steffen
/
libUDPTCPNetwork
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'origin'
${ noResults }
libUDPTCPNetwork/ssl.cc

308 lines
5.6 KiB
Raw Permalink Blame History

/*
*
*/
#include <stdio.h>
#include <unistd.h> /* close() */
#include <stdlib.h>
#include <string.h> /* memset() */
#include <errno.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "UDPTCPNetwork.h"
static int ssl_init = 0;
SSLSocket::SSLSocket() {
readcnt = 0;
writecnt = 0;
certfile = "";
keyfile = "";
sslerror = SSL_ERROR_NONE;
timeout = 0;
ctx = NULL;
ssl = NULL;
if (ssl_init == 0) {
ssl_init = 1;
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
}
};
SSLSocket::~SSLSocket() {
if (ctx) SSL_CTX_free(ctx);
ctx = NULL;
if (ssl) SSL_free(ssl);
ssl = NULL;
};
int SSLSocket::NewServerCTX() {
struct stat st;
if (stat (certfile.c_str(), &st)) return 0;
if (stat (keyfile.c_str(), &st)) return 0;
if (ctx) SSL_CTX_free(ctx);
ctx = NULL;
#ifdef SSLv23_method
ctx = SSL_CTX_new(TLS_server_method());
#else
ctx = SSL_CTX_new(TLSv1_2_server_method());
#endif
if (SSL_CTX_use_certificate_file(ctx, certfile.c_str(), SSL_FILETYPE_PEM) <= 0 ) {
ERR_print_errors_fp(stderr);
if (ctx) SSL_CTX_free(ctx);
ctx = NULL;
errno = EPROTO;
return 0;
}
if ( SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM) <= 0 ) {
ERR_print_errors_fp(stderr);
if (ctx) SSL_CTX_free(ctx);
ctx = NULL;
errno = EPROTO;
return 0;
}
if (!SSL_CTX_check_private_key(ctx)) {
if (ctx) SSL_CTX_free(ctx);
ctx = NULL;
errno = EPROTO;
return 0;
}
return 1;
};
int SSLSocket::NewClientCTX() {
if (ctx) SSL_CTX_free(ctx);
ctx = NULL;
#ifdef SSLv23_method
ctx = SSL_CTX_new(TLS_client_method());
#else
ctx = SSL_CTX_new(TLSv1_2_client_method());
#endif
return 1;
};
int SSLSocket::SetCertificat(string certf, string keyf) {
certfile = certf;
keyfile = keyf;
return 1;
};
int SSLSocket::Connect (int sockfd, int block_timeout) {
int flags, res;
TimeoutReset();
sslerror = SSL_ERROR_NONE;
NewClientCTX();
timeout = block_timeout;
if (sockfd > 0 && block_timeout > 0) {
#if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__)
u_long mode = 1;
ioctlsocket(sockfd, FIONBIO, &mode);
#else
flags = fcntl(sockfd, F_GETFL, 0);
fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
#endif
}
ssl = SSL_new(ctx);
SSL_set_fd (ssl, sockfd);
do {
res = SSL_connect(ssl);
if (res == -1) sslerror = SSL_get_error(ssl, -1);
} while (res == -1 && TimeoutTime() < timeout &&
(sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE));
if (res == -1) return 0;
return 1;
};
int SSLSocket::Accept (int sockfd, int block_timeout) {
int flags, res;
TimeoutReset();
sslerror = SSL_ERROR_NONE;
timeout = block_timeout;
NewServerCTX();
if (sockfd > 0 && block_timeout > 0) {
#if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__)
u_long mode = 1;
ioctlsocket(sockfd, FIONBIO, &mode);
#else
flags = fcntl(sockfd, F_GETFL, 0);
fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
#endif
}
ssl = SSL_new(ctx);
SSL_set_fd (ssl, sockfd);
do {
res = SSL_accept(ssl);
if (res == -1) sslerror = SSL_get_error(ssl, -1);
} while (res == -1 && TimeoutTime() < timeout &&
(sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE));
return 1;
};
const string SSLSocket::GetSSLErrorText(int err) {
string s;
switch (err) {
case SSL_ERROR_NONE:
s = "SSL_ERROR_NONE";
break;
case SSL_ERROR_SSL:
s = "SSL_ERROR_SSL";
break;
case SSL_ERROR_WANT_READ:
s = "SSL_ERROR_WANT_READ";
break;
case SSL_ERROR_WANT_WRITE:
s = "SSL_ERROR_WANT_WRITE";
break;
case SSL_ERROR_SYSCALL:
s = "SSL_ERROR_SYSCALL";
break;
case SSL_ERROR_WANT_CONNECT:
s = "SSL_ERROR_WANT_CONNECT";
break;
case SSL_ERROR_ZERO_RETURN:
s = "SSL_ERROR_ZERO_RETURN";
break;
case SSL_ERROR_WANT_ACCEPT:
s = "SSL_ERROR_WANT_ACCEPT";
break;
default:
s = "SSL_ERROR unknown " + to_string(err);
break;
}
return s;
}
//
// close ssl and return socket.
int SSLSocket::Close () {
int sock = 0;
int flags;
if (ssl) {
sock = SSL_get_fd(ssl);
SSL_free(ssl);
ssl = NULL;
}
if (ctx) {
SSL_CTX_free(ctx);
ctx = NULL;
}
if (sock > 0 && timeout > 0) {
#if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__)
u_long mode = 0;
ioctlsocket(sock, FIONBIO, &mode);
#else
flags = fcntl(sock, F_GETFL, 0);
fcntl(sock, F_SETFL, flags & ~(O_NONBLOCK));
#endif
}
return sock;
};
//
//
long int SSLSocket::Read (char *buffer, long int len) {
int ret;
sslerror = SSL_ERROR_NONE;
TimeoutReset();
if (!ssl) {
errno = EPROTO;
return -1;
}
do {
ret = SSL_read(ssl, buffer, len);
if (ret == -1) sslerror = SSL_get_error(ssl, -1);
} while (ret == -1 && TimeoutTime() < timeout &&
(sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE));
return ret;
};
//
//
long int SSLSocket::Write (char *buffer, long int len) {
int ret;
sslerror = SSL_ERROR_NONE;
TimeoutReset();
if (!ssl) {
errno = EPROTO;
return -1;
}
do {
ret = SSL_write(ssl, buffer, len);
if (ret == -1) sslerror = SSL_get_error(ssl, -1);
} while (ret == -1 && TimeoutTime() < timeout &&
(sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE));
return ret;
};
//
// Reset Timeout Timer
void SSLSocket::TimeoutReset() {
gettimeofday (&timeout_start, NULL);
};
//
// Return time which has past since reset in ms.
int SSLSocket::TimeoutTime() {
struct timeval tv;
gettimeofday (&tv, NULL);
return ((tv.tv_sec-timeout_start.tv_sec) * 1000) +
((tv.tv_usec-timeout_start.tv_usec) / 1000);
};
Reference in new issue View Git Blame Copy Permalink