ClientSocket *SSLSocketIO::Accept(ListenSocket *s) { if (s->io == &NormalSocketIO) throw SocketException("Attempting to accept on uninitialized socket with SSL"); sockaddrs conaddr; socklen_t size = sizeof(conaddr); int newsock = accept(s->GetFD(), &conaddr.sa, &size); #ifndef INVALID_SOCKET const int INVALID_SOCKET = -1; #endif if (newsock < 0 || newsock == INVALID_SOCKET) throw SocketException("Unable to accept connection: " + Anope::LastError()); ClientSocket *newsocket = s->OnAccept(newsock, conaddr); me->service.Init(newsocket); SSLSocketIO *io = anope_dynamic_static_cast<SSLSocketIO *>(newsocket->io); io->sslsock = SSL_new(server_ctx); if (!io->sslsock) throw SocketException("Unable to initialize SSL socket"); SSL_set_accept_state(io->sslsock); if (!SSL_set_fd(io->sslsock, newsocket->GetFD())) throw SocketException("Unable to set SSL fd"); newsocket->flags[SF_ACCEPTING] = true; this->FinishAccept(newsocket); return newsocket; }
static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_type* server, ioa_socket_handle s, ioa_network_buffer_handle nbh) { FUNCSTART; if (!server || !nbh) { return NULL; } SSL* connecting_ssl = NULL; BIO *wbio = NULL; struct timeval timeout; /* Create BIO */ wbio = BIO_new_dgram(s->fd, BIO_NOCLOSE); (void)BIO_dgram_set_peer(wbio, (struct sockaddr*) &(server->sm.m.sm.nd.src_addr)); /* Set and activate timeouts */ timeout.tv_sec = DTLS_MAX_RECV_TIMEOUT; timeout.tv_usec = 0; BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); #if DTLSv1_2_SUPPORTED if(get_dtls_version(ioa_network_buffer_data(nbh), (int)ioa_network_buffer_get_size(nbh)) == 1) { connecting_ssl = SSL_NEW(server->dtls_ctx_v1_2); } else { connecting_ssl = SSL_NEW(server->dtls_ctx); } #else { connecting_ssl = SSL_NEW(server->dtls_ctx); } #endif SSL_set_accept_state(connecting_ssl); SSL_set_bio(connecting_ssl, NULL, wbio); SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE); SSL_set_max_cert_list(connecting_ssl, 655350); ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl, &(server->sm.m.sm.nd.src_addr), &(server->addr), nbh); if (!rc) { if (!(SSL_get_shutdown(connecting_ssl) & SSL_SENT_SHUTDOWN)) { SSL_set_shutdown(connecting_ssl, SSL_RECEIVED_SHUTDOWN); SSL_shutdown(connecting_ssl); } SSL_FREE(connecting_ssl); } return rc; }
/* prepare connection for interacting over a SSL connection */ void connection_uses_ssl (connection_t *con) { #ifdef HAVE_OPENSSL con->ssl = SSL_new (ssl_ctx); SSL_set_accept_state (con->ssl); SSL_set_fd (con->ssl, con->sock); #endif }
VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) { VALUE obj; SSL_CTX* ctx; SSL* ssl; ms_conn* conn = engine_alloc(self, &obj); ID sym_key = rb_intern("key"); VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0); ID sym_cert = rb_intern("cert"); VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0); ID sym_ca = rb_intern("ca"); VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0); ID sym_verify_mode = rb_intern("verify_mode"); VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0); ctx = SSL_CTX_new(SSLv23_server_method()); conn->ctx = ctx; SSL_CTX_use_certificate_file(ctx, RSTRING_PTR(cert), SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM); if (!NIL_P(ca)) { SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL); } SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH"); DH *dh = get_dh1024(); SSL_CTX_set_tmp_dh(ctx, dh); EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_secp521r1); if (ecdh) { SSL_CTX_set_tmp_ecdh(ctx, ecdh); EC_KEY_free(ecdh); } ssl = SSL_new(ctx); conn->ssl = ssl; SSL_set_app_data(ssl, NULL); if (NIL_P(verify_mode)) { /* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */ } else { SSL_set_verify(ssl, NUM2INT(verify_mode), engine_verify_callback); } SSL_set_bio(ssl, conn->read, conn->write); SSL_set_accept_state(ssl); return obj; }
/* ////////////////////////////////////////////////////////////////////////////////////// * implementation */ tb_ssl_ref_t tb_ssl_init(tb_bool_t bserver) { // done tb_bool_t ok = tb_false; tb_ssl_t* ssl = tb_null; do { // load openssl library if (!tb_ssl_library_load()) break; // make ssl ssl = tb_malloc0_type(tb_ssl_t); tb_assert_and_check_break(ssl); // init timeout, 30s ssl->timeout = 30000; // init ctx ssl->ctx = SSL_CTX_new(SSLv3_method()); tb_assert_and_check_break(ssl->ctx); // make ssl ssl->ssl = SSL_new(ssl->ctx); tb_assert_and_check_break(ssl->ssl); // init endpoint if (bserver) SSL_set_accept_state(ssl->ssl); else SSL_set_connect_state(ssl->ssl); // init verify SSL_set_verify(ssl->ssl, 0, tb_ssl_verify); // init bio ssl->bio = BIO_new(&g_ssl_bio_method); tb_assert_and_check_break(ssl->bio); // set bio to ssl ssl->bio->ptr = ssl; SSL_set_bio(ssl->ssl, ssl->bio, ssl->bio); // init state ssl->state = TB_STATE_OK; // ok ok = tb_true; } while (0); // failed? exit it if (!ok) { if (ssl) tb_ssl_exit((tb_ssl_ref_t)ssl); ssl = tb_null; } // ok? return (tb_ssl_ref_t)ssl; }
/* 准备接受状态 */ int32 ssl_io::init_accept( int32 fd ) { if ( init_ssl_ctx( fd ) < 0 ) return -1; _fd = fd; SSL_set_accept_state( X_SSL( _ssl_ctx ) ); return do_handshake(); }
/** Given an accepted connection on the listening socket, resume SSL. * \param sock an accepted socket (returned by accept()) * \param state pointer to place to return connection state. * \return an SSL object to associate with the listen end of this connection. */ SSL * ssl_resume(int sock, int *state) { SSL *ssl; ssl = ssl_setup_socket(sock); SSL_set_accept_state(ssl); *state = ssl_handshake(ssl); return ssl; }
connection *connection_accepted(server *srv, server_socket *srv_socket, sock_addr *cnt_addr, int cnt) { connection *con; srv->cur_fds++; /* ok, we have the connection, register it */ #if 0 log_error_write(srv, __FILE__, __LINE__, "sd", "appected()", cnt); #endif srv->con_opened++; con = connections_get_new_connection(srv); con->fd = cnt; con->fde_ndx = -1; fdevent_register(srv->ev, con->fd, connection_handle_fdevent, con); connection_set_state(srv, con, CON_STATE_REQUEST_START); con->connection_start = srv->cur_ts; con->dst_addr = *cnt_addr; buffer_copy_string(con->dst_addr_buf, inet_ntop_cache_get_ip(srv, &(con->dst_addr))); con->srv_socket = srv_socket; if (-1 == fdevent_fcntl_set_nb_cloexec_sock(srv->ev, con->fd)) { log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); connection_close(srv, con); return NULL; } #ifdef USE_OPENSSL /* connect FD to SSL */ if (srv_socket->is_ssl) { if (NULL == (con->ssl = SSL_new(srv_socket->ssl_ctx))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); connection_close(srv, con); return NULL; } con->renegotiations = 0; SSL_set_app_data(con->ssl, con); SSL_set_accept_state(con->ssl); if (1 != (SSL_set_fd(con->ssl, cnt))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); connection_close(srv, con); return NULL; } } #endif return con; }
SecuredServerSession::SecuredServerSession(SessionsEventLoop *eventLoop, int sock, const sockaddr_storage &sockAddr) : ServerSession(eventLoop, sock, sockAddr) { if (!(m_SSL = SSL_new(Server::instance()->sslContext()))) throw std::runtime_error(ERR_error_string(ERR_get_error(), nullptr)); if (!SSL_set_fd(m_SSL, sock)) throw std::runtime_error(ERR_error_string(SSL_get_error(m_SSL, 0), nullptr)); SSL_set_accept_state(m_SSL); }
static int openssl_ssl_ctx_new_ssl(lua_State*L) { SSL_CTX* ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx"); int server = 0; int mode_idx = 2; SSL *ssl = SSL_new(ctx); int ret = 1; BIO* bio = NULL; if (auxiliar_isclass(L, "openssl.bio", 2)) { BIO *bi = CHECK_OBJECT(2, BIO, "openssl.bio"); BIO *bo = bi; CRYPTO_add(&bi->references, 1, CRYPTO_LOCK_BIO); if (auxiliar_isclass(L, "openssl.bio", 3)) { bo = CHECK_OBJECT(3, BIO, "openssl.bio"); CRYPTO_add(&bo->references, 1, CRYPTO_LOCK_BIO); mode_idx = 4; } else mode_idx = 3; SSL_set_bio(ssl, bi, bo); ret = 1; } else if (lua_isnumber(L, 2)) { ret = SSL_set_fd(ssl, luaL_checkint(L, 2)); mode_idx = 3; } if (ret == 1 && !lua_isnoneornil(L, mode_idx)) { server = auxiliar_checkboolean(L, mode_idx); } if (ret == 1) { if (server) SSL_set_accept_state(ssl); else SSL_set_connect_state(ssl); PUSH_OBJECT(ssl, "openssl.ssl"); openssl_newvalue(L, ssl); } else { SSL_free(ssl); return openssl_pushresult(L, ret); } return 1; }
/* libev read handler for the bound socket. Socket is accepted, * the proxystate is allocated and initalized, and we're off the races * connecting to the backend */ static void handle_accept(struct ev_loop *loop, ev_io *w, int revents) { (void) revents; struct sockaddr_storage addr; socklen_t sl = sizeof(addr); int client = accept(w->fd, (struct sockaddr *) &addr, &sl); if (client == -1) { assert(errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN); return; } setnonblocking(client); int back = create_back_socket(); if (back == -1) { close(client); perror("{backend-connect}"); return; } SSL_CTX * ctx = (SSL_CTX *)w->data; SSL *ssl = SSL_new(ctx); SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_set_accept_state(ssl); SSL_set_fd(ssl, client); proxystate *ps = (proxystate *)malloc(sizeof(proxystate)); ps->fd_up = client; ps->fd_down = back; ps->ssl = ssl; ps->want_shutdown = 0; ps->remote_ip = addr; ringbuffer_init(&ps->ring_up); ringbuffer_init(&ps->ring_down); /* set up events */ ev_io_init(&ps->ev_r_up, client_read, client, EV_READ); ev_io_init(&ps->ev_w_up, client_write, client, EV_WRITE); ev_io_init(&ps->ev_r_handshake, client_handshake, client, EV_READ); ev_io_init(&ps->ev_w_handshake, client_handshake, client, EV_WRITE); ev_io_init(&ps->ev_w_down, handle_connect, back, EV_WRITE); ev_io_start(loop, &ps->ev_w_down); ps->ev_r_up.data = ps; ps->ev_w_up.data = ps; ps->ev_r_down.data = ps; ps->ev_w_down.data = ps; ps->ev_r_handshake.data = ps; ps->ev_w_handshake.data = ps; }
void hr_setup_ssl(struct http_session *hr, struct uwsgi_gateway_socket *ugs) { hr->ssl = SSL_new(ugs->ctx); SSL_set_fd(hr->ssl, hr->session.main_peer->fd); SSL_set_accept_state(hr->ssl); #ifdef UWSGI_SPDY SSL_set_ex_data(hr->ssl, uhttp.spdy_index, hr); #endif uwsgi_cr_set_hooks(hr->session.main_peer, hr_ssl_read, NULL); hr->session.close = hr_session_ssl_close; hr->func_write = hr_ssl_write; }
Engine::Engine(ContextWrapper & ctx, engine_enum kind) : ssl( SSL_new(ctx.getCtx()) ) , bioIn( BIO_new(BIO_s_mem()) ) , bioOut( BIO_new(BIO_s_mem()) ) , checked_peer_certificate(false) { SSL_set_bio(ssl, bioIn, bioOut); if( kind == CLIENT ) SSL_set_connect_state(ssl); else SSL_set_accept_state(ssl); }
@return: None\n\ "; static PyObject * ssl_Connection_set_accept_state(ssl_ConnectionObj *self, PyObject *args) { if (!PyArg_ParseTuple(args, ":set_accept_state")) return NULL; SSL_set_accept_state(self->ssl); Py_INCREF(Py_None); return Py_None; }
bool KSSLSocket::bind_fd() { assert(ssl==NULL); ssl = SSL_new(ctx); if (ssl==NULL) { return false; } if (SSL_set_fd(ssl, sockfd)!=1) { return false; } SSL_set_accept_state(ssl); return true; }
/** setup SSL connection to the client */ static SSL* setup_ssl(int s, SSL_CTX* ctx) { SSL* ssl = SSL_new(ctx); if(!ssl) return NULL; SSL_set_accept_state(ssl); (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, s)) { SSL_free(ssl); return NULL; } return ssl; }
PyObject* set_psk_server_callback(PyObject* self, PyObject* args) { PyObject* sock; if (!PyArg_ParseTuple(args, "O", &sock)) return NULL; SSL* ssl = ((PySSLObject*)sock)->ssl; SSL_set_accept_state(ssl); SSL_set_psk_server_callback(ssl, psk_server_cb); if(!SSL_use_psk_identity_hint(ssl, psk_identity)) { PyErr_SetString(Error, "use_psk_identity_hint failed"); return NULL; } return Py_BuildValue("l", (long)ssl); }
void DtlsTransport::Run(Role localRole) { MS_TRACE(); MS_ASSERT(localRole == Role::CLIENT || localRole == Role::SERVER, "local DTLS role must be 'client' or 'server'"); Role previousLocalRole = this->localRole; if (localRole == previousLocalRole) { MS_ERROR("same local DTLS role provided, doing nothing"); return; } // If the previous local DTLS role was 'client' or 'server' do reset. if (previousLocalRole == Role::CLIENT || previousLocalRole == Role::SERVER) { MS_DEBUG("resetting DTLS due to local role change"); Reset(); } // Update local role. this->localRole = localRole; // Set state and notify the listener. this->state = DtlsState::CONNECTING; this->listener->onDtlsConnecting(this); switch (this->localRole) { case Role::CLIENT: MS_DEBUG("running [role:client]"); SSL_set_connect_state(this->ssl); SSL_do_handshake(this->ssl); SendPendingOutgoingDtlsData(); SetTimeout(); break; case Role::SERVER: MS_DEBUG("running [role:server]"); SSL_set_accept_state(this->ssl); SSL_do_handshake(this->ssl); break; default: MS_ABORT("invalid local DTLS role"); break; } }
