From 7c7a847f5275dcbe059a2f9435edae19abaea37c Mon Sep 17 00:00:00 2001 From: Denes Matetelki Date: Sun, 27 Nov 2011 19:19:18 +0100 Subject: [PATCH] SSL server/client works. --- include/SslConnection.hpp | 2 + other/sslserver_main.cpp | 8 ++- src/Poll.cpp | 1 - src/SslConnection.cpp | 121 ++++++++++++++++++-------------------- 4 files changed, 65 insertions(+), 67 deletions(-) diff --git a/include/SslConnection.hpp b/include/SslConnection.hpp index b48edd1..e319b52 100644 --- a/include/SslConnection.hpp +++ b/include/SslConnection.hpp @@ -57,9 +57,11 @@ private: SslConnection& operator=(const SslConnection&); bool initHandle(); + void setHandle(SSL *handle); std::string getSslError(const std::string &msg); bool loadCertificates( const std::string certificateFile, const std::string keyFile ); + void showCertificates(); TcpConnection m_tcpConnection; diff --git a/other/sslserver_main.cpp b/other/sslserver_main.cpp index b5dc4f8..bfbbd38 100644 --- a/other/sslserver_main.cpp +++ b/other/sslserver_main.cpp @@ -100,7 +100,13 @@ int main(int argc, char* argv[] ) EchoMessage msg; SslConnection conn(argv[1], StrToT(argv[2]), &msg); - conn.initServerContext(argv[3], argv[4]); + if ( !conn.initServerContext(argv[3], argv[4]) ) { + LOG_STATIC( Logger::ERR, "Failed to init SSL context, exiting..."); + SslConnection::destroy(); + Logger::destroy(); + return 1; + } + socketServer = new SocketServer(&conn); if ( !socketServer->start() ) { diff --git a/src/Poll.cpp b/src/Poll.cpp index e35174b..4b9452e 100644 --- a/src/Poll.cpp +++ b/src/Poll.cpp @@ -83,7 +83,6 @@ void Poll::acceptClient() int client_socket = m_connection->accept(); - if ( client_socket == -1 ) { return; } diff --git a/src/SslConnection.cpp b/src/SslConnection.cpp index 3f874ae..310c84f 100644 --- a/src/SslConnection.cpp +++ b/src/SslConnection.cpp @@ -78,7 +78,7 @@ Connection* SslConnection::clone(const int socket) TRACE; SslConnection *conn = new SslConnection( socket, m_message->clone(), m_bufferLength ); - conn->initClientContext(); + conn->setHandle(m_sslHandle); return conn; } @@ -90,20 +90,15 @@ bool SslConnection::connect() if ( !m_tcpConnection.connect() ) return false; -// if ( !initHandlers() ) -// return false; - if ( SSL_set_fd(m_sslHandle, m_tcpConnection.getSocket() ) == 0 ) { - getSslError("SSL set connection socket failed. "); + LOG( Logger::ERR, getSslError("SSL set connection socket failed. ").c_str() ); return -1; } - LOG( Logger::INFO, "itt" ); if ( SSL_connect (m_sslHandle) != 1 ) { LOG (Logger::ERR, getSslError("SSL handshake failed. ").c_str() ); return false; } - LOG( Logger::INFO, "de itt mar nem?" ); return true; } @@ -113,14 +108,7 @@ bool SslConnection::bind() { TRACE; - if ( !m_tcpConnection.bind() ) - return false; - -// if ( !initHandlers() ) -// return false; - - - return true; + return m_tcpConnection.bind(); } @@ -139,22 +127,16 @@ int SslConnection::accept() if ( client_socket == -1) return client_socket; - LOG( Logger::INFO, "server itt"); - if ( SSL_set_fd(m_sslHandle, client_socket) == 0 ) { - getSslError("SSL set connection socket failed. "); + LOG( Logger::ERR, getSslError("SSL set connection socket failed. ").c_str() ); return -1; } - LOG( Logger::INFO, "server itt 2"); - if ( SSL_accept(m_sslHandle) == -1 ) { - getSslError("SSL accept failed. "); + LOG( Logger::ERR, getSslError("SSL accept failed. ").c_str() ); return -1; } - LOG( Logger::INFO, "server itt 3"); - return client_socket; } @@ -203,7 +185,7 @@ bool SslConnection::initServerContext( const std::string certificateFile, { TRACE; - m_sslContext = SSL_CTX_new (SSLv2_server_method ()); + m_sslContext = SSL_CTX_new (SSLv3_method ()); if ( m_sslContext == NULL ) { LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() ); return false; @@ -212,6 +194,8 @@ bool SslConnection::initServerContext( const std::string certificateFile, if ( !loadCertificates(certificateFile, privateKeyFile) ) return false; + showCertificates(); + return initHandle(); } @@ -220,7 +204,7 @@ bool SslConnection::initClientContext() { TRACE; - m_sslContext = SSL_CTX_new (SSLv23_client_method ()); + m_sslContext = SSL_CTX_new (SSLv3_method ()); if ( m_sslContext == NULL ) { LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() ); return false; @@ -259,10 +243,9 @@ bool SslConnection::receive() if ( length > 0 ) return m_message->buildMessage( (void*)m_buffer, (size_t)length); - unsigned long sslErrNo = ERR_peek_error(); - if ( length == 0 && sslErrNo == SSL_ERROR_ZERO_RETURN ) { - LOG( Logger::INFO, "Underlying connection has been closed."); - return true; + if ( length == 0 ) { + LOG( Logger::INFO, "SSL connection has been closed."); + return false; } LOG (Logger::ERR, getSslError("SSL read failed. ").c_str() ); @@ -287,18 +270,22 @@ bool SslConnection::initHandle() return false; } + return true; +} - if ( !SSL_set_fd (m_sslHandle, m_tcpConnection.getSocket()) ) { - LOG (Logger::ERR, getSslError("Connect the SSL object with a file descriptor failed. ").c_str() ); - return false; - } - return true; +void SslConnection::setHandle(SSL *handle) +{ + TRACE; + + m_sslHandle = handle; } std::string SslConnection::getSslError(const std::string &msg) { + TRACE; + char buffer[130]; unsigned long sslErrNo = ERR_get_error(); @@ -311,46 +298,50 @@ std::string SslConnection::getSslError(const std::string &msg) bool SslConnection::loadCertificates( const std::string certificateFile, const std::string privateKeyFile ) { - if ( SSL_CTX_use_certificate_file(m_sslContext, certificateFile.c_str(), SSL_FILETYPE_PEM) != 1 ) - { - getSslError("SSL certificate file loading failed. "); + TRACE; + + if ( SSL_CTX_use_certificate_file(m_sslContext, + certificateFile.c_str(), + SSL_FILETYPE_PEM) != 1 ) { + LOG (Logger::ERR, getSslError("SSL certificate file loading failed. ").c_str() ); return false; } - if ( SSL_CTX_use_PrivateKey_file(m_sslContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM) != 1 ) - { - getSslError("SSL private Key file loading failed. "); + if ( SSL_CTX_use_PrivateKey_file(m_sslContext, + privateKeyFile.c_str(), + SSL_FILETYPE_PEM) != 1 ) { + LOG (Logger::ERR, getSslError("SSL private Key file loading failed. ").c_str() ); return false; } - if ( SSL_CTX_check_private_key(m_sslContext) != 1 ) - { - LOG( Logger::ERR, "Private key does not match the public certificate\n"); + if ( SSL_CTX_check_private_key(m_sslContext) != 1 ) { + LOG( Logger::ERR, getSslError("Private key does not match the public certificate.\n").c_str() ); return false; } return true; } -/*---------------------------------------------------------------------*/ -/*--- ShowCerts - print out certificates. ---*/ -/*---------------------------------------------------------------------*/ -// void showCertificates(SSL* ssl) -// { X509 *cert; -// char *line; -// -// cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */ -// if ( cert != NULL ) -// { -// printf("Server certificates:\n"); -// line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); -// printf("Subject: %s\n", line); -// free(line); -// line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); -// printf("Issuer: %s\n", line); -// free(line); -// X509_free(cert); -// } -// else -// printf("No certificates.\n"); -// } + +void SslConnection::showCertificates() +{ + TRACE; + + X509 *cert = SSL_get_peer_certificate(m_sslHandle); + if (cert == NULL) { + LOG( Logger::ERR, "SSL get peer certificate failed. " ); + return; + } + + char *line; + line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); + LOG( Logger::DEBUG, std::string("Server certificate, subject: \"").append(line).append("\"").c_str() ); + free(line); + + line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); + LOG( Logger::DEBUG, std::string("Server certificate, issuer: \"").append(line).append("\"").c_str() ); + free(line); + + X509_free(cert); + return; +}