这篇教程C++ ERR_get_error函数代码示例写得很实用,希望能帮到您。
本文整理汇总了C++中ERR_get_error函数的典型用法代码示例。如果您正苦于以下问题:C++ ERR_get_error函数的具体用法?C++ ERR_get_error怎么用?C++ ERR_get_error使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。 在下文中一共展示了ERR_get_error函数的23个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。 示例1: network_write_chunkqueue_opensslint network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) { int ssl_r; chunk *c; size_t chunks_written = 0; /* this is a 64k sendbuffer * * it has to stay at the same location all the time to satisfy the needs * of SSL_write to pass the SAME parameter in case of a _WANT_WRITE * * the buffer is allocated once, is NOT realloced and is NOT freed at shutdown * -> we expect a 64k block to 'leak' in valgrind * * * In reality we would like to use mmap() but we don't have a guarantee that * we get the same mmap() address for each call. On openbsd the mmap() address * even randomized. * That means either we keep the mmap() open or we do a read() into a * constant buffer * */#define LOCAL_SEND_BUFSIZE (64 * 1024) static char *local_send_buffer = NULL; /* the remote side closed the connection before without shutdown request * - IE * - wget * if keep-alive is disabled */ if (con->keep_alive == 0) { SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); } for(c = cq->first; c; c = c->next) { int chunk_finished = 0; switch(c->type) { case MEM_CHUNK: { char * offset; size_t toSend; ssize_t r; if (c->mem->used == 0 || c->mem->used == 1) { chunk_finished = 1; break; } offset = c->mem->ptr + c->offset; toSend = c->mem->used - 1 - c->offset; /** * SSL_write man-page * * WARNING * When an SSL_write() operation has to be repeated because of * SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be * repeated with the same arguments. * */ ERR_clear_error(); if ((r = SSL_write(ssl, offset, toSend)) <= 0) { unsigned long err; switch ((ssl_r = SSL_get_error(ssl, r))) { case SSL_ERROR_WANT_WRITE: break; case SSL_ERROR_SYSCALL: /* perhaps we have error waiting in our error-queue */ if (0 != (err = ERR_get_error())) { do { log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ssl_r, r, ERR_error_string(err, NULL)); } while((err = ERR_get_error())); } else if (r == -1) { /* no, but we have errno */ switch(errno) { case EPIPE: case ECONNRESET: return -2; default: log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", ssl_r, r, errno, strerror(errno)); break; } } else { /* neither error-queue nor errno ? */ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", ssl_r, r, errno, strerror(errno)); } return -1; case SSL_ERROR_ZERO_RETURN: /* clean shutdown on the remote side */ if (r == 0) return -2; /* fall through *///.........这里部分代码省略.........
开发者ID:0d0f,项目名称:exfe-bus,代码行数:101,
示例2: FC_ASSERT bytes public_key::decrypt( const bytes& in )const { FC_ASSERT( my && my->rsa ); bytes out( RSA_size(my->rsa) );//, char(0) ); int rtn = RSA_public_decrypt( in.size(), (unsigned char*)in.data(), (unsigned char*)out.data(), my->rsa, RSA_PKCS1_OAEP_PADDING ); if( rtn >= 0 ) { out.resize(rtn); return out; } FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) ); }
开发者ID:FollowMyVote,项目名称:fc,代码行数:14,
示例3: tap11_change_pinstatic inttap11_change_pin( const char *p11lib, int is_so, const char *pin, const char *newpin){ int rc = 0; unsigned int nslots; PKCS11_CTX *p11ctx; PKCS11_SLOT *slots, *slot; p11ctx = PKCS11_CTX_new(); /* load pkcs #11 module */ rc = PKCS11_CTX_load(p11ctx,p11lib); if (rc) { fprintf(stderr,"PKCS11_CTX_load/n"); return -1; } /* get information on all slots */ rc = PKCS11_enumerate_slots(p11ctx, &slots, &nslots); if (rc < 0) { fprintf(stderr,"PKCS11_enumerate_slots/n"); return -1; } /* get first slot with a token */ slot = PKCS11_find_token(p11ctx, slots, nslots); if (!slot || !slot->token) { fprintf(stderr,"PKCS11_find_token/n"); return -1; } fprintf(stderr,"Slot manufacturer......: %s/n", slot->manufacturer); fprintf(stderr,"Slot description.......: %s/n", slot->description); fprintf(stderr,"Slot token label.......: %s/n", slot->token->label); fprintf(stderr,"Slot token manufacturer: %s/n", slot->token->manufacturer); fprintf(stderr,"Slot token model.......: %s/n", slot->token->model); fprintf(stderr,"Slot token serialnr....: %s/n", slot->token->serialnr); /* rw mode */ rc = PKCS11_open_session(slot, 1); if (rc != 0) { ERR_load_PKCS11_strings(); fprintf(stderr,"PKCS11_open_session %s/n", ERR_reason_error_string(ERR_get_error())); return -1; } rc = PKCS11_login(slot, is_so, pin); if (rc != 0) { ERR_load_PKCS11_strings(); fprintf(stderr,"PKCS11_init_login %s/n", ERR_reason_error_string(ERR_get_error())); return -1; } rc = PKCS11_change_pin(slot,pin,newpin); if (rc != 0) { ERR_load_PKCS11_strings(); fprintf(stderr,"PKCS11_change_pin %s/n", ERR_reason_error_string(ERR_get_error())); return -1; } PKCS11_logout(slot); PKCS11_release_all_slots(p11ctx, slots, nslots); PKCS11_CTX_unload(p11ctx); PKCS11_CTX_free(p11ctx); fprintf(stderr,"/n/npin change succeed/n"); return 0;}
开发者ID:yusukemihara,项目名称:tap11tools,代码行数:77,
示例4: proxy_tls_recvint proxy_tls_recv(rad_listen_t *listener){ int rcode; size_t length; listen_socket_t *sock = listener->data; char buffer[256]; RADIUS_PACKET *packet; uint8_t *data; /* * Get the maximum size of data to receive. */ if (!sock->data) sock->data = talloc_array(sock, uint8_t, sock->ssn->offset); data = sock->data; DEBUG3("Proxy SSL socket has data to read"); PTHREAD_MUTEX_LOCK(&sock->mutex);redo: rcode = SSL_read(sock->ssn->ssl, data, 4); if (rcode <= 0) { int err = SSL_get_error(sock->ssn->ssl, rcode); switch (err) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: goto redo; case SSL_ERROR_ZERO_RETURN: /* remote end sent close_notify, send one back */ SSL_shutdown(sock->ssn->ssl); case SSL_ERROR_SYSCALL: do_close: PTHREAD_MUTEX_UNLOCK(&sock->mutex); tls_socket_close(listener); return 0; default: while ((err = ERR_get_error())) { DEBUG("proxy recv says %s", ERR_error_string(err, NULL)); } goto do_close; } } length = (data[2] << 8) | data[3]; DEBUG3("Proxy received header saying we have a packet of %u bytes", (unsigned int) length); if (length > sock->ssn->offset) { INFO("Received packet will be too large! Set /"fragment_size=%u/"", (data[2] << 8) | data[3]); goto do_close; } rcode = SSL_read(sock->ssn->ssl, data + 4, length); if (rcode <= 0) { switch (SSL_get_error(sock->ssn->ssl, rcode)) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: break; case SSL_ERROR_ZERO_RETURN: /* remote end sent close_notify, send one back */ SSL_shutdown(sock->ssn->ssl); goto do_close; default: goto do_close; } } PTHREAD_MUTEX_UNLOCK(&sock->mutex); packet = rad_alloc(NULL, 0); packet->sockfd = listener->fd; packet->src_ipaddr = sock->other_ipaddr; packet->src_port = sock->other_port; packet->dst_ipaddr = sock->my_ipaddr; packet->dst_port = sock->my_port; packet->code = data[0]; packet->id = data[1]; packet->data_len = length; packet->data = talloc_array(packet, uint8_t, packet->data_len); memcpy(packet->data, data, packet->data_len); memcpy(packet->vector, packet->data + 4, 16); /* * FIXME: Client MIB updates? */ switch(packet->code) { case PW_AUTHENTICATION_ACK: case PW_ACCESS_CHALLENGE: case PW_AUTHENTICATION_REJECT: break;#ifdef WITH_ACCOUNTING case PW_ACCOUNTING_RESPONSE: break;#endif//.........这里部分代码省略.........
开发者ID:dpocock,项目名称:freeradius-server,代码行数:101,
示例5: new_ssl_streamstatic intnew_ssl_stream(const char *name, int fd, enum session_type type, enum ssl_state state, struct stream **streamp){ struct ssl_stream *sslv; SSL *ssl = NULL; int retval; /* Check for all the needful configuration. */ retval = 0; if (!private_key.read) { VLOG_ERR("Private key must be configured to use SSL"); retval = ENOPROTOOPT; } if (!certificate.read) { VLOG_ERR("Certificate must be configured to use SSL"); retval = ENOPROTOOPT; } if (!ca_cert.read && verify_peer_cert && !bootstrap_ca_cert) { VLOG_ERR("CA certificate must be configured to use SSL"); retval = ENOPROTOOPT; } if (!retval && !SSL_CTX_check_private_key(ctx)) { VLOG_ERR("Private key does not match certificate public key: %s", ERR_error_string(ERR_get_error(), NULL)); retval = ENOPROTOOPT; } if (retval) { goto error; } /* Disable Nagle. * On windows platforms, this can only be called upon TCP connected. */ if (state == STATE_SSL_CONNECTING) { setsockopt_tcp_nodelay(fd); } /* Create and configure OpenSSL stream. */ ssl = SSL_new(ctx); if (ssl == NULL) { VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL)); retval = ENOPROTOOPT; goto error; } if (SSL_set_fd(ssl, fd) == 0) { VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL)); retval = ENOPROTOOPT; goto error; } if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) { SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); } /* Create and return the ssl_stream. */ sslv = xmalloc(sizeof *sslv); stream_init(&sslv->stream, &ssl_stream_class, EAGAIN, name); sslv->state = state; sslv->type = type; sslv->fd = fd; sslv->ssl = ssl; sslv->txbuf = NULL; sslv->rx_want = sslv->tx_want = SSL_NOTHING; sslv->session_nr = next_session_nr++; sslv->n_head = 0; if (VLOG_IS_DBG_ENABLED()) { SSL_set_msg_callback(ssl, ssl_protocol_cb); SSL_set_msg_callback_arg(ssl, sslv); } *streamp = &sslv->stream; return 0;error: if (ssl) { SSL_free(ssl); } closesocket(fd); return retval;}
开发者ID:flavio-fernandes,项目名称:ovs,代码行数:81,
示例6: interpret_ssl_errorstatic intinterpret_ssl_error(const char *function, int ret, int error, int *want){ *want = SSL_NOTHING; switch (error) { case SSL_ERROR_NONE: VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_NONE", function); break; case SSL_ERROR_ZERO_RETURN: VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_ZERO_RETURN", function); break; case SSL_ERROR_WANT_READ: *want = SSL_READING; return EAGAIN; case SSL_ERROR_WANT_WRITE: *want = SSL_WRITING; return EAGAIN; case SSL_ERROR_WANT_CONNECT: VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_CONNECT", function); break; case SSL_ERROR_WANT_ACCEPT: VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_ACCEPT", function); break; case SSL_ERROR_WANT_X509_LOOKUP: VLOG_ERR_RL(&rl, "%s: unexpected SSL_ERROR_WANT_X509_LOOKUP", function); break; case SSL_ERROR_SYSCALL: { int queued_error = ERR_get_error(); if (queued_error == 0) { if (ret < 0) { int status = errno; VLOG_WARN_RL(&rl, "%s: system error (%s)", function, ovs_strerror(status)); return status; } else { VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close", function); return EPROTO; } } else { VLOG_WARN_RL(&rl, "%s: %s", function, ERR_error_string(queued_error, NULL)); break; } } case SSL_ERROR_SSL: interpret_queued_ssl_error(function); break; default: VLOG_ERR_RL(&rl, "%s: bad SSL error code %d", function, error); break; } return EIO;}
开发者ID:flavio-fernandes,项目名称:ovs,代码行数:66,
示例7: throw/** * @return returns X.509 certificate serial number. * @throws IOException exception is thrown if the serial is incorrect. */long digidoc::X509Cert::getSerial() const throw(IOException){ long serial = ASN1_INTEGER_get(X509_get_serialNumber(cert)); if(serial <= 0) { THROW_IOEXCEPTION("Failed to read certificate serial number from X.509 certificate: %s", ERR_reason_error_string(ERR_get_error())); } return serial;}
开发者ID:Krabi,项目名称:idkaart_public,代码行数:14,
示例8: rb_setup_ssl_serverintrb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list){ DH *dh; unsigned long err; if(cert == NULL) { rb_lib_log("rb_setup_ssl_server: No certificate file"); return 0; } if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert)) { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert, get_ssl_error(err)); return 0; } if(keyfile == NULL) { rb_lib_log("rb_setup_ssl_server: No key file"); return 0; } if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx, keyfile, SSL_FILETYPE_PEM)) { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile, get_ssl_error(err)); return 0; } if(dhfile != NULL) { /* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */ BIO *bio = BIO_new_file(dhfile, "r"); if(bio != NULL) { dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); if(dh == NULL) { err = ERR_get_error(); rb_lib_log ("rb_setup_ssl_server: Error loading DH params file [%s]: %s", dhfile, get_ssl_error(err)); BIO_free(bio); return 0; } BIO_free(bio); SSL_CTX_set_tmp_dh(ssl_server_ctx, dh); } else { err = ERR_get_error(); rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s", dhfile, get_ssl_error(err)); } } if (cipher_list != NULL) { SSL_CTX_set_cipher_list(ssl_server_ctx, cipher_list); } return 1;}
开发者ID:awilfox,项目名称:charybdis,代码行数:67,
示例9: rb_init_sslintrb_init_ssl(void){ int ret = 1; char librb_data[] = "librb data"; const char librb_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL"; SSL_load_error_strings(); SSL_library_init(); librb_index = SSL_get_ex_new_index(0, librb_data, NULL, NULL, NULL);#ifndef LRB_HAVE_TLS_METHOD_API ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());#else ssl_server_ctx = SSL_CTX_new(TLS_server_method());#endif if(ssl_server_ctx == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s", get_ssl_error(ERR_get_error())); ret = 0; } long server_options = SSL_CTX_get_options(ssl_server_ctx);#ifndef LRB_HAVE_TLS_METHOD_API server_options |= SSL_OP_NO_SSLv2; server_options |= SSL_OP_NO_SSLv3;#endif#ifdef SSL_OP_SINGLE_DH_USE server_options |= SSL_OP_SINGLE_DH_USE;#endif#ifdef SSL_OP_SINGLE_ECDH_USE server_options |= SSL_OP_SINGLE_ECDH_USE;#endif#ifdef SSL_OP_NO_TICKET server_options |= SSL_OP_NO_TICKET;#endif server_options |= SSL_OP_CIPHER_SERVER_PREFERENCE; SSL_CTX_set_options(ssl_server_ctx, server_options); SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb); SSL_CTX_set_session_cache_mode(ssl_server_ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_cipher_list(ssl_server_ctx, librb_ciphers); /* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available * (it's not by default on Solaris or Red Hat... fuck Red Hat and Oracle) */ #if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && !defined(OPENSSL_NO_ECDH) EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1); if (key) { SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key); EC_KEY_free(key); } #endif#ifndef LRB_HAVE_TLS_METHOD_API ssl_client_ctx = SSL_CTX_new(SSLv23_client_method());#else ssl_client_ctx = SSL_CTX_new(TLS_client_method());#endif if(ssl_client_ctx == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s", get_ssl_error(ERR_get_error())); ret = 0; }#ifndef LRB_HAVE_TLS_METHOD_API SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);#endif#ifdef SSL_OP_NO_TICKET SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET);#endif SSL_CTX_set_cipher_list(ssl_client_ctx, librb_ciphers); return ret;}
开发者ID:awilfox,项目名称:charybdis,代码行数:85,
示例10: mainint main(){ int len = 1024; //buffer length char buf[len]; //read buffer /* Initializing OpenSSL */ SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); SSL_library_init(); BIO *bio, *abio, *out; //the sockets SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); SSL *ssl; if( ctx == NULL ){ fprintf(stderr, "DEBUG ctx is null/n"); fprintf(stderr, "ERROR::OpenSLL: %s/n", ERR_reason_error_string(ERR_get_error())); exit(1); } //get password for private key // SSL_CTX_set_default_passwd_cb( ctx, &pem_passwd_cb ); //load certificate (with public key) SSL_CTX_use_certificate_file( ctx, "/home/mml/Develop/ca/certs/01.pem", SSL_FILETYPE_PEM); //load private key SSL_CTX_use_PrivateKey_file( ctx, "/home/mml/Develop/ca/testkey.pem", SSL_FILETYPE_PEM); bio = BIO_new_ssl(ctx, 0); if( bio == NULL ){ fprintf(stderr, "ERROR cannot bind/n"); exit(1); } BIO_get_ssl(bio, &ssl); SSL_set_mode( ssl, SSL_MODE_AUTO_RETRY ); abio = BIO_new_accept("localhost:15001"); BIO_set_accept_bios(abio, bio); BIO_do_accept(abio); fprintf(stdout, "DEBUG: waiting for connection/n"); BIO_do_accept(abio); out = BIO_pop(abio); fprintf(stdout, "DEBUG: doing handshake/n"); BIO_do_handshake(out); if(BIO_write(out, "Hello", 5) <= 0){ if(! BIO_should_retry(bio)) { fprintf(stderr, "ERROR connection is already closed. (write)/n"); exit(1); } else { //retry routine } } bzero(buf, len); if( BIO_read(out, buf, len) <= 0 ){ if( !(BIO_should_retry(bio)) ){ fprintf(stderr, "ERROR connection is already closed (read)/n"); exit(0); } else { //retry routine } } fprintf(stdout, "Hello%s/n", buf); //close connection BIO_free_all(abio); BIO_free_all(out); BIO_free_all(bio); SSL_CTX_free(ctx); return 0;}
开发者ID:MoePad,项目名称:Projektbericht_3,代码行数:80,
示例11: _openssl_log_errorvoid _openssl_log_error(int rc, SSL *con, const char *location) { const char *reason, *file, *data; unsigned long numerical_reason; int flags, line; snmp_log(LOG_ERR, "---- OpenSSL Related Errors: ----/n"); /* SSL specific errors */ if (con) { int sslnum = SSL_get_error(con, rc); switch(sslnum) { case SSL_ERROR_NONE: reason = "SSL_ERROR_NONE"; break; case SSL_ERROR_SSL: reason = "SSL_ERROR_SSL"; break; case SSL_ERROR_WANT_READ: reason = "SSL_ERROR_WANT_READ"; break; case SSL_ERROR_WANT_WRITE: reason = "SSL_ERROR_WANT_WRITE"; break; case SSL_ERROR_WANT_X509_LOOKUP: reason = "SSL_ERROR_WANT_X509_LOOKUP"; break; case SSL_ERROR_SYSCALL: reason = "SSL_ERROR_SYSCALL"; snmp_log(LOG_ERR, "TLS error: %s: rc=%d, sslerror = %d (%s): system_error=%d (%s)/n", location, rc, sslnum, reason, errno, strerror(errno)); snmp_log(LOG_ERR, "TLS Error: %s/n", ERR_reason_error_string(ERR_get_error())); return; case SSL_ERROR_ZERO_RETURN: reason = "SSL_ERROR_ZERO_RETURN"; break; case SSL_ERROR_WANT_CONNECT: reason = "SSL_ERROR_WANT_CONNECT"; break; case SSL_ERROR_WANT_ACCEPT: reason = "SSL_ERROR_WANT_ACCEPT"; break; default: reason = "unknown"; } snmp_log(LOG_ERR, " TLS error: %s: rc=%d, sslerror = %d (%s)/n", location, rc, sslnum, reason); snmp_log(LOG_ERR, " TLS Error: %s/n", ERR_reason_error_string(ERR_get_error())); } /* other errors */ while ((numerical_reason = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { snmp_log(LOG_ERR, " error: #%lu (file %s, line %d)/n", numerical_reason, file, line); /* if we have a text translation: */ if (data && (flags & ERR_TXT_STRING)) { snmp_log(LOG_ERR, " Textual Error: %s/n", data); /* * per openssl man page: If it has been allocated by * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true. * * arggh... stupid openssl prototype for ERR_get_error_line_data * wants a const char **, but returns something that we might * need to free?? */ if (flags & ERR_TXT_MALLOCED) OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); } } snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----/n");}
开发者ID:michalklempa,项目名称:net-snmp,代码行数:88,
示例12: tcp_stream_create_ssl_from_fdtcp_stream_t *tcp_stream_create_ssl_from_fd(int fd, const char *hostname, const tcp_ssl_info_t *tsi, char *errbuf, size_t errlen){ char errmsg[120]; tcp_stream_t *ts = calloc(1, sizeof(tcp_stream_t)); ts->ts_fd = fd; if((ts->ts_ssl = SSL_new(ssl_ctx)) == NULL) goto bad_ssl; if(SSL_set_fd(ts->ts_ssl, fd) == 0) goto bad_ssl; if(tsi->key != NULL) { BIO *cbio = BIO_new_mem_buf((char *)tsi->key, -1); EVP_PKEY *key = PEM_read_bio_PrivateKey(cbio, NULL, NULL, NULL); BIO_free(cbio); if(key == NULL) { snprintf(errbuf, errlen, "Unable to load private key"); goto bad; } SSL_use_PrivateKey(ts->ts_ssl, key); EVP_PKEY_free(key); } if(tsi->cert != NULL) { BIO *cbio = BIO_new_mem_buf((char *)tsi->cert, -1); X509 *cert = PEM_read_bio_X509(cbio, NULL, 0, NULL); BIO_free(cbio); if(cert == NULL) { snprintf(errbuf, errlen, "Unable to load certificate"); goto bad; } SSL_use_certificate(ts->ts_ssl, cert); X509_free(cert); } if(SSL_connect(ts->ts_ssl) <= 0) { goto bad_ssl; } SSL_set_mode(ts->ts_ssl, SSL_MODE_AUTO_RETRY); X509 *peer = SSL_get_peer_certificate(ts->ts_ssl); if(peer == NULL) { goto bad_ssl; } int err = SSL_get_verify_result(ts->ts_ssl); if(err != X509_V_OK) { snprintf(errbuf, errlen, "Certificate error: %s", X509_verify_cert_error_string(err)); X509_free(peer); goto bad; } if(verify_hostname(hostname, peer, errbuf, errlen)) { X509_free(peer); goto bad; } X509_free(peer); ts->ts_fd = fd; htsbuf_queue_init(&ts->ts_spill, INT32_MAX); htsbuf_queue_init(&ts->ts_sendq, INT32_MAX); ts->ts_write = ssl_write; ts->ts_read = ssl_read; return ts; bad_ssl: ERR_error_string(ERR_get_error(), errmsg); snprintf(errbuf, errlen, "SSL: %s", errmsg); bad: tcp_close(ts); return NULL;}
开发者ID:yfqian,项目名称:libsvc,代码行数:85,
示例13: ssh_rsa_sign/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */intssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen){ const EVP_MD *evp_md; EVP_MD_CTX md; u_char *sig = NULL; u_int slen = 0, len;#ifdef USE_LEGACY_RSA_SIGN u_char digest[EVP_MAX_MD_SIZE]; u_int dlen;#endif int ok, nid; Buffer b; if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA && key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) { error("ssh_rsa_sign: no RSA key"); return -1; } nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); return -1; }#ifdef USE_LEGACY_RSA_SIGN EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); slen = RSA_size(key->rsa); sig = xmalloc(slen); ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); memset(digest, 'd', sizeof(digest));#else /*ndef USE_LEGACY_RSA_SIGN*/{ EVP_PKEY *pkey = NULL; ok = -1; pkey = EVP_PKEY_new(); if (pkey == NULL) { error("%s: out of memory", __func__); goto done; } EVP_PKEY_set1_RSA(pkey, key->rsa); slen = EVP_PKEY_size(pkey); sig = xmalloc(slen); /*fatal on error*/ ssh_EVP_MD_CTX_init(&md); ok = ssh_EVP_SignInit_ex(&md, evp_md, NULL); if (ok <= 0) { char ebuf[256]; error("%s: EVP_SignInit_ex fail with errormsg='%.*s'" , __func__ , (int)sizeof(ebuf), openssl_errormsg(ebuf, sizeof(ebuf))); goto clean; } ok = ssh_EVP_SignUpdate(&md, data, datalen); if (ok <= 0) { char ebuf[256]; error("%s: EVP_SignUpdate fail with errormsg='%.*s'" , __func__ , (int)sizeof(ebuf), openssl_errormsg(ebuf, sizeof(ebuf))); goto clean; } ok = EVP_SignFinal(&md, sig, &len, pkey); if (ok <= 0) { char ebuf[256]; error("%s: SignFinal fail with errormsg='%.*s'" , __func__ , (int)sizeof(ebuf), openssl_errormsg(ebuf, sizeof(ebuf))); goto clean; }clean: ssh_EVP_MD_CTX_cleanup(&md);done: if (pkey != NULL) EVP_PKEY_free(pkey);}#endif /*ndef USE_LEGACY_RSA_SIGN*/ if (ok <= 0) { #ifdef USE_LEGACY_RSA_SIGN int ecode = ERR_get_error(); error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL)); #endif /*def USE_LEGACY_RSA_SIGN*/ xfree(sig); return -1; }//.........这里部分代码省略.........
开发者ID:msftguy,项目名称:openssh-sc,代码行数:101,
示例14: do_ca_cert_bootstrapstatic intdo_ca_cert_bootstrap(struct stream *stream){ struct ssl_stream *sslv = ssl_stream_cast(stream); STACK_OF(X509) *chain; X509 *cert; FILE *file; int error; int fd; chain = SSL_get_peer_cert_chain(sslv->ssl); if (!chain || !sk_X509_num(chain)) { VLOG_ERR("could not bootstrap CA cert: no certificate presented by " "peer"); return EPROTO; } cert = sk_X509_value(chain, sk_X509_num(chain) - 1); /* Check that 'cert' is self-signed. Otherwise it is not a CA * certificate and we should not attempt to use it as one. */ error = X509_check_issued(cert, cert); if (error) { VLOG_ERR("could not bootstrap CA cert: obtained certificate is " "not self-signed (%s)", X509_verify_cert_error_string(error)); if (sk_X509_num(chain) < 2) { VLOG_ERR("only one certificate was received, so probably the peer " "is not configured to send its CA certificate"); } return EPROTO; } fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444); if (fd < 0) { if (errno == EEXIST) { VLOG_INFO_RL(&rl, "reading CA cert %s created by another process", ca_cert.file_name); stream_ssl_set_ca_cert_file__(ca_cert.file_name, true, true); return EPROTO; } else { VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", ca_cert.file_name, ovs_strerror(errno)); return errno; } } file = fdopen(fd, "w"); if (!file) { error = errno; VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s", ovs_strerror(error)); unlink(ca_cert.file_name); return error; } if (!PEM_write_X509(file, cert)) { VLOG_ERR("could not bootstrap CA cert: PEM_write_X509 to %s failed: " "%s", ca_cert.file_name, ERR_error_string(ERR_get_error(), NULL)); fclose(file); unlink(ca_cert.file_name); return EIO; } if (fclose(file)) { error = errno; VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s", ca_cert.file_name, ovs_strerror(error)); unlink(ca_cert.file_name); return error; } VLOG_INFO("successfully bootstrapped CA cert to %s", ca_cert.file_name); log_ca_cert(ca_cert.file_name, cert); bootstrap_ca_cert = false; ca_cert.read = true; /* SSL_CTX_add_client_CA makes a copy of cert's relevant data. */ SSL_CTX_add_client_CA(ctx, cert); SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) { VLOG_ERR("SSL_CTX_load_verify_locations: %s", ERR_error_string(ERR_get_error(), NULL)); return EPROTO; } VLOG_INFO("killing successful connection to retry using CA cert"); return EPROTO;}
开发者ID:flavio-fernandes,项目名称:ovs,代码行数:89,
示例15: AuthenticateAgentint AuthenticateAgent(AgentConnection *conn, Attributes attr, Promise *pp){ char sendbuffer[CF_EXPANDSIZE], in[CF_BUFSIZE], *out, *decrypted_cchall; BIGNUM *nonce_challenge, *bn = NULL; unsigned long err; unsigned char digest[EVP_MAX_MD_SIZE]; int encrypted_len, nonce_len = 0, len, session_size; bool implicitly_trust_server; char enterprise_field = 'c'; RSA *server_pubkey = NULL; if ((PUBKEY == NULL) || (PRIVKEY == NULL)) { CfOut(cf_error, "", "No public/private key pair found at %s/n", CFPUBKEYFILE); return false; } enterprise_field = CfEnterpriseOptions(); session_size = CfSessionKeySize(enterprise_field);/* Generate a random challenge to authenticate the server */ nonce_challenge = BN_new(); if (nonce_challenge == NULL) { CfOut(cf_error, "", "Cannot allocate BIGNUM structure for server challenge/n"); return false; } BN_rand(nonce_challenge, CF_NONCELEN, 0, 0); nonce_len = BN_bn2mpi(nonce_challenge, in); if (FIPS_MODE) { HashString(in, nonce_len, digest, CF_DEFAULT_DIGEST); } else { HashString(in, nonce_len, digest, cf_md5); }/* We assume that the server bound to the remote socket is the official one i.e. = root's */ if ((server_pubkey = HavePublicKeyByIP(conn->username, conn->remoteip))) { implicitly_trust_server = false; encrypted_len = RSA_size(server_pubkey); } else { implicitly_trust_server = true; encrypted_len = nonce_len; }// Server pubkey is what we want to has as a unique ID snprintf(sendbuffer, sizeof(sendbuffer), "SAUTH %c %d %d %c", implicitly_trust_server ? 'n': 'y', encrypted_len, nonce_len, enterprise_field); out = xmalloc(encrypted_len); if (server_pubkey != NULL) { if (RSA_public_encrypt(nonce_len, in, out, server_pubkey, RSA_PKCS1_PADDING) <= 0) { err = ERR_get_error(); cfPS(cf_error, CF_FAIL, "", pp, attr, "Public encryption failed = %s/n", ERR_reason_error_string(err)); free(out); RSA_free(server_pubkey); return false; } memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, out, encrypted_len); } else { memcpy(sendbuffer + CF_RSA_PROTO_OFFSET, in, nonce_len); }/* proposition C1 - Send challenge / nonce */ SendTransaction(conn->sd, sendbuffer, CF_RSA_PROTO_OFFSET + encrypted_len, CF_DONE); BN_free(bn); BN_free(nonce_challenge); free(out); if (DEBUG) { RSA_print_fp(stdout, PUBKEY, 0); }/*Send the public key - we don't know if server has it *//* proposition C2 */ memset(sendbuffer, 0, CF_EXPANDSIZE); len = BN_bn2mpi(PUBKEY->n, sendbuffer); SendTransaction(conn->sd, sendbuffer, len, CF_DONE); /* No need to encrypt the public key ... *//* proposition C3 *///.........这里部分代码省略.........
开发者ID:werkt,项目名称:cfengine-community,代码行数:101,
示例16: _getdns_verify_canonrrset//.........这里部分代码省略......... * @param sigblock: signature rdata field from RRSIG * @param sigblock_len: length of sigblock data. * @param key: public key data from DNSKEY RR. * @param keylen: length of keydata. * @param reason: bogus reason in more detail. * @return secure if verification succeeded, bogus on crypto failure, * unchecked on format errors and alloc failures. */int_getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen, char** reason){ const EVP_MD *digest_type; EVP_MD_CTX* ctx; int res, dofree = 0; EVP_PKEY *evp_key = NULL; if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) { verbose(VERB_QUERY, "verify: failed to setup key"); *reason = "use of key for crypto failed"; EVP_PKEY_free(evp_key); return 0; }#ifdef USE_DSA /* if it is a DSA signature in bind format, convert to DER format */ if((algo == GLDNS_DSA || algo == GLDNS_DSA_NSEC3) && sigblock_len == 1+2*SHA_DIGEST_LENGTH) { if(!setup_dsa_sig(&sigblock, &sigblock_len)) { verbose(VERB_QUERY, "verify: failed to setup DSA sig"); *reason = "use of key for DSA crypto failed"; EVP_PKEY_free(evp_key); return 0; } dofree = 1; }#endif#if defined(USE_ECDSA) && defined(USE_DSA) else #endif#ifdef USE_ECDSA if(algo == GLDNS_ECDSAP256SHA256 || algo == GLDNS_ECDSAP384SHA384) { /* EVP uses ASN prefix on sig, which is not in the wire data */ if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) { verbose(VERB_QUERY, "verify: failed to setup ECDSA sig"); *reason = "use of signature for ECDSA crypto failed"; EVP_PKEY_free(evp_key); return 0; } dofree = 1; }#endif /* USE_ECDSA */ /* do the signature cryptography work */#ifdef HAVE_EVP_MD_CTX_NEW ctx = EVP_MD_CTX_new();#else ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx)); if(ctx) EVP_MD_CTX_init(ctx);#endif if(!ctx) { log_err("EVP_MD_CTX_new: malloc failure"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); return 0; } if(EVP_VerifyInit(ctx, digest_type) == 0) { verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); return 0; } if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), (unsigned int)gldns_buffer_limit(buf)) == 0) { verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); return 0; } res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key); EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); if(res == 1) { return 1; } else if(res == 0) { verbose(VERB_QUERY, "verify: signature mismatch"); *reason = "signature crypto failed"; return 0; } log_crypto_error("verify:", ERR_get_error()); return 0;}
开发者ID:blep,项目名称:getdns,代码行数:101,
示例17: pvoid pki_evp::fload(const QString fname){ pass_info p(XCA_TITLE, qApp->translate("MainWindow", "Please enter the password to decrypt the private key: '%1'"). arg(fname)); pem_password_cb *cb = MainWindow::passRead; FILE *fp = fopen(QString2filename(fname), "r"); EVP_PKEY *pkey; pki_ign_openssl_error(); if (!fp) { fopen_error(fname); return; } pkey = PEM_read_PrivateKey(fp, NULL, cb, &p); if (!pkey) { if (ERR_get_error() == 0x06065064) { fclose(fp); pki_ign_openssl_error(); throw errorEx(tr("Failed to decrypt the key (bad password) ") + fname, class_name); } } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PrivateKey_fp(fp, NULL); } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, cb, &p); } if (!pkey) { PKCS8_PRIV_KEY_INFO *p8inf; pki_ign_openssl_error(); rewind(fp); p8inf = d2i_PKCS8_PRIV_KEY_INFO_fp(fp, NULL); if (p8inf) { pkey = EVP_PKCS82PKEY(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); } } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = PEM_read_PUBKEY(fp, NULL, cb, &p); } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PUBKEY_fp(fp, NULL); } fclose(fp); if (pki_ign_openssl_error()) { if (pkey) EVP_PKEY_free(pkey); throw errorEx(tr("Unable to load the private key in file %1. Tried PEM and DER private, public and PKCS#8 key types.").arg(fname)); } if (pkey){ if (pkey->type == EVP_PKEY_EC) search_ec_oid(pkey->pkey.ec); if (key) EVP_PKEY_free(key); key = pkey; if (EVP_PKEY_isPrivKey(key)) bogusEncryptKey(); setIntName(rmslashdot(fname)); }}
开发者ID:J-Javan,项目名称:xca,代码行数:70,
示例18: sign_tftf/** * @brief Sign a TFTF * * @param filename The pathname to the TFTF file to sign. * @param signature_format The pathname to the TFTF file to sign. * @param signature_algorithm The pathname to the TFTF file to sign. * @param key_filename The pathname to the TFTF file to sign. * @param write_if_good If true and we were able to sign it, write the signed * TFTF file. If false only verify we can sign the TFTF. * @param verbose If true, display the signed TFTF. * * @returns True on success, false on failure */bool sign_tftf(const char * filename, const uint32_t signature_algorithm, const char * key_name, const char * key_filename, const bool write_if_good, const bool verbose) { bool success = false; int status; ssize_t tftf_size; tftf_header * tftf_hdr = NULL; char * loc_key_filename = NULL; /* Sanity check */ if (!filename || !key_filename) { fprintf (stderr, "ERROR (sign_tftf): invalid parameters/n"); return false; } /* Create a local copy of the key_filename */ loc_key_filename = malloc(strlen(key_filename) + 1); if (!loc_key_filename) { fprintf(stderr, "ERROR (sign_tftf): can't alloc. local key_filename/n"); return false; } strcpy(loc_key_filename, key_filename); /* Read in the TFTF file as a blob */ tftf_hdr = (tftf_header *)alloc_load_file(filename, &tftf_size); if (tftf_hdr) { EVP_MD_CTX * mdctx; uint8_t * hdr_signable_start = NULL; size_t hdr_signable_length = 0; uint8_t * scn_signable_start = NULL; size_t scn_signable_length = 0; tftf_signature signature_block; uint8_t md_value[EVP_MAX_MD_SIZE]; unsigned int md_len; unsigned int sig_len = sizeof(signature_block.signature); /* Initialize the signature block */ signature_block.length = sizeof(signature_block); signature_block.type = signature_algorithm; safer_strcpy(signature_block.key_name, sizeof(signature_block.key_name), key_name); /* Extract the signable blob from the TFTF and sign it */ success = tftf_get_signable_region(tftf_hdr, &hdr_signable_start, &hdr_signable_length, &scn_signable_start, &scn_signable_length); mdctx = EVP_MD_CTX_create(); if (mdctx) { status = EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL); if (status < 1) { fprintf(stderr, "ERROR: EVP_DigestInit_ex failed: %s/n", ERR_error_string(ERR_get_error(), NULL)); goto signing_err; } status = EVP_DigestUpdate(mdctx, hdr_signable_start, hdr_signable_length); if (status < 1) { fprintf(stderr, "ERROR: EVP_DigestUpdate (hdr) failed: %s/n", ERR_error_string(ERR_get_error(), NULL)); goto signing_err; } status = EVP_DigestUpdate(mdctx, scn_signable_start, scn_signable_length); if (status < 1) { fprintf(stderr, "ERROR: EVP_DigestUpdate (scn) failed: %s/n", ERR_error_string(ERR_get_error(), NULL)); goto signing_err; } status = EVP_DigestFinal_ex(mdctx, md_value, &md_len); if (status < 1) { fprintf(stderr, "ERROR: EVP_DigestFinal_ex failed: %s/n", ERR_error_string(ERR_get_error(), NULL)); goto signing_err; } status = RSA_sign(NID_sha256, md_value, md_len, signature_block.signature, &sig_len, rsa); if (status < 1) { fprintf(stderr, "ERROR: RSA_sign failed: %s/n",//.........这里部分代码省略.........
开发者ID:JoshKaufman,项目名称:bootrom-tools,代码行数:101,
示例19: SslExceptionvoid SslContext::setCerti(const std::string &file, TYPE_FILE){ this->_certi = file; if (!SSL_CTX_use_certificate_file(this->_ctx, this->_certi.c_str(),SSL_FILETYPE_PEM)) throw SslException(SslException::CONTEXT , ERR_error_string(ERR_get_error(), NULL));}
开发者ID:BGCX261,项目名称:zia-tools-svn-to-git,代码行数:6,
示例20: BIO_new bytes public_key::serialize()const { bytes ba; if( !my ) { return ba; } BIO *mem = BIO_new(BIO_s_mem()); int e = PEM_write_bio_RSAPublicKey( mem, my->rsa ); if( e != 1 ) { BIO_free(mem); FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) ); } char* dat; uint32_t l = BIO_get_mem_data( mem, &dat ); fc::stringstream ss( string( dat, l ) ); fc::stringstream key; fc::string tmp; fc::getline( ss, tmp ); fc::getline( ss, tmp ); while( tmp.size() && tmp[0] != '-' ) { key << tmp; fc::getline( ss, tmp ); } auto str = key.str(); str = fc::base64_decode( str ); ba = bytes( str.begin(), str.end() ); BIO_free(mem); return ba; }
开发者ID:FollowMyVote,项目名称:fc,代码行数:32,
示例21: run_receiverint run_receiver(UDR_Options * udr_options) { int orig_ppid = getppid(); UDT::startup(); addrinfo hints; addrinfo* res; set_verbosity(udr_options->verbose); memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_flags = AI_PASSIVE; hints.ai_family = AF_INET; hints.ai_socktype = SOCK_STREAM; char receiver_port[NI_MAXSERV]; UDTSOCKET serv; bool bad_port = false; for(int port_num = udr_options->start_port; port_num < udr_options->end_port; port_num++) { bad_port = false; snprintf(receiver_port, sizeof(receiver_port), "%d", port_num); if (0 != getaddrinfo(NULL, receiver_port, &hints, &res)) { bad_port = true; } else { serv = UDT::socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (UDT::ERROR == UDT::bind(serv, res->ai_addr, res->ai_addrlen)) { bad_port = true; } } freeaddrinfo(res); if(!bad_port) break; } if(bad_port){ fprintf(stderr, "[udr receiver] ERROR: could not bind to any port in range %d - %d/n", udr_options->start_port, udr_options->end_port); return 0; } unsigned char rand_pp[PASSPHRASE_SIZE]; if (!RAND_bytes((unsigned char *) rand_pp, PASSPHRASE_SIZE)) { fprintf(stderr, "Couldn't generate random key: %ld/n", ERR_get_error()); exit(EXIT_FAILURE); } //stdout port number and password -- to send back to the client printf("%s ", receiver_port); for(int i = 0; i < PASSPHRASE_SIZE; i++) { printf("%02x", rand_pp[i]); } printf(" /n"); fflush(stdout); verbose_print("[udr receiver] server is ready at port %s/n", receiver_port); if (UDT::ERROR == UDT::listen(serv, 10)) { cerr << "[udr receiver] listen: " << UDT::getlasterror().getErrorMessage() << endl; return 0; } sockaddr_storage clientaddr; int addrlen = sizeof(clientaddr); UDTSOCKET recver; if (UDT::INVALID_SOCK == (recver = UDT::accept(serv, (sockaddr*)&clientaddr, &addrlen))) { fprintf(stderr, "[udr receiver] accept: %s/n", UDT::getlasterror().getErrorMessage()); return 0; } char clienthost[NI_MAXHOST]; char clientservice[NI_MAXSERV]; getnameinfo((sockaddr *)&clientaddr, addrlen, clienthost, sizeof(clienthost), clientservice, sizeof(clientservice), NI_NUMERICHOST|NI_NUMERICSERV); string cmd_str = udt_recv_string(recver); const char * cmd = cmd_str.c_str(); //perhaps want to at least check that starts with rsync? if(strncmp(cmd, "rsync ", 5) != 0){ exit(1); } char * rsync_cmd; if(udr_options->server_connect){ verbose_print("[udr receiver] server connect mode/n"); rsync_cmd = (char *)malloc(100); if(strlen(udr_options->server_config) > 0){//.........这里部分代码省略.........
开发者ID:mtgreenway,项目名称:UDR,代码行数:101,
示例22: RSA_size signature private_key::sign( const sha256& digest )const { if( !my ) FC_THROW_EXCEPTION( assert_exception, "!null" ); signature sig; sig.resize( RSA_size(my->rsa) ); uint32_t slen = 0; if( 1 != RSA_sign( NID_sha256, (uint8_t*)digest.data(), 32, (unsigned char*)sig.data(), &slen, my->rsa ) ) { FC_THROW_EXCEPTION( exception, "rsa sign failed with ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) ); } return sig; }
开发者ID:FollowMyVote,项目名称:fc,代码行数:14,
示例23: CompareCertToRSA/** * @retval 1 equal * @retval 0 not equal * @retval -1 error */static int CompareCertToRSA(X509 *cert, RSA *rsa_key){ int ret; int retval = -1; /* ERROR */ EVP_PKEY *cert_pkey = X509_get_pubkey(cert); if (cert_pkey == NULL) { Log(LOG_LEVEL_ERR, "X509_get_pubkey: %s", TLSErrorString(ERR_get_error())); goto ret1; } if (EVP_PKEY_base_id(cert_pkey) != EVP_PKEY_RSA) { Log(LOG_LEVEL_ERR, "Received key of unknown type, only RSA currently supported!"); goto ret2; } RSA *cert_rsa_key = EVP_PKEY_get1_RSA(cert_pkey); if (cert_rsa_key == NULL) { Log(LOG_LEVEL_ERR, "TLSVerifyPeer: EVP_PKEY_get1_RSA failed!"); goto ret2; } EVP_PKEY *rsa_pkey = EVP_PKEY_new(); if (rsa_pkey == NULL) { Log(LOG_LEVEL_ERR, "TLSVerifyPeer: EVP_PKEY_new allocation failed!"); goto ret3; } ret = EVP_PKEY_set1_RSA(rsa_pkey, rsa_key); if (ret == 0) { Log(LOG_LEVEL_ERR, "TLSVerifyPeer: EVP_PKEY_set1_RSA failed!"); goto ret4; } ret = EVP_PKEY_cmp(cert_pkey, rsa_pkey); if (ret == 1) { Log(LOG_LEVEL_DEBUG, "Public key to certificate compare equal"); retval = 1; /* EQUAL */ } else if (ret == 0 || ret == -1) { Log(LOG_LEVEL_DEBUG, "Public key to certificate compare different"); retval = 0; /* NOT EQUAL */ } else { Log(LOG_LEVEL_ERR, "OpenSSL EVP_PKEY_cmp: %d %s", ret, TLSErrorString(ERR_get_error())); } ret4: EVP_PKEY_free(rsa_pkey); ret3: RSA_free(cert_rsa_key); ret2: EVP_PKEY_free(cert_pkey); ret1: return retval;}
开发者ID:cfengine,项目名称:core,代码行数:74,
注:本文中的ERR_get_error函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。
C++ ERR_lib_error_string函数代码示例
C++ ERR_free_strings函数代码示例 |
