API tools faq
paste
Advertisement
venkat_330

SSL CONNECT

venkat_330
May 20th, 2015
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.22 KB | None | 0 0
raw download clone embed print report
  1. int setupSSL(int server){
  2.     if(InitCTX() != 0)
  3.         return -1;
  4.     ssl = SSL_new(ctx);      /* create new SSL connection state */
  5.     SSL_set_fd(ssl, server);    /* attach the socket descriptor */
  6.     if ( SSL_connect(ssl) != 1 ){   /* perform the connection */
  7.         debug_log("SYSTEM:SSL_SOCKET:Could not build a SSL session\n",TRACE_LOG);
  8.         return -1;
  9.     }
  10.     cert = SSL_get_peer_certificate(ssl);
  11.     if(cert == NULL)
  12.     {
  13.         debug_log("SYSTEM:SSL_SOCKET:Unable to retrive server certificate\n",TRACE_LOG);
  14.         return -1;
  15.     }
  16.     if(SSL_get_verify_result(ssl)!=X509_V_OK)
  17.     {
  18.         debug_log("SYSTEM:SSL_SOCKET:Certificate doesn't verify\n",TRACE_LOG);
  19.         return -1;
  20.     }
  21.     /*X509_NAME_get_text_by_NID (X509_get_subject_name (cert),  NID_commonName,  peer_CN, 256);
  22.     if(strcasecmp(peer_CN, cnName)){
  23.          debug_log("SYSTEM:SSL_SOCKET:Common name doesn't match host name\n",TRACE_LOG);
  24.          return -1;
  25.      }*/
  26.     return 0;
  27.    // LoadCertificates(ctx, CertFile, KeyFile);
  28. }
  29.  
  30.  
  31. int InitCTX(void)
  32. {
  33.  
  34.     OpenSSL_add_all_algorithms();/* Load cryptos, et.al. */
  35.     SSL_load_error_strings();/* Bring in and register error messages */
  36.     if(SSL_library_init() < 0)
  37.     {
  38.         debug_log("SYSTEM:SSL_SOCKET:Could not initialize the OpenSSL library\n",TRACE_LOG);
  39.         return -1;
  40.     }
  41.     method = SSLv3_client_method();/* Create new client-method instance */
  42.     ctx = SSL_CTX_new(method);/* Create new context */
  43.     if ( ctx == NULL)
  44.     {
  45.         debug_log("SYSTEM:SSL_SOCKET:Unable to create a new SSL context structure\n",TRACE_LOG);
  46.         return -1;
  47.     }
  48.     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
  49.     if (SSL_CTX_use_certificate_file(ctx,CertFile, SSL_FILETYPE_PEM) <= 0)
  50.     {
  51.         SSL_CTX_free(ctx);
  52.         ctx = NULL;
  53.         debug_log("SYSTEM:SSL_SOCKET:Error setting the certificate file.\n",TRACE_LOG);
  54.         return -1;
  55.     }
  56.    
  57.     /* Set the list of trusted CAs based on the file and/or directory provided*/
  58.     if(SSL_CTX_load_verify_locations(ctx,CertFile,NULL)<1)
  59.     {
  60.         SSL_CTX_free(ctx);
  61.         ctx = NULL;
  62.         debug_log("SYSTEM:SSL_SOCKET:Error setting verify location.\n",TRACE_LOG);
  63.         return -1;
  64.     }
  65.     SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
  66.     SSL_CTX_set_timeout (ctx, 60);
  67.     return 0;
  68. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!