wi_boolean_t wi_socket_context_set_ssl_type(wi_socket_context_t *context, wi_socket_ssl_type_t type) { #ifdef WI_SSL SSL_METHOD *method = NULL; switch(type) { case WI_SOCKET_SSL_CLIENT: method = TLSv1_client_method(); break; case WI_SOCKET_SSL_SERVER: method = TLSv1_server_method(); break; } context->ssl_ctx = SSL_CTX_new(method); if(!context->ssl_ctx) wi_error_set_ssl_error(); return (context->ssl_ctx != NULL); #else wi_error_set_lib_error(WI_ERROR_SOCKET_NOSSL); return false; #endif }
const SSL_METHOD * hb_ssl_method_id_to_ptr( int n ) { const SSL_METHOD * p; switch( n ) { #if OPENSSL_VERSION_NUMBER < 0x10000000L case HB_SSL_CTX_NEW_METHOD_SSLV2: p = SSLv2_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER: p = SSLv2_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT: p = SSLv2_client_method(); break; #endif case HB_SSL_CTX_NEW_METHOD_SSLV3: p = SSLv3_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER: p = SSLv3_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT: p = SSLv3_client_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1: p = TLSv1_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER: p = TLSv1_server_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT: p = TLSv1_client_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23: p = SSLv23_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break; default: p = SSLv23_method(); } return p; }
/* Init library and load specified certificate. * Establishes a SSL_ctx, to act as a template for * each connection */ static SSL_CTX * init_openssl() { SSL_library_init(); SSL_load_error_strings(); SSL_CTX *ctx = NULL; if (OPTIONS.ETYPE == ENC_TLS) ctx = SSL_CTX_new(TLSv1_server_method()); else if (OPTIONS.ETYPE == ENC_SSL) ctx = SSL_CTX_new(SSLv23_server_method()); else assert(OPTIONS.ETYPE == ENC_TLS || OPTIONS.ETYPE == ENC_SSL); SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); if (SSL_CTX_use_certificate_file(ctx, OPTIONS.CERT_FILE, SSL_FILETYPE_PEM) <= 0) ERR_print_errors_fp(stderr); if (SSL_CTX_use_RSAPrivateKey_file(ctx, OPTIONS.CERT_FILE, SSL_FILETYPE_PEM) <= 0) ERR_print_errors_fp(stderr); if (OPTIONS.CIPHER_SUITE) if (SSL_CTX_set_cipher_list(ctx, OPTIONS.CIPHER_SUITE) != 1) ERR_print_errors_fp(stderr); return ctx; }
SSL_METHOD *sycTLSv1_server_method(void) { SSL_METHOD *result; Debug("TLSv1_server_method()"); result = TLSv1_server_method(); Debug1("TLSv1_server_method() -> %p", result); return result; }
void SSLContext::createSSLContext() { switch (_usage) { case CLIENT_USE: _sslContext = SSL_CTX_new(SSLv23_client_method()); break; case SERVER_USE: _sslContext = SSL_CTX_new(SSLv23_server_method()); break; case TLSV1_CLIENT_USE: _sslContext = SSL_CTX_new(TLSv1_client_method()); break; case TLSV1_SERVER_USE: _sslContext = SSL_CTX_new(TLSv1_server_method()); break; default: throw std::runtime_error("SSL Exception: Invalid usage"); } if (!_sslContext) { unsigned long err = ERR_get_error(); throw std::runtime_error("SSL Exception: Cannot create SSL_CTX object: " + std::string(ERR_error_string(err, 0))); } SSL_CTX_set_default_passwd_cb(_sslContext, &SSLManager::privateKeyPassphraseCallback); clearErrorStack(); SSL_CTX_set_options(_sslContext, SSL_OP_ALL); }
MSC_BOOL msc_secure_socket_library_init(MSC_LIBRARY_MODE mode) { if (g_ssl_ctx) return MSC_TRUE; SSL_library_init(); SSL_load_error_strings(); if (mode == MSC_LIBRARY_CLIENT) { g_ssl_ctx = SSL_CTX_new(TLSv1_client_method()); } else { g_ssl_ctx = SSL_CTX_new(TLSv1_server_method()); } if (!g_ssl_ctx) { fprintf(stderr, "Error initializing OpenSSL\n"); ERR_print_errors_fp(stderr); return MSC_FALSE; } return MSC_TRUE; }
wi_socket_tls_t * wi_socket_tls_init_with_type(wi_socket_tls_t *tls, wi_socket_tls_type_t type) { SSL_METHOD *method; switch(type) { default: case WI_SOCKET_TLS_CLIENT: method = TLSv1_client_method(); break; case WI_SOCKET_TLS_SERVER: method = TLSv1_server_method(); break; } tls->ssl_ctx = SSL_CTX_new(method); if(!tls->ssl_ctx) { wi_error_set_openssl_error(); wi_release(NULL); return NULL; } SSL_CTX_set_mode(tls->ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_quiet_shutdown(tls->ssl_ctx, 1); return tls; }
BOOL CSSLTcpSocket::CreateSSLTcpSocketForServer( LPCSTR pszCertFile , LPCSTR pszKeyFile ) { SSL_load_error_strings(); /*为打印调试信息作准备*/ OpenSSL_add_ssl_algorithms(); /*初始化*/ m_meth = (SSL_METHOD *)TLSv1_server_method(); /*采用什么协议(SSLv2/SSLv3/TLSv1)在此指定,TLSv1_server_method,SSLv23_server_method()*/ m_ctx = SSL_CTX_new (m_meth); //设置为要求强制校验对方(客户端)证书SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT SSL_CTX_set_verify(m_ctx,SSL_VERIFY_NONE,NULL); /*验证与否SSL_VERIFY_PEER*/ //SSL_CTX_load_verify_locations(ctx,CACERT,NULL); /*若验证,则放置CA证书*/ if (SSL_CTX_use_certificate_file(m_ctx, pszCertFile, SSL_FILETYPE_PEM) <= 0) { printf("加载证书失败!\n"); } if (SSL_CTX_use_PrivateKey_file(m_ctx, pszKeyFile, SSL_FILETYPE_PEM) <= 0) { printf("加载私钥失败!\n"); } if (!SSL_CTX_check_private_key(m_ctx)) { printf("密钥证书不匹配!\n"); } SSL_CTX_set_cipher_list(m_ctx,"DES-CBC3-SHA"); SSL_CTX_set_mode(m_ctx, SSL_MODE_AUTO_RETRY); return CreateTcpSocket(); }
/* * initialize ssl methods */ static void init_ssl_methods(void) { LM_DBG("entered\n"); #ifndef OPENSSL_NO_SSL2 ssl_methods[TLS_USE_SSLv2_cli - 1] = (SSL_METHOD*)SSLv2_client_method(); ssl_methods[TLS_USE_SSLv2_srv - 1] = (SSL_METHOD*)SSLv2_server_method(); ssl_methods[TLS_USE_SSLv2 - 1] = (SSL_METHOD*)SSLv2_method(); #endif ssl_methods[TLS_USE_SSLv3_cli - 1] = (SSL_METHOD*)SSLv3_client_method(); ssl_methods[TLS_USE_SSLv3_srv - 1] = (SSL_METHOD*)SSLv3_server_method(); ssl_methods[TLS_USE_SSLv3 - 1] = (SSL_METHOD*)SSLv3_method(); ssl_methods[TLS_USE_TLSv1_cli - 1] = (SSL_METHOD*)TLSv1_client_method(); ssl_methods[TLS_USE_TLSv1_srv - 1] = (SSL_METHOD*)TLSv1_server_method(); ssl_methods[TLS_USE_TLSv1 - 1] = (SSL_METHOD*)TLSv1_method(); ssl_methods[TLS_USE_SSLv23_cli - 1] = (SSL_METHOD*)SSLv23_client_method(); ssl_methods[TLS_USE_SSLv23_srv - 1] = (SSL_METHOD*)SSLv23_server_method(); ssl_methods[TLS_USE_SSLv23 - 1] = (SSL_METHOD*)SSLv23_method(); #if OPENSSL_VERSION_NUMBER >= 0x10001000L ssl_methods[TLS_USE_TLSv1_2_cli - 1] = (SSL_METHOD*)TLSv1_2_client_method(); ssl_methods[TLS_USE_TLSv1_2_srv - 1] = (SSL_METHOD*)TLSv1_2_server_method(); ssl_methods[TLS_USE_TLSv1_2 - 1] = (SSL_METHOD*)TLSv1_2_method(); #endif }
static SSL_METHOD *tls1_get_server_method(int ver) { if (ver == TLS1_VERSION) return(TLSv1_server_method()); else return(NULL); }
static int nixio_tls_ctx(lua_State * L) { const char *method = luaL_optlstring(L, 1, "client", NULL); luaL_getmetatable(L, NIXIO_TLS_CTX_META); SSL_CTX **ctx = lua_newuserdata(L, sizeof(SSL_CTX *)); if (!ctx) { return luaL_error(L, "out of memory"); } /* create userdata */ lua_pushvalue(L, -2); lua_setmetatable(L, -2); if (!strcmp(method, "client")) { *ctx = SSL_CTX_new(TLSv1_client_method()); } else if (!strcmp(method, "server")) { *ctx = SSL_CTX_new(TLSv1_server_method()); } else { return luaL_argerror(L, 1, "supported values: client, server"); } if (!(*ctx)) { return luaL_error(L, "unable to create TLS context"); } return 1; }
ws_ctx_t *ws_socket_ssl(int socket, char * certfile, char * keyfile) { int ret; char msg[1024]; char * use_keyfile; ws_ctx_t *ctx; ctx = ws_socket(socket); if (keyfile && (keyfile[0] != '\0')) { // Separate key file use_keyfile = keyfile; } else { // Combined key and cert file use_keyfile = certfile; } // Initialize the library if (! ssl_initialized) { SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ssl_initialized = 1; } ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); if (ctx->ssl_ctx == NULL) { ERR_print_errors_fp(stderr); fatal("Failed to configure SSL context"); } if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, use_keyfile, SSL_FILETYPE_PEM) <= 0) { sprintf(msg, "Unable to load private key file %s\n", use_keyfile); fatal(msg); } if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, certfile, SSL_FILETYPE_PEM) <= 0) { sprintf(msg, "Unable to load certificate file %s\n", certfile); fatal(msg); } // if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, "DEFAULT") != 1) { // sprintf(msg, "Unable to set cipher\n"); // fatal(msg); // } // Associate socket and ssl object ctx->ssl = SSL_new(ctx->ssl_ctx); SSL_set_fd(ctx->ssl, socket); ret = SSL_accept(ctx->ssl); if (ret < 0) { ERR_print_errors_fp(stderr); return NULL; } return ctx; }
bool SSLSocket::setupCrypto(SSLSocket *session /* = NULL */) { if (m_handle) { raise_warning("SSL/TLS already set-up for this stream"); return false; } /* need to do slightly different things, based on client/server method, * so lets remember which method was selected */ #if OPENSSL_VERSION_NUMBER < 0x00909000L SSL_METHOD *smethod; #else const SSL_METHOD *smethod; #endif switch (m_method) { case ClientSSLv23: m_client = true; smethod = SSLv23_client_method(); break; case ClientSSLv3: m_client = true; smethod = SSLv3_client_method(); break; case ClientTLS: m_client = true; smethod = TLSv1_client_method(); break; case ServerSSLv23: m_client = false; smethod = SSLv23_server_method(); break; case ServerSSLv3: m_client = false; smethod = SSLv3_server_method(); break; /* SSLv2 protocol might be disabled in the OpenSSL library */ #ifndef OPENSSL_NO_SSL2 case ClientSSLv2: m_client = true; smethod = SSLv2_client_method(); break; case ServerSSLv2: m_client = false; smethod = SSLv2_server_method(); break; #else case ClientSSLv2: case ServerSSLv2: raise_warning("OpenSSL library does not support SSL2 protocol"); return false; break; #endif case ServerTLS: m_client = false; smethod = TLSv1_server_method(); break; default: return false; } SSL_CTX *ctx = SSL_CTX_new(smethod); if (ctx == nullptr) { raise_warning("failed to create an SSL context"); return false; } SSL_CTX_set_options(ctx, SSL_OP_ALL); m_handle = createSSL(ctx); if (m_handle == nullptr) { raise_warning("failed to create an SSL handle"); SSL_CTX_free(ctx); return false; } if (!SSL_set_fd(m_handle, m_fd)) { handleError(0, true); } if (session) { SSL_copy_session_id(m_handle, session->m_handle); } return true; }
