Fixed #if ENABLE_SSL for ssl_check_error

[yaz-moved-to-github.git] / src / tcpip.c

diff --git a/src/tcpip.c b/src/tcpip.c
index 1c5f780..8781cca 100644 (file)
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -50,6 +50,7 @@
 
 #if HAVE_GNUTLS_H
 #include <gnutls/openssl.h>
+#include <gnutls/x509.h>
 #define ENABLE_SSL 1
 #endif
 
@@ -240,10 +241,11 @@ COMSTACK yaz_tcpip_create(int s, int flags, int protocol,
 }
 
 
-#if ENABLE_SSL
-
 COMSTACK ssl_type(int s, int flags, int protocol, void *vp)
 {
+#if !ENABLE_SSL
+    return 0;
+#else
     tcpip_state *sp;
     COMSTACK p;
 
@@ -259,9 +261,11 @@ COMSTACK ssl_type(int s, int flags, int protocol, void *vp)
 
     /* note: we don't handle already opened socket in SSL mode - yet */
     return p;
+#endif
 }
 
-int ssl_check_error(COMSTACK h, tcpip_state *sp, int res)
+#if ENABLE_SSL
+static int ssl_check_error(COMSTACK h, tcpip_state *sp, int res)
 {
 #if HAVE_OPENSSL_SSL_H
     int err = SSL_get_error(sp->ssl, res);
@@ -1356,26 +1360,71 @@ int static tcpip_set_blocking(COMSTACK p, int flags)
     return 1;
 }
 
-#if ENABLE_SSL
-int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+void cs_print_session_info(COMSTACK cs)
 {
+#if HAVE_GNUTLS_H
+    struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+    SSL *ssl = (SSL *) sp->ssl;
+    if (ssl)
+    {
+        gnutls_session_t session = ssl->gnutls_state;
+        if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+            return;
+        printf("X509 certificate\n");
+    }
+#endif
+#if HAVE_OPENSSL_SSL_H
+    struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+    SSL *ssl = (SSL *) sp->ssl;
+    if (ssl)
+    {
+        X509 *server_cert = SSL_get_peer_certificate(ssl);
+        
+        if (server_cert)
+        {
+            char *pem_buf;
+            int pem_len;
+            BIO *bio = BIO_new(BIO_s_mem());
+
+            /* get PEM buffer in memory */
+            PEM_write_bio_X509(bio, server_cert);
+            pem_len = BIO_get_mem_data(bio, &pem_buf);
+            fwrite(pem_buf, pem_len, 1, stdout);
+
+            /* print all info on screen .. */
+            X509_print_fp(stdout, server_cert);
+            BIO_free(bio);
+
+            X509_free(server_cert);
+        }
+    }
+#endif
+}
+
+void *cs_get_ssl(COMSTACK cs)
+{
+#if HAVE_OPENSSL_SSL_H
     struct tcpip_state *sp;
     if (!cs || cs->type != ssl_type)
         return 0;
     sp = (struct tcpip_state *) cs->cprivate;
-    if (sp->ctx_alloc)
-        return 0;
-    sp->ctx = (SSL_CTX *) ctx;
-    return 1;
+    return sp->ssl;  
+#else
+    return 0;
+#endif
 }
 
-void *cs_get_ssl(COMSTACK cs)
+#if ENABLE_SSL
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
 {
     struct tcpip_state *sp;
     if (!cs || cs->type != ssl_type)
         return 0;
     sp = (struct tcpip_state *) cs->cprivate;
-    return sp->ssl;  
+    if (sp->ctx_alloc)
+        return 0;
+    sp->ctx = (SSL_CTX *) ctx;
+    return 1;
 }
 
 int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
@@ -1418,11 +1467,6 @@ int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
     return 0;
 }
 
-void *cs_get_ssl(COMSTACK cs)
-{
-    return 0;
-}
-
 int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
 {
     return 0;