📄 ssl_util_ssl.c
字号:
/* _ _** _ __ ___ ___ __| | ___ ___| | mod_ssl** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org** |_____|** ssl_util_ssl.c** Additional Utility Functions for OpenSSL*//* ==================================================================== * Copyright (c) 1998-2006 Ralf S. Engelschall. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following * disclaimer in the documentation and/or other materials * provided with the distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by * Ralf S. Engelschall <rse@engelschall.com> for use in the * mod_ssl project (http://www.modssl.org/)." * * 4. The names "mod_ssl" must not be used to endorse or promote * products derived from this software without prior written * permission. For written permission, please contact * rse@engelschall.com. * * 5. Products derived from this software may not be called "mod_ssl" * nor may "mod_ssl" appear in their names without prior * written permission of Ralf S. Engelschall. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by * Ralf S. Engelschall <rse@engelschall.com> for use in the * mod_ssl project (http://www.modssl.org/)." * * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */#include "mod_ssl.h"/* _________________________________________________________________**** Additional High-Level Functions for OpenSSL** _________________________________________________________________*/int SSL_get_app_data2_idx(void){ static int app_data2_idx = -1; if (app_data2_idx < 0) { app_data2_idx = SSL_get_ex_new_index(0, "Second Application Data for SSL", NULL, NULL, NULL); app_data2_idx = SSL_get_ex_new_index(0, "Second Application Data for SSL", NULL, NULL, NULL); } return(app_data2_idx);}void *SSL_get_app_data2(SSL *ssl){ return (void *)SSL_get_ex_data(ssl, SSL_get_app_data2_idx());}void SSL_set_app_data2(SSL *ssl, void *arg){ SSL_set_ex_data(ssl, SSL_get_app_data2_idx(), (char *)arg); return;}/* _________________________________________________________________**** High-Level Certificate / Private Key Loading** _________________________________________________________________*/#if SSL_LIBRARY_VERSION < 0x00904000X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char *, int, int))#elseX509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char *, int, int, void*))#endif{ X509 *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */#if SSL_LIBRARY_VERSION < 0x00904000 rc = PEM_read_X509(fp, x509, cb);#else rc = PEM_read_X509(fp, x509, cb, NULL);#endif if (rc == NULL) { /* 2. try DER+Base64 */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_X509_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); rc = d2i_X509_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && x509 != NULL) { if (*x509 != NULL) X509_free(*x509); *x509 = rc; } return rc;}#if SSL_LIBRARY_VERSION <= 0x00904100static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key){ return ((EVP_PKEY *)ASN1_d2i_bio( (char *(*)())EVP_PKEY_new, (char *(*)())d2i_PrivateKey, (bio), (unsigned char **)(key)));}#endif#if SSL_LIBRARY_VERSION < 0x00904000EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char *, int, int))#elseEVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char *, int, int, void*))#endif{ EVP_PKEY *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */#if SSL_LIBRARY_VERSION < 0x00904000 rc = PEM_read_PrivateKey(fp, key, cb);#else rc = PEM_read_PrivateKey(fp, key, cb, NULL);#endif if (rc == NULL) { /* 2. try DER+Base64 */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && key != NULL) { if (*key != NULL) EVP_PKEY_free(*key); *key = rc; } return rc;}/* _________________________________________________________________**** Smart shutdown** _________________________________________________________________*/int SSL_smart_shutdown(SSL *ssl){ int i; int rc; /* * Repeat the calls, because SSL_shutdown internally dispatches through a * little state machine. Usually only one or two interation should be * needed, so we restrict the total number of restrictions in order to * avoid process hangs in case the client played bad with the socket * connection and OpenSSL cannot recognize it. */ rc = 0; for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) { if ((rc = SSL_shutdown(ssl))) break; } return rc;}/* _________________________________________________________________**** Certificate Revocation List (CRL) Storage** _________________________________________________________________*/X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath){ X509_STORE *pStore; X509_LOOKUP *pLookup; if (cpFile == NULL && cpPath == NULL) return NULL; if ((pStore = X509_STORE_new()) == NULL) return NULL; if (cpFile != NULL) { if ((pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file())) == NULL) { X509_STORE_free(pStore); return NULL; } X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM); } if (cpPath != NULL) { if ((pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir())) == NULL) { X509_STORE_free(pStore); return NULL; } X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM); } return pStore;}int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType, X509_NAME *pName, X509_OBJECT *pObj){ X509_STORE_CTX pStoreCtx; int rc; X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL); rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj); X509_STORE_CTX_cleanup(&pStoreCtx); return rc;}/* _________________________________________________________________**** Cipher Suite Spec String Creation** _________________________________________________________________*/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -