constcast
/
vermont
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support openssl > 1.1.0 (older versions not supported)

master
Lothar Braun 2020-04-11 12:31:23 +02:00
parent 3e22a8f5e9
commit dc8608d5d0
14 changed files with 213 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CMakeLists.txt
View File

@ -527,13 +527,13 @@ ENDIF(CONNECTION_FILTER)
OPTION(SUPPORT_DTLS "Enables/Disables encryption support for IPFIX messages." OFF)
IF (SUPPORT_DTLS)
FIND_PACKAGE(OpenSSL 1.0.0)
FIND_PACKAGE(OpenSSL)
IF (NOT OPENSSL_FOUND)
MESSAGE(FATAL_ERROR "Could not find openssl. Please install the library or turn off SUPPORT_DTLS")
ENDIF (NOT OPENSSL_FOUND)
IF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
MESSAGE(FATAL_ERROR "openssl version must be less than 1.1.0")
ENDIF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
IF (NOT (${OPENSSL_VERSION} VERSION_GREATER_EQUAL 1.1.0))
MESSAGE(FATAL_ERROR "openssl version must be 1.1.0 or higher")
ENDIF (NOT (${OPENSSL_VERSION} VERSION_GREATER_EQUAL 1.1.0))
INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
TARGET_LINK_LIBRARIES(vermont ${OPENSSL_LIBRARIES})
ADD_DEFINITIONS(-DSUPPORT_DTLS)

4
configs/dtls/dtls_exporter.xml
View File

@ -3,7 +3,7 @@
<checkinterval>2</checkinterval>
</sensorManager>
<observer id="1">
<filename>../sample_data/sample1.cap</filename>
<interface>wlp2s0</interface>
<pcap_filter>ip</pcap_filter>
<!-- offlineSpeed>-1</offlineSpeed -->
<next>2</next>
@ -69,7 +69,7 @@
<dtlsMaxConnectionLifetime unit="sec">3600</dtlsMaxConnectionLifetime>
<collector>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>DTLS_OVER_SCTP</transportProtocol>
<transportProtocol>DTLS_OVER_UDP</transportProtocol>
<peerFqdn>collector.example.com</peerFqdn>
<mtu>60000</mtu>
</collector>

4
configs/dtls/dtls_printer.xml
View File

@ -5,8 +5,8 @@
<CAfile>configs/example_certs/vermontCA.pem</CAfile>
<CApath>/etc/ssl/certs</CApath>
<listener>
<transportProtocol>DTLS_OVER_SCTP</transportProtocol>
<!-- transportProtocol>DTLS_OVER_UDP</transportProtocol -->
<!--transportProtocol>DTLS_OVER_SCTP</transportProtocol>-->
<transportProtocol>DTLS_OVER_UDP</transportProtocol>
<!-- peerFqdn>ex352.example.com</peerFqdn -->
<!-- peerFqdn>exporter.example.com</peerFqdn -->
</listener>

82
configs/example_certs/collector_cert.pem
View File

@ -1,57 +1,29 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Vermont example CA
Validity
Not Before: Mar 3 17:34:16 2009 GMT
Not After : Feb 26 17:34:16 2029 GMT
Subject: CN=Collector
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c8:a8:bc:ed:e1:4a:1c:e6:7c:db:f2:41:26:99:
0c:97:9f:52:4f:4f:ec:06:35:2f:32:ec:3c:88:13:
b2:d3:88:83:00:d9:5b:a2:58:be:25:3c:16:67:92:
61:1e:7e:3d:9a:7a:01:7d:ca:71:76:f3:96:74:80:
ec:78:3c:32:26:13:3a:d8:02:60:23:2d:b5:e5:88:
93:93:86:f9:cb:c4:f4:7f:40:53:14:2a:9a:65:f5:
9e:6f:7d:52:7f:ae:f2:b5:2f:9a:54:23:fc:fa:ed:
57:4a:23:c7:f9:87:e6:1f:e4:d3:47:45:c6:4a:2e:
94:38:ae:51:c8:06:7d:4f:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
48:B1:AF:25:4D:6C:97:56:64:84:2F:3F:F7:E6:CD:26:C9:95:0F:E9
X509v3 Authority Key Identifier:
keyid:F9:79:19:E7:91:26:27:24:EC:78:65:8C:BB:CD:10:8F:A2:1A:DC:05
X509v3 Subject Alternative Name:
DNS:collector.example.com
Signature Algorithm: sha1WithRSAEncryption
5e:63:1a:f2:ff:c0:dd:b6:3f:ef:f0:14:3d:6c:67:95:e1:ab:
1a:ef:e8:16:fc:0d:f6:4f:2e:7d:05:2f:02:ff:27:d0:f0:0a:
dd:fe:9a:f7:d3:bb:43:2c:9c:f6:50:6f:ec:00:03:b0:f4:86:
77:3c:0b:86:fb:09:c7:76:75:0e:19:44:21:11:c7:1b:5b:d8:
1c:59:ae:49:79:e0:5e:b1:6c:34:c9:b1:a1:61:70:6a:32:05:
b8:c5:60:01:a5:ab:36:1b:4f:41:32:a0:90:e9:7c:ea:3c:45:
0f:47:7a:c4:cb:b7:8a:5f:51:4f:d2:c8:14:e8:bc:e3:99:2b:
3a:2a
-----BEGIN CERTIFICATE-----
MIICFjCCAX+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJWZXJt
b250IGV4YW1wbGUgQ0EwHhcNMDkwMzAzMTczNDE2WhcNMjkwMjI2MTczNDE2WjAU
MRIwEAYDVQQDEwlDb2xsZWN0b3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMiovO3hShzmfNvyQSaZDJefUk9P7AY1LzLsPIgTstOIgwDZW6JYviU8FmeSYR5+
PZp6AX3KcXbzlnSA7Hg8MiYTOtgCYCMtteWIk5OG+cvE9H9AUxQqmmX1nm99Un+u
8rUvmlQj/PrtV0ojx/mH5h/k00dFxkoulDiuUcgGfU8FAgMBAAGjbzBtMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFEixryVNbJdWZIQvP/fmzSbJlQ/pMB8GA1UdIwQYMBaA
FPl5GeeRJick7HhljLvNEI+iGtwFMCAGA1UdEQQZMBeCFWNvbGxlY3Rvci5leGFt
cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBeYxry/8Ddtj/v8BQ9bGeV4asa7+gW
/A32Ty59BS8C/yfQ8Ard/pr307tDLJz2UG/sAAOw9IZ3PAuG+wnHdnUOGUQhEccb
W9gcWa5JeeBesWw0ybGhYXBqMgW4xWABpas2G09BMqCQ6XzqPEUPR3rEy7eKX1FP
0sgU6LzjmSs6Kg==
MIIE7zCCAtegAwIBAgIUKj7HWWW8djC+TQvrBR3N3FDkI2gwDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSVmVybW9udCBleGFtcGxlIENBMB4XDTIwMDQxMTA1NTYw
NFoXDTIwMDUxMTA1NTYwNFowIDEeMBwGA1UEAwwVY29sbGVjdG9yLmV4YW1wbGUu
Y29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0iZwtlWCcbIQ8eQP
qypj53NgJ3lmKf+YtbNEauEEP8sRlxw5GbXl0PsQ2lwFOcUqZbxs2Awcspo8tIBi
CZFkEyTrrl0UhP+qQVvn54Aa5bt419FnZDMyrjXh/5D2NHdxNTFj6xpHhAzwv3b1
+1hFYi8p9aL98UMDJGJm+6uJMiiNd8+kIGCbp7w1Qhdp5W0/jCNe+SKlPQTvUQrl
eR4IpQM8Sqg+H8KRIc0S4/L3FXoHexIO9sHzgk+/++gbh/GsGQVlueLQHNG/gQRX
rd5pdvevKXLbO28Qx1ZM0VLK1gUhxdx60Kh1RADah2PEgtjusX+YGSqmJXT+i6mh
an0Qpai1WwbOLvGG6K8mz+YZ5i73+vxywax6dq/v26aC458ViWVGMm4/BDApxi+q
zqgpFZgs/WR9o+ofp7bnzZPk9XyuSO4wxeP0NkE2Gxy6AW0Vx+hT8wvzLPiM283Y
wDUhTzwLPXqfG2DBCHLkfqgijC5Hje1dlJkQI1Qzx5Iv02p5UqYUJlc8nAsvdyK3
99yjWUyt5RcsHbp1Qopw+I9iiofXgEUx7SGWE0IzMYDFxw/E9afFSuNSczObVxWa
8CxyerpLCSR8JqK8y1zmMwDPPA9ZPUb4EAhT87N62H/WWBUEWxnC3KWDlpKd63Ab
4+sNPoCZ9M8rjwfuMYI6nWCdsikCAwEAAaMkMCIwIAYDVR0RBBkwF4IVY29sbGVj
dG9yLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBiZNCZQBl6TEKoVh8g
CFMyV1dyZAizmV8m3ZIVvS+rwl+bIxxbyLq+J8Y/uAeJVmSh/djaVDrJffksF7E+
bDuw/IU2wmsGWtsmrWGpZJHZpV26WZBbLFgq6Gc0C04gCcgLOIYPGbOv/6TC/WXJ
CIcAwjryaoK1zER4lxDFX/qX8Wqb7t9lcNIdjrsWB+YiQUzKa/sVvkbQ8yso54jI
jqz0f9JPXMnYtb3XXEg8iCIxIdbQFKYb8MsdiBEcRITKz0el09BusaMZ9qwi4ikx
3I+7+5hjVtmC4gfoQmmmvdLOsFMTX0Y5cWuLDyw2SuWBOyg5HcucXTH29IQIJb9i
1puar1V59yuJlJEUkpcVMU3wm6QiMabc+hJ0YQSKCEUo7zphtj05b09qsHOjH38b
COJKh2SZoQxI9yPkisWap97/Tu9w+5U1DD5wawRd0HaI0DS0xQqS5e6TL3afwMEZ
+J3hW0lh7pun/UjwXN2gZaGpQdPRKVkRVV1s6Kj7v3zd9pGKOxZQPG/loup0QSke
PemLiYEzdXHukN9wtBktNZ8Uau5goXugl+kcX4WdwzA+5jB9jQxLtL18odYjQowO
1JSFE9ZnFveik4IRY/L2zQSRQvHOEiPUEl8dHtHvcQliiWcR210FJ6urfv02by+K
AJwJA1IxBZIrzFknHeE4JpoatA==
-----END CERTIFICATE-----

62
configs/example_certs/collector_key.pem
View File

@ -1,15 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDIqLzt4Uoc5nzb8kEmmQyXn1JPT+wGNS8y7DyIE7LTiIMA2Vui
WL4lPBZnkmEefj2aegF9ynF285Z0gOx4PDImEzrYAmAjLbXliJOThvnLxPR/QFMU
Kppl9Z5vfVJ/rvK1L5pUI/z67VdKI8f5h+Yf5NNHRcZKLpQ4rlHIBn1PBQIDAQAB
AoGAIGWF404tXg8kd4pcVHP/YXd6nY2EyNfLYAheGYY8qARxSjDNp592S6Kw51Xt
0jOFlKxAE2Qc/5yCXRr3ks39NnlJkdxYPehjobIemFlr/rW85S5Qds9gjV0VBbnd
ouozSi9Onk/yOkB8jd71aKuKvzy07IOK9kW/RrVcqu8G5IECQQDp30a+LlPftiwo
7KC9o08OapTOROcnvRPOql3UrTzQYZbaSSUT589UMS6FyAxayAdVb92VwLsubyBc
3J1QGdLlAkEA26T+XFBWPsq2WvnBERb/g5Ik0kKy26ME1gObOvbG8zlO2kUF95vz
t19LaakgUv7qMV2HPeK5J3KHq05mgQUpoQJAIAyV8Df/DHg1gwIyYOqBSfN3IvE0
UDDMBxU3uI5o+BF3j8BYUWsB8YKv4mtwrfwdbSrgTcZUoF9gKvmcoT54tQJAWa2m
BP7wF7cgeUib4WRocsnKquZ8rFyE7vSN/qcfV9NANLIV26EbAvWvjrZ08i4OZJVx
UH0vZ8HFTtY119vJwQJBAKlXaAAeM3wPYfU+kd0ogQJssCMHLCxTw17RaN21Io9p
AHM+elYKJgkInoCynGV+s/Ajs5FB62rLJs3GBKi+clY=
MIIJKgIBAAKCAgEA0iZwtlWCcbIQ8eQPqypj53NgJ3lmKf+YtbNEauEEP8sRlxw5
GbXl0PsQ2lwFOcUqZbxs2Awcspo8tIBiCZFkEyTrrl0UhP+qQVvn54Aa5bt419Fn
ZDMyrjXh/5D2NHdxNTFj6xpHhAzwv3b1+1hFYi8p9aL98UMDJGJm+6uJMiiNd8+k
IGCbp7w1Qhdp5W0/jCNe+SKlPQTvUQrleR4IpQM8Sqg+H8KRIc0S4/L3FXoHexIO
9sHzgk+/++gbh/GsGQVlueLQHNG/gQRXrd5pdvevKXLbO28Qx1ZM0VLK1gUhxdx6
0Kh1RADah2PEgtjusX+YGSqmJXT+i6mhan0Qpai1WwbOLvGG6K8mz+YZ5i73+vxy
wax6dq/v26aC458ViWVGMm4/BDApxi+qzqgpFZgs/WR9o+ofp7bnzZPk9XyuSO4w
xeP0NkE2Gxy6AW0Vx+hT8wvzLPiM283YwDUhTzwLPXqfG2DBCHLkfqgijC5Hje1d
lJkQI1Qzx5Iv02p5UqYUJlc8nAsvdyK399yjWUyt5RcsHbp1Qopw+I9iiofXgEUx
7SGWE0IzMYDFxw/E9afFSuNSczObVxWa8CxyerpLCSR8JqK8y1zmMwDPPA9ZPUb4
EAhT87N62H/WWBUEWxnC3KWDlpKd63Ab4+sNPoCZ9M8rjwfuMYI6nWCdsikCAwEA
AQKCAgEAq6EhZIippFmdZTCxa0WPmjOsUBDh02MgQSVLt05WvhMHJrayG8FnFCo4
NV36Fphka/pbmocp2OQGuBQx/UZ0yP3aTelPHOABGKgK2hLR5NYbd4daPYdi2MzA
6oxlx6vVFXBk/lnUFpDK/lQVyVTqNan3Rtn7M9Na+Zg0K06JGiHsh/FZReggt/kK
NhQRNILo53br1eTpttAU88dGaoiQ3tOppf+J3T52cXie+PQxv6SN/4FcH0N/sOmZ
Dg8ejQRfXX/++LW46hCTqrb1NNb0o2jd8agQTJYEygg9bKeFaQ1/66yJ0WgDfaqE
zxY4I/Uv3F8sxUEDuIu4aC/92I6TzHuC7HnqH8Kn/gNSK6l+uZ0OTjXisnGG7GVw
zdrp92dHkg8eTTTX7nhxH8TaoDcImXadRupOQNEp3ScMBxLyl3ek3Q9TpBGR+xgC