lwp_sslclient lwp_sslclient_new (SSL_CTX * server_context, lw_stream socket, lwp_sslclient_on_handshook on_handshook, void * tag) { lwp_sslclient ctx = calloc (sizeof (*ctx), 1); if (!ctx) return 0; ctx->write_condition = -1; #ifdef _lacewing_npn *ctx->npn = 0; #endif ctx->server_context = server_context; ctx->ssl = SSL_new (server_context); ctx->on_handshook = on_handshook; ctx->tag = tag; /* TODO : I'm not really happy with the extra layer of buffering * that BIO pairs introduce. Is there a better way to do this? */ BIO_new_bio_pair (&ctx->bio_internal, 0, &ctx->bio_external, 0); SSL_set_bio (ctx->ssl, ctx->bio_internal, ctx->bio_internal); SSL_set_accept_state (ctx->ssl); lwp_stream_init (&ctx->upstream, &def_upstream, 0); lwp_stream_init (&ctx->downstream, &def_downstream, 0); /* Retain our streams indefinitely, since we'll be in charge of releasing * their memory. This doesn't stop stream_delete from working. */ lwp_retain (&ctx->upstream); lwp_retain (&ctx->downstream); lw_stream_add_filter_upstream (socket, &ctx->upstream, lw_false, lw_false); lw_stream_add_filter_downstream (socket, &ctx->downstream, lw_false, lw_false); pump (ctx); assert (! (ctx->flags & lwp_sslclient_flag_dead)); return ctx; }
void OpensslStream::handshake(const OpensslServer& server) { log_debug("tcp-connection established - build ssltunnel"); log_debug("SSL_new(" << server.getSslContext().getPointer() << ')'); _ssl = SSL_new( server.getSslContext().getPointer() ); checkSslError(); log_debug("SSL_set_fd(" << _ssl << ", " << getFd() << ')'); SSL_set_fd(_ssl, getFd()); log_debug("SSL_set_accept_state(" << _ssl << ')'); SSL_set_accept_state(_ssl); }
dsk_boolean dsk_ssl_stream_new (DskSslStreamOptions *options, DskSslStream **stream_out, DskOctetSource **source_out, DskOctetSink **sink_out, DskError **error) { DskSslStream *stream; DskSslSink *sink; DskSslSource *source; if (sink_out == NULL || source_out == NULL) { dsk_set_error (error, "dsk_ssl_stream_new: sink/source"); return DSK_FALSE; } sink = dsk_object_new (&dsk_ssl_sink_class); source = dsk_object_new (&dsk_ssl_source_class); stream = dsk_object_new (&dsk_ssl_stream_class); BIO *bio; bio = BIO_new (&bio_method__ssl_underlying_stream); bio->ptr = stream; bio->init = 1; /// HMM... stream->ssl = SSL_new (options->context->ctx); stream->context = dsk_object_ref (options->context); SSL_set_bio (stream->ssl, bio, bio); stream->base_instance.sink = DSK_OCTET_SINK (sink); /* does not own */ stream->base_instance.source = DSK_OCTET_SOURCE (source); /* does not own */ stream->is_client = options->is_client ? 1 : 0; stream->handshaking = DSK_TRUE; sink->base_instance.stream = dsk_object_ref (stream); source->base_instance.stream = dsk_object_ref (stream); if (stream->is_client) SSL_set_connect_state (stream->ssl); else SSL_set_accept_state (stream->ssl); *sink_out = DSK_OCTET_SINK (sink); *source_out = DSK_OCTET_SOURCE (source); if (stream_out != NULL) *stream_out = stream; else dsk_object_unref (stream); return DSK_TRUE; }
