denes
/
cpp_utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SSL Connection certificate loading, handshake still not ok

Browse Source
master
Denes Matetelki 13 years ago
parent f8457bff9d
commit 8fb9640ec7
8 changed files with 127 additions and 32 deletions
Show Stats Download Patch File Download Diff File

8
include/SslConnection.hpp
Unescape View File

@ -38,6 +38,10 @@ public:
bool connect(); bool connect();
bool disconnect(); bool disconnect();
bool initServerContext( const std::string certificateFile,
const std::string privateKeyFile );
bool initClientContext();
bool send( const void* message, const size_t length ); bool send( const void* message, const size_t length );
bool receive(); bool receive();
@ -52,8 +56,10 @@ private:
SslConnection(const SslConnection&); SslConnection(const SslConnection&);
SslConnection& operator=(const SslConnection&); SslConnection& operator=(const SslConnection&);
bool initHandlers(); bool initHandle();
std::string getSslError(const std::string &msg); std::string getSslError(const std::string &msg);
bool loadCertificates( const std::string certificateFile,
const std::string keyFile );
TcpConnection m_tcpConnection; TcpConnection m_tcpConnection;

1
other/sslclient_main.cpp
Unescape View File

@ -78,6 +78,7 @@ int main(int argc, char* argv[] )
SimpleMessage msg(&finished); SimpleMessage msg(&finished);
SslConnection conn(argv[1], StrToT<int>(argv[2]), &msg); SslConnection conn(argv[1], StrToT<int>(argv[2]), &msg);
conn.initClientContext();
SocketClient socketClient(&conn); SocketClient socketClient(&conn);
if ( !socketClient.connect() ) { if ( !socketClient.connect() ) {

5
other/sslserver_main.cpp
Unescape View File

@ -81,8 +81,8 @@ void signalHandler(int s)
int main(int argc, char* argv[] ) int main(int argc, char* argv[] )
{ {
if ( argc != 3 ) { if ( argc != 5 ) {
std::cerr << "Usage: " << argv[0] << " <HOST> <PORT>" << std::endl; std::cerr << "Usage: " << argv[0] << " <HOST> <PORT> <CERT> <PRIVKEY>" << std::endl;
return 1; return 1;
} }
@ -100,6 +100,7 @@ int main(int argc, char* argv[] )
EchoMessage msg; EchoMessage msg;
SslConnection conn(argv[1], StrToT<int>(argv[2]), &msg); SslConnection conn(argv[1], StrToT<int>(argv[2]), &msg);
conn.initServerContext(argv[3], argv[4]);
socketServer = new SocketServer(&conn); socketServer = new SocketServer(&conn);
if ( !socketServer->start() ) { if ( !socketServer->start() ) {

4
other/tcpclient_main.cpp
Unescape View File

@ -82,7 +82,7 @@ int main(int argc, char* argv[] )
SocketClient socketClient(&conn); SocketClient socketClient(&conn);
if ( !socketClient.connect() ) { if ( !socketClient.connect() ) {
LOG( Logger::ERR, "Couldn't connect to server, exiting..." ); LOG_STATIC( Logger::ERR, "Couldn't connect to server, exiting..." );
Logger::destroy(); Logger::destroy();
return 1; return 1;
} }
@ -93,7 +93,7 @@ int main(int argc, char* argv[] )
// send message to server // send message to server
std::string msg1(argv[3]); std::string msg1(argv[3]);
if ( !socketClient.send( msg1.c_str(), msg1.length()) ) { if ( !socketClient.send( msg1.c_str(), msg1.length()) ) {
LOG( Logger::ERR, "Couldn't send message to server, exiting..." ); LOG_STATIC( Logger::ERR, "Couldn't send message to server, exiting..." );
Logger::destroy(); Logger::destroy();
return 1; return 1;
} }

2
other/tcpserver_main.cpp
Unescape View File

@ -83,7 +83,7 @@ int main(int argc, char* argv[] )
SocketServer socketServer(&conn); SocketServer socketServer(&conn);
if ( !socketServer.start() ) { if ( !socketServer.start() ) {
LOG( Logger::ERR, "Failed to start TCP server, exiting..."); LOG_STATIC( Logger::ERR, "Failed to start TCP server, exiting...");
Logger::destroy(); Logger::destroy();
return 1; return 1;
} }

6
src/Poll.cpp
Unescape View File

@ -50,7 +50,6 @@ void Poll::startPolling()
/// @todo reconnect /// @todo reconnect
return; return;
} }
if ( ret == 0 ) // timeout if ( ret == 0 ) // timeout
continue; continue;
@ -82,15 +81,10 @@ void Poll::acceptClient()
{ {
TRACE; TRACE;
// sockaddr clientAddr;
// socklen_t clientAddrLen;
// int client_socket = accept( m_connection->getSocket(),
// &clientAddr, &clientAddrLen ) ;
int client_socket = m_connection->accept(); int client_socket = m_connection->accept();
if ( client_socket == -1 ) { if ( client_socket == -1 ) {
LOG( Logger::ERR, errnoToString("ERROR accepting. ").c_str() );
return; return;
} }

123
src/SslConnection.cpp
Unescape View File

@ -77,10 +77,8 @@ Connection* SslConnection::clone(const int socket)
{ {
TRACE; TRACE;
Connection *conn = new SslConnection( socket, SslConnection *conn = new SslConnection( socket, m_message->clone(), m_bufferLength );
m_message->clone(), conn->initClientContext();
m_bufferLength );
return conn; return conn;
} }
@ -92,13 +90,20 @@ bool SslConnection::connect()
if ( !m_tcpConnection.connect() ) if ( !m_tcpConnection.connect() )
return false; return false;
if ( !initHandlers() ) // if ( !initHandlers() )
return false; // return false;
if ( SSL_set_fd(m_sslHandle, m_tcpConnection.getSocket() ) == 0 ) {
getSslError("SSL set connection socket failed. ");
return -1;
}
LOG( Logger::INFO, "itt" );
if ( SSL_connect (m_sslHandle) != 1 ) { if ( SSL_connect (m_sslHandle) != 1 ) {
LOG (Logger::ERR, getSslError("SSL handshake failed. ").c_str() ); LOG (Logger::ERR, getSslError("SSL handshake failed. ").c_str() );
return false; return false;
} }
LOG( Logger::INFO, "de itt mar nem?" );
return true; return true;
} }
@ -111,8 +116,8 @@ bool SslConnection::bind()
if ( !m_tcpConnection.bind() ) if ( !m_tcpConnection.bind() )
return false; return false;
if ( !initHandlers() ) // if ( !initHandlers() )
return false; // return false;
return true; return true;
@ -134,16 +139,22 @@ int SslConnection::accept()
if ( client_socket == -1) if ( client_socket == -1)
return client_socket; return client_socket;
if ( SSL_accept(m_sslHandle) == -1 ) { LOG( Logger::INFO, "server itt");
getSslError("SSL accept failed. ");
return -1;
}
if ( SSL_set_fd(m_sslHandle, client_socket) == 0 ) { if ( SSL_set_fd(m_sslHandle, client_socket) == 0 ) {
getSslError("SSL set connection socket failed. "); getSslError("SSL set connection socket failed. ");
return -1; return -1;
} }
LOG( Logger::INFO, "server itt 2");
if ( SSL_accept(m_sslHandle) == -1 ) {
getSslError("SSL accept failed. ");
return -1;
}
LOG( Logger::INFO, "server itt 3");
return client_socket; return client_socket;
} }
@ -187,6 +198,38 @@ bool SslConnection::disconnect()
} }
bool SslConnection::initServerContext( const std::string certificateFile,
const std::string privateKeyFile )
{
TRACE;
m_sslContext = SSL_CTX_new (SSLv2_server_method ());
if ( m_sslContext == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
return false;
}
if ( !loadCertificates(certificateFile, privateKeyFile) )
return false;
return initHandle();
}
bool SslConnection::initClientContext()
{
TRACE;
m_sslContext = SSL_CTX_new (SSLv23_client_method ());
if ( m_sslContext == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
return false;
}
return initHandle();
}
bool SslConnection::send( const void* message, const size_t length ) bool SslConnection::send( const void* message, const size_t length )
{ {
TRACE; TRACE;
@ -234,16 +277,10 @@ int SslConnection::getSocket() const
} }
bool SslConnection::initHandlers() bool SslConnection::initHandle()
{ {
TRACE; TRACE;
m_sslContext = SSL_CTX_new (SSLv23_client_method ());
if ( m_sslContext == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL context failed. ").c_str() );
return false;
}
m_sslHandle = SSL_new (m_sslContext); m_sslHandle = SSL_new (m_sslContext);
if ( m_sslHandle == NULL ) { if ( m_sslHandle == NULL ) {
LOG (Logger::ERR, getSslError("Creating SSL structure for connection failed. ").c_str() ); LOG (Logger::ERR, getSslError("Creating SSL structure for connection failed. ").c_str() );
@ -269,3 +306,51 @@ std::string SslConnection::getSslError(const std::string &msg)
return std::string(msg).append(buffer); return std::string(msg).append(buffer);
} }
bool SslConnection::loadCertificates( const std::string certificateFile,
const std::string privateKeyFile )
{
if ( SSL_CTX_use_certificate_file(m_sslContext, certificateFile.c_str(), SSL_FILETYPE_PEM) != 1 )
{
getSslError("SSL certificate file loading failed. ");
return false;
}
if ( SSL_CTX_use_PrivateKey_file(m_sslContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM) != 1 )
{
getSslError("SSL private Key file loading failed. ");
return false;
}
if ( SSL_CTX_check_private_key(m_sslContext) != 1 )
{
LOG( Logger::ERR, "Private key does not match the public certificate\n");
return false;
}
return true;
}
/*---------------------------------------------------------------------*/
/*--- ShowCerts - print out certificates. ---*/
/*---------------------------------------------------------------------*/
// void showCertificates(SSL* ssl)
// { X509 *cert;
// char *line;
//
// cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
// if ( cert != NULL )
// {
// printf("Server certificates:\n");
// line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
// printf("Subject: %s\n", line);
// free(line);
// line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
// printf("Issuer: %s\n", line);
// free(line);
// X509_free(cert);
// }
// else
// printf("No certificates.\n");
// }

10
src/TcpConnection.cpp
Unescape View File

@ -83,10 +83,18 @@ bool TcpConnection::listen( const int maxPendingQueueLen )
int TcpConnection::accept() int TcpConnection::accept()
{ {
TRACE;
sockaddr clientAddr; sockaddr clientAddr;
socklen_t clientAddrLen; socklen_t clientAddrLen;
return ::accept( getSocket(), &clientAddr, &clientAddrLen ) ; int client_socket = ::accept( getSocket(), &clientAddr, &clientAddrLen ) ;
if ( client_socket == -1 ) {
LOG( Logger::ERR, errnoToString("ERROR accepting. ").c_str() );
return -1;
}
return client_socket;
} }

Write Preview
Loading…
Cancel
Save