(ERR_EX_UNAVAILABLE);
}
db = wg_attach_existing_database("1000");
//db = wg_attach_database(database,100000000);
if (!db) {
errprint(DB_ATTACH_ERR,NULL);
exit(ERR_EX_UNAVAILABLE);
}
#else
signal(SIGPIPE,SIG_IGN); // important for linux TCP/IP handling
#endif
tdata=&(globalptr->threads_data[0]);
#ifdef MULTI_THREAD
#if _MSC_VER
#else
if (THREADPOOL) {
// ---------------- run as server with threadpool -----------
infoprint(THREADPOOL_INFO,NULL);
// setup nanosleep for 100 microsec
tim.tv_sec = 0;
tim.tv_nsec = 100000;
#ifdef USE_OPENSSL
// prepare openssl
ctx=init_openssl(globalptr->conf);
#endif
// prepare threads
common=(struct common_data *)malloc(sizeof(struct common_data));
tid=0;
tcount=0;
maxtid=0;
if (pthread_mutex_init(&(common->mutex),NULL) !=0 ||
pthread_cond_init(&(common->cond),NULL) != 0 ||
pthread_attr_init(&attr) !=0) {
errprint(MUTEX_ERROR,NULL);
exit(ERR_EX_UNAVAILABLE);
}
common->threads = threads;
common->queue = (common_task_t *)malloc(sizeof(common_task_t) * QUEUE_SIZE);
common->thread_count = 0;
common->queue_size = QUEUE_SIZE;
common->head = common->tail = common->count = 0;
common->shutdown = common->started = 0;
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); //PTHREAD_CREATE_DETACHED);
// create threads
for(tid=0;tid<MAX_THREADS;tid++) {
// init thread data block
tdata[tid].isserver=1;
tdata[tid].thread_id=tid;
tdata[tid].realthread=2;
tdata[tid].common=common;
tdata[tid].inuse=0;
tdata[tid].conn=0;
tdata[tid].ip=NULL;
tdata[tid].port=0;
tdata[tid].method=0;
tdata[tid].res=0;
tdata[tid].global=globalptr;
//fprintf(stderr,"creating thread %d tcount %d \n",(int)tid,(int)tcount);
rc=pthread_create(&threads[tid], &attr, handle_http, (void *) &tdata[tid]);
if (rc) {
errprint(THREAD_CREATE_ERR,strerror(errno));
exit(ERR_EX_UNAVAILABLE);
}
tcount++;
}
//
sd=open_listener(port);
if (sd<0) {
errprint(PORT_LISTEN_ERR, strerror(errno));
return -1;
}
clientlen = sizeof(clientaddr);
// loop forever, servicing requests
while (1) {
connsd=accept(sd,(struct sockaddr *)&clientaddr, &clientlen);
if (connsd<0) {
warnprint(CONN_ACCEPT_WARN, strerror(errno));
continue;
}
if(pthread_mutex_lock(&(common->mutex)) != 0) {
errprint(THREADPOOL_LOCK_ERR,NULL);
exit(ERR_EX_UNAVAILABLE);
}
#ifdef USE_OPENSSL
ssl = SSL_new(ctx); // get new SSL state with context
SSL_set_fd(ssl,connsd);
#endif
// now we have a connection: add to queue
next=common->tail+1;
next=(next==common->queue_size) ? 0 : next;
do {
if(common->count==common->queue_size) { // full?
//fprintf(stderr, "queue full\n");
nanosleep(&tim , &tim2);
break; //continue;
}
if(common->shutdown) {
warnprint(SHUTDOWN_WARN,NULL);
break;
}
// add to task queue
common->queue[common->tail].conn=connsd;
#ifdef USE_OPENSSL
common->queue[common->tail].ssl=ssl;
#endif
common->tail=next;
common->count+=1;
//printf("next %d\n",next);
// broadcast
if(pthread_cond_signal(&(common->cond)) != 0) {
warnprint(COND_SIGNAL_FAIL_WARN,NULL);
break;
}
} while(0);
//fprintf(stderr,"starting to unlock \n");
if(pthread_mutex_unlock(&(common->mutex)) != 0) {
errprint(THREADPOOL_UNLOCK_ERR,NULL);
exit(ERR_EX_UNAVAILABLE);
}
}
return 0; // never come to this
} else
#endif // threadpool not implemented on windows version: using a non-threadpool version
{
// ------------- run as server without threadpool -------------
infoprint(MULTITHREAD_INFO,NULL);
// setup nanosleep for 100 microsec
#if _MSC_VER
#else
tim.tv_sec = 0;
tim.tv_nsec = 100000;
#endif
// prepare common block
common=(struct common_data *)malloc(sizeof(struct common_data));
common->shutdown=0;
// mark thread data blocks free
for(i=0;i<MAX_THREADS;i++) {
tdata[i].inuse=0;
tdata[i].common=common;
tdata[i].global=globalptr;
}
// prepare threads
tid=0;
tcount=0;
maxtid=0;
#if _MSC_VER
#else
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); //PTHREAD_CREATE_JOINABLE);
#endif
sd=open_listener(port);
if (sd<0) {
errprint(PORT_LISTEN_ERR, strerror(errno));
return -1;
}
clientlen = sizeof(clientaddr);
while (1) {
connsd=accept(sd,(struct sockaddr *)&clientaddr, &clientlen);
if (common->shutdown==1) break;
if (connsd<0) {
warnprint(CONN_ACCEPT_WARN, strerror(errno));
continue;
}
tid=-1;
// find first free thread data block
// loop until we get a free one
while(tid<0) {
for(i=0;i<MAX_THREADS;i++) {
if (!tdata[i].inuse) {
tid=i;
break;
}
}
if (tid>=0) break;
#if _MSC_VER
usleep(1);
#else
nanosleep(&tim , &tim2);
#endif
}
if (tid>maxtid) maxtid=tid;
tcount++;
// init thread data block
tdata[tid].isserver=1;
tdata[tid].thread_id=tid;
tdata[tid].realthread=1;
tdata[tid].inuse=1;
tdata[tid].conn=connsd;
tdata[tid].ip=NULL;
tdata[tid].port=0;
tdata[tid].method=0;
tdata[tid].res=0;
tdata[tid].global=globalptr;
#if _MSC_VER
tdata[tid].db=db;
thandle=CreateThread(NULL, 0, handle_http, (void *) &tdata[tid], 0, &threads[tid]);
if (thandle==NULL) {
win_err_handler(TEXT("CreateThread"));
ExitProcess(3);
} else {
thandlearray[tid]=thandle;
}
#else
rc=pthread_create(&threads[tid], &attr, handle_http, (void *) &tdata[tid]);
#endif
}
return 0; // never come to this
}
#else
// ------------ run as an iterative server -------------
sd=open_listener(port);
if (sd<0) {
errprint(PORT_LISTEN_ERR, strerror(errno));
return -1;
}
clientlen = sizeof(clientaddr);
while (1) {
connsd=accept(sd,(struct sockaddr *)&clientaddr, &clientlen);
if (connsd<0) {
warnprint(CONN_ACCEPT_WARN, strerror(errno));
continue;
}
tid=0;
tdata[tid].isserver=1;
tdata[tid].thread_id=tid;
tdata[tid].realthread=0;
tdata[tid].conn=connsd;
tdata[tid].ip=NULL;
tdata[tid].port=0;
tdata[tid].method=0;
tdata[tid].res=0;
tdata[tid].global=globalptr;
#if _MSC_VER