int tls_init_data_session(const int fd, const int passive) { const SSL_CIPHER *cipher; int ret; int ret_; (void) passive; if (tls_ctx == NULL) { logfile(LOG_ERR, MSG_TLS_NO_CTX); tls_error(__LINE__, 0); } if (tls_data_cnx != NULL) { tls_close_session(&tls_data_cnx); } else if ((tls_data_cnx = SSL_new(tls_ctx)) == NULL) { tls_error(__LINE__, 0); } if (SSL_set_fd(tls_data_cnx, fd) != 1) { tls_error(__LINE__, 0); } SSL_set_accept_state(tls_data_cnx); for (;;) { ret = SSL_accept(tls_data_cnx); if (ret <= 0) { ret_ = SSL_get_error(tls_data_cnx, ret); if (ret == -1 && (ret_ == SSL_ERROR_WANT_READ || ret_ == SSL_ERROR_WANT_WRITE)) { continue; } logfile(LOG_INFO, MSG_LOGOUT); _EXIT(EXIT_FAILURE); } break; } # if ONLY_ACCEPT_REUSED_SSL_SESSIONS if (broken_client_compat == 0 && SSL_session_reused(tls_data_cnx) == 0) { tls_error(__LINE__, 0); } # endif if ((cipher = SSL_get_current_cipher(tls_data_cnx)) != NULL) { int strength_bits = SSL_CIPHER_get_bits(cipher, NULL); logfile(LOG_INFO, MSG_TLS_INFO, SSL_CIPHER_get_version(cipher), SSL_CIPHER_get_name(cipher), strength_bits); if (strength_bits < MINIMAL_CIPHER_STRENGTH_BITS) { die(534, LOG_ERR, MSG_TLS_WEAK); } } return 0; }
void SSLAdapter::initServer() //(SSL* ssl) { TraceS(this) << "Init server" << endl; assert(_socket); if (!_socket->context()) _socket->useContext(SSLManager::instance().defaultServerContext()); assert(_socket->context()->isForServerUse()); _ssl = SSL_new(_socket->context()->sslContext()); _readBIO = BIO_new(BIO_s_mem()); _writeBIO = BIO_new(BIO_s_mem()); SSL_set_bio(_ssl, _readBIO, _writeBIO); SSL_set_accept_state(_ssl); SSL_do_handshake(_ssl); }
void* get_ssl_fd(void *fd) { SSL *ssl; int new_fd = *(int *)fd; ssl = SSL_new(ctx); SSL_set_fd(ssl, new_fd); SSL_set_accept_state(ssl); if(SSL_accept(ssl) < 0) { perror("accept"); close(new_fd); return NULL; } return ssl; }
void* incoming_ssl_fd(void* sslctx, int fd) { SSL* ssl = SSL_new((SSL_CTX*)sslctx); if(!ssl) { log_crypto_err("could not SSL_new"); return NULL; } SSL_set_accept_state(ssl); (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(ssl); return NULL; } return ssl; }
bool Parser::init() { if (!ssl) { printf("Error: dtls::Parser::init() failed because the `ssl` member hasn't been set yet.\n"); return false; } /* in bio */ { in_bio = BIO_new(BIO_s_mem()); if (!in_bio) { printf("Error: dtls::Parser::init() failed because we can't create our in_bio.\n"); return false; } BIO_set_mem_eof_return(in_bio, -1); /* see: https://www.openssl.org/docs/crypto/BIO_s_mem.html */ } /* out bio */ { out_bio = BIO_new(BIO_s_mem()); if (!out_bio) { printf("Error: dtls::Parser::init() failed because can't create out out_bio.\n"); /* @todo cleanup. */ return false; } BIO_set_mem_eof_return(out_bio, -1); /* see: https://www.openssl.org/docs/crypto/BIO_s_mem.html */ } /* set info callback */ SSL_set_info_callback(ssl, dtls_parse_ssl_info_callback); /* set in and output bios. */ SSL_set_bio(ssl, in_bio, out_bio); if (mode == DTLS_MODE_SERVER) { SSL_set_accept_state(ssl); /* in case we're a server */ } else if(mode == DTLS_MODE_CLIENT) { //SSL_set_connect_state(ssl); /* in case we're a client */ printf("dtls::Parser - error: not yet handling client state for dtls::Parser().\n"); exit(1); } return true; }
bool CySocket::initAsSSL(void) { isSSLSocket = true; if (NULL == (ssl = SSL_new(CySocket::SSL_ctx))) // create SSL-socket { aprintf("ySocket:SSL Error: Create SSL_new : %s\n", ERR_error_string(ERR_get_error(), NULL) ); return false; } SSL_set_accept_state(ssl); // accept connection if(1 != (SSL_set_fd(ssl, sock))) // associate socket descriptor if (NULL == (ssl = SSL_new(CySocket::SSL_ctx))) { aprintf("ySocket:SSL Error: Create SSL_new : %s\n", ERR_error_string(ERR_get_error(), NULL) ); return false; } return true; }
static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_type* server, u08bits *buf, int len) { FUNCSTART; if (!server || !buf || len<1) { return NULL; } SSL* connecting_ssl = NULL; BIO *wbio = NULL; struct timeval timeout; /* Create BIO */ wbio = BIO_new_dgram(server->udp_listen_s->fd, BIO_NOCLOSE); (void)BIO_dgram_set_peer(wbio, (struct sockaddr*) &(server->sm.m.sm.nd.src_addr)); /* Set and activate timeouts */ timeout.tv_sec = DTLS_MAX_RECV_TIMEOUT; timeout.tv_usec = 0; BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); connecting_ssl = SSL_new(server->dtls_ctx); SSL_set_accept_state(connecting_ssl); SSL_set_bio(connecting_ssl, NULL, wbio); SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE); SSL_set_max_cert_list(connecting_ssl, 655350); ioa_socket_handle rc = dtls_accept_client_connection(server, connecting_ssl, &(server->sm.m.sm.nd.src_addr), &(server->addr), buf, len); if (!rc) { if (!(SSL_get_shutdown(connecting_ssl) & SSL_SENT_SHUTDOWN)) { SSL_set_shutdown(connecting_ssl, SSL_RECEIVED_SHUTDOWN); SSL_shutdown(connecting_ssl); } SSL_free(connecting_ssl); } return rc; }
/** * Create a new TLS/SSL object and mark it as new. */ static int meth_create(lua_State *L) { p_ssl ssl; int mode = lsec_getmode(L, 1); SSL_CTX *ctx = lsec_checkcontext(L, 1); if (mode == LSEC_MODE_INVALID) { lua_pushnil(L); lua_pushstring(L, "invalid mode"); return 2; } ssl = (p_ssl)lua_newuserdata(L, sizeof(t_ssl)); if (!ssl) { lua_pushnil(L); lua_pushstring(L, "error creating SSL object"); return 2; } ssl->ssl = SSL_new(ctx); if (!ssl->ssl) { lua_pushnil(L); lua_pushfstring(L, "error creating SSL object (%s)", ERR_reason_error_string(ERR_get_error())); return 2; } ssl->state = LSEC_STATE_NEW; SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID); SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #if defined(SSL_MODE_RELEASE_BUFFERS) SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); #endif if (mode == LSEC_MODE_SERVER) SSL_set_accept_state(ssl->ssl); else SSL_set_connect_state(ssl->ssl); io_init(&ssl->io, (p_send)ssl_send, (p_recv)ssl_recv, (p_error) ssl_ioerror, ssl); timeout_init(&ssl->tm, -1, -1); buffer_init(&ssl->buf, &ssl->io, &ssl->tm); luaL_getmetatable(L, "SSL:Connection"); lua_setmetatable(L, -2); return 1; }
void TLSEncryptionSocketServer::init(const char* certificate_buf, int socket, ConnectionStateListener* listener) { m_ctx = SSL_CTX_new(TLSv1_server_method()); if (!load_certificate(certificate_buf)) { if (listener) listener->OnError(ConnectionStateListener::SSL_CERTIFICATE_LOAD_ERR); return; } m_ssl = SSL_new(m_ctx); SSL_set_fd(m_ssl, socket); #ifdef SSL_LIB_OPENSSL SSL_set_accept_state(m_ssl); #endif //if (m_ctx != NULL && m_ssl != NULL) printf("TLSEncryptionSocketServer setup done\n"); }