THREAD_RETURN YASSL_API server_test(void* args) { #ifdef _WIN32 WSADATA wsd; WSAStartup(0x0002, &wsd); #endif SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; int argc = 0; char** argv = 0; set_args(argc, argv, *static_cast<func_args*>(args)); tcp_accept(sockfd, clientfd, *static_cast<func_args*>(args)); tcp_close(sockfd); SSL_METHOD* method = TLSv1_server_method(); SSL_CTX* ctx = SSL_CTX_new(method); //SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5"); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); set_serverCerts(ctx); DH* dh = set_tmpDH(ctx); SSL* ssl = SSL_new(ctx); SSL_set_fd(ssl, clientfd); #ifdef NON_BLOCKING NonBlockingSSL_Accept(ssl, ctx, clientfd); #else if (SSL_accept(ssl) != SSL_SUCCESS) ServerError(ctx, ssl, clientfd, "SSL_accept failed"); #endif showPeer(ssl); printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl)); char command[1024]; int input = SSL_read(ssl, command, sizeof(command)); if (input > 0) { command[input] = 0; printf("First client command: %s\n", command); } char msg[] = "I hear you, fa shizzle!"; if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) ServerError(ctx, ssl, clientfd, "SSL_write failed"); DH_free(dh); SSL_CTX_free(ctx); SSL_shutdown(ssl); SSL_free(ssl); tcp_close(clientfd); ((func_args*)args)->return_code = 0; return 0; }
bool OpenSSLServer::setType() { m_ctx = SSL_CTX_new( TLSv1_server_method() ); if( !m_ctx ) return false; return true; }
void Context::createSSLContext() { if (SSLManager::isFIPSEnabled()) { _pSSLContext = SSL_CTX_new(TLSv1_method()); } else { switch (_usage) { case CLIENT_USE: _pSSLContext = SSL_CTX_new(SSLv23_client_method()); break; case SERVER_USE: _pSSLContext = SSL_CTX_new(SSLv23_server_method()); break; #if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1) case TLSV1_CLIENT_USE: _pSSLContext = SSL_CTX_new(TLSv1_client_method()); break; case TLSV1_SERVER_USE: _pSSLContext = SSL_CTX_new(TLSv1_server_method()); break; #endif #if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1) /* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1. * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line * if TLS1.x was removed at OpenSSL library build time via Configure options. */ case TLSV1_1_CLIENT_USE: _pSSLContext = SSL_CTX_new(TLSv1_1_client_method()); break; case TLSV1_1_SERVER_USE: _pSSLContext = SSL_CTX_new(TLSv1_1_server_method()); break; #endif #if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1) case TLSV1_2_CLIENT_USE: _pSSLContext = SSL_CTX_new(TLSv1_2_client_method()); break; case TLSV1_2_SERVER_USE: _pSSLContext = SSL_CTX_new(TLSv1_2_server_method()); break; #endif default: throw Poco::InvalidArgumentException("Invalid or unsupported usage"); } } if (!_pSSLContext) { unsigned long err = ERR_get_error(); throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0)); } SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback); Utility::clearErrorStack(); SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL); }
static void tls_exec_server(const char *user, int startfd, const char *privkey, const char *cert, int debuglevel) { SSL_CTX *sslctx; SSL *ssl; int sockfd, tcpfd, ret; pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[TLS sandbox] (server) "); #ifdef HAVE_SETPROCTITLE setproctitle("[TLS sandbox] (server) "); #endif sockfd = startfd; tcpfd = startfd + 1; SSL_load_error_strings(); SSL_library_init(); sslctx = SSL_CTX_new(TLSv1_server_method()); if (sslctx == NULL) pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ssl = SSL_new(sslctx); if (ssl == NULL) pjdlog_exitx(EX_TEMPFAIL, "SSL_new() failed."); if (SSL_use_RSAPrivateKey_file(ssl, privkey, SSL_FILETYPE_PEM) != 1) { ssl_log_errors(); pjdlog_exitx(EX_CONFIG, "SSL_use_RSAPrivateKey_file(%s) failed.", privkey); } if (SSL_use_certificate_file(ssl, cert, SSL_FILETYPE_PEM) != 1) { ssl_log_errors(); pjdlog_exitx(EX_CONFIG, "SSL_use_certificate_file(%s) failed.", cert); } if (sandbox(user, true, "proto_tls server") != 0) pjdlog_exitx(EX_CONFIG, "Unable to sandbox TLS server."); pjdlog_debug(1, "Privileges successfully dropped."); nonblock(sockfd); nonblock(tcpfd); if (SSL_set_fd(ssl, tcpfd) != 1) pjdlog_exitx(EX_TEMPFAIL, "SSL_set_fd() failed."); ret = SSL_accept(ssl); ssl_check_error(ssl, ret); tls_loop(sockfd, ssl); }
static const SSL_METHOD *tls1_get_server_method(int ver) { if (ver == TLS1_2_VERSION) return TLSv1_2_server_method(); if (ver == TLS1_1_VERSION) return TLSv1_1_server_method(); if (ver == TLS1_VERSION) return TLSv1_server_method(); return NULL; }
SSL_CTX * ssl_ctx_new (int servermode, int usetls, const char * cert_file, const char *key_file){ #if OPENSSL_VERSION_NUMBER < 0x10000000 SSL_METHOD *meth = NULL; #else const SSL_METHOD *meth = NULL; #endif SSL_CTX *ctx = NULL; //TODO debug print state value here to see what is what // whether we need one or the other, per esx version, etc if(usetls) { if(servermode) meth = TLSv1_server_method(); else meth = TLSv1_client_method(); fprintf(stderr, "if err occurs after this msg, may need" " SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2)" " or similar\n"); } else { if(servermode) meth = SSLv23_server_method(); else meth = SSLv23_client_method(); } if ( !(ctx = SSL_CTX_new (meth)) ) goto out; //NOTE first step when state = 0, apply these options. what about after? //NOTE ALSO required when steve => 1 // do not add if(!state) again SSL_CTX_set_options (ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2 /* Work around all known bugs */); //NOTE SSL_OP_NO_SSLv2 is specifically required for zware if (cert_file){ if (SSL_CTX_use_certificate_file (ctx, cert_file, SSL_FILETYPE_PEM) <= 0) goto out; if (!key_file) key_file = cert_file; if (SSL_CTX_use_PrivateKey_file (ctx, key_file, SSL_FILETYPE_PEM) <= 0) goto out; if (!SSL_CTX_check_private_key (ctx)) goto out; } SSL_CTX_set_verify (ctx, SSL_VERIFY_NONE, NULL); return ctx; out: ERR_print_errors_fp(stderr); return NULL; }
IoSecureServer *IoSecureServer_useTLS(IoSecureServer *self, IoObject *locals, IoMessage *msg) { SSL_CTX *ctx = OCTX(self); if(SSL_CTX_set_ssl_version(ctx, TLSv1_server_method()) != 1) { ERR_print_errors_fp(stderr); IoState_error_(IOSTATE, msg, "Error using TLS"); return IONIL(self); } return self; }
SSL_CTX * uh_tls_ctx_init() { SSL_CTX *c = NULL; SSL_load_error_strings(); SSL_library_init(); if( (c = SSL_CTX_new(TLSv1_server_method())) != NULL ) SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); return c; }
IoSecureServer *IoSecureServer_rawClone(IoSecureServer *proto) { IoObject *self = IoObject_rawClonePrimitive(proto); IoObject_setDataPointer_(self, (SecureServerData *)calloc(1, sizeof(SecureServerData))); SSL_CTX *ctx = SSL_CTX_new(TLSv1_server_method()); DATA(self)->ssl_ctx = ctx; SSL_CTX_set_default_passwd_cb(ctx, IoSecureSockets_Password_Callback); SSL_CTX_set_default_passwd_cb_userdata(ctx, self); SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(OCTX(proto)), SSL_CTX_get_verify_callback(OCTX(proto))); //need to do more work for the copy to be correct, also need to copy SSL method and certs. return self; }
SSL_CTX * uh_tls_ctx_init() { SSL_CTX *c; SSL_load_error_strings(); SSL_library_init(); if ((c = SSL_CTX_new(TLSv1_server_method())) != NULL) uh_tls_ctx_setup(c); return c; }
void tls_ctx_server_new(struct tls_root_ctx *ctx) { ASSERT(NULL != ctx); ctx->ctx = SSL_CTX_new (TLSv1_server_method ()); if (ctx->ctx == NULL) msg (M_SSLERR, "SSL_CTX_new TLSv1_server_method"); SSL_CTX_set_tmp_rsa_callback (ctx->ctx, tmp_rsa_cb); }
bool VSslServer::doOpen() { VLock lock(stateOpenCs); // gilgil temp 2014.03.14 // // Set server method // LOG_DEBUG("method=%s", qPrintable(methodType.str())); switch (methodType) { #ifdef _WIN32 // Linux openssl does not support SSLv2_server_method case VSslMethodType::mtSSLv2 : m_meth = (SSL_METHOD*)SSLv2_server_method(); break; #endif // _WIN32 case VSslMethodType::mtSSLv3 : m_meth = (SSL_METHOD*)SSLv3_server_method(); break; case VSslMethodType::mtSSLv23 : m_meth = (SSL_METHOD*)SSLv23_server_method(); break; case VSslMethodType::mtTLSv1 : m_meth = (SSL_METHOD*)TLSv1_server_method(); break; case VSslMethodType::mtTLSv1_1 : m_meth = (SSL_METHOD*)TLSv1_1_server_method(); break; case VSslMethodType::mtTLSv1_2 : m_meth = (SSL_METHOD*)TLSv1_2_server_method(); break; case VSslMethodType::mtDTLSv1 : m_meth = (SSL_METHOD*)DTLSv1_server_method(); break; case VSslMethodType::mtNone : default : SET_ERROR(VSslError, QString("client method error(%1)").arg(methodType.str()), VSslError::INVALID_SSL_METHOD); return false; } m_ctx = SSL_CTX_new(m_meth); if (!SSL_CTX_set_tlsext_servername_callback(m_ctx, ssl_servername_cb)) { LOG_ERROR("SSL_CTX_set_tlsext_servername_callback return false"); } if (!SSL_CTX_set_tlsext_servername_arg(m_ctx, this)) { LOG_ERROR("SSL_CTX_set_tlsext_servername_arg return false"); } if (defaultKeyCrtFileName != "") { QString fileName = certificatePath; QFileInfo fi(fileName); // if (!fi.isAbsolute()) fileName = VApp::_filePath() + fileName; // gilgil temp 2014.12.25 if (!fi.isAbsolute()) fileName = QCoreApplication::applicationDirPath() + QDir::separator() + fileName; // gilgil temp 2014.12.25 if (!fileName.endsWith('/') && !fileName.endsWith('\\')) { fileName += QDir::separator(); } fileName += defaultKeyCrtFileName; if (!setup(fileName)) return false; } if (!VTcpServer::doOpen()) return false; return true; }
const SSL_METHOD *anubis_string_to_SSL_METOHD(const char *method, int role) { if(!method) return NULL; if(!strcasecmp(method, "SSLv23")) return role == ANUBIS_ROLE_SERVER ? SSLv23_server_method() : role == ANUBIS_ROLE_CLIENT ? SSLv23_client_method() : NULL; #ifndef OPENSSL_NO_SSL2_METHOD if(!strcasecmp(method, "SSLv2")) return role == ANUBIS_ROLE_SERVER ? SSLv3_server_method() : role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL; #endif #ifndef OPENSSL_NO_SSL3_METHOD if(!strcasecmp(method, "SSLv3")) return role == ANUBIS_ROLE_SERVER ? SSLv3_server_method() : role == ANUBIS_ROLE_CLIENT ? SSLv3_client_method() : NULL; #endif if(!strcasecmp(method, "TLSv1.0")) return role == ANUBIS_ROLE_SERVER ? TLSv1_server_method() : role == ANUBIS_ROLE_CLIENT ? TLSv1_client_method() : NULL; #if OPENSSL_VERSION_NUMBER >= 0x10001000L if(!strcasecmp(method, "TLSv1.1")) return role == ANUBIS_ROLE_SERVER ? TLSv1_1_server_method() : role == ANUBIS_ROLE_CLIENT ? TLSv1_1_client_method() : NULL; if(!strcasecmp(method, "TLSv1.2")) return role == ANUBIS_ROLE_SERVER ? TLSv1_2_server_method() : role == ANUBIS_ROLE_CLIENT ? TLSv1_2_client_method() : NULL; #endif /* if(!strcasecmp(method, "DTLS1.0")) return role == ANUBIS_ROLE_SERVER ? DTLSv1_server_method() : role == ANUBIS_ROLE_CLIENT ? DTLSv1_client_method() : NULL; if(!strcasecmp(method, "DTLS1.2")) return role == ANUBIS_ROLE_SERVER ? DTLSv1_2_server_method() : role == ANUBIS_ROLE_CLIENT ? DTLSv1_2_client_method() : NULL; if(!strcasecmp(method, "DTLS")) return role == ANUBIS_ROLE_SERVER ? DTLS_server_method() : role == ANUBIS_ROLE_CLIENT ? DTLS_client_method() : NULL; */ return NULL; }//end anubis_string_to_SSL_METOHD
CryptoManager::CryptoManager() : clientContext(SSL_CTX_new(TLSv1_client_method())), serverContext(SSL_CTX_new(TLSv1_server_method())), clientVerContext(SSL_CTX_new(TLSv1_client_method())), serverVerContext(SSL_CTX_new(TLSv1_server_method())), dh(DH_new()), certsLoaded(false), lock("EXTENDEDPROTOCOLABCABCABCABCABCABC"), pk("DCPLUSPLUS" VERSIONSTRING "ABCABC") { static unsigned char dh512_p[] = { 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 0x47,0x74,0xE8,0x33, }; static unsigned char dh512_g[] = { 0x02, }; if(dh) { dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0); dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), 0); if (!dh->p || !dh->g) { DH_free(dh); dh = 0; } else { SSL_CTX_set_tmp_dh(serverContext, dh); SSL_CTX_set_tmp_dh(serverVerContext, dh); } } }
static SSL_METHOD *ssl23_get_server_method(int ver) { #ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif if (ver == SSL3_VERSION) return(SSLv3_server_method()); else if (ver == TLS1_VERSION) return(TLSv1_server_method()); else return(NULL); }
static const SSL_METHOD *swSSL_get_method(int method) { switch (method) { #ifndef OPENSSL_NO_SSL3_METHOD case SW_SSLv3_METHOD: return SSLv3_method(); case SW_SSLv3_SERVER_METHOD: return SSLv3_server_method(); case SW_SSLv3_CLIENT_METHOD: return SSLv3_client_method(); #endif case SW_SSLv23_SERVER_METHOD: return SSLv23_server_method(); case SW_SSLv23_CLIENT_METHOD: return SSLv23_client_method(); case SW_TLSv1_METHOD: return TLSv1_method(); case SW_TLSv1_SERVER_METHOD: return TLSv1_server_method(); case SW_TLSv1_CLIENT_METHOD: return TLSv1_client_method(); #ifdef TLS1_1_VERSION case SW_TLSv1_1_METHOD: return TLSv1_1_method(); case SW_TLSv1_1_SERVER_METHOD: return TLSv1_1_server_method(); case SW_TLSv1_1_CLIENT_METHOD: return TLSv1_1_client_method(); #endif #ifdef TLS1_2_VERSION case SW_TLSv1_2_METHOD: return TLSv1_2_method(); case SW_TLSv1_2_SERVER_METHOD: return TLSv1_2_server_method(); case SW_TLSv1_2_CLIENT_METHOD: return TLSv1_2_client_method(); #endif case SW_DTLSv1_METHOD: return DTLSv1_method(); case SW_DTLSv1_SERVER_METHOD: return DTLSv1_server_method(); case SW_DTLSv1_CLIENT_METHOD: return DTLSv1_client_method(); case SW_SSLv23_METHOD: default: return SSLv23_method(); } return SSLv23_method(); }
static const SSL_METHOD * ssl23_get_server_method(int ver) { if (ver == SSL3_VERSION) return (SSLv3_server_method()); else if (ver == TLS1_VERSION) return (TLSv1_server_method()); else if (ver == TLS1_1_VERSION) return (TLSv1_1_server_method()); else if (ver == TLS1_2_VERSION) return (TLSv1_2_server_method()); else return (NULL); }