func sslInit(ctx SSL_CTX, hostname string) (bio.BIO, error) {
/* Initialize the SSL and connect BIOs */
conn := bio.BIO_new_ssl_connect(ctx)
if conn == nil {
return nil, errors.New("Unable to setup I/O")
}
if SSL_CTX_load_verify_locations(ctx, "", "/etc/ssl/certs") != 1 {
return nil, errors.New("Unable to load certificates for verification")
}
if bio.BIO_set_conn_hostname(conn, hostname) != 1 {
return nil, errors.New("Unable to set hostname in BIO object")
}
/* Setup SSL */
sslInst := SSL_new(ctx)
if sslInst == nil {
return nil, errors.New("Unable to initialize SSL")
}
if bio.BIO_get_ssl(conn, sslInst) != 1 {
return nil, errors.New("Unable to configure SSL for I/O")
}
ciphers := "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4"
if SSL_set_cipher_list(sslInst, ciphers) != 1 {
return nil, errors.New("Unable to configure ciphers")
}
if SSL_set_tlsext_host_name(sslInst, hostname) != 1 {
return nil, errors.New("Unable to set SSL hostname")
}
return conn, nil
}
})
AfterEach(func() {
bio.BIO_free_all(conn)
SSL_free(sslInst)
SSL_CTX_free(ctx)
})
It("Connects to a known site", func() {
host = "www.random.org"
hostport = "www.random.org:443"
/* Setup the connect BIO, since we're a client */
conn = bio.BIO_new_ssl_connect(ctx)
Expect(conn).NotTo(BeNil())
Expect(bio.BIO_set_conn_hostname(conn, hostport)).To(BeEquivalentTo(1))
Expect(bio.BIO_get_conn_hostname(conn)).To(Equal(hostport))
/* Setup SSL */
Expect(bio.BIO_get_ssl(conn, sslInst)).To(BeEquivalentTo(1))
ciphers := "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4"
Expect(SSL_set_cipher_list(sslInst, ciphers)).To(Equal(1))
Expect(SSL_set_tlsext_host_name(sslInst, host)).To(BeEquivalentTo(1))
/* Make the connection */
Expect(bio.BIO_do_connect(conn)).To(BeEquivalentTo(1))
})
// Expect(crypto.BIO_do_handshake(conn.(crypto.BIO))).To(BeEquivalentTo(1))
/*flags := SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ctx, flags)
Expect(host).To(Equal(1))