这篇教程C++ ssl_handshake函数代码示例写得很实用,希望能帮到您。
本文整理汇总了C++中ssl_handshake函数的典型用法代码示例。如果您正苦于以下问题:C++ ssl_handshake函数的具体用法?C++ ssl_handshake怎么用?C++ ssl_handshake使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。 在下文中一共展示了ssl_handshake函数的30个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。 示例1: mainint main( void ){ int ret = exit_ok; int server_fd = -1; struct sockaddr_in addr;#if defined(POLARSSL_X509_CRT_PARSE_C) x509_crt ca;#endif entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; /* * 0. Initialize and setup stuff */ memset( &ssl, 0, sizeof( ssl_context ) );#if defined(POLARSSL_X509_CRT_PARSE_C) x509_crt_init( &ca );#endif entropy_init( &entropy ); if( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) != 0 ) { ret = ssl_init_failed; goto exit; } if( ssl_init( &ssl ) != 0 ) { ret = ssl_init_failed; goto exit; } ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) ssl_set_psk( &ssl, psk, sizeof( psk ), (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );#endif#if defined(POLARSSL_X509_CRT_PARSE_C) if( x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 ) { ret = x509_crt_parse_failed; goto exit; } ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME ); ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED );#endif /* * 1. Start the connection */ memset( &addr, 0, sizeof( addr ) ); addr.sin_family = AF_INET; ret = 1; /* for endianness detection */ addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE; addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; ret = 0; if( ( server_fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { ret = socket_failed; goto exit; } if( connect( server_fd, (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 ) { ret = connect_failed; goto exit; } ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); if( ssl_handshake( &ssl ) != 0 ) { ret = ssl_handshake_failed; goto exit; } /* * 2. Write the GET request and close the connection */ if( ssl_write( &ssl, (const unsigned char *) GET_REQUEST, sizeof( GET_REQUEST ) - 1 ) <= 0 ) { ret = ssl_write_failed; goto exit; } ssl_close_notify( &ssl );exit://.........这里部分代码省略.........
开发者ID:Lucky7Studio,项目名称:mbedtls,代码行数:101,
示例2: main//.........这里部分代码省略......... } printf( " ok/n" ); /* * 2. Start the connection */ printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name, opt.server_port ); fflush( stdout ); if( ( ret = net_connect( &server_fd, opt.server_name, opt.server_port ) ) != 0 ) { printf( " failed/n ! net_connect returned %d/n/n", ret ); goto exit; } /* * 3. Setup stuff */ if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n", ret ); goto exit; } ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); if( verify ) { ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED ); ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); ssl_set_verify( &ssl, my_verify, NULL ); } else ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); ssl_set_own_cert( &ssl, &clicert, &pkey );#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) ssl_set_hostname( &ssl, opt.server_name );#endif /* * 4. Handshake */ while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned %d/n/n", ret ); ssl_free( &ssl ); goto exit; } } printf( " ok/n" ); /* * 5. Print the certificate */ printf( " . Peer certificate information .../n" ); ret = x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.session->peer_cert ); if( ret == -1 ) { printf( " failed/n ! x509_crt_info returned %d/n/n", ret ); ssl_free( &ssl ); goto exit; } printf( "%s/n", buf ); ssl_close_notify( &ssl ); ssl_free( &ssl ); } else goto usage;exit: if( server_fd ) net_close( server_fd ); x509_crt_free( &cacert ); x509_crt_free( &clicert ); pk_free( &pkey ); entropy_free( &entropy );#if defined(_WIN32) printf( " + Press Enter to exit this program./n" ); fflush( stdout ); getchar();#endif return( ret );}
开发者ID:AgileBits,项目名称:polarssl,代码行数:101,
示例3: main//.........这里部分代码省略......... */ printf( "/n . Seeding the random number generator..." ); fflush( stdout ); entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { printf( " failed/n ! ctr_drbg_init returned %d/n", ret ); goto exit; } /* * 2. Start the connection */ printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name, opt.server_port ); fflush( stdout ); if( ( ret = net_connect( &server_fd, opt.server_name, opt.server_port ) ) != 0 ) { printf( " failed/n ! net_connect returned %d/n/n", ret ); goto exit; } /* * 3. Setup stuff */ if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n", ret ); goto exit; } ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); ssl_set_own_cert( &ssl, &clicert, &rsa ); ssl_set_hostname( &ssl, opt.server_name ); /* * 4. Handshake */ while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned %d/n/n", ret ); ssl_free( &ssl ); goto exit; } } printf( " ok/n" ); /* * 5. Print the certificate */ printf( " . Peer certificate information .../n" ); ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.session->peer_cert ); if( ret == -1 ) { printf( " failed/n ! x509parse_cert_info returned %d/n/n", ret ); ssl_free( &ssl ); goto exit; } printf( "%s/n", buf ); ssl_close_notify( &ssl ); ssl_free( &ssl ); } else goto usage;exit: if( server_fd ) net_close( server_fd ); x509_free( &clicert ); rsa_free( &rsa );#if defined(_WIN32) printf( " + Press Enter to exit this program./n" ); fflush( stdout ); getchar();#endif return( ret );}
开发者ID:Joe-Merten,项目名称:Stm32-Tools-Evaluation,代码行数:101,
示例4: main//.........这里部分代码省略......... } printf( " ok/n" ); /* * 2. Setup stuff */ printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n", ret ); goto exit; } printf( " ok/n" ); ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); /* * 4. Handshake */ printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned -0x%x/n/n", -ret ); goto exit; } } printf( " ok/n" ); /* * 5. Verify the server certificate */ printf( " . Verifying peer X.509 certificate..." ); if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 ) { printf( " failed/n" ); if( ( ret & BADCERT_EXPIRED ) != 0 ) printf( " ! server certificate has expired/n" ); if( ( ret & BADCERT_REVOKED ) != 0 ) printf( " ! server certificate has been revoked/n" ); if( ( ret & BADCERT_CN_MISMATCH ) != 0 ) printf( " ! CN mismatch (expected CN=%s)/n", "PolarSSL Server 1" ); if( ( ret & BADCERT_NOT_TRUSTED ) != 0 ) printf( " ! self-signed or not signed by a trusted CA/n" ); printf( "/n" );
开发者ID:191919,项目名称:polarssl,代码行数:67,
示例5: ssl_server//.........这里部分代码省略......... ssl_set_session_cache( &ssl, ssl_cache_get, &cache, ssl_cache_set, &cache );#endif ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); printf( " ok/n/r" ); for(;;) { /* * Wait until a client connects */ client_fd = -1; printf( " . Waiting for a remote connection ..." ); if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 ) { printf( " failed/n ! net_accept returned %d/n/n", ret ); goto exit; } printf( " ok/n/r" ); /* * Handshake */ printf( " . Performing the SSL/TLS handshake..." ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned -0x%x/n/n", -ret ); goto reset; } } printf( " ok/n/r" ); /* * Read the HTTP Request */ printf( " < Read from client:" ); memset( buf, 0, sizeof( buf ) ); len = 0; do { ret = ssl_read( &ssl, buf + len, 1523 - len); if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE ) continue; if( ret <= 0 ) { switch( ret ) { case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY: printf( " connection was closed gracefully/n" ); break; case POLARSSL_ERR_NET_CONN_RESET:
开发者ID:eemei,项目名称:library-stm32f4,代码行数:67,
