diff options
| author | Simon Rettberg | 2014-09-09 18:07:48 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2014-09-09 18:07:48 +0200 |
| commit | bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32 (patch) | |
| tree | 0bad2dc5bb0112940272b22a31f5dc4a0e8b2840 /openssl.c | |
| parent | Bail out on startup if an AD server is not reachable (diff) | |
| download | ldadp-bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32.tar.gz ldadp-bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32.tar.xz ldadp-bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32.zip | |
Add OpenSSL-Support (Client<->Proxy)
Diffstat (limited to 'openssl.c')
| -rw-r--r-- | openssl.c | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/openssl.c b/openssl.c new file mode 100644 index 0000000..32c7bca --- /dev/null +++ b/openssl.c @@ -0,0 +1,68 @@ +#include "openssl.h" +#include "helper.h" + +static BOOL initDone = FALSE; + +void ssl_printErrors(char *bailMsg) +{ + unsigned long err; + while ((err = ERR_get_error())) { + char *msg = ERR_error_string(err, NULL); + printf("OpenSSL: %s\n", msg); + } + if (bailMsg != NULL) bail(bailMsg); +} + +BOOL ssl_init() +{ + if (initDone) return TRUE; + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + return TRUE; +} + +SSL_CTX* ssl_newServerCtx(char *certfile, char *keyfile) +{ + const SSL_METHOD *m = SSLv23_server_method(); + if (m == NULL) ssl_printErrors("newServerCtx: method is NULL"); + SSL_CTX *ctx = SSL_CTX_new(m); + if (ctx == NULL) ssl_printErrors("newServerCtx: ctx is NULL"); + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM); + SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM); + if (!SSL_CTX_check_private_key(ctx)) ssl_printErrors("Could not load cert/private key"); + return ctx; +} + +SSL *ssl_startAccept(int clientFd, SSL_CTX *ctx) +{ + SSL *ssl = SSL_new(ctx); + if (ssl == NULL) { + ssl_printErrors(NULL); + return NULL; + } + if (!SSL_set_fd(ssl, clientFd)) { + ssl_printErrors(NULL); + SSL_free(ssl); + return NULL; + } + SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); + return ssl; +} + +BOOL ssl_acceptClient(epoll_client_t *client) +{ + if (client->sslAccepted) return TRUE; + int ret = SSL_accept(client->ssl); + if (ret == 1) { + client->sslAccepted = TRUE; + return TRUE; + } + if (ret < 0) { + int err = SSL_get_error(client->ssl, ret); + if (SSL_BLOCKED(err)) return TRUE; + } + return FALSE; +} + |