|
@@ -1,4 +1,5 @@
|
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/ssl.h>
|
|
|
|
|
+#include <openssl/err.h>
|
|
|
#include "Server.h"
|
|
#include "Server.h"
|
|
|
#ifndef WIN32
|
|
#ifndef WIN32
|
|
|
#include <string.h>
|
|
#include <string.h>
|
|
@@ -280,6 +281,29 @@ int pem_passwd_cb( char *buf, int size, int rwflag, void *userdata )
|
|
|
return (int)strlen( buf );
|
|
return (int)strlen( buf );
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+bool SSLErrorCheck( int result, SSL *ssl, const char *action )
|
|
|
|
|
+{
|
|
|
|
|
+ if( result <= 0 )
|
|
|
|
|
+ {
|
|
|
|
|
+ std::cout << "ERROR: '" << action << "' returned error code: " << SSL_get_error( ssl, result ) << "\n";
|
|
|
|
|
+ std::cout.flush();
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
+ return 1;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+bool SSLErrorCheck( int result, const char *action )
|
|
|
|
|
+{
|
|
|
|
|
+ if( result <= 0 )
|
|
|
|
|
+ {
|
|
|
|
|
+ unsigned long error = ERR_get_error();
|
|
|
|
|
+ std::cout << "ERROR: '" << action << "' returned " << result << " error code: " << error << "(" << ERR_reason_error_string( error ) << ")\n";
|
|
|
|
|
+ std::cout.flush();
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
+ return 1;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
// Inhalt der SSLServer Klasse
|
|
// Inhalt der SSLServer Klasse
|
|
|
// Konstruktor
|
|
// Konstruktor
|
|
|
SSLServer::SSLServer()
|
|
SSLServer::SSLServer()
|
|
@@ -287,6 +311,7 @@ SSLServer::SSLServer()
|
|
|
{
|
|
{
|
|
|
s = 0;
|
|
s = 0;
|
|
|
ctx = SSL_CTX_new( SSLv23_server_method() );
|
|
ctx = SSL_CTX_new( SSLv23_server_method() );
|
|
|
|
|
+ SSL_CTX_set_min_proto_version( ctx, TLS1_2_VERSION );
|
|
|
SSL_CTX_set_default_passwd_cb( ctx, pem_passwd_cb );
|
|
SSL_CTX_set_default_passwd_cb( ctx, pem_passwd_cb );
|
|
|
passw = new Text();
|
|
passw = new Text();
|
|
|
SSL_CTX_set_default_passwd_cb_userdata( ctx, passw );
|
|
SSL_CTX_set_default_passwd_cb_userdata( ctx, passw );
|
|
@@ -310,13 +335,13 @@ SSLServer::~SSLServer()
|
|
|
// Setzt den Pfad zur Datei, in dem das Certifikat gespeichert ist
|
|
// Setzt den Pfad zur Datei, in dem das Certifikat gespeichert ist
|
|
|
bool SSLServer::setCertificateFile( const char *file )
|
|
bool SSLServer::setCertificateFile( const char *file )
|
|
|
{
|
|
{
|
|
|
- return SSL_CTX_use_certificate_file( ctx, file, SSL_FILETYPE_PEM ) > 0;
|
|
|
|
|
|
|
+ return SSLErrorCheck( SSL_CTX_use_certificate_file( ctx, file, SSL_FILETYPE_PEM ), "SSL_CTX_use_certificate_file" );
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// Setzt den Pfad zur Datei, in dem der private Schlüssel gespeichert ist
|
|
// Setzt den Pfad zur Datei, in dem der private Schlüssel gespeichert ist
|
|
|
bool SSLServer::setPrivateKeyFile( const char *file )
|
|
bool SSLServer::setPrivateKeyFile( const char *file )
|
|
|
{
|
|
{
|
|
|
- return SSL_CTX_use_PrivateKey_file( ctx, file, SSL_FILETYPE_PEM ) > 0;
|
|
|
|
|
|
|
+ return SSLErrorCheck( SSL_CTX_use_PrivateKey_file( ctx, file, SSL_FILETYPE_PEM ), "SSL_CTX_use_PrivateKey_file" );
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// setzt das passwort des private keys (muss vor setPrivateKeyFile aufgerufen werden)
|
|
// setzt das passwort des private keys (muss vor setPrivateKeyFile aufgerufen werden)
|
|
@@ -373,8 +398,18 @@ SSLSKlient *SSLServer::getKlient()
|
|
|
#endif
|
|
#endif
|
|
|
addr.sin_port = this->addr.sin_port;
|
|
addr.sin_port = this->addr.sin_port;
|
|
|
SSL *ssl = SSL_new( ctx );
|
|
SSL *ssl = SSL_new( ctx );
|
|
|
- SSL_set_fd( ssl, (int)client );
|
|
|
|
|
- if( SSL_accept( ssl ) <= 0 )
|
|
|
|
|
|
|
+ if( ssl == 0 && !SSLErrorCheck( 0, "SSL_new" ) )
|
|
|
|
|
+ {
|
|
|
|
|
+ closesocket( client );
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
+ if( !SSLErrorCheck( SSL_set_fd( ssl, (int)client ), ssl, "SSL_set_fd" ) )
|
|
|
|
|
+ {
|
|
|
|
|
+ SSL_free( ssl );
|
|
|
|
|
+ closesocket( client );
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
+ if( !SSLErrorCheck( SSL_accept( ssl ), ssl, "SSL_accept" ) )
|
|
|
{
|
|
{
|
|
|
SSL_free( ssl );
|
|
SSL_free( ssl );
|
|
|
closesocket( client );
|
|
closesocket( client );
|
Kolja Strohm