示例6: tempvoid IRCClientThread::thread(){ int ciphersuites[] = { SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_AES_128_SHA, SSL_EDH_RSA_CAMELLIA_128_SHA, SSL_EDH_RSA_DES_168_SHA, SSL_RSA_AES_256_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_RSA_AES_128_SHA, SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_DES_168_SHA, SSL_RSA_RC4_128_SHA, SSL_RSA_RC4_128_MD5, 0 }; int rval=0; fd_set readfs; fd_set writefs; struct timeval tv; std::string temp(""); // setup SSL connection first if(m_contype==IRCClientConnection::CON_SSL) { m_log->Error("IRCClientThread::thread SSL handshaking with client"); ssl_set_ciphersuites(&(m_ssl->m_ssl),ciphersuites); rval=ssl_handshake(&(m_ssl->m_ssl)); if(rval!=0) { StringFunctions::Convert(rval,temp); m_log->Error("IRCClientThread::thread couldn't handshake with client - return value = "+temp); Disconnect(); return; } } while(should_stop()==false && IsConnected()==true) { tv.tv_sec=0; tv.tv_usec=100000; FD_ZERO(&readfs); FD_ZERO(&writefs); FD_SET(m_socket,&readfs); if(SendBufferSize()>0) { FD_SET(m_socket,&writefs); } rval=select(m_socket+1,&readfs,&writefs,0,&tv); if(rval>0) { if(FD_ISSET(m_socket,&readfs)) { SocketReceive(); } if(IsConnected() && FD_ISSET(m_socket,&writefs)) { SocketSend(); } } if(m_wantdisconnect==true) { Disconnect(); } }}
开发者ID:SeekingFor,项目名称:FLIP,代码行数:72,
示例7: run_ssl//.........这里部分代码省略......... fprintf(stderr, "x509parse_crtpath failed"); break; default: die("Unable to load CA certficate container %s", ca_cert_container); } } } entropy_init (&entropy); if (0 != ctr_drbg_init (&ctr_drbg, entropy_func, &entropy, (unsigned char *) pers, strlen(pers))) { die("Failed to initialize CTR_DRBG"); } if (0 != ssl_init (&ssl)) { die("SSL initialization failed"); } ssl_set_endpoint (&ssl, SSL_IS_CLIENT); ssl_set_rng (&ssl, ctr_drbg_random, &ctr_drbg); ssl_set_ca_chain (&ssl, &cacert, NULL, hostname_to_verify); if (ca_racket) { // You can do SSL_VERIFY_REQUIRED here, but then the check in // inspect_key() never happens as the ssl_handshake() will fail. ssl_set_authmode (&ssl, SSL_VERIFY_OPTIONAL); } if (proxy) { char *scheme; char *proxy_host; char *proxy_port; parse_proxy_uri (proxy, &scheme, &proxy_host, &proxy_port); verb("V: opening socket to proxy %s:%s", proxy_host, proxy_port); if (0 != net_connect (&server_fd, proxy_host, atoi(proxy_port))) { die ("SSL connection failed"); } proxy_polarssl_init (&proxy_ctx); proxy_polarssl_set_bio (&proxy_ctx, net_recv, &server_fd, net_send, &server_fd); proxy_polarssl_set_host (&proxy_ctx, host); proxy_polarssl_set_port (&proxy_ctx, atoi(port)); proxy_polarssl_set_scheme (&proxy_ctx, scheme); ssl_set_bio (&ssl, proxy_polarssl_recv, &proxy_ctx, proxy_polarssl_send, &proxy_ctx); verb("V: Handle proxy connection"); if (0 == proxy_ctx.f_connect (&proxy_ctx)) die("Proxy connection failed"); } else { verb("V: opening socket to %s:%s", host, port); if (0 != net_connect (&server_fd, host, atoi(port))) { die ("SSL connection failed"); } ssl_set_bio (&ssl, net_recv, &server_fd, net_send, &server_fd); } verb("V: starting handshake"); if (0 != ssl_do_handshake_part (&ssl)) die("SSL handshake first part failed"); uint32_t timestamp = ( (uint32_t) ssl.in_msg[6] << 24 ) | ( (uint32_t) ssl.in_msg[7] << 16 ) | ( (uint32_t) ssl.in_msg[8] << 8 ) | ( (uint32_t) ssl.in_msg[9] ); check_timestamp (timestamp); verb("V: continuing handshake"); /* Continue with handshake */ while (0 != (ret = ssl_handshake (&ssl))) { if (POLARSSL_ERR_NET_WANT_READ != ret && POLARSSL_ERR_NET_WANT_WRITE != ret) { die("SSL handshake failed"); } } // Verify the peer certificate against the CA certs on the local system if (ca_racket) { inspect_key (&ssl, hostname_to_verify); } else { verb ("V: Certificate verification skipped!"); } check_key_length (&ssl); memcpy (time_map, ×tamp, sizeof(uint32_t)); proxy_polarssl_free (&proxy_ctx); ssl_free (&ssl); x509_free (&cacert);}
开发者ID:DonnchaC,项目名称:tlsdate,代码行数:101,
示例8: Curl_polarssl_connect//.........这里部分代码省略......... if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size); infof(data, "PolarSSL re-using session/n"); } ssl_set_session(&conn->ssl[sockindex].ssl, 1, 600, &conn->ssl[sockindex].ssn); ssl_set_ca_chain(&conn->ssl[sockindex].ssl, &conn->ssl[sockindex].cacert, &conn->ssl[sockindex].crl, conn->host.name); ssl_set_own_cert(&conn->ssl[sockindex].ssl, &conn->ssl[sockindex].clicert, &conn->ssl[sockindex].rsa); if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6 !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif sni && ssl_set_hostname(&conn->ssl[sockindex].ssl, conn->host.name)) { infof(data, "WARNING: failed to configure " "server name indication (SNI) TLS extension/n"); } infof(data, "PolarSSL: performing SSL/TLS handshake.../n");#ifdef POLARSSL_DEBUG ssl_set_dbg(&conn->ssl[sockindex].ssl, polarssl_debug, data);#endif for(;;) { if(!(ret = ssl_handshake(&conn->ssl[sockindex].ssl))) break; else if(ret != POLARSSL_ERR_NET_TRY_AGAIN) { failf(data, "ssl_handshake returned -0x%04X", -ret); return CURLE_SSL_CONNECT_ERROR; } else { /* wait for data from server... */ long timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { failf(data, "SSL connection timeout"); return CURLE_OPERATION_TIMEDOUT; } switch(Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, timeout_ms)) { case 0: failf(data, "SSL handshake timeout"); return CURLE_OPERATION_TIMEDOUT; break; case CURL_CSELECT_IN: continue; break; default: return CURLE_SSL_CONNECT_ERROR; break; } } } infof(data, "PolarSSL: Handshake complete, cipher is %s/n", ssl_get_cipher(&conn->ssl[sockindex].ssl));
开发者ID:DTwomey,项目名称:ark2d,代码行数:67,
示例9: while//.........这里部分代码省略......... { BufferIn = CommandBuffer.InBuffer.at(0).m_Address; BufferInSize = CommandBuffer.InBuffer.at(0).m_Size; } if (CommandBuffer.PayloadBuffer.size() > 0) { BufferOut = CommandBuffer.PayloadBuffer.at(0).m_Address; BufferOutSize = CommandBuffer.PayloadBuffer.at(0).m_Size; } if (CommandBuffer.PayloadBuffer.size() > 1) { BufferOut2 = CommandBuffer.PayloadBuffer.at(1).m_Address; BufferOutSize2 = CommandBuffer.PayloadBuffer.at(1).m_Size; } if (CommandBuffer.InBuffer.size() > 1) { BufferIn2 = CommandBuffer.InBuffer.at(1).m_Address; BufferInSize2 = CommandBuffer.InBuffer.at(1).m_Size; } if (it->is_ssl) { int sslID = Memory::Read_U32(BufferOut) - 1; if (SSLID_VALID(sslID)) { switch (it->ssl_type) { case IOCTLV_NET_SSL_DOHANDSHAKE: { int ret = ssl_handshake(&CWII_IPC_HLE_Device_net_ssl::_SSL[sslID].ctx); switch (ret) { case 0: Memory::Write_U32(SSL_OK, BufferIn); break; case POLARSSL_ERR_NET_WANT_READ: Memory::Write_U32(SSL_ERR_RAGAIN, BufferIn); if (!nonBlock) ReturnValue = SSL_ERR_RAGAIN; break; case POLARSSL_ERR_NET_WANT_WRITE: Memory::Write_U32(SSL_ERR_WAGAIN, BufferIn); if (!nonBlock) ReturnValue = SSL_ERR_WAGAIN; break; default: Memory::Write_U32(SSL_ERR_FAILED, BufferIn); break; } INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_DOHANDSHAKE = (%d) " "BufferIn: (%08x, %i), BufferIn2: (%08x, %i), " "BufferOut: (%08x, %i), BufferOut2: (%08x, %i)", ret, BufferIn, BufferInSize, BufferIn2, BufferInSize2, BufferOut, BufferOutSize, BufferOut2, BufferOutSize2); break; } case IOCTLV_NET_SSL_WRITE: { int ret = ssl_write(&CWII_IPC_HLE_Device_net_ssl::_SSL[sslID].ctx, Memory::GetPointer(BufferOut2), BufferOutSize2);
开发者ID:calmbrain,项目名称:dolphin,代码行数:66,
示例10: polarssl_connect_step2static CURLcodepolarssl_connect_step2(struct connectdata *conn, int sockindex){ int ret; struct SessionHandle *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; char buffer[1024]; char errorbuf[128]; memset(errorbuf, 0, sizeof(errorbuf)); conn->recv[sockindex] = polarssl_recv; conn->send[sockindex] = polarssl_send; for(;;) { if(!(ret = ssl_handshake(&connssl->ssl))) break; else if(ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE) {#ifdef POLARSSL_ERROR_C error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */ failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s", -ret, errorbuf); return CURLE_SSL_CONNECT_ERROR; } else { if(ret == POLARSSL_ERR_NET_WANT_READ) { connssl->connecting_state = ssl_connect_2_reading; return CURLE_OK; } if(ret == POLARSSL_ERR_NET_WANT_WRITE) { connssl->connecting_state = ssl_connect_2_writing; return CURLE_OK; } failf(data, "SSL_connect failed with error %d.", ret); return CURLE_SSL_CONNECT_ERROR; } } infof(data, "PolarSSL: Handshake complete, cipher is %s/n", ssl_get_ciphersuite(&conn->ssl[sockindex].ssl) ); ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); if(ret && data->set.ssl.verifypeer) { if(ret & BADCERT_EXPIRED) failf(data, "Cert verify failed: BADCERT_EXPIRED"); if(ret & BADCERT_REVOKED) { failf(data, "Cert verify failed: BADCERT_REVOKED"); return CURLE_SSL_CACERT; } if(ret & BADCERT_CN_MISMATCH) failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); if(ret & BADCERT_NOT_TRUSTED) failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); return CURLE_PEER_FAILED_VERIFICATION; } if(ssl_get_peer_cert(&(connssl->ssl))) { /* If the session was resumed, there will be no peer certs */ memset(buffer, 0, sizeof(buffer)); if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ", ssl_get_peer_cert(&(connssl->ssl))) != -1) infof(data, "Dumping cert info:/n%s/n", buffer); } connssl->connecting_state = ssl_connect_3; infof(data, "SSL connected/n"); return CURLE_OK;}
开发者ID:9smart,项目名称:9Store,代码行数:81,
示例11: add_connection/* * add_connection - creates a client which has just connected to us on * the given fd. The sockhost field is initialized with the ip# of the host. * An unique id is calculated now, in case it is needed for auth. * The client is sent to the auth module for verification, and not put in * any client list yet. */voidadd_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd){ struct Client *new_client; assert(NULL != listener); new_client = make_client(NULL); fd_open(&new_client->localClient->fd, fd, 1, (listener->flags & LISTENER_SSL) ? "Incoming SSL connection" : "Incoming connection"); /* * copy address to 'sockhost' as a string, copy it to host too * so we have something valid to put into error messages... */ memcpy(&new_client->ip, irn, sizeof(struct irc_ssaddr)); irc_getnameinfo((struct sockaddr*)&new_client->ip, new_client->ip.ss_len, new_client->sockhost, HOSTIPLEN, NULL, 0, NI_NUMERICHOST); new_client->aftype = new_client->ip.ss.ss_family;#ifdef IPV6 if (new_client->sockhost[0] == ':') strlcat(new_client->host, "0", HOSTLEN+1); if (new_client->aftype == AF_INET6 && ConfigFileEntry.dot_in_ip6_addr == 1) { strlcat(new_client->host, new_client->sockhost,HOSTLEN+1); strlcat(new_client->host, ".", HOSTLEN+1); } else#endif strlcat(new_client->host, new_client->sockhost,HOSTLEN+1); new_client->connect_id = ++connect_id; new_client->localClient->listener = listener; ++listener->ref_count;#ifdef HAVE_LIBCRYPTO if (listener->flags & LISTENER_SSL) { if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.ctx)) == NULL) { ilog(L_CRIT, "SSL_new() ERROR! -- %s", ERR_error_string(ERR_get_error(), NULL)); SetDead(new_client); exit_client(new_client, new_client, "SSL_new failed"); return; } SSL_set_fd(new_client->localClient->fd.ssl, fd); ssl_handshake(0, new_client); } else#endif execute_callback(auth_cb, new_client);}
开发者ID:KSoute,项目名称:oftc-hybrid,代码行数:68,
示例12: process virtual int process() { return ssl_handshake(&m_pThis->m_ssl); }
开发者ID:Mirwangsir,项目名称:fibjs,代码行数:4,
示例13: main//.........这里部分代码省略......... printf( " . Setting up the DTLS structure..." ); fflush( stdout ); if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n", ret ); goto exit; } printf( " ok/n" ); ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_transport( &ssl, SSL_TRANSPORT_DATAGRAM ); /* OPTIONAL is usually a bad choice for security, but makes interop easier * in this simplified example, in which the ca chain is hardcoded. * Production code should set a proper ca chain and use REQUIRED. */ ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio_timeout( &ssl, &server_fd, net_send, net_recv, net_recv_timeout, READ_TIMEOUT_MS ); /* * 4. Handshake */ printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); do ret = ssl_handshake( &ssl ); while( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE ); if( ret != 0 ) { printf( " failed/n ! ssl_handshake returned -0x%x/n/n", -ret ); goto exit; } printf( " ok/n" ); /* * 5. Verify the server certificate */ printf( " . Verifying peer X.509 certificate..." ); /* In real life, we would have used SSL_VERIFY_REQUIRED so that the * handshake would not succeed if the peer's cert is bad. Even if we used * SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */ if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 ) { printf( " failed/n" ); if( ( ret & BADCERT_EXPIRED ) != 0 ) printf( " ! server certificate has expired/n" ); if( ( ret & BADCERT_REVOKED ) != 0 ) printf( " ! server certificate has been revoked/n" ); if( ( ret & BADCERT_CN_MISMATCH ) != 0 ) printf( " ! CN mismatch (expected CN=%s)/n", SERVER_NAME );
开发者ID:TheBaobabTeam,项目名称:linphone-android,代码行数:66,
示例14: io_handle_fd/* ------------------------------------------------------------------------ * * Handle pending I/O events * * ------------------------------------------------------------------------ */void io_handle_fd(int fd){ io_list[fd].status.onwrite = 0; io_list[fd].status.onread = 0; /* Do SSL handshakes if not done yet */#ifdef HAVE_SSL if(io_list[fd].ssl && io_list[fd].sslstate) { if(ssl_handshake(fd, &io_list[fd])) { io_list[fd].status.onread = 1; io_list[fd].status.onwrite = 1; io_list[fd].status.err = 1; if(io_list[fd].sslerror) io_list[fd].error = 666; else io_list[fd].error = 0; io_list[fd].status.closed = 1; if(io_list[fd].callbacks[IO_CB_READ]) io_list[fd].callbacks[IO_CB_READ](fd, io_list[fd].args[0], io_list[fd].args[1], io_list[fd].args[1], io_list[fd].args[2]); io_list[fd].status.closed = 0; io_destroy(fd); return; } }#endif /* There is data on the fd */ if(!io_list[fd].status.err && !io_list[fd].status.closed && (io_list[fd].status.events & IO_READ)) { /* If this fd is queued then we read now and fill the queue */ if(io_list[fd].control.recvq) { io_list[fd].ret = io_queued_read(fd); if(io_list[fd].ret <= 0) { if(!(io_list[fd].ret <= 0 && (io_list[fd].error == EAGAIN || io_list[fd].error == EWOULDBLOCK))) { io_list[fd].status.closed = 1; io_list[fd].status.err = (io_list[fd].ret < 0); io_list[fd].status.onread = 1;/* io_queued_write(fd);*/ io_remove_fd(fd); if(io_list[fd].control.events) io_unset_events(fd, IO_READ|IO_WRITE|IO_ERROR); } } } } /* We can write to the fd :D */ if(io_list[fd].status.events & IO_WRITE) { /* If this fd is queued then we try to write */ if(io_list[fd].control.sendq && !io_list[fd].status.err && !io_list[fd].status.dead) { io_list[fd].ret = io_queued_write(fd); if(io_list[fd].ret < 0) { io_list[fd].status.onwrite = 1; io_queued_write(fd); io_remove_fd(fd); if(io_list[fd].control.events) io_unset_events(fd, IO_READ|IO_WRITE|IO_ERROR); } } if(io_list[fd].status.err || io_list[fd].status.dead) io_list[fd].status.events |= IO_READ; } /* We had an error */ if(io_list[fd].status.events & IO_ERROR) { /* Call error callback for this fd if present */ if(io_list[fd].callbacks[IO_CB_ERROR]) io_list[fd].callbacks[IO_CB_ERROR](fd, io_list[fd].args[0], io_list[fd].args[1], io_list[fd].args[1], io_list[fd].args[2]); } if(!io_list[fd].status.err && (io_list[fd].status.events & IO_WRITE))//.........这里部分代码省略.........
开发者ID:darcyg,项目名称:chaosircd,代码行数:101,
示例15: ncat_listen_stream//.........这里部分代码省略......... if (o.debug > 1 && o.broker) logdebug("Broker connection count is %d/n", get_conn_count()); if (o.idletimeout > 0) ms_to_timeval(tvp, o.idletimeout); fds_ready = fselect(client_fdlist.fdmax + 1, &readfds, &writefds, NULL, tvp); if (o.debug > 1) logdebug("select returned %d fds ready/n", fds_ready); if (fds_ready == 0) bye("Idle timeout expired (%d ms).", o.idletimeout); /* * FIXME: optimize this loop to look only at the fds in the fd list, * doing it this way means that if you have one descriptor that is very * large, say 500, and none close to it, that you'll loop many times for * nothing. */ for (i = 0; i <= client_fdlist.fdmax && fds_ready > 0; i++) { /* Loop through descriptors until there's something to read */ if (!FD_ISSET(i, &readfds) && !FD_ISSET(i, &writefds)) continue; if (o.debug > 1) logdebug("fd %d is ready/n", i);#ifdef HAVE_OPENSSL /* Is this an ssl socket pending a handshake? If so handle it. */ if (o.ssl && FD_ISSET(i, &sslpending_fds)) { FD_CLR(i, &master_readfds); FD_CLR(i, &master_writefds); fdi = get_fdinfo(&client_fdlist, i); ncat_assert(fdi != NULL); switch (ssl_handshake(fdi)) { case NCAT_SSL_HANDSHAKE_COMPLETED: /* Clear from sslpending_fds once ssl is established */ FD_CLR(i, &sslpending_fds); post_handle_connection(*fdi); break; case NCAT_SSL_HANDSHAKE_PENDING_WRITE: FD_SET(i, &master_writefds); break; case NCAT_SSL_HANDSHAKE_PENDING_READ: FD_SET(i, &master_readfds); break; case NCAT_SSL_HANDSHAKE_FAILED: default: SSL_free(fdi->ssl); Close(fdi->fd); FD_CLR(i, &sslpending_fds); FD_CLR(i, &master_readfds); rm_fd(&client_fdlist, i); /* Are we in single listening mode(without -k)? If so then we should quit also. */ if (!o.keepopen && !o.broker) return 1; --conn_inc; break; } } else#endif if (FD_ISSET(i, &listen_fds)) { /* we have a new connection request */ handle_connection(i); } else if (i == STDIN_FILENO) { if (o.broker) { read_and_broadcast(i); } else { /* Read from stdin and write to all clients. */ rc = read_stdin(); if (rc == 0) { if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.sendonly)) { /* There will be nothing more to send. If we're not receiving anything, we can quit here. */ return 0; } if (!o.noshutdown) shutdown_sockets(SHUT_WR); } if (rc < 0) return 1; } } else if (!o.sendonly) { if (o.broker) { read_and_broadcast(i); } else { /* Read from a client and write to stdout. */ rc = read_socket(i); if (rc <= 0 && !o.keepopen) return rc == 0 ? 0 : 1; } } fds_ready--; } } return 0;}
开发者ID:Araleii,项目名称:nmap,代码行数:101,
示例16: mallocchar *mlsc_network_request(char *request, int debug_level) { int ret, len, server_fd = -1; char tmpbuf[BUFFER_SIZE]; char *buf = malloc(BUFFER_SIZE); const char *pers = "ssl_client1"; entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; x509_crt cacert;#if defined(POLARSSL_DEBUG_C) if (debug_level) debug_set_threshold(1);#endif /* * 0. Initialize the RNG and the session data */ memset(&ssl, 0, sizeof(ssl_context)); x509_crt_init(&cacert); if (debug_level) fprintf(stderr, "/n . Seeding the random number generator..."); entropy_init(&entropy); if ((ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { if (debug_level) fprintf(stderr, " failed/n ! ctr_drbg_init returned %d/n", ret); goto exit; } if (debug_level) fprintf(stderr, " ok/n"); /* * 0. Initialize certificates */ if (debug_level) fprintf(stderr, " . Loading the CA root certificate ..."); fflush(stdout);#if defined(POLARSSL_CERTS_C) ret = x509_crt_parse(&cacert, (const unsigned char *) test_ca_list, strlen(test_ca_list));#else ret = 1; if (debug_level) fprintf(stderr, "POLARSSL_CERTS_C not defined.");#endif if (ret < 0) { if (debug_level) fprintf(stderr, " failed/n ! x509_crt_parse returned -0x%x/n/n", -ret); goto exit; } if (debug_level) fprintf(stderr, " ok (%d skipped)/n", ret); /* * 1. Start the connection */ if (debug_level) fprintf(stderr, " . Connecting to tcp/%s/%4d...", SERVER_NAME, SERVER_PORT); if ((ret = net_connect(&server_fd, SERVER_NAME, SERVER_PORT)) != 0) { if (debug_level) fprintf(stderr, " failed/n ! net_connect returned %d/n/n", ret); goto exit; } if (debug_level) fprintf(stderr, " ok/n"); /* * 2. Setup stuff */ if (debug_level) fprintf(stderr, " . Setting up the SSL/TLS structure..."); if ((ret = ssl_init(&ssl)) != 0) { if (debug_level) fprintf(stderr, " failed/n ! ssl_init returned %d/n/n", ret); goto exit; } if (debug_level) fprintf(stderr, " ok/n"); ssl_set_endpoint(&ssl, SSL_IS_CLIENT); /* OPTIONAL is not optimal for security, * but makes interop easier in this simplified example */ ssl_set_authmode(&ssl, SSL_VERIFY_OPTIONAL); ssl_set_ca_chain(&ssl, &cacert, NULL, SERVER_NAME); ssl_set_rng(&ssl, ctr_drbg_random, &ctr_drbg); ssl_set_bio(&ssl, net_recv, &server_fd, net_send, &server_fd); /* * 4. Handshake */ if (debug_level) fprintf(stderr, " . Performing the SSL/TLS handshake..."); while ((ret = ssl_handshake(&ssl)) != 0) { if (ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE) { fprintf(stderr, " failed/n ! ssl_handshake returned -0x%x/n/n", -ret);//.........这里部分代码省略.........
开发者ID:mar-v-in,项目名称:mlsc,代码行数:101,
示例17: main//.........这里部分代码省略......... if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n", ret ); goto accept; } printf( " ok/n" ); ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_rng( &ssl, havege_rand, &hs ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); ssl_set_scb( &ssl, my_get_session, my_set_session ); ssl_set_ciphers( &ssl, my_ciphers ); ssl_set_session( &ssl, 1, 0, &ssn ); memset( &ssn, 0, sizeof( ssl_session ) ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G ); /* * 5. Handshake */ printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_TRY_AGAIN ) { printf( " failed/n ! ssl_handshake returned %d/n/n", ret ); goto accept; } } printf( " ok/n" ); /* * 6. Read the HTTP Request */ printf( " < Read from client:" ); fflush( stdout ); do { len = sizeof( buf ) - 1; memset( buf, 0, sizeof( buf ) ); ret = ssl_read( &ssl, buf, len ); if( ret == POLARSSL_ERR_NET_TRY_AGAIN ) continue; if( ret <= 0 ) { switch( ret ) { case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY: printf( " connection was closed gracefully/n" ); break;
开发者ID:nagash91,项目名称:EDC,代码行数:67,
示例18: estHandshake/* Initiate or continue SSL handshaking with the peer. This routine does not block. Return -1 on errors, 0 incomplete and awaiting I/O, 1 if successful */static int estHandshake(Webs *wp){ WebsSocket *sp; EstSocket *est; int rc, vrc, trusted; est = (EstSocket*) wp->ssl; trusted = 1; rc = 0; sp = socketPtr(wp->sid); sp->flags |= SOCKET_HANDSHAKING; while (est->ctx.state != SSL_HANDSHAKE_OVER) { if ((rc = ssl_handshake(&est->ctx)) != 0) { if (rc == EST_ERR_NET_TRY_AGAIN) { return 0; } break; } } sp->flags &= ~SOCKET_HANDSHAKING; /* Analyze the handshake result */ if (rc < 0) { if (rc == EST_ERR_SSL_PRIVATE_KEY_REQUIRED && !(*BIT_GOAHEAD_KEY || *BIT_GOAHEAD_CERTIFICATE)) { error("Missing required certificate and key"); } else { error("Cannot handshake: error -0x%x", -rc); } sp->flags |= SOCKET_EOF; errno = EPROTO; return -1; } else if ((vrc = ssl_get_verify_result(&est->ctx)) != 0) { if (vrc & BADCERT_EXPIRED) { logmsg(2, "Certificate expired"); } else if (vrc & BADCERT_REVOKED) { logmsg(2, "Certificate revoked"); } else if (vrc & BADCERT_CN_MISMATCH) { logmsg(2, "Certificate common name mismatch"); } else if (vrc & BADCERT_NOT_TRUSTED) { if (vrc & BADCERT_SELF_SIGNED) { logmsg(2, "Self-signed certificate"); } else { logmsg(2, "Certificate not trusted"); } trusted = 0; } else { if (est->ctx.client_auth && !*BIT_GOAHEAD_CERTIFICATE) { logmsg(2, "Server requires a client certificate"); } else if (rc == EST_ERR_NET_CONN_RESET) { logmsg(2, "Peer disconnected"); } else { logmsg(2, "Cannot handshake: error -0x%x", -rc); } } if (BIT_GOAHEAD_VERIFY_PEER) { /* If not verifying the issuer, permit certs that are only untrusted (no other error). This allows self-signed certs. */ if (!BIT_GOAHEAD_VERIFY_ISSUER && !trusted) { return 1; } else { sp->flags |= SOCKET_EOF; errno = EPROTO; return -1; } } } return 1;}
开发者ID:JasonCC,项目名称:goahead,代码行数:83,
示例19: pthread_selfstatic void *handle_ssl_connection( void *data ){ int ret, len; thread_info_t *thread_info = (thread_info_t *) data; int client_fd = thread_info->client_fd; int thread_id = (int) pthread_self(); unsigned char buf[1024]; char pers[50]; ssl_context ssl; ctr_drbg_context ctr_drbg; /* Make sure memory references are valid */ memset( &ssl, 0, sizeof( ssl_context ) ); memset( &ctr_drbg, 0, sizeof( ctr_drbg_context ) ); snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id ); polarssl_printf( " [ #%d ] Client FD %d/n", thread_id, client_fd ); polarssl_printf( " [ #%d ] Seeding the random number generator.../n", thread_id ); /* entropy_func() is thread-safe if POLARSSL_THREADING_C is set */ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, thread_info->entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { polarssl_printf( " [ #%d ] failed: ctr_drbg_init returned -0x%04x/n", thread_id, -ret ); goto thread_exit; } polarssl_printf( " [ #%d ] ok/n", thread_id ); /* * 4. Setup stuff */ polarssl_printf( " [ #%d ] Setting up the SSL data..../n", thread_id ); if( ( ret = ssl_init( &ssl ) ) != 0 ) { polarssl_printf( " [ #%d ] failed: ssl_init returned -0x%04x/n", thread_id, -ret ); goto thread_exit; } ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); /* RC4 is deprecated, disable it */ ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); /* ssl_cache_get() and ssl_cache_set() are thread-safe if * POLARSSL_THREADING_C is set. */#if defined(POLARSSL_SSL_CACHE_C) ssl_set_session_cache( &ssl, ssl_cache_get, thread_info->cache, ssl_cache_set, thread_info->cache );#endif ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL ); if( ( ret = ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 ) { polarssl_printf( " failed/n ! ssl_set_own_cert returned %d/n/n", ret ); goto thread_exit; } polarssl_printf( " [ #%d ] ok/n", thread_id ); ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); polarssl_printf( " [ #%d ] ok/n", thread_id ); /* * 5. Handshake */ polarssl_printf( " [ #%d ] Performing the SSL/TLS handshake/n", thread_id ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { polarssl_printf( " [ #%d ] failed: ssl_handshake returned -0x%04x/n", thread_id, -ret ); goto thread_exit; } } polarssl_printf( " [ #%d ] ok/n", thread_id ); /* * 6. Read the HTTP Request */ polarssl_printf( " [ #%d ] < Read from client/n", thread_id ); do//.........这里部分代码省略.........
开发者ID:ariia-git,项目名称:console-client,代码行数:101,
示例20: http_requestbool http_request (const char *url, const u32 max_size) { int linecount; int sslcontext = -1; if (!http_split_url(&http_host, &http_path, url)) return false; if (strncasecmp (url, "http://", 7) == 0) http_port = 80; else http_port = 443; http_max_size = max_size; http_status = 404; content_length = 0; http_data = NULL; int s = tcp_connect (http_host, http_port); if (s < 0) { result = HTTPR_ERR_CONNECT; return false; } if(http_port == 443) { //patched out anyways so just to set something sslcontext = ssl_new((u8*)http_host,0); if(sslcontext < 0) { gprintf("ssl_new/n"); result = HTTPR_ERR_CONNECT; net_close (s); return false; } //patched out anyways so just to set something ssl_setbuiltinclientcert(sslcontext,0); if(ssl_connect(sslcontext,s) < 0) { gprintf("ssl_connect/n"); result = HTTPR_ERR_CONNECT; ssl_shutdown(sslcontext); net_close (s); return false; } int ret = ssl_handshake(sslcontext); if(ret < 0) { gprintf("ssl_handshake %i/n", ret); result = HTTPR_ERR_STATUS; ssl_shutdown(sslcontext); net_close (s); return false; } } char *request = (char *) memalign (32, 1024*2); snprintf(request, 1024*2, "GET %s HTTP/1.1/r/n" "Host: %s/r/n" "Cache-Control: no-cache/r/n/r/n", http_path, http_host); bool b = tcp_write (http_port == 443 ? sslcontext : s, (u8 *) request, strlen (request)); free (request); linecount = 0; for (linecount=0; linecount < 32; linecount++) { char *line = tcp_readln (http_port == 443 ? sslcontext : s, 0xff, gettime(), (u16)HTTP_TIMEOUT); if (!line) { http_status = 404; result = HTTPR_ERR_REQUEST; break; } if (strlen (line) < 1) { free (line); line = NULL; break; } sscanf (line, "HTTP/1.%*u %u", &http_status); sscanf (line, "Content-Length: %u", &content_length); gprintf(line); gprintf("/n"); free (line); line = NULL; } if (linecount == 32 || !content_length) http_status = 404; if (http_status != 200) { result = HTTPR_ERR_STATUS; if(http_port == 443) ssl_shutdown(sslcontext); net_close (s); return false; } if (content_length > http_max_size) { result = HTTPR_ERR_TOOBIG; if(http_port == 443) ssl_shutdown(sslcontext); net_close (s); return false;//.........这里部分代码省略.........
开发者ID:Daniel-Warner-X,项目名称:Nintendont,代码行数:101,
示例21: main//.........这里部分代码省略......... } }#endif#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) if( ( ret = ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ) ) != 0 ) { printf( " failed/n ! ssl_set_psk returned %d/n/n", ret ); goto exit; }#endif#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { printf( " failed/n ! ssl_set_hostname returned %d/n/n", ret ); goto exit; }#endif if( opt.min_version != -1 ) ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version ); if( opt.max_version != -1 ) ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version ); /* * 4. Handshake */ printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned -0x%x/n", -ret ); if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED ) printf( " Unable to verify the server's certificate. " "Either it is invalid,/n" " or you didn't set ca_file or ca_path " "to an appropriate value./n" " Alternatively, you may want to use " "auth_mode=optional for testing purposes./n" ); printf( "/n" ); goto exit; } } printf( " ok/n [ Protocol is %s ]/n [ Ciphersuite is %s ]/n", ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );#if defined(POLARSSL_SSL_ALPN) if( opt.alpn_string != NULL ) { const char *alp = ssl_get_alpn_protocol( &ssl ); printf( " [ Application Layer Protocol is %s ]/n", alp ? alp : "(none)" ); }#endif if( opt.reconnect != 0 ) { printf(" . Saving session for reuse..." );
开发者ID:AbdulWasayGaanja,项目名称:polarssl,代码行数:67,
示例22: polarssl_connect_step2static CURLcodepolarssl_connect_step2(struct connectdata *conn, int sockindex){ int ret; struct SessionHandle *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; char buffer[1024];#ifdef HAS_ALPN const char* next_protocol;#endif char errorbuf[128]; errorbuf[0] = 0; conn->recv[sockindex] = polarssl_recv; conn->send[sockindex] = polarssl_send; for(;;) { if(!(ret = ssl_handshake(&connssl->ssl))) break; else if(ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE) {#ifdef POLARSSL_ERROR_C error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */ failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s", -ret, errorbuf); return CURLE_SSL_CONNECT_ERROR; } else { if(ret == POLARSSL_ERR_NET_WANT_READ) { connssl->connecting_state = ssl_connect_2_reading; return CURLE_OK; } if(ret == POLARSSL_ERR_NET_WANT_WRITE) { connssl->connecting_state = ssl_connect_2_writing; return CURLE_OK; } failf(data, "SSL_connect failed with error %d.", ret); return CURLE_SSL_CONNECT_ERROR; } } infof(data, "PolarSSL: Handshake complete, cipher is %s/n", ssl_get_ciphersuite(&conn->ssl[sockindex].ssl) ); ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); if(ret && data->set.ssl.verifypeer) { if(ret & BADCERT_EXPIRED) failf(data, "Cert verify failed: BADCERT_EXPIRED"); if(ret & BADCERT_REVOKED) { failf(data, "Cert verify failed: BADCERT_REVOKED"); return CURLE_SSL_CACERT; } if(ret & BADCERT_CN_MISMATCH) failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); if(ret & BADCERT_NOT_TRUSTED) failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); return CURLE_PEER_FAILED_VERIFICATION; } if(ssl_get_peer_cert(&(connssl->ssl))) { /* If the session was resumed, there will be no peer certs */ memset(buffer, 0, sizeof(buffer)); if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ", ssl_get_peer_cert(&(connssl->ssl))) != -1) infof(data, "Dumping cert info:/n%s/n", buffer); }#ifdef HAS_ALPN if(data->set.ssl_enable_alpn) { next_protocol = ssl_get_alpn_protocol(&connssl->ssl); if(next_protocol != NULL) { infof(data, "ALPN, server accepted to use %s/n", next_protocol); if(strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID, NGHTTP2_PROTO_VERSION_ID_LEN)) { conn->negnpn = NPN_HTTP2; } else if(strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) { conn->negnpn = NPN_HTTP1_1; } } else { infof(data, "ALPN, server did not agree to a protocol/n"); } }#endif//.........这里部分代码省略.........
开发者ID:entdark,项目名称:jk2mv,代码行数:101,
示例23: ssl_client/** * @brief SSL client task. * @param pvParameters not used * @retval None */void ssl_client(void const * argument){ int ret, len, server_fd; unsigned char buf[1024]; ssl_context ssl; x509_cert cacert; memset( &ssl, 0, sizeof( ssl_context ) ); memset( &cacert, 0, sizeof( x509_cert ) ); /* * Initialize certificates */ printf( " . Loading the CA root certificate ..." ); #if defined(POLARSSL_CERTS_C) ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt, strlen( test_ca_crt ) );#else ret = 1; printf("POLARSSL_CERTS_C not defined.");#endif if( ret < 0 ) { printf( " failed/n ! x509parse_crt returned -0x%x/n/n", -ret ); goto exit; } printf( " ok (%d skipped)/n", ret ); /* Start the connection */ do { printf(( "/n/rSSL : Start the connection /n/r")); printf("/n/rConnecting to tcp/%s/ Port:%4d...", SSL_SERVER_NAME, SSL_SERVER_PORT); /* Bint the connection to SSL server port */ ret = net_connect(&server_fd, SSL_SERVER_NAME, SSL_SERVER_PORT); if(ret != 0) { /* Connection to SSL server failed */ printf(" failed /n/r ! net_connect returned %d/n/r", -ret); /* Wait 500 ms until next retry */ vTaskDelay(500); } }while(ret!=0); printf( " ok/n/r" ); /* * 2. Setup stuff */ printf( " . Setting up the SSL/TLS structure..." ); if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n/r", ret ); goto exit; } printf( " ok/n/r" ); ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" ); ssl_set_rng( &ssl, RandVal , NULL ); ssl_set_dbg( &ssl, my_debug, NULL); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); /* Set max ssl version to TLS v1.1 because TLS v1.2 needs SHA-256 for HASH which is not supported by STM32F417xx Hardware*/ ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2); /* * Handshake */ printf( " . Performing the SSL/TLS handshake..." ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned -0x%x/n/n/r", -ret ); goto exit; } } printf( " ok/n/r" ); /* * Verify the server certificate//.........这里部分代码省略.........
开发者ID:eemei,项目名称:library-stm32f4,代码行数:101,
示例24: __vpnClientOpen//.........这里部分代码省略......... return (PX_ERROR); } iError = x509parse_crtfile(&pvpnctx->VPNCTX_x509certPrivate, cpcPrivateCrtFile); if (iError != ERROR_NONE) { _DebugHandle(__ERRORMESSAGE_LEVEL, "client certificate error./r/n"); goto __error_handle; } /* * 安装 RSA 私有密钥 */ if (cpcKeyFile) { iError = x509parse_keyfile(&pvpnctx->VPNCTX_rasctx, cpcKeyFile, cpcKeyPassword); } else { iError = x509parse_keyfile(&pvpnctx->VPNCTX_rasctx, cpcPrivateCrtFile, cpcKeyPassword); } if (iError != ERROR_NONE) { _DebugHandle(__ERRORMESSAGE_LEVEL, "key file error./r/n"); goto __error_handle; } } /* * 链接 SSL 服务器 */ pvpnctx->VPNCTX_iSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (pvpnctx->VPNCTX_iSocket < 0) { _DebugHandle(__ERRORMESSAGE_LEVEL, "can not create socket./r/n"); goto __error_handle; } lib_bzero(&sockaddrinRemote, sizeof(sockaddrinRemote)); sockaddrinRemote.sin_len = sizeof(struct sockaddr_in); sockaddrinRemote.sin_family = AF_INET; sockaddrinRemote.sin_addr = inaddr; sockaddrinRemote.sin_port = usPort; if(connect(pvpnctx->VPNCTX_iSocket, (struct sockaddr *)&sockaddrinRemote, sizeof(struct sockaddr_in)) < 0) { _DebugHandle(__ERRORMESSAGE_LEVEL, "can not connect server./r/n"); goto __error_handle; } havege_init(&pvpnctx->VPNCTX_haveagestat); /* 初始化随机数 */ /* * 初始化 SSL/STL */ if (ssl_init(&pvpnctx->VPNCTX_sslctx) != ERROR_NONE) { _DebugHandle(__ERRORMESSAGE_LEVEL, "can not init ssl context./r/n"); goto __error_handle; } ssl_set_endpoint(&pvpnctx->VPNCTX_sslctx, SSL_IS_CLIENT); ssl_set_authmode(&pvpnctx->VPNCTX_sslctx, pvpnctx->VPNCTX_iVerifyOpt); ssl_set_rng(&pvpnctx->VPNCTX_sslctx, havege_random, &pvpnctx->VPNCTX_haveagestat); ssl_set_dbg(&pvpnctx->VPNCTX_sslctx, LW_NULL, stdout); /* 不需要 DEBUG 信息 */ ssl_set_bio(&pvpnctx->VPNCTX_sslctx, net_recv, &pvpnctx->VPNCTX_iSocket, net_send, &pvpnctx->VPNCTX_iSocket); ssl_set_ciphersuites(&pvpnctx->VPNCTX_sslctx, ssl_default_ciphersuites); ssl_set_session(&pvpnctx->VPNCTX_sslctx, &pvpnctx->VPNCTX_sslsn); ssl_set_ca_chain(&pvpnctx->VPNCTX_sslctx, &pvpnctx->VPNCTX_x509certCA, LW_NULL, LW_NULL); ssl_set_own_cert(&pvpnctx->VPNCTX_sslctx, &pvpnctx->VPNCTX_x509certPrivate, &pvpnctx->VPNCTX_rasctx); ssl_set_hostname(&pvpnctx->VPNCTX_sslctx, LW_NULL); /* 不设置服务器名 */ for (i = 0; i < __VPN_SSL_HANDSHAKE_MAX_TIME; i++) { iError = ssl_handshake(&pvpnctx->VPNCTX_sslctx); /* 握手 */ if (iError == ERROR_NONE) { break; } else if ((iError != POLARSSL_ERR_NET_WANT_READ) && (iError != POLARSSL_ERR_NET_WANT_WRITE)) { _DebugHandle(__ERRORMESSAGE_LEVEL, "can not handshake./r/n"); goto __error_handle; } } if (i >= __VPN_SSL_HANDSHAKE_MAX_TIME) { goto __error_handle; } return (ERROR_NONE);__error_handle: if (pvpnctx->VPNCTX_iSocket >= 0) { net_close(pvpnctx->VPNCTX_iSocket); } x509_free(&pvpnctx->VPNCTX_x509certPrivate); x509_free(&pvpnctx->VPNCTX_x509certCA); rsa_free(&pvpnctx->VPNCTX_rasctx); ssl_free(&pvpnctx->VPNCTX_sslctx); return (PX_ERROR);}
开发者ID:Ga-vin,项目名称:libsylixos,代码行数:101,
示例25: polarssl_connect_step2static CURLcodepolarssl_connect_step2(struct connectdata *conn, int sockindex){ int ret; struct SessionHandle *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; char buffer[1024]; char errorbuf[128]; memset(errorbuf, 0, sizeof(errorbuf)); conn->recv[sockindex] = polarssl_recv; conn->send[sockindex] = polarssl_send; for(;;) { if(!(ret = ssl_handshake(&connssl->ssl))) break; else if(ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE) {#ifdef POLARSSL_ERROR_C error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */ failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s", -ret, errorbuf); return CURLE_SSL_CONNECT_ERROR; } else { if(ret == POLARSSL_ERR_NET_WANT_READ) { connssl->connecting_state = ssl_connect_2_reading; return CURLE_OK; } if(ret == POLARSSL_ERR_NET_WANT_WRITE) { connssl->connecting_state = ssl_connect_2_writing; return CURLE_OK; } failf(data, "SSL_connect failed with error %d.", ret); return CURLE_SSL_CONNECT_ERROR; } } infof(data, "PolarSSL: Handshake complete, cipher is %s/n",#if POLARSSL_VERSION_NUMBER<0x01000000 ssl_get_cipher(&conn->ssl[sockindex].ssl)#elif POLARSSL_VERSION_NUMBER >= 0x01010000 ssl_get_ciphersuite(&conn->ssl[sockindex].ssl)#else ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl)#endif ); ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl); if(ret && data->set.ssl.verifypeer) { if(ret & BADCERT_EXPIRED) failf(data, "Cert verify failed: BADCERT_EXPIRED"); if(ret & BADCERT_REVOKED) { failf(data, "Cert verify failed: BADCERT_REVOKED"); return CURLE_SSL_CACERT; } if(ret & BADCERT_CN_MISMATCH) failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); if(ret & BADCERT_NOT_TRUSTED) failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); return CURLE_PEER_FAILED_VERIFICATION; }/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's 1.1.4 version and the like */#if POLARSSL_VERSION_NUMBER<0x01020000 if(conn->ssl[sockindex].ssl.peer_cert) {#else if(ssl_get_peer_cert(&(connssl->ssl))) {#endif /* If the session was resumed, there will be no peer certs */ memset(buffer, 0, sizeof(buffer));/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's 1.1.4 version and the like */#if POLARSSL_VERSION_NUMBER<0x01020000 if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", conn->ssl[sockindex].ssl.peer_cert) != -1)#else if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", ssl_get_peer_cert(&(connssl->ssl))) != -1)#endif infof(data, "Dumping cert info:/n%s/n", buffer); } connssl->connecting_state = ssl_connect_3; infof(data, "SSL connected/n"); return CURLE_OK;}//.........这里部分代码省略.........
开发者ID:0xmono,项目名称:miranda-ng,代码行数:101,
示例26: mainint main(void){ int ret; int verify_peer = 0; entropy_context ssl_client_entropy; ctr_drbg_context ssl_client_ctr_drbg; ssl_context clientssl; ssl_session sslclientsession; x509_cert ssl_client_cert; rsa_context ssl_client_rsa; struct sockaddr_un serveraddr; char *owner = "ssl_client"; int clientsocketfd; char buffer[1024] = "Client Hello World"; memset(&clientssl, 0, sizeof(ssl_context)); memset(&sslclientsession, 0, sizeof(ssl_session)); memset(&ssl_client_cert, 0, sizeof(x509_cert)); memset(&ssl_client_rsa, 0, sizeof(rsa_context)); entropy_init(&ssl_client_entropy); if((ret = ctr_drbg_init(&ssl_client_ctr_drbg, entropy_func, &ssl_client_entropy, (unsigned char *)owner, strlen(owner))) != 0) { printf("ctr_drbg_init failed returned %d/n", ret); return -1; } if((ret = x509parse_crtfile(&ssl_client_cert, SSL_CLIENT_RSA_CERT)) != 0) { printf("x509parse_crtfile CLIENT CERT returned %d/n", ret); return -1; } if((ret = x509parse_keyfile(&ssl_client_rsa, SSL_CLIENT_RSA_KEY, NULL)) != 0) { if(ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED) { char buffer[100]; int size; polarssl_pem_password_callback(buffer, &size); if((ret = x509parse_keyfile(&ssl_client_rsa, SSL_CLIENT_RSA_KEY, buffer)) != 0) { printf("x509parse_keyfile CLIENT KEY returned %d/n", ret); return -1; } } } if((clientsocketfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { printf("Error in socket creation%d/n", clientsocketfd); return -1; } memset(&serveraddr, 0, sizeof(struct sockaddr_un)); serveraddr.sun_family = AF_UNIX; serveraddr.sun_path[0] = 0; strncpy(&(serveraddr.sun_path[1]), SSL_SERVER_ADDR, strlen(SSL_SERVER_ADDR) + 1); if(ret = connect(clientsocketfd, (struct sockaddr *)&serveraddr, sizeof(struct sockaddr_un))) { printf("connect returned error %d/n", ret); return -1; } if(ret = ssl_init(&clientssl)) { printf("ssl_init failed returned %d/n", ret); return -1; } ssl_set_endpoint(&clientssl, SSL_IS_CLIENT); ssl_set_authmode(&clientssl, SSL_VERIFY_NONE); if(verify_peer) ssl_set_authmode(&clientssl, SSL_VERIFY_REQUIRED); ssl_set_rng(&clientssl, ctr_drbg_random, &ssl_client_ctr_drbg); ssl_set_dbg(&clientssl, ssl_client_debug, stdout); ssl_set_bio(&clientssl, net_recv, &clientsocketfd, net_send, &clientsocketfd); ssl_set_ciphersuites(&clientssl, ssl_default_ciphersuites); ssl_set_session(&clientssl, 1, 600, &sslclientsession); ssl_set_own_cert(&clientssl, &ssl_client_cert, &ssl_client_rsa); if(ret = ssl_handshake(&clientssl)) { printf("handshake failed returned %d/n", ret); return -1; } if((ret = ssl_write(&clientssl, buffer, strlen(buffer) + 1)) <= 0) { printf("ssl_write failed returned %d/n", ret); return -1; } if((ret = ssl_read(&clientssl, buffer, sizeof(buffer))) <= 0) { printf("ssl_read failed returned %d/n", ret); return -1; } printf("SSL server send %s/n", buffer); ssl_close_notify(&clientssl); net_close(clientsocketfd); x509_free(&ssl_client_cert); rsa_free(&ssl_client_rsa);//.........这里部分代码省略.........
