您当前的位置：首页 > IT编程 > C++
\| C语言 \| Java \| VB \| VC \| python \| Android \| TensorFlow \| C++ \| oracle \| 学术与代码 \| cnn卷积神经网络 \| gnn \| 图像修复 \| Keras \| 数据集 \| Neo4j \| 自然语言处理 \| 深度学习 \| 医学CAD \| 医学影像 \| 超参数 \| pointnet \| pytorch \| 异常检测 \| Transformers \| 情感分类 \| 知识图谱 \|

自学教程：C++ Curl_ssl_getsessionid函数代码示例

51自学网 2021-06-01 20:16:14

C++

这篇教程C++ Curl_ssl_getsessionid函数代码示例写得很实用，希望能帮到您。

本文整理汇总了C++中Curl_ssl_getsessionid函数的典型用法代码示例。如果您正苦于以下问题：C++ Curl_ssl_getsessionid函数的具体用法？C++ Curl_ssl_getsessionid怎么用？C++ Curl_ssl_getsessionid使用的例子？那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。

在下文中一共展示了Curl_ssl_getsessionid函数的29个代码示例，这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞，您的评价将有助于我们的系统推荐出更棒的C++代码示例。

示例1: schannel_connect_step3

static CURLcodeschannel_connect_step3(struct connectdata *conn, int sockindex){  CURLcode retcode = CURLE_OK;  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  struct curl_schannel_cred *old_cred = NULL;  int incache;  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)/n",        conn->host.name, conn->remote_port);  /* check if the required context attributes are met */  if(connssl->ret_flags != connssl->req_flags) {    if(!(connssl->ret_flags & ISC_RET_SEQUENCE_DETECT))      failf(data, "schannel: failed to setup sequence detection");    if(!(connssl->ret_flags & ISC_RET_REPLAY_DETECT))      failf(data, "schannel: failed to setup replay detection");    if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY))      failf(data, "schannel: failed to setup confidentiality");    if(!(connssl->ret_flags & ISC_RET_EXTENDED_ERROR))      failf(data, "schannel: failed to setup extended errors");    if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY))      failf(data, "schannel: failed to setup memory allocation");    if(!(connssl->ret_flags & ISC_RET_STREAM))      failf(data, "schannel: failed to setup stream orientation");    return CURLE_SSL_CONNECT_ERROR;  }  /* save the current session data for possible re-use */  incache = !(Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL));  if(incache) {    if(old_cred != connssl->cred) {      infof(data, "schannel: old credential handle is stale, removing/n");      Curl_ssl_delsessionid(conn, (void*)old_cred);      incache = FALSE;    }  }  if(!incache) {    retcode = Curl_ssl_addsessionid(conn, (void*)connssl->cred,                                    sizeof(struct curl_schannel_cred));    if(retcode) {      failf(data, "schannel: failed to store credential handle");      return retcode;    }    else {      infof(data, "schannel: stored crendential handle/n");    }  }  connssl->connecting_state = ssl_connect_done;  return CURLE_OK;}

开发者ID:LordJZ，项目名称:curl，代码行数:56，

示例2: polarssl_connect_step3

static CURLcodepolarssl_connect_step3(struct connectdata *conn,                     int sockindex){  CURLcode retcode = CURLE_OK;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  struct SessionHandle *data = conn->data;  void *old_ssl_sessionid = NULL;  ssl_session *our_ssl_sessionid = &conn->ssl[sockindex].ssn ;  bool incache;  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  /* Save the current session data for possible re-use */  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));  if(incache) {    if(old_ssl_sessionid != our_ssl_sessionid) {      infof(data, "old SSL session ID is stale, removing/n");      Curl_ssl_delsessionid(conn, old_ssl_sessionid);      incache = FALSE;    }  }  if(!incache) {    void *new_session = malloc(sizeof(ssl_session));    if(new_session) {      memcpy(new_session, our_ssl_sessionid,             sizeof(ssl_session));      retcode = Curl_ssl_addsessionid(conn, new_session,                                   sizeof(ssl_session));    }    else {      retcode = CURLE_OUT_OF_MEMORY;    }    if(retcode) {      failf(data, "failed to store ssl session");      return retcode;    }  }  connssl->connecting_state = ssl_connect_done;  return CURLE_OK;}

开发者ID:ioprev，项目名称:curl，代码行数:47，

示例3: mbed_connect_step3

static CURLcodembed_connect_step3(struct connectdata *conn,                   int sockindex){  CURLcode retcode = CURLE_OK;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  struct Curl_easy *data = conn->data;  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  if(SSL_SET_OPTION(primary.sessionid)) {    int ret;    mbedtls_ssl_session *our_ssl_sessionid;    void *old_ssl_sessionid = NULL;    our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session));    if(!our_ssl_sessionid)      return CURLE_OUT_OF_MEMORY;    mbedtls_ssl_session_init(our_ssl_sessionid);    ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);    if(ret) {      free(our_ssl_sessionid);      failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);      return CURLE_SSL_CONNECT_ERROR;    }    /* If there's already a matching session in the cache, delete it */    Curl_ssl_sessionid_lock(conn);    if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))      Curl_ssl_delsessionid(conn, old_ssl_sessionid);    retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);    Curl_ssl_sessionid_unlock(conn);    if(retcode) {      free(our_ssl_sessionid);      failf(data, "failed to store ssl session");      return retcode;    }  }  connssl->connecting_state = ssl_connect_done;  return CURLE_OK;}

开发者ID:sshyran，项目名称:curl，代码行数:46，

示例4: cyassl_connect_step3

static CURLcodecyassl_connect_step3(struct connectdata *conn,                     int sockindex){  CURLcode result = CURLE_OK;  struct Curl_easy *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  if(SSL_SET_OPTION(primary.sessionid)) {    bool incache;    SSL_SESSION *our_ssl_sessionid;    void *old_ssl_sessionid = NULL;    our_ssl_sessionid = SSL_get_session(BACKEND->handle);    Curl_ssl_sessionid_lock(conn);    incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,                                      sockindex));    if(incache) {      if(old_ssl_sessionid != our_ssl_sessionid) {        infof(data, "old SSL session ID is stale, removing/n");        Curl_ssl_delsessionid(conn, old_ssl_sessionid);        incache = FALSE;      }    }    if(!incache) {      result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,                                     0 /* unknown size */, sockindex);      if(result) {        Curl_ssl_sessionid_unlock(conn);        failf(data, "failed to store ssl session");        return result;      }    }    Curl_ssl_sessionid_unlock(conn);  }  connssl->connecting_state = ssl_connect_done;  return result;}

开发者ID:miranda-ng，项目名称:miranda-ng，代码行数:44，

示例5: polarssl_connect_step3

static CURLcodepolarssl_connect_step3(struct connectdata *conn,                     int sockindex){  CURLcode retcode = CURLE_OK;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  struct SessionHandle *data = conn->data;  void *old_ssl_sessionid = NULL;  ssl_session *our_ssl_sessionid;  int ret;  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  our_ssl_sessionid = malloc(sizeof(ssl_session));  if(!our_ssl_sessionid)    return CURLE_OUT_OF_MEMORY;  ssl_session_init(our_ssl_sessionid);  ret = ssl_get_session(&connssl->ssl, our_ssl_sessionid);  if(ret) {    failf(data, "ssl_get_session returned -0x%x", -ret);    return CURLE_SSL_CONNECT_ERROR;  }  /* If there's already a matching session in the cache, delete it */  if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL))    Curl_ssl_delsessionid(conn, old_ssl_sessionid);  retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0);  if(retcode) {    free(our_ssl_sessionid);    failf(data, "failed to store ssl session");    return retcode;  }  connssl->connecting_state = ssl_connect_done;  return CURLE_OK;}

开发者ID:AaronDP，项目名称:curl_adbshell，代码行数:40，

示例6: cyassl_connect_step3

static CURLcodecyassl_connect_step3(struct connectdata *conn,                     int sockindex){  CURLcode result = CURLE_OK;  void *old_ssl_sessionid=NULL;  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  bool incache;  SSL_SESSION *our_ssl_sessionid;  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  our_ssl_sessionid = SSL_get_session(connssl->handle);  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));  if(incache) {    if(old_ssl_sessionid != our_ssl_sessionid) {      infof(data, "old SSL session ID is stale, removing/n");      Curl_ssl_delsessionid(conn, old_ssl_sessionid);      incache = FALSE;    }  }  if(!incache) {    result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,                                   0 /* unknown size */);    if(result) {      failf(data, "failed to store ssl session");      return result;    }  }  connssl->connecting_state = ssl_connect_done;  return result;}

开发者ID:beyondyuanshu，项目名称:curl，代码行数:37，

示例7: polarssl_connect_step1

//.........这里部分代码省略.........    }  }  /* Load the client certificate */  memset(&connssl->clicert, 0, sizeof(x509_cert));  if(data->set.str[STRING_CERT]) {    ret = x509parse_crtfile(&connssl->clicert,                            data->set.str[STRING_CERT]);    if(ret) {      failf(data, "Error reading client cert file %s: -0x%04X",            data->set.str[STRING_CERT], -ret);      return CURLE_SSL_CERTPROBLEM;    }  }  /* Load the client private key */  if(data->set.str[STRING_KEY]) {    ret = x509parse_keyfile(&connssl->rsa,                            data->set.str[STRING_KEY],                            data->set.str[STRING_KEY_PASSWD]);    if(ret) {      failf(data, "Error reading private key %s: -0x%04X",            data->set.str[STRING_KEY], -ret);      return CURLE_SSL_CERTPROBLEM;    }  }  /* Load the CRL */  memset(&connssl->crl, 0, sizeof(x509_crl));  if(data->set.str[STRING_SSL_CRLFILE]) {    ret = x509parse_crlfile(&connssl->crl,                            data->set.str[STRING_SSL_CRLFILE]);    if(ret) {      failf(data, "Error reading CRL file %s: -0x%04X",            data->set.str[STRING_SSL_CRLFILE], -ret);      return CURLE_SSL_CRL_BADFILE;    }  }  infof(data, "PolarSSL: Connecting to %s:%d/n",        conn->host.name, conn->remote_port);  if(ssl_init(&connssl->ssl)) {    failf(data, "PolarSSL: ssl_init failed");    return CURLE_SSL_CONNECT_ERROR;  }  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);  ssl_set_rng(&connssl->ssl, HAVEGE_RANDOM,              &connssl->hs);  ssl_set_bio(&connssl->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);#if POLARSSL_VERSION_NUMBER<0x01000000  ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);#else  ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);#endif  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {    memcpy(&connssl->ssn, old_session, old_session_size);    infof(data, "PolarSSL re-using session/n");  }  ssl_set_session(&connssl->ssl, 1, 600,                  &connssl->ssn);  ssl_set_ca_chain(&connssl->ssl,                   &connssl->cacert,                   &connssl->crl,                   conn->host.name);  ssl_set_own_cert(&connssl->ssl,                   &connssl->clicert, &connssl->rsa);  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif     sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {     infof(data, "WARNING: failed to configure "                 "server name indication (SNI) TLS extension/n");  }#ifdef POLARSSL_DEBUG  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:AnupBansod，项目名称:Nutrino_Stack，代码行数:101，

示例8: polarssl_connect_step1

//.........这里部分代码省略.........  case CURL_SSLVERSION_DEFAULT:  case CURL_SSLVERSION_TLSv1:    ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_1);    break;  case CURL_SSLVERSION_SSLv3:    ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_0);    ssl_set_max_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_0);    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3/n");    break;  case CURL_SSLVERSION_TLSv1_0:  case CURL_SSLVERSION_TLSv1_1:  case CURL_SSLVERSION_TLSv1_2:  case CURL_SSLVERSION_TLSv1_3:    {      CURLcode result = set_ssl_version_min_max(conn, sockindex);      if(result != CURLE_OK)        return result;      break;    }  default:    failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");    return CURLE_SSL_CONNECT_ERROR;  }  ssl_set_endpoint(&BACKEND->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&BACKEND->ssl, SSL_VERIFY_OPTIONAL);  ssl_set_rng(&BACKEND->ssl, ctr_drbg_random,              &BACKEND->ctr_drbg);  ssl_set_bio(&BACKEND->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);  ssl_set_ciphersuites(&BACKEND->ssl, ssl_list_ciphersuites());  /* Check if there's a cached ID we can/should use here! */  if(SSL_SET_OPTION(primary.sessionid)) {    void *old_session = NULL;    Curl_ssl_sessionid_lock(conn);    if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {      ret = ssl_set_session(&BACKEND->ssl, old_session);      if(ret) {        Curl_ssl_sessionid_unlock(conn);        failf(data, "ssl_set_session returned -0x%x", -ret);        return CURLE_SSL_CONNECT_ERROR;      }      infof(data, "PolarSSL re-using session/n");    }    Curl_ssl_sessionid_unlock(conn);  }  ssl_set_ca_chain(&BACKEND->ssl,                   &BACKEND->cacert,                   &BACKEND->crl,                   hostname);  ssl_set_own_cert_rsa(&BACKEND->ssl,                       &BACKEND->clicert, &BACKEND->rsa);  if(ssl_set_hostname(&BACKEND->ssl, hostname)) {    /* ssl_set_hostname() sets the name to use in CN/SAN checks *and* the name       to set in the SNI extension. So even if curl connects to a host       specified as an IP address, this function must be used. */    failf(data, "couldn't set hostname in PolarSSL");    return CURLE_SSL_CONNECT_ERROR;  }#ifdef HAS_ALPN  if(conn->bits.tls_enable_alpn) {    static const char *protocols[3];    int cur = 0;#ifdef USE_NGHTTP2    if(data->set.httpversion >= CURL_HTTP_VERSION_2) {      protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;      infof(data, "ALPN, offering %s/n", NGHTTP2_PROTO_VERSION_ID);    }#endif    protocols[cur++] = ALPN_HTTP_1_1;    infof(data, "ALPN, offering %s/n", ALPN_HTTP_1_1);    protocols[cur] = NULL;    ssl_set_alpn_protocols(&BACKEND->ssl, protocols);  }#endif#ifdef POLARSSL_DEBUG  ssl_set_dbg(&BACKEND->ssl, polarssl_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:sshyran，项目名称:curl，代码行数:101，

示例9: Curl_axtls_connect

//.........这里部分代码省略.........  /* Load client key.     If a pkcs12 file successfully loaded a cert, then there's nothing to do     because the key has already been loaded. */  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {    i=0;    /* Instead of trying to analyze key type here, let axTLS try them all. */    while(key_types[i] != 0) {      ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],                                    data->set.str[STRING_KEY], NULL);      if(ssl_fcn_return == SSL_OK) {        infof(data, "successfully read key file %s /n",              data->set.str[STRING_KEY]);        break;      }      i++;    }    /* Tried all key types, none worked. */    if(key_types[i] == 0) {      failf(data, "Failure: %s is not a supported key file",            data->set.str[STRING_KEY]);      Curl_axtls_close(conn, sockindex);      return CURLE_SSL_CONNECT_ERROR;    }  }  /* curl_gtls.c does more here that is being left out for now   * 1) set session credentials.  can probably ignore since axtls puts this   *    info in the ssl_ctx struct   * 2) setting up callbacks.  these seem gnutls specific   */  /* In axTLS, handshaking happens inside ssl_client_new. */  if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) {    /* we got a session id, use it! */    infof (data, "SSL re-using session ID/n");    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],                         ssl_sessionid, (uint8_t)ssl_idsize);  }  else    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0);  /* Check to make sure handshake was ok. */  ssl_fcn_return = ssl_handshake_status(ssl);  if(ssl_fcn_return != SSL_OK) {    Curl_axtls_close(conn, sockindex);    ssl_display_error(ssl_fcn_return); /* goes to stdout. */    return map_error_to_curl(ssl_fcn_return);  }  infof (data, "handshake completed successfully/n");  /* Here, curl_gtls.c gets the peer certificates and fails out depending on   * settings in "data."  axTLS api doesn't have get cert chain fcn, so omit?   */  /* Verify server's certificate */  if(data->set.ssl.verifypeer) {    if(ssl_verify_cert(ssl) != SSL_OK) {      Curl_axtls_close(conn, sockindex);      failf(data, "server cert verify failed");      return CURLE_SSL_CONNECT_ERROR;    }  }  else    infof(data, "/t server certificate verification SKIPPED/n");

开发者ID:fquinto，项目名称:curl，代码行数:66，

示例10: polarssl_connect_step2

//.........这里部分代码省略.........        ssl_get_ciphersuite(&conn->ssl[sockindex].ssl)#else        ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl)#endif    );  ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl);  if(ret && data->set.ssl.verifypeer) {    if(ret & BADCERT_EXPIRED)      failf(data, "Cert verify failed: BADCERT_EXPIRED");    if(ret & BADCERT_REVOKED) {      failf(data, "Cert verify failed: BADCERT_REVOKED");      return CURLE_SSL_CACERT;    }    if(ret & BADCERT_CN_MISMATCH)      failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");    if(ret & BADCERT_NOT_TRUSTED)      failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");    return CURLE_PEER_FAILED_VERIFICATION;  }/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's   1.1.4 version and the like */#if POLARSSL_VERSION_NUMBER<0x01020000  if(conn->ssl[sockindex].ssl.peer_cert) {#else  if(ssl_get_peer_cert(&(connssl->ssl))) {#endif    /* If the session was resumed, there will be no peer certs */    memset(buffer, 0, sizeof(buffer));/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's   1.1.4 version and the like */#if POLARSSL_VERSION_NUMBER<0x01020000    if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",                           conn->ssl[sockindex].ssl.peer_cert) != -1)#else    if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",                           ssl_get_peer_cert(&(connssl->ssl))) != -1)#endif      infof(data, "Dumping cert info:/n%s/n", buffer);  }  connssl->connecting_state = ssl_connect_3;  infof(data, "SSL connected/n");  return CURLE_OK;}static CURLcodepolarssl_connect_step3(struct connectdata *conn,                     int sockindex){  CURLcode retcode = CURLE_OK;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  struct SessionHandle *data = conn->data;  void *old_ssl_sessionid = NULL;  ssl_session *our_ssl_sessionid = &conn->ssl[sockindex].ssn ;  int incache;  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);  /* Save the current session data for possible re-use */  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));  if(incache) {    if(old_ssl_sessionid != our_ssl_sessionid) {      infof(data, "old SSL session ID is stale, removing/n");      Curl_ssl_delsessionid(conn, old_ssl_sessionid);      incache = FALSE;    }  }  if(!incache) {    void *new_session = malloc(sizeof(ssl_session));    if(new_session) {      memcpy(new_session, our_ssl_sessionid,             sizeof(ssl_session));      retcode = Curl_ssl_addsessionid(conn, new_session,                                   sizeof(ssl_session));    }    else {      retcode = CURLE_OUT_OF_MEMORY;    }    if(retcode) {      failf(data, "failed to store ssl session");      return retcode;    }  }  connssl->connecting_state = ssl_connect_done;  return CURLE_OK;}

开发者ID:Web5design，项目名称:curl，代码行数:101，

示例11: gtls_connect_step3

//.........这里部分代码省略.........      return CURLE_PEER_FAILED_VERIFICATION;    }    else      infof(data, "/t server certificate activation date FAILED/n");  }  else    infof(data, "/t server certificate activation date OK/n");  /* Show:  - ciphers used  - subject  - start date  - expire date  - common name  - issuer  */  /* public key algorithm's parameters */  algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);  infof(data, "/t certificate public key: %s/n",        gnutls_pk_algorithm_get_name(algo));  /* version of the X.509 certificate. */  infof(data, "/t certificate version: #%d/n",        gnutls_x509_crt_get_version(x509_cert));  size = sizeof(certbuf);  gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);  infof(data, "/t subject: %s/n", certbuf);  certclock = gnutls_x509_crt_get_activation_time(x509_cert);  showtime(data, "start date", certclock);  certclock = gnutls_x509_crt_get_expiration_time(x509_cert);  showtime(data, "expire date", certclock);  size = sizeof(certbuf);  gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);  infof(data, "/t issuer: %s/n", certbuf);  gnutls_x509_crt_deinit(x509_cert);after_server_cert_verification:  /* compression algorithm (if any) */  ptr = gnutls_compression_get_name(gnutls_compression_get(session));  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */  infof(data, "/t compression: %s/n", ptr);  /* the name of the cipher used. ie 3DES. */  ptr = gnutls_cipher_get_name(gnutls_cipher_get(session));  infof(data, "/t cipher: %s/n", ptr);  /* the MAC algorithms name. ie SHA1 */  ptr = gnutls_mac_get_name(gnutls_mac_get(session));  infof(data, "/t MAC: %s/n", ptr);  conn->ssl[sockindex].state = ssl_connection_complete;  conn->recv[sockindex] = gtls_recv;  conn->send[sockindex] = gtls_send;  {    /* we always unconditionally get the session id here, as even if we       already got it from the cache and asked to use it in the connection, it       might've been rejected and then a new one is in use now and we need to       detect that. */    void *connect_sessionid;    size_t connect_idsize;    /* get the session ID data size */    gnutls_session_get_data(session, NULL, &connect_idsize);    connect_sessionid = malloc(connect_idsize); /* get a buffer for it */    if(connect_sessionid) {      /* extract session ID to the allocated buffer */      gnutls_session_get_data(session, connect_sessionid, &connect_idsize);      incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL));      if(incache) {        /* there was one before in the cache, so instead of risking that the           previous one was rejected, we just kill that and store the new */        Curl_ssl_delsessionid(conn, ssl_sessionid);      }      /* store this session id */      result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);      if(result) {        free(connect_sessionid);        result = CURLE_OUT_OF_MEMORY;      }    }    else      result = CURLE_OUT_OF_MEMORY;  }  return result;}

开发者ID:mcodegeeks，项目名称:OpenKODE-Framework，代码行数:101，

示例12: Curl_schannel_shutdown

int Curl_schannel_shutdown(struct connectdata *conn, int sockindex){  /* See http://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx   * Shutting Down an Schannel Connection   */  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  struct curl_schannel_cred *cached_cred = NULL;  infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu/n",        conn->host.name, conn->remote_port);  if(connssl->cred && connssl->ctxt) {    SecBufferDesc BuffDesc;    SecBuffer Buffer;    SECURITY_STATUS sspi_status;    SecBuffer outbuf;    SecBufferDesc outbuf_desc;    CURLcode code;    TCHAR *host_name;    DWORD dwshut = SCHANNEL_SHUTDOWN;    InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));    InitSecBufferDesc(&BuffDesc, &Buffer, 1);    sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle,                                              &BuffDesc);    if(sspi_status != SEC_E_OK)      failf(data, "schannel: ApplyControlToken failure: %s",            Curl_sspi_strerror(conn, sspi_status));    host_name = Curl_convert_UTF8_to_tchar(conn->host.name);    if(!host_name)      return CURLE_OUT_OF_MEMORY;    /* setup output buffer */    InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);    InitSecBufferDesc(&outbuf_desc, &outbuf, 1);    sspi_status = s_pSecFn->InitializeSecurityContext(         &connssl->cred->cred_handle,         &connssl->ctxt->ctxt_handle,         host_name,         connssl->req_flags,         0,         0,         NULL,         0,         &connssl->ctxt->ctxt_handle,         &outbuf_desc,         &connssl->ret_flags,         &connssl->ctxt->time_stamp);    Curl_unicodefree(host_name);    if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) {      /* send close message which is in output buffer */      ssize_t written;      code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,                              outbuf.cbBuffer, &written);      s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);      if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {        infof(data, "schannel: failed to send close msg: %s"              " (bytes written: %zd)/n", curl_easy_strerror(code), written);      }    }    /* free SSPI Schannel API security context handle */    if(connssl->ctxt) {      infof(data, "schannel: clear security context handle/n");      s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);      Curl_safefree(connssl->ctxt);    }    /* free SSPI Schannel API credential handle */    if(connssl->cred) {      /* decrement the reference counter of the credential/session handle */      if(connssl->cred->refcount > 0) {        connssl->cred->refcount--;        infof(data, "schannel: decremented credential handle refcount = %d/n",              connssl->cred->refcount);      }      /* if the handle refcount is zero, check if we have not cached it */      if(connssl->cred->refcount == 0) {        if(Curl_ssl_getsessionid(conn, (void**)&cached_cred, NULL)) {          cached_cred = NULL;        }        /* if the handle was not cached, it is stale to be freed */        if(connssl->cred != cached_cred) {          infof(data, "schannel: clear credential handle/n");          s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);          Curl_safefree(connssl->cred);        }      }    }  }//.........这里部分代码省略.........

开发者ID:AlessioVallero，项目名称:RaspberryPI，代码行数:101，

示例13: Curl_polarssl_connect

//.........这里部分代码省略.........  if(data->set.str[STRING_SSL_CRLFILE]) {    ret = x509parse_crlfile(&conn->ssl[sockindex].crl,                            data->set.str[STRING_SSL_CRLFILE]);    if(ret) {      failf(data, "Error reading CRL file %s: -0x%04X",            data->set.str[STRING_SSL_CRLFILE], -ret);      return CURLE_SSL_CRL_BADFILE;    }  }  infof(data, "PolarSSL: Connected to %s:%d/n",        conn->host.name, conn->remote_port);  havege_init(&conn->ssl[sockindex].hs);  if(ssl_init(&conn->ssl[sockindex].ssl)) {    failf(data, "PolarSSL: ssl_init failed");    return CURLE_SSL_CONNECT_ERROR;  }  ssl_set_endpoint(&conn->ssl[sockindex].ssl, SSL_IS_CLIENT);  ssl_set_authmode(&conn->ssl[sockindex].ssl, SSL_VERIFY_OPTIONAL);  ssl_set_rng(&conn->ssl[sockindex].ssl, havege_rand,              &conn->ssl[sockindex].hs);  ssl_set_bio(&conn->ssl[sockindex].ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);  ssl_set_ciphers(&conn->ssl[sockindex].ssl, ssl_default_ciphers);  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {    memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size);    infof(data, "PolarSSL re-using session/n");  }  ssl_set_session(&conn->ssl[sockindex].ssl, 1, 600,                  &conn->ssl[sockindex].ssn);  ssl_set_ca_chain(&conn->ssl[sockindex].ssl,                   &conn->ssl[sockindex].cacert,                   &conn->ssl[sockindex].crl,                   conn->host.name);  ssl_set_own_cert(&conn->ssl[sockindex].ssl,                   &conn->ssl[sockindex].clicert, &conn->ssl[sockindex].rsa);  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif     sni && ssl_set_hostname(&conn->ssl[sockindex].ssl, conn->host.name)) {     infof(data, "WARNING: failed to configure "                 "server name indication (SNI) TLS extension/n");  }  infof(data, "PolarSSL: performing SSL/TLS handshake.../n");#ifdef POLARSSL_DEBUG  ssl_set_dbg(&conn->ssl[sockindex].ssl, polarssl_debug, data);#endif  for(;;) {    if(!(ret = ssl_handshake(&conn->ssl[sockindex].ssl)))

开发者ID:DTwomey，项目名称:ark2d，代码行数:67，

示例14: mbedtls_connect_step1

//.........这里部分代码省略.........  }  ret = mbedtls_ssl_config_defaults(&connssl->config,                                    MBEDTLS_SSL_IS_CLIENT,                                    MBEDTLS_SSL_TRANSPORT_STREAM,                                    MBEDTLS_SSL_PRESET_DEFAULT);  if(ret) {    failf(data, "mbedTLS: ssl_config failed");    return CURLE_SSL_CONNECT_ERROR;  }  /* new profile with RSA min key len = 1024 ... */  mbedtls_ssl_conf_cert_profile( &connssl->config,                                 &mbedtls_x509_crt_profile_fr);  switch(data->set.ssl.version) {  case CURL_SSLVERSION_SSLv3:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_0);    infof(data, "mbedTLS: Forced min. SSL Version to be SSLv3/n");    break;  case CURL_SSLVERSION_TLSv1_0:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_1);    infof(data, "mbedTLS: Forced min. SSL Version to be TLS 1.0/n");    break;  case CURL_SSLVERSION_TLSv1_1:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_2);    infof(data, "mbedTLS: Forced min. SSL Version to be TLS 1.1/n");    break;  case CURL_SSLVERSION_TLSv1_2:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_3);    infof(data, "mbedTLS: Forced min. SSL Version to be TLS 1.2/n");    break;  }  mbedtls_ssl_conf_authmode(&connssl->config, MBEDTLS_SSL_VERIFY_OPTIONAL);  mbedtls_ssl_conf_rng(&connssl->config, mbedtls_ctr_drbg_random,              &connssl->ctr_drbg);  mbedtls_ssl_set_bio(&connssl->ssl, &conn->sock[sockindex],              mbedtls_net_send,              mbedtls_net_recv,              NULL /*  rev_timeout() */);  mbedtls_ssl_conf_ciphersuites(&connssl->config,                                mbedtls_ssl_list_ciphersuites());  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {    memcpy(&connssl->ssn, old_session, old_session_size);    infof(data, "mbedTLS re-using session/n");  }  mbedtls_ssl_set_session(&connssl->ssl,                  &connssl->ssn);  mbedtls_ssl_conf_ca_chain(&connssl->config,                   &connssl->cacert,                   &connssl->crl);  if(data->set.str[STRING_KEY]) {    mbedtls_ssl_conf_own_cert(&connssl->config,                         &connssl->clicert, &connssl->pk);  }  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif     sni && mbedtls_ssl_set_hostname(&connssl->ssl, conn->host.name)) {     infof(data, "WARNING: failed to configure "                 "server name indication (SNI) TLS extension/n");  }#ifdef HAS_ALPN  if(data->set.ssl_enable_alpn) {    const char *protocols[3];    const char **p = protocols;#ifdef USE_NGHTTP2    if(data->set.httpversion >= CURL_HTTP_VERSION_2)      *p++ = NGHTTP2_PROTO_VERSION_ID;#endif    *p++ = ALPN_HTTP_1_1;    *p = NULL;    if(mbedtls_ssl_conf_alpn_protocols(&connssl->config, protocols)) {      failf(data, "Failed setting ALPN protocols");      return CURLE_SSL_CONNECT_ERROR;    }    for(p = protocols; *p; ++p)      infof(data, "ALPN, offering %s/n", *p);  }#endif#ifdef MBEDTLS_DEBUG  mbedtls_ssl_conf_dbg(&connssl->ssl, mbedtls_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:AshKarath，项目名称:bumo，代码行数:101，

示例15: connect_prep

//.........这里部分代码省略.........  client_option |= SSL_DISPLAY_STATES | SSL_DISPLAY_RSA | SSL_DISPLAY_CERTS;#endif /* AXTLSDEBUG */  /* Allocate an SSL_CTX struct */  ssl_ctx = ssl_ctx_new(client_option, SSL_DEFAULT_CLNT_SESS);  if(ssl_ctx == NULL) {    failf(data, "unable to create client SSL context");    return CURLE_SSL_CONNECT_ERROR;  }  conn->ssl[sockindex].ssl_ctx = ssl_ctx;  conn->ssl[sockindex].ssl = NULL;  /* Load the trusted CA cert bundle file */  if(data->set.ssl.CAfile) {    if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)       != SSL_OK) {      infof(data, "error reading ca cert file %s /n",            data->set.ssl.CAfile);      if(data->set.ssl.verifypeer) {        return CURLE_SSL_CACERT_BADFILE;      }    }    else      infof(data, "found certificates in %s/n", data->set.ssl.CAfile);  }  /* gtls.c tasks we're skipping for now:   * 1) certificate revocation list checking   * 2) dns name assignment to host   * 3) set protocol priority.  axTLS is TLSv1 only, so can probably ignore   * 4) set certificate priority.  axTLS ignores type and sends certs in   *  order added.  can probably ignore this.   */  /* Load client certificate */  if(data->set.str[STRING_CERT]) {    i=0;    /* Instead of trying to analyze cert type here, let axTLS try them all. */    while(cert_types[i] != 0) {      ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],                                    data->set.str[STRING_CERT], NULL);      if(ssl_fcn_return == SSL_OK) {        infof(data, "successfully read cert file %s /n",              data->set.str[STRING_CERT]);        break;      }      i++;    }    /* Tried all cert types, none worked. */    if(cert_types[i] == 0) {      failf(data, "%s is not x509 or pkcs12 format",            data->set.str[STRING_CERT]);      return CURLE_SSL_CERTPROBLEM;    }  }  /* Load client key.     If a pkcs12 file successfully loaded a cert, then there's nothing to do     because the key has already been loaded. */  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {    i=0;    /* Instead of trying to analyze key type here, let axTLS try them all. */    while(key_types[i] != 0) {      ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],                                    data->set.str[STRING_KEY], NULL);      if(ssl_fcn_return == SSL_OK) {        infof(data, "successfully read key file %s /n",              data->set.str[STRING_KEY]);        break;      }      i++;    }    /* Tried all key types, none worked. */    if(key_types[i] == 0) {      failf(data, "Failure: %s is not a supported key file",            data->set.str[STRING_KEY]);      return CURLE_SSL_CONNECT_ERROR;    }  }  /* gtls.c does more here that is being left out for now   * 1) set session credentials.  can probably ignore since axtls puts this   *    info in the ssl_ctx struct   * 2) setting up callbacks.  these seem gnutls specific   */  /* In axTLS, handshaking happens inside ssl_client_new. */  if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) {    /* we got a session id, use it! */    infof (data, "SSL re-using session ID/n");    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],                         ssl_sessionid, (uint8_t)ssl_idsize);  }  else    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0);  conn->ssl[sockindex].ssl = ssl;  return CURLE_OK;}

开发者ID:princejeru10，项目名称:theswissvet.com，代码行数:101，

示例16: gtls_connect_step1

//.........这里部分代码省略.........    failf(data, "gnutls_init() failed: %d", rc);    return CURLE_SSL_CONNECT_ERROR;  }  /* convenient assign */  session = conn->ssl[sockindex].session;  if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&#ifdef ENABLE_IPV6     (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&#endif     sni &&     (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,                             strlen(conn->host.name)) < 0))    infof(data, "WARNING: failed to configure server name indication (SNI) "          "TLS extension/n");  /* Use default priorities */  rc = gnutls_set_default_priority(session);  if(rc != GNUTLS_E_SUCCESS)    return CURLE_SSL_CONNECT_ERROR;  if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT    static const int protocol_priority[] = { GNUTLS_SSL3, 0 };    rc = gnutls_protocol_set_priority(session, protocol_priority);#else    const char *err;    /* the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not       vulnerable to attacks such as the BEAST, why this code now explicitly       asks for that    */    rc = gnutls_priority_set_direct(session,                                    "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:"                                    "-CIPHER-ALL:+ARCFOUR-128",                                    &err);#endif    if(rc != GNUTLS_E_SUCCESS)      return CURLE_SSL_CONNECT_ERROR;  }#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT  /* Sets the priority on the certificate types supported by gnutls. Priority     is higher for types specified before others. After specifying the types     you want, you must append a 0. */  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);  if(rc != GNUTLS_E_SUCCESS)    return CURLE_SSL_CONNECT_ERROR;#endif  if(data->set.str[STRING_CERT]) {    if(gnutls_certificate_set_x509_key_file(         conn->ssl[sockindex].cred,         data->set.str[STRING_CERT],         data->set.str[STRING_KEY] ?         data->set.str[STRING_KEY] : data->set.str[STRING_CERT],         do_file_type(data->set.str[STRING_CERT_TYPE]) ) !=       GNUTLS_E_SUCCESS) {      failf(data, "error reading X.509 key or certificate file");      return CURLE_SSL_CONNECT_ERROR;    }  }#ifdef USE_TLS_SRP  /* put the credentials to the current session */  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {    rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,                                conn->ssl[sockindex].srp_client_cred);    if(rc != GNUTLS_E_SUCCESS)      failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));  }  else#endif    rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,                                conn->ssl[sockindex].cred);  /* set the connection handle (file descriptor for the socket) */  gnutls_transport_set_ptr(session,                           GNUTLS_INT_TO_POINTER_CAST(conn->sock[sockindex]));  /* register callback functions to send and receive data. */  gnutls_transport_set_push_function(session, Curl_gtls_push);  gnutls_transport_set_pull_function(session, Curl_gtls_pull);  /* lowat must be set to zero when using custom push and pull functions. */  gnutls_transport_set_lowat(session, 0);  /* This might be a reconnect, so we check for a session ID in the cache     to speed up things */  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {    /* we got a session id, use it! */    gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);    /* Informational message */    infof (data, "SSL re-using session ID/n");  }  return CURLE_OK;}

开发者ID:mcodegeeks，项目名称:OpenKODE-Framework，代码行数:101，

示例17: schannel_connect_step1

static CURLcodeschannel_connect_step1(struct connectdata *conn, int sockindex){  ssize_t written = -1;  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  SecBuffer outbuf;  SecBufferDesc outbuf_desc;  SCHANNEL_CRED schannel_cred;  SECURITY_STATUS sspi_status = SEC_E_OK;  struct curl_schannel_cred *old_cred = NULL;  struct in_addr addr;#ifdef ENABLE_IPV6  struct in6_addr addr6;#endif  TCHAR *host_name;  CURLcode code;  infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)/n",        conn->host.name, conn->remote_port);  /* check for an existing re-usable credential handle */  if(!Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL)) {    connssl->cred = old_cred;    infof(data, "schannel: re-using existing credential handle/n");  }  else {    /* setup Schannel API options */    memset(&schannel_cred, 0, sizeof(schannel_cred));    schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;    if(data->set.ssl.verifypeer) {#ifdef _WIN32_WCE      /* certificate validation on CE doesn't seem to work right; we'll         do it following a more manual process. */      schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |                              SCH_CRED_IGNORE_NO_REVOCATION_CHECK |                              SCH_CRED_IGNORE_REVOCATION_OFFLINE;#else      schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |                              SCH_CRED_REVOCATION_CHECK_CHAIN;#endif      infof(data, "schannel: checking server certificate revocation/n");    }    else {      schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |                              SCH_CRED_IGNORE_NO_REVOCATION_CHECK |                              SCH_CRED_IGNORE_REVOCATION_OFFLINE;      infof(data, "schannel: disable server certificate revocation checks/n");    }    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)#ifdef ENABLE_IPV6       || Curl_inet_pton(AF_INET6, conn->host.name, &addr6)#endif      ) {      schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;      infof(data, "schannel: using IP address, SNI is being disabled by "                  "disabling the servername check against the "                  "subject names in server certificates./n");    }    if(!data->set.ssl.verifyhost) {      schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;      infof(data, "schannel: verifyhost setting prevents Schannel from "                  "comparing the supplied target name with the subject "                  "names in server certificates. Also disables SNI./n");    }    switch(data->set.ssl.version) {      case CURL_SSLVERSION_TLSv1:        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |                                              SP_PROT_TLS1_1_CLIENT |                                              SP_PROT_TLS1_2_CLIENT;        break;      case CURL_SSLVERSION_SSLv3:        schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;        break;      case CURL_SSLVERSION_SSLv2:        schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;        break;    }    /* allocate memory for the re-usable credential handle */    connssl->cred = malloc(sizeof(struct curl_schannel_cred));    if(!connssl->cred) {      failf(data, "schannel: unable to allocate memory");      return CURLE_OUT_OF_MEMORY;    }    memset(connssl->cred, 0, sizeof(struct curl_schannel_cred));    /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */    sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME,      SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL,      &connssl->cred->cred_handle, &connssl->cred->time_stamp);    if(sspi_status != SEC_E_OK) {      if(sspi_status == SEC_E_WRONG_PRINCIPAL)        failf(data, "schannel: SNI or certificate check failed: %s",              Curl_sspi_strerror(conn, sspi_status));//.........这里部分代码省略.........

开发者ID:AlessioVallero，项目名称:RaspberryPI，代码行数:101，

示例18: mbed_connect_step1

//.........这里部分代码省略.........    }  default:    failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");    return CURLE_SSL_CONNECT_ERROR;  }  mbedtls_ssl_conf_authmode(&BACKEND->config, MBEDTLS_SSL_VERIFY_OPTIONAL);  mbedtls_ssl_conf_rng(&BACKEND->config, mbedtls_ctr_drbg_random,                       &BACKEND->ctr_drbg);  mbedtls_ssl_set_bio(&BACKEND->ssl, &conn->sock[sockindex],                      mbedtls_net_send,                      mbedtls_net_recv,                      NULL /*  rev_timeout() */);  mbedtls_ssl_conf_ciphersuites(&BACKEND->config,                                mbedtls_ssl_list_ciphersuites());#if defined(MBEDTLS_SSL_RENEGOTIATION)  mbedtls_ssl_conf_renegotiation(&BACKEND->config,                                 MBEDTLS_SSL_RENEGOTIATION_ENABLED);#endif#if defined(MBEDTLS_SSL_SESSION_TICKETS)  mbedtls_ssl_conf_session_tickets(&BACKEND->config,                                   MBEDTLS_SSL_SESSION_TICKETS_DISABLED);#endif  /* Check if there's a cached ID we can/should use here! */  if(SSL_SET_OPTION(primary.sessionid)) {    void *old_session = NULL;    Curl_ssl_sessionid_lock(conn);    if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {      ret = mbedtls_ssl_set_session(&BACKEND->ssl, old_session);      if(ret) {        Curl_ssl_sessionid_unlock(conn);        failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret);        return CURLE_SSL_CONNECT_ERROR;      }      infof(data, "mbedTLS re-using session/n");    }    Curl_ssl_sessionid_unlock(conn);  }  mbedtls_ssl_conf_ca_chain(&BACKEND->config,                            &BACKEND->cacert,                            &BACKEND->crl);  if(SSL_SET_OPTION(key)) {    mbedtls_ssl_conf_own_cert(&BACKEND->config,                              &BACKEND->clicert, &BACKEND->pk);  }  if(mbedtls_ssl_set_hostname(&BACKEND->ssl, hostname)) {    /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and*       the name to set in the SNI extension. So even if curl connects to a       host specified as an IP address, this function must be used. */    failf(data, "couldn't set hostname in mbedTLS");    return CURLE_SSL_CONNECT_ERROR;  }#ifdef HAS_ALPN  if(conn->bits.tls_enable_alpn) {    const char **p = &BACKEND->protocols[0];#ifdef USE_NGHTTP2    if(data->set.httpversion >= CURL_HTTP_VERSION_2)

开发者ID:sshyran，项目名称:curl，代码行数:67，

示例19: polarssl_connect_step1

//.........这里部分代码省略.........#endif /* POLARSSL_ERROR_C */      failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",            data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);      return CURLE_SSL_CRL_BADFILE;    }  }  infof(data, "PolarSSL: Connecting to %s:%d/n",        conn->host.name, conn->remote_port);  if(ssl_init(&connssl->ssl)) {    failf(data, "PolarSSL: ssl_init failed");    return CURLE_SSL_CONNECT_ERROR;  }  switch(data->set.ssl.version) {  default:  case CURL_SSLVERSION_DEFAULT:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_1);    break;  case CURL_SSLVERSION_SSLv3:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_0);    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3/n");    break;  case CURL_SSLVERSION_TLSv1_0:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_1);    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0/n");    break;  case CURL_SSLVERSION_TLSv1_1:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_2);    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1/n");    break;  case CURL_SSLVERSION_TLSv1_2:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_3);    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2/n");    break;  }  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);  ssl_set_rng(&connssl->ssl, ctr_drbg_random,              &connssl->ctr_drbg);  ssl_set_bio(&connssl->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {    memcpy(&connssl->ssn, old_session, old_session_size);    infof(data, "PolarSSL re-using session/n");  }  ssl_set_session(&connssl->ssl,                  &connssl->ssn);  ssl_set_ca_chain(&connssl->ssl,                   &connssl->cacert,                   &connssl->crl,                   conn->host.name);  ssl_set_own_cert_rsa(&connssl->ssl,                       &connssl->clicert, &connssl->rsa);  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif     sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {     infof(data, "WARNING: failed to configure "                 "server name indication (SNI) TLS extension/n");  }#ifdef HAS_ALPN  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {    if(data->set.ssl_enable_alpn) {      static const char* protocols[] = {        NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1, NULL      };      ssl_set_alpn_protocols(&connssl->ssl, protocols);      infof(data, "ALPN, offering %s, %s/n", protocols[0],            protocols[1]);    }  }#endif#ifdef POLARSSL_DEBUG  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:entdark，项目名称:jk2mv，代码行数:101，

示例20: cyassl_connect_step1

//.........这里部分代码省略.........    size_t hostname_len = strlen(hostname);    if((hostname_len < USHRT_MAX) &&       (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&#ifdef ENABLE_IPV6       (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) &&#endif       (CyaSSL_CTX_UseSNI(BACKEND->ctx, CYASSL_SNI_HOST_NAME, hostname,                          (unsigned short)hostname_len) != 1)) {      infof(data, "WARNING: failed to configure server name indication (SNI) "            "TLS extension/n");    }  }#endif  /* give application a chance to interfere with SSL set up. */  if(data->set.ssl.fsslctx) {    CURLcode result = CURLE_OK;    result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx,                                      data->set.ssl.fsslctxp);    if(result) {      failf(data, "error signaled by ssl ctx callback");      return result;    }  }#ifdef NO_FILESYSTEM  else if(SSL_CONN_CONFIG(verifypeer)) {    failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"          " with /"no filesystem/". Either disable peer verification"          " (insecure) or if you are building an application with libcurl you"          " can load certificates via CURLOPT_SSL_CTX_FUNCTION.");    return CURLE_SSL_CONNECT_ERROR;  }#endif  /* Let's make an SSL structure */  if(BACKEND->handle)    SSL_free(BACKEND->handle);  BACKEND->handle = SSL_new(BACKEND->ctx);  if(!BACKEND->handle) {    failf(data, "SSL: couldn't create a context (handle)!");    return CURLE_OUT_OF_MEMORY;  }#ifdef HAVE_ALPN  if(conn->bits.tls_enable_alpn) {    char protocols[128];    *protocols = '/0';    /* wolfSSL's ALPN protocol name list format is a comma separated string of       protocols in descending order of preference, eg: "h2,http/1.1" */#ifdef USE_NGHTTP2    if(data->set.httpversion >= CURL_HTTP_VERSION_2) {      strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");      infof(data, "ALPN, offering %s/n", NGHTTP2_PROTO_VERSION_ID);    }#endif    strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);    infof(data, "ALPN, offering %s/n", ALPN_HTTP_1_1);    if(wolfSSL_UseALPN(BACKEND->handle, protocols,                       (unsigned)strlen(protocols),                       WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {      failf(data, "SSL: failed setting ALPN protocols");      return CURLE_SSL_CONNECT_ERROR;    }  }#endif /* HAVE_ALPN */  /* Check if there's a cached ID we can/should use here! */  if(SSL_SET_OPTION(primary.sessionid)) {    void *ssl_sessionid = NULL;    Curl_ssl_sessionid_lock(conn);    if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {      /* we got a session id, use it! */      if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {        char error_buffer[CYASSL_MAX_ERROR_SZ];        Curl_ssl_sessionid_unlock(conn);        failf(data, "SSL: SSL_set_session failed: %s",              ERR_error_string(SSL_get_error(BACKEND->handle, 0),              error_buffer));        return CURLE_SSL_CONNECT_ERROR;      }      /* Informational message */      infof(data, "SSL re-using session ID/n");    }    Curl_ssl_sessionid_unlock(conn);  }  /* pass the raw socket into the SSL layer */  if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {    failf(data, "SSL: SSL_set_fd failed");    return CURLE_SSL_CONNECT_ERROR;  }  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:miranda-ng，项目名称:miranda-ng，代码行数:101，

示例21: gtls_connect_step1

//.........这里部分代码省略.........  }#endif  if(data->set.str[STRING_CERT]) {    if(data->set.str[STRING_KEY_PASSWD]) {#if HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2      const unsigned int supported_key_encryption_algorithms =        GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR |        GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES |        GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |        GNUTLS_PKCS_USE_PBES2_AES_256;      rc = gnutls_certificate_set_x509_key_file2(           conn->ssl[sockindex].cred,           data->set.str[STRING_CERT],           data->set.str[STRING_KEY] ?           data->set.str[STRING_KEY] : data->set.str[STRING_CERT],           do_file_type(data->set.str[STRING_CERT_TYPE]),           data->set.str[STRING_KEY_PASSWD],           supported_key_encryption_algorithms);      if(rc != GNUTLS_E_SUCCESS) {        failf(data,              "error reading X.509 potentially-encrypted key file: %s",              gnutls_strerror(rc));        return CURLE_SSL_CONNECT_ERROR;      }#else      failf(data, "gnutls lacks support for encrypted key files");      return CURLE_SSL_CONNECT_ERROR;#endif    }    else {      rc = gnutls_certificate_set_x509_key_file(           conn->ssl[sockindex].cred,           data->set.str[STRING_CERT],           data->set.str[STRING_KEY] ?           data->set.str[STRING_KEY] : data->set.str[STRING_CERT],           do_file_type(data->set.str[STRING_CERT_TYPE]) );      if(rc != GNUTLS_E_SUCCESS) {        failf(data, "error reading X.509 key or certificate file: %s",              gnutls_strerror(rc));        return CURLE_SSL_CONNECT_ERROR;      }    }  }#ifdef USE_TLS_SRP  /* put the credentials to the current session */  if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {    rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,                                conn->ssl[sockindex].srp_client_cred);    if(rc != GNUTLS_E_SUCCESS) {      failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));      return CURLE_SSL_CONNECT_ERROR;    }  }  else#endif  {    rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,                                conn->ssl[sockindex].cred);    if(rc != GNUTLS_E_SUCCESS) {      failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));      return CURLE_SSL_CONNECT_ERROR;    }  }  /* set the connection handle (file descriptor for the socket) */  gnutls_transport_set_ptr(session,                           GNUTLS_INT_TO_POINTER_CAST(conn->sock[sockindex]));  /* register callback functions to send and receive data. */  gnutls_transport_set_push_function(session, Curl_gtls_push);  gnutls_transport_set_pull_function(session, Curl_gtls_pull);  /* lowat must be set to zero when using custom push and pull functions. */  gnutls_transport_set_lowat(session, 0);#ifdef HAS_OCSP  if(data->set.ssl.verifystatus) {    rc = gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);    if(rc != GNUTLS_E_SUCCESS) {      failf(data, "gnutls_ocsp_status_request_enable_client() failed: %d", rc);      return CURLE_SSL_CONNECT_ERROR;    }  }#endif  /* This might be a reconnect, so we check for a session ID in the cache     to speed up things */  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {    /* we got a session id, use it! */    gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);    /* Informational message */    infof (data, "SSL re-using session ID/n");  }  return CURLE_OK;}

开发者ID:CopySpotter，项目名称:curl，代码行数:101，

示例22: polarssl_connect_step1

//.........这里部分代码省略.........                            data->set.str[STRING_KEY],                            data->set.str[STRING_KEY_PASSWD]);    if(ret) {#ifdef POLARSSL_ERROR_C      error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */      failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",            data->set.str[STRING_KEY], -ret, errorbuf);      return CURLE_SSL_CERTPROBLEM;    }  }  /* Load the CRL */  memset(&connssl->crl, 0, sizeof(x509_crl));  if(data->set.str[STRING_SSL_CRLFILE]) {    ret = x509parse_crlfile(&connssl->crl,                            data->set.str[STRING_SSL_CRLFILE]);    if(ret) {#ifdef POLARSSL_ERROR_C      error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */      failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",            data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);      return CURLE_SSL_CRL_BADFILE;    }  }  infof(data, "PolarSSL: Connecting to %s:%d/n",        conn->host.name, conn->remote_port);  if(ssl_init(&connssl->ssl)) {    failf(data, "PolarSSL: ssl_init failed");    return CURLE_SSL_CONNECT_ERROR;  }  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);#if POLARSSL_VERSION_NUMBER<0x01010000  ssl_set_rng(&connssl->ssl, havege_rand,              &connssl->hs);#else  ssl_set_rng(&connssl->ssl, ctr_drbg_random,              &connssl->ctr_drbg);#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */  ssl_set_bio(&connssl->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);#if POLARSSL_VERSION_NUMBER<0x01000000  ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);#else  ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);#endif  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {    memcpy(&connssl->ssn, old_session, old_session_size);    infof(data, "PolarSSL re-using session/n");  }/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's   1.1.4 version and the like */#if POLARSSL_VERSION_NUMBER<0x01020000  ssl_set_session(&connssl->ssl, 1, 600,                  &connssl->ssn);#else  ssl_set_session(&connssl->ssl,                  &connssl->ssn);#endif  ssl_set_ca_chain(&connssl->ssl,                   &connssl->cacert,                   &connssl->crl,                   conn->host.name);  ssl_set_own_cert(&connssl->ssl,                   &connssl->clicert, &connssl->rsa);  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif     sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {     infof(data, "WARNING: failed to configure "                 "server name indication (SNI) TLS extension/n");  }#ifdef POLARSSL_DEBUG  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:Web5design，项目名称:curl，代码行数:101，

示例23: gtls_connect_step3

//.........这里部分代码省略.........  - issuer  */  /* public key algorithm's parameters */  algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);  infof(data, "/t certificate public key: %s/n",        gnutls_pk_algorithm_get_name(algo));  /* version of the X.509 certificate. */  infof(data, "/t certificate version: #%d/n",        gnutls_x509_crt_get_version(x509_cert));  size = sizeof(certbuf);  gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);  infof(data, "/t subject: %s/n", certbuf);  certclock = gnutls_x509_crt_get_activation_time(x509_cert);  showtime(data, "start date", certclock);  certclock = gnutls_x509_crt_get_expiration_time(x509_cert);  showtime(data, "expire date", certclock);  size = sizeof(certbuf);  gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);  infof(data, "/t issuer: %s/n", certbuf);  gnutls_x509_crt_deinit(x509_cert);  /* compression algorithm (if any) */  ptr = gnutls_compression_get_name(gnutls_compression_get(session));  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */  infof(data, "/t compression: %s/n", ptr);#ifdef HAS_ALPN  if(data->set.ssl_enable_alpn) {    rc = gnutls_alpn_get_selected_protocol(session, &proto);    if(rc == 0) {      infof(data, "ALPN, server accepted to use %.*s/n", proto.size,          proto.data);#ifdef USE_NGHTTP2      if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&         !memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,                 NGHTTP2_PROTO_VERSION_ID_LEN)) {        conn->negnpn = CURL_HTTP_VERSION_2;      }      else#endif      if(proto.size == ALPN_HTTP_1_1_LENGTH &&         !memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) {        conn->negnpn = CURL_HTTP_VERSION_1_1;      }    }    else      infof(data, "ALPN, server did not agree to a protocol/n");  }#endif  conn->ssl[sockindex].state = ssl_connection_complete;  conn->recv[sockindex] = gtls_recv;  conn->send[sockindex] = gtls_send;  {    /* we always unconditionally get the session id here, as even if we       already got it from the cache and asked to use it in the connection, it       might've been rejected and then a new one is in use now and we need to       detect that. */    void *connect_sessionid;    size_t connect_idsize = 0;    /* get the session ID data size */    gnutls_session_get_data(session, NULL, &connect_idsize);    connect_sessionid = malloc(connect_idsize); /* get a buffer for it */    if(connect_sessionid) {      /* extract session ID to the allocated buffer */      gnutls_session_get_data(session, connect_sessionid, &connect_idsize);      incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL));      if(incache) {        /* there was one before in the cache, so instead of risking that the           previous one was rejected, we just kill that and store the new */        Curl_ssl_delsessionid(conn, ssl_sessionid);      }      /* store this session id */      result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);      if(result) {        free(connect_sessionid);        result = CURLE_OUT_OF_MEMORY;      }    }    else      result = CURLE_OUT_OF_MEMORY;  }  return result;}

开发者ID:CopySpotter，项目名称:curl，代码行数:101，

示例24: Curl_gtls_connect

//.........这里部分代码省略.........       you want, you must append a 0. */    rc = gnutls_certificate_type_set_priority(session, cert_type_priority);    if(rc < 0)        return CURLE_SSL_CONNECT_ERROR;    if(data->set.cert) {        if( gnutls_certificate_set_x509_key_file(                    conn->ssl[sockindex].cred, data->set.cert,                    data->set.key != 0 ? data->set.key : data->set.cert,                    do_file_type(data->set.cert_type) ) ) {            failf(data, "error reading X.509 key or certificate file");            return CURLE_SSL_CONNECT_ERROR;        }    }    /* put the credentials to the current session */    rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,                                conn->ssl[sockindex].cred);    /* set the connection handle (file descriptor for the socket) */    gnutls_transport_set_ptr(session,                             (gnutls_transport_ptr)conn->sock[sockindex]);    /* register callback functions to send and receive data. */    gnutls_transport_set_push_function(session, Curl_gtls_push);    gnutls_transport_set_pull_function(session, Curl_gtls_pull);    /* lowat must be set to zero when using custom push and pull functions. */    gnutls_transport_set_lowat(session, 0);    /* This might be a reconnect, so we check for a session ID in the cache       to speed up things */    if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {        /* we got a session id, use it! */        gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);        /* Informational message */        infof (data, "SSL re-using session ID/n");    }    rc = handshake(conn, session, sockindex, TRUE);    if(rc)        /* handshake() sets its own error message with failf() */        return rc;    /* This function will return the peer's raw certificate (chain) as sent by       the peer. These certificates are in raw format (DER encoded for       X.509). In case of a X.509 then a certificate list may be present. The       first certificate in the list is the peer's certificate, following the       issuer's certificate, then the issuer's issuer etc. */    chainp = gnutls_certificate_get_peers(session, &cert_list_size);    if(!chainp) {        if(data->set.ssl.verifyhost) {            failf(data, "failed to get server cert");            return CURLE_SSL_PEER_CERTIFICATE;        }        infof(data, "/t common name: WARNING couldn't obtain/n");    }    /* This function will try to verify the peer's certificate and return its       status (trusted, invalid etc.). The value of status should be one or more       of the gnutls_certificate_status_t enumerated elements bitwise or'd. To       avoid denial of service attacks some default upper limits regarding the       certificate key size and chain size are set. To override them use

开发者ID:syntheticpp，项目名称:CMakeLua，代码行数:67，

示例25: Curl_ossl_connect

//.........这里部分代码省略.........          "  CApath: %s/n",          data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",          data->set.ssl.CApath ? data->set.ssl.CApath : "none");  }  /* SSL always tries to verify the peer, this only says whether it should   * fail to connect if the verification fails, or if it should continue   * anyway. In the latter case the result of the verification is checked with   * SSL_get_verify_result() below. */  SSL_CTX_set_verify(connssl->ctx,                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,                     cert_verify_callback);  /* give application a chance to interfere with SSL set up. */  if(data->set.ssl.fsslctx) {    retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,                                       data->set.ssl.fsslctxp);    if(retcode) {      failf(data,"error signaled by ssl ctx callback");      return retcode;    }  }  /* Lets make an SSL structure */  connssl->handle = SSL_new(connssl->ctx);  if (!connssl->handle) {    failf(data, "SSL: couldn't create a context (handle)!");    return CURLE_OUT_OF_MEMORY;  }  SSL_set_connect_state(connssl->handle);  connssl->server_cert = 0x0;  /* Check if there's a cached ID we can/should use here! */  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {    /* we got a session id, use it! */    if (!SSL_set_session(connssl->handle, ssl_sessionid)) {      failf(data, "SSL: SSL_set_session failed: %s",            ERR_error_string(ERR_get_error(),NULL));      return CURLE_SSL_CONNECT_ERROR;    }    /* Informational message */    infof (data, "SSL re-using session ID/n");  }  /* pass the raw socket into the SSL layers */  if (!SSL_set_fd(connssl->handle, sockfd)) {     failf(data, "SSL: SSL_set_fd failed: %s",           ERR_error_string(ERR_get_error(),NULL));     return CURLE_SSL_CONNECT_ERROR;  }  while(1) {    int writefd;    int readfd;    long timeout_ms;    long has_passed;    /* Find out if any timeout is set. If not, use 300 seconds.       Otherwise, figure out the most strict timeout of the two possible one       and then how much time that has elapsed to know how much time we       allow for the connect call */    if(data->set.timeout || data->set.connecttimeout) {      /* get the most strict timeout of the ones converted to milliseconds */      if(data->set.timeout &&         (data->set.timeout>data->set.connecttimeout))

开发者ID:dangardner，项目名称:mudmagic-client，代码行数:67，

示例26: cyassl_connect_step1

//.........这里部分代码省略.........  }#ifndef NO_FILESYSTEM  /* load trusted cacert */  if(data->set.str[STRING_SSL_CAFILE]) {    if(!SSL_CTX_load_verify_locations(conssl->ctx,                                      data->set.str[STRING_SSL_CAFILE],                                      data->set.str[STRING_SSL_CAPATH])) {      if(data->set.ssl.verifypeer) {        /* Fail if we insist on successfully verifying the server. */        failf(data,"error setting certificate verify locations:/n"              "  CAfile: %s/n  CApath: %s",              data->set.str[STRING_SSL_CAFILE]?              data->set.str[STRING_SSL_CAFILE]: "none",              data->set.str[STRING_SSL_CAPATH]?              data->set.str[STRING_SSL_CAPATH] : "none");        return CURLE_SSL_CACERT_BADFILE;      }      else {        /* Just continue with a warning if no strict certificate           verification is required. */        infof(data, "error setting certificate verify locations,"              " continuing anyway:/n");      }    }    else {      /* Everything is fine. */      infof(data, "successfully set certificate verify locations:/n");    }    infof(data,          "  CAfile: %s/n"          "  CApath: %s/n",          data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:          "none",          data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:          "none");  }  /* Load the client certificate, and private key */  if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) {    int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]);    if(SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT],                                     file_type) != 1) {      failf(data, "unable to use client certificate (no key or wrong pass"            " phrase?)");      return CURLE_SSL_CONNECT_ERROR;    }    file_type = do_file_type(data->set.str[STRING_KEY_TYPE]);    if(SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY],                                    file_type) != 1) {      failf(data, "unable to set private key");      return CURLE_SSL_CONNECT_ERROR;    }  }#else  if(CyaSSL_no_filesystem_verify(conssl->ctx)!= SSL_SUCCESS) {    return CURLE_SSL_CONNECT_ERROR;  }#endif /* NO_FILESYSTEM */  /* SSL always tries to verify the peer, this only says whether it should   * fail to connect if the verification fails, or if it should continue   * anyway. In the latter case the result of the verification is checked with   * SSL_get_verify_result() below. */  SSL_CTX_set_verify(conssl->ctx,                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,                     NULL);  /* Let's make an SSL structure */  if(conssl->handle)    SSL_free(conssl->handle);  conssl->handle = SSL_new(conssl->ctx);  if(!conssl->handle) {    failf(data, "SSL: couldn't create a context (handle)!");    return CURLE_OUT_OF_MEMORY;  }  /* Check if there's a cached ID we can/should use here! */  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {    /* we got a session id, use it! */    if(!SSL_set_session(conssl->handle, ssl_sessionid)) {      failf(data, "SSL: SSL_set_session failed: %s",            ERR_error_string(SSL_get_error(conssl->handle, 0),NULL));      return CURLE_SSL_CONNECT_ERROR;    }    /* Informational message */    infof (data, "SSL re-using session ID/n");  }  /* pass the raw socket into the SSL layer */  if(!SSL_set_fd(conssl->handle, (int)sockfd)) {    failf(data, "SSL: SSL_set_fd failed");    return CURLE_SSL_CONNECT_ERROR;  }  conssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:entdark，项目名称:jk2mv，代码行数:101，

