From bbdf2fba7b9ae0fa97aa164bcf84c1b88df38f32 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 9 Sep 2014 18:07:48 +0200
Subject: Add OpenSSL-Support (Client<->Proxy)

---
 openssl.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 openssl.c

(limited to 'openssl.c')

diff --git a/openssl.c b/openssl.c
new file mode 100644
index 0000000..32c7bca
--- /dev/null
+++ b/openssl.c
@@ -0,0 +1,68 @@
+#include "openssl.h"
+#include "helper.h"
+
+static BOOL initDone = FALSE;
+
+void ssl_printErrors(char *bailMsg)
+{
+	unsigned long err;
+	while ((err = ERR_get_error())) {
+		char *msg = ERR_error_string(err, NULL);
+		printf("OpenSSL: %s\n", msg);
+	}
+	if (bailMsg != NULL) bail(bailMsg);
+}
+
+BOOL ssl_init()
+{
+	if (initDone) return TRUE;
+	SSL_load_error_strings();
+	SSL_library_init();
+	OpenSSL_add_all_algorithms();
+	return TRUE;
+}
+
+SSL_CTX* ssl_newServerCtx(char *certfile, char *keyfile)
+{
+	const SSL_METHOD *m = SSLv23_server_method();
+	if (m == NULL) ssl_printErrors("newServerCtx: method is NULL");
+	SSL_CTX *ctx = SSL_CTX_new(m);
+	if (ctx == NULL) ssl_printErrors("newServerCtx: ctx is NULL");
+	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+	SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM);
+	SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
+	if (!SSL_CTX_check_private_key(ctx)) ssl_printErrors("Could not load cert/private key");
+	return ctx;
+}
+
+SSL *ssl_startAccept(int clientFd, SSL_CTX *ctx)
+{
+	SSL *ssl = SSL_new(ctx);
+	if (ssl == NULL) {
+		ssl_printErrors(NULL);
+		return NULL;
+	}
+	if (!SSL_set_fd(ssl, clientFd)) {
+		ssl_printErrors(NULL);
+		SSL_free(ssl);
+		return NULL;
+	}
+	SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
+	return ssl;
+}
+
+BOOL ssl_acceptClient(epoll_client_t *client)
+{
+	if (client->sslAccepted) return TRUE;
+	int ret = SSL_accept(client->ssl);
+	if (ret == 1) {
+		client->sslAccepted = TRUE;
+		return TRUE;
+	}
+	if (ret < 0) {
+		int err = SSL_get_error(client->ssl, ret);
+		if (SSL_BLOCKED(err)) return TRUE;
+	}
+	return FALSE;
+}
+
-- 
cgit v1.2.3-55-g7522