/* * The MIT License * * Copyright 2018 Ugo Cirmignani. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ #ifdef OPENSSL_ENABLED #include #include #include #include #include #include #include #include "openSsl.h" #include "fileManagement.h" void initOpenssl() { OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */ SSL_load_error_strings(); /* Bring in and register error messages */ ERR_load_BIO_strings(); ERR_load_crypto_strings(); SSL_library_init(); } void cleanupOpenssl() { EVP_cleanup(); } SSL_CTX *createServerContext() { const SSL_METHOD *method; SSL_CTX *ctx; method = TLS_server_method(); ctx = SSL_CTX_new(method); if (!ctx) { perror("Unable to create server SSL context"); ERR_print_errors_fp(stderr); exit(0); } return ctx; } SSL_CTX *createClientContext(void) { const SSL_METHOD *method; SSL_CTX *ctx; method = TLS_client_method(); /* Create new client-method instance */ ctx = SSL_CTX_new(method); /* Create new context */ //SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); //SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE| SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); //SSL_CTX_set_ecdh_auto(ctx, 1); if (ctx == NULL) { perror("Unable to create server SSL context"); ERR_print_errors_fp(stderr); abort(); exit(0); } return ctx; } void configureClientContext(SSL_CTX *ctx, char *certificatePath, char* privateCertificatePath) {/* if (FILE_IsFile(certificatePath) != 1) { printf("\ncertificate file: %s not found!", certificatePath); exit(0); } if (FILE_IsFile(privateCertificatePath) != 1) { printf("\ncertificate file: %s not found!", privateCertificatePath); exit(0); } Set the key and cert if (SSL_CTX_use_certificate_file(ctx, certificatePath, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } if (SSL_CTX_use_PrivateKey_file(ctx, privateCertificatePath, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } */ } void configureContext(SSL_CTX *ctx, char *certificatePath, char* privateCertificatePath) { if (FILE_IsFile(certificatePath) != 1) { printf("\ncertificate file: %s not found!", certificatePath); exit(0); } if (FILE_IsFile(privateCertificatePath) != 1) { printf("\ncertificate file: %s not found!", privateCertificatePath); exit(0); } SSL_CTX_set_ecdh_auto(ctx, 1); /* Set the key and cert */ if (SSL_CTX_use_certificate_file(ctx, certificatePath, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } if (SSL_CTX_use_PrivateKey_file(ctx, privateCertificatePath, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } } void ShowCerts(SSL* ssl) { X509 *cert; char *line; cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */ if ( cert != NULL ) { printf("Server certificates:\n"); line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); printf("Subject: %s\n", line); free(line); /* free the malloc'ed string */ line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); printf("Issuer: %s\n", line); free(line); /* free the malloc'ed string */ X509_free(cert); /* free the malloc'ed certificate copy */ } else printf("No certificates.\n"); } #endif