示例#1
0
ape_ssl_t *ape_ssl_init_con(ape_ssl_t *parent, int fd, int accept)
{
    if (parent == NULL) {
        return NULL;
    }
    ape_ssl_t *ssl = NULL;
    SSL_CTX *ctx   = parent->ctx;

    SSL *con = SSL_new(ctx);

    if (con == NULL) {
        return NULL;
    }

    if (accept) {
        SSL_set_accept_state(con);
    } else {
        SSL_set_connect_state(con);
    }

    if (SSL_set_fd(con, fd) != 1) {
        printf("Failed to set fd on ssl\n");
        SSL_free(con);
        return NULL;
    }

    // SSL_accept(con);

    ssl      = malloc(sizeof(*ssl));
    ssl->ctx = NULL;
    ssl->con = con;

    return ssl;
}
示例#2
0
int swSSL_create(swConnection *conn, SSL_CTX* ssl_context, int flags)
{
    SSL *ssl = SSL_new(ssl_context);
    if (ssl == NULL)
    {
        swWarn("SSL_new() failed.");
        return SW_ERR;
    }
    if (!SSL_set_fd(ssl, conn->fd))
    {
        long err = ERR_get_error();
        swWarn("SSL_set_fd() failed. Error: %s[%ld]", ERR_reason_error_string(err), err);
        return SW_ERR;
    }
    if (flags & SW_SSL_CLIENT)
    {
        SSL_set_connect_state(ssl);
    }
    else
    {
        SSL_set_accept_state(ssl);
    }
    conn->ssl = ssl;
    conn->ssl_state = 0;
    return SW_OK;
}
void er_dtls_connection_start(ErDtlsConnection *self, gboolean is_client)
{
    g_return_if_fail(ER_IS_DTLS_CONNECTION(self));
    ErDtlsConnectionPrivate *priv = self->priv;
    g_return_if_fail(priv->send_closure);
    g_return_if_fail(priv->ssl);
    g_return_if_fail(priv->bio);

    LOG_TRACE(self, "locking @ start");
    g_mutex_lock(&priv->mutex);
    LOG_TRACE(self, "locked @ start");

    priv->is_alive = TRUE;
    priv->timeout_set = FALSE;
    priv->bio_buffer = NULL;
    priv->bio_buffer_len = 0;
    priv->bio_buffer_offset = 0;
    priv->keys_exported = FALSE;

    priv->is_client = is_client;
    if (priv->is_client) {
        SSL_set_connect_state(priv->ssl);
    } else {
        SSL_set_accept_state(priv->ssl);
    }
    log_state(self, "initial state set");

    openssl_poll(self);

    log_state(self, "first poll done");
    priv->thread = NULL;

    LOG_TRACE(self, "unlocking @ start");
    g_mutex_unlock(&priv->mutex);
}
示例#4
0
  bool OpenSSL::init()
  {
    if( m_initLib )
      SSL_library_init();

    SSL_COMP_add_compression_method( 1, COMP_zlib() );

    m_ctx = SSL_CTX_new( TLSv1_client_method() );
    if( !m_ctx )
      return false;

    if( !SSL_CTX_set_cipher_list( m_ctx, "HIGH:MEDIUM:AES:@STRENGTH" ) )
      return false;

    m_ssl = SSL_new( m_ctx );
    SSL_set_connect_state( m_ssl );

    if( !BIO_new_bio_pair( &m_ibio, 0, &m_nbio, 0 ) )
      return false;

    SSL_set_bio( m_ssl, m_ibio, m_ibio );
    SSL_set_mode( m_ssl, SSL_MODE_AUTO_RETRY );

    m_valid = true;
    return true;
  }
示例#5
0
long CSSLClientApplication::OnClientRead(CContextItem* mContext, CListItem* &mBuffer, long size, long opSide)						//
{
	CSSLContext* sslContext = (CSSLContext*)mContext;
	long ret_err = 0x01;																											//

	int byteTotal;

	__TRY

	ret_err = 0x10;
	if (mBuffer->NOperation == OP_PROCESS_ACCEPT)
	{
		sslContext->ssl = SSL_new(ctx);
		sslContext->bioIn = BIO_new(BIO_s_mem());
		sslContext->bioOut = BIO_new(BIO_s_mem());

