diff options
| author | Simon Rettberg | 2014-09-09 18:07:48 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2014-09-09 18:07:48 +0200 |
| commit | bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32 (patch) | |
| tree | 0bad2dc5bb0112940272b22a31f5dc4a0e8b2840 /ldadp.c | |
| parent | Bail out on startup if an AD server is not reachable (diff) | |
| download | ldadp-bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32.tar.gz ldadp-bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32.tar.xz ldadp-bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32.zip | |
Add OpenSSL-Support (Client<->Proxy)
Diffstat (limited to 'ldadp.c')
| -rw-r--r-- | ldadp.c | 33 |
1 files changed, 33 insertions, 0 deletions
@@ -5,6 +5,7 @@ #include "proxy.h" #include "ini.h" #include "helper.h" +#include "openssl.h" #include <stdio.h> #include <socket.h> #include <io.h> @@ -17,6 +18,7 @@ static void listen_callback(void *data, int haveIn, int haveOut, int doCleanup); static void loadConfig(char *file); static int localPort = 1234; +static char *certFile = NULL, *keyFile = NULL; int main(int argc, char **argv) { @@ -37,8 +39,16 @@ int main(int argc, char **argv) char listen_addr[4] = {0, 0, 0, 0}; // Setup socket epoll_listen_t lsn; + memset(&lsn, 0, sizeof(lsn)); lsn.callback = &listen_callback; lsn.fd = socket_tcp4(); + if (certFile != NULL && keyFile != NULL) { + printf("Using SSL\n"); + ssl_init(); + lsn.sslContext = ssl_newServerCtx(certFile, keyFile); + } else { + printf("Not using SSL\n"); + } if (lsn.fd == -1) bail("Could not create listen socket"); if (socket_bind4_reuse(lsn.fd, listen_addr, localPort) == -1) bail("Could not bind to listening port"); if (socket_listen(lsn.fd, 10) == -1) bail("Could not listen"); @@ -70,10 +80,27 @@ static void listen_callback(void *data, int haveIn, int haveOut, int doCleanup) printf("Error accepting new connection.\n"); return; } + helper_nonblock(sock); printf("Accepted connection.\n"); + SSL *ssl = NULL; + if (listen->sslContext != NULL) { + ssl = ssl_startAccept(sock, listen->sslContext); + if (ssl == NULL) { + close(sock); + return; + } + } epoll_client_t *client = calloc(1, sizeof(epoll_client_t)); client->fd = sock; client->callback = &client_callback; + client->ssl = ssl; + if (ssl != NULL && !ssl_acceptClient(client)) { + printf("SSL-Accepting client failed.\n"); + SSL_free(ssl); + close(sock); + free(client); + return; + } ePoll_add(EPOLLIN | EPOLLOUT | EPOLLET, (epoll_item_t*)client); } @@ -94,6 +121,12 @@ static int loadConfig_handler(void *stuff, const char *section, const char *key, if (strcmp(key, "port") == 0) { localPort = atoi(value); } + if (strcmp(key, "cert") == 0) { + certFile = strdup(value); + } + if (strcmp(key, "privkey") == 0) { + keyFile = strdup(value); + } return 1; } |