开发者ID:Krasavishche,项目名称:SSL-TLS-clientserver,代码行数:101,
示例27: fetch_uri/* * Fetches the resource denoted by |uri|. */static void fetch_uri(const struct URI *uri){ spdylay_session_callbacks callbacks; int fd; SSL_CTX *ssl_ctx; SSL *ssl; struct Request req; struct Connection connection; int rv; nfds_t npollfds = 1; struct pollfd pollfds[1]; uint16_t spdy_proto_version; request_init(&req, uri); setup_spdylay_callbacks(&callbacks); /* Establish connection and setup SSL */ fd = connect_to(req.host, req.port); ssl_ctx = SSL_CTX_new(SSLv23_client_method()); if(ssl_ctx == NULL) { dief("SSL_CTX_new", ERR_error_string(ERR_get_error(), NULL)); } init_ssl_ctx(ssl_ctx, &spdy_proto_version); ssl = SSL_new(ssl_ctx); if(ssl == NULL) { dief("SSL_new", ERR_error_string(ERR_get_error(), NULL)); } /* To simplify the program, we perform SSL/TLS handshake in blocking I/O. */ ssl_handshake(ssl, fd); connection.ssl = ssl; connection.want_io = IO_NONE; /* Here make file descriptor non-block */ make_non_block(fd); set_tcp_nodelay(fd); printf("[INFO] SPDY protocol version = %d/n", spdy_proto_version); rv = spdylay_session_client_new(&connection.session, spdy_proto_version, &callbacks, &connection); if(rv != 0) { diec("spdylay_session_client_new", rv); } /* Submit the HTTP request to the outbound queue. */ submit_request(&connection, &req); pollfds[0].fd = fd; ctl_poll(pollfds, &connection); /* Event loop */ while(spdylay_session_want_read(connection.session) || spdylay_session_want_write(connection.session)) { int nfds = poll(pollfds, npollfds, -1); if(nfds == -1) { dief("poll", strerror(errno)); } if(pollfds[0].revents & (POLLIN | POLLOUT)) { exec_io(&connection); } if((pollfds[0].revents & POLLHUP) || (pollfds[0].revents & POLLERR)) { die("Connection error"); } ctl_poll(pollfds, &connection); } /* Resource cleanup */ spdylay_session_del(connection.session); SSL_shutdown(ssl); SSL_free(ssl); SSL_CTX_free(ssl_ctx); shutdown(fd, SHUT_WR); close(fd); request_free(&req);}
开发者ID:Chris112,项目名称:sep,代码行数:80,
示例28: main//.........这里部分代码省略......... } printf( "%s/n", buf ); x509_free( &crt ); } else if( opt.mode == MODE_SSL ) { /* * 1. Initialize the RNG and the session data */ havege_init( &hs ); memset( &ssn, 0, sizeof( ssl_session ) ); /* * 2. Start the connection */ printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name, opt.server_port ); fflush( stdout ); if( ( ret = net_connect( &server_fd, opt.server_name, opt.server_port ) ) != 0 ) { printf( " failed/n ! net_connect returned %d/n/n", ret ); goto exit; } /* * 3. Setup stuff */ if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed/n ! ssl_init returned %d/n/n", ret ); goto exit; } ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); ssl_set_rng( &ssl, havege_rand, &hs ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); ssl_set_ciphers( &ssl, ssl_default_ciphers ); ssl_set_session( &ssl, 1, 600, &ssn ); ssl_set_own_cert( &ssl, &clicert, &rsa ); ssl_set_hostname( &ssl, opt.server_name ); /* * 4. Handshake */ while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_TRY_AGAIN ) { printf( " failed/n ! ssl_handshake returned %d/n/n", ret ); goto exit; } } printf( " ok/n" ); /* * 5. Print the certificate */ printf( " . Peer certificate information .../n" ); ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert ); if( ret == -1 ) { printf( " failed/n ! x509parse_cert_info returned %d/n/n", ret ); goto exit; } printf( "%s/n", buf ); ssl_close_notify( &ssl ); } else goto usage;exit: net_close( server_fd ); x509_free( &clicert ); rsa_free( &rsa ); ssl_free( &ssl ); memset( &ssl, 0, sizeof( ssl ) );#ifdef WIN32 printf( " + Press Enter to exit this program./n" ); fflush( stdout ); getchar();#endif return( ret );}
开发者ID:biddyweb,项目名称:mediastream-plus,代码行数:101,
示例29: main//.........这里部分代码省略......... }#endif if( client_fd != -1 ) net_close( client_fd ); ssl_session_reset( &ssl ); /* * 3. Wait until a client connects */ client_fd = -1; printf( " . Waiting for a remote connection ..." ); fflush( stdout ); if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 ) { printf( " failed/n ! net_accept returned -0x%x/n/n", -ret ); goto exit; } ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); printf( " ok/n" ); /* * 4. Handshake */ printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); while( ( ret = ssl_handshake( &ssl ) ) != 0 ) { if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) { printf( " failed/n ! ssl_handshake returned -0x%x/n/n", -ret ); goto reset; } } printf( " ok/n [ Ciphersuite is %s ]/n", ssl_get_ciphersuite( &ssl ) );#if defined(POLARSSL_X509_CRT_PARSE_C) /* * 5. Verify the server certificate */ printf( " . Verifying peer X.509 certificate..." ); if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 ) { printf( " failed/n" ); if( !ssl_get_peer_cert( &ssl ) ) printf( " ! no client certificate sent/n" ); if( ( ret & BADCERT_EXPIRED ) != 0 ) printf( " ! client certificate has expired/n" ); if( ( ret & BADCERT_REVOKED ) != 0 ) printf( " ! client certificate has been revoked/n" ); if( ( ret & BADCERT_NOT_TRUSTED ) != 0 ) printf( " ! self-signed or not signed by a trusted CA/n" );
开发者ID:BenKoerber,项目名称:clearskies_core,代码行数:67,
示例30: ms_dtls_srtp_process_dtls_packet/** * Check if the incoming message is a DTLS packet. * If it is, store it in the context incoming buffer and call the polarssl function wich will process it. * This function also manages the client retransmission timer * * @param[in] msg the incoming message * @param[in/out] ctx the context containing the incoming buffer to store the DTLS packet * @param[out] ret the value returned by the polarssl function processing the packet(ssl_handshake) * @param[in] is_rtp TRUE if we are dealing with a RTP channel packet, FALSE for RTCP channel * @return TRUE if packet is a DTLS one, false otherwise */static bool_t ms_dtls_srtp_process_dtls_packet(mblk_t *msg, MSDtlsSrtpContext *ctx, int *ret, bool_t is_rtp) { size_t msgLength = msgdsize(msg); uint64_t *time_reference = (is_rtp == TRUE)?&(ctx->rtp_time_reference):&(ctx->rtcp_time_reference); ssl_context *ssl = (is_rtp == TRUE)?&(ctx->rtp_dtls_context->ssl):&(ctx->rtcp_dtls_context->ssl); ms_mutex_t *mutex = (is_rtp == TRUE)?&ctx->rtp_dtls_context->ssl_context_mutex:&ctx->rtcp_dtls_context->ssl_context_mutex; // check if incoming message length is compatible with potential DTLS message if (msgLength<RTP_FIXED_HEADER_SIZE) { return FALSE; } /* check if it is a DTLS packet (first byte B as 19 < B < 64) rfc5764 section 5.1.2 */ if ((*(msg->b_rptr)>19) && (*(msg->b_rptr)<64)) { DtlsRawPacket *incoming_dtls_packet; RtpSession *rtp_session = ctx->stream_sessions->rtp_session; OrtpStream *ortp_stream = is_rtp?&rtp_session->rtp.gs:&rtp_session->rtcp.gs; incoming_dtls_packet = (DtlsRawPacket *)ms_malloc0(sizeof(DtlsRawPacket)); //DtlsRawPacket *incoming_dtls_packet = (DtlsRawPacket *)ms_malloc0(sizeof(DtlsRawPacket)); incoming_dtls_packet->next=NULL; incoming_dtls_packet->data=(unsigned char *)ms_malloc(msgLength); incoming_dtls_packet->length=msgLength; memcpy(incoming_dtls_packet->data, msg->b_rptr, msgLength); /*required by webrtc in server case when ice is not completed yet*/ if (!rtp_session->use_connect){ struct sockaddr *addr = NULL; socklen_t addrlen; addr = (struct sockaddr *)&msg->net_addr; addrlen = msg->net_addrlen; if (ortp_stream->socket>0 && rtp_session->symmetric_rtp){ /* store the sender rtp address to do symmetric DTLS */ memcpy(&ortp_stream->rem_addr,addr,addrlen); ortp_stream->rem_addrlen=addrlen; } } /* store the packet in the incoming buffer */ if (is_rtp == TRUE) { if (ctx->rtp_incoming_buffer==NULL) { /* buffer is empty */ ctx->rtp_incoming_buffer = incoming_dtls_packet; } else { /* queue it at the end of current buffer */ DtlsRawPacket *last_packet = ctx->rtp_incoming_buffer; while (last_packet->next != NULL) last_packet = last_packet->next; last_packet->next = incoming_dtls_packet; } } else { if (ctx->rtcp_incoming_buffer==NULL) { /* buffer is empty */ ctx->rtcp_incoming_buffer = incoming_dtls_packet; } else { /* queue it at the end of current buffer */ DtlsRawPacket *last_packet = ctx->rtcp_incoming_buffer; while (last_packet->next != NULL) last_packet = last_packet->next; last_packet->next = incoming_dtls_packet; } } /* role is unset but we receive a packet: we are caller and shall initialise as server and then process the incoming packet */ if (ctx->role == MSDtlsSrtpRoleUnset) { ms_dtls_srtp_set_role(ctx, MSDtlsSrtpRoleIsServer); /* this call will update role and complete server setup */ } ms_mutex_lock(mutex); /* process the packet and store result */ *ret = ssl_handshake(ssl); /* when we are server, we may issue a hello verify, so reset session, keep cookies(transport id) and expect an other Hello from client */ if (*ret==POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED) { ssl_session_reset(ssl); ssl_set_client_transport_id(ssl, (const unsigned char *)(&(ctx->stream_sessions->rtp_session->snd.ssrc)), 4); } /* if we are client, manage the retransmission timer */ if (ctx->role == MSDtlsSrtpRoleIsClient) { *time_reference = get_timeval_in_millis(); } ms_mutex_unlock(mutex); return TRUE; } return FALSE;}
开发者ID:krieger-od,项目名称:mediastreamer2,代码行数:91,
注:本文中的ssl_handshake函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。
C++ ssl_init函数代码示例
C++ ssl_free函数代码示例 |