		SSL_set_bio(sslContext->ssl, sslContext->bioIn, sslContext->bioOut);
		SSL_set_connect_state(sslContext->ssl);
	}

	ret_err = 0x20;
	byteTotal = WriteDecode(mContext, mBuffer, size);

	if (byteTotal < 0)
	{
		sslContext->waitBuffer = mBuffer;
		mBuffer = GetApplicationBuffer();
		if (!mBuffer) break;
	}

	ret_err = 0x30;
	if (TranSSLforWrite(mContext, mBuffer, 0, OP_SERVER_WRITE, 0)) break;

	__CATCH(MODULE_APPLICATION, "CSSLClientApplication - OnClientRead")
}
示例#6
0
/*
 * This function is called when an SSL connection is closed.
 */
void Curl_SSL_Close(struct connectdata *conn)
{
  if(conn->ssl[FIRSTSOCKET].use) {
    int i;
    /*
      ERR_remove_state() frees the error queue associated with
      thread pid.  If pid == 0, the current thread will have its
      error queue removed.

      Since error queue data structures are allocated
      automatically for new threads, they must be freed when
      threads are terminated in oder to avoid memory leaks.
    */
    ERR_remove_state(0);

    for(i=0; i<2; i++) {
      struct ssl_connect_data *connssl = &conn->ssl[i];

      if(connssl->handle) {
        (void)SSL_shutdown(connssl->handle);
        SSL_set_connect_state(connssl->handle);

        SSL_free (connssl->handle);
        connssl->handle = NULL;
      }
      if(connssl->ctx) {
        SSL_CTX_free (connssl->ctx);
        connssl->ctx = NULL;
      }
      connssl->use = FALSE; /* get back to ordinary socket usage */
    }
  }
}
示例#7
0
int tnet_dtls_socket_set_setup(tnet_dtls_socket_handle_t* handle, tnet_dtls_setup_t setup)
{
#if !HAVE_OPENSSL || !HAVE_OPENSSL_DTLS
	TSK_DEBUG_ERROR("OpenSSL or DTLS not enabled");
	return -200;
#else
	tnet_dtls_socket_t* socket = handle;
	if (!socket){
		TSK_DEBUG_ERROR("Invalid parameter");
		return -1;
	}

	switch ((socket->setup = setup)){
	case tnet_dtls_setup_passive:
		SSL_set_accept_state(socket->ssl);
		break;
	case tnet_dtls_setup_active:
	case tnet_dtls_setup_actpass:
	case tnet_dtls_setup_none:
		if (setup != tnet_dtls_setup_active){
			TSK_DEBUG_WARN("using setup=%s is not a good idea", TNET_DTLS_SETUP_NAMES[setup]);
		}
		SSL_set_connect_state(socket->ssl);
		break;
	default:
		TSK_DEBUG_ERROR("%d not valid value for DTLS setup", (int32_t)setup);
		break;
	}
	return 0;
#endif
}
示例#8
0
/** setup SSL on the connection */
static SSL*
setup_ssl(SSL_CTX* ctx, int fd)
{
	SSL* ssl;
	X509* x;
	int r;

	ssl = SSL_new(ctx);
	if(!ssl)
		ssl_err("could not SSL_new");
	SSL_set_connect_state(ssl);
	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
	if(!SSL_set_fd(ssl, fd))
		ssl_err("could not SSL_set_fd");
	while(1) {
		ERR_clear_error();
		if( (r=SSL_do_handshake(ssl)) == 1)
			break;
		r = SSL_get_error(ssl, r);
		if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE)
			ssl_err("SSL handshake failed");
		/* wants to be called again */
	}

	/* check authenticity of server */
	if(SSL_get_verify_result(ssl) != X509_V_OK)
		ssl_err("SSL verification failed");
	x = SSL_get_peer_certificate(ssl);
	if(!x)
		ssl_err("Server presented no peer certificate");
	X509_free(x);
	return ssl;
}
示例#9
0
int openssl_init_info(int server_fd,openssl_info *sslinfo)
{

    sslinfo->ctx = (SSL_CTX*)SSL_CTX_new (SSLv3_method());
    sslinfo->ssl = SSL_new(sslinfo->ctx);

    SSL_set_fd(sslinfo->ssl,server_fd);
    //·Ç×èÈû
    SSL_set_connect_state (sslinfo->ssl);
    //SSL_connect(sslinfo->ssl);
    int r=0;



    //·Ç×èÈûÎÕÊÖ
    while ((r = SSL_do_handshake(sslinfo->ssl)) != 1) {
        int err = SSL_get_error(sslinfo->ssl, r);
        if (err == SSL_ERROR_WANT_WRITE) {

        } else if (err == SSL_ERROR_WANT_READ) {

        } else {
            return -1;
        }
        //CPU sleep
        sleeps(1);
    }


    return 0;
}
示例#10
0
bool
ssl_connect (int fd) 
{
  SSL *conn;
  struct openssl_transport_context *ctx;

  DEBUGP (("Initiating SSL handshake.\n"));

  assert (ssl_ctx != NULL);
  conn = SSL_new (ssl_ctx);
  if (!conn)
    goto error;
  if (!SSL_set_fd (conn, fd))
    goto error;
  SSL_set_connect_state (conn);
  if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK)
    goto error;

  ctx = xnew0 (struct openssl_transport_context);
  ctx->conn = conn;

  /* Register FD with Wget's transport layer, i.e. arrange that our
     functions are used for reading, writing, and polling.  */
  fd_register_transport (fd, &openssl_transport, ctx);
  DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n",
           fd, PTR_FORMAT (conn)));
  return true;

 error:
  DEBUGP (("SSL handshake failed.\n"));
  print_errors ();
  if (conn)
    SSL_free (conn);
  return false;
}
int C_SecureSocketClient::_secure_mode() {
  int L_result, L_ret ;

  m_ssl = SSL_new(m_ssl_ctx);
  SSL_set_connect_state(m_ssl) ;
  
  if ((m_bio = BIO_new_socket(m_socket_id, BIO_CLOSE)) == NULL ) {
    SOCKET_ERROR(0, "Unable to create the BIO- client in New TLS connection");
  } 
 
  
  SSL_set_bio(m_ssl,m_bio,m_bio);
  
  L_result = SSL_connect(m_ssl) ;
  if ( L_result < 0 ) {
    if (SSL_get_error(m_ssl, L_result) == SSL_ERROR_WANT_READ) {
      m_state = E_SOCKET_STATE_INPROGESS ;
      L_ret = 0 ;
    } else {
      ssl_error(L_result);
      L_ret = -1 ;
    }
  } else {
    L_ret = 0 ;
  }
  return (L_ret);
  
}
示例#12
0
void SSLSocket::onConnect(uv_connect_t* handle, int status)
{
    TraceS(this) << "On connect" << endl;
    if (status) {
        setUVError("SSL connect error", status);
        return;
    }
    else
        readStart();

    SSL* ssl = SSL_new(_context->sslContext());

    // TODO: Automatic SSL session handling.
    // Maybe add a stored session to the network manager.
    if (_session)
        SSL_set_session(ssl, _session->sslSession());

    SSL_set_connect_state(ssl);
    SSL_do_handshake(ssl);

    _sslAdapter.init(ssl);
    _sslAdapter.flush();

    //emitConnect();
    onSocketConnect();
    TraceS(this) << "On connect: OK" << endl;
}
示例#13
0
void TLSSocket::Handshake(TCPSocket& socket, HandshakeRole role, TLSSocket* reuse)
{

  SSL_CTX* ctx = role == Client ? TLSClientContext::Get() : TLSServerContext::Get();
                 
  if (!ctx) throw TLSError("TLS context not initialised.");

  session = SSL_new(ctx);
  if (!session) throw TLSProtocolError();
  
  if (SSL_set_fd(session, socket.Socket()) != 1) throw TLSProtocolError();
  
  if (reuse)
  {
    assert(reuse->session);
    SSL_copy_session_id(session, reuse->session);
  }

  if (role == Client) SSL_set_connect_state(session);
  else SSL_set_accept_state(session);

  int result;
  while (true)
  {
    if (role == Client) result = SSL_connect(session);
    else result = SSL_accept(session);
    boost::this_thread::interruption_point();
    if (result == 1) break;
    else EvaluateResult(result);
  }
}
示例#14
0
CTLSConnection::CTLSConnection(const CString &hostname, const CString &service)
	throw(CTCPConnection::CConnectException)
	: CTCPConnection(hostname, service),
		m_TLSContext(NULL), m_TLSConnection(NULL)
{
	initialize();

	int ret = SSL_connect(m_TLSConnection);
	if(ret == 0)
	{
		deallocate();
		throw CConnectException(CString(
			"TLS handshake failed: ") + getError(ret));
	}
	if(ret < 0)
	{
		deallocate();
		throw CConnectException(CString(
			"TLS handshake failed because of protocol error or connection failure: "
			) + getError(ret));
	}
	if(ret != 1)
	{
		deallocate();
		throw CConnectException(CString::format(
			"TLS handshake returned unknown return value %d", 256, ret));
	}

