asyncsslsocketlayer.cpp
字号:
{
X509_NAME_ENTRY *pX509NameEntry=pX509_NAME_get_entry(pX509Name,i);
if (!pX509NameEntry)
continue;
ASN1_STRING *pString=pX509_NAME_ENTRY_get_data(pX509NameEntry);
ASN1_OBJECT *pObject=pX509_NAME_ENTRY_get_object(pX509NameEntry);
const char *str = reinterpret_cast<const char *>(pString->data);
switch(pOBJ_obj2nid(pObject))
{
case NID_organizationName:
strncpy(SslCertData.issuer.Organization, str, 255);
SslCertData.issuer.Organization[255] = 0;
break;
case NID_organizationalUnitName:
strncpy(SslCertData.issuer.Unit, str, 255);
SslCertData.issuer.Unit[255] = 0;
break;
case NID_commonName:
strncpy(SslCertData.issuer.CommonName, str, 255);
SslCertData.issuer.CommonName[255] = 0;
break;
case NID_pkcs9_emailAddress:
strncpy(SslCertData.issuer.Mail, str, 255);
SslCertData.issuer.Mail[255] = 0;
break;
case NID_countryName:
strncpy(SslCertData.issuer.Country, str, 255);
SslCertData.issuer.Country[255] = 0;
break;
case NID_stateOrProvinceName:
strncpy(SslCertData.issuer.StateProvince, str, 255);
SslCertData.issuer.StateProvince[255] = 0;
break;
case NID_localityName:
strncpy(SslCertData.issuer.Town, str, 255);
SslCertData.issuer.Town[255] = 0;
break;
default:
if ( pOBJ_nid2sn(pOBJ_obj2nid(pObject)) )
{
TCHAR tmp[20];
sprintf(tmp, "%d", pOBJ_obj2nid(pObject));
int maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), tmp, maxlen);
maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), "=", maxlen);
maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), str, maxlen);
maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), ";", maxlen);
}
else
{
int maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), reinterpret_cast<const char *>(pOBJ_nid2sn(pOBJ_obj2nid(pObject))), maxlen);
maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), "=", maxlen);
maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), str, maxlen);
maxlen = 1024 - strlen(SslCertData.issuer.Other)-1;
strncpy(SslCertData.issuer.Other+strlen(SslCertData.issuer.Other), ";", maxlen);
}
break;
}
}
}
//Set date fields
static const char *mon[12]=
{
"Jan","Feb","Mar","Apr","May","Jun",
"Jul","Aug","Sep","Oct","Nov","Dec"
};
//Valid from
ASN1_UTCTIME *pTime=X509_get_notBefore(pX509);
if (!pTime)
{
pX509_free(pX509);
return FALSE;
}
char *v;
int gmt = 0;
int i;
int y=0, M=0, d=0, h=0, m=0, s=0;
i = pTime->length;
v = (char *)pTime->data;
if (i < 10)
{
pX509_free(pX509);
return FALSE;
}
if (v[i-1] == 'Z') gmt=1;
for (i=0; i<10; i++)
if ((v[i] > '9') || (v[i] < '0'))
{
pX509_free(pX509);
return FALSE;
}
y= (v[0]-'0')*10+(v[1]-'0');
if (y < 50) y+=100;
M= (v[2]-'0')*10+(v[3]-'0');
if ((M > 12) || (M < 1))
{
pX509_free(pX509);
return FALSE;
}
d= (v[4]-'0')*10+(v[5]-'0');
h= (v[6]-'0')*10+(v[7]-'0');
m= (v[8]-'0')*10+(v[9]-'0');
if ( (v[10] >= '0') && (v[10] <= '9') &&
(v[11] >= '0') && (v[11] <= '9'))
s= (v[10]-'0')*10+(v[11]-'0');
SslCertData.validFrom.y = y+1900;
SslCertData.validFrom.M = M;
SslCertData.validFrom.d = d;
SslCertData.validFrom.h = h;
SslCertData.validFrom.m = m;
SslCertData.validFrom.s = s;
//Valid until
pTime = X509_get_notAfter(pX509);
if (!pTime)
{
pX509_free(pX509);
return FALSE;
}
gmt = 0;
i;
y=0,M=0,d=0,h=0,m=0,s=0;
i=pTime->length;
v=(char *)pTime->data;
if (i < 10)
{
pX509_free(pX509);
return FALSE;
}
if (v[i-1] == 'Z') gmt=1;
for (i=0; i<10; i++)
if ((v[i] > '9') || (v[i] < '0'))
{
pX509_free(pX509);
return FALSE;
}
y= (v[0]-'0')*10+(v[1]-'0');
if (y < 50) y+=100;
M= (v[2]-'0')*10+(v[3]-'0');
if ((M > 12) || (M < 1))
{
pX509_free(pX509);
return FALSE;
}
d= (v[4]-'0')*10+(v[5]-'0');
h= (v[6]-'0')*10+(v[7]-'0');
m= (v[8]-'0')*10+(v[9]-'0');
if ( (v[10] >= '0') && (v[10] <= '9') &&
(v[11] >= '0') && (v[11] <= '9'))
s= (v[10]-'0')*10+(v[11]-'0');
SslCertData.validUntil.y = y+1900;
SslCertData.validUntil.M = M;
SslCertData.validUntil.d = d;
SslCertData.validUntil.h = h;
SslCertData.validUntil.m = m;
SslCertData.validUntil.s = s;
unsigned int length = 20;
pX509_digest(pX509, pEVP_sha1(), SslCertData.hash, &length);
SslCertData.priv_data = m_nSslAsyncNotifyId;
pX509_free(pX509);
return TRUE;
}
void CAsyncSslSocketLayer::SetNotifyReply(int nID, int nCode, int result)
{
if (!m_bBlocking)
return;
if (nID!=m_nSslAsyncNotifyId)
return;
if (nCode != SSL_VERIFY_CERT)
return;
m_bBlocking=FALSE;
if (!result)
{
m_nNetworkError = WSAECONNABORTED;
WSASetLastError(WSAECONNABORTED);
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_VERIFYCERT);
}
TriggerEvent(FD_CLOSE, 0);
return;
}
m_bSslEstablished=TRUE;
PrintSessionInfo();
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_INFO, SSL_INFO_ESTABLISHED);
TriggerEvent(FD_FORCEREAD, 0);
TriggerEvent(FD_WRITE, 0);
}
bool CAsyncSslSocketLayer::InitSSL()
{
if (m_bSslInitialized)
return true;
m_sCriticalSection.Lock();
if (!m_nSslRefCount)
{
m_hSslDll1=LoadLibrary(_T("ssleay32.dll"));
if (!m_hSslDll1)
{
m_sCriticalSection.Unlock();
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_LOADDLLS);
}
return false;
}
pSSL_state_string_long = (tSSL_state_string_long) GetProcAddress(m_hSslDll1, "SSL_state_string_long");
pSSL_state = (tSSL_state) GetProcAddress(m_hSslDll1, "SSL_state");
pSSL_set_info_callback = (tSSL_set_info_callback) GetProcAddress(m_hSslDll1, "SSL_set_info_callback");
pSSL_set_bio = (tSSL_set_bio) GetProcAddress(m_hSslDll1, "SSL_set_bio");
pSSL_set_connect_state = (tSSL_set_connect_state) GetProcAddress(m_hSslDll1, "SSL_set_connect_state");
pSSL_set_session = (tSSL_set_session) GetProcAddress(m_hSslDll1, "SSL_set_session");
pBIO_f_ssl = (tBIO_f_ssl) GetProcAddress(m_hSslDll1, "BIO_f_ssl");
pSSL_new = (tSSL_new) GetProcAddress(m_hSslDll1, "SSL_new");
pSSL_CTX_new = (tSSL_CTX_new) GetProcAddress(m_hSslDll1, "SSL_CTX_new");
pSSLv23_method = (tSSLv23_method) GetProcAddress(m_hSslDll1, "SSLv23_method");
pSSL_load_error_strings = (tSSL_load_error_strings) GetProcAddress(m_hSslDll1, "SSL_load_error_strings");
pSSL_library_init = (tSSL_library_init) GetProcAddress(m_hSslDll1, "SSL_library_init");
pSSL_CTX_free = (tSSL_CTX_free) GetProcAddress(m_hSslDll1, "SSL_CTX_free");
pSSL_free = (tSSL_free) GetProcAddress(m_hSslDll1, "SSL_free");
pSSL_get_error = (tSSL_get_error) GetProcAddress(m_hSslDll1, "SSL_get_error");
pSSL_shutdown = (tSSL_shutdown) GetProcAddress(m_hSslDll1, "SSL_shutdown");
pSSL_alert_type_string_long = (tSSL_alert_type_string_long) GetProcAddress(m_hSslDll1, "SSL_alert_type_string_long");
pSSL_alert_desc_string_long = (tSSL_alert_desc_string_long) GetProcAddress(m_hSslDll1, "SSL_alert_desc_string_long");
pSSL_CTX_set_verify = (tSSL_CTX_set_verify) GetProcAddress(m_hSslDll1, "SSL_CTX_set_verify");
pSSL_CTX_get_cert_store = (tSSL_CTX_get_cert_store) GetProcAddress(m_hSslDll1, "SSL_CTX_get_cert_store");
pSSL_get_verify_result = (tSSL_get_verify_result) GetProcAddress(m_hSslDll1, "SSL_get_verify_result");
pSSL_get_peer_certificate = (tSSL_get_peer_certificate) GetProcAddress(m_hSslDll1, "SSL_get_peer_certificate");
pSSL_get_version = (tSSL_get_version) GetProcAddress(m_hSslDll1, "SSL_get_version");
pSSL_get_current_cipher = (tSSL_get_current_cipher) GetProcAddress(m_hSslDll1, "SSL_get_current_cipher");
pSSL_CIPHER_get_name = (tSSL_CIPHER_get_name) GetProcAddress(m_hSslDll1, "SSL_CIPHER_get_name");
pSSL_CIPHER_get_version = (tSSL_CIPHER_get_version) GetProcAddress(m_hSslDll1, "SSL_CIPHER_get_version");
if (!pSSL_state_string_long ||
!pSSL_state ||
!pSSL_set_info_callback ||
!pSSL_set_bio ||
!pSSL_set_connect_state ||
!pSSL_set_session ||
!pBIO_f_ssl ||
!pSSL_new ||
!pSSL_CTX_new ||
!pSSLv23_method ||
!pSSL_load_error_strings ||
!pSSL_library_init ||
!pSSL_CTX_free ||
!pSSL_free ||
!pSSL_get_error ||
!pSSL_shutdown ||
!pSSL_alert_type_string_long||
!pSSL_alert_desc_string_long||
!pSSL_CTX_set_verify ||
!pSSL_CTX_get_cert_store ||
!pSSL_get_verify_result ||
!pSSL_get_peer_certificate ||
!pSSL_get_version ||
!pSSL_get_current_cipher ||
!pSSL_CIPHER_get_name ||
!pSSL_CIPHER_get_version)
{
FreeLibrary(m_hSslDll1);
m_hSslDll1=0;
m_sCriticalSection.Unlock();
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_LOADDLLS);
}
return FALSE;
}
m_hSslDll2=LoadLibrary(_T("libeay32.dll"));
if (!m_hSslDll2)
{
FreeLibrary(m_hSslDll1);
m_hSslDll1=0;
m_sCriticalSection.Unlock();
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_LOADDLLS);
}
return FALSE;
}
pBIO_ctrl_pending = (tBIO_ctrl_pending) GetProcAddress(m_hSslDll2, "BIO_ctrl_pending");
pBIO_read = (tBIO_read) GetProcAddress(m_hSslDll2, "BIO_read");
pBIO_ctrl = (tBIO_ctrl) GetProcAddress(m_hSslDll2, "BIO_ctrl");
pBIO_write = (tBIO_write) GetProcAddress(m_hSslDll2, "BIO_write");
pBIO_ctrl_get_write_guarantee = (tBIO_ctrl_get_write_guarantee) GetProcAddress(m_hSslDll2, "BIO_ctrl_get_write_guarantee");
pBIO_new_bio_pair = (tBIO_new_bio_pair) GetProcAddress(m_hSslDll2, "BIO_new_bio_pair");
pBIO_new = (tBIO_new) GetProcAddress(m_hSslDll2, "BIO_new");
pBIO_free = (tBIO_free) GetProcAddress(m_hSslDll2, "BIO_free");
pi2t_ASN1_OBJECT = (ti2t_ASN1_OBJECT) GetProcAddress(m_hSslDll2, "i2t_ASN1_OBJECT");
pOBJ_obj2nid = (tOBJ_obj2nid) GetProcAddress(m_hSslDll2, "OBJ_obj2nid");
pX509_NAME_ENTRY_get_object = (tX509_NAME_ENTRY_get_object) GetProcAddress(m_hSslDll2, "X509_NAME_ENTRY_get_object");
pX509_NAME_get_entry = (tX509_NAME_get_entry) GetProcAddress(m_hSslDll2, "X509_NAME_get_entry");
pX509_NAME_entry_count = (tX509_NAME_entry_count) GetProcAddress(m_hSslDll2, "X509_NAME_entry_count");
pX509_get_subject_name = (tX509_get_subject_name) GetProcAddress(m_hSslDll2, "X509_get_subject_name");
pX509_get_issuer_name = (tX509_get_issuer_name) GetProcAddress(m_hSslDll2, "X509_get_issuer_name");
pOBJ_nid2sn = (tOBJ_nid2sn) GetProcAddress(m_hSslDll2, "OBJ_nid2sn");
pX509_NAME_ENTRY_get_data = (tX509_NAME_ENTRY_get_data) GetProcAddress(m_hSslDll2, "X509_NAME_ENTRY_get_data");
pX509_STORE_CTX_set_error = (tX509_STORE_CTX_set_error) GetProcAddress(m_hSslDll2, "X509_STORE_CTX_set_error");
pX509_digest = (tX509_digest) GetProcAddress(m_hSslDll2, "X509_digest");
pEVP_sha1 = (tEVP_sha1) GetProcAddress(m_hSslDll2, "EVP_sha1");
pX509_STORE_CTX_get_current_cert = (tX509_STORE_CTX_get_current_cert) GetProcAddress(m_hSslDll2, "X509_STORE_CTX_get_current_cert");
pX509_STORE_CTX_get_error = (tX509_STORE_CTX_get_error) GetProcAddress(m_hSslDll2, "X509_STORE_CTX_get_error");
pX509_free = (tX509_free) GetProcAddress(m_hSslDll2, "X509_free");
pX509_get_pubkey = (tX509_get_pubkey) GetProcAddress(m_hSslDll2, "X509_get_pubkey");
pBN_num_bits = (tBN_num_bits) GetProcAddress(m_hSslDll2, "BN_num_bits");
pEVP_PKEY_free = (tEVP_PKEY_free) GetProcAddress(m_hSslDll2, "EVP_PKEY_free");
if (!pBIO_ctrl_pending ||
!pBIO_read ||
!pBIO_ctrl ||
!pBIO_write ||
!pBIO_ctrl_get_write_guarantee ||
!pBIO_new_bio_pair ||
!pBIO_new ||
!pBIO_free ||
!pi2t_ASN1_OBJECT ||
!pOBJ_obj2nid ||
!pX509_NAME_ENTRY_get_object ||
!pX509_NAME_get_entry ||
!pX509_NAME_entry_count ||
!pX509_get_subject_name ||
!pX509_get_issuer_name ||
!pOBJ_nid2sn ||
!pX509_NAME_ENTRY_get_data ||
!pX509_STORE_CTX_set_error ||
!pX509_digest ||
!pEVP_sha1 ||
!pX509_STORE_CTX_get_current_cert ||
!pX509_STORE_CTX_get_error ||
!pX509_free ||
!pX509_get_pubkey ||
!pBN_num_bits ||
!pEVP_PKEY_free)
{
FreeLibrary(m_hSslDll1);
m_hSslDll1=0;
FreeLibrary(m_hSslDll2);
m_hSslDll2=0;
m_sCriticalSection.Unlock();
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_LOADDLLS);
}
return FALSE;
}
if (!pSSL_library_init())
{
FreeLibrary(m_hSslDll1);
m_hSslDll1=0;
FreeLibrary(m_hSslDll2);
m_hSslDll2=0;
m_sCriticalSection.Unlock();
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_INITSSL);
}
return FALSE;
}
pSSL_load_error_strings();
if (!(m_ssl_ctx=pSSL_CTX_new( pSSLv23_method())))
{
FreeLibrary(m_hSslDll1);
m_hSslDll1=0;
FreeLibrary(m_hSslDll2);
m_hSslDll2=0;
m_sCriticalSection.Unlock();
if (!m_bFailureSent)
{
m_bFailureSent=TRUE;
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_FAILURE, SSL_FAILURE_INITSSL);
}
return FALSE;
}
}
m_nSslRefCount++;
m_sCriticalSection.Unlock();
m_bSslInitialized = true;
return true;
}
void CAsyncSslSocketLayer::PrintSessionInfo()
{
SSL_CIPHER *ciph;
X509 *cert;
ciph = pSSL_get_current_cipher(m_ssl);
TCHAR enc[4096] = {0};
cert=pSSL_get_peer_certificate(m_ssl);
if (cert != NULL)
{
EVP_PKEY *pkey = pX509_get_pubkey(cert);
if (pkey != NULL)
{
if (0)
;
#ifndef NO_RSA
else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
&& pkey->pkey.rsa->n != NULL)
sprintf(enc, "%d bit RSA", pBN_num_bits(pkey->pkey.rsa->n));
#endif
#ifndef NO_DSA
else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
&& pkey->pkey.dsa->p != NULL)
sprintf(enc, "%d bit DSA", pBN_num_bits(pkey->pkey.dsa->p));
#endif
pEVP_PKEY_free(pkey);
}
pX509_free(cert);
/* The SSL API does not allow us to look at temporary RSA/DH keys,
* otherwise we should print their lengths too */
}
TCHAR buffer[4096];
sprintf(buffer, "Using %s, cipher %s: %s, %s",
pSSL_get_version(m_ssl),
pSSL_CIPHER_get_version(ciph),
pSSL_CIPHER_get_name(ciph),
enc);
DoLayerCallback(LAYERCALLBACK_LAYERSPECIFIC, SSL_VERBOSE_INFO, (int)buffer);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -