pike.git
/
lib
/
modules
/
SSL.pmod
/
https.pike
version
»
Context lines:
10
20
40
80
file
none
3
pike.git/lib/modules/SSL.pmod/https.pike:173:
void con_closed() { werror("Connection closed.\n"); exit(0); } protected void create(Stdio.File con) { SSL.context ctx = SSL.context(); ctx->random = no_random()->read;
+
// Make sure all cipher suites are available.
+
ctx->preferred_suites =
+
ctx->sort_suites(indices(SSL.Constants.CIPHER_SUITES));
werror("Starting\n"); ssl = SSL.sslfile(con, ctx, 1); ssl->set_nonblocking(got_data, write_cb, con_closed); } } int main() { #ifdef HTTPS_CLIENT Stdio.File con = Stdio.File(); if (!con->connect("127.0.0.1", PORT)) { werror("Failed to connect to server: %s\n", strerror(con->errno())); return 17; } client(con); return -17; #else Crypto.Sign key;
-
#
ifdef ECDSA_MODE
-
#
if
constant(Crypto.ECC.Curve)
-
key = Crypto.ECC.SECP_521R1.ECDSA()->
-
set_random(Crypto.Random.random_string)->generate_key();
-
my_certificate =
-
Standards.X509.make_selfsigned_certificate(key, 3600*4, ([
-
"organizationName" : "Test",
-
"commonName" : "*",
-
]));
-
ecdsa_mode();
-
#else
-
#error ECDSA not supported by this Pike.
-
exit(1);
-
#endif
-
#else
+
#if
0
SSL3_DEBUG_MSG("Cert: '%s'\n", String.string2hex(my_certificate)); SSL3_DEBUG_MSG("Key: '%s'\n", String.string2hex(my_key)); #if 0
-
array key = SSL.asn1.ber_decode(my_key)->get_asn1()[1];
+
array
raw_
key = SSL.asn1.ber_decode(my_key)->get_asn1()[1];
SSL3_DEBUG_MSG("Decoded key: %O\n", key);
-
object n = key[1][1];
-
object e = key[2][1];
-
object d = key[3][1];
-
object p = key[4][1];
-
object q = key[5][1];
+
object n =
raw_
key[1][1];
+
object e =
raw_
key[2][1];
+
object d =
raw_
key[3][1];
+
object p =
raw_
key[4][1];
+
object q =
raw_
key[5][1];
werror("n = %s\np = %s\nq = %s\npq = %s\n", n->digits(), p->digits(), q->digits(), (p*q)->digits());
-
rsa
= Crypto.RSA();
-
rsa
->set_public_key(n, e);
-
rsa
->set_private_key(d);
+
key
= Crypto.RSA();
+
key
->set_public_key(n, e);
+
key
->set_private_key(d);
#else /* !0 */ // FIXME: Is this correct? key = Standards.PKCS.RSA.parse_private_key(my_key); #endif /* 0 */
-
//
Make
sure
all
cipher
suites
are available
.
-
rsa
_
mode
();
+
#else
+
key
=
Crypto.RSA()->
+
set_random(Crypto
.
Random.random_string)->generate_key(1024);
+
my
_
certificate =
+
Standards.X509.make_selfsigned_certificate
(
key, 3600*4, ([
+
"organizationName" : "Test",
+
"commonName" : "*",
+
]
)
)
;
#endif SSL3_DEBUG_MSG("Cipher suites:\n%s", fmt_cipher_suites(preferred_suites)); add_cert(key, ({ my_certificate }), ({ "*" }));
-
+
+
key = Crypto.DSA()->
+
set_random(Crypto.Random.random_string)->generate_key(1024, 160);
+
my_certificate =
+
Standards.X509.make_selfsigned_certificate(key, 3600*4, ([
+
"organizationName" : "Test",
+
"commonName" : "*",
+
]));
+
add_cert(key, ({ my_certificate }));
+
+
#if constant(Crypto.ECC.Curve)
+
key = Crypto.ECC.SECP_521R1.ECDSA()->
+
set_random(Crypto.Random.random_string)->generate_key();
+
my_certificate =
+
Standards.X509.make_selfsigned_certificate(key, 3600*4, ([
+
"organizationName" : "Test",
+
"commonName" : "*",
+
]));
+
add_cert(key, ({ my_certificate }));
+
#endif
+
SSL3_DEBUG_MSG("Certs:\n%O\n", cert_pairs);
-
+
random = no_random()->read; werror("Starting\n"); if (!bind(PORT, my_accept_callback)) { perror(""); return 17; } else { werror("Listening on port %d.\n", PORT); return -17; } #endif }