tdata[tid].db=db;
#endif
handle_http((void *) &tdata[tid]);
}
return 0; // never come to this
#endif
}
int main(int argc,char *argv[])
{
int a,b,c;
FILE *outfile = NULL, *infile = NULL;
char *outfile_name=NULL,*infile_name=NULL;
char tmp[20];
int vflag=0,oflag=0,hflag=0,lflag=0,plusflag=0,minusflag=0;
#ifdef LICENSE
license_struct lstr;
#endif
while ((c = getopt(argc, argv, "lhvo:")) != -1) {
switch (c) {
case 'o':/*set outfile*/
outfile_name=optarg;
oflag = 1;
break;
case 'v':/*print version*/
vflag=1;
break;
case 'h':/*print help (usage)*/
hflag=1;
break;
case 'l':/*list event types*/
lflag=1;
break;
default:
Usage(argv[0]);
return EXIT_FAILURE;
}
}
if (oflag + vflag + hflag + lflag > 1) {
Usage(argv[0]);
return EXIT_FAILURE;
} else if (vflag) {
fputs("Log Filter for the TTCN-3 Test Executor\n"
"Product number: " PRODUCT_NUMBER "\n"
"Build date: " __DATE__ " " __TIME__ "\n"
"Compiled with: " C_COMPILER_VERSION "\n\n"
COPYRIGHT_STRING "\n\n", stderr);
#ifdef LICENSE
print_license_info();
#endif
return EXIT_SUCCESS;
} else if (hflag) {
Usage(argv[0]);
return EXIT_SUCCESS;
} else if(lflag) {
ListTypes();
return EXIT_SUCCESS;
}
#ifdef LICENSE
init_openssl();
load_license(&lstr);
if (!verify_license(&lstr)) {
free_license(&lstr);
free_openssl();
exit(EXIT_FAILURE);
}
if (!check_feature(&lstr, FEATURE_LOGFORMAT)) {
fputs("The license key does not allow the filtering of log files.\n",
stderr);
return 2;
}
free_license(&lstr);
free_openssl();
#endif
/*
switches: -v -o -h -l
filter parameters: parameter+ or parameter-
*/
for(a=0;a<MaxType;a++)Wflags[a]=0;
for(a=1;a<argc;a++) {
if(*argv[a]=='-'){if(*(argv[a]+1)=='o')a++;continue;}/*switch*/
if(*(argv[a]+strlen(argv[a])-1)=='-') {/*type to ignore*/
for(b=0,c=0;b<MaxType;b++)
if(0==strncmp(EventTypeNames[b],argv[a],
strlen(EventTypeNames[b]))&&strlen(EventTypeNames[b])==
strlen(argv[a])-1) {
Wflags[b]=DontWrite;
c=1;
}
if(!c) {/*Undefined type*/
strncpy(tmp,argv[a],sizeof(tmp)-1);
if(strlen(argv[a])>sizeof(tmp)-1)
for(c=2;c<5;c++)tmp[sizeof(tmp)-c]='.';
else tmp[strlen(argv[a])-1]='\0';
tmp[sizeof(tmp)-1]='\0';
if(strlen(tmp))fprintf(stderr,"Warning: %s is not a valid "
"event-type name.\n",tmp);
else fprintf(stderr,"Warning: `-\' without an event-type "
"name.\n");
}
Wothers=Write;
minusflag=1;
continue;
}
if(*(argv[a]+strlen(argv[a])-1)=='+') {/*type to write out*/
for(b=0,c=0;b<MaxType;b++)
if(0==strncmp(EventTypeNames[b],argv[a],
strlen(EventTypeNames[b]))&&strlen(EventTypeNames[b])==
strlen(argv[a])-1) {
Wflags[b]=Write;
c=1;
}
if(!c) {/*Undefined type*/
strncpy(tmp,argv[a],sizeof(tmp)-1);
if(strlen(argv[a])>sizeof(tmp)-1)
for(c=2;c<5;c++)tmp[sizeof(tmp)-c]='.';
else tmp[strlen(argv[a])-1]='\0';
tmp[sizeof(tmp)-1]='\0';
if(strlen(tmp))fprintf(stderr,"Warning: %s is not a valid "
"event-type name.\n",tmp);
else fprintf(stderr,"Warning: `+\' without an event-type "
"name.\n");
}
Wothers=DontWrite;
plusflag=1;
continue;
}
if(infile_name!=NULL) {/*only one input file at once*/
fprintf(stderr,"Error: more than one input file specified.\n");
return EXIT_FAILURE;
}
infile_name=argv[a];
}
if(minusflag&&plusflag) {/*type1+ and type2- at the same time could cause
types that are not defined what to do with, to act based on the
last filter definition. Thus it is not allowed.*/
fprintf(stderr,"Error: include and exclude at the same time.\n");
return EXIT_FAILURE;
}
if(infile_name==NULL)infile=stdin;/*if no infile specified use stdin*/
else {
infile=fopen(infile_name,"r");
if(infile==NULL) {
fprintf(stderr,"Error opening %s : %s\n",infile_name,
strerror(errno));
return EXIT_FAILURE;
}
}
if(oflag) {
outfile=fopen(outfile_name,"w");
if(outfile==NULL) {
fprintf(stderr,"Error creating %s : %s\n",outfile_name,
strerror(errno));
return EXIT_FAILURE;
}
} else outfile=stdout;/*if no outfile specified use stdout*/
a=ProcessFile(outfile,infile);/*filter infile to outfile*/
if(a==ERR_INVALID_LOG) {
if(infile_name!=NULL)fprintf(stderr,"Error: the file %s is not a valid "
"log file.\n",infile_name);
else fprintf(stderr,"Error: invalid format received from standard "
"input.\n");
return EXIT_FAILURE;
} else if(a==ERR_WRITE) {
if(errno)fprintf(stderr,"Error writing to output: %s\n",
strerror(errno));
else fprintf(stderr,"Error writing to output\n");
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
DWORD create_netconn(BOOL useSSL, server_t *server, DWORD security_flags, DWORD timeout, netconn_t **ret)
{
netconn_t *netconn;
int result, flag;
if(useSSL) {
DWORD res;
TRACE("using SSL connection\n");
EnterCriticalSection(&init_ssl_cs);
res = init_openssl();
LeaveCriticalSection(&init_ssl_cs);
if(res != ERROR_SUCCESS)
return res;
}
netconn = heap_alloc_zero(sizeof(*netconn));
if(!netconn)
return ERROR_OUTOFMEMORY;
netconn->useSSL = useSSL;
netconn->socketFD = -1;
netconn->security_flags = security_flags;
list_init(&netconn->pool_entry);
assert(server->addr_len);
result = netconn->socketFD = socket(server->addr.ss_family, SOCK_STREAM, 0);
if(result != -1) {
flag = 1;
ioctlsocket(netconn->socketFD, FIONBIO, &flag);
result = connect(netconn->socketFD, (struct sockaddr*)&server->addr, server->addr_len);
if(result == -1)
{
if (sock_get_error(errno) == WSAEINPROGRESS) {
struct pollfd pfd;
int res;
pfd.fd = netconn->socketFD;
pfd.events = POLLOUT;
res = poll(&pfd, 1, timeout);
if (!res)
{
closesocket(netconn->socketFD);
heap_free(netconn);
return ERROR_INTERNET_CANNOT_CONNECT;
}
else if (res > 0)
{
int err;
socklen_t len = sizeof(err);
if (!getsockopt(netconn->socketFD, SOL_SOCKET, SO_ERROR, &err, &len) && !err)
result = 0;
}
}
}
if(result == -1)
closesocket(netconn->socketFD);
else {
flag = 0;
ioctlsocket(netconn->socketFD, FIONBIO, &flag);
}
}
if(result == -1) {
heap_free(netconn);
return sock_get_error(errno);
}
#ifdef TCP_NODELAY
flag = 1;
result = setsockopt(netconn->socketFD, IPPROTO_TCP, TCP_NODELAY, (void*)&flag, sizeof(flag));
if(result < 0)
WARN("setsockopt(TCP_NODELAY) failed\n");
#endif
server_addref(server);
netconn->server = server;
*ret = netconn;
return ERROR_SUCCESS;
}
void init()
{
sigset_t sigmask;
sigemptyset(&sigmask);
sigaddset(&sigmask, SIGALRM);
sigaddset(&sigmask, SIGUSR1);
sigprocmask(SIG_BLOCK, &sigmask, NULL);
console_print("Emergence Client " VERSION "\n");
SDL_Init(SDL_INIT_AUDIO);
init_user();
init_network();
init_timer();
init_openssl();
init_key();
init_download();
init_servers();
create_cvars();
init_console_cvars();
init_render_cvars();
init_map_cvars();
create_control_cvars();
// create_input_cvars();
init_tick_cvars();
init_console();
create_colour_cvars();
struct string_t *string = new_string_string(emergence_home_dir);
string_cat_text(string, "/client.config");
if(!exec_config_file(string->text))
{
exec_config_file(find_resource("default-controls.config"));
}
else
{
char *ver = get_cvar_string("version");
if(*ver == '\0')
{
struct string_t *command = new_string_text("rm ");
string_cat_string(command, emergence_home_dir);
string_cat_text(command, "/skins/default.skin*");
console_print("%s\n", command->text);
system(command->text);
vid_mode = -1; // find a nice mode
exec_config_file(find_resource("default-controls.config"));
}
free(ver);
}
free_string(string);
set_cvar_string("version", VERSION);
init_skin();
init_input();
init_control();
init_render();
init_rcon();
init_ping();
create_cvar_command("quit", client_shutdown_char);
init_sound();
init_game();
init_alarm();
render_frame();
string = new_string_text("%s%s", emergence_home_dir->text, "/client.autoexec");
if(!exec_config_file(string->text))
exec_config_file(find_resource("default-client.autoexec"));
free_string(string);
start_server_discovery();
}
void _init_lib() {
static const secp256k1_context_t* ctx = _get_context();
static int init_o = init_openssl();
}
int test_ssl_certificate() {
init_openssl();
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
SSL * ssl;
if (NULL == ctx) {
DEBUG_PRINT("%s\n", "Failed to init SSL_CTX");
exit(1);
}
if(!SSL_CTX_load_verify_locations(ctx, NULL ,"/etc/ssl/certs")) {
DEBUG_PRINT("%s\n", "Failed to load certs from /etc/ssl/certs");
exit(1);
}
BIO *bio;
// Create secure BIO object
bio = BIO_new_ssl_connect(ctx);
if (NULL == bio) {
DEBUG_PRINT("%s\n", "Failed to create the BIO object");
exit(1);
}
// Get the SSL connection from bio struct to ssl
BIO_get_ssl(bio, &ssl);
// Set SSL_MODE_AUTO_RETRY flag to allow retrying ssl handshake
// int the background
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
DEBUG_PRINT("%s\n", "Performing SSL handshake with the host www.verisign.com");
// Set up connection hostname and port
BIO_set_conn_hostname(bio, "www.verisign.com:https");
// Verify the connection opened and perform the handshake
if (BIO_do_connect(bio) <= 0) {
// Connection failed
DEBUG_PRINT("%s\n", "Failed to open connection to host");
ERR_print_errors_fp(stderr);
BIO_free_all(bio);
exit(1);
}
// Verify certificate
if(SSL_get_verify_result(ssl) != X509_V_OK) {
// Problem in certificate
DEBUG_PRINT("%s\n", "Failed to verify host certificate");
} else {
DEBUG_PRINT("%s\n", "Verified host certificate");
}
// Clean context structure
SSL_CTX_free(ctx);
/* To reuse the connection, use this line */
/*BIO_reset(bio);*/
/* To free it from memory, use this line */
BIO_free_all(bio);
return 0;
}
/**
*
* \brief Main exchange-tls12 function. For help on arguments
* see the usage() above.
*
* \param[in] argc - the number of arguments passed into the
* command line
* \param[in] argv - a pointer to the array of arguments
* \return 0 for success
*/
int main(int argc, char *argv[])
{
int err = 0;
int cmd = -1;
char ch;
uint32_t is_server = 0;
uint32_t is_client = 0;
char *ca_path = NULL;
char *chain_file = NULL;
char *cert_file = NULL;
char *key_file = NULL;
char *engine_id = NULL;
char *cipher_list = NULL;
char *ip_address = "127.0.0.1";
uint16_t port_number = PORT_NUMBER_DEFAULT;
char cwd[200];
char cmd_buffer[256];
int buf_len = 128;
verify_depth = 0;
if (getcwd(cwd, sizeof(cwd)) != NULL) {
fprintf(stderr, "Current working dir: %s\n", cwd);
} else {
fprintf(stderr, "getcwd() error");
return 100;
}
snprintf(cmd_buffer, 256, "%s/certstore", cwd);
while ((ch = getopt(argc, argv, "C:Ec:sp:b:f:k:e:d:I:P:vh?")) != (char)-1) {
switch (ch) {
case 'C':
cmd = strtol(optarg, NULL, 0);
break;
case 'E':
cmd = ECCX08_CMD_EXTRACT_ALL_CERTS;
break;
case 'c':
is_client = 1;
cipher_list = strdup(optarg);
break;
case 's':
is_server = 1;
break;
case 'p':
ca_path = strdup(optarg);
break;
case 'b':
chain_file = strdup(optarg);
break;
case 'f':
cert_file = strdup(optarg);
break;
case 'k':
key_file = strdup(optarg);
break;
case 'e':
engine_id = strdup(optarg);
break;
case 'd':
verify_depth = strtol(optarg, NULL, 0);
break;
case 'I':
ip_address = strdup(optarg);
break;
case 'P':
port_number = strtol(optarg, NULL, 0);
break;
case 'v':
printf("Exchange version = %s\n", EXCHANGE_VERSION);
cmd = ECCX08_CMD_GET_VERSION;
break;
case 'h':
case '?':
default:
usage();
break;
}
}
if (cmd != -1) {
if (!engine_id) {
fprintf(stderr, "\nNo Engine specified - cannot run a command\n");
return (10);
}
init_openssl();
err = setup_engine(engine_id);
if (err == 0) {
err = 19;
goto done;
}
err = run_engine_cmds(engine_id, cmd, cmd_buffer, buf_len);
if (err == 0) {
err = 20;
goto done;
}
if ('\0' != cmd_buffer) {
printf("%s\n", cmd_buffer);
}
err = 0;
goto done;
}
if ((is_server || is_client) == 0) {
fprintf(stderr, "\nMust specify -c or -s option");
usage();
} else if ((is_server && is_client) == 1) {
fprintf(stderr, "\nCannot specify both -c or -s options");
usage();
}
if (!ca_path) {
fprintf(stderr, "\nMust specify CA path");
usage();
}
if (!chain_file) {
fprintf(stderr, "\nMust specify Chain File (certificate bundle)");
usage();
}
if (!cert_file) {
fprintf(stderr, "\nMust specify Certificate File");
usage();
}
if (!key_file) {
fprintf(stderr, "\nMust specify Private Key File");
usage();
}
if (!engine_id) {
fprintf(stderr, "\nNo Engine specified - using software crypto/ssl libraries\n");
}
if (is_server) {
err = connect_server(engine_id, ca_path, chain_file, cert_file, key_file,
ip_address, port_number);
} else {
err = connect_client(engine_id, ca_path, chain_file, cert_file, key_file, cipher_list,
ip_address, port_number);
}
sleep(2);
return (err);
done:
sleep(2);
cleanup_openssl();
return (err);
}
