X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=blobdiff_plain;f=src%2Ftcpip.c;h=f417c240053c901f0f3cee269da0cce98f8e4384;hp=8dacfe53081a1248f2053394c2a4e9cf3893947d;hb=3b96525a40981e162b959f3e842e0ff20e314320;hpb=80f8ae2b0879fb9bcc811fbbcb3a72bc8064ae7a

diff --git a/src/tcpip.c b/src/tcpip.c
index 8dacfe5..f417c24 100644
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -2,7 +2,11 @@
  * Copyright (c) 1995-2004, Index Data
  * See the file LICENSE for details.
  *
- * $Id: tcpip.c,v 1.4 2004-04-29 08:55:17 adam Exp $
+ * $Id: tcpip.c,v 1.12 2004-11-18 15:18:14 heikki Exp $
+ */
+/**
+ * \file tcpip.c
+ * \brief Implements TCP/IP + SSL COMSTACK.
  */
 
 #include <stdio.h>
@@ -24,7 +28,6 @@
 
 #include <yaz/comstack.h>
 #include <yaz/tcpip.h>
-#include <yaz/log.h>
 #include <yaz/nmem.h>
 
 #ifdef WIN32
@@ -76,9 +79,10 @@ typedef struct tcpip_state
     struct sockaddr_in addr;  /* returned by cs_straddr */
     char buf[128]; /* returned by cs_addrstr */
 #if HAVE_OPENSSL_SSL_H
-    SSL_CTX *ctx;
-    SSL_CTX *ctx_alloc;
+    SSL_CTX *ctx;       /* current CTX. */
+    SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */
     SSL *ssl;
+    char cert_fname[256];
 #endif
 } tcpip_state;
 
@@ -112,7 +116,7 @@ static int tcpip_init (void)
 COMSTACK tcpip_type(int s, int blocking, int protocol, void *vp)
 {
     COMSTACK p;
-    tcpip_state *state;
+    tcpip_state *sp;
     int new_socket;
 #ifdef WIN32
     unsigned long tru = 1;
@@ -130,7 +134,7 @@ COMSTACK tcpip_type(int s, int blocking, int protocol, void *vp)
 	new_socket = 0;
     if (!(p = (struct comstack *)xmalloc(sizeof(struct comstack))))
 	return 0;
-    if (!(state = (struct tcpip_state *)(p->cprivate =
+    if (!(sp = (struct tcpip_state *)(p->cprivate =
                                          xmalloc(sizeof(tcpip_state)))))
 	return 0;
 
@@ -172,17 +176,18 @@ COMSTACK tcpip_type(int s, int blocking, int protