这篇教程C++ ERR_error_string函数代码示例写得很实用,希望能帮到您。
本文整理汇总了C++中ERR_error_string函数的典型用法代码示例。如果您正苦于以下问题:C++ ERR_error_string函数的具体用法?C++ ERR_error_string怎么用?C++ ERR_error_string使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。 在下文中一共展示了ERR_error_string函数的29个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。 示例1: ssl_log//.........这里部分代码省略......... if ( sc->fileLogFile == NULL && !(level & SSL_LOG_ERROR)) return; if ( level > sc->nLogLevel && !(level & SSL_LOG_ERROR)) return; /* determine the time entry string */ if (add & SSL_NO_TIMESTAMP) tstr[0] = NUL; else { t = ap_get_gmtoff(&timz); strftime(tstr, 80, "[%d/%b/%Y %H:%M:%S", t); i = strlen(tstr); ap_snprintf(tstr+i, 80-i, " %05d] ", (unsigned int)getpid()); } /* determine whether newline should be written */ if (add & SSL_NO_NEWLINE) nstr[0] = NUL; else { nstr[0] = '/n'; nstr[1] = NUL; } /* determine level name */ lstr[0] = NUL; if (!(add & SSL_NO_LEVELID)) { for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) { if (ssl_log_level2string[i].nLevel == level) { ap_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel); break; } } for (i = strlen(lstr); i <= 7; i++) lstr[i] = ' '; lstr[i] = NUL; } /* create custom message */ ap_vsnprintf(vstr, sizeof(vstr), msg, ap); /* write out SSLog message */ if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR)) astr = " (System and " SSL_LIBRARY_NAME " library errors follow)"; else if (add & SSL_ADD_ERRNO) astr = " (System error follows)"; else if (add & SSL_ADD_SSLERR) astr = " (" SSL_LIBRARY_NAME " library error follows)"; else astr = ""; if (level <= sc->nLogLevel && sc->fileLogFile != NULL) { ap_snprintf(str, sizeof(str), "%s%s%s%s%s", tstr, lstr, vstr, astr, nstr); fprintf(sc->fileLogFile, "%s", str); } if (level & SSL_LOG_ERROR) ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, "mod_ssl: %s%s", vstr, astr); /* write out additional attachment messages */ if (add & SSL_ADD_ERRNO) { if (level <= sc->nLogLevel && sc->fileLogFile != NULL) { ap_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s", tstr, lstr, strerror(safe_errno), safe_errno, nstr); fprintf(sc->fileLogFile, "%s", str); } if (level & SSL_LOG_ERROR) ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, "System: %s (errno: %d)", strerror(safe_errno), safe_errno); } if (add & SSL_ADD_SSLERR) { while ((e = ERR_get_error())) { cpE = ERR_error_string(e, NULL); cpA = ssl_log_annotation(cpE); if (level <= sc->nLogLevel && sc->fileLogFile != NULL) { ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s", tstr, lstr, SSL_LIBRARY_NAME, cpE, cpA != NULL ? " [Hint: " : "", cpA != NULL ? cpA : "", cpA != NULL ? "]" : "", nstr); fprintf(sc->fileLogFile, "%s", str); } if (level & SSL_LOG_ERROR) ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE, cpA != NULL ? " [Hint: " : "", cpA != NULL ? cpA : "", cpA != NULL ? "]" : ""); } } /* make sure the next log starts from a clean base */ /* ERR_clear_error(); */ /* cleanup and return */ if (sc->fileLogFile != NULL) fflush(sc->fileLogFile); errno = safe_errno; va_end(ap); return;}
开发者ID:fobser,项目名称:apache-httpd-openbsd,代码行数:101,
示例2: cert_stuffstaticint cert_stuff(struct connectdata *conn, SSL_CTX* ctx, char *cert_file, const char *cert_type, char *key_file, const char *key_type){ struct SessionHandle *data = conn->data; int file_type; if(cert_file != NULL) { SSL *ssl; X509 *x509; int cert_done = 0; if(data->set.key_passwd) {#ifndef HAVE_USERDATA_IN_PWD_CALLBACK /* * If password has been given, we store that in the global * area (*shudder*) for a while: */ size_t len = strlen(data->set.key_passwd); if(len < sizeof(global_passwd)) memcpy(global_passwd, data->set.key_passwd, len+1);#else /* * We set the password in the callback userdata */ SSL_CTX_set_default_passwd_cb_userdata(ctx, data->set.key_passwd);#endif /* Set passwd callback: */ SSL_CTX_set_default_passwd_cb(ctx, passwd_callback); } file_type = do_file_type(cert_type);#define SSL_CLIENT_CERT_ERR / "unable to use client certificate (no key found or wrong pass phrase?)" switch(file_type) { case SSL_FILETYPE_PEM: /* SSL_CTX_use_certificate_chain_file() only works on PEM files */ if(SSL_CTX_use_certificate_chain_file(ctx, cert_file) != 1) { failf(data, SSL_CLIENT_CERT_ERR); return 0; } break; case SSL_FILETYPE_ASN1: /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but we use the case above for PEM so this can only be performed with ASN1 files. */ if(SSL_CTX_use_certificate_file(ctx, cert_file, file_type) != 1) { failf(data, SSL_CLIENT_CERT_ERR); return 0; } break; case SSL_FILETYPE_ENGINE: failf(data, "file type ENG for certificate not implemented"); return 0; case SSL_FILETYPE_PKCS12: {#ifdef HAVE_PKCS12_SUPPORT FILE *f; PKCS12 *p12; EVP_PKEY *pri; f = fopen(cert_file,"rb"); if (!f) { failf(data, "could not open PKCS12 file '%s'", cert_file); return 0; } p12 = d2i_PKCS12_fp(f, NULL); fclose(f); PKCS12_PBE_add(); if (!PKCS12_parse(p12, data->set.key_passwd, &pri, &x509, NULL)) { failf(data, "could not parse PKCS12 file, check password, OpenSSL error %s", ERR_error_string(ERR_get_error(), NULL) ); return 0; } PKCS12_free(p12); if(SSL_CTX_use_certificate(ctx, x509) != 1) { failf(data, SSL_CLIENT_CERT_ERR); EVP_PKEY_free(pri); X509_free(x509); return 0; } if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {//.........这里部分代码省略.........
