int encrypt_connect_server() { //return -1; /* SSL initialization*/ SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ctx = SSL_CTX_new(TLSv1_client_method()); if (ctx == NULL) { ERR_print_errors_fp(stdout); exit(1); } /* creat a new SSL based on ctx */ ssl = SSL_new(ctx); // connect ssl to TCP SOCKET SSL_set_fd(ssl, sockfd); /* create ssl connection */ if (SSL_connect(ssl) == -1 || strcmp("(NONE)",SSL_get_cipher(ssl)) == 0) { ERR_print_errors_fp(stderr); return -1; } DEBUG_printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); ShowCerts(ssl); return 1; }
datum_t ssl_cipher(PG_FUNC_ARGS) { if (proc_port->ssl == NULL) RET_NULL(); RET_TEXT_P(cstring_to_text(SSL_get_cipher(proc_port->ssl))); }
bool SSLSocket::waitAccepted(uint64_t millis) { if(!ssl) { if(!Socket::waitAccepted(millis)) { return false; } ssl.reset(SSL_new(ctx)); if(!ssl) checkSSL(-1); checkSSL(SSL_set_fd(ssl, sock)); } if(SSL_is_init_finished(ssl)) { return true; } while(true) { int ret = SSL_accept(ssl); if(ret == 1) { dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl)); #ifndef HEADER_OPENSSLV_H finished = true; #endif return true; } if(!waitWant(ret, millis)) { return false; } } }
bool SSLSocket::waitConnected(uint64_t millis) { if(!ssl) { if(!Socket::waitConnected(millis)) { return false; } ssl.reset(SSL_new(ctx)); if(!ssl) checkSSL(-1); checkSSL(SSL_set_fd(ssl, sock)); } if(SSL_is_init_finished(ssl)) { return true; } while(true) { // OpenSSL needs server handshake for NAT traversal int ret = ssl->server ? SSL_accept(ssl) : SSL_connect(ssl); if(ret == 1) { dcdebug("Connected to SSL server using %s as %s\n", SSL_get_cipher(ssl), ssl->server?"server":"client"); #ifndef HEADER_OPENSSLV_H finished = true; #endif return true; } if(!waitWant(ret, millis)) { return false; } } }
std::string TLSSocket::Cipher() const { if (!session) return "NONE"; const char* cipher = SSL_get_cipher(session); if (!cipher) return "NONE"; return cipher; }
bool SSLSocket::waitAccepted(uint64_t millis) { if(!ssl) { if(!Socket::waitAccepted(millis)) { return false; } ssl.reset(SSL_new(ctx)); if(!ssl) checkSSL(-1); if(!verifyData) { SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); } else SSL_set_ex_data(ssl, CryptoManager::idxVerifyData, verifyData.get()); checkSSL(SSL_set_fd(ssl, static_cast<int>(getSock()))); } if(SSL_is_init_finished(ssl)) { return true; } while(true) { int ret = SSL_accept(ssl); if(ret == 1) { dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl)); return true; } if(!waitWant(ret, millis)) { return false; } } }
int kn_sock_sslconnect(//engine_t e, handle_t h, kn_sockaddr *remote, kn_sockaddr *local){ if(h->type != KN_SOCKET && ((kn_socket*)h)->type != SOCK_STREAM) return 0; kn_socket *s = (kn_socket*)h; if(h->status != SOCKET_NONE) return -1; //if(s->e) return -1; SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { ERR_print_errors_fp(stdout); return -1; } ((kn_stream_socket*)s)->ctx = ctx; s->addr_remote = *remote; int ret = stream_socket_connect((kn_stream_socket*)s,local,remote); if(ret == 1){ ((kn_stream_socket*)s)->ssl = SSL_new(ctx); SSL_set_fd(((kn_stream_socket*)s)->ssl,h->fd); if (SSL_connect(((kn_stream_socket*)s)->ssl) == -1){ ERR_print_errors_fp(stderr); ret = -1; } else { kn_set_noblock(h->fd,0); h->status = SOCKET_ESTABLISH; printf("Connected with %s encryption/n", SSL_get_cipher(((kn_stream_socket*)s)->ssl)); ShowCerts(((kn_stream_socket*)s)->ssl); } }else{ ret = -1; } return ret; }
int openhost(char *host, int port) { struct hostent *hp; register int s; struct sockaddr_in sin; int err; X509 *server_cert; char *str; if ((hp = gethostbyname(host)) == NULL) { printf("ERR: gethostbyname\n"); return (-1); } if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); return (-1); } sin.sin_family = AF_INET; sin.sin_port = htons(port); bcopy(hp->h_addr, &sin.sin_addr, hp->h_length); alarm(30); if (connect(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) return (-1); alarm(0); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); /* ctx = SSL_CTX_new (SSLv23_method()); CHK_NULL(ctx); */ ctx = SSL_CTX_new(SSLv2_method()); CHK_NULL(ctx); ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd(ssl, s); err = SSL_connect(ssl); CHK_SSL(err); printf("SSL connection using %s\n", SSL_get_cipher(ssl)); server_cert = SSL_get_peer_certificate(ssl); CHK_NULL(server_cert); printf("Server certificate:\n"); str = X509_NAME_oneline(X509_get_subject_name(server_cert), NULL, 0); CHK_NULL(str); printf("\t subject: %s\n", str); Free(str); str = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0); CHK_NULL(str); printf("\t issuer: %s\n", str); Free(str); X509_free(server_cert); return (s); }
int tls_get_conninfo(struct tls *ctx) { const char * tmp; tls_free_conninfo(ctx->conninfo); if (ctx->ssl_peer_cert != NULL) { if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1) goto err; if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject) == -1) goto err; if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) goto err; if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore, &ctx->conninfo->notafter) == -1) goto err; } if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL) goto err; ctx->conninfo->version = strdup(tmp); if (ctx->conninfo->version == NULL) goto err; if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL) goto err; ctx->conninfo->cipher = strdup(tmp); if (ctx->conninfo->cipher == NULL) goto err; return (0); err: tls_free_conninfo(ctx->conninfo); return (-1); }
/* * printSSLInfo * * Prints information about the current SSL connection, if SSL is in use */ static void printSSLInfo(void) { #ifdef USE_SSL int sslbits = -1; SSL *ssl; ssl = PQgetssl(pset.db); if (!ssl) return; /* no SSL */ SSL_get_cipher_bits(ssl, &sslbits); printf(_("SSL connection (cipher: %s, bits: %i)\n"), SSL_get_cipher(ssl), sslbits); #else /* * If psql is compiled without SSL but is using a libpq with SSL, we * cannot figure out the specifics about the connection. But we know it's * SSL secured. */ if (PQgetssl(pset.db)) printf(_("SSL connection (unknown cipher)\n")); #endif }
bool SSLSocket::waitAccepted(uint32_t millis) { if(!ssl) { if(!Socket::waitAccepted(millis)) { return false; } ssl.reset(SSL_new(ctx)); if(!ssl) checkSSL(-1); checkSSL(SSL_set_fd(ssl, getSock())); } if(SSL_is_init_finished(ssl)) { return true; } while(true) { int ret = SSL_accept(ssl); if(ret == 1) { dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl)); return true; } if(!waitWant(ret, millis)) { return false; } } }
/*---------------------------------------------------------------------*/ bool MakeSSLRequest(const char* hostname, int port, ClientFunction client_func, void* client_data) { // Set up context SSL_CTX* ctx = InitCTX(); CHECK_CALL(ctx); // Connect to server int server = OpenConnection(hostname, port); if(server < 0) return false; CHECK_CALL(server); SSL* ssl = SSL_new(ctx); SSL_set_fd(ssl, server); // Do handshake if ( SSL_connect(ssl) == FAIL ) { ERR_print_errors_fp(stderr); return false; } client_func(ssl, client_data); fprintf(stderr, "Connected with %s encryption\n", SSL_get_cipher(ssl)); SSL_free(ssl); close(server); SSL_CTX_free(ctx); ERR_free_strings(); EVP_cleanup(); return true; }
Datum ssl_cipher(PG_FUNCTION_ARGS) { if (MyProcPort->ssl == NULL) PG_RETURN_NULL(); PG_RETURN_TEXT_P(cstring_to_text(SSL_get_cipher(MyProcPort->ssl))); }
static int ssl_connect(int sd) { char buf[256]; X509 *cert; SSL_set_fd(ssl, sd); if (-1 == SSL_connect(ssl)) return -1; DBG("SSL connection using %s", SSL_get_cipher(ssl)); /* Get server's certificate (note: beware of dynamic allocation) - opt */ cert = SSL_get_peer_certificate(ssl); if (!cert) return -1; /* Logging some cert details. Please note: X509_NAME_oneline doesn't work when giving NULL instead of a buffer. */ X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); DBG("SSL server cert subject: %s", buf); X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)); DBG("SSL server cert issuer: %s", buf); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free(cert); return 0; }
THREAD_RETURN YASSL_API server_test(void* args) { #ifdef _WIN32 WSADATA wsd; WSAStartup(0x0002, &wsd); #endif SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; int argc = 0; char** argv = 0; set_args(argc, argv, *static_cast<func_args*>(args)); tcp_accept(sockfd, clientfd, *static_cast<func_args*>(args)); tcp_close(sockfd); SSL_METHOD* method = TLSv1_server_method(); SSL_CTX* ctx = SSL_CTX_new(method); //SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5"); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); set_serverCerts(ctx); DH* dh = set_tmpDH(ctx); SSL* ssl = SSL_new(ctx); SSL_set_fd(ssl, clientfd); #ifdef NON_BLOCKING NonBlockingSSL_Accept(ssl, ctx, clientfd); #else if (SSL_accept(ssl) != SSL_SUCCESS) ServerError(ctx, ssl, clientfd, "SSL_accept failed"); #endif showPeer(ssl); printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl)); char command[1024]; int input = SSL_read(ssl, command, sizeof(command)); if (input > 0) { command[input] = 0; printf("First client command: %s\n", command); } char msg[] = "I hear you, fa shizzle!"; if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) ServerError(ctx, ssl, clientfd, "SSL_write failed"); DH_free(dh); SSL_CTX_free(ctx); SSL_shutdown(ssl); SSL_free(ssl); tcp_close(clientfd); ((func_args*)args)->return_code = 0; return 0; }
void be_tls_get_cipher(Port *port, char *ptr, size_t len) { if (port->ssl) strlcpy(ptr, SSL_get_cipher(port->ssl), len); else ptr[0] = '\0'; }
const char * be_tls_get_cipher(Port *port) { if (port->ssl) return SSL_get_cipher(port->ssl); else return NULL; }
int ssl_open(http_t *client, char *msg) { char buf[256]; const char *sn; X509 *cert; if (!client->ssl_enabled) return tcp_init(&client->tcp, msg); tcp_set_port(&client->tcp, HTTPS_DEFAULT_PORT); DO(tcp_init(&client->tcp, msg)); logit(LOG_INFO, "%s, initiating HTTPS ...", msg); client->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); if (!client->ssl_ctx) return RC_HTTPS_OUT_OF_MEMORY; /* POODLE, only allow TLSv1.x or later */ SSL_CTX_set_options(client->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION); SSL_CTX_set_verify(client->ssl_ctx, SSL_VERIFY_PEER, verify_callback); SSL_CTX_set_verify_depth(client->ssl_ctx, 