5 #include <openssl/ssl.h>
7 #include <openssl/applink.c>
17 static char * pass = "password";
19 static int password_cb(char *buf) //,int num, int rwflag,void *userdata)
21 // if(num<strlen(pass)+1) return(0);
27 class SSLSocket : Socket
39 static bool initialized = false;
47 void OnDisconnect(int code)
66 int ReceiveData(unsigned char * buffer, int count, unsigned int flags)
68 int n = ssl ? SSL_read(ssl, buffer, count) : Socket::ReceiveData(buffer, count, flags);
72 int SendData(unsigned char * buffer, int count, unsigned int flags)
74 int n = ssl ? SSL_write(ssl, buffer, count) : Socket::SendData(buffer, count, flags);
78 bool EstablishConnection()
85 meth = SSLv23_method();
86 //meth = TLSv1_method();
87 ctx = SSL_CTX_new(meth);
88 // cipherResult = SSL_CTX_set_cipher_list(ctx, "ALL:!DH:!EXP:!RC4:@STRENGTH"); // TLS_RSA_WITH_3DES_EDE_CBC_SHA ?
89 SSL_CTX_set_session_id_context(ctx, (void *)this, sizeof(SSLSocket));
91 sbio = BIO_new_socket(s, BIO_NOCLOSE);
92 SSL_set_bio(ssl,sbio,sbio);
94 result = SSL_connect(ssl) > 0;
99 if(!(SSL_CTX_use_certificate_chain_file(ctx, "client.pem")))
100 printf("Can't read certificate file");
102 SSL_CTX_set_default_passwd_cb(ctx, password_cb);
104 if(!(SSL_CTX_use_PrivateKey_file(ctx, "client.pem", SSL_FILETYPE_PEM)))
105 printf("Can't read key file");
107 if(!(SSL_CTX_load_verify_locations(ctx, "root.pem", 0)))
108 printf("Can't read CA list");
110 if(SSL_get_verify_result(ssl)!=X509_V_OK)
111 printf("Certificate doesn't verify");
113 peer=SSL_get_peer_certificate(ssl);
114 X509_NAME_get_text_by_NID(X509_get_subject_name(peer),
115 NID_commonName, peer_CN, 256);
117 if(strcasecmp(peer_CN, host))
118 printf("Common name doesn't match host name");
124 bool OnEstablishConnection(int s)
128 return EstablishConnection();