C++ (Cpp) ssl_set_dh_param_ctx示例

编程语言: C++ (Cpp)

方法/功能: ssl_set_dh_param_ctx

hotexamples.com的示例: 2

C++ (Cpp) ssl_set_dh_param_ctx - 已找到2个示例。这些是从开源项目中提取的最受好评的ssl_set_dh_param_ctx现实C++ (Cpp)示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： client.c 项目： Techman-/tlsdebug-ircd

int ircd_client_init_ssl(struct ircd_client* const client)
{
	if (ssl_init(&client->ssl_ctx) != 0)
		return -1;

	// We are a server
	(void) ssl_set_endpoint(&client->ssl_ctx, SSL_IS_SERVER);

	// Tell the library how to send and receive data to the client
	(void) ssl_set_bio(&client->ssl_ctx, net_recv, &client->fd, net_send, &client->fd);

	// Tell the library how to generate random data for the client (e.g. session ticket encryption key)
	(void) ssl_set_rng(&client->ssl_ctx, hmac_drbg_random, &ircd_ssl_hmac_drbg_ctx);

	// Normally DHE- ciphersuites are enabled anyway, but do so with a stronger prime
	(void) ssl_set_dh_param_ctx(&client->ssl_ctx, &ircd_ssl_dh_ctx);

	// To request (but not require) a certificate from the client
	(void) ssl_set_authmode(&client->ssl_ctx, SSL_VERIFY_OPTIONAL);
	//(void) ssl_set_ca_chain(&client->ssl_ctx, &ircd_ssl_ca_certificates, NULL, NULL);
	(void) ssl_set_ca_chain(&client->ssl_ctx, &ircd_ssl_certificate, NULL, NULL);

	// To test if the client supports RC4 (bad, in violation of TLS standards; see RFC 7465)
	(void) ssl_set_arc4_support(&client->ssl_ctx, SSL_ARC4_ENABLED);

	// To test if the client supports SNI (good)
	(void) ssl_set_sni(&client->ssl_ctx, ircd_server_ssl_sni_cb, (void*) client);

	// To test if the client supports Session Tickets (concerning)
	(void) ssl_set_session_tickets(&client->ssl_ctx, SSL_SESSION_TICKETS_ENABLED);
	(void) ssl_set_session_ticket_lifetime(&client->ssl_ctx, 300);

	// We could do this in the SNI callback, but that would require all clients to support SNI
	(void) ssl_set_own_cert(&client->ssl_ctx, &ircd_ssl_certificate, &ircd_ssl_private_key);

#ifdef POLARSSL_SSL_CIPHERSUITES_CB
	// This is an addition of mine to the library - see the patch in patches/
	(void) ssl_set_cs_cb(&client->ssl_ctx, ircd_server_ssl_cs_cb, (void*) client);
#endif

#ifdef POLARSSL_SSL_TICKETS_CB
	// This is an addition of mine to the library - see the patch in patches/
	(void) ssl_set_tick_cb(&client->ssl_ctx, ircd_server_ssl_tick_cb, (void*) client);
#endif

	return 0;
}

示例#2

显示文件

文件： ngx_event_mbedtls.c 项目： sbagmeijer/nginx

ngx_int_t
ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
    ngx_uint_t flags)
{
    ngx_ssl_connection_t     *sc;
    ngx_ssl_conn_t           *ssl_ctx;
    ngx_ssl_session_cache_t  *cache;
    int                       sslerr;

    sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
    if (sc == NULL) {
        return NGX_ERROR;
    }

    sc->buffer = ((flags % NGX_SSL_BUFFER) != 0);

    /* Allocate the PolarSSL context */

    ssl_ctx = ngx_pcalloc(c->pool, sizeof(ngx_ssl_conn_t));
    if (sc == NULL) {
        return NGX_ERROR;
    }

    /*
     * Initialize this PolarSSL context
     *
     * Note: We also setup the options traditionally set in ngx_ssl_create
     * here since each ssl_ctx is unique to each fd.
     */

    sslerr = ssl_init(ssl_ctx);
    if (sslerr != 0) {
        ngx_mbedtls_error(NGX_LOG_ALERT, ssl->log, 0, sslerr,
                           "ssl_init failed");
        return NGX_ERROR;
    }

    if (flags & NGX_SSL_CLIENT) {
        ssl_set_endpoint(ssl_ctx, SSL_IS_CLIENT);

        if (ssl->have_own_cert) {
            ssl_set_own_cert(ssl_ctx, &ssl->own_cert, &ssl->own_key);
        }
    } else {
        ssl_set_endpoint(ssl_ctx, SSL_IS_SERVER);
        ssl_set_own_cert(ssl_ctx, &ssl->own_cert, &ssl->own_key);
    }

    if (ssl->have_ca_cert) {
        if (ssl->have_ca_crl) {
            ssl_set_ca_chain(ssl_ctx, &ssl->ca_cert, &ssl->ca_crl, NULL);
        } else {
            ssl_set_ca_chain(ssl_ctx, &ssl->ca_cert, NULL, NULL);
        }

        /*
         * ngx_event_openssl has the callback rigged to allow the handshake
         * to continue even if verification fails.  We shall do the same.
         */

        ssl_set_authmode(ssl_ctx, SSL_VERIFY_OPTIONAL);
    } else {
        ssl_set_authmode(ssl_ctx, SSL_VERIFY_NONE);
    }

    ssl_set_min_version(ssl_ctx, SSL_MAJOR_VERSION_3, ssl->minor_min);
    ssl_set_max_version(ssl_ctx, SSL_MAJOR_VERSION_3, ssl->minor_max);

    ssl_set_renegotiation(ssl_ctx, SSL_RENEGOTIATION_ENABLED);
    ssl_legacy_renegotiation(ssl_ctx, SSL_LEGACY_NO_RENEGOTIATION);

    ssl_set_rng(ssl_ctx, ngx_mbedtls_rng, &ngx_ctr_drbg);
    ssl_set_bio(ssl_ctx, net_recv, &c->fd, net_send, &c->fd);

    ssl_set_dh_param_ctx(ssl_ctx, &ssl->dhm_ctx);
    ssl_set_ciphersuites(ssl_ctx, ssl->ciphersuites);

    if (ssl->builtin_session_cache == NGX_SSL_NONE_SCACHE) {
        ssl_set_session_cache(ssl_ctx,
                ngx_mbedtls_get_cache, NULL,
                ngx_mbedtls_set_cache, NULL);
    }

    if (ssl->builtin_session_cache != NGX_SSL_NO_SCACHE) {
        cache = ssl->cache_shm_zone->data;
        cache->ttl = ssl->cache_ttl;

        ssl_set_session_cache(ssl_ctx,
                ngx_mbedtls_get_cache, ssl->cache_shm_zone,
                ngx_mbedtls_set_cache, ssl->cache_shm_zone);
    }

    if (ssl->sni_fn) {
        ssl_set_sni(ssl_ctx, ssl->sni_fn, c);
    }

    /* All done, the connection is good to go now */

    sc->connection = ssl_ctx;
    c->ssl = sc;
    
    return NGX_OK;
}