150); /* Try to figure out location of trusted CA certs on system */ if (ssl_set_ca_location(client)) return RC_HTTPS_NO_TRUSTED_CA_STORE; client->ssl = SSL_new(client->ssl_ctx); if (!client->ssl) return RC_HTTPS_OUT_OF_MEMORY; /* SSL SNI support: tell the servername we want to speak to */ http_get_remote_name(client, &sn); if (!SSL_set_tlsext_host_name(client->ssl, sn)) return RC_HTTPS_SNI_ERROR; SSL_set_fd(client->ssl, client->tcp.ip.socket); if (-1 == SSL_connect(client->ssl)) return RC_HTTPS_FAILED_CONNECT; logit(LOG_INFO, "SSL connection using %s", SSL_get_cipher(client->ssl)); cert = SSL_get_peer_certificate(client->ssl); if (!cert) return RC_HTTPS_FAILED_GETTING_CERT; if (SSL_get_verify_result(client->ssl) == X509_V_OK) logit(LOG_DEBUG, "Certificate OK"); X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); logit(LOG_INFO, "SSL server cert subject: %s", buf); X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)); logit(LOG_INFO, "SSL server cert issuer: %s", buf); X509_free(cert); return 0; }
/** * Embeds a socket in a ssl connection. * @param socket the socket to be used. * @return The ssl connection or NULL if an error occured. */ int embed_ssl_socket(ssl_connection *ssl, int socket) { int ssl_error; time_t ssl_time; if (!ssl) return FALSE; if (!ssl_initialized) start_ssl(); if (socket >= 0) { ssl->socket = socket; } else { LogError("%s: Socket error!\n", prog); goto sslerror; } if ((ssl->handler = SSL_new (ssl->ctx)) == NULL) { LogError("%s: Cannot initialize the SSL handler -- %s\n", prog, SSLERROR); goto sslerror; } set_noblock(ssl->socket); if ((ssl->socket_bio = BIO_new_socket(ssl->socket, BIO_NOCLOSE)) == NULL) { LogError("%s: Cannot generate IO buffer -- %s\n", prog, SSLERROR); goto sslerror; } SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio); ssl_time = time(NULL); while ((ssl_error = SSL_connect (ssl->handler)) < 0) { if ((time(NULL) - ssl_time) > SSL_TIMEOUT) { LogError("%s: SSL service timeout!\n", prog); goto sslerror; } if (!handle_error(ssl_error, ssl)) goto sslerror; if (!BIO_should_retry(ssl->socket_bio)) goto sslerror; } ssl->cipher = (char *) SSL_get_cipher(ssl->handler); if (! update_ssl_cert_data(ssl)) { LogError("%s: Cannot get the SSL server certificate!\n", prog); goto sslerror; } return TRUE; sslerror: cleanup_ssl_socket(ssl); return FALSE; }
/* * Enable SSL on a connection. */ int fetch_ssl(conn_t *conn, int verbose) { #ifdef WITH_SSL int ret, ssl_err; /* Init the SSL library and context */ if (!SSL_library_init()){ fprintf(stderr, "SSL library init failed\n"); return (-1); } SSL_load_error_strings(); conn->ssl_meth = SSLv23_client_method(); conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); conn->ssl = SSL_new(conn->ssl_ctx); if (conn->ssl == NULL){ fprintf(stderr, "SSL context creation failed\n"); return (-1); } SSL_set_fd(conn->ssl, conn->sd); while ((ret = SSL_connect(conn->ssl)) == -1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ && ssl_err != SSL_ERROR_WANT_WRITE) { ERR_print_errors_fp(stderr); return (-1); } } if (verbose) { X509_NAME *name; char *str; fprintf(stderr, "SSL connection established using %s\n", SSL_get_cipher(conn->ssl)); conn->ssl_cert = SSL_get_peer_certificate(conn->ssl); name = X509_get_subject_name(conn->ssl_cert); str = X509_NAME_oneline(name, 0, 0); printf("Certificate subject: %s\n", str); free(str); name = X509_get_issuer_name(conn->ssl_cert); str = X509_NAME_oneline(name, 0, 0); printf("Certificate issuer: %s\n", str); free(str); } return (0); #else (void)conn; (void)verbose; fprintf(stderr, "SSL support disabled\n"); return (-1); #endif }
int ssl_client_handshake(struct Client *cptr) { char *str; int err; cptr->ssl = (struct SSL*)SSL_new (ctx); CHK_NULL(cptr->ssl); SSL_set_fd ((SSL*)cptr->ssl, cptr->fd); set_blocking(cptr->fd); err = SSL_connect ((SSL*)cptr->ssl); set_non_blocking(cptr->fd); if ((err)==-1) { irclog(L_NOTICE,"Could connect to %s:Error in SSL_connect()", get_client_name(cptr, TRUE)); return 0; } /* Following two steps are optional and not required for data exchange to be successful. */ /* Get the cipher - opt */ set_blocking(cptr->fd); irclog (L_NOTICE,"SSL connection using %s", SSL_get_cipher ((SSL*)cptr->ssl)); SetSecure(cptr); /* Get server's certificate (note: beware of dynamic allocation) - opt */ cptr->client_cert = (struct X509*)SSL_get_peer_certificate ((SSL *)cptr->ssl); set_non_blocking(cptr->fd); if (cptr->client_cert != NULL) { irclog (L_NOTICE,"Server certificate:"); str = X509_NAME_oneline (X509_get_subject_name ((X509*)cptr->client_cert),0,0); CHK_NULL(str); irclog (L_NOTICE, "\t subject: %s", str); // Free (str); free (str); str = X509_NAME_oneline (X509_get_issuer_name ((X509*)cptr->client_cert),0,0); CHK_NULL(str); irclog (L_NOTICE, "\t issuer: %s", str); // Free (str); free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free ((X509*)cptr->client_cert); } else irclog (L_NOTICE, "Server does not have certificate."); return 1; }
static void setSecured(MprSocket *sp) { OpenSocket *osp; sp->secured = 1; osp = sp->sslSocket; sp->cipher = sclone(SSL_get_cipher(osp->handle)); sp->session = getOssSession(sp); }
void kul::https::Server::loop() throw(kul::tcp::Exception){ KUL_DBG_FUNC_ENTER int32_t newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen); if(newsockfd < 0) KEXCEPTION("HTTPS Server error on accept"); ssl = SSL_new(ctx); SSL_set_fd(ssl, newsockfd); //Here is the SSL Accept portion. Now all reads and writes must use SSL int16_t ssl_err = SSL_accept(ssl); if(ssl_err <= 0){ short se = 0; SSL_get_error(ssl, se); KERR << "HTTPS Server SSL ERROR on SSL_ACCEPT error: " << se; close(newsockfd); return; } KLOG(DBG) << "SSL_get_cipher: " << SSL_get_cipher(ssl); cc = SSL_get_peer_certificate (ssl); if(cc != NULL) { KLOG(DBG) << "Client certificate:"; KLOG(DBG) << "\t subject: " << X509_NAME_oneline (X509_get_subject_name (cc), 0, 0); KLOG(DBG) << "\t issuer: %s\n" << X509_NAME_oneline (X509_get_issuer_name (cc), 0, 0); X509_free(cc); }else KLOG(ERR) << "Client does not have certificate."; KOUT(DBG) << "New connection , socket fd is " << newsockfd << ", is : " << inet_ntoa(cli_addr.sin_addr) << ", port : "<< ntohs(cli_addr.sin_port); onConnect(inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port)); int16_t e; char buffer[_KUL_HTTPS_READ_BUFFER_]; std::stringstream cnt; do{ bzero(buffer,_KUL_HTTPS_READ_BUFFER_); e = SSL_read(ssl, buffer, _KUL_HTTPS_READ_BUFFER_ - 1); if(e) cnt << buffer; }while(e == (_KUL_HTTPS_READ_BUFFER_ - 1)); if (e < 0){ short se = 0; SSL_get_error(ssl, se); if(se) KLOG(ERR) << "SSL_get_error: " << se; e = -1; }else try{ std::string res; std::shared_ptr<kul::http::ARequest> req = handleRequest(cnt.str(), res); const kul::http::AResponse& rs(respond(*req.get())); std::string ret(rs.toString()); e = SSL_write(ssl, ret.c_str(), ret.length()); }catch(const kul::http::Exception& e1){ KERR << e1.what(); e = -1; } close(newsockfd); KOUT(DBG) << "Disconnect , socket fd is " << newsockfd << ", is : " << inet_ntoa(cli_addr.sin_addr) << ", port : "<< ntohs(cli_addr.sin_port); onDisconnect(inet_ntoa(cli_addr.sin_addr), ntohs(cli_addr.sin_port)); }
int MaOpenSslSocket::read(char *buf, int len) { int rc; if (bio == 0 || ssl == 0) { return -1; } rc = BIO_read(bio, buf, len); #if DEBUG if (rc > 0 && !connTraced) { X509_NAME *xSubject; X509 *cert; char subject[260], issuer[260], peer[260]; mprLog(4, "%d: SSL Connected using: \"%s\"\n", sock, SSL_get_cipher(ssl)); cert = SSL_get_peer_certificate(ssl); if (cert == 0) { mprLog(4, "%d: SSL Details: client supplied no certificate\n", sock); } else { xSubject = X509_get_subject_name(cert); X509_NAME_oneline(xSubject, subject, sizeof(subject) -1); X509_NAME_oneline(X509_get_issuer_name(cert), issuer, sizeof(issuer) -1); X509_NAME_get_text_by_NID(xSubject, NID_commonName, peer, sizeof(peer) - 1); mprLog(4, "%d: SSL Subject %s\n", sock, subject); mprLog(4, "%d: SSL Issuer: %s\n", sock, issuer); mprLog(4, "%d: SSL Peer: %s\n", sock, peer); X509_free(cert); } connTraced = 1; } #endif if (rc > 0) { return rc; } else if (rc == 0) { if (BIO_should_retry(bio)) { return 0; } flags |= MPR_SOCKET_EOF; return 0; } if (BIO_should_retry(bio)) { return 0; } return rc; }
/* *------------------------------------------------------------------- * * TlsGetOptionProc -- * * Computes an option value for a SSL socket based channel, or a * list of all options and their values. * * Results: * A standard Tcl result. The value of the specified option or a * list of all options and their values is returned in the * supplied DString. * * Side effects: * None. * *------------------------------------------------------------------- */ static int TlsGetOptionProc(ClientData instanceData, /* Socket state. */ Tcl_Interp *interp, /* For errors - can be NULL. */ CONST84 char *optionName, /* Name of the option to * retrieve the value for, or * NULL to get all options and * their values. */ Tcl_DString *dsPtr) /* Where to store the computed value * initialized by caller. */ { State *statePtr = (State *) instanceData; if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { Tcl_Channel downChan = Tls_GetParent(statePtr); Tcl_DriverGetOptionProc *getOptionProc; getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(downChan)); if (getOptionProc != NULL) { return (*getOptionProc)(Tcl_GetChannelInstanceData(downChan), interp, optionName, dsPtr); } else if (optionName == (char*) NULL) { /* * Request is query for all options, this is ok. */ return TCL_OK; } /* * Request for a specific option has to fail, we don't have any. */ return TCL_ERROR; } else { size_t len = 0; if (optionName != (char *) NULL) { len = strlen(optionName); } #if 0 if ((len == 0) || ((len > 1) && (optionName[1] == 'c') && (strncmp(optionName, "-cipher", len) == 0))) { if (len == 0) { Tcl_DStringAppendElement(dsPtr, "-cipher"); } Tcl_DStringAppendElement(dsPtr, SSL_get_cipher(statePtr->ssl)); if (len) { return TCL_OK; } } #endif return TCL_OK; } }
int ssl_open(http_t *client, char *msg) { char buf[256]; const char *sn; const X509 *cert; if (!client->ssl_enabled) return tcp_init(&client->tcp, msg); tcp_set_port(&client->tcp, 443); DO(tcp_init(&client->tcp, msg)); logit(LOG_INFO, "%s, initiating HTTPS ...", msg); client->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); if (!client->ssl_ctx) return RC_HTTPS_OUT_OF_MEMORY; client->ssl = SSL_new(client->ssl_ctx); if (!client->ssl) return RC_HTTPS_OUT_OF_MEMORY; /* SSL SNI support: tell the servername we want to speak to */ http_get_remote_name(client, &sn); if (gnutls_server_name_set(client->ssl->gnutls_state, GNUTLS_NAME_DNS, sn, strlen(sn))) return RC_HTTPS_SNI_ERROR; SSL_set_fd(client->ssl, client->tcp.ip.socket); if (-1 == SSL_connect(client->ssl)) return RC_HTTPS_FAILED_CONNECT; logit(LOG_INFO, "SSL connection using %s", SSL_get_cipher(client->ssl)); /* Get server's certificate (note: beware of dynamic allocation) - opt */ cert = SSL_get_peer_certificate(client->ssl); if (!cert) return RC_HTTPS_FAILED_GETTING_CERT; /* Logging some cert details. Please note: X509_NAME_oneline doesn't work when giving NULL instead of a buffer. */ X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); logit(LOG_INFO, "SSL server cert subject: %s", buf); X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)); logit(LOG_INFO, "SSL server cert issuer: %s", buf); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free(cert); return 0; }
void SSLSocket::accept(const Socket& listeningSocket) throw(SocketException) { Socket::accept(listeningSocket); if(ssl) SSL_free(ssl); ssl = SSL_new(ctx); if(!ssl) checkSSL(-1); checkSSL(SSL_set_fd(ssl, sock)); checkSSL(SSL_accept(ssl)); dcdebug("Connected to SSL client using %s\n", SSL_get_cipher(ssl)); }
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, char *buf, size_t buflen) { const char *name; if (conn == NULL || conn->ssl == NULL) return -1; name = SSL_get_cipher(conn->ssl); if (name == NULL) return -1; snprintf(buf, buflen, "%s", name); return 0; }
//~~~~~~~~~~~~~~~~~~~~~connect to server~~~~~~~~~~~~~~~~~~~ //成功返回1,失败返回0并且退出 int connectto(int argc,char *args[]) { //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~判断输入IP是否正确~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ int i,count=0; if(argc!=2) { printf("format error: you mast enter ipaddr like this : client 192.168.0.6\n"); exit(0); } for(i=0;*(args[1]+i)!='\0';i++) { if(*(args[1]+i)=='.') count++; } if(count!=3) { printf("IP format error\n"); exit(0); } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ if((sockclient=socket(AF_INET,SOCK_STREAM,0))==-1) { perror("socket"); exit(0); } memset(&sockaddr1,0,sizeof(sockaddr1)); sockaddr1.sin_family = AF_INET; sockaddr1.sin_addr.s_addr = inet_addr(args[1]); sockaddr1.sin_port = htons(port); if(connect(sockclient,(struct sockaddr* )&sockaddr1,sizeof(sockaddr1))==-1) { perror("connect"); exit(0); } //----------------------------------------------------------------------- /* 基于 ctx 产生一个新的 SSL */ ssl = SSL_new(ctx); SSL_set_fd(ssl, sockclient); /* 建立 SSL 连接 */ if (SSL_connect(ssl) == -1) ERR_print_errors_fp(stderr); else { printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); ShowCerts(ssl); } return 1; }
void init_clinet_ssl(int server) { SSL_library_init(); ctx = InitCTX(); ssl = SSL_new(ctx); /* create new SSL connection state */ SSL_set_fd(ssl, server); /* attach the socket descriptor */ if ( SSL_connect(ssl) == FAIL ) /* perform the connection */ ERR_print_errors_fp(stderr); else { printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); ShowCerts(ssl); /* get any certs */ } }