/*
- * Copyright (c) 1995-2003, Index Data
+ * Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: tcpip.c,v 1.2 2004-04-28 12:10:53 adam Exp $
+ * $Id: tcpip.c,v 1.5 2004-04-29 21:19:23 adam Exp $
*/
#include <stdio.h>
struct sockaddr_in addr; /* returned by cs_straddr */
char buf[128]; /* returned by cs_addrstr */
#if HAVE_OPENSSL_SSL_H
- SSL_CTX *ctx;
- SSL_CTX *ctx_alloc;
+ SSL_CTX *ctx; /* current CTX. */
+ SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */
SSL *ssl;
#endif
} tcpip_state;
{
tcpip_state *state;
COMSTACK p;
- yaz_log(LOG_LOG, "ssl_type begin");
p = tcpip_type (s, blocking, protocol, 0);
if (!p)
p->f_put = ssl_put;
p->type = ssl_type;
state = (tcpip_state *) p->cprivate;
- if (vp)
- state->ctx = vp;
- else
- {
- SSL_load_error_strings();
- SSLeay_add_all_algorithms();
- state->ctx = state->ctx_alloc = SSL_CTX_new (SSLv23_method());
- if (!state->ctx)
- {
- tcpip_close(p);
- return 0;
- }
- }
+ state->ctx = vp; /* may be NULL */
+
/* note: we don't handle already opened socket in SSL mode - yet */
- yaz_log(LOG_LOG, "ssl_type end");
return p;
}
#endif
int tcpip_connect(COMSTACK h, void *address)
{
struct sockaddr_in *add = (struct sockaddr_in *)address;
-#if HAVE_OPENSSL_SSL_H
- tcpip_state *sp = (tcpip_state *)h->cprivate;
-#endif
int r;
#ifdef __sun__
int recbuflen;
return -1;
}
#if HAVE_OPENSSL_SSL_H
+ if (h->type == ssl_type && !sp->ctx)
+ {
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+
+ sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+ if (!sp->ctx)
+ {
+ h->cerrno = CSERRORSSL;
+ return -1;
+ }
+ }
if (sp->ctx)
{
int res;
#if HAVE_OPENSSL_SSL_H
tcpip_state *sp = (tcpip_state *)h->cprivate;
+ if (h->type == ssl_type && !sp->ctx)
+ {
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+
+ sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+ if (!sp->ctx)
+ {
+ h->cerrno = CSERRORSSL;
+ return -1;
+ }
+ }
if (sp->ctx)
{
if (sp->ctx_alloc)
}
#if HAVE_OPENSSL_SSL_H
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+ struct tcpip_state *state;
+ if (!cs || cs->type != ssl_type)
+ return 0;
+ state = (struct tcpip_state *) cs->cprivate;
+ if (state->ctx_alloc)
+ return 0;
+ state->ctx = ctx;
+ return 1;
+}
+
void *cs_get_ssl(COMSTACK cs)
{
struct tcpip_state *state;
state = (struct tcpip_state *) cs->cprivate;
return state->ssl;
}
+
+int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
+{
+ SSL *ssl = cs_get_ssl(cs);
+ if (ssl)
+ {
+ X509 *server_cert = SSL_get_peer_certificate (ssl);
+ if (server_cert)
+ {
+ BIO *bio = BIO_new(BIO_s_mem());
+ char *pem_buf;
+ /* get PEM buffer in memory */
+ PEM_write_bio_X509(bio, server_cert);
+ *len = BIO_get_mem_data(bio, &pem_buf);
+ *buf = xmalloc(*len);
+ memcpy(*buf, pem_buf, *len);
+ BIO_free(bio);
+ return 1;
+ }
+ }
+ return 0;
+}
#else
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+ return 0;
+}
+
void *cs_get_ssl(COMSTACK cs)
{
return 0;
}
+
+int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
+{
+ return 0;
+}
+
#endif
+
projects / yaz-moved-to-github.git / blobdiff