示例27: cyassl_connect_step1

//.........这里部分代码省略.........        return CURLE_SSL_CACERT_BADFILE;      }      else {        /* Just continue with a warning if no strict certificate           verification is required. */        infof(data, "error setting certificate verify locations,"              " continuing anyway:/n");      }    }    else {      /* Everything is fine. */      infof(data, "successfully set certificate verify locations:/n");    }    infof(data,          "  CAfile: %s/n"          "  CApath: %s/n",          data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:          "none",          data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:          "none");  }  /* Load the client certificate, and private key */  if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) {    int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]);    if(SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT],                                     file_type) != 1) {      failf(data, "unable to use client certificate (no key or wrong pass"            " phrase?)");      return CURLE_SSL_CONNECT_ERROR;    }    file_type = do_file_type(data->set.str[STRING_KEY_TYPE]);    if(SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY],                                    file_type) != 1) {      failf(data, "unable to set private key");      return CURLE_SSL_CONNECT_ERROR;    }  }#endif /* !NO_FILESYSTEM */  /* SSL always tries to verify the peer, this only says whether it should   * fail to connect if the verification fails, or if it should continue   * anyway. In the latter case the result of the verification is checked with   * SSL_get_verify_result() below. */  SSL_CTX_set_verify(conssl->ctx,                     data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,                     NULL);  /* give application a chance to interfere with SSL set up. */  if(data->set.ssl.fsslctx) {    CURLcode result = CURLE_OK;    result = (*data->set.ssl.fsslctx)(data, conssl->ctx,                                      data->set.ssl.fsslctxp);    if(result) {      failf(data, "error signaled by ssl ctx callback");      return result;    }  }#ifdef NO_FILESYSTEM  else if(data->set.ssl.verifypeer) {    failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"          " with /"no filesystem/". Either disable peer verification"          " (insecure) or if you are building an application with libcurl you"          " can load certificates via CURLOPT_SSL_CTX_FUNCTION.");    return CURLE_SSL_CONNECT_ERROR;  }#endif  /* Let's make an SSL structure */  if(conssl->handle)    SSL_free(conssl->handle);  conssl->handle = SSL_new(conssl->ctx);  if(!conssl->handle) {    failf(data, "SSL: couldn't create a context (handle)!");    return CURLE_OUT_OF_MEMORY;  }  /* Check if there's a cached ID we can/should use here! */  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {    /* we got a session id, use it! */    if(!SSL_set_session(conssl->handle, ssl_sessionid)) {      failf(data, "SSL: SSL_set_session failed: %s",            ERR_error_string(SSL_get_error(conssl->handle, 0), error_buffer));      return CURLE_SSL_CONNECT_ERROR;    }    /* Informational message */    infof (data, "SSL re-using session ID/n");  }  /* pass the raw socket into the SSL layer */  if(!SSL_set_fd(conssl->handle, (int)sockfd)) {    failf(data, "SSL: SSL_set_fd failed");    return CURLE_SSL_CONNECT_ERROR;  }  conssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:beyondyuanshu，项目名称:curl，代码行数:101，

示例28: mbed_connect_step1

//.........这里部分代码省略.........    infof(data, "mbedTLS: Set min SSL version to TLS 1.0/n");    break;  case CURL_SSLVERSION_SSLv3:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_0);    mbedtls_ssl_conf_max_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_0);    infof(data, "mbedTLS: Set SSL version to SSLv3/n");    break;  case CURL_SSLVERSION_TLSv1_0:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_1);    mbedtls_ssl_conf_max_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_1);    infof(data, "mbedTLS: Set SSL version to TLS 1.0/n");    break;  case CURL_SSLVERSION_TLSv1_1:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_2);    mbedtls_ssl_conf_max_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_2);    infof(data, "mbedTLS: Set SSL version to TLS 1.1/n");    break;  case CURL_SSLVERSION_TLSv1_2:    mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_3);    mbedtls_ssl_conf_max_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3,                                 MBEDTLS_SSL_MINOR_VERSION_3);    infof(data, "mbedTLS: Set SSL version to TLS 1.2/n");    break;  default:    failf(data, "mbedTLS: Unsupported SSL protocol version");    return CURLE_SSL_CONNECT_ERROR;  }  mbedtls_ssl_conf_authmode(&connssl->config, MBEDTLS_SSL_VERIFY_OPTIONAL);  mbedtls_ssl_conf_rng(&connssl->config, mbedtls_ctr_drbg_random,                       &connssl->ctr_drbg);  mbedtls_ssl_set_bio(&connssl->ssl, &conn->sock[sockindex],                      mbedtls_net_send,                      mbedtls_net_recv,                      NULL /*  rev_timeout() */);  mbedtls_ssl_conf_ciphersuites(&connssl->config,                                mbedtls_ssl_list_ciphersuites());  if(!Curl_ssl_getsessionid(conn, &old_session, NULL)) {    ret = mbedtls_ssl_set_session(&connssl->ssl, old_session);    if(ret) {      failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret);      return CURLE_SSL_CONNECT_ERROR;    }    infof(data, "mbedTLS re-using session/n");  }  mbedtls_ssl_conf_ca_chain(&connssl->config,                            &connssl->cacert,                            &connssl->crl);  if(data->set.str[STRING_KEY]) {    mbedtls_ssl_conf_own_cert(&connssl->config,                              &connssl->clicert, &connssl->pk);  }  if(mbedtls_ssl_set_hostname(&connssl->ssl, conn->host.name)) {    /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and*       the name to set in the SNI extension. So even if curl connects to a       host specified as an IP address, this function must be used. */    failf(data, "couldn't set hostname in mbedTLS");    return CURLE_SSL_CONNECT_ERROR;  }#ifdef HAS_ALPN  if(conn->bits.tls_enable_alpn) {    const char **p = &connssl->protocols[0];#ifdef USE_NGHTTP2    if(data->set.httpversion >= CURL_HTTP_VERSION_2)      *p++ = NGHTTP2_PROTO_VERSION_ID;#endif    *p++ = ALPN_HTTP_1_1;    *p = NULL;    /* this function doesn't clone the protocols array, which is why we need       to keep it around */    if(mbedtls_ssl_conf_alpn_protocols(&connssl->config,                                       &connssl->protocols[0])) {      failf(data, "Failed setting ALPN protocols");      return CURLE_SSL_CONNECT_ERROR;    }    for(p = &connssl->protocols[0]; *p; ++p)      infof(data, "ALPN, offering %s/n", *p);  }#endif#ifdef MBEDTLS_DEBUG  mbedtls_ssl_conf_dbg(&connssl->config, mbedtls_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:aakashbhowmick，项目名称:curl，代码行数:101，

示例29: polarssl_connect_step1

//.........这里部分代码省略.........                        SSL_MINOR_VERSION_0);    ssl_set_max_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_0);    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3/n");    break;  case CURL_SSLVERSION_TLSv1_0:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_1);    ssl_set_max_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_1);    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.0/n");    break;  case CURL_SSLVERSION_TLSv1_1:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_2);    ssl_set_max_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_2);    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.1/n");    break;  case CURL_SSLVERSION_TLSv1_2:    ssl_set_min_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_3);    ssl_set_max_version(&connssl->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_3);    infof(data, "PolarSSL: Forced min. SSL Version to be TLS 1.2/n");    break;  }  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);  ssl_set_rng(&connssl->ssl, ctr_drbg_random,              &connssl->ctr_drbg);  ssl_set_bio(&connssl->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());  /* Check if there's a cached ID we can/should use here! */  if(conn->ssl_config.sessionid) {    void *old_session = NULL;    Curl_ssl_sessionid_lock(conn);    if(!Curl_ssl_getsessionid(conn, &old_session, NULL)) {      ret = ssl_set_session(&connssl->ssl, old_session);      Curl_ssl_sessionid_unlock(conn);      if(ret) {        failf(data, "ssl_set_session returned -0x%x", -ret);        return CURLE_SSL_CONNECT_ERROR;      }      infof(data, "PolarSSL re-using session/n");    }  }  ssl_set_ca_chain(&connssl->ssl,                   &connssl->cacert,                   &connssl->crl,                   conn->host.name);  ssl_set_own_cert_rsa(&connssl->ssl,                       &connssl->clicert, &connssl->rsa);  if(ssl_set_hostname(&connssl->ssl, conn->host.name)) {    /* ssl_set_hostname() sets the name to use in CN/SAN checks *and* the name       to set in the SNI extension. So even if curl connects to a host       specified as an IP address, this function must be used. */    failf(data, "couldn't set hostname in PolarSSL");    return CURLE_SSL_CONNECT_ERROR;  }#ifdef HAS_ALPN  if(conn->bits.tls_enable_alpn) {    static const char* protocols[3];    int cur = 0;#ifdef USE_NGHTTP2    if(data->set.httpversion >= CURL_HTTP_VERSION_2) {      protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;      infof(data, "ALPN, offering %s/n", NGHTTP2_PROTO_VERSION_ID);    }#endif    protocols[cur++] = ALPN_HTTP_1_1;    infof(data, "ALPN, offering %s/n", ALPN_HTTP_1_1);    protocols[cur] = NULL;    ssl_set_alpn_protocols(&connssl->ssl, protocols);  }#endif#ifdef POLARSSL_DEBUG  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

开发者ID:2px，项目名称:curl，代码行数:101，

注：本文中的Curl_ssl_getsessionid函数示例整理自Github/MSDocs等源码及文档管理平台，相关代码片段筛选自各路编程大神贡献的开源项目，源码版权归原作者所有，传播和使用请参考对应项目的License；未经允许，请勿转载。

C++ Curl_strerror函数代码示例
C++ Curl_socket_ready函数代码示例