5 #include <openssl/ssl.h>
7 #include <openssl/applink.c>
14 #ifdef BUILDING_ECERE_COM
21 static char * pass = "password";
23 static int password_cb(char *buf) //,int num, int rwflag,void *userdata)
25 // if(num<strlen(pass)+1) return(0);
31 public class SSLSocket : Socket
43 static bool initialized = false;
51 void OnDisconnect(int code)
70 int ReceiveData(unsigned char * buffer, int count, unsigned int flags)
72 int n = ssl ? SSL_read(ssl, buffer, count) : Socket::ReceiveData(buffer, count, flags);
76 int SendData(unsigned char * buffer, int count, unsigned int flags)
78 int n = ssl ? SSL_write(ssl, buffer, count) : Socket::SendData(buffer, count, flags);
82 bool EstablishConnection()
89 meth = SSLv23_method();
90 //meth = TLSv1_method();
91 ctx = SSL_CTX_new(meth);
92 // cipherResult = SSL_CTX_set_cipher_list(ctx, "ALL:!DH:!EXP:!RC4:@STRENGTH"); // TLS_RSA_WITH_3DES_EDE_CBC_SHA ?
93 SSL_CTX_set_session_id_context(ctx, (void *)this, sizeof(SSLSocket));
95 sbio = BIO_new_socket(s, BIO_NOCLOSE);
96 SSL_set_bio(ssl,sbio,sbio);
98 result = SSL_connect(ssl) > 0;
103 if(!(SSL_CTX_use_certificate_chain_file(ctx, "client.pem")))
104 printf("Can't read certificate file");
106 SSL_CTX_set_default_passwd_cb(ctx, password_cb);
108 if(!(SSL_CTX_use_PrivateKey_file(ctx, "client.pem", SSL_FILETYPE_PEM)))
109 printf("Can't read key file");
111 if(!(SSL_CTX_load_verify_locations(ctx, "root.pem", 0)))
112 printf("Can't read CA list");
114 if(SSL_get_verify_result(ssl)!=X509_V_OK)
115 printf("Certificate doesn't verify");
117 peer=SSL_get_peer_certificate(ssl);
118 X509_NAME_get_text_by_NID(X509_get_subject_name(peer),
119 NID_commonName, peer_CN, 256);
121 if(strcasecmp(peer_CN, host))
122 printf("Common name doesn't match host name");
128 bool OnEstablishConnection(int s)
132 return EstablishConnection();