M/hrRR43VIog2CQF0yyAlC9u499esJ+OsSgOjZWVdHGiioLys4yRTLm4e5ujVziq
usX6fXZPYMqEpXFRSZ+swNrAJ85lqxmI+Qb334nQI7VQdfYAVg3izRHDKV1YQNer
UlayNuRijcLokPBcUw8Hi/cXVtJLpqROVJLJpzltM/2xeRAtqbxJ3r6QABsXh2LG
TplxYlJmAy7Ksb4yQFZly04m8kY/Oyv+ZUHnlj/h1cturTdrekECggEBAP2KpQSw
GQIyfEIUt0wR/7RUOl2Df0pUNsoBQSwNgCHQRLfK7HUkNd/hGKLWPl7InyuDkTTU
ZC/nyAiUmE/bkHmvEITDVXUquimVq/bGm35TGrt7XSGL+UQzp4omE4W4yPcGJHYa
P1kLifPzlQeNmZKJaKWZgct9X/sMYoJyBIJKfb6JmyWoNESG+r6mj3hy1u445Hf7
yre3GYSUlCJ2ANbfiRteDUWyKnxR6CE3yjzXl6pok9RGxBdKecUqeYJ9Dr4dZ0rn
Bu8+zn3JcGIXAripjVsvF+hmdwcrSpHi9OxYk9T0TClebcsexbRP/eAydQgynwTg
+6AQBkFfPuqedvUCggEBANQwFkZFX72qUjz5E6rWDDBBoUNisqWGPifL4ggqzXQN
1m2x7kcjF9qMyRIvbwJCv7PHrnXF2tlouYwcsSXWzI91qSdJQ6PPX8SbxCMuKcG0
ENztPKS3Z87PA2b7Jfzl7qQRqe0pIn28hl0Bpu1olrQhqXwCL/pnVvyfxgRfCG6P
LsaSEAi9Y+0LPZ9aHWIdwMyY61kHY8fz83dxxnt43i9ZEDkc2Lhugd1L2/MwyjpA
BkiOsAOPhc7+GyKLwVOk6VrMa5tCnmUgheqfYK1rNco5Uxeo6Tm860zWATe9zQPc
NkkfJOdW7XfcWTKmfoji7iY51Yyz4BtcMy/Yvq7QheUCggEBAM3OUzFA+Kvt6yuA
wWFAYv4wOMhby2G8hlTnO83Uj6Pi+UTvtY1I/Wpjv6m+mxY5Z+rce2wU09aHILrG
U/TO17HOx2vdW2smacMDuXkxslqSfuqcsvZeNtKD04WybrpnSsop9ELh/3X6hdq+
aMSezoBChe2Wc+OIO/b/EJ+uibZxXSzjakrhBLxzjOphLaiqH4l0KRC0FNOYD2Ct
cqmefAPvo83RRJjEjPQpUHJWZRWKM5SiGw1+/AGj9MB1P/kKJoNwPr5wVhKyOs+k
SlN1NkJLb3ELAy8krY3mODu/rOyE4ktEmuYhvqHYsscw/3WTv6gN30MIlXhSSaGa
/OlaBFkCggEAJI6AV+z92LRuZLjY7ZbhFLNJ8E0h0Ci3rq2OrK+LJBJ6Pf3ounLO
WkXlIm/vpSkQ1A1z/jBvSwOi7APJdWZzacfws6cIs0E4E6xud00tvoSiXx20VACR
Lu01fdmJKvAGVFgCuaxbl+QSFhYBx2c8h55BD+9kirShJPb166zfzAR5H5bskkTm
4WENZdXluBC+NcGm0njWdQ2PhaWhd4ZUaT3j8KMKp4PKdfDq3RQr0ytSqc+DfamN
eSMIU8RWM233EkCjzWUF2xBmYgzBYD9XThbgPPRJ8judImjAXvUhTCf1ZlWqSv0L
/pmE+Jf8tuK5+vX917bpxmz1GKoz9/RPDQKCAQEA9RkCWS9eGjoO6oNjdUitheMG
+l9qjqtMs0xOIVUxFWgVv0n9TWbQQdyS4TYfwv4ACaL6ehMZO0ntWWDlRkh/CYSj
wsH2bueIE5Q7Y2MVOIXiH0nB9K3Vyi9effSPqxFtLNN8H613AluUW+1SFRK0CUYe
fP1gLbA8p8T4edAEoFug2eGuCz44S51/lmxXrdn/kyj1LTTm4GGyWxxLWhiERjvs
EcZWixLFpX34zGR0wyIQEMgDjt6tNe8Nz3aMkDBEymKHL4meKCZFlNKyaS4+5x6f
BLiXcIa7GI1Qvbjkr0SYKpshyNbTI7MA83UYNnFwhcuHPorpToB7vL9c0HdDCw==
-----END RSA PRIVATE KEY-----

81
configs/example_certs/exporter_cert.pem
View File

@ -1,57 +1,28 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Vermont example CA
Validity
Not Before: Mar 3 17:32:37 2009 GMT
Not After : Feb 26 17:32:37 2029 GMT
Subject: CN=Exporter
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ce:5d:22:d0:1b:a0:6d:55:48:6c:7b:3e:51:0e:
4e:43:fd:20:0d:ee:f1:62:cc:bd:fd:1b:bf:d0:0b:
38:9b:a0:a7:d2:74:1e:36:77:d5:3b:82:4a:6a:09:
80:c4:13:25:4d:29:5d:b5:a8:39:8d:3e:27:36:c9:
8e:45:d1:84:b0:1d:ce:91:9b:75:dd:b6:55:a9:f6:
ec:bd:d5:70:b8:c8:63:c9:37:50:e3:2e:89:92:95:
7f:eb:5e:54:d3:6f:67:7a:12:f4:12:2d:b5:95:0d:
d5:7d:82:33:88:f8:af:40:f8:63:10:c4:37:ae:f8:
29:39:00:3a:4e:57:2c:0c:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
8E:8A:F0:5D:3A:B5:49:95:8F:E4:66:CB:64:86:97:94:67:65:A6:4F
X509v3 Authority Key Identifier:
keyid:F9:79:19:E7:91:26:27:24:EC:78:65:8C:BB:CD:10:8F:A2:1A:DC:05
X509v3 Subject Alternative Name:
DNS:exporter.example.com
Signature Algorithm: sha1WithRSAEncryption
0d:a8:6e:94:38:87:ad:80:91:b7:5e:4f:1c:8a:09:2d:09:67:
fe:ff:25:9e:a3:03:78:53:5a:da:ff:22:9c:e9:63:af:f2:e2:
8e:04:23:92:d8:df:5b:40:0d:a5:2f:df:2b:7c:30:6e:34:88:
bc:bc:b5:64:2e:3a:8a:3b:c4:77:9f:3e:a0:a8:dc:e6:00:59:
2e:48:2f:63:1d:ee:91:d1:9e:fc:70:5b:a2:79:70:64:e7:57:
36:de:90:3f:1a:0f:83:0b:2a:e5:8a:06:7f:8f:b3:46:f4:f2:
f9:1e:7f:bc:39:54:41:8f:94:1f:a8:43:ff:4e:a5:36:34:75:
7b:45
-----BEGIN CERTIFICATE-----
MIICFDCCAX2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJWZXJt
b250IGV4YW1wbGUgQ0EwHhcNMDkwMzAzMTczMjM3WhcNMjkwMjI2MTczMjM3WjAT
MREwDwYDVQQDEwhFeHBvcnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
zl0i0BugbVVIbHs+UQ5OQ/0gDe7xYsy9/Ru/0As4m6Cn0nQeNnfVO4JKagmAxBMl
TSldtag5jT4nNsmORdGEsB3OkZt13bZVqfbsvdVwuMhjyTdQ4y6JkpV/615U029n
ehL0Ei21lQ3VfYIziPivQPhjEMQ3rvgpOQA6TlcsDCUCAwEAAaNuMGwwCQYDVR0T
BAIwADAdBgNVHQ4EFgQUjorwXTq1SZWP5GbLZIaXlGdlpk8wHwYDVR0jBBgwFoAU
+XkZ55EmJyTseGWMu80Qj6Ia3AUwHwYDVR0RBBgwFoIUZXhwb3J0ZXIuZXhhbXBs
ZS5jb20wDQYJKoZIhvcNAQEFBQADgYEADahulDiHrYCRt15PHIoJLQln/v8lnqMD
eFNa2v8inOljr/LijgQjktjfW0ANpS/fK3wwbjSIvLy1ZC46ijvEd58+oKjc5gBZ
LkgvYx3ukdGe/HBbonlwZOdXNt6QPxoPgwsq5YoGf4+zRvTy+R5/vDlUQY+UH6hD
/06lNjR1e0U=
MIIEtzCCAp8CFCo+x1llvHYwvk0L6wUdzdxQ5CNgMA0GCSqGSIb3DQEBCwUAMB0x
GzAZBgNVBAMMElZlcm1vbnQgZXhhbXBsZSBDQTAeFw0yMDA0MTAxODQ1MjdaFw0y
MDA1MTAxODQ1MjdaMBMxETAPBgNVBAMMCEV4cG9ydGVyMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAsUva4tvqGZiJsfSbpPZfrViRbBTWFUYMxvBccanc
OQ5J5m+dnr/YVH13wFWN9oL+9s+IdKgnqmoIrxPz2iH45oL9pmdA/zO5PrJ/Ponu
W77m2+3ZBHZEWMCDrkfTPVkH6c2xT9Nl4p/UVnjit8cMYloEb/2m/pqc23RiIugU
+BIYZg3epyOW3IE36dDcVIBhuCtsNBbACs/JPrRIm6wNdeyIfh7UhNapvLgF0X0Z
sXzZGVAaEmUq5/AOK9a0eyHqKOuEaRG2K9kfRkljMNbiE0JwPjb2aUb08Xud7WGA
d3mx3PLcHf/5/LQPQGIoXHR3LF98To3yDXkfHQDnS+YhsyNfHsTuEPHTCN+guAuN
r0/lXMuk6M9KZjDAyGxUtUGy021GirHtUsguoQtos74W+DcMxazUjvbtFLC5jJeC
AhCNjBknIHoaL33AGYh6mYJLdtqEqT/9qIrere1h0o/7UoQOUafY1bdPo764kFPc
GywSrmWlc3r0M4E1iUUmqY4pC2f5/bT5Fh7JplLy+WCNYGts/rbdE2tb/ke3fHuu
oX0pvUUPeh8SvXhPyTZOtgrbqf0xDTpsWzmWxU7hBRKlk3nKH5ya7Pno3nl12nuo
NzxdVWOCTwu0ZH14hXDfC51/KiyIIfagELIKz0E+hyOJ26OvnDgV3JFKorS+bWAe
mzUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAL3XvhwbtEzxEEIIVTCLxbIFOT3DU
yv+maU9EUNzwiQ+04dS04rwJ5/hhvbVX7bL0qq2/Q79IMzgdM+gm3vFy4jAyoEL+
XGqiKlEeQMd4DVkJimf5w0I0WkEZYAI+KAztiJ/D8qIFZIZkNI2AT32h1GC3um8J
dyuSdfWRRtefU8/k6vQ9tZ6Y83ytHt3Sh6NEHLX7nj4bsPRLzoBghPkx7l8PltTj
qPSMUOCnrIZMdlhSGbXVMeDD90d9ArQ43OAhdC8ps6ZQJ1Wa0kmKv01AYH/4M5wt
ctLdDzfpJUm2XmyFIbnfKmyPgVfS/HvM75fpjr7Tt26yydSOYdyrNijQ5MGQ4Zfn
JdiWvj/Aw8v05kjLWd1fvg8nlGOKz40xpFz76lEXIBQuxbcWgZwPN5ipse6rD3C5
osigsRB3/77XHhp/vFh7koEUy55VbXlkKyuRTeVZ2IQ+EPo+dhVboniGI2uTVm+E
xUwv1f2eiGhjYo0iDxVYnvcThta9FYFIFwddaHiaDahXP6UC8QfHJXBaAEIskBqo
zyLUYOwgLAdmHZbI7SpuBy/otbIqio3sVnUZLMd7Ky9RD9uO+6TIqNW5WfkjD1W4
qMkFWKvTnDCPnPG/odAFwH+TY/pNJULpzMSMCL/I6ajxdKbOXKJYG926oeDjEdU+
3rATJZTS6KFlyo8=
-----END CERTIFICATE-----

62
configs/example_certs/exporter_key.pem
View File

@ -1,15 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDOXSLQG6BtVUhsez5RDk5D/SAN7vFizL39G7/QCziboKfSdB42
d9U7gkpqCYDEEyVNKV21qDmNPic2yY5F0YSwHc6Rm3XdtlWp9uy91XC4yGPJN1Dj
LomSlX/rXlTTb2d6EvQSLbWVDdV9gjOI+K9A+GMQxDeu+Ck5ADpOVywMJQIDAQAB
AoGAKvC8Xrtw7W8yi8g1Vl54sLMKKXwP5HQgEHvmtN6w38lVQniBFOpoh2J8I4Zo
seQd/eleo38mwpotRLw6C5MmXbNud9IJtS3CJ0ScexhOhrJUKSFRx/aa0F3aUPW/
QV4FzHHu+Yfmd2sJm4W9JiFWa8KkMNQdJ9Nih4ITCyZapv0CQQD0tIIJbxp+zWbS
bq8ltz4luN9SDp1kgju/h8DFKsJhHZssxkBmURfg0O+ZgfixSorL5jtA7rB0AUhG
vwgeTiI7AkEA1+OUE2CkGip5fkRbOcjHTgtIZ+XoJRkZNkv9KvJ6rucP/oANiLFM
xV/j/jG5wcK9s0snPg13xrKdTqMa8bRFHwJBAJRP51SiczOReJVoIl3AnzkrwKay
VvC5Ak+Gju6xiNhlokxT6GpbEhbfa6jlnn6OCGumohkr0eStdknytI/xmUsCQGJN
3JVeQhswEBZw5eFQDYD6HkRBKg4KebKBs4wk0bxmtp+6i28c3MpbOaP73IvgMyU7
KWlWFJ5DouG134UEAx0CQQC1AYzV2XRi/g5G3kPD2M0esvItytOa9S7IysWasohc
ntl3dl62hZhOCJfudppsEn498Y5O8zjq070i/Zzsmxvk
MIIJJwIBAAKCAgEAsUva4tvqGZiJsfSbpPZfrViRbBTWFUYMxvBccancOQ5J5m+d
nr/YVH13wFWN9oL+9s+IdKgnqmoIrxPz2iH45oL9pmdA/zO5PrJ/PonuW77m2+3Z
BHZEWMCDrkfTPVkH6c2xT9Nl4p/UVnjit8cMYloEb/2m/pqc23RiIugU+BIYZg3e
pyOW3IE36dDcVIBhuCtsNBbACs/JPrRIm6wNdeyIfh7UhNapvLgF0X0ZsXzZGVAa
EmUq5/AOK9a0eyHqKOuEaRG2K9kfRkljMNbiE0JwPjb2aUb08Xud7WGAd3mx3PLc
Hf/5/LQPQGIoXHR3LF98To3yDXkfHQDnS+YhsyNfHsTuEPHTCN+guAuNr0/lXMuk
6M9KZjDAyGxUtUGy021GirHtUsguoQtos74W+DcMxazUjvbtFLC5jJeCAhCNjBkn
IHoaL33AGYh6mYJLdtqEqT/9qIrere1h0o/7UoQOUafY1bdPo764kFPcGywSrmWl
c3r0M4E1iUUmqY4pC2f5/bT5Fh7JplLy+WCNYGts/rbdE2tb/ke3fHuuoX0pvUUP
eh8SvXhPyTZOtgrbqf0xDTpsWzmWxU7hBRKlk3nKH5ya7Pno3nl12nuoNzxdVWOC
Twu0ZH14hXDfC51/KiyIIfagELIKz0E+hyOJ26OvnDgV3JFKorS+bWAemzUCAwEA
AQKCAgA5QTHSiQo0cdolqcSJpTaImE1+BcyM2i5OIFj6K8x+cGrVC75vAa0uu8Xs
SrSpouwLcEG0yojks5FSWLMrAkWKy0p2bmnDAEUWRjZpT8m1vxR2eXzXwAmaT7E2
muNQsGupyU81ZCNG6C5+LlOo3ZLWQBOmxtci6XM2O4NlmmULJ2zRqDD68LdLRj90
NoqwjzT/cKZku+QQmcF3imjYPNur9VKux+4BaAEwfI0Edc3ST2scjY2d2yXb+N3a
sl9eVDl2NXhxJdManedHn3N01i/z4ES3ErDIlq2LPkxl2FLQQnB51cPXvE5SmSND
u28lTEcgAUX3aEd+qlqt1xjandrLoJ51mSYjS01v8CHC3aqF0dIhEtjvkRAHfQc5
2WX5T/7265EM9Gdakj3ahvj7BxyCx3OE/D/AP+hCBo8IrRAlgwaXVf/MKKgkcuwC
Xgzbp0xU69BAA7URtyQ0UlTp1WAtflMJnP87yORmpMfq7kp8wq8l59GeikueBaRb
4C+W2hJRrZl/qVsEeVdpkU5QH8/we7z2UJ9Lw3q9Sq/vqds8LUSeb6ioPuqgDyYE
s5q5kKMKLc6c27ZdjOL34Xh8MtMMdFKR40wjgdk/dWXeBvBxdH4WtFOnV7NvnxcP
e7ybrR4V3QP1rMUp+RtydaLwSwujNRsnZSjF9iyeUWiAy3w2EQKCAQEA6zRkbpKA
UrIFBZR1Ne3j2NCv9S3ZBhN5xkkXLXcON9eyzeY9ClFQTNdPIoadRNzSyPzCM/DC
xZWW7epKHZkGc3DXxgLNzaMLWSlNjmcSIDnaVNpUk8bArapQlIjTtHpn1a8+rHNL
2KFSmoAjfkE4/LjzjcaXlCMQqIAhgMSENmEgPdNCJ4Wjn5LuQZVlf4QMLq3QnNdt
tDreW5yKr1yS2pwzOHTR85WNOvnOuG8cP+nKbTrfj76MWdn06AUOSyMGv2ZKw10Z
iPcFltHWE9ZNhlbF7iZ5KKUSOiqXyspZl7nZ68kC1nfv2y1cRBHyaTI/kQbuyE3o
Y6TdxgHJiPCSFwKCAQEAwPjEywPKeLQD1TBeIUexk1ZxQ+Kv3Vjh51zBix8I8akc
hxZ2hYsWcfMPFNJjHN4YzVnwaWXldA6mXpfq5mCOnU3uSB7tHC42iklqQ7nmpj36
GFoD65Wf3barXB9w0pObTRCMLwMdrnz4iTcfS+MJHrUexNAfKA+YmRppsiYpSlDl
mfoPE8fzufQPGh/e5aHU/bu4UNJbBnLuy5OJmwfPusieqFChZrmJJeSRbifS8Skw
yfbrmChAuw5hWudpKuZf7puwMwSNvn7GLVRiTymg4bjRIn8o6/ovin5H/w7ZGJIi
r57p5PLfZYhMaeyw0KXqivYiYIm+GQE1i85GBiYIkwKCAQAg9dadKCqTbB8ICSXj
yNKFL7l4wlQHZfNKtjNpS6XSbYfBEuK672oxWnrce8DORaPERqdwX+zrg2sDLDH2
s9sTklyqgvoUNyT/+anEquz/Vxwhh/cSPmgB7jwclJAWWpDygPxnbkDSusi4nfxb
VQiHYeO/mnTjbYaIFmybfu6IMFQ0VcaPg0rKsexxhF4U4IxUfkcds5LMDvPaIrXM
nUx3FiyXXMePOwXvndI6RlfPHRQg+n8ZxbolXUXUveCi5uWrLMqNVh6d8v/1grJd
VUrH6KEUHpAcAgXr4MwkvvaPLJw9To33QBd8v36Oi3VNCJ2f1TjhGQnX7OKnPNjh
N9VBAoIBADzCV1xAvlCRBZ/rkcfSxhPJJPKl/o+oO8DYUMxYIj3M7IGQThMwPwnz
6Oy6baCaQZ7u0aauAbgwIKwqEzkkb+MRtZQZwLidyGh0QzQ95WS0oPln5lIYE3UA
3iWsdJ6pAT4blrf6uC7HhI3XwE/plWaIyr5XdWfsuTSDv4HrSBbxL8nylSq6S4Bi
WxrzrAALm3+kyp0QDr8SEyQgOTSKGhsKrgH7GUa55nf65tuTSHTMbmM5DucizXbY
SUkREekDDnOXq7v0lBjF2+pL5oRcbB6GTbsZ5K2gYbWum0awyyRUZv17ANQosLRM
XRsA/o9DnnzQkPRqimNfIRf7A8tN0GcCggEACifNcjNWCjSBqLPo7Ssj9+WFYFHT
Lx6taf2w+DWUwei2tKucK3JYZvKIFOURZhRVpx3vbZqIGeiRogl7APA5yAkEdF/u
YIcUlbfWpCGW3ayW7BqR7JuWJOZX8m1ImwZ3PXzw8hD0rOrQ4+MTc4gwQ6ktIda0
dQo8p0RsGf88+43SXpsc/gWCWftaYKvaXZYtkAR9zDXrx/rGCA7pnOplPwvvW2Yl
0KpMpVngtpYoqUmQdghsc0ILtZ4udBo1agqinrbIhXtArD/gFmFeFnfHZ7TLk+8c
bfTFn3rPwy6dypCddFuD8ots9mAI+V0atmTI9DS877vake5GMS9MHdqdlQ==
-----END RSA PRIVATE KEY-----

40
configs/example_certs/vermontCA.pem
View File

@ -1,14 +1,30 @@
-----BEGIN CERTIFICATE-----
MIICNjCCAZ+gAwIBAgIJAPzZNYkMsvubMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNV
BAMTElZlcm1vbnQgZXhhbXBsZSBDQTAeFw0wOTAzMDMxNzIzMDRaFw0yOTAyMjYx
NzIzMDRaMB0xGzAZBgNVBAMTElZlcm1vbnQgZXhhbXBsZSBDQTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEApZJqq1NMAZRMOJbIxCcHCNmb4dX4bfhvVknhJDig
vbwkBBhjEwHjobiFdEntaySUO/VxlXO9SrbyuF+39gNqtxkJvl2AQ1cy826s7aX3
deE+A9LoC8WRiEX8bwqwQCDbHF5Ue3yjZVrtScyAgURuGePdGBla9shgpKqZf9yR
W9ECAwEAAaN+MHwwHQYDVR0OBBYEFPl5GeeRJick7HhljLvNEI+iGtwFME0GA1Ud
IwRGMESAFPl5GeeRJick7HhljLvNEI+iGtwFoSGkHzAdMRswGQYDVQQDExJWZXJt
b250IGV4YW1wbGUgQ0GCCQD82TWJDLL7mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4GBADolIeFcm4sX65qS61hS9wZAXnpvCvhu0SFylBLhEYiL+D8QUzx9
Mtbtwhih60WGb5IBJ6M1QwTTKtSTbPTWK5UoQK2+xjh5IvMVCHDRopCy1jKhIzX7
/rtFZ9mXyjyLINvf1Q8k8djvXgoGsXQrZdQE4+TRTKVMpn8tFSrFHqEx
MIIFGzCCAwOgAwIBAgIUOa/NIhdujbRRA4/FSDOL3C08rmAwDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSVmVybW9udCBleGFtcGxlIENBMB4XDTIwMDQxMDE4Mjkw
NFoXDTQwMDQwNTE4MjkwNFowHTEbMBkGA1UEAwwSVmVybW9udCBleGFtcGxlIENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZBSBEXPH/iNtCJfDCFE
ck7c3d2xKoQ0i50KB99dU0adVfX0p8wwot3sd/OS8LQvfcBBXi3A3TndAsnDrAy4
HHftY/pyp1zqVMX+sYa1sdlFp/YX0b5Lm8/iLan84Sy9IU5+ITUTdcyqPhj7Bf1W
qcm3iuBTPXl1PE+P0o3WA6D0QgvYh7ZHQ5nCNJHMtX7RCeCjajVfQXvE3vZe1yxD
TnsZYl3HXDBKrRPhCAurI53t7vlYaoNMG5pCK+iIackbB90wCrKvoLLla0H85j9g
AsEcZvntcfmKwt5SwlAz75yZbgAF7DnAati6c1/FOKedtCNIjwvZvTB1rnW3i63H
Ug1gGmxanA3izelIf525qYfEKkQcuo1nmXMXtuOLSQRteNrrw3F6lP6xcKmqX6qQ
zQVH3LnXJytIP/gG8MASWtv77NPYiqFVQhVg8MZIggm1I+MnLimo8WJK8P00HlE6
hlbnMJyBHL7iUOnROOiYdKLn0q8oEw5IeVQlKxyGiGDSeJDLOpQCieXwFJ8Yflmv
n+JXSACb/B1njATx+/zTCe6KbXrPIgYIgfS1Pd//Jvtp93ZqROEUwoTsKh+wUvd3
nPGAB+CSHq/lREEQdbai4U2dvfVOoSb3P1gCG7pfM3x9wBdTimj2k5NNw7NVu2w5
fIfe86HECv9S3ABCmRHYFGkCAwEAAaNTMFEwHQYDVR0OBBYEFPetSx8J3kX7CEEI
474Dgaet3KdYMB8GA1UdIwQYMBaAFPetSx8J3kX7CEEI474Dgaet3KdYMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAIa12xeB2kJW7dSAOwl5sdMZ
CLLf6U9fPVpVu06KDbwoC/uPJn7dJJfw42YCpCpOUS1uPpUHDZUeuBHWcDDdTwyw
8jnUuhRJTD5tJ+twjnVM5g6S1oNhh6Y9MB7Z00+SVZ/muu7/g9rvFLUKLFcHJBRt
cgBps89Cvmz1Fdwg8LGSTacwzmgaBdyXBspPVHX4yuQ1BlpaVk/vQv+HMlTXt6rE
odsr6FcV3IRd2XIlrFGxFmKsvOsiJzattO+dMyYAcjDoocbofs8w19cPWiwdE672
EuSIzlymgUvLPea79jlZIDZ6xCWhKlXv9d1EI/EgdpitigdUDBrW1mu0f9Nk0kzA
VV4pQzuotEZB7SkJWDmJAe26uXvHOuJVo0PEHsvpenetIO4TRQn6bk+B1pYURAcQ
cHuerWoGWgla8P38vCBmsFFP16ovbnq6p0CxZgIHVd6W12GZgnwxWeiVil8526pP
vYDYCCW0Pw96nXifINKy4SPH82bZANQBT2y6MVd+CIkdLjR2OWzPqjQqElBw4z5Z
RoI40Z6uZgV6e/HRkh0J/Af643jkDNRHN9F5dxDFDJe1mH0e9GJ0fNfxxyBXChW5
qVhFQwIdhX8sRN4mfcyAh6Uc8/uw7YJRe03OZnPXw39rsHD9YxHC1xqEG9dcf1rc
SX/cWcODQ7YOX0JIvMOH
-----END CERTIFICATE-----

2
src/common/ipfixlolib/ipfixlolib.c
View File

@ -578,7 +578,7 @@ int update_collector_mtu(ipfix_exporter *exporter,
int mtu_ssl;
int mtu_bio;
if (col->dtls_connection.dtls_main.ssl) {
mtu_ssl = col->dtls_connection.dtls_main.ssl->d1->mtu;
mtu_ssl = DTLS_get_data_mtu(col->dtls_connection.dtls_main.ssl);
DPRINTF_INFO("MTU got from SSL object: %d",mtu_ssl);
if (mtu_ssl > 0) {
mtu = mtu_ssl;

4
src/common/ipfixlolib/ipfixlolib_dtls.c
View File

@ -87,7 +87,7 @@ static int ensure_exporter_set_up_for_dtls(ipfix_exporter_certificate *c) {
if (c->ssl_ctx) return 0;
/* This SSL_CTX object will be freed in deinit_openssl_ctx() */
if ( ! (c->ssl_ctx=SSL_CTX_new(DTLSv1_client_method())) ) {
if ( ! (c->ssl_ctx=SSL_CTX_new(DTLS_client_method())) ) {
msg(LOG_CRIT, "Failed to create SSL context");
msg_openssl_errors();
return -1;
@ -262,7 +262,7 @@ int setup_dtls_connection(ipfix_exporter *exporter, ipfix_receiving_collector *c
if (col->protocol != DTLS_OVER_SCTP)
#endif
(void)BIO_ctrl(bio,BIO_CTRL_DGRAM_MTU_DISCOVER,0,0);
(void)BIO_ctrl_set_connected(bio,1,&col->addr); /* TODO: Explain, why are we doing this? */
(void)BIO_ctrl_set_connected(bio,&col->addr); /* TODO: Explain, why are we doing this? */
SSL_set_bio(con->ssl,bio,bio);
// connect (non-blocking, i.e. handshake is initiated, not terminated)
if((connect(con->socket, (struct sockaddr*)&col->addr, sizeof(col->addr) ) == -1) && (errno != EINPROGRESS)) {

3
src/common/openssl/OpenSSL.cpp
View File

@ -8,6 +8,7 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <sstream>
#include <cstring>
namespace { /* unnamed namespace */
Mutex m;
@ -211,7 +212,7 @@ int check_x509_cert(X509 *peer, int (*cb)(void *context, const char *dnsname), v
return 0;
}
dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
dnsname = (char *) ASN1_STRING_get0_data(gn->d.ia5);
len = ASN1_STRING_length(gn->d.ia5);
while(len>0 && dnsname[len-1] == 0) --len;

15
src/common/openssl/SSLCTXWrapper.cpp
View File

@ -53,12 +53,17 @@ DH *SSL_CTX_wrapper::get_dh2048() {
};
static unsigned char dh2048_g[]={0x02};
DH *dh;
BIGNUM *p, *g;
if ((dh=DH_new()) == NULL) return(NULL);
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
{ DH_free(dh); return(NULL); }
p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
BN_free(p);
BN_free(g);
return(NULL);
}
return(dh);
}
@ -88,7 +93,7 @@ SSL_CTX_wrapper::SSL_CTX_wrapper(
bool have_CAs = false;
bool have_cert = false;
ensure_openssl_init();
ctx = SSL_CTX_new(DTLSv1_server_method());
ctx = SSL_CTX_new(DTLS_server_method());
if( ! ctx) {
THROWEXCEPTION("Failed to create SSL_CTX");
}

2
src/modules/ipfix/IpfixExporterCfg.cpp
View File

@ -158,7 +158,7 @@ IpfixSender* IpfixExporterCfg::createInstance()
#ifdef SUPPORT_DTLS
if (pacd) {
pacd->peer_fqdn = NULL;
const std::set<std::string> peerFqdns = p->getPeerFqdns();
static const std::set<std::string> peerFqdns = p->getPeerFqdns();
std::set<std::string>::const_iterator it = peerFqdns.begin();
if (it != peerFqdns.end())
pacd->peer_fqdn = it->c_str();

20
src/modules/ipfix/IpfixReceiverDtlsUdpIpV4.cpp
View File

@ -272,18 +272,18 @@ IpfixReceiverDtlsUdpIpV4::DtlsConnection::DtlsConnection(IpfixReceiverDtlsUdpIpV
memcpy(&clientAddress, pclientAddress, sizeof clientAddress);
BIO *sbio, *rbio;
BIO *wbio, *rbio;
/* create output abstraction for SSL object */
sbio = BIO_new_dgram(parent.listen_socket,BIO_NOCLOSE);
wbio = BIO_new_dgram(parent.listen_socket,BIO_NOCLOSE);
/* create a dummy BIO that always returns EOF */
rbio = BIO_new(BIO_s_mem());
/* -1 means EOF */
BIO_set_mem_eof_return(rbio,-1);
SSL_set_bio(ssl,rbio,sbio);
SSL_set_bio(ssl,rbio,wbio);
SSL_set_accept_state(ssl);
BIO_ctrl(ssl->wbio,BIO_CTRL_DGRAM_SET_PEER,0,&clientAddress);
BIO_ctrl(SSL_get_wbio(ssl),BIO_CTRL_DGRAM_SET_PEER,0,&clientAddress);
}
@ -388,23 +388,23 @@ int IpfixReceiverDtlsUdpIpV4::DtlsConnection::consumeDatagram(
return 1;
}
#ifdef DEBUG
if ( ! BIO_eof(ssl->rbio)) {
if ( ! BIO_eof(SSL_get_rbio(ssl))) {
msg(LOG_ERR,"EOF *not* reached on BIO. This should not happen.");
}
#endif
BIO_free(ssl->rbio);
ssl->rbio = BIO_new_mem_buf(secured_data.get(),len);
BIO_set_mem_eof_return(ssl->rbio,-1);
BIO_free(SSL_get_rbio(ssl));
SSL_set_bio(ssl, BIO_new_mem_buf(secured_data.get(),len), SSL_get_wbio(ssl));
BIO_set_mem_eof_return(SSL_get_rbio(ssl),-1);
if (state == ACCEPTING) {
ret = accept();
if (ret == 0) return 1;
if (ret == -1) return 0;
#ifdef DEBUG
if ( ! BIO_eof(ssl->rbio)) {
if ( ! BIO_eof(SSL_get_rbio(ssl))) {
msg(LOG_ERR,"EOF *not* reached on BIO. This should not happen.");
}
#endif
if (BIO_eof(ssl->rbio)) return 1; /* This should always be the case */
if (BIO_eof(SSL_get_rbio(ssl))) return 1; /* This should always be the case */
}
boost::shared_array<uint8_t> data(new uint8_t[MAX_MSG_LEN]);
ret = SSL_read(ssl,data.get(),MAX_MSG_LEN);