#if HAVE_GNUTLS_H
#include <gnutls/openssl.h>
+#include <gnutls/x509.h>
#define ENABLE_SSL 1
#endif
}
-#if ENABLE_SSL
-
COMSTACK ssl_type(int s, int flags, int protocol, void *vp)
{
+#if !ENABLE_SSL
+ return 0;
+#else
tcpip_state *sp;
COMSTACK p;
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
+#endif
}
-int ssl_check_error(COMSTACK h, tcpip_state *sp, int res)
+#if ENABLE_SSL
+static int ssl_check_error(COMSTACK h, tcpip_state *sp, int res)
{
#if HAVE_OPENSSL_SSL_H
int err = SSL_get_error(sp->ssl, res);
return 1;
}
-#if ENABLE_SSL
-int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+void cs_print_session_info(COMSTACK cs)
{
+#if HAVE_GNUTLS_H
+ struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+ SSL *ssl = (SSL *) sp->ssl;
+ if (ssl)
+ {
+ gnutls_session_t session = ssl->gnutls_state;
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return;
+ printf("X509 certificate\n");
+ }
+#endif
+#if HAVE_OPENSSL_SSL_H
+ struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+ SSL *ssl = (SSL *) sp->ssl;
+ if (ssl)
+ {
+ X509 *server_cert = SSL_get_peer_certificate(ssl);
+
+ if (server_cert)
+ {
+ char *pem_buf;
+ int pem_len;
+ BIO *bio = BIO_new(BIO_s_mem());
+
+ /* get PEM buffer in memory */
+ PEM_write_bio_X509(bio, server_cert);
+ pem_len = BIO_get_mem_data(bio, &pem_buf);
+ fwrite(pem_buf, pem_len, 1, stdout);
+
+ /* print all info on screen .. */
+ X509_print_fp(stdout, server_cert);
+ BIO_free(bio);
+
+ X509_free(server_cert);
+ }
+ }
+#endif
+}
+
+void *cs_get_ssl(COMSTACK cs)
+{
+#if HAVE_OPENSSL_SSL_H
struct tcpip_state *sp;
if (!cs || cs->type != ssl_type)
return 0;
sp = (struct tcpip_state *) cs->cprivate;
- if (sp->ctx_alloc)
- return 0;
- sp->ctx = (SSL_CTX *) ctx;
- return 1;
+ return sp->ssl;
+#else
+ return 0;
+#endif
}
-void *cs_get_ssl(COMSTACK cs)
+#if ENABLE_SSL
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
{
struct tcpip_state *sp;
if (!cs || cs->type != ssl_type)
return 0;
sp = (struct tcpip_state *) cs->cprivate;
- return sp->ssl;
+ if (sp->ctx_alloc)
+ return 0;
+ sp->ctx = (SSL_CTX *) ctx;
+ return 1;
}
int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
return 0;
}
-void *cs_get_ssl(COMSTACK cs)
-{
- return 0;
-}
-
int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
{
return 0;