开发者ID:BackupTheBerlios,项目名称:wl530g-svn,代码行数:101,
示例3: f_starttls intf_starttls( SNET *sn, int ac, char **av ){ int rc; X509 *peer; char buf[ 1024 ]; if ( ac != 1 ) { snet_writef( sn, "%d Syntax error (no parameters allowed)/r/n", 501 ); return( 1 ); } else { snet_writef( sn, "%d Ready to start TLS/r/n", 220 ); } /* We get here when the client asks for TLS with the STARTTLS verb */ /* * Client MUST NOT attempt to start a TLS session if a TLS * session is already active. No mention of what to do if it does... * * Once STARTTLS has succeeded, the STARTTLS verb is no longer valid */ /* * Begin TLS */ /* This is where the TLS start */ /* At this point the client is also starting TLS */ /* 1 is for server, 0 is client */ if (( rc = snet_starttls( sn, ctx, 1 )) != 1 ) { syslog( LOG_ERR, "f_starttls: snet_starttls: %s", ERR_error_string( ERR_get_error(), NULL ) ); snet_writef( sn, "%d SSL didn't work error! XXX/r/n", 501 ); return( 1 ); } if ( authlevel == 2 ) { if (( peer = SSL_get_peer_certificate( sn->sn_ssl )) == NULL ) { syslog( LOG_ERR, "no peer certificate" ); return( -1 ); } syslog( LOG_INFO, "CERT Subject: %s/n", X509_NAME_oneline( X509_get_subject_name( peer ), buf, sizeof( buf ))); X509_NAME_get_text_by_NID( X509_get_subject_name( peer ), NID_commonName, buf, sizeof( buf )); if (( remote_cn = strdup( buf )) == NULL ) { syslog( LOG_ERR, "strdup: %m" ); X509_free( peer ); return( -1 ); } X509_free( peer ); } /* get command file */ if ( command_k( "config", 0 ) < 0 ) { /* Client not in config */ commands = noauth; ncommands = sizeof( noauth ) / sizeof( noauth[ 0 ] ); } else { /* Client in config */ commands = auth; ncommands = sizeof( auth ) / sizeof( auth[ 0 ] ); if ( read_kfile( sn, command_file ) != 0 ) { /* error message given in list_transcripts */ exit( 1 ); } } return( 0 );}
开发者ID:brando9182,项目名称:radmind,代码行数:74,
示例4: add_connection/* * add_connection - creates a client which has just connected to us on * the given fd. The sockhost field is initialized with the ip# of the host. * An unique id is calculated now, in case it is needed for auth. * The client is sent to the auth module for verification, and not put in * any client list yet. */voidadd_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd){ struct Client *new_client; assert(NULL != listener); new_client = make_client(NULL); fd_open(&new_client->localClient->fd, fd, 1, (listener->flags & LISTENER_SSL) ? "Incoming SSL connection" : "Incoming connection"); /* * copy address to 'sockhost' as a string, copy it to host too * so we have something valid to put into error messages... */ memcpy(&new_client->ip, irn, sizeof(struct irc_ssaddr)); irc_getnameinfo((struct sockaddr*)&new_client->ip, new_client->ip.ss_len, new_client->sockhost, HOSTIPLEN, NULL, 0, NI_NUMERICHOST); new_client->aftype = new_client->ip.ss.ss_family;#ifdef IPV6 if (new_client->sockhost[0] == ':') strlcat(new_client->host, "0", HOSTLEN+1); if (new_client->aftype == AF_INET6 && ConfigFileEntry.dot_in_ip6_addr == 1) { strlcat(new_client->host, new_client->sockhost,HOSTLEN+1); strlcat(new_client->host, ".", HOSTLEN+1); } else#endif strlcat(new_client->host, new_client->sockhost,HOSTLEN+1); new_client->connect_id = ++connect_id; new_client->localClient->listener = listener; ++listener->ref_count;#ifdef HAVE_LIBCRYPTO if (listener->flags & LISTENER_SSL) { if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.ctx)) == NULL) { ilog(L_CRIT, "SSL_new() ERROR! -- %s", ERR_error_string(ERR_get_error(), NULL)); SetDead(new_client); exit_client(new_client, new_client, "SSL_new failed"); return; } SSL_set_fd(new_client->localClient->fd.ssl, fd); ssl_handshake(0, new_client); } else#endif execute_callback(auth_cb, new_client);}
开发者ID:KSoute,项目名称:oftc-hybrid,代码行数:68,
示例5: Curl_ossl_connect//.........这里部分代码省略......... /* SSL always tries to verify the peer, this only says whether it should * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ SSL_CTX_set_verify(connssl->ctx, data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE, cert_verify_callback); /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx, data->set.ssl.fsslctxp); if(retcode) { failf(data,"error signaled by ssl ctx callback"); return retcode; } } /* Lets make an SSL structure */ connssl->handle = SSL_new(connssl->ctx); if (!connssl->handle) { failf(data, "SSL: couldn't create a context (handle)!"); return CURLE_OUT_OF_MEMORY; } SSL_set_connect_state(connssl->handle); connssl->server_cert = 0x0; /* Check if there's a cached ID we can/should use here! */ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) { /* we got a session id, use it! */ if (!SSL_set_session(connssl->handle, ssl_sessionid)) { failf(data, "SSL: SSL_set_session failed: %s", ERR_error_string(ERR_get_error(),NULL)); return CURLE_SSL_CONNECT_ERROR; } /* Informational message */ infof (data, "SSL re-using session ID/n"); } /* pass the raw socket into the SSL layers */ if (!SSL_set_fd(connssl->handle, sockfd)) { failf(data, "SSL: SSL_set_fd failed: %s", ERR_error_string(ERR_get_error(),NULL)); return CURLE_SSL_CONNECT_ERROR; } while(1) { int writefd; int readfd; long timeout_ms; long has_passed; /* Find out if any timeout is set. If not, use 300 seconds. Otherwise, figure out the most strict timeout of the two possible one and then how much time that has elapsed to know how much time we allow for the connect call */ if(data->set.timeout || data->set.connecttimeout) { /* get the most strict timeout of the ones converted to milliseconds */ if(data->set.timeout && (data->set.timeout>data->set.connecttimeout)) timeout_ms = data->set.timeout*1000; else timeout_ms = data->set.connecttimeout*1000; }
开发者ID:BackupTheBerlios,项目名称:wl530g-svn,代码行数:67,
示例6: connect_sslBOOL connect_ssl(int sockfd, const char* ca_crt_root, const char* ca_crt_client, const char* ca_password, const char* ca_key_client, SSL** pp_ssl, SSL_CTX** pp_ssl_ctx){ SSL_METHOD* meth = NULL;#if OPENSSL_VERSION_NUMBER >= 0x010100000L meth = (SSL_METHOD*)TLS_client_method();#else meth = (SSL_METHOD*)SSLv23_client_method();#endif /* OPENSSL_VERSION_NUMBER */ *pp_ssl_ctx = SSL_CTX_new(meth); if(!*pp_ssl_ctx) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_new: %s/n", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl3; } if(ca_crt_root && ca_crt_client && ca_password && ca_key_client) { SSL_CTX_load_verify_locations(*pp_ssl_ctx, ca_crt_root, NULL); if(SSL_CTX_use_certificate_file(*pp_ssl_ctx, ca_crt_client, SSL_FILETYPE_PEM) <= 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } SSL_CTX_set_default_passwd_cb_userdata(*pp_ssl_ctx, (char*)ca_password); if(SSL_CTX_use_PrivateKey_file(*pp_ssl_ctx, ca_key_client, SSL_FILETYPE_PEM) <= 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } if(!SSL_CTX_check_private_key(*pp_ssl_ctx)) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } } *pp_ssl = SSL_new(*pp_ssl_ctx); if(!*pp_ssl) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_new: %s/n", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } if(SSL_set_fd(*pp_ssl, sockfd) <= 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_set_fd: %s/n", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl1; } if(SSL_connect(*pp_ssl) <= 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_connect: %s/n", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl1; } return TRUE;clean_ssl1: if(*pp_ssl) { SSL_free(*pp_ssl); *pp_ssl = NULL; }clean_ssl2: if(*pp_ssl_ctx) { SSL_CTX_free(*pp_ssl_ctx); *pp_ssl_ctx = NULL; }clean_ssl3: return FALSE;}
开发者ID:uplusware,项目名称:erisemail,代码行数:89,
示例7: create_sslBOOL create_ssl(int sockfd, const char* ca_crt_root, const char* ca_crt_server, const char* ca_password, const char* ca_key_server, BOOL enableclientcacheck, SSL** pp_ssl, SSL_CTX** pp_ssl_ctx){ int ssl_rc = -1; BOOL b_ssl_accepted; X509* client_cert; SSL_METHOD* meth = NULL;#if OPENSSL_VERSION_NUMBER >= 0x010100000L meth = (SSL_METHOD*)TLS_server_method();#else meth = (SSL_METHOD*)SSLv23_server_method();#endif /* OPENSSL_VERSION_NUMBER */ *pp_ssl_ctx = SSL_CTX_new(meth); if(!*pp_ssl_ctx) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl3; } if(enableclientcacheck) { SSL_CTX_set_verify(*pp_ssl_ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); SSL_CTX_set_verify_depth(*pp_ssl_ctx, 4); } SSL_CTX_load_verify_locations(*pp_ssl_ctx, ca_crt_root, NULL); if(SSL_CTX_use_certificate_file(*pp_ssl_ctx, ca_crt_server, SSL_FILETYPE_PEM) <= 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl3; } SSL_CTX_set_default_passwd_cb_userdata(*pp_ssl_ctx, (char*)ca_password); if(SSL_CTX_use_PrivateKey_file(*pp_ssl_ctx, ca_key_server, SSL_FILETYPE_PEM) <= 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl3; } if(!SSL_CTX_check_private_key(*pp_ssl_ctx)) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_use_certificate_file: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl3; } ssl_rc = SSL_CTX_set_cipher_list(*pp_ssl_ctx, "ALL"); if(ssl_rc == 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_CTX_set_cipher_list: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl3; } SSL_CTX_set_mode(*pp_ssl_ctx, SSL_MODE_AUTO_RETRY); *pp_ssl = SSL_new(*pp_ssl_ctx); if(!*pp_ssl) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_new: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } ssl_rc = SSL_set_fd(*pp_ssl, sockfd); if(ssl_rc == 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_set_fd: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } ssl_rc = SSL_set_cipher_list(*pp_ssl, "ALL"); if(ssl_rc == 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_set_cipher_list: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } ssl_rc = SSL_accept(*pp_ssl); if(ssl_rc < 0) { CUplusTrace uTrace(SSLERR_LOGNAME, SSLERR_LCKNAME); uTrace.Write(Trace_Error, "SSL_accept: %s", ERR_error_string(ERR_get_error(),NULL)); goto clean_ssl2; } else if(ssl_rc = 0) { goto clean_ssl1; } b_ssl_accepted = TRUE; if(enableclientcacheck) {//.........这里部分代码省略.........
开发者ID:uplusware,项目名称:erisemail,代码行数:101,
示例8: ssl_negotiate/** * ssl_negotiate - Attempt to negotiate SSL over the wire * @param conn Connection to a server * @param ssldata SSL socket data * @retval 0 Success * @retval -1 Error * * After SSL state has been initialized, attempt to negotiate SSL over the * wire, including certificate checks. */static int ssl_negotiate(struct Connection *conn, struct SslSockData *ssldata){ int err; const char *errmsg = NULL; HostExDataIndex = SSL_get_ex_new_index(0, "host", NULL, NULL, NULL); if (HostExDataIndex == -1) { mutt_debug(LL_DEBUG1, "#1 failed to get index for application specific data/n"); return -1; } if (!SSL_set_ex_data(ssldata->ssl, HostExDataIndex, conn->account.host)) { mutt_debug(LL_DEBUG1, "#2 failed to save hostname in SSL structure/n"); return -1; } SkipModeExDataIndex = SSL_get_ex_new_index(0, "skip", NULL, NULL, NULL); if (SkipModeExDataIndex == -1) { mutt_debug(LL_DEBUG1, "#3 failed to get index for application specific data/n"); return -1; } if (!SSL_set_ex_data(ssldata->ssl, SkipModeExDataIndex, NULL)) { mutt_debug(LL_DEBUG1, "#4 failed to save skip mode in SSL structure/n"); return -1; } SSL_set_verify(ssldata->ssl, SSL_VERIFY_PEER, ssl_verify_callback); SSL_set_mode(ssldata->ssl, SSL_MODE_AUTO_RETRY); if (!SSL_set_tlsext_host_name(ssldata->ssl, conn->account.host)) { /* L10N: This is a warning when trying to set the host name for * TLS Server Name Indication (SNI). This allows the server to present * the correct certificate if it supports multiple hosts. */ mutt_error(_("Warning: unable to set TLS SNI host name")); } ERR_clear_error(); err = SSL_connect(ssldata->ssl); if (err != 1) { switch (SSL_get_error(ssldata->ssl, err)) { case SSL_ERROR_SYSCALL: errmsg = _("I/O error"); break; case SSL_ERROR_SSL: errmsg = ERR_error_string(ERR_get_error(), NULL); break; default: errmsg = _("unknown error"); } mutt_error(_("SSL failed: %s"), errmsg); return -1; } return 0;}
开发者ID:darnir,项目名称:neomutt,代码行数:78,
示例9: ssl_err/** * ssl_err - Display an SSL error message * @param data SSL socket data * @param err SSL error code */static void ssl_err(struct SslSockData *data, int err){ int e = SSL_get_error(data->ssl, err); switch (e) { case SSL_ERROR_NONE: return; case SSL_ERROR_ZERO_RETURN: data->isopen = 0; break; case SSL_ERROR_SYSCALL: data->isopen = 0; break; } const char *errmsg = NULL; unsigned long sslerr; switch (e) { case SSL_ERROR_SYSCALL: errmsg = "I/O error"; break; case SSL_ERROR_WANT_ACCEPT: errmsg = "retry accept"; break; case SSL_ERROR_WANT_CONNECT: errmsg = "retry connect"; break; case SSL_ERROR_WANT_READ: errmsg = "retry read"; break; case SSL_ERROR_WANT_WRITE: errmsg = "retry write"; break; case SSL_ERROR_WANT_X509_LOOKUP: errmsg = "retry x509 lookup"; break; case SSL_ERROR_ZERO_RETURN: errmsg = "SSL connection closed"; break; case SSL_ERROR_SSL: sslerr = ERR_get_error(); switch (sslerr) { case 0: switch (err) { case 0: errmsg = "EOF"; break; default: errmsg = strerror(errno); } break; default: errmsg = ERR_error_string(sslerr, NULL); } break; default: errmsg = "unknown error"; } mutt_debug(LL_DEBUG1, "SSL error: %s/n", errmsg);}
开发者ID:darnir,项目名称:neomutt,代码行数:70,
示例10: LOG void Socket::_handleSendError(int ret, const char* context) {#ifdef MONGO_SSL if (_ssl) { LOG(_logLevel) << "SSL Error ret: " << ret << " err: " << SSL_get_error(_ssl , ret) << " " << ERR_error_string(ERR_get_error(), NULL) << endl; throw SocketException(SocketException::SEND_ERROR , remoteString()); }#endif#if defined(_WIN32) const int mongo_errno = WSAGetLastError(); if ( mongo_errno == WSAETIMEDOUT && _timeout != 0 ) {#else const int mongo_errno = errno; if ( ( mongo_errno == EAGAIN || mongo_errno == EWOULDBLOCK ) && _timeout != 0 ) {#endif LOG(_logLevel) << "Socket " << context << " send() timed out " << remoteString() << endl; throw SocketException(SocketException::SEND_TIMEOUT , remoteString()); } else { LOG(_logLevel) << "Socket " << context << " send() " << errnoWithDescription(mongo_errno) << ' ' << remoteString() << endl; throw SocketException(SocketException::SEND_ERROR , remoteString()); } } void Socket::_handleRecvError(int ret, int len, int* retries) { if (ret == 0) { LOG(3) << "Socket recv() conn closed? " << remoteString() << endl; throw SocketException(SocketException::CLOSED , remoteString()); } // ret < 0#ifdef MONGO_SSL if (_ssl) { LOG(_logLevel) << "SSL Error ret: " << ret << " err: " << SSL_get_error(_ssl , ret) << " " << ERR_error_string(ERR_get_error(), NULL) << endl; throw SocketException(SocketException::RECV_ERROR, remoteString()); }#endif#if defined(_WIN32) int e = WSAGetLastError();#else int e = errno;# if defined(EINTR) if (e == EINTR) { LOG(_logLevel) << "EINTR retry " << ++*retries << endl; return; }# endif#endif#if defined(_WIN32) // Windows if ((e == EAGAIN || e == WSAETIMEDOUT) && _timeout > 0) { #else if (e == EAGAIN && _timeout > 0) { #endif // this is a timeout LOG(_logLevel) << "Socket recv() timeout " << remoteString() <<endl; throw SocketException(SocketException::RECV_TIMEOUT, remoteString()); } LOG(_logLevel) << "Socket recv() " << errnoWithDescription(e) << " " << remoteString() <<endl; throw SocketException(SocketException::RECV_ERROR , remoteString()); } void Socket::setTimeout( double secs ) { setSockTimeouts( _fd, secs ); }#if defined(_WIN32) struct WinsockInit { WinsockInit() { WSADATA d; if ( WSAStartup(MAKEWORD(2,2), &d) != 0 ) { out() << "ERROR: wsastartup failed " << errnoWithDescription() << endl; problem() << "ERROR: wsastartup failed " << errnoWithDescription() << endl; _exit(EXIT_NTSERVICE_ERROR); } } } winsock_init;#endif} // namespace mongo
开发者ID:10genReviews,项目名称:mongo,代码行数:90,
示例11: tnet_tls_socket_recvint tnet_tls_socket_recv(tnet_tls_socket_handle_t* self, void** data, tsk_size_t *size, tsk_bool_t *isEncrypted){#if !HAVE_OPENSSL TSK_DEBUG_ERROR("You MUST enable OpenSSL"); return -200;#else int ret = -1; tsk_size_t read = 0; tsk_size_t to_read = *size; int rcount = TNET_TLS_RETRY_COUNT; tnet_tls_socket_t* socket = self; if(!self){ TSK_DEBUG_ERROR("Invalid parameter"); return -1; } tsk_safeobj_lock(socket); *isEncrypted = SSL_is_init_finished(socket->ssl) ? tsk_false : tsk_true; /* SSL handshake has completed? */ if(*isEncrypted){ char* buffer[1024]; if((ret = SSL_read(socket->ssl, buffer, sizeof(buffer))) <= 0){ ret = SSL_get_error(socket->ssl, ret); if(ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ){ ret = 0; } else{ TSK_DEBUG_ERROR("SSL_read failed [%d, %s]", ret, ERR_error_string(ERR_get_error(), tsk_null)); } *size = 0; } else{ *size = ret; ret = 0; } goto bail; } /* Read Application data */ssl_read: if(rcount && ((ret = SSL_read(socket->ssl, (((uint8_t*)*data)+read), (int)to_read)) <= 0)){ ret = SSL_get_error(socket->ssl, ret); if(ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ){ if(!(ret = tnet_sockfd_waitUntil(socket->fd, TNET_TLS_TIMEOUT, (ret == SSL_ERROR_WANT_WRITE)))){ rcount--; goto ssl_read; } } else if(SSL_ERROR_ZERO_RETURN){ /* connection closed: do nothing, the transport layer will be alerted. */ *size = 0; ret = 0; TSK_DEBUG_INFO("TLS connection closed."); } else{ TSK_DEBUG_ERROR("SSL_read failed [%d, %s]", ret, ERR_error_string(ERR_get_error(), tsk_null)); } } else if(ret >=0){ read += (tsk_size_t)ret; if((ret = SSL_pending(socket->ssl)) > 0){ void *ptr; to_read = ret; if((ptr = tsk_realloc(*data, (read + to_read)))){ *data = ptr; goto ssl_read; } } }bail: tsk_safeobj_unlock(socket); if(read){ *size = read; return 0; } else{ return ret; }#endif}
开发者ID:NewComerBH,项目名称:doubango,代码行数:87,
示例12: lws_client_socket_service//.........这里部分代码省略......... * state of the underlying ssl layer... * but since it may be stalled on * blocked write, no incoming data may * arrive to trigger the retry. * Force (possibly many times if the SSL * state persists in returning the * condition code, but other sockets * are getting serviced inbetweentimes) * us to get called back when writable. */ lwsl_info( "SSL_connect WANT_... retrying/n"); libwebsocket_callback_on_writable( context, wsi); wsi->mode = LWS_CONNMODE_WS_CLIENT_WAITING_SSL; return 0; /* no error */ } n = -1; } if (n <= 0) { /* * retry if new data comes until we * run into the connection timeout or win */ n = ERR_get_error(); if (n != SSL_ERROR_NONE) { lwsl_err("SSL connect error %lu: %s/n", n, ERR_error_string(n, (char *)context->service_buffer)); return 0; } } } else wsi->ssl = NULL; /* fallthru */ case LWS_CONNMODE_WS_CLIENT_WAITING_SSL: if (wsi->use_ssl) { if (wsi->mode == LWS_CONNMODE_WS_CLIENT_WAITING_SSL) { lws_latency_pre(context, wsi); n = SSL_connect(wsi->ssl); lws_latency(context, wsi, "SSL_connect LWS_CONNMODE_WS_CLIENT_WAITING_SSL", n, n > 0); if (n < 0) { n = SSL_get_error(wsi->ssl, n); if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE) { /* * wants us to retry connect due to * state of the underlying ssl layer... * but since it may be stalled on * blocked write, no incoming data may * arrive to trigger the retry. * Force (possibly many times if the SSL
开发者ID:BudDavis,项目名称:libwebsockets,代码行数:67,
示例13: test_mod_mulint test_mod_mul(BIO *bp, BN_CTX *ctx) { BIGNUM *a,*b,*c,*d,*e; int i,j; a=BN_new(); b=BN_new(); c=BN_new(); d=BN_new(); e=BN_new(); for (j=0; j<3; j++) { BN_bntest_rand(c,1024,0,0); /**/ for (i=0; i<num0; i++) { BN_bntest_rand(a,475+i*10,0,0); /**/ BN_bntest_rand(b,425+i*11,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); if (!BN_mod_mul(e,a,b,c,ctx)) { unsigned long l; while ((l=ERR_get_error())) fprintf(stderr,"ERROR:%s/n", ERR_error_string(l,NULL)); EXIT(1); } if (bp != NULL) { if (!results) { BN_print(bp,a); BIO_puts(bp," * "); BN_print(bp,b); BIO_puts(bp," % "); BN_print(bp,c); if ((a->neg ^ b->neg) && !BN_is_zero(e)) { /* If (a*b) % c is negative, c must be added * in order to obtain the normalized remainder * (new with OpenSSL 0.9.7, previous versions of * BN_mod_mul could generate negative results) */ BIO_puts(bp," + "); BN_print(bp,c); } BIO_puts(bp," - "); } BN_print(bp,e); BIO_puts(bp,"/n"); } BN_mul(d,a,b,ctx); BN_sub(d,d,e); BN_div(a,b,d,c,ctx); if(!BN_is_zero(b)) { fprintf(stderr,"Modulo multiply test failed!/n"); ERR_print_errors_fp(stderr); return 0; } } } BN_free(a); BN_free(b); BN_free(c); BN_free(d); BN_free(e); return(1); }
开发者ID:froggatt,项目名称:edimax-br-6528n,代码行数:70,
示例14: connection_state_machine//.........这里部分代码省略......... if (con->keep_alive) { connection_set_state(srv, con, CON_STATE_REQUEST_START);#if 0 con->request_start = srv->cur_ts; con->read_idle_ts = srv->cur_ts;#endif } else { switch(r = plugins_call_handle_connection_close(srv, con)) { case HANDLER_GO_ON: case HANDLER_FINISHED: break; default: log_error_write(srv, __FILE__, __LINE__, "sd", "unhandling return value", r); break; }#ifdef USE_OPENSSL if (srv_sock->is_ssl) { switch (SSL_shutdown(con->ssl)) { case 1: /* done */ break; case 0: /* wait for fd-event * * FIXME: wait for fdevent and call SSL_shutdown again * */ break; default: log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); } }#endif connection_close(srv, con); srv->con_closed++; } connection_reset(srv, con); break; case CON_STATE_CONNECT: if (srv->srvconf.log_state_handling) { log_error_write(srv, __FILE__, __LINE__, "sds", "state for fd", con->fd, connection_get_state(con->state)); } /* if (con->read_queue != NULL) { chunk *c; size_t avail = 0; for (c= con->read_queue->first; c != NULL; c = c->next) { if(c->type == MEM_CHUNK) avail += c->mem->used - c->offset -1; } log_error_write(srv, __FILE__, __LINE__, "sd", "con->read_queue is not empty!", avail); }*/ chunkqueue_reset(con->read_queue); con->request_count = 0; break;
开发者ID:2xyo,项目名称:transfervm,代码行数:67,
示例15: lws_context_init_client_sslint lws_context_init_client_ssl(struct lws_context_creation_info *info, struct lws_context *context){ int error; int n; SSL_METHOD *method; struct lws wsi; if (info->provided_client_ssl_ctx) { /* use the provided OpenSSL context if given one */ context->ssl_client_ctx = info->provided_client_ssl_ctx; /* nothing for lib to delete */ context->user_supplied_ssl_ctx = 1; return 0; } if (info->port != CONTEXT_PORT_NO_LISTEN) return 0; /* basic openssl init */ SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); method = (SSL_METHOD *)SSLv23_client_method(); if (!method) { error = ERR_get_error(); lwsl_err("problem creating ssl method %lu: %s/n", error, ERR_error_string(error, (char *)context->pt[0].serv_buf)); return 1; } /* create context */ context->ssl_client_ctx = SSL_CTX_new(method); if (!context->ssl_client_ctx) { error = ERR_get_error(); lwsl_err("problem creating ssl context %lu: %s/n", error, ERR_error_string(error, (char *)context->pt[0].serv_buf)); return 1; }#ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_NO_COMPRESSION);#endif SSL_CTX_set_options(context->ssl_client_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (info->ssl_cipher_list) SSL_CTX_set_cipher_list(context->ssl_client_ctx, info->ssl_cipher_list);#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS)) /* loads OS default CA certs */ SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);#endif /* openssl init for cert verification (for client sockets) */ if (!info->ssl_ca_filepath) { if (!SSL_CTX_load_verify_locations( context->ssl_client_ctx, NULL, LWS_OPENSSL_CLIENT_CERTS)) lwsl_err( "Unable to load SSL Client certs from %s " "(set by --with-client-cert-dir= " "in configure) -- client ssl isn't " "going to work", LWS_OPENSSL_CLIENT_CERTS); } else if (!SSL_CTX_load_verify_locations( context->ssl_client_ctx, info->ssl_ca_filepath, NULL)) lwsl_err( "Unable to load SSL Client certs " "file from %s -- client ssl isn't " "going to work", info->ssl_ca_filepath); else lwsl_info("loaded ssl_ca_filepath/n"); /* * callback allowing user code to load extra verification certs * helping the client to verify server identity */ /* support for client-side certificate authentication */ if (info->ssl_cert_filepath) { n = SSL_CTX_use_certificate_chain_file(context->ssl_client_ctx, info->ssl_cert_filepath); if (n != 1) { lwsl_err("problem getting cert '%s' %lu: %s/n", info->ssl_cert_filepath, ERR_get_error(), ERR_error_string(ERR_get_error(), (char *)context->pt[0].serv_buf)); return 1; } } if (info->ssl_private_key_filepath) {//.........这里部分代码省略.........
开发者ID:reticentae,项目名称:libwebsockets,代码行数:101,
示例16: server_test//.........这里部分代码省略......... if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&clientfd); }#endif do {#ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = AsyncCryptPoll(ssl); if (ret < 0) { break; } else if (ret == 0) { continue; } }#endif err = 0; /* Reset error */#ifndef CYASSL_CALLBACKS if (nonBlocking) { ret = NonBlockingSSL_Accept(ssl); } else { ret = SSL_accept(ssl); }#else ret = NonBlockingSSL_Accept(ssl);#endif if (ret != SSL_SUCCESS) { err = SSL_get_error(ssl, 0); } } while (ret != SSL_SUCCESS && err == WC_PENDING_E); if (ret != SSL_SUCCESS) { char buffer[CYASSL_MAX_ERROR_SZ]; err = SSL_get_error(ssl, 0); printf("error = %d, %s/n", err, ERR_error_string(err, buffer)); err_sys("SSL_accept failed"); } showPeer(ssl);#ifdef HAVE_ALPN if (alpnList != NULL) { char *protocol_name = NULL, *list = NULL; word16 protocol_nameSz = 0, listSz = 0; err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz); if (err == SSL_SUCCESS) printf("Sent ALPN protocol : %s (%d)/n", protocol_name, protocol_nameSz); else if (err == SSL_ALPN_NOT_FOUND) printf("No ALPN response sent (no match)/n"); else printf("Getting ALPN protocol name failed/n"); err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz); if (err == SSL_SUCCESS) printf("List of protocol names sent by Client: %s (%d)/n", list, listSz); else printf("Get list of client's protocol name failed/n"); free(list); }#endif if(echoData == 0 && throughput == 0) { ret = SSL_read(ssl, input, sizeof(input)-1); if (ret > 0) {
开发者ID:agnov8,项目名称:wolfssl,代码行数:67,
示例17: network_init//.........这里部分代码省略.........#ifdef USE_OPENSSL /* load SSL certificates */ for (i = 0; i < srv->config_context->used; i++) { specific_config *s = srv->config_storage[i]; if (buffer_is_empty(s->ssl_pemfile)) continue;#ifdef OPENSSL_NO_TLSEXT { data_config *dc = (data_config *)srv->config_context->data[i]; if (COMP_HTTP_HOST == dc->comp) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", "can't use ssl.pemfile with $HTTP[/"host/"], openssl version does not support TLS extensions"); return -1; } }#endif if (srv->ssl_is_init == 0) { SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); srv->ssl_is_init = 1; if (0 == RAND_status()) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", "not enough entropy in the pool"); return -1; } } if (NULL == (s->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); return -1; } if (!s->ssl_use_sslv2) { /* disable SSLv2 */ if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); return -1; } } if (!s->ssl_use_sslv3) { /* disable SSLv3 */ if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); return -1; } } if (!buffer_is_empty(s->ssl_cipher_list)) { /* Disable support for low encryption ciphers */ if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); return -1; } } /* Support for Diffie-Hellman key exchange */ if (!buffer_is_empty(s->ssl_dh_file)) {
开发者ID:h0tw1r3,项目名称:asuswrt-merlin,代码行数:67,
示例18: cyassl_connect_step2static CURLcodecyassl_connect_step2(struct connectdata *conn, int sockindex){ int ret = -1; struct SessionHandle *data = conn->data; struct ssl_connect_data* conssl = &conn->ssl[sockindex]; conn->recv[sockindex] = cyassl_recv; conn->send[sockindex] = cyassl_send; /* Enable RFC2818 checks */ if(data->set.ssl.verifyhost) { ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name); if(ret == SSL_FAILURE) return CURLE_OUT_OF_MEMORY; } ret = SSL_connect(conssl->handle); if(ret != 1) { char error_buffer[CYASSL_MAX_ERROR_SZ]; int detail = SSL_get_error(conssl->handle, ret); if(SSL_ERROR_WANT_READ == detail) { conssl->connecting_state = ssl_connect_2_reading; return CURLE_OK; } else if(SSL_ERROR_WANT_WRITE == detail) { conssl->connecting_state = ssl_connect_2_writing; return CURLE_OK; } /* There is no easy way to override only the CN matching. * This will enable the override of both mismatching SubjectAltNames * as also mismatching CN fields */ else if(DOMAIN_NAME_MISMATCH == detail) {#if 1 failf(data, "/tsubject alt name(s) or common name do not match /"%s/"/n", conn->host.dispname); return CURLE_PEER_FAILED_VERIFICATION;#else /* When the CyaSSL_check_domain_name() is used and you desire to continue * on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0', * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only * way to do this is currently to switch the CyaSSL_check_domain_name() * in and out based on the 'data->set.ssl.verifyhost' value. */ if(data->set.ssl.verifyhost) { failf(data, "/tsubject alt name(s) or common name do not match /"%s/"/n", conn->host.dispname); return CURLE_PEER_FAILED_VERIFICATION; } else { infof(data, "/tsubject alt name(s) and/or common name do not match /"%s/"/n", conn->host.dispname); return CURLE_OK; }#endif }#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */ else if(ASN_NO_SIGNER_E == detail) { if(data->set.ssl.verifypeer) { failf(data, "/tCA signer not available for verification/n"); return CURLE_SSL_CACERT_BADFILE; } else { /* Just continue with a warning if no strict certificate verification is required. */ infof(data, "CA signer not available for verification, " "continuing anyway/n"); } }#endif else { failf(data, "SSL_connect failed with error %d: %s", detail, ERR_error_string(detail, error_buffer)); return CURLE_SSL_CONNECT_ERROR; } } if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) { X509 *x509; const char *x509_der; int x509_der_len; curl_X509certificate x509_parsed; curl_asn1Element *pubkey; CURLcode result; x509 = SSL_get_peer_certificate(conssl->handle); if(!x509) { failf(data, "SSL: failed retrieving server certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; } x509_der = (const char *)CyaSSL_X509_get_der(x509, &x509_der_len); if(!x509_der) { failf(data, "SSL: failed retrieving ASN.1 server certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; }//.........这里部分代码省略.........
开发者ID:Migaverse,项目名称:Samsung-G920S-MMPlatform,代码行数:101,
示例19: cyassl_connect_step1//.........这里部分代码省略......... } /* Load the client certificate, and private key */ if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) { int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]); if(SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT], file_type) != 1) { failf(data, "unable to use client certificate (no key or wrong pass" " phrase?)"); return CURLE_SSL_CONNECT_ERROR; } file_type = do_file_type(data->set.str[STRING_KEY_TYPE]); if(SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY], file_type) != 1) { failf(data, "unable to set private key"); return CURLE_SSL_CONNECT_ERROR; } }#endif /* !NO_FILESYSTEM */ /* SSL always tries to verify the peer, this only says whether it should * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ SSL_CTX_set_verify(conssl->ctx, data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE, NULL);#ifdef HAVE_SNI if(sni) { struct in_addr addr4;#ifdef ENABLE_IPV6 struct in6_addr addr6;#endif size_t hostname_len = strlen(conn->host.name); if((hostname_len < USHRT_MAX) && (0 == Curl_inet_pton(AF_INET, conn->host.name, &addr4)) &&#ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr6)) &&#endif (CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, conn->host.name, (unsigned short)hostname_len) != 1)) { infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension/n"); } }#endif /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { CURLcode result = CURLE_OK; result = (*data->set.ssl.fsslctx)(data, conssl->ctx, data->set.ssl.fsslctxp); if(result) { failf(data, "error signaled by ssl ctx callback"); return result; } }#ifdef NO_FILESYSTEM else if(data->set.ssl.verifypeer) { failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built" " with /"no filesystem/". Either disable peer verification" " (insecure) or if you are building an application with libcurl you" " can load certificates via CURLOPT_SSL_CTX_FUNCTION."); return CURLE_SSL_CONNECT_ERROR; }#endif /* Let's make an SSL structure */ if(conssl->handle) SSL_free(conssl->handle); conssl->handle = SSL_new(conssl->ctx); if(!conssl->handle) { failf(data, "SSL: couldn't create a context (handle)!"); return CURLE_OUT_OF_MEMORY; } /* Check if there's a cached ID we can/should use here! */ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) { /* we got a session id, use it! */ if(!SSL_set_session(conssl->handle, ssl_sessionid)) { failf(data, "SSL: SSL_set_session failed: %s", ERR_error_string(SSL_get_error(conssl->handle, 0), error_buffer)); return CURLE_SSL_CONNECT_ERROR; } /* Informational message */ infof (data, "SSL re-using session ID/n"); } /* pass the raw socket into the SSL layer */ if(!SSL_set_fd(conssl->handle, (int)sockfd)) { failf(data, "SSL: SSL_set_fd failed"); return CURLE_SSL_CONNECT_ERROR; } conssl->connecting_state = ssl_connect_2; return CURLE_OK;}
开发者ID:Migaverse,项目名称:Samsung-G920S-MMPlatform,代码行数:101,
示例20: cyassl_connect_step2static CURLcodecyassl_connect_step2(struct connectdata *conn, int sockindex){ int ret = -1; struct Curl_easy *data = conn->data; struct ssl_connect_data* connssl = &conn->ssl[sockindex]; const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name; const char * const dispname = SSL_IS_PROXY() ? conn->http_proxy.host.dispname : conn->host.dispname; const char * const pinnedpubkey = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; conn->recv[sockindex] = cyassl_recv; conn->send[sockindex] = cyassl_send; /* Enable RFC2818 checks */ if(SSL_CONN_CONFIG(verifyhost)) { ret = CyaSSL_check_domain_name(BACKEND->handle, hostname); if(ret == SSL_FAILURE) return CURLE_OUT_OF_MEMORY; } ret = SSL_connect(BACKEND->handle); if(ret != 1) { char error_buffer[CYASSL_MAX_ERROR_SZ]; int detail = SSL_get_error(BACKEND->handle, ret); if(SSL_ERROR_WANT_READ == detail) { connssl->connecting_state = ssl_connect_2_reading; return CURLE_OK; } else if(SSL_ERROR_WANT_WRITE == detail) { connssl->connecting_state = ssl_connect_2_writing; return CURLE_OK; } /* There is no easy way to override only the CN matching. * This will enable the override of both mismatching SubjectAltNames * as also mismatching CN fields */ else if(DOMAIN_NAME_MISMATCH == detail) {#if 1 failf(data, "/tsubject alt name(s) or common name do not match /"%s/"/n", dispname); return CURLE_PEER_FAILED_VERIFICATION;#else /* When the CyaSSL_check_domain_name() is used and you desire to continue * on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost == 0', * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only * way to do this is currently to switch the CyaSSL_check_domain_name() * in and out based on the 'conn->ssl_config.verifyhost' value. */ if(SSL_CONN_CONFIG(verifyhost)) { failf(data, "/tsubject alt name(s) or common name do not match /"%s/"/n", dispname); return CURLE_PEER_FAILED_VERIFICATION; } else { infof(data, "/tsubject alt name(s) and/or common name do not match /"%s/"/n", dispname); return CURLE_OK; }#endif }#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */ else if(ASN_NO_SIGNER_E == detail) { if(SSL_CONN_CONFIG(verifypeer)) { failf(data, "/tCA signer not available for verification/n"); return CURLE_SSL_CACERT_BADFILE; } else { /* Just continue with a warning if no strict certificate verification is required. */ infof(data, "CA signer not available for verification, " "continuing anyway/n"); } }#endif else { failf(data, "SSL_connect failed with error %d: %s", detail, ERR_error_string(detail, error_buffer)); return CURLE_SSL_CONNECT_ERROR; } } if(pinnedpubkey) {#ifdef KEEP_PEER_CERT X509 *x509; const char *x509_der; int x509_der_len; curl_X509certificate x509_parsed; curl_asn1Element *pubkey; CURLcode result; x509 = SSL_get_peer_certificate(BACKEND->handle); if(!x509) { failf(data, "SSL: failed retrieving server certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH;//.........这里部分代码省略.........
开发者ID:sshyran,项目名称:curl,代码行数:101,
示例21: get_ssl_errorstatic char*get_ssl_error(){ SSL_load_error_strings(); return ERR_error_string(ERR_get_error(), NULL);}
开发者ID:heartshare,项目名称:asuswrt-merlin,代码行数:6,
示例22: x_msgvoid x_msg (const unsigned int flags, const char *format, ...){ struct gc_arena gc; va_list arglist;#if SYSLOG_CAPABILITY int level;#endif char *m1; char *m2; char *tmp; int e; const char *prefix; const char *prefix_sep; void usage_small (void);#ifndef HAVE_VARARG_MACROS /* the macro has checked this otherwise */ if (!MSG_TEST (flags)) return;#endif if (flags & M_ERRNO_SOCK) e = openvpn_errno_socket (); else e = openvpn_errno (); /* * Apply muting filter. */#ifndef HAVE_VARARG_MACROS /* the macro has checked this otherwise */ if (!dont_mute (flags)) return;#endif gc_init (&gc); mutex_lock_static (L_MSG); m1 = (char *) gc_malloc (ERR_BUF_SIZE, false, &gc); m2 = (char *) gc_malloc (ERR_BUF_SIZE, false, &gc); va_start (arglist, format); vsnprintf (m1, ERR_BUF_SIZE, format, arglist); va_end (arglist); m1[ERR_BUF_SIZE - 1] = 0; /* windows vsnprintf needs this */ if ((flags & (M_ERRNO|M_ERRNO_SOCK)) && e) { openvpn_snprintf (m2, ERR_BUF_SIZE, "%s: %s (errno=%d)", m1, strerror_ts (e, &gc), e); SWAP; }#ifdef USE_CRYPTO if (flags & M_SSL) { int nerrs = 0; int err; while ((err = ERR_get_error ())) { openvpn_snprintf (m2, ERR_BUF_SIZE, "%s: %s", m1, ERR_error_string (err, NULL)); SWAP; ++nerrs; } if (!nerrs) { openvpn_snprintf (m2, ERR_BUF_SIZE, "%s (OpenSSL)", m1); SWAP; } }#endif if (flags & M_OPTERR) { openvpn_snprintf (m2, ERR_BUF_SIZE, "Options error: %s", m1); SWAP; }#if SYSLOG_CAPABILITY if (flags & (M_FATAL|M_NONFATAL|M_USAGE_SMALL)) level = LOG_ERR; else if (flags & M_WARN) level = LOG_WARNING; else level = LOG_NOTICE;#endif /* set up client prefix */ prefix = msg_get_prefix (); prefix_sep = " "; if (!prefix) prefix_sep = prefix = ""; /* virtual output capability used to copy output to management subsystem */ if (!forked) { const struct virtual_output *vo = msg_get_virtual_output ();//.........这里部分代码省略.........
开发者ID:liuxfiu,项目名称:primogeni,代码行数:101,
示例23: cyassl_connect_step1//.........这里部分代码省略......... "TLS extension/n"); } }#endif#ifdef HAVE_SUPPORTED_CURVES /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically: https://github.com/wolfSSL/wolfssl/issues/366 The supported curves below are those also supported by OpenSSL 1.0.2 and in the same order. */ CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x17); /* secp256r1 */ CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x19); /* secp521r1 */ CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x18); /* secp384r1 */#endif /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { CURLcode result = CURLE_OK; result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, data->set.ssl.fsslctxp); if(result) { failf(data, "error signaled by ssl ctx callback"); return result; } }#ifdef NO_FILESYSTEM else if(SSL_CONN_CONFIG(verifypeer)) { failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built" " with /"no filesystem/". Either disable peer verification" " (insecure) or if you are building an application with libcurl you" " can load certificates via CURLOPT_SSL_CTX_FUNCTION."); return CURLE_SSL_CONNECT_ERROR; }#endif /* Let's make an SSL structure */ if(BACKEND->handle) SSL_free(BACKEND->handle); BACKEND->handle = SSL_new(BACKEND->ctx); if(!BACKEND->handle) { failf(data, "SSL: couldn't create a context (handle)!"); return CURLE_OUT_OF_MEMORY; }#ifdef HAVE_ALPN if(conn->bits.tls_enable_alpn) { char protocols[128]; *protocols = '/0'; /* wolfSSL's ALPN protocol name list format is a comma separated string of protocols in descending order of preference, eg: "h2,http/1.1" */#ifdef USE_NGHTTP2 if(data->set.httpversion >= CURL_HTTP_VERSION_2) { strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ","); infof(data, "ALPN, offering %s/n", NGHTTP2_PROTO_VERSION_ID); }#endif strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); infof(data, "ALPN, offering %s/n", ALPN_HTTP_1_1); if(wolfSSL_UseALPN(BACKEND->handle, protocols, (unsigned)strlen(protocols), WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { failf(data, "SSL: failed setting ALPN protocols"); return CURLE_SSL_CONNECT_ERROR; } }#endif /* HAVE_ALPN */ /* Check if there's a cached ID we can/should use here! */ if(SSL_SET_OPTION(primary.sessionid)) { void *ssl_sessionid = NULL; Curl_ssl_sessionid_lock(conn); if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { /* we got a session id, use it! */ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { Curl_ssl_sessionid_unlock(conn); failf(data, "SSL: SSL_set_session failed: %s", ERR_error_string(SSL_get_error(BACKEND->handle, 0), error_buffer)); return CURLE_SSL_CONNECT_ERROR; } /* Informational message */ infof(data, "SSL re-using session ID/n"); } Curl_ssl_sessionid_unlock(conn); } /* pass the raw socket into the SSL layer */ if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { failf(data, "SSL: SSL_set_fd failed"); return CURLE_SSL_CONNECT_ERROR; } connssl->connecting_state = ssl_connect_2; return CURLE_OK;}
开发者ID:sshyran,项目名称:curl,代码行数:101,
示例24: server_test//.........这里部分代码省略......... if (doCliCertCheck && usePsk == 0) { SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); }#endif#ifdef OPENSSL_EXTRA SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);#endif#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ if (cipherList == NULL) { if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) err_sys("server can't set cipher list 3"); }#endif#ifdef HAVE_SNI if (sniHostName) { if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); else CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME, CYASSL_SNI_ABORT_ON_MISMATCH); }#endif ssl = SSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL"); CyaSSL_set_quiet_shutdown(ssl, 1) ;#ifdef HAVE_CRL CyaSSL_EnableCRL(ssl, 0); CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON); CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);#endif osDelay(5000) ; tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS); if (!doDTLS) CloseSocket(sockfd); SSL_set_fd(ssl, clientfd); if (usePsk == 0) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_CERTS) SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ #endif } osDelay(5000) ;#ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&clientfd); NonBlockingSSL_Accept(ssl); } else if (SSL_accept(ssl) != SSL_SUCCESS) { int err = SSL_get_error(ssl, 0); char buffer[80]; printf("error = %d, %s/n", err, ERR_error_string(err, buffer)); err_sys("SSL_accept failed"); }#else NonBlockingSSL_Accept(ssl);#endif showPeer(ssl); osDelay(5000) ; idx = SSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s/n", input); } else if (idx < 0) { int readErr = SSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("SSL_read failed"); } if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) err_sys("SSL_write failed"); SSL_shutdown(ssl); SSL_free(ssl); SSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = 0;#ifdef USE_CYASSL_MEMORY if (trackMemory) ShowMemoryTracker();#endif /* USE_CYASSL_MEMORY */ return 0;}
开发者ID:Coderz333,项目名称:cyassl,代码行数:101,
示例25: connection_handle_read_sslstatic int connection_handle_read_ssl(server *srv, connection *con) {#ifdef USE_OPENSSL int r, ssl_err, len, count = 0; char *mem = NULL; size_t mem_len = 0; if (!con->srv_socket->is_ssl) return -1; ERR_clear_error(); do { chunkqueue_get_memory(con->read_queue, &mem, &mem_len, 0, SSL_pending(con->ssl));#if 0 /* overwrite everything with 0 */ memset(mem, 0, mem_len);#endif len = SSL_read(con->ssl, mem, mem_len); chunkqueue_use_memory(con->read_queue, len > 0 ? len : 0); if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) { log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client, killing connection"); connection_set_state(srv, con, CON_STATE_ERROR); return -1; } if (len > 0) { con->bytes_read += len; count += len; } } while (len == (ssize_t) mem_len && count < MAX_READ_LIMIT); if (len < 0) { int oerrno = errno; switch ((r = SSL_get_error(con->ssl, len))) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: con->is_readable = 0; /* the manual says we have to call SSL_read with the same arguments next time. * we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway. */ return 0; case SSL_ERROR_SYSCALL: /** * man SSL_get_error() * * SSL_ERROR_SYSCALL * Some I/O error occurred. The OpenSSL error queue may contain more * information on the error. If the error queue is empty (i.e. * ERR_get_error() returns 0), ret can be used to find out more about * the error: If ret == 0, an EOF was observed that violates the * protocol. If ret == -1, the underlying BIO reported an I/O error * (for socket I/O on Unix systems, consult errno for details). * */ while((ssl_err = ERR_get_error())) { /* get all errors from the error-queue */ log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", r, ERR_error_string(ssl_err, NULL)); } switch(oerrno) { default: log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", len, r, oerrno, strerror(oerrno)); break; } break; case SSL_ERROR_ZERO_RETURN: /* clean shutdown on the remote side */ if (r == 0) { /* FIXME: later */ } /* fall thourgh */ default: while((ssl_err = ERR_get_error())) { switch (ERR_GET_REASON(ssl_err)) { case SSL_R_SSL_HANDSHAKE_FAILURE: case SSL_R_TLSV1_ALERT_UNKNOWN_CA: case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: if (!con->conf.log_ssl_noise) continue; break; default: break; } /* get all errors from the error-queue */ log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", r, ERR_error_string(ssl_err, NULL)); } break; } connection_set_state(srv, con, CON_STATE_ERROR);//.........这里部分代码省略.........
开发者ID:automatical,项目名称:lighttpd1.4,代码行数:101,
示例26: connection_state_machine//.........这里部分代码省略......... if (con->keep_alive) { connection_set_state(srv, con, CON_STATE_REQUEST_START);#if 0 con->request_start = srv->cur_ts; con->read_idle_ts = srv->cur_ts;#endif } else { switch(r = plugins_call_handle_connection_close(srv, con)) { case HANDLER_GO_ON: case HANDLER_FINISHED: break; default: log_error_write(srv, __FILE__, __LINE__, "sd", "unhandling return value", r); break; }#ifdef USE_OPENSSL if (srv_sock->is_ssl) { switch (SSL_shutdown(con->ssl)) { case 1: /* done */ break; case 0: /* wait for fd-event * * FIXME: wait for fdevent and call SSL_shutdown again * */ break; default: log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); } }#endif if ((0 == shutdown(con->fd, SHUT_WR))) { con->close_timeout_ts = srv->cur_ts; connection_set_state(srv, con, CON_STATE_CLOSE); } else { connection_close(srv, con); } srv->con_closed++; } connection_reset(srv, con); break; case CON_STATE_CONNECT: if (srv->srvconf.log_state_handling) { log_error_write(srv, __FILE__, __LINE__, "sds", "state for fd", con->fd, connection_get_state(con->state)); } chunkqueue_reset(con->read_queue); con->request_count = 0; break; case CON_STATE_CLOSE: if (srv->srvconf.log_state_handling) { log_error_write(srv, __FILE__, __LINE__, "sds", "state for fd", con->fd, connection_get_state(con->state)); }
开发者ID:automatical,项目名称:lighttpd1.4,代码行数:67,
示例27: sizeofconnection *connection_accept(server *srv, server_socket *srv_socket) { /* accept everything */ /* search an empty place */ int cnt; sock_addr cnt_addr; socklen_t cnt_len; /* accept it and register the fd */ /** * check if we can still open a new connections * * see #1216 */ if (srv->conns->used >= srv->max_conns) { return NULL; } cnt_len = sizeof(cnt_addr); if (-1 == (cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len))) { switch (errno) { case EAGAIN:#if EWOULDBLOCK != EAGAIN case EWOULDBLOCK:#endif case EINTR: /* we were stopped _before_ we had a connection */ case ECONNABORTED: /* this is a FreeBSD thingy */ /* we were stopped _after_ we had a connection */ break; case EMFILE: /* out of fds */ break; default: log_error_write(srv, __FILE__, __LINE__, "ssd", "accept failed:", strerror(errno), errno); } return NULL; } else { connection *con; srv->cur_fds++; /* ok, we have the connection, register it */#if 0 log_error_write(srv, __FILE__, __LINE__, "sd", "appected()", cnt);#endif srv->con_opened++; con = connections_get_new_connection(srv); con->fd = cnt; con->fde_ndx = -1;#if 0 gettimeofday(&(con->start_tv), NULL);#endif fdevent_register(srv->ev, con->fd, connection_handle_fdevent, con); connection_set_state(srv, con, CON_STATE_REQUEST_START); con->connection_start = srv->cur_ts; con->dst_addr = cnt_addr; buffer_copy_string(con->dst_addr_buf, inet_ntop_cache_get_ip(srv, &(con->dst_addr))); con->srv_socket = srv_socket; if (-1 == (fdevent_fcntl_set(srv->ev, con->fd))) { log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); return NULL; }#ifdef USE_OPENSSL /* connect FD to SSL */ if (srv_socket->is_ssl) { if (NULL == (con->ssl = SSL_new(srv_socket->ssl_ctx))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); return NULL; } con->renegotiations = 0; SSL_set_app_data(con->ssl, con); SSL_set_accept_state(con->ssl); if (1 != (SSL_set_fd(con->ssl, cnt))) { log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ERR_error_string(ERR_get_error(), NULL)); return NULL; } }#endif return con; }}
开发者ID:automatical,项目名称:lighttpd1.4,代码行数:95,
示例28: connection_handle_read_sslstatic int connection_handle_read_ssl(server *srv, connection *con) {#ifdef USE_OPENSSL int r, ssl_err, len; buffer *b = NULL; if (!con->conf.is_ssl) return -1; /* don't resize the buffer if we were in SSL_ERROR_WANT_* */ ERR_clear_error(); do { if (!con->ssl_error_want_reuse_buffer) { b = buffer_init(); buffer_prepare_copy(b, SSL_pending(con->ssl) + (16 * 1024)); /* the pending bytes + 16kb */ /* overwrite everything with 0 */ memset(b->ptr, 0, b->size); } else { b = con->ssl_error_want_reuse_buffer; } len = SSL_read(con->ssl, b->ptr, b->size - 1); con->ssl_error_want_reuse_buffer = NULL; /* reuse it only once */ if (len > 0) { b->used = len; b->ptr[b->used++] = '/0'; /* we move the buffer to the chunk-queue, no need to free it */ chunkqueue_append_buffer_weak(con->read_queue, b); con->bytes_read += len; b = NULL; } } while (len > 0); if (len < 0) { switch ((r = SSL_get_error(con->ssl, len))) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: con->is_readable = 0; con->ssl_error_want_reuse_buffer = b; b = NULL; /* we have to steal the buffer from the queue-queue */ return 0; case SSL_ERROR_SYSCALL: /** * man SSL_get_error() * * SSL_ERROR_SYSCALL * Some I/O error occurred. The OpenSSL error queue may contain more * information on the error. If the error queue is empty (i.e. * ERR_get_error() returns 0), ret can be used to find out more about * the error: If ret == 0, an EOF was observed that violates the * protocol. If ret == -1, the underlying BIO reported an I/O error * (for socket I/O on Unix systems, consult errno for details). * */ while((ssl_err = ERR_get_error())) { /* get all errors from the error-queue */ log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", r, ERR_error_string(ssl_err, NULL)); } switch(errno) { default: log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", len, r, errno, strerror(errno)); break; } break; case SSL_ERROR_ZERO_RETURN: /* clean shutdown on the remote side */ if (r == 0) { /* FIXME: later */ } /* fall thourgh */ default: while((ssl_err = ERR_get_error())) { switch (ERR_GET_REASON(ssl_err)) { case SSL_R_SSL_HANDSHAKE_FAILURE: case SSL_R_TLSV1_ALERT_UNKNOWN_CA: case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: if (!con->conf.log_ssl_noise) continue; break; default: break; } /* get all errors from the error-queue */ log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:", r, ERR_error_string(ssl_err, NULL)); }//.........这里部分代码省略.........
开发者ID:2xyo,项目名称:transfervm,代码行数:101,
示例29: http_server_handlerstatic void http_server_handler(int c){ int code; struct socket_buffer sock; struct http_request request; char *buf; socket_buffer_init(&sock, c);#if HAVE_OPENSSL if (o.ssl) { sock.fdn.ssl = new_ssl(sock.fdn.fd); if (SSL_accept(sock.fdn.ssl) != 1) { loguser("Failed SSL connection: %s/n", ERR_error_string(ERR_get_error(), NULL)); fdinfo_close(&sock.fdn); return; } }#endif code = http_read_request_line(&sock, &buf); if (code != 0) { if (o.verbose) logdebug("Error reading Request-Line./n"); send_string(&sock.fdn, http_code2str(code)); fdinfo_close(&sock.fdn); return; } if (o.debug > 1) logdebug("Request-Line: %s", buf); code = http_parse_request_line(buf, &request); free(buf); if (code != 0) { if (o.verbose) logdebug("Error parsing Request-Line./n"); send_string(&sock.fdn, http_code2str(code)); fdinfo_close(&sock.fdn); return; } if (!method_is_known(request.method)) { if (o.debug > 1) logdebug("Bad method: %s./n", request.method); http_request_free(&request); send_string(&sock.fdn, http_code2str(405)); fdinfo_close(&sock.fdn); return; } code = http_read_header(&sock, &buf); if (code != 0) { if (o.verbose) logdebug("Error reading header./n"); http_request_free(&request); send_string(&sock.fdn, http_code2str(code)); fdinfo_close(&sock.fdn); return; } if (o.debug > 1) logdebug("Header:/n%s", buf); code = http_request_parse_header(&request, buf); free(buf); if (code != 0) { if (o.verbose) logdebug("Error parsing header./n"); http_request_free(&request); send_string(&sock.fdn, http_code2str(code)); fdinfo_close(&sock.fdn); return; } /* Check authentication. */ if (o.proxy_auth) { struct http_credentials credentials; int ret, stale; if (http_header_get_proxy_credentials(request.header, &credentials) == NULL) { /* No credentials or a parsing error. */ send_proxy_authenticate(&sock.fdn, 0); http_request_free(&request); fdinfo_close(&sock.fdn); return; } ret = check_auth(&request, &credentials, &stale); http_credentials_free(&credentials); if (!ret) { /* Password doesn't match. */ /* RFC 2617, section 1.2: "If a proxy does not accept the credentials sent with a request, it SHOULD return a 407 (Proxy Authentication Required). */ send_proxy_authenticate(&sock.fdn, stale); http_request_free(&request); fdinfo_close(&sock.fdn); return; } } if (strcmp(request.method, "CONNECT") == 0) { code = handle_connect(&sock, &request);//.........这里部分代码省略.........
开发者ID:zyan2,项目名称:ECPE170Fall,代码行数:101,
注:本文中的ERR_error_string函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。
C++ ERR_error_string_n函数代码示例
C++ ERR_clear_error函数代码示例 |
