ape_ssl_t *ape_ssl_init_con(ape_ssl_t *parent, int fd, int accept) { if (parent == NULL) { return NULL; } ape_ssl_t *ssl = NULL; SSL_CTX *ctx = parent->ctx; SSL *con = SSL_new(ctx); if (con == NULL) { return NULL; } if (accept) { SSL_set_accept_state(con); } else { SSL_set_connect_state(con); } if (SSL_set_fd(con, fd) != 1) { printf("Failed to set fd on ssl\n"); SSL_free(con); return NULL; } // SSL_accept(con); ssl = malloc(sizeof(*ssl)); ssl->ctx = NULL; ssl->con = con; return ssl; }
int swSSL_create(swConnection *conn, SSL_CTX* ssl_context, int flags) { SSL *ssl = SSL_new(ssl_context); if (ssl == NULL) { swWarn("SSL_new() failed."); return SW_ERR; } if (!SSL_set_fd(ssl, conn->fd)) { long err = ERR_get_error(); swWarn("SSL_set_fd() failed. Error: %s[%ld]", ERR_reason_error_string(err), err); return SW_ERR; } if (flags & SW_SSL_CLIENT) { SSL_set_connect_state(ssl); } else { SSL_set_accept_state(ssl); } conn->ssl = ssl; conn->ssl_state = 0; return SW_OK; }
void er_dtls_connection_start(ErDtlsConnection *self, gboolean is_client) { g_return_if_fail(ER_IS_DTLS_CONNECTION(self)); ErDtlsConnectionPrivate *priv = self->priv; g_return_if_fail(priv->send_closure); g_return_if_fail(priv->ssl); g_return_if_fail(priv->bio); LOG_TRACE(self, "locking @ start"); g_mutex_lock(&priv->mutex); LOG_TRACE(self, "locked @ start"); priv->is_alive = TRUE; priv->timeout_set = FALSE; priv->bio_buffer = NULL; priv->bio_buffer_len = 0; priv->bio_buffer_offset = 0; priv->keys_exported = FALSE; priv->is_client = is_client; if (priv->is_client) { SSL_set_connect_state(priv->ssl); } else { SSL_set_accept_state(priv->ssl); } log_state(self, "initial state set"); openssl_poll(self); log_state(self, "first poll done"); priv->thread = NULL; LOG_TRACE(self, "unlocking @ start"); g_mutex_unlock(&priv->mutex); }
bool OpenSSL::init() { if( m_initLib ) SSL_library_init(); SSL_COMP_add_compression_method( 1, COMP_zlib() ); m_ctx = SSL_CTX_new( TLSv1_client_method() ); if( !m_ctx ) return false; if( !SSL_CTX_set_cipher_list( m_ctx, "HIGH:MEDIUM:AES:@STRENGTH" ) ) return false; m_ssl = SSL_new( m_ctx ); SSL_set_connect_state( m_ssl ); if( !BIO_new_bio_pair( &m_ibio, 0, &m_nbio, 0 ) ) return false; SSL_set_bio( m_ssl, m_ibio, m_ibio ); SSL_set_mode( m_ssl, SSL_MODE_AUTO_RETRY ); m_valid = true; return true; }
long CSSLClientApplication::OnClientRead(CContextItem* mContext, CListItem* &mBuffer, long size, long opSide) // { CSSLContext* sslContext = (CSSLContext*)mContext; long ret_err = 0x01; // int byteTotal; __TRY ret_err = 0x10; if (mBuffer->NOperation == OP_PROCESS_ACCEPT) { sslContext->ssl = SSL_new(ctx); sslContext->bioIn = BIO_new(BIO_s_mem()); sslContext->bioOut = BIO_new(BIO_s_mem()); SSL_set_bio(sslContext->ssl, sslContext->bioIn, sslContext->bioOut); SSL_set_connect_state(sslContext->ssl); } ret_err = 0x20; byteTotal = WriteDecode(mContext, mBuffer, size); if (byteTotal < 0) { sslContext->waitBuffer = mBuffer; mBuffer = GetApplicationBuffer(); if (!mBuffer) break; } ret_err = 0x30; if (TranSSLforWrite(mContext, mBuffer, 0, OP_SERVER_WRITE, 0)) break; __CATCH(MODULE_APPLICATION, "CSSLClientApplication - OnClientRead") }
