secure boob

This commit is contained in:
malloc 2018-09-19 16:37:38 -05:00
parent 94b5783d3b
commit 0e129180e3
4 changed files with 79 additions and 28 deletions

View file

@ -32,6 +32,8 @@
#include <cstring> #include <cstring>
#include <string> #include <string>
#include <mutex> #include <mutex>
#include "common.hpp"
#include "utils/net.hpp" #include "utils/net.hpp"
#include "utils/string.hpp" #include "utils/string.hpp"

View file

@ -1,32 +1,8 @@
#include "tcpsock.hpp" #include "tcpsock.hpp"
#include "tcpsock_ssl.cpp"
#ifndef _WIN32 #ifndef _WIN32
static struct {
SSL_CTX* ssl_server;
SSL_CTX* ssl_client;
std::mutex ssl_mtx;
} _ssl_ctx;
static bool ssl_init() {
static bool is_inited = false;
if(is_inited) return true;
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
_ssl_ctx.ssl_server = SSL_CTX_new(SSLv23_server_method());
if(!_ssl_ctx.ssl_server)
return false;
_ssl_ctx.ssl_client = SSL_CTX_new(SSLv23_client_method());
if(!_ssl_ctx.ssl_client)
return false;
is_inited = true;
return true;
}
/****************************/ /****************************/
/* BEGIN TCPCLIENT CODE */ /* BEGIN TCPCLIENT CODE */
/****************************/ /****************************/
@ -34,9 +10,12 @@ static bool ssl_init() {
sosc::TcpClient::TcpClient() { sosc::TcpClient::TcpClient() {
this->sock_open = false; this->sock_open = false;
this->addr_len = -1; this->addr_len = -1;
this->ssl = nullptr;
} }
bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) { bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) {
if(secure && !ssl_init())
return false;
if(this->sock_open) if(this->sock_open)
return false; return false;
@ -68,19 +47,37 @@ bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) {
freeaddrinfo(results); freeaddrinfo(results);
if(this->sock < 0) if(this->sock < 0)
return false; return false;
this->sock_open = true; this->sock_open = true;
if(!secure)
this->ssl = nullptr;
else {
_ssl_ctx.client_mtx.lock();
this->ssl = SSL_new(_ssl_ctx.client);
_ssl_ctx.client_mtx.lock();
SSL_set_fd(this->ssl, this->sock);
if(SSL_connect(this->ssl) != 1) {
SSL_free(this->ssl);
this->Close();
return false;
}
}
return true; return true;
} }
void sosc::TcpClient::Open void sosc::TcpClient::Open
(SOSC_SOCK_T sock, SOSC_ADDR_T addr, int addr_len) (SOSC_SOCK_T sock, SOSC_ADDR_T addr, int addr_len, bool secure)
{ {
if(this->sock_open) if(this->sock_open)
return; return;
this->sock = sock; this->sock = sock;
this->sock_open = true; this->sock_open = true;
if(!secure)
this->ssl = nullptr;
this->addr = addr; this->addr = addr;
this->addr_len = addr_len; this->addr_len = addr_len;

View file

@ -0,0 +1,48 @@
#include "tcpsock.hpp"
static struct {
SSL_CTX* server;
std::mutex server_mtx;
SSL_CTX* client;
std::mutex client_mtx;
} _ssl_ctx;
static bool ssl_init() {
static bool is_inited = false;
if(is_inited) return true;
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
_ssl_ctx.server = SSL_CTX_new(SSLv23_server_method());
if(!_ssl_ctx.server)
return false;
_ssl_ctx.client = SSL_CTX_new(SSLv23_client_method());
if(!_ssl_ctx.client)
return false;
SSL_CTX_set_ecdh_auto(_ssl_ctx.server, 1);
SSL_CTX_set_ecdh_auto(_ssl_ctx.client, 1);
int success = 0;
success |= SSL_CTX_use_certificate_file(
_ssl_ctx.server,
SOSC_RESC("ssl/cert.pem").c_str(),
SSL_FILETYPE_PEM
);
success |= SSL_CTX_use_certificate_file(
_ssl_ctx.server,
SOSC_RESC("ssl/key.pem").c_str(),
SSL_FILETYPE_PEM
);
if(success <= 0) {
SSL_CTX_free(_ssl_ctx.client);
SSL_CTX_free(_ssl_ctx.server);
return false;
}
is_inited = true;
return true;
}

View file

@ -1,4 +1,6 @@
#include "tcpsock.hpp" #include "tcpsock.hpp"
#include "tcpsock_ssl.cpp"
#ifdef _WIN32 #ifdef _WIN32
static void init_wsa() { static void init_wsa() {
@ -22,7 +24,9 @@ sosc::TcpClient::TcpClient() {
this->addr_len = -1; this->addr_len = -1;
} }
bool sosc::TcpClient::Open(std::string host, std::uint16_t port) { bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) {
if(secure && !ssl_init())
return false;
if(this->sock_open) if(this->sock_open)
return false; return false;