From bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 9 Sep 2014 18:07:48 +0200
Subject: Add OpenSSL-Support (Client<->Proxy)

---
 ldadp.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'ldadp.c')

diff --git a/ldadp.c b/ldadp.c
index 4d481df..b0e8e52 100644
--- a/ldadp.c
+++ b/ldadp.c
@@ -5,6 +5,7 @@
 #include "proxy.h"
 #include "ini.h"
 #include "helper.h"
+#include "openssl.h"
 #include <stdio.h>
 #include <socket.h>
 #include <io.h>
@@ -17,6 +18,7 @@ static void listen_callback(void *data, int haveIn, int haveOut, int doCleanup);
 static void loadConfig(char *file);
 
 static int localPort = 1234;
+static char *certFile = NULL, *keyFile = NULL;
 
 int main(int argc, char **argv)
 {
@@ -37,8 +39,16 @@ int main(int argc, char **argv)
 	char listen_addr[4] = {0, 0, 0, 0};
 	// Setup socket
 	epoll_listen_t lsn;
+	memset(&lsn, 0, sizeof(lsn));
 	lsn.callback = &listen_callback;
 	lsn.fd = socket_tcp4();
+	if (certFile != NULL && keyFile != NULL) {
+		printf("Using SSL\n");
+		ssl_init();
+		lsn.sslContext = ssl_newServerCtx(certFile, keyFile);
+	} else {
+		printf("Not using SSL\n");
+	}
 	if (lsn.fd == -1) bail("Could not create listen socket");
 	if (socket_bind4_reuse(lsn.fd, listen_addr, localPort) == -1) bail("Could not bind to listening port");
 	if (socket_listen(lsn.fd, 10) == -1) bail("Could not listen");
@@ -70,10 +80,27 @@ static void listen_callback(void *data, int haveIn, int haveOut, int doCleanup)
 		printf("Error accepting new connection.\n");
 		return;
 	}
+	helper_nonblock(sock);
 	printf("Accepted connection.\n");
+	SSL *ssl = NULL;
+	if (listen->sslContext != NULL) {
+		ssl = ssl_startAccept(sock, listen->sslContext);
+		if (ssl == NULL) {
+			close(sock);
+			return;
+		}
+	}
 	epoll_client_t *client = calloc(1, sizeof(epoll_client_t));
 	client->fd = sock;
 	client->callback = &client_callback;
+	client->ssl = ssl;
+	if (ssl != NULL && !ssl_acceptClient(client)) {
+		printf("SSL-Accepting client failed.\n");
+		SSL_free(ssl);
+		close(sock);
+		free(client);
+		return;
+	}
 	ePoll_add(EPOLLIN | EPOLLOUT | EPOLLET, (epoll_item_t*)client);
 }
 
@@ -94,6 +121,12 @@ static int loadConfig_handler(void *stuff, const char *section, const char *key,
 	if (strcmp(key, "port") == 0) {
 		localPort = atoi(value);
 	}
+	if (strcmp(key, "cert") == 0) {
+		certFile = strdup(value);
+	}
+	if (strcmp(key, "privkey") == 0) {
+		keyFile = strdup(value);
+	}
 	return 1;
 }
 
-- 
cgit v1.2.3-55-g7522