	SSL_set_connect_state(m_TLSConnection);
}
示例#15
0
janus_dtls_srtp *janus_dtls_srtp_create(void *ice_component, janus_dtls_role role) {
	janus_ice_component *component = (janus_ice_component *)ice_component;
	if(component == NULL) {
		JANUS_LOG(LOG_ERR, "No component, no DTLS...\n");
		return NULL;
	}
	janus_ice_stream *stream = component->stream;
	if(!stream) {
		JANUS_LOG(LOG_ERR, "No stream, no DTLS...\n");
		return NULL;
	}
	janus_ice_handle *handle = stream->handle;
	if(!handle || !handle->agent) {
		JANUS_LOG(LOG_ERR, "No handle/agent, no DTLS...\n");
		return NULL;
	}
	janus_dtls_srtp *dtls = calloc(1, sizeof(janus_dtls_srtp));
	if(dtls == NULL) {
		JANUS_LOG(LOG_FATAL, "Memory error!\n");
		return NULL;
	}
	/* Create SSL context, at last */
	dtls->srtp_valid = 0;
	dtls->dtls_last_msg = NULL;
	dtls->dtls_last_len = 0;
	dtls->ssl = SSL_new(janus_dtls_get_ssl_ctx());
	if(!dtls->ssl) {
		JANUS_LOG(LOG_ERR, "[%"SCNu64"]     No component DTLS SSL session??\n", handle->handle_id);
		janus_dtls_srtp_destroy(dtls);
		return NULL;
	}
	SSL_set_ex_data(dtls->ssl, 0, dtls);
	SSL_set_info_callback(dtls->ssl, janus_dtls_callback);
	dtls->read_bio = BIO_new(BIO_s_mem());
	if(!dtls->read_bio) {
		JANUS_LOG(LOG_ERR, "[%"SCNu64"]   Error creating read BIO!\n", handle->handle_id);
		janus_dtls_srtp_destroy(dtls);
		return NULL;
	}
	BIO_set_mem_eof_return(dtls->read_bio, -1);
	dtls->write_bio = BIO_new(BIO_s_mem());
	if(!dtls->write_bio) {
		JANUS_LOG(LOG_ERR, "[%"SCNu64"]   Error creating write BIO!\n", handle->handle_id);
		janus_dtls_srtp_destroy(dtls);
		return NULL;
	}
	BIO_set_mem_eof_return(dtls->write_bio, -1);
	SSL_set_bio(dtls->ssl, dtls->read_bio, dtls->write_bio);
	dtls->dtls_role = role;
	if(dtls->dtls_role == JANUS_DTLS_ROLE_CLIENT) {
		JANUS_LOG(LOG_VERB, "[%"SCNu64"]   Setting connect state (DTLS client)\n", handle->handle_id);
		SSL_set_connect_state(dtls->ssl);
	} else {
		JANUS_LOG(LOG_VERB, "[%"SCNu64"]   Setting accept state (DTLS server)\n", handle->handle_id);
		SSL_set_accept_state(dtls->ssl);
	}
	/* Done */
	dtls->component = component;
	return dtls;
}
示例#16
0
  OpenSSL::OpenSSL( TLSHandler *th, const std::string& server )
    : TLSBase( th, server ), m_ssl( 0 ), m_ctx( 0 ), m_buf( 0 ), m_bufsize( 17000 )
  {
    m_buf = (char*)calloc( m_bufsize + 1, sizeof( char ) );

    SSL_library_init();

    SSL_COMP_add_compression_method( 1, COMP_zlib() );

    m_ctx = SSL_CTX_new( TLSv1_client_method() );
    if( !m_ctx )
      return;

    if( !SSL_CTX_set_cipher_list( m_ctx, "HIGH:MEDIUM:AES:@STRENGTH" ) )
      return;

    m_ssl = SSL_new( m_ctx );
    SSL_set_connect_state( m_ssl );

    if( !BIO_new_bio_pair( &m_ibio, 0, &m_nbio, 0 ) )
    {
      return;
    }
    SSL_set_bio( m_ssl, m_ibio, m_ibio );
    SSL_set_mode( m_ssl, SSL_MODE_AUTO_RETRY );
  }
示例#17
0
文件: tlsthread.cpp 项目: wxy1681/aox
TlsThread::TlsThread( bool asClient )
    : d( new TlsThreadData )
{
    if ( !ctx )
        setup();

    d->ssl = ::SSL_new( ctx );
    if ( asClient )
        SSL_set_connect_state( d->ssl );
    else
        SSL_set_accept_state( d->ssl );

    if ( !BIO_new_bio_pair( &d->sslBio, bs, &d->networkBio, bs ) ) {
        // an error. hm?
    }
    ::SSL_set_bio( d->ssl, d->sslBio, d->sslBio );

    d->ctrb = (char*)Allocator::alloc( bs, 0 );
    d->ctwb = (char*)Allocator::alloc( bs, 0 );
    d->encrb = (char*)Allocator::alloc( bs, 0 );
    d->encwb = (char*)Allocator::alloc( bs, 0 );

    int r = pthread_create( &d->thread, 0, trampoline, (void*)this );
    if ( r ) {
        log( "pthread_create returned nonzero (" + fn( r ) + ")" );
        d->broken = true;
        ::SSL_free( d->ssl );
        d->ssl = 0;
    }
}
示例#18
0
文件: openssl.c 项目: giuseppe/wget
bool
ssl_connect_wget (int fd, const char *hostname)
{
  SSL *conn;
  struct scwt_context scwt_ctx;
  struct openssl_transport_context *ctx;

  DEBUGP (("Initiating SSL handshake.\n"));

  assert (ssl_ctx != NULL);
  conn = SSL_new (ssl_ctx);
  if (!conn)
    goto error;
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
  /* If the SSL library was build with support for ServerNameIndication
     then use it whenever we have a hostname.  If not, don't, ever. */
  if (! is_valid_ip_address (hostname))
    {
      if (! SSL_set_tlsext_host_name (conn, hostname))
        {
          DEBUGP (("Failed to set TLS server-name indication."));
          goto error;
        }
    }
#endif

#ifndef FD_TO_SOCKET
# define FD_TO_SOCKET(X) (X)
#endif
  if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
    goto error;
  SSL_set_connect_state (conn);

  scwt_ctx.ssl = conn;
  if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback,
                       &scwt_ctx)) {
    DEBUGP (("SSL handshake timed out.\n"));
    goto timeout;
  }
  if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK)
    goto error;

  ctx = xnew0 (struct openssl_transport_context);
  ctx->conn = conn;

  /* Register FD with Wget's transport layer, i.e. arrange that our
     functions are used for reading, writing, and polling.  */
  fd_register_transport (fd, &openssl_transport, ctx);
  DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n",
           fd, PTR_FORMAT (conn)));
  return true;

 error:
  DEBUGP (("SSL handshake failed.\n"));
  print_errors ();
 timeout:
  if (conn)
    SSL_free (conn);
  return false;
}
示例#19
0
void
key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
{
  ASSERT(NULL != ssl_ctx);
  ASSERT(ks_ssl);
  CLEAR (*ks_ssl);

  ks_ssl->ssl = SSL_new (ssl_ctx->ctx);
  if (!ks_ssl->ssl)
    msg (M_SSLERR, "SSL_new failed");

  /* put session * in ssl object so we can access it
     from verify callback*/
  SSL_set_ex_data (ks_ssl->ssl, mydata_index, session);

  ks_ssl->ssl_bio = getbio (BIO_f_ssl (), "ssl_bio");
  ks_ssl->ct_in = getbio (BIO_s_mem (), "ct_in");
  ks_ssl->ct_out = getbio (BIO_s_mem (), "ct_out");

#ifdef BIO_DEBUG
  bio_debug_oc ("open ssl_bio", ks_ssl->ssl_bio);
  bio_debug_oc ("open ct_in", ks_ssl->ct_in);
  bio_debug_oc ("open ct_out", ks_ssl->ct_out);
#endif

  if (is_server)
    SSL_set_accept_state (ks_ssl->ssl);
  else
    SSL_set_connect_state (ks_ssl->ssl);

  SSL_set_bio (ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
  BIO_set_ssl (ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
}
int sock_SSL_connect(SSL **ssl_con, int sockfd)
{
    int ssl_err;
    SSL_CTX *ssl_ctx = NULL;

    ssl_ctx = SSL_CTX_new(SSLv3_client_method());
    if(!ssl_ctx) {
        net_log(NET_LOG_ERR, "sock_SSL_connect: !ssl_ctx\n");
        return WSOCK_ERROR;
    }

    *ssl_con = SSL_new(ssl_ctx);

    if(!(*ssl_con)) {
        net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_new() failed.\n");
        SSL_CTX_free(ssl_ctx);
        return WSOCK_ERROR;
    }
    
    SSL_set_fd (*ssl_con, sockfd);
    SSL_set_connect_state(*ssl_con);
    ssl_err = SSL_connect(*ssl_con);

    if(ssl_err < 0) 
        SSL_set_shutdown(*ssl_con,SSL_SENT_SHUTDOWN);
    if(ssl_err <= 0) {
        net_log(NET_LOG_ERR, "sock_SSL_connect: SSL_connect() failed.\n");
        SSL_free(*ssl_con);
        SSL_CTX_free(ssl_ctx);
        return WSOCK_ERROR;
    }

    return WSOCK_OK;
}
示例#21
0
void httpreq_on_connect(uv_connect_t* con, int status) {
    if(status == -1) {
        printf("ERROR: httpreq_on_connect, cannot connect. @todo clean memory\n");
        return;
    }

    HTTPRequest* req = static_cast<HTTPRequest*>(con->data);
    int result = uv_read_start((uv_stream_t*)&req->tcp_req, httpreq_alloc, httpreq_on_read);
    if(result == -1) {
        printf("ERROR: uv_read_start() error: %s\n", uv_err_name(uv_last_error(req->loop)));
        return;
    }

    if(!req->is_secure) {
        req->sendData(&req->out_buffer[0], req->out_buffer.size());
    }
    else {
        req->ssl = SSL_new(req->ssl_ctx);
        req->ssl_buffer.addApplicationData(&req->out_buffer[0],req->out_buffer.size());
        SSL_set_connect_state(req->ssl);
        SSL_do_handshake(req->ssl);
        req->ssl_buffer.init(req->ssl, ssl_write_to_socket, req, ssl_read_decrypted, req);
        req->ssl_buffer.update();
    }
}
示例#22
0
static int init_ssl_socket( pn_ssl_t *ssl )
{
  if (ssl->ssl) return 0;
  if (!ssl->domain) return -1;

  ssl->ssl = SSL_new(ssl->domain->ctx);
  if (!ssl->ssl) {
    _log_error( "SSL socket setup failure.\n" );
    return -1;
  }

  // store backpointer to pn_ssl_t in SSL object:
  SSL_set_ex_data(ssl->ssl, ssl_ex_data_index, ssl);

#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
  if (ssl->peer_hostname && ssl->domain->mode == PN_SSL_MODE_CLIENT) {
    SSL_set_tlsext_host_name(ssl->ssl, ssl->peer_hostname);
  }
#endif

  // restore session, if available
  if (ssl->session_id) {
    pn_ssl_session_t *ssn = ssn_cache_find( ssl->domain, ssl->session_id );
    if (ssn) {
      _log( ssl, "Restoring previous session id=%s\n", ssn->id );
      int rc = SSL_set_session( ssl->ssl, ssn->session );
      if (rc != 1) {
        _log( ssl, "Session restore failed, id=%s\n", ssn->id );
      }
      LL_REMOVE( ssl->domain, ssn_cache, ssn );
      ssl_session_free( ssn );
    }
  }

  // now layer a BIO over the SSL socket
  ssl->bio_ssl = BIO_new(BIO_f_ssl());
  if (!ssl->bio_ssl) {
    _log_error( "BIO setup failure.\n" );
    return -1;
  }
  (void)BIO_set_ssl(ssl->bio_ssl, ssl->ssl, BIO_NOCLOSE);

  // create the "lower" BIO "pipe", and attach it below the SSL layer
  if (!BIO_new_bio_pair(&ssl->bio_ssl_io, 0, &ssl->bio_net_io, 0)) {
    _log_error( "BIO setup failure.\n" );
    return -1;
  }
  SSL_set_bio(ssl->ssl, ssl->bio_ssl_io, ssl->bio_ssl_io);

  if (ssl->domain->mode == PN_SSL_MODE_SERVER) {
    SSL_set_accept_state(ssl->ssl);
    BIO_set_ssl_mode(ssl->bio_ssl, 0);  // server mode
    _log( ssl, "Server SSL socket created.\n" );
  } else {      // client mode
    SSL_set_connect_state(ssl->ssl);
    BIO_set_ssl_mode(ssl->bio_ssl, 1);  // client mode
    _log( ssl, "Client SSL socket created.\n" );
  }
  return 0;
}
示例#23
0
int
io_start_tls(struct io *io, void *ssl)
{
	int	mode;

	mode = io->flags & IO_RW;
	if (mode == 0 || mode == IO_RW)
		errx(1, "io_start_tls(): full-duplex or unset");

	if (io->ssl)
		errx(1, "io_start_tls(): SSL already started");
	io->ssl = ssl;

	if (SSL_set_fd(io->ssl, io->sock) == 0) {
		ssl_error("io_start_ssl:SSL_set_fd");
		return (-1);
	}

	if (mode == IO_WRITE) {
		io->state = IO_STATE_CONNECT_SSL;
		SSL_set_connect_state(io->ssl);
		io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
	} else {
		io->state = IO_STATE_ACCEPT_SSL;
		SSL_set_accept_state(io->ssl);
		io_reset(io, EV_READ, io_dispatch_accept_ssl);
	}

	return (0);
}
void httpconnection_on_connect(uv_connect_t* req, int status) {
  HTTPConnection* c = static_cast<HTTPConnection*>(req->data);
  if(status == -1) {
    RX_ERROR("> cannot connect: %s:", uv_strerror(uv_last_error(c->loop)));
    RX_ERROR("@ todo should be `delete` the connection here?");
    return;
  }


  int r = uv_read_start((uv_stream_t*)c->sock, httpconnection_on_alloc, httpconnection_on_read);
  if(r) {
    RX_ERROR("> uv_read_start() failed: %s", uv_strerror(uv_last_error(c->loop)));
    RX_ERROR("@ todo should be `delete` the connection here?");
    return;
  }

  if(c->ssl) {
    SSL_set_connect_state(c->ssl);
    SSL_do_handshake(c->ssl);
    c->buffer->update();
   }

  // trigger the output buffer 
  c->buffer->flushOutputBuffer();
}
示例#25
0
文件: http.cpp 项目: kitech/mwget
/* Perform the SSL handshake on file descriptor FD, which is assumed
   to be connected to an SSL server.  The SSL handle provided by
   OpenSSL is registered with the file descriptor FD using
   fd_register_transport, so that subsequent calls to fd_read,
   fd_write, etc., will use the corresponding SSL functions.

   Returns 1 on success, 0 on failure.  */
int HttpsRetriever::ssl_connect(int fd )
{
	  SSL *ssl;

	  DEBUGP (("Initiating SSL handshake.\n"));

	  assert (ssl_ctx != NULL);
	  ssl = SSL_new (ssl_ctx);
	  if (!ssl)
	    goto error;
	  if (!SSL_set_fd (ssl, fd))
	    goto error;
	  SSL_set_connect_state (ssl);
	  if (SSL_connect (ssl) <= 0 || ssl->state != SSL_ST_OK)
	    goto error;

	  /* Register FD with Wget's transport layer, i.e. arrange that our
	     functions are used for reading, writing, and polling.  */
	     
	  //fd_register_transport (fd, openssl_read, openssl_write, openssl_poll,
		//			 openssl_peek, openssl_close, ssl);
		
		//DEBUGP (("Handshake successful; connected socket %d to SSL handle 0x%0*lx\n",
		   //fd, PTR_FORMAT (ssl)));
	  return 1;

	 error:
	  DEBUGP (("SSL handshake failed.\n"));
	  print_errors ();
	  if (ssl)
	    SSL_free (ssl);
	  return 0;
	return  -1 ;
}
示例#26
0
文件: tls.c 项目: dcatonR1/FreeRDP
BIO* BIO_new_rdp_tls(SSL_CTX* ctx, int client)
{
	BIO* bio;
	SSL* ssl;
	bio = BIO_new(BIO_s_rdp_tls());

	if (!bio)
		return NULL;

	ssl = SSL_new(ctx);

	if (!ssl)
	{
		BIO_free(bio);
		return NULL;
	}

	if (client)
		SSL_set_connect_state(ssl);
	else
		SSL_set_accept_state(ssl);

	BIO_set_ssl(bio, ssl, BIO_CLOSE);
	return bio;
}
示例#27
0
/* //////////////////////////////////////////////////////////////////////////////////////
 * implementation
 */
tb_ssl_ref_t tb_ssl_init(tb_bool_t bserver)
{
    // done
    tb_bool_t   ok = tb_false;
    tb_ssl_t*   ssl = tb_null;
    do
    {
        // load openssl library
        if (!tb_ssl_library_load()) break;

        // make ssl
        ssl = tb_malloc0_type(tb_ssl_t);
        tb_assert_and_check_break(ssl);

        // init timeout, 30s
        ssl->timeout = 30000;

        // init ctx
        ssl->ctx = SSL_CTX_new(SSLv3_method());
        tb_assert_and_check_break(ssl->ctx);
        
        // make ssl
        ssl->ssl = SSL_new(ssl->ctx);
        tb_assert_and_check_break(ssl->ssl);

        // init endpoint 
        if (bserver) SSL_set_accept_state(ssl->ssl);
        else SSL_set_connect_state(ssl->ssl);

        // init verify
        SSL_set_verify(ssl->ssl, 0, tb_ssl_verify);

        // init bio
        ssl->bio = BIO_new(&g_ssl_bio_method);
        tb_assert_and_check_break(ssl->bio);

        // set bio to ssl
        ssl->bio->ptr = ssl;
        SSL_set_bio(ssl->ssl, ssl->bio, ssl->bio);

        // init state
        ssl->state = TB_STATE_OK;

        // ok
        ok = tb_true;

    } while (0);

    // failed? exit it
    if (!ok)
    {
        if (ssl) tb_ssl_exit((tb_ssl_ref_t)ssl);
        ssl = tb_null;
    }

    // ok?
    return (tb_ssl_ref_t)ssl;
}
示例#28
0
/* 准备连接状态
 */
int32 ssl_io::init_connect( int32 fd )
{
    if ( init_ssl_ctx( fd ) < 0 ) return -1;

    _fd = fd;
    SSL_set_connect_state( X_SSL( _ssl_ctx ) );

    return do_handshake();
}
示例#29
0
bool
SSLClient::sslConnect(int fd, std::string &hostname, short port)
{
    GNASH_REPORT_FUNCTION;
    int ret;

    if (!_ctx) {
	if (!sslSetupCTX()) {
	    return false;
	}
    }

    _ssl.reset(SSL_new(_ctx.get()));
	
//     // Make a tcp/ip connect to the server
//     if (createClient(hostname, getPort()) == false) {
//         log_error("Can't connect to server %s", hostname);
//         return false;
//     }

    // Handshake the server
    ERR_clear_error();
#if 0
    _bio.reset(BIO_new_socket(fd, BIO_NOCLOSE));
#else
//     BIO_set_conn_hostname(_bio.get(), _hostname.c_str());
    _bio.reset(BIO_new_connect(const_cast<char *>(_hostname.c_str())));

    BIO_set_conn_int_port(_bio.get(), &port);
    log_debug("PORT is: %d", BIO_get_conn_port(_bio.get()));

    if (BIO_do_connect(_bio.get()) <= 0) {
        log_error("Error connecting to remote machine: %s",
		  ERR_reason_error_string(ERR_get_error()));
    }
#endif

    SSL_set_bio(_ssl.get(), _bio.get(), _bio.get());
    SSL_set_connect_state(_ssl.get());
    
    if ((ret = SSL_connect(_ssl.get())) < 0) {
        log_error("Can't connect to SSL server %s", hostname);
 	log_error("Error was: \"%s\"!", ERR_reason_error_string(ERR_get_error()));
        return false;
    } else {
        log_debug("Connected to SSL server %s", hostname);
    }

    ERR_clear_error();
#if 0
    if (_need_server_auth) {
 	checkCert(hostname);
    }
#endif
    
    return true;
}
示例#30
-1
文件: withssl.cpp 项目: kapilash/dc
void on_connect_callback(uv_connect_t* con, int status) {
  Client* c = static_cast<Client*>(con->data);
  if(status == -1) {
      printf("ERROR: on_connect_callback \n");//, uv_err_name(uv_last_error(c->loop)));
    ::exit(0);
  }

  int r = uv_read_start((uv_stream_t*)&c->socket, on_alloc_callback, on_read_callback);
  if(r == -1) {
      printf("ERROR: uv_read_start error: \n");//, uv_err_name(uv_last_error(c->loop)));
    ::exit(0);
  }

  const char* http_request_tpl = "" \
    "GET %s HTTP/1.1\r\n"
    "Host: %s\r\n"
    "User-Agent: uv_www_client/0.1\r\n" 
    "Accept: */*\r\n"
    "Connection: close\r\n"
    "\r\n";

  char http_request[1024];
  sprintf(http_request, http_request_tpl, c->page, c->host);
  c->addAppData(http_request);
  printf("APP DATA: %zu\n", c->buffer_out.size());
  c->ssl = SSL_new(c->ssl_ctx);
  c->read_bio = BIO_new(BIO_s_mem());
  c->write_bio = BIO_new(BIO_s_mem());
  SSL_set_bio(c->ssl, c->read_bio, c->write_bio);
  SSL_set_connect_state(c->ssl);

  r = SSL_do_handshake(c->ssl);

  on_event(c);
}