Пример #1
0
func sslInit(ctx SSL_CTX, hostname string) (bio.BIO, error) {
	/* Initialize the SSL and connect BIOs */
	conn := bio.BIO_new_ssl_connect(ctx)
	if conn == nil {
		return nil, errors.New("Unable to setup I/O")
	}

	if SSL_CTX_load_verify_locations(ctx, "", "/etc/ssl/certs") != 1 {
		return nil, errors.New("Unable to load certificates for verification")
	}
	if bio.BIO_set_conn_hostname(conn, hostname) != 1 {
		return nil, errors.New("Unable to set hostname in BIO object")
	}

	/* Setup SSL */
	sslInst := SSL_new(ctx)
	if sslInst == nil {
		return nil, errors.New("Unable to initialize SSL")
	}

	if bio.BIO_get_ssl(conn, sslInst) != 1 {
		return nil, errors.New("Unable to configure SSL for I/O")
	}

	ciphers := "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4"
	if SSL_set_cipher_list(sslInst, ciphers) != 1 {
		return nil, errors.New("Unable to configure ciphers")
	}

	if SSL_set_tlsext_host_name(sslInst, hostname) != 1 {
		return nil, errors.New("Unable to set SSL hostname")
	}

	return conn, nil
}
Пример #2
0
				sslInst = SSL_new(ctx)
				Expect(sslInst).NotTo(BeNil())
			})

			AfterEach(func() {
				bio.BIO_free_all(conn)
				SSL_free(sslInst)
				SSL_CTX_free(ctx)
			})

			It("Connects to a known site", func() {
				host = "www.random.org"
				hostport = "www.random.org:443"

				/* Setup the connect BIO, since we're a client */
				conn = bio.BIO_new_ssl_connect(ctx)
				Expect(conn).NotTo(BeNil())
				Expect(bio.BIO_set_conn_hostname(conn, hostport)).To(BeEquivalentTo(1))
				Expect(bio.BIO_get_conn_hostname(conn)).To(Equal(hostport))

				/* Setup SSL */
				Expect(bio.BIO_get_ssl(conn, sslInst)).To(BeEquivalentTo(1))
				ciphers := "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4"
				Expect(SSL_set_cipher_list(sslInst, ciphers)).To(Equal(1))
				Expect(SSL_set_tlsext_host_name(sslInst, host)).To(BeEquivalentTo(1))
				/* Make the connection */
				Expect(bio.BIO_do_connect(conn)).To(BeEquivalentTo(1))
			})

			// Expect(crypto.BIO_do_handshake(conn.(crypto.BIO))).To(BeEquivalentTo(1))
			/*flags := SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION