blob: 32c7bca696e8bbffc21ad6550c696758dfe56b9b (
plain) (
tree)
|
|
#include "openssl.h"
#include "helper.h"
static BOOL initDone = FALSE;
void ssl_printErrors(char *bailMsg)
{
unsigned long err;
while ((err = ERR_get_error())) {
char *msg = ERR_error_string(err, NULL);
printf("OpenSSL: %s\n", msg);
}
if (bailMsg != NULL) bail(bailMsg);
}
BOOL ssl_init()
{
if (initDone) return TRUE;
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
return TRUE;
}
SSL_CTX* ssl_newServerCtx(char *certfile, char *keyfile)
{
const SSL_METHOD *m = SSLv23_server_method();
if (m == NULL) ssl_printErrors("newServerCtx: method is NULL");
SSL_CTX *ctx = SSL_CTX_new(m);
if (ctx == NULL) ssl_printErrors("newServerCtx: ctx is NULL");
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
if (!SSL_CTX_check_private_key(ctx)) ssl_printErrors("Could not load cert/private key");
return ctx;
}
SSL *ssl_startAccept(int clientFd, SSL_CTX *ctx)
{
SSL *ssl = SSL_new(ctx);
if (ssl == NULL) {
ssl_printErrors(NULL);
return NULL;
}
if (!SSL_set_fd(ssl, clientFd)) {
ssl_printErrors(NULL);
SSL_free(ssl);
return NULL;
}
SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
return ssl;
}
BOOL ssl_acceptClient(epoll_client_t *client)
{
if (client->sslAccepted) return TRUE;
int ret = SSL_accept(client->ssl);
if (ret == 1) {
client->sslAccepted = TRUE;
return TRUE;
}
if (ret < 0) {
int err = SSL_get_error(client->ssl, ret);
if (SSL_BLOCKED(err)) return TRUE;
}
return FALSE;
}
|