自学教程：C++ BIO_get_ssl函数代码示例

BIO* connect_encrypted(char* host_and_port, char* store_path, char store_type, SSL_CTX** ctx, SSL** ssl) {  BIO* bio = NULL;  int r = 0;  *ctx = SSL_CTX_new(SSLv23_client_method());  *ssl = NULL;  if (store_type == 'f')    r = SSL_CTX_load_verify_locations(*ctx, store_path, NULL);  else    r = SSL_CTX_load_verify_locations(*ctx, NULL, store_path);  if (r == 0) {    return NULL;  }  bio = BIO_new_ssl_connect(*ctx);  BIO_get_ssl(bio, ssl);  if (!(*ssl)) {    return NULL;  }  SSL_set_mode(*ssl, SSL_MODE_AUTO_RETRY);  BIO_set_conn_hostname(bio, host_and_port);  if (BIO_do_connect(bio) < 1) {    return NULL;  }  return bio;}

static Pfd*opensslconnect(char *host){	Pfd *pfd;	BIO *sbio;	SSL_CTX *ctx;	SSL *ssl;	static int didinit;	char buf[1024];	if(!didinit){		httpsinit();		didinit = 1;	}	ctx = SSL_CTX_new(SSLv23_client_method());	sbio = BIO_new_ssl_connect(ctx);	BIO_get_ssl(sbio, &ssl);	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);		snprint(buf, sizeof buf, "%s:https", host);	BIO_set_conn_hostname(sbio, buf);		if(BIO_do_connect(sbio) <= 0 || BIO_do_handshake(sbio) <= 0){		ERR_error_string_n(ERR_get_error(), buf, sizeof buf);		BIO_free_all(sbio);		werrstr("openssl: %s", buf);		return nil;	}	pfd = emalloc(sizeof *pfd);	pfd->sbio = sbio;	return pfd;}

BOOL tls_prepare(rdpTls* tls, BIO *underlying, const SSL_METHOD *method, int options, BOOL clientMode)#endif{	tls->ctx = SSL_CTX_new(method);	if (!tls->ctx)	{		DEBUG_WARN( "%s: SSL_CTX_new failed/n", __FUNCTION__);		return FALSE;	}	SSL_CTX_set_mode(tls->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);	SSL_CTX_set_options(tls->ctx, options);	SSL_CTX_set_read_ahead(tls->ctx, 1);	if (tls->settings->PermittedTLSCiphers) {		if(!SSL_CTX_set_cipher_list(tls->ctx, tls->settings->PermittedTLSCiphers)) {			DEBUG_WARN( "SSL_CTX_set_cipher_list %s failed/n", tls->settings->PermittedTLSCiphers);			return FALSE;		}	} 	tls->bio = BIO_new_rdp_tls(tls->ctx, clientMode);	if (BIO_get_ssl(tls->bio, &tls->ssl) < 0)	{		DEBUG_WARN( "%s: unable to retrieve the SSL of the connection/n", __FUNCTION__);		return FALSE;	}	BIO_push(tls->bio, underlying);	return TRUE;}

/*  The first line specifiy some settings in the ctx and ssl object:  SSL_OP_ALL: enables all work around codes  SSL_OP_NO_SSLv2: no SSLv2 connections are allowed (this should fail anyway because only                   TLSv1 connection are allowed)  SSL_OP_SINGLE_DH_USE: the server generates a new private key for each new connection  SSL_VERIFY_PEER: asks the client for a certificate  SSL_VERIFY_FAIL_IF_NO_PEER_CERT: if the client doesn't present a cert the connection gets                                   terminated  CIPHER_LIST: is defined in ssl_server.h (look there for a detailed description)  After setting up these things the bio object will be created and a ssl object assigned.  Then the ssl engine mode is set to SSL_MODE_AUTO_RETRY. All available modes are:  SSL_MODE_ENABLE_PARTIAL_WRITE: Allow SSL_write(..., n) to return r with 0 < r < n                                 (i.e. report success when just a single record has been written).				When not set (the default), SSL_write() will only report success 				once the complete chunk was written. Once SSL_write() returns with r, 				r bytes have been successfully written and the next call to SSL_write() 				must only send the n-r bytes left, imitating the behaviour of write().  SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: Make it possible to retry SSL_write() with changed buffer location                                        (the buffer contents must stay the same). This is not the default 				       to avoid the misconception that non-blocking SSL_write() behaves 				       like non-blocking write().   SSL_MODE_AUTO_RETRY: Never bother the application with retries if the transport is blocking. If a                        renegotiation take place during normal operation, a ssl_read(3) or ssl_write(3)		       would return with -1 and indicate the need to retry with SSL_ERROR_WANT_READ . In 		       a non-blocking environment applications must be prepared to handle incomplete 		       read/write operations. In a blocking environment, applications are not always		       prepared to deal with read/write operations returning without success report. The 		       flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after 		       the handshake and successful completion.   The server contains 3 bio objects: bio, abio and out. 'bio' contains the context, 'abio'  binds to the socket and 'out' is the established connection. */void SSL_Server::bind(){  SSL_CTX_set_verify(getCTX(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);  SSL_CTX_set_options(getCTX(), SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE);  SSL_CTX_set_tmp_dh_callback(getCTX(), tmp_dh_callback);  if(SSL_CTX_set_cipher_list(getCTX(), CIPHER_LIST) != 1)    msgHandler->error("setting cipher list failed (no valid ciphers)", CRITICAL);  msgHandler->debug("trying to set context to bio");  bio = BIO_new_ssl(getCTX(), 0);  if(bio == NULL){    string error("Cannot set context to bio ");    error.append(getSocket());    error.append("/nSSL_ERROR: ");    error.append(ERR_reason_error_string(ERR_get_error()));    msgHandler->error(error, CRITICAL);  } else    msgHandler->debug("set context to bio successful");  BIO_get_ssl(bio, &ssl);  SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);  msgHandler->debug("trying to bind to socket");  abio = BIO_new_accept((char*)getSocket().c_str());  BIO_set_accept_bios(abio, bio);  if(BIO_do_accept(abio) <= 0){    string error("Bind to socket ");    error.append(getSocket());    error.append(" failed./nSSL_ERROR: ");    error.append(ERR_reason_error_string(ERR_get_error()));    msgHandler->error(error, CRITICAL);  } else    msgHandler->log("bind to socket successful");}

BIO *Connect_SSL(char *hostname, int port){	//BIO *bio = NULL;	char bio_addr[BUF_MAX] = { 0 };		snprintf(bio_addr, sizeof(bio_addr), "%s:%d", hostname, port);		SSL_library_init();		SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());	SSL *ssl = NULL;		bio = BIO_new_ssl_connect(ctx);	if (bio == NULL)	{		Error("BIO_new_ssl_connect");	}		BIO_get_ssl(bio, &ssl);	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);	BIO_set_conn_hostname(bio, bio_addr);		if (BIO_do_connect(bio) <= 0)	{		Error("SSL Unable to connect");	}	return bio;}

void *handle_connection(void *arg){	char buf[1024];	BIO *bio = (BIO *)arg;	X509 *peer;	SSL *ssl;	BIO_get_ssl(bio, &ssl);	if (BIO_do_handshake(bio) <= 0) {		printf("Failed handshake./n");		ERR_print_errors_fp(stdout);		return (void *)-1;	}	if ((peer = SSL_get_peer_certificate(ssl))) {		if (SSL_get_verify_result(ssl) == X509_V_OK) {			/* The client sent a certificate which verified OK */			printf("The client sent a certificate which verified OK/n");		} else {			printf("The client sent a certificate which verified failed/n");		}	} else {		fprintf(stderr, "cannot get peer certificate/n");	}	BIO_read(bio, buf, 1024);	printf("Received: %s/n", buf);	BIO_puts(bio, "Connection: Sending out Data on initial connection/n");	printf("Sent out data on connection/n");	BIO_free_all(bio);	return (void *)0;}

BOOL tls_prepare(rdpTls* tls, BIO *underlying, const SSL_METHOD *method, int options, BOOL clientMode)#endif{	tls->ctx = SSL_CTX_new(method);	if (!tls->ctx)	{		fprintf(stderr, "%s: SSL_CTX_new failed/n", __FUNCTION__);		return FALSE;	}	SSL_CTX_set_mode(tls->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);	SSL_CTX_set_options(tls->ctx, options);	SSL_CTX_set_read_ahead(tls->ctx, 1);	tls->bio = BIO_new_rdp_tls(tls->ctx, clientMode);	if (BIO_get_ssl(tls->bio, &tls->ssl) < 0)	{		fprintf(stderr, "%s: unable to retrieve the SSL of the connection/n", __FUNCTION__);		return FALSE;	}	BIO_push(tls->bio, underlying);	return TRUE;}

int main() {    SSL_load_error_strings();    ERR_load_BIO_strings();    OpenSSL_add_all_algorithms();        SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());    if (ctx == NULL) {        printf("SSL_CTX_new err func:%s/n reaseon:%s", ERR_func_error_string(ERR_get_error()),               ERR_reason_error_string(ERR_get_error()));        exit(1);    }    //加载可信任证书库    if (0 == SSL_CTX_load_verify_locations(ctx, "./push_cer.pem", NULL)) {        printf("err func:%s/n reaseon:%s", ERR_func_error_string(ERR_get_error()),               ERR_reason_error_string(ERR_get_error()));        ERR_print_errors_fp(stdout);        exit(1);    }    //set BIO    BIO *bio = BIO_new_ssl_connect(ctx);    if (bio == NULL) {        printf("err func:%s/n", ERR_func_error_string(ERR_get_error()));        ERR_print_errors_fp(stdout);        exit(1);    }    SSL *ssl;    BIO_get_ssl(bio, &ssl);    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);    //open safe connect    BIO_set_conn_hostname(bio, "gateway.sandbox.push.apple.com:2195");    //verify connect ok    if (BIO_do_connect(bio) <= 0) {        ERR_print_errors_fp(stdout);        exit(1);    }    if (SSL_get_verify_result(ssl) != X509_V_OK) {        printf("SSL_get_verify_result not success/n");    }    char buf[MAXBUF];    char *json = "{/"aps/":{/"badge/":123}}";    sendPayload(bio, token, json, strlen(json));    int ret = BIO_read(bio, buf, MAXBUF);    if (ret <= 0) {        printf("BIO_read return 0/n");    }    SSL_CTX_free(ctx);    BIO_free_all(bio);    return 0;}

BIO *neo4j_openssl_new_bio(BIO *delegate, const char *hostname, int port,        const neo4j_config_t *config, uint_fast32_t flags){    neo4j_logger_t *logger = neo4j_get_logger(config, "tls");    SSL_CTX *ctx = new_ctx(config, logger);    if (ctx == NULL)    {        return NULL;    }    BIO *ssl_bio = BIO_new_ssl(ctx, 1);    if (ssl_bio == NULL)    {        errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);        SSL_CTX_free(ctx);        goto failure;    }    SSL_CTX_free(ctx);    BIO_push(ssl_bio, delegate);    if (BIO_set_close(ssl_bio, BIO_CLOSE) != 1)    {        errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);        goto failure;    }    int result = BIO_do_handshake(ssl_bio);    if (result != 1)    {        if (result == 0)        {            errno = NEO4J_NO_SERVER_TLS_SUPPORT;            goto failure;        }        errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);        goto failure;    }    SSL *ssl = NULL;    BIO_get_ssl(ssl_bio, &ssl);    assert(ssl != NULL);    if (verify(ssl, hostname, port, config, flags, logger))    {        goto failure;    }    return ssl_bio;    int errsv;failure:    errsv = errno;    BIO_free(ssl_bio);    errno = errsv;    return NULL;}

const char *dbapi_lookup(const char *key) {	long res = 1;	SSL_CTX* ctx = NULL;	BIO *web = NULL, *out = NULL;	SSL *ssl = NULL;	const SSL_METHOD* method;	char *token, *tmpout, *buf;	int hlen=0, len=0, maxlen=2048;	(void)SSL_library_init();	SSL_load_error_strings();	OPENSSL_config(NULL);	method = SSLv23_method(); if(method==NULL) return NULL;	ctx = SSL_CTX_new(method); if(ctx==NULL) return NULL;	SSL_CTX_set_verify_depth(ctx, 4);	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|		SSL_OP_NO_COMPRESSION);	web = BIO_new_ssl_connect(ctx); if(web==NULL) return NULL;	res = BIO_set_conn_hostname(web, DB_API_SERVER); if(res!=1) return NULL;	BIO_get_ssl(web, &ssl); if(ssl==NULL) return NULL;	res = SSL_set_cipher_list(ssl, SECURE_CIPHER_LIST); if(res!=1) return NULL;	res = SSL_set_tlsext_host_name(ssl, DB_API_HOST); if(res!=1) return NULL;	out = BIO_new_fp(stdout, BIO_NOCLOSE); if(NULL==out) return NULL;	res = BIO_do_connect(web); if(res!=1) return NULL;	res = BIO_do_handshake(web); if(res!=1) return NULL;	len=(60+strlen(key)+strlen(DB_API_HOST)+strlen(DB_API_AUTH));	char *request=malloc(sizeof(char)*(len+1));	snprintf(request,len,		"GET %s HTTP/1.1/nHost: %s/nx-api-key: %s/nConnection: close/n/n",		key, DB_API_HOST, DB_API_AUTH);	request[len]='/0';	BIO_puts(web, request);	BIO_puts(out, "/n");	buf = malloc(sizeof(char)*maxlen);	do {		char buff[1536] = {};		len=BIO_read(web, buff, sizeof(buff));		hlen+=len;		if(hlen<maxlen&&len>0) strncat(buf,buff,len);	} while (len>0 || BIO_should_retry(web));	buf[maxlen]='/0';	tmpout = malloc(sizeof(char)*(HASH_MAXLENGTH+1));	token = strtok(buf, "/n");	while (token) {		snprintf(tmpout,HASH_MAXLENGTH,"%s",token);		token = strtok(NULL, "/n");	}	tmpout[strlen(tmpout)]='/0';	free(buf);	free(request);	if(out) BIO_free(out);	if(web != NULL) BIO_free_all(web);	if(NULL != ctx) SSL_CTX_free(ctx);	return tmpout;}

bool Email::sendCode(std::string user, std::string code){    std::string msg,to;        msg = m_m1 + code + m_m2;    to = m_to1 + user + m_to3;        SSL_CTX* ctx = SSL_CTX_new(SSLv23_client_method());    SSL* ssl;        BIO* bio = BIO_new_ssl_connect(ctx);    BIO_get_ssl(bio, &ssl);    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);    BIO_set_conn_hostname(bio, m_amazonHostname.c_str());        if(BIO_do_connect(bio) <= 0){        BIO_free_all(bio);        SSL_CTX_free(ctx);        return false;    }        if(BIO_do_handshake(bio) <= 0){        BIO_free_all(bio);        SSL_CTX_free(ctx);        return false;    }    m_len = BIO_read(bio, m_buf, BUF_LEN) - 1;    BIO_puts(bio, "HELO localhost/r/n");    m_len = BIO_read(bio, m_buf, BUF_LEN) - 1;    BIO_puts(bio,"AUTH LOGIN/r/n");    m_len = BIO_read(bio,m_buf,BUF_LEN) - 1;    BIO_puts(bio,"QUtJQUlFVzJDMlU3RUZYTU5PUVE=/r/n");     m_len = BIO_read(bio,m_buf,BUF_LEN) - 1;    BIO_puts(bio,"QWd3TkZSOUJyb2dUTUkxYlJHeXh4dHZMYm4reldGZCtYSFJMbnJpNzZ5RC8=/r/n");     m_len = BIO_read(bio,m_buf,BUF_LEN) - 1;    BIO_puts(bio,"MAIL FROM:[email
C++ BIO_gets函数代码示例
C++ BIO_get_mem_ptr函数代码示例