void setup_https_test_server(serv_ctx_t **servctx_p, apr_sockaddr_t *address, test_server_message_t *message_list, apr_size_t message_count, test_server_action_t *action_list, apr_size_t action_count, apr_int32_t options, const char *keyfile, const char **certfiles, const char *client_cn, apr_pool_t *pool) { serv_ctx_t *servctx; setup_test_server(servctx_p, address, message_list, message_count, action_list, action_count, options, pool); servctx = *servctx_p; apr_pool_cleanup_register(pool, servctx, cleanup_https_server, apr_pool_cleanup_null); servctx->handshake = ssl_handshake; servctx->reset = ssl_reset; /* Override with SSL encrypt/decrypt functions */ servctx->read = ssl_socket_read; servctx->send = ssl_socket_write; init_ssl_context(servctx, keyfile, certfiles, client_cn); }
int main(int argc, char **argv){ struct soap mySoap; char *rpDoc; char *passPtr; const int MAX_LEN = 1024; char input[MAX_LEN]; char username[MAX_LEN]; signal(SIGPIPE, sigpipe_handle); if(argc != 2){ printf("Usage:\n getResourcePropertyDoc <EPR of SWS>\n"); return 1; } snprintf(username, MAX_LEN, "%s", getenv("USER")); soap_init(&mySoap); /* If address of SWS begins with 'https' then initialize SSL context */ if( (strstr(argv[1], "https") == argv[1]) ){ /* - don't bother with mutually-authenticated SSL if( !(passPtr = getpass("Enter passphrase for key: ")) ){ printf("Failed to get passphrase from command line\n"); return 1; } strncpy(input, passPtr, MAX_LEN); */ init_ssl_context(&mySoap, REG_TRUE, NULL,/* user's cert. & key file */ NULL,/* Password to read key file */ "/etc/grid-security/certificates"); } if( !(passPtr = getpass("Enter SWS password: "******"Failed to get SWS password from command line\n"); return 1; } get_resource_property_doc(&mySoap, argv[1], username, passPtr, &rpDoc); fprintf(stdout, "\n\n%s\n\n", rpDoc); /* Explicitly wipe the passphrase from memory */ memset((void *)(input), '\0', MAX_LEN); soap_end(&mySoap); soap_done(&mySoap); return 0; }
int main(int argc, char **argv){ char passphrase[256]; char username[256]; char EPR[256]; char msg[1024]; struct soap mySoap; if(argc != 4){ printf("Usage:\n addUser <address of SWS> <passphrase> <username to add>\n"); return 1; } soap_init(&mySoap); strncpy(EPR, argv[1], 256); strncpy(passphrase, argv[2], 256); strncpy(username, argv[3], 256); snprintf(msg, 1024, "<user>%s</user>", username); /* If address of SWS begins with 'https' then initialize SSL context */ if( (strstr(EPR, "https") == EPR) ){ init_ssl_context(&mySoap, REG_TRUE, /* Authenticate SWS */ NULL,/* user's cert. & key file */ NULL,/* Password to read key file */ "/etc/grid-security/certificates"); } set_resource_property(&mySoap, EPR, getenv("USER"), passphrase, msg); soap_end(&mySoap); soap_done(&mySoap); return 0; }
/* * Initialize SSL sub module * * Arguments: None * Returns: None */ void initSSL(void) { static void *ssl_API[ssl_API_pointers]; PyObject *ssl_api_object; PyObject *module; SSL_library_init(); ERR_load_SSL_strings(); import_crypto(); if ((module = Py_InitModule3("SSL", ssl_methods, ssl_doc)) == NULL) { return; } /* Initialize the C API pointer array */ ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New; ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New; ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL); if (ssl_api_object != NULL) PyModule_AddObject(module, "_C_API", ssl_api_object); /* Exceptions */ /* * ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration, * inserting OpenSSL.SSL.name into dict, derviving the exception from base. */ #define ADD_EXCEPTION(_name, _base) \ do { \ ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\ if (ssl_##_name == NULL) \ goto error; \ if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \ goto error; \ } while (0) ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL); if (ssl_Error == NULL) goto error; if (PyModule_AddObject(module, "Error", ssl_Error) != 0) goto error; ADD_EXCEPTION(ZeroReturnError, ssl_Error); ADD_EXCEPTION(WantReadError, ssl_Error); ADD_EXCEPTION(WantWriteError, ssl_Error); ADD_EXCEPTION(WantX509LookupError, ssl_Error); ADD_EXCEPTION(SysCallError, ssl_Error); #undef ADD_EXCEPTION /* Method constants */ PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD); PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD); PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD); PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD); /* Verify constants */ PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE); PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER); PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT", SSL_VERIFY_FAIL_IF_NO_PEER_CERT); PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE", SSL_VERIFY_CLIENT_ONCE); /* File type constants */ PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM); PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1); /* SSL option constants */ PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE); PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA); PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2); PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3); PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1); /* More SSL option constants */ PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG); PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG); PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING); PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG); PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG); PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG); PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL); PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE); PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG); PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1); PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2); PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG); PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); /* DTLS related options. The first two of these were introduced in * 2005, the third in 2007. To accomodate systems which are still using * older versions, make them optional. */ #ifdef SSL_OP_NO_QUERY_MTU PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU); #endif #ifdef SSL_OP_COOKIE_EXCHANGE PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE); #endif #ifdef SSL_OP_NO_TICKET PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET); #endif /* For SSL_set_shutdown */ PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN); PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN); if (!init_ssl_context(module)) goto error; if (!init_ssl_connection(module)) goto error; #ifdef WITH_THREAD /* * Initialize this module's threading support structures. */ _pyOpenSSL_tstate_key = PyThread_create_key(); #endif error: ; }
bool SSLConnection :: start() { if( connected ) { return true; } if( host.size() < 1 || service.size() < 1 ) { return false; } int n, new_fd; char buffer[128]; struct addrinfo hints, *result, *result_saved; size_t buffer_size = sizeof( buffer ); fd = -1; memset( &hints, 0, sizeof( struct addrinfo ) ); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; n = getaddrinfo( host.c_str(), service.c_str(), &hints, &result ); if( n != 0 ) { // error handling here //std::cerr << "ERROR: " << gai_strerror( n ) << std::endl; throw std::string( gai_strerror( n ) ); return false; } ctx = init_ssl_context(); ssl = SSL_new( ctx ); result_saved = result; while( result != NULL ) { new_fd = socket( result->ai_family, result->ai_socktype, result->ai_protocol ); if( new_fd < 0 ) { continue; } n = connect( new_fd, result->ai_addr, result->ai_addrlen ); if( n == 0 ) { fd = new_fd; break; } result = result->ai_next; } if( fd < 0 ) { // error handling //std::cerr << "ERROR: " << gai_strerror( fd ) << std::endl; throw std::string( gai_strerror( fd ) ); return false; } else { struct sockaddr_in *sin = (struct sockaddr_in *)result->ai_addr; inet_ntop( result->ai_family, &( sin->sin_addr ), buffer, buffer_size ); address = std::string( buffer ); } freeaddrinfo( result_saved ); SSL_set_fd( ssl, fd ); if( SSL_connect( ssl ) == -1 ) { throw std::string( "SSL Failed!" ); } connected = true; return true; }