SSL_CTX* swSSL_get_context(int method, char *cert_file, char *key_file) { if (!openssl_init) { swSSL_init(); } SSL_CTX *ssl_context = SSL_CTX_new(swSSL_get_method(method)); if (ssl_context == NULL) { ERR_print_errors_fp(stderr); return NULL; } SSL_CTX_set_options(ssl_context, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl_context, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); SSL_CTX_set_options(ssl_context, SSL_OP_MSIE_SSLV2_RSA_PADDING); SSL_CTX_set_options(ssl_context, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); SSL_CTX_set_options(ssl_context, SSL_OP_TLS_D5_BUG); SSL_CTX_set_options(ssl_context, SSL_OP_TLS_BLOCK_PADDING_BUG); SSL_CTX_set_options(ssl_context, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); SSL_CTX_set_options(ssl_context, SSL_OP_SINGLE_DH_USE); if (cert_file) { /* * set the local certificate from CertFile */ if (SSL_CTX_use_certificate_file(ssl_context, cert_file, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); return NULL; } /* * set the private key from KeyFile (may be the same as CertFile) */ if (SSL_CTX_use_PrivateKey_file(ssl_context, key_file, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); return NULL; } /* * verify private key */ if (!SSL_CTX_check_private_key(ssl_context)) { swWarn("Private key does not match the public certificate"); return NULL; } } return ssl_context; }
SSL_CTX* swSSL_get_client_context(int method) { if (!openssl_init) { swSSL_init(); } SSL_CTX *context = SSL_CTX_new(swSSL_get_method(method)); if (context == NULL) { ERR_print_errors_fp(stderr); return NULL; } return context; }
SSL_CTX* swSSL_get_server_context(char *cert_file, char *key_file, int method) { if (!openssl_init) { swSSL_init(); } SSL_CTX *ssl_context = SSL_CTX_new(swSSL_get_method(method)); if (ssl_context == NULL) { ERR_print_errors_fp(stderr); return NULL; } SSL_CTX_set_options(ssl_context, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl_context, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); /* * set the local certificate from CertFile */ if (SSL_CTX_use_certificate_file(ssl_context, cert_file, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); return NULL; } /* * set the private key from KeyFile (may be the same as CertFile) */ if (SSL_CTX_use_PrivateKey_file(ssl_context, key_file, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); return NULL; } /* * verify private key */ if (!SSL_CTX_check_private_key(ssl_context)) { swWarn("Private key does not match the public certificate"); return NULL; } return ssl_context; }