SSL server/client works.

include/SslConnection.hpp

@@ -57,9 +57,11 @@ private:
   SslConnection& operator=(const SslConnection&);
 
   bool initHandle();
+  void setHandle(SSL *handle);
   std::string getSslError(const std::string &msg);
   bool loadCertificates( const std::string certificateFile,
                          const std::string keyFile );
+  void showCertificates();
 
 
   TcpConnection   m_tcpConnection;

other/sslserver_main.cpp

@@ -100,7 +100,13 @@ int main(int argc, char* argv[] )
 
   EchoMessage msg;
   SslConnection conn(argv[1], StrToT<int>(argv[2]), &msg);
-  conn.initServerContext(argv[3], argv[4]);
+  if ( !conn.initServerContext(argv[3], argv[4]) ) {
+    LOG_STATIC( Logger::ERR, "Failed to init SSL context, exiting...");
+    SslConnection::destroy();
+    Logger::destroy();
+    return 1;
+  }
+
   socketServer = new SocketServer(&conn);
 
   if ( !socketServer->start() ) {

src/Poll.cpp

@@ -83,7 +83,6 @@ void Poll::acceptClient()
 
   int client_socket = m_connection->accept();
 
-
   if ( client_socket == -1 ) {
     return;
   }

src/SslConnection.cpp

@@ -78,7 +78,7 @@ Connection* SslConnection::clone(const int socket)
   TRACE;
 
   SslConnection *conn = new SslConnection( socket, m_message->clone(), m_bufferLength );
-  conn->initClientContext();
+  conn->setHandle(m_sslHandle);
   return conn;
 }
 
@@ -90,20 +90,15 @@ bool SslConnection::connect()
   if ( !m_tcpConnection.connect() )
     return false;
 
-//   if ( !initHandlers() )
-//     return false;
-
   if ( SSL_set_fd(m_sslHandle, m_tcpConnection.getSocket() ) == 0 ) {
-    getSslError("SSL set connection socket failed. ");
+    LOG( Logger::ERR, getSslError("SSL set connection socket failed. ").c_str() );
     return -1;
   }
 
-  LOG( Logger::INFO, "itt" );
   if ( SSL_connect (m_sslHandle) != 1 ) {
     LOG (Logger::ERR, getSslError("SSL handshake failed. ").c_str() );
     return false;
   }
-  LOG( Logger::INFO, "de itt mar nem?" );
 
   return true;
 }
@@ -113,14 +108,7 @@ bool SslConnection::bind()
 {
   TRACE;
 
-  if ( !m_tcpConnection.bind() )
+  return m_tcpConnection.bind();
-    return false;
-
-//   if ( !initHandlers() )
-//     return false;
-
-
-  return true;
 }
 
 
@@ -139,22 +127,16 @@ int SslConnection::accept()
   if ( client_socket == -1)
     return client_socket;
 
-  LOG( Logger::INFO, "server itt");
-
   if ( SSL_set_fd(m_sslHandle, client_socket) == 0 ) {
-    getSslError("SSL set connection socket failed. ");
+    LOG( Logger::ERR, getSslError("SSL set connection socket failed. ").c_str() );
     return -1;
   }
 
-  LOG( Logger::INFO, "server itt 2");
-
   if ( SSL_accept(m_sslHandle) == -1 ) {
-    getSslError("SSL accept failed. ");
+    LOG( Logger::ERR, getSslError("SSL accept failed. ").c_str() );
     return -1;
   }
 
-  LOG( Logger::INFO, "server itt 3");
-
   return client_socket;
 }
 
@@ -203,7 +185,7 @@ bool SslConnection::initServerContext( const std::string certificateFile,
 {
   TRACE;
 
-  m_sslContext = SSL_CTX_new (SSLv2_server_method ());
+  m_sslContext = SSL_CTX_new (SSLv3_method ());
   if ( m_sslContext == NULL ) {
     LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
     return false;
@@ -212,6 +194,8 @@ bool SslConnection::initServerContext( const std::string certificateFile,
   if ( !loadCertificates(certificateFile, privateKeyFile) )
     return false;
 
+  showCertificates();
+
   return initHandle();
 }
 
@@ -220,7 +204,7 @@ bool SslConnection::initClientContext()
 {
   TRACE;
 
-  m_sslContext = SSL_CTX_new (SSLv23_client_method ());
+  m_sslContext = SSL_CTX_new (SSLv3_method ());
   if ( m_sslContext == NULL ) {
     LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
     return false;
@@ -259,10 +243,9 @@ bool SslConnection::receive()
   if ( length > 0 )
     return m_message->buildMessage( (void*)m_buffer, (size_t)length);
 
-  unsigned long sslErrNo = ERR_peek_error();
+  if ( length == 0 ) {
-  if ( length == 0 && sslErrNo == SSL_ERROR_ZERO_RETURN ) {
+    LOG( Logger::INFO, "SSL connection has been closed.");
-    LOG( Logger::INFO, "Underlying connection has been closed.");
+    return false;
-    return true;
   }
 
   LOG (Logger::ERR, getSslError("SSL read failed. ").c_str() );
@@ -287,18 +270,22 @@ bool SslConnection::initHandle()
     return false;
   }
 
+  return true;
+}
 
-  if ( !SSL_set_fd (m_sslHandle, m_tcpConnection.getSocket()) ) {
-    LOG (Logger::ERR, getSslError("Connect the SSL object with a file descriptor failed. ").c_str() );
-    return false;
-  }
 
-  return true;
+void SslConnection::setHandle(SSL *handle)
+{
+  TRACE;
+
+  m_sslHandle = handle;
 }
 
 
 std::string SslConnection::getSslError(const std::string &msg)
 {
+  TRACE;
+
   char buffer[130];
   unsigned long sslErrNo = ERR_get_error();
 
@@ -311,46 +298,50 @@ std::string SslConnection::getSslError(const std::string &msg)
 bool SslConnection::loadCertificates( const std::string certificateFile,
                                       const std::string privateKeyFile )
 {
-  if ( SSL_CTX_use_certificate_file(m_sslContext, certificateFile.c_str(), SSL_FILETYPE_PEM) != 1 )
+  TRACE;
-  {
+
-    getSslError("SSL certificate file loading failed. ");
+  if ( SSL_CTX_use_certificate_file(m_sslContext,
+                                    certificateFile.c_str(),
+                                    SSL_FILETYPE_PEM) != 1 ) {
+    LOG (Logger::ERR, getSslError("SSL certificate file loading failed. ").c_str() );
     return false;
   }
 
-  if ( SSL_CTX_use_PrivateKey_file(m_sslContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM) != 1 )
+  if ( SSL_CTX_use_PrivateKey_file(m_sslContext,
-  {
+                                   privateKeyFile.c_str(),
-    getSslError("SSL private Key file loading failed. ");
+                                   SSL_FILETYPE_PEM) != 1 ) {
+    LOG (Logger::ERR, getSslError("SSL private Key file loading failed. ").c_str() );
     return false;
   }
 
-  if ( SSL_CTX_check_private_key(m_sslContext) != 1 )
+  if ( SSL_CTX_check_private_key(m_sslContext) != 1 ) {
-  {
+    LOG( Logger::ERR, getSslError("Private key does not match the public certificate.\n").c_str() );
-    LOG( Logger::ERR, "Private key does not match the public certificate\n");
     return false;
   }
 
   return true;
 }
 
-/*---------------------------------------------------------------------*/
+
-/*--- ShowCerts - print out certificates.                           ---*/
+void SslConnection::showCertificates()
-/*---------------------------------------------------------------------*/
+{
-// void showCertificates(SSL* ssl)
+  TRACE;
-// {   X509 *cert;
+
-//     char *line;
+  X509 *cert = SSL_get_peer_certificate(m_sslHandle);
-//
+  if (cert == NULL) {
-//     cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
+    LOG( Logger::ERR, "SSL get peer certificate failed. " );
-//     if ( cert != NULL )
+    return;
-//     {
+  }
-//         printf("Server certificates:\n");
+
-//         line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+  char *line;
-//         printf("Subject: %s\n", line);
+  line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
-//         free(line);
+  LOG( Logger::DEBUG, std::string("Server certificate, subject: \"").append(line).append("\"").c_str() );
-//         line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+  free(line);
-//         printf("Issuer: %s\n", line);
+
-//         free(line);
+  line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
-//         X509_free(cert);
+  LOG( Logger::DEBUG, std::string("Server certificate, issuer: \"").append(line).append("\"").c_str() );
-//     }
+  free(line);
-//     else
+
-//         printf("No certificates.\n");
+  X509_free(cert);
-// }
+  return;
+}