/* * This function is called when an SSL connection is closed. */ void Curl_SSL_Close(struct connectdata *conn) { if(conn->ssl[FIRSTSOCKET].use) { int i; /* ERR_remove_state() frees the error queue associated with thread pid. If pid == 0, the current thread will have its error queue removed. Since error queue data structures are allocated automatically for new threads, they must be freed when threads are terminated in oder to avoid memory leaks. */ ERR_remove_state(0); for(i=0; i<2; i++) { struct ssl_connect_data *connssl = &conn->ssl[i]; if(connssl->handle) { (void)SSL_shutdown(connssl->handle); SSL_set_connect_state(connssl->handle); SSL_free (connssl->handle); connssl->handle = NULL; } if(connssl->ctx) { SSL_CTX_free (connssl->ctx); connssl->ctx = NULL; } connssl->use = FALSE; /* get back to ordinary socket usage */ } } }
int tnet_dtls_socket_set_setup(tnet_dtls_socket_handle_t* handle, tnet_dtls_setup_t setup) { #if !HAVE_OPENSSL || !HAVE_OPENSSL_DTLS TSK_DEBUG_ERROR("OpenSSL or DTLS not enabled"); return -200; #else tnet_dtls_socket_t* socket = handle; if (!socket){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } switch ((socket->setup = setup)){ case tnet_dtls_setup_passive: SSL_set_accept_state(socket->ssl); break; case tnet_dtls_setup_active: case tnet_dtls_setup_actpass: case tnet_dtls_setup_none: if (setup != tnet_dtls_setup_active){ TSK_DEBUG_WARN("using setup=%s is not a good idea", TNET_DTLS_SETUP_NAMES[setup]); } SSL_set_connect_state(socket->ssl); break; default: TSK_DEBUG_ERROR("%d not valid value for DTLS setup", (int32_t)setup); break; } return 0; #endif }
/** setup SSL on the connection */ static SSL* setup_ssl(SSL_CTX* ctx, int fd) { SSL* ssl; X509* x; int r; ssl = SSL_new(ctx); if(!ssl) ssl_err("could not SSL_new"); SSL_set_connect_state(ssl); (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) ssl_err("could not SSL_set_fd"); while(1) { ERR_clear_error(); if( (r=SSL_do_handshake(ssl)) == 1) break; r = SSL_get_error(ssl, r); if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) ssl_err("SSL handshake failed"); /* wants to be called again */ } /* check authenticity of server */ if(SSL_get_verify_result(ssl) != X509_V_OK) ssl_err("SSL verification failed"); x = SSL_get_peer_certificate(ssl); if(!x) ssl_err("Server presented no peer certificate"); X509_free(x); return ssl; }
int openssl_init_info(int server_fd,openssl_info *sslinfo) { sslinfo->ctx = (SSL_CTX*)SSL_CTX_new (SSLv3_method()); sslinfo->ssl = SSL_new(sslinfo->ctx); SSL_set_fd(sslinfo->ssl,server_fd); //·Ç×èÈû SSL_set_connect_state (sslinfo->ssl); //SSL_connect(sslinfo->ssl); int r=0; //·Ç×èÈûÎÕÊÖ while ((r = SSL_do_handshake(sslinfo->ssl)) != 1) { int err = SSL_get_error(sslinfo->ssl, r); if (err == SSL_ERROR_WANT_WRITE) { } else if (err == SSL_ERROR_WANT_READ) { } else { return -1; } //CPU sleep sleeps(1); } return 0; }
bool ssl_connect (int fd) { SSL *conn; struct openssl_transport_context *ctx; DEBUGP (("Initiating SSL handshake.\n")); assert (ssl_ctx != NULL); conn = SSL_new (ssl_ctx); if (!conn) goto error; if (!SSL_set_fd (conn, fd)) goto error; SSL_set_connect_state (conn); if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK) goto error; ctx = xnew0 (struct openssl_transport_context); ctx->conn = conn; /* Register FD with Wget's transport layer, i.e. arrange that our functions are used for reading, writing, and polling. */ fd_register_transport (fd, &openssl_transport, ctx); DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n", fd, PTR_FORMAT (conn))); return true; error: DEBUGP (("SSL handshake failed.\n")); print_errors (); if (conn) SSL_free (conn); return false; }
int C_SecureSocketClient::_secure_mode() { int L_result, L_ret ; m_ssl = SSL_new(m_ssl_ctx); SSL_set_connect_state(m_ssl) ; if ((m_bio = BIO_new_socket(m_socket_id, BIO_CLOSE)) == NULL ) { SOCKET_ERROR(0, "Unable to create the BIO- client in New TLS connection"); } SSL_set_bio(m_ssl,m_bio,m_bio); L_result = SSL_connect(m_ssl) ; if ( L_result < 0 ) { if (SSL_get_error(m_ssl, L_result) == SSL_ERROR_WANT_READ) { m_state = E_SOCKET_STATE_INPROGESS ; L_ret = 0 ; } else { ssl_error(L_result); L_ret = -1 ; } } else { L_ret = 0 ; } return (L_ret); }
void SSLSocket::onConnect(uv_connect_t* handle, int status) { TraceS(this) << "On connect" << endl; if (status) { setUVError("SSL connect error", status); return; } else readStart(); SSL* ssl = SSL_new(_context->sslContext()); // TODO: Automatic SSL session handling. // Maybe add a stored session to the network manager. if (_session) SSL_set_session(ssl, _session->sslSession()); SSL_set_connect_state(ssl); SSL_do_handshake(ssl); _sslAdapter.init(ssl); _sslAdapter.flush(); //emitConnect(); onSocketConnect(); TraceS(this) << "On connect: OK" << endl; }
void TLSSocket::Handshake(TCPSocket& socket, HandshakeRole role, TLSSocket* reuse) { SSL_CTX* ctx = role == Client ? TLSClientContext::Get() : TLSServerContext::Get(); if (!ctx) throw TLSError("TLS context not initialised."); session = SSL_new(ctx); if (!session) throw TLSProtocolError(); if (SSL_set_fd(session, socket.Socket()) != 1) throw TLSProtocolError(); if (reuse) { assert(reuse->session); SSL_copy_session_id(session, reuse->session); } if (role == Client) SSL_set_connect_state(session); else SSL_set_accept_state(session); int result; while (true) { if (role == Client) result = SSL_connect(session); else result = SSL_accept(session); boost::this_thread::interruption_point(); if (result == 1) break; else EvaluateResult(result); } }
CTLSConnection::CTLSConnection(const CString &hostname, const CString &service) throw(CTCPConnection::CConnectException) : CTCPConnection(hostname, service), m_TLSContext(NULL), m_TLSConnection(NULL) { initialize(); int ret = SSL_connect(m_TLSConnection); if(ret == 0) { deallocate(); throw CConnectException(CString( "TLS handshake failed: ") + getError(ret)); } if(ret < 0) { deallocate(); throw CConnectException(CString( "TLS handshake failed because of protocol error or connection failure: " ) + getError(ret)); } if(ret != 1) { deallocate(); throw CConnectException(CString::format( "TLS handshake returned unknown return value %d", 256, ret)); } SSL_set_connect_state(m_TLSConnection); }
janus_dtls_srtp *janus_dtls_srtp_create(void *ice_component, janus_dtls_role role) { janus_ice_component *component = (janus_ice_component *)ice_component; if(component == NULL) { JANUS_LOG(LOG_ERR, "No component, no DTLS...\n"); return NULL; } janus_ice_stream *stream = component->stream; if(!stream) { JANUS_LOG(LOG_ERR, "No stream, no DTLS...\n"); return NULL; } janus_ice_handle *handle = stream->handle; if(!handle || !handle->agent) { JANUS_LOG(LOG_ERR, "No handle/agent, no DTLS...\n"); return NULL; } janus_dtls_srtp *dtls = calloc(1, sizeof(janus_dtls_srtp)); if(dtls == NULL) { JANUS_LOG(LOG_FATAL, "Memory error!\n"); return NULL; } /* Create SSL context, at last */ dtls->srtp_valid = 0; dtls->dtls_last_msg = NULL; dtls->dtls_last_len = 0; dtls->ssl = SSL_new(janus_dtls_get_ssl_ctx()); if(!dtls->ssl) { JANUS_LOG(LOG_ERR, "[%"SCNu64"] No component DTLS SSL session??\n", handle->handle_id); janus_dtls_srtp_destroy(dtls); return NULL; } SSL_set_ex_data(dtls->ssl, 0, dtls); SSL_set_info_callback(dtls->ssl, janus_dtls_callback); dtls->read_bio = BIO_new(BIO_s_mem()); if(!dtls->read_bio) { JANUS_LOG(LOG_ERR, "[%"SCNu64"] Error creating read BIO!\n", handle->handle_id); janus_dtls_srtp_destroy(dtls); return NULL; } BIO_set_mem_eof_return(dtls->read_bio, -1); dtls->write_bio = BIO_new(BIO_s_mem()); if(!dtls->write_bio) { JANUS_LOG(LOG_ERR, "[%"SCNu64"] Error creating write BIO!\n", handle->handle_id); janus_dtls_srtp_destroy(dtls); return NULL; } BIO_set_mem_eof_return(dtls->write_bio, -1); SSL_set_bio(dtls->ssl, dtls->read_bio, dtls->write_bio); dtls->dtls_role = role; if(dtls->dtls_role == JANUS_DTLS_ROLE_CLIENT) { JANUS_LOG(LOG_VERB, "[%"SCNu64"] Setting connect state (DTLS client)\n", handle->handle_id); SSL_set_connect_state(dtls->ssl); } else { JANUS_LOG(LOG_VERB, "[%"SCNu64"] Setting accept state (DTLS server)\n", handle->handle_id); SSL_set_accept_state(dtls->ssl); } /* Done */ dtls->component = component; return dtls; }
OpenSSL::OpenSSL( TLSHandler *th, const std::string& server ) : TLSBase( th, server ), m_ssl( 0 ), m_ctx( 0 ), m_buf( 0 ), m_bufsize( 17000 ) { m_buf = (char*)calloc( m_bufsize + 1, sizeof( char ) ); SSL_library_init(); SSL_COMP_add_compression_method( 1, COMP_zlib() ); m_ctx = SSL_CTX_new( TLSv1_client_method() ); if( !m_ctx ) return; if( !SSL_CTX_set_cipher_list( m_ctx, "HIGH:MEDIUM:AES:@STRENGTH" ) ) return; m_ssl = SSL_new( m_ctx ); SSL_set_connect_state( m_ssl ); if( !BIO_new_bio_pair( &m_ibio, 0, &m_nbio, 0 ) ) { return; } SSL_set_bio( m_ssl, m_ibio, m_ibio ); SSL_set_mode( m_ssl, SSL_MODE_AUTO_RETRY ); }
TlsThread::TlsThread( bool asClient ) : d( new TlsThreadData ) { if ( !ctx ) setup(); d->ssl = ::SSL_new( ctx ); if ( asClient ) SSL_set_connect_state( d->ssl ); else SSL_set_accept_state( d->ssl ); if ( !BIO_new_bio_pair( &d->sslBio, bs, &d->networkBio, bs ) ) { // an error. hm? } ::SSL_set_bio( d->ssl, d->sslBio, d->sslBio ); d->ctrb = (char*)Allocator::alloc( bs, 0 ); d->ctwb = (char*)Allocator::alloc( bs, 0 ); d->encrb = (char*)Allocator::alloc( bs, 0 ); d->encwb = (char*)Allocator::alloc( bs, 0 ); int r = pthread_create( &d->thread, 0, trampoline, (void*)this ); if ( r ) { log( "pthread_create returned nonzero (" + fn( r ) + ")" ); d->broken = true; ::SSL_free( d->ssl ); d->ssl = 0; } }
bool ssl_connect_wget (int fd, const char *hostname) { SSL *conn; struct scwt_context scwt_ctx; struct openssl_transport_context *ctx; DEBUGP (("Initiating SSL handshake.\n")); assert (ssl_ctx != NULL); conn = SSL_new (ssl_ctx); if (!conn) goto error; #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) /* If the SSL library was build with support for ServerNameIndication then use it whenever we have a hostname. If not, don't, ever. */ if (! is_valid_ip_address (hostname)) { if (! SSL_set_tlsext_host_name (conn, hostname)) { DEBUGP (("Failed to set TLS server-name indication.")); goto error; } } #endif #ifndef FD_TO_SOCKET # define FD_TO_SOCKET(X) (X) #endif if (!SSL_set_fd (conn, FD_TO_SOCKET (fd))) goto error; SSL_set_connect_state (conn); scwt_ctx.ssl = conn; if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback, &scwt_ctx)) { DEBUGP (("SSL handshake timed out.\n")); goto timeout; } if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK) goto error; ctx = xnew0 (struct openssl_transport_context); ctx->conn = conn; /* Register FD with Wget's transport layer, i.e. arrange that our functions are used for reading, writing, and polling. */ fd_register_transport (fd, &openssl_transport, ctx); DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n", fd, PTR_FORMAT (conn))); return true; error: DEBUGP (("SSL handshake failed.\n")); print_errors (); timeout: if (conn) SSL_free (conn); return false; }
void key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session) { ASSERT(NULL != ssl_ctx); ASSERT(ks_ssl); CLEAR (*ks_ssl); ks_ssl->ssl = SSL_new (ssl_ctx->ctx); if (!ks_ssl->ssl) msg (M_SSLERR, "SSL_new failed"); /* put session * in ssl object so we can access it from verify callback*/ SSL_set_ex_data (ks_ssl->ssl, mydata_index, session); ks_ssl->ssl_bio = getbio (BIO_f_ssl (), "ssl_bio"); ks_ssl->ct_in = getbio (BIO_s_mem (), "ct_in"); ks_ssl->ct_out = getbio (BIO_s_mem (), "ct_out"); #ifdef BIO_DEBUG bio_debug_oc ("open ssl_bio", ks_ssl->ssl_bio); bio_debug_oc ("open ct_in", ks_ssl->ct_in); bio_debug_oc ("open ct_out", ks_ssl->ct_out); #endif if (is_server) SSL_set_accept_state (ks_ssl->ssl); else SSL_set_connect_state (ks_ssl->ssl); SSL_set_bio (ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out); BIO_set_ssl (ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE); }
int sock_SSL_connect(SSL **ssl_con, int sockfd) { int ssl_err; SSL_CTX *ssl_ctx = NULL; ssl_ctx = SSL_CTX_new(SSLv3_client_method()); if(!ssl_ctx) { net_log(NET_LOG_ERR, "sock_SSL_connect: !ssl_ctx\n"); return WSOCK_ERROR; } *ssl_con = SSL_new(ssl_ctx); if(!(*ssl_con)) { net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_new() failed.\n"); SSL_CTX_free(ssl_ctx); return WSOCK_ERROR; } SSL_set_fd (*ssl_con, sockfd); SSL_set_connect_state(*ssl_con); ssl_err = SSL_connect(*ssl_con); if(ssl_err < 0) SSL_set_shutdown(*ssl_con,SSL_SENT_SHUTDOWN); if(ssl_err <= 0) { net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_connect() failed.\n"); SSL_free(*ssl_con); SSL_CTX_free(ssl_ctx); return WSOCK_ERROR; } return WSOCK_OK; }
void httpreq_on_connect(uv_connect_t* con, int status) { if(status == -1) { printf("ERROR: httpreq_on_connect, cannot connect. @todo clean memory\n"); return; } HTTPRequest* req = static_cast<HTTPRequest*>(con->data); int result = uv_read_start((uv_stream_t*)&req->tcp_req, httpreq_alloc, httpreq_on_read); if(result == -1) { printf("ERROR: uv_read_start() error: %s\n", uv_err_name(uv_last_error(req->loop))); return; } if(!req->is_secure) { req->sendData(&req->out_buffer[0], req->out_buffer.size()); } else { req->ssl = SSL_new(req->ssl_ctx); req->ssl_buffer.addApplicationData(&req->out_buffer[0],req->out_buffer.size()); SSL_set_connect_state(req->ssl); SSL_do_handshake(req->ssl); req->ssl_buffer.init(req->ssl, ssl_write_to_socket, req, ssl_read_decrypted, req); req->ssl_buffer.update(); } }
static int init_ssl_socket( pn_ssl_t *ssl ) { if (ssl->ssl) return 0; if (!ssl->domain) return -1; ssl->ssl = SSL_new(ssl->domain->ctx); if (!ssl->ssl) { _log_error( "SSL socket setup failure.\n" ); return -1; } // store backpointer to pn_ssl_t in SSL object: SSL_set_ex_data(ssl->ssl, ssl_ex_data_index, ssl); #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if (ssl->peer_hostname && ssl->domain->mode == PN_SSL_MODE_CLIENT) { SSL_set_tlsext_host_name(ssl->ssl, ssl->peer_hostname); } #endif // restore session, if available if (ssl->session_id) { pn_ssl_session_t *ssn = ssn_cache_find( ssl->domain, ssl->session_id ); if (ssn) { _log( ssl, "Restoring previous session id=%s\n", ssn->id ); int rc = SSL_set_session( ssl->ssl, ssn->session ); if (rc != 1) { _log( ssl, "Session restore failed, id=%s\n", ssn->id ); } LL_REMOVE( ssl->domain, ssn_cache, ssn ); ssl_session_free( ssn ); } } // now layer a BIO over the SSL socket ssl->bio_ssl = BIO_new(BIO_f_ssl()); if (!ssl->bio_ssl) { _log_error( "BIO setup failure.\n" ); return -1; } (void)BIO_set_ssl(ssl->bio_ssl, ssl->ssl, BIO_NOCLOSE); // create the "lower" BIO "pipe", and attach it below the SSL layer if (!BIO_new_bio_pair(&ssl->bio_ssl_io, 0, &ssl->bio_net_io, 0)) { _log_error( "BIO setup failure.\n" ); return -1; } SSL_set_bio(ssl->ssl, ssl->bio_ssl_io, ssl->bio_ssl_io); if (ssl->domain->mode == PN_SSL_MODE_SERVER) { SSL_set_accept_state(ssl->ssl); BIO_set_ssl_mode(ssl->bio_ssl, 0); // server mode _log( ssl, "Server SSL socket created.\n" ); } else { // client mode SSL_set_connect_state(ssl->ssl); BIO_set_ssl_mode(ssl->bio_ssl, 1); // client mode _log( ssl, "Client SSL socket created.\n" ); } return 0; }
int io_start_tls(struct io *io, void *ssl) { int mode; mode = io->flags & IO_RW; if (mode == 0 || mode == IO_RW) errx(1, "io_start_tls(): full-duplex or unset"); if (io->ssl) errx(1, "io_start_tls(): SSL already started"); io->ssl = ssl; if (SSL_set_fd(io->ssl, io->sock) == 0) { ssl_error("io_start_ssl:SSL_set_fd"); return (-1); } if (mode == IO_WRITE) { io->state = IO_STATE_CONNECT_SSL; SSL_set_connect_state(io->ssl); io_reset(io, EV_WRITE, io_dispatch_connect_ssl); } else { io->state = IO_STATE_ACCEPT_SSL; SSL_set_accept_state(io->ssl); io_reset(io, EV_READ, io_dispatch_accept_ssl); } return (0); }
void httpconnection_on_connect(uv_connect_t* req, int status) { HTTPConnection* c = static_cast<HTTPConnection*>(req->data); if(status == -1) { RX_ERROR("> cannot connect: %s:", uv_strerror(uv_last_error(c->loop))); RX_ERROR("@ todo should be `delete` the connection here?"); return; } int r = uv_read_start((uv_stream_t*)c->sock, httpconnection_on_alloc, httpconnection_on_read); if(r) { RX_ERROR("> uv_read_start() failed: %s", uv_strerror(uv_last_error(c->loop))); RX_ERROR("@ todo should be `delete` the connection here?"); return; } if(c->ssl) { SSL_set_connect_state(c->ssl); SSL_do_handshake(c->ssl); c->buffer->update(); } // trigger the output buffer c->buffer->flushOutputBuffer(); }
/* Perform the SSL handshake on file descriptor FD, which is assumed to be connected to an SSL server. The SSL handle provided by OpenSSL is registered with the file descriptor FD using fd_register_transport, so that subsequent calls to fd_read, fd_write, etc., will use the corresponding SSL functions. Returns 1 on success, 0 on failure. */ int HttpsRetriever::ssl_connect(int fd ) { SSL *ssl; DEBUGP (("Initiating SSL handshake.\n")); assert (ssl_ctx != NULL); ssl = SSL_new (ssl_ctx); if (!ssl) goto error; if (!SSL_set_fd (ssl, fd)) goto error; SSL_set_connect_state (ssl); if (SSL_connect (ssl) <= 0 || ssl->state != SSL_ST_OK) goto error; /* Register FD with Wget's transport layer, i.e. arrange that our functions are used for reading, writing, and polling. */ //fd_register_transport (fd, openssl_read, openssl_write, openssl_poll, // openssl_peek, openssl_close, ssl); //DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n", //fd, PTR_FORMAT (ssl))); return 1; error: DEBUGP (("SSL handshake failed.\n")); print_errors (); if (ssl) SSL_free (ssl); return 0; return -1 ; }
BIO* BIO_new_rdp_tls(SSL_CTX* ctx, int client) { BIO* bio; SSL* ssl; bio = BIO_new(BIO_s_rdp_tls()); if (!bio) return NULL; ssl = SSL_new(ctx); if (!ssl) { BIO_free(bio); return NULL; } if (client) SSL_set_connect_state(ssl); else SSL_set_accept_state(ssl); BIO_set_ssl(bio, ssl, BIO_CLOSE); return bio; }
/* ////////////////////////////////////////////////////////////////////////////////////// * implementation */ tb_ssl_ref_t tb_ssl_init(tb_bool_t bserver) { // done tb_bool_t ok = tb_false; tb_ssl_t* ssl = tb_null; do { // load openssl library if (!tb_ssl_library_load()) break; // make ssl ssl = tb_malloc0_type(tb_ssl_t); tb_assert_and_check_break(ssl); // init timeout, 30s ssl->timeout = 30000; // init ctx ssl->ctx = SSL_CTX_new(SSLv3_method()); tb_assert_and_check_break(ssl->ctx); // make ssl ssl->ssl = SSL_new(ssl->ctx); tb_assert_and_check_break(ssl->ssl); // init endpoint if (bserver) SSL_set_accept_state(ssl->ssl); else SSL_set_connect_state(ssl->ssl); // init verify SSL_set_verify(ssl->ssl, 0, tb_ssl_verify); // init bio ssl->bio = BIO_new(&g_ssl_bio_method); tb_assert_and_check_break(ssl->bio); // set bio to ssl ssl->bio->ptr = ssl; SSL_set_bio(ssl->ssl, ssl->bio, ssl->bio); // init state ssl->state = TB_STATE_OK; // ok ok = tb_true; } while (0); // failed? exit it if (!ok) { if (ssl) tb_ssl_exit((tb_ssl_ref_t)ssl); ssl = tb_null; } // ok? return (tb_ssl_ref_t)ssl; }
/* 准备连接状态 */ int32 ssl_io::init_connect( int32 fd ) { if ( init_ssl_ctx( fd ) < 0 ) return -1; _fd = fd; SSL_set_connect_state( X_SSL( _ssl_ctx ) ); return do_handshake(); }
bool SSLClient::sslConnect(int fd, std::string &hostname, short port) { GNASH_REPORT_FUNCTION; int ret; if (!_ctx) { if (!sslSetupCTX()) { return false; } } _ssl.reset(SSL_new(_ctx.get())); // // Make a tcp/ip connect to the server // if (createClient(hostname, getPort()) == false) { // log_error("Can't connect to server %s", hostname); // return false; // } // Handshake the server ERR_clear_error(); #if 0 _bio.reset(BIO_new_socket(fd, BIO_NOCLOSE)); #else // BIO_set_conn_hostname(_bio.get(), _hostname.c_str()); _bio.reset(BIO_new_connect(const_cast<char *>(_hostname.c_str()))); BIO_set_conn_int_port(_bio.get(), &port); log_debug("PORT is: %d", BIO_get_conn_port(_bio.get())); if (BIO_do_connect(_bio.get()) <= 0) { log_error("Error connecting to remote machine: %s", ERR_reason_error_string(ERR_get_error())); } #endif SSL_set_bio(_ssl.get(), _bio.get(), _bio.get()); SSL_set_connect_state(_ssl.get()); if ((ret = SSL_connect(_ssl.get())) < 0) { log_error("Can't connect to SSL server %s", hostname); log_error("Error was: \"%s\"!", ERR_reason_error_string(ERR_get_error())); return false; } else { log_debug("Connected to SSL server %s", hostname); } ERR_clear_error(); #if 0 if (_need_server_auth) { checkCert(hostname); } #endif return true; }
void on_connect_callback(uv_connect_t* con, int status) { Client* c = static_cast<Client*>(con->data); if(status == -1) { printf("ERROR: on_connect_callback \n");//, uv_err_name(uv_last_error(c->loop))); ::exit(0); } int r = uv_read_start((uv_stream_t*)&c->socket, on_alloc_callback, on_read_callback); if(r == -1) { printf("ERROR: uv_read_start error: \n");//, uv_err_name(uv_last_error(c->loop))); ::exit(0); } const char* http_request_tpl = "" \ "GET %s HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: uv_www_client/0.1\r\n" "Accept: */*\r\n" "Connection: close\r\n" "\r\n"; char http_request[1024]; sprintf(http_request, http_request_tpl, c->page, c->host); c->addAppData(http_request); printf("APP DATA: %zu\n", c->buffer_out.size()); c->ssl = SSL_new(c->ssl_ctx); c->read_bio = BIO_new(BIO_s_mem()); c->write_bio = BIO_new(BIO_s_mem()); SSL_set_bio(c->ssl, c->read_bio, c->write_bio); SSL_set_connect_state(c->ssl); r = SSL_do_handshake(c->ssl); on_event(c); }