Mixe for Privacy and Anonymity in the Internet
CATLSClientSocket.cpp
Go to the documentation of this file.
1 /*
2 Copyright (c) 2000, The JAP-Team
3 All rights reserved.
4 Redistribution and use in source and binary forms, with or without modification,
5 are permitted provided that the following conditions are met:
6 
7  - Redistributions of source code must retain the above copyright notice,
8  this list of conditions and the following disclaimer.
9 
10  - Redistributions in binary form must reproduce the above copyright notice,
11  this list of conditions and the following disclaimer in the documentation and/or
12  other materials provided with the distribution.
13 
14  - Neither the name of the University of Technology Dresden, Germany nor the names of its contributors
15  may be used to endorse or promote products derived from this software without specific
16  prior written permission.
17 
18 
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS
20 OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
22 BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25 IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
27 */
28 #include "StdAfx.h"
29 #ifndef ONLY_LOCAL_PROXY
30 #ifdef PAYMENT
31 #include "CATLSClientSocket.hpp"
32 #include "CAUtil.hpp"
33 #include "CAMsg.hpp"
34 
35 CATLSClientSocket::CATLSClientSocket()
36  {
37  m_bConnectedTLS = false;
38  m_pCtx = SSL_CTX_new( TLSv1_client_method() );
39 #ifdef SSL_OP_NO_TICKET
40  // disable buggy TLS client extensions, as otherwise we will get no connection to a Java TLS server; the bug is fixes in OpenSSL > 0.9.8g
41  SSL_CTX_set_options(m_pCtx, SSL_OP_ALL|SSL_OP_NO_TICKET);
42 #else
43  SSL_CTX_set_options(m_pCtx, SSL_OP_ALL);
44 #endif
45  m_pSSL = NULL;
46  m_pRootCert=NULL;
47  //m_pSocket=new CASocket();
48 
49  }
50 
51 CATLSClientSocket::~CATLSClientSocket()
52  {
53  close();
54  SSL_CTX_free(m_pCtx);
55  //delete m_pSocket;
56  //m_pSocket = NULL;
57  delete m_pRootCert;
58  m_pRootCert = NULL;
59  }
60 
65 SINT32 CATLSClientSocket::close()
66  {
67  if(m_bConnectedTLS)
68  {
69  SSL_shutdown(m_pSSL);
70  m_bConnectedTLS = false;
71  }
72  if(m_pSSL!=NULL)
73  {
74  SSL_free(m_pSSL);
75  }
76  m_pSSL=NULL;
77  return CASocket::close();
78  }
79 
80 
81 
82 
86 SINT32 CATLSClientSocket::setServerCertificate(CACertificate* pCert)
87  {
88  m_pRootCert=pCert->clone();
89  return E_SUCCESS;
90  }
91 
92 
97 SINT32 CATLSClientSocket::doTLSConnect(const CASocketAddr &psa)
98  {
99  SINT32 status;
100  #ifdef DEBUG
101  CAMsg::printMsg(LOG_DEBUG,"starting tls connect\n");
102  #endif
103  if(m_bConnectedTLS)
104  return E_UNKNOWN;
105 
106  m_pSSL=SSL_new(m_pCtx);
107  // do the standard part of the ssl handshake
108 
109  SSL_set_fd( m_pSSL, m_Socket );
110  if((status = SSL_connect( m_pSSL )) != 1)
111  {
112  int err = SSL_get_error(m_pSSL, status);
113  CAMsg::printMsg(LOG_INFO,"CATLSClientSocket::doTLSConnect() failed! Reason: %i\n", err);
114  SSL_shutdown(m_pSSL);
115  close();
116  m_bConnectedTLS = false;
117  return E_UNKNOWN;
118  }
119  #ifdef DEBUG
120  CAMsg::printMsg(LOG_DEBUG,"connect passed\n");
121  #endif
122 
123  // ssl handshake ok, now let's check the server's identity
124  // Note: This code was stolen from LinuxJournal
125  // issue 89: An Introduction to OpenSSL Programming, Part I of II
126 
127 
128  // is the certificate valid?
129  SINT32 ret=SSL_get_verify_result( m_pSSL );
130  if(ret != X509_V_OK&&ret!=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT )
131  {
132  CAMsg::printMsg(LOG_ERR, "SSLClientSocket: the Server certificate is INVALID!! Error: %i\n",ret);
133  close();
134  m_bConnectedTLS = false;
135  return E_UNKNOWN;
136  }
137  X509* peerCert=SSL_get_peer_certificate(m_pSSL);
138  if(peerCert==NULL)
139  {
140  CAMsg::printMsg(LOG_ERR, "SSLClientSocket: the Server shows no certificate!\n");
141  close();
142  m_bConnectedTLS = false;
143  return E_UNKNOWN;
144  }
145  ret=1;
146  if(m_pRootCert!=NULL)
147  {
148  EVP_PKEY* pubKey=X509_get_pubkey(m_pRootCert->getX509());
149  ret=X509_verify(peerCert,pubKey);
150  }
151  X509_free(peerCert);
152  if(ret!=1)
153  {
154  CAMsg::printMsg(LOG_ERR, "SSLClientSocket: could not verify server certificate!\n");
155  close();
156  m_bConnectedTLS = false;
157  return E_UNKNOWN;
158  }
159  m_bConnectedTLS = true;
160  return E_SUCCESS;
161  }
162 
163 
164 
165 
170 SINT32 CATLSClientSocket::connect(const CASocketAddr & psa, UINT32 msTimeout)
171  {
172  SINT32 rc;
173  // call base class connect function
174  if( (rc=CASocket::connect(psa, msTimeout)) != E_SUCCESS)
175  {
176  CASocket::close();
177  return rc;
178  }
179  // do our own connection initialisation (TLS handshake)
180  rc = doTLSConnect(psa);
181  return rc;
182  }
183 
190 SINT32 CATLSClientSocket::send(const UINT8* buff,UINT32 len)
191 {
192  if(len==0)
193  {
194  return E_SUCCESS; //nothing to send
195  }
196  SINT32 ret=::SSL_write(m_pSSL,(char*)buff,len);
197  if(ret<0)
198  {
199  int err = SSL_get_error(m_pSSL, ret);
200  if ( (SSL_ERROR_WANT_READ == err) ||
201  (SSL_ERROR_WANT_WRITE == err) )
202  {
203  return E_AGAIN;
204  }
205 
206  if( (err == SSL_ERROR_SYSCALL) && (ret == -1) )
207  {
208  int errnum = errno;
209  CAMsg::printMsg(LOG_ERR, "TLS-Socket: send I/O error occured: %s\n", strerror(errnum));
210  }
211  return SOCKET_ERROR;
212  }
213  return ret;
214 }
215 
222 SINT32 CATLSClientSocket::sendFully(const UINT8* buff, UINT32 len)
223  {
224  if(len==0)
225  return E_SUCCESS; //nothing to send
226  SINT32 ret=::SSL_write(m_pSSL,(char*)buff,len);
227  if(ret < 0 || ((UINT32)ret) < len)
228  return E_UNKNOWN;
229  return E_SUCCESS;
230  }
231 
232 
244 SINT32 CATLSClientSocket::receive(UINT8* buff,UINT32 len)
245 {
246  SINT32 ret=::SSL_read(m_pSSL,(char*)buff,len);
247  if(ret<0)
248  {
249  int err = SSL_get_error(m_pSSL, ret);
250  if ( (SSL_ERROR_WANT_READ == err) ||
251  (SSL_ERROR_WANT_WRITE == err) )
252  {
253  return E_AGAIN;
254  }
255 
256  if( (err == SSL_ERROR_SYSCALL) && (ret == -1) )
257  {
258  int errnum = errno;
259  CAMsg::printMsg(LOG_ERR, "TLS-Socket: receive I/O error occured: %s\n", strerror(errnum));
260  }
261  return SOCKET_ERROR;
262  }
263  return ret;
264 }
265 
266 #endif
267 #endif //ONLY_LOCAL_PROXY
SOCKET_ERROR
#define SOCKET_ERROR
Definition: StdAfx.h:464
SINT32
signed int SINT32
Definition: basetypedefs.h:132
UINT8
unsigned char UINT8
Definition: basetypedefs.h:135
UINT32
unsigned int UINT32
Definition: basetypedefs.h:131
CACertificate::getX509
X509 * getX509() const
Definition: CACertificate.hpp:92
CACertificate::clone
CACertificate * clone() const
Definition: CACertificate.hpp:53
CAMsg::printMsg
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251
CASocketAddr
This is an abstract class for representing a socket address used in CASocket, CADatagramSocket and CA...
Definition: CASocketAddr.hpp:33
CASocket::m_Socket
SOCKET m_Socket
Definition: CASocket.hpp:150
CASocket::close
virtual SINT32 close()
Definition: CASocket.cpp:351
CASocket::connect
virtual SINT32 connect(const CASocketAddr &psa)
Definition: CASocket.hpp:64
CATLSClientSocket::send
SINT32 send(const UINT8 *buff, UINT32 len)
Sends all data over the network.
Definition: CATLSClientSocket.cpp:190
CATLSClientSocket::close
SINT32 close()
Shuts down the socket.
Definition: CATLSClientSocket.cpp:65
CATLSClientSocket::receive
SINT32 receive(UINT8 *buff, UINT32 len)
Will receive some bytes from the socket.
Definition: CATLSClientSocket.cpp:244
CATLSClientSocket::connect
SINT32 connect(const CASocketAddr &psa, UINT32 msTimeout)
Establishes the actual TCP/IP connection and performs the TLS handshake.
Definition: CATLSClientSocket.cpp:170
CATLSClientSocket::sendFully
SINT32 sendFully(const UINT8 *buff, UINT32 len)
Sends all data over the network.
Definition: CATLSClientSocket.cpp:222
CATLSClientSocket::setServerCertificate
SINT32 setServerCertificate(CACertificate *pCert)
Sets the Certifcate we accept as server identification.
Definition: CATLSClientSocket.cpp:86
CATLSClientSocket::m_pRootCert
CACertificate * m_pRootCert
Definition: CATLSClientSocket.hpp:87
CATLSClientSocket::m_bConnectedTLS
bool m_bConnectedTLS
is the TLS layer established ?
Definition: CATLSClientSocket.hpp:89
CATLSClientSocket::doTLSConnect
SINT32 doTLSConnect(const CASocketAddr &psa)
Does the TLS handshake.
Definition: CATLSClientSocket.cpp:97
E_SUCCESS
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2
E_AGAIN
#define E_AGAIN
Definition: errorcodes.hpp:9
E_UNKNOWN
#define E_UNKNOWN
Definition: errorcodes.hpp:3
len
UINT16 len
Definition: typedefs.hpp:0
Generated on Sat Jul 22 2023 00:20:12 for Mixe for Privacy and Anonymity in the Internet by doxygen 1.9.1