📄 ck_ssl.c
字号:
char *prompt=NULL; if ( pwbuf[0] && pwflg ) { int n; n = ckstrncpy(buf,pwbuf,len);#ifdef OS2 if ( pwcrypt ) ck_encrypt((char *)buf);#endif /* OS2 */ return(n); } if ( userdata == NULL ) prompt="Enter certificate passphrase: "; else prompt=(char*)userdata; ok = uq_txt(NULL,prompt,2,NULL,buf,len,NULL,DEFAULT_UQ_TIMEOUT); return(ok > 0 ? strlen(buf) : 0);}/* Attempts to load certificate data into the TLS context structures *//* Returns 1 on success; 0 on failure */inttls_load_certs(SSL_CTX * ctx, SSL * con, int server){ int rc = 1; extern int quiet; if ( !ck_ssleay_is_installed() ) return(0); debug(F111,"tls_load_certs","SSL_CTX",ctx); debug(F111,"tls_load_certs","SSL",con); debug(F111,"tls_load_certs","server",server); if ( con ) { if (ssl_rsa_cert_file) { if ( ssl_debug_flag ) printf("Loading RSA certificate into SSL\r\n"); rc = SSL_use_certificate_file(con, ssl_rsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( !quiet || ssl_debug_flag ) printf("Error loading certificate from %s\r\n", ssl_rsa_cert_file); } else { if (!ssl_rsa_key_file || !ssl_rsa_key_file[0]) makestr(&ssl_rsa_key_file,ssl_rsa_cert_file); rc = SSL_use_PrivateKey_file(con, ssl_rsa_key_file, X509_FILETYPE_PEM); if (!rc) rc = SSL_use_PrivateKey_file(con, ssl_rsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( !quiet || ssl_debug_flag ) printf("Error loading key from %s\r\n", ssl_rsa_key_file); } else { rc = SSL_check_private_key(con); if (!rc) { if ( ssl_debug_flag ) printf( "Private key does not match the certificate public key\r\n"); } } } } if (ssl_dsa_cert_file) { if ( ssl_debug_flag ) printf("Loading DSA certificate into SSL\r\n"); rc = SSL_use_certificate_file(con, ssl_dsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( ssl_debug_flag ) { printf("Error loading certificate from %s\r\n", ssl_dsa_cert_file); } } else { if (!ssl_dh_key_file || !ssl_dh_key_file[0]) makestr(&ssl_dh_key_file,ssl_dsa_cert_file); rc = SSL_use_PrivateKey_file(con, ssl_dh_key_file, X509_FILETYPE_PEM); if (!rc) rc = SSL_use_PrivateKey_file(con, ssl_dsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( !quiet || ssl_debug_flag ) { printf("Error loading key from %s\r\n", ssl_dh_key_file); } } else { rc = SSL_check_private_key(con); if (!rc) { if ( ssl_debug_flag ) printf( "Private key does not match the certificate public key\n"); } } } } } else { if (ssl_rsa_cert_file) { if ( ssl_debug_flag ) printf("Loading RSA certificate into SSL\r\n"); rc = SSL_CTX_use_certificate_file(ctx, ssl_rsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( !quiet || ssl_debug_flag ) printf("Error loading certificate from %s\r\n", ssl_rsa_cert_file); } else { if (!ssl_rsa_key_file || !ssl_rsa_key_file[0]) makestr(&ssl_rsa_key_file,ssl_rsa_cert_file); rc = SSL_CTX_use_PrivateKey_file(ctx, ssl_rsa_key_file, X509_FILETYPE_PEM); if (!rc) rc = SSL_CTX_use_PrivateKey_file(ctx, ssl_rsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( ssl_debug_flag ) printf("Error loading key from %s\r\n",ssl_rsa_key_file); } else { rc = SSL_CTX_check_private_key(ctx); if (!rc) { if ( ssl_debug_flag ) printf( "Private key does not match the certificate public key\r\n"); } } } } if (ssl_dsa_cert_file) { if ( ssl_debug_flag ) printf("Loading DSA certificate into SSL\r\n"); rc = SSL_CTX_use_certificate_file(ctx, ssl_dsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( ssl_debug_flag ) { printf("Error loading certificate from %s\r\n", ssl_dsa_cert_file); } } else { if (!ssl_dh_key_file || !ssl_dh_key_file[0]) makestr(&ssl_dh_key_file,ssl_dsa_cert_file); rc = SSL_CTX_use_PrivateKey_file(ctx, ssl_dh_key_file, X509_FILETYPE_PEM); if (!rc) rc = SSL_CTX_use_PrivateKey_file(ctx, ssl_dsa_cert_file, X509_FILETYPE_PEM); if (!rc) { if ( ssl_debug_flag ) printf("Error loading key from %s\r\n",ssl_dh_key_file); } else { rc = SSL_CTX_check_private_key(ctx); if (!rc) { if ( ssl_debug_flag ) printf( "Private key does not match the certificate public key\n"); } } } } } if (ssl_rsa_cert_chain_file && server) { int skip1st = 0; if (ssl_debug_flag) printf("Loading RSA Certificate Chain into SSL\r\n"); if (!ckstrcmp(ssl_rsa_cert_chain_file,ssl_rsa_cert_file,-1,#ifdef OS2 0#else 1#endif /* OS2 */ )) skip1st = 1; rc = SSL_CTX_use_certificate_chain_file(ctx,ssl_rsa_cert_chain_file); if (!rc && ssl_debug_flag) printf("Error loading RSA Certificate Chain into SSL\r\n"); } if (ssl_dsa_cert_chain_file && server) { int skip1st = 0; if (ssl_debug_flag) printf("Loading DSA Certificate Chain into SSL\r\n"); if (!ckstrcmp(ssl_dsa_cert_chain_file,ssl_dsa_cert_file,-1,#ifdef OS2 0#else 1#endif /* OS2 */ )) skip1st = 1; rc = SSL_CTX_use_certificate_chain_file(ctx,ssl_dsa_cert_chain_file); if (!rc && ssl_debug_flag) printf("Error loading DSA Certificate Chain into SSL\r\n"); } return(rc);}VOID#ifdef CK_ANSICssl_once_init(void)#elsessl_once_init()#endif /* CK_ANSIC */{ COMP_METHOD * cm; if ( !ck_ssleay_is_installed() ) return; debug(F111,"Kermit built for OpenSSL",OPENSSL_VERSION_TEXT,SSLEAY_VERSION_NUMBER);#ifndef OS2ONLY debug(F111,"OpenSSL Library",SSLeay_version(SSLEAY_VERSION), SSLeay()); debug(F110,"OpenSSL Library",SSLeay_version(SSLEAY_BUILT_ON),0); debug(F110,"OpenSSL Library",SSLeay_version(SSLEAY_CFLAGS),0); debug(F110,"OpenSSL Library",SSLeay_version(SSLEAY_PLATFORM),0); /* The following test is suggested by Richard Levitte */ if (((OPENSSL_VERSION_NUMBER ^ SSLeay()) & 0xffffff0f) #ifdef OS2 || ckstrcmp(OPENSSL_VERSION_TEXT,(char *)SSLeay_version(SSLEAY_VERSION),-1,1)#endif /* OS2 */ ) { ssl_installed = 0; debug(F111,"OpenSSL Version does not match. Built with", SSLeay_version(SSLEAY_VERSION),SSLEAY_VERSION_NUMBER); printf("?OpenSSL libraries do not match required version."); printf(" SSL\\TLS support disabled\r\n\r\n"); bleep(BP_FAIL);#ifdef SSLDLL ck_ssl_unloaddll(); ck_crypto_unloaddll();#endif /* SSLDLL */ return; }#endif /* OS2ONLY */ /* init things so we will get meaningful error messages * rather than numbers */ SSL_load_error_strings();#ifdef SSHBUILTIN OPENSSL_add_all_algorithms_noconf();#else /* SSL_library_init() only loads those ciphers needs for SSL */ /* These happen to be a similar set to those required for SSH */ /* but they are not a complete set of ciphers provided by the */ /* crypto library. */ SSL_library_init();#endif /* SSHBUILTIN */#ifdef ZLIB cm = COMP_zlib(); if (cm != NULL && cm->type != NID_undef) { SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */ }#endif /* ZLIB */ cm = COMP_rle(); if (cm != NULL && cm->type != NID_undef) SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */ /* Ensure the Random number generator has enough entropy */ if ( !RAND_status() ) { char buffer[256]=""; char randombytes[256]; int rc1 = -1, rc2 = 1; /* assume failure and success */ debug(F110,"ssl_once_init","!RAND_status()",0); if ( ssl_rnd_file == NULL ) { debug(F110,"ssl_rnd_file","ssl_rnd_file is NULL",0); RAND_file_name(buffer,256); if ( buffer[0] ) makestr(&ssl_rnd_file, buffer); else makestr(&ssl_rnd_file,".rnd"); } debug(F110,"ssl_rnd_file",ssl_rnd_file,0); rc1 = RAND_egd(ssl_rnd_file); debug(F111,"ssl_once_init","RAND_egd()",rc1); if ( rc1 <= 0 ) { rc2 = RAND_load_file(ssl_rnd_file, -1); debug(F111,"ssl_once_init","RAND_load_file()",rc1); } if ( rc1 <= 0 && !rc2 ) { time_t t = time(NULL); int tlen = sizeof(time_t); int pid = getpid(); int plen = sizeof(int); int n;#ifndef RAND_MAX#define RAND_MAX 0x7FFF#endif debug(F110,"ssl_once_init","calling RAND_seed()",0); RAND_seed((unsigned char *)&t, tlen); RAND_seed((unsigned char *)&pid, plen); srand((unsigned int)t); sprintf(buffer, "%.0f", (((double)(rand()%RAND_MAX)/RAND_MAX)* (sizeof(randombytes)-128-1))); n = (atoi(buffer)+1)%(sizeof(randombytes)-128-1); RAND_seed(randombytes, 128); } if ( !RAND_status() ) { debug(F110,"ssl_once_init","Unable to initialize PRNG",0); printf(" Unable to load 'random state'\n"); printf(" SSL and TLS are unavailble.\n"); printf(" Use SET AUTH SSL RANDOM-FILE <file> command to provide random data.\n"); printf(" Specified file will be overwritten with new random data after use.\n"); return; } if ( ssl_rnd_file ) { int rc = RAND_write_file(ssl_rnd_file); debug(F111,"ssl_once_init","RAND_write_file()",rc); } }#ifdef NT // Initialize additional OID types for use when saving certs to a file OBJ_create("2.99999.3","SET.ex3","SET x509v3 extension 3");#endif /* NT */ /* make sure we have somewhere we can log errors to */ bio_err=BIO_new(BIO_s_mem()); debug(F100,"ssl_once_init() complete","",0);}int#ifdef CK_ANSICssl_tn_init(int mode)#elsessl_tn_init(mode) int mode;#endif /* CK_ANSIC */{#ifdef KRB5 extern char * k5_keytab; extern char * krb5_d_srv;#endif /* KRB5 */ static int last_ssl_mode = -1; SSL * ssl_conx=NULL, * tls_conx=NULL; ssl_initialized = 0; if ( !ck_ssleay_is_installed() ) return(0); debug(F111,"ssl_tn_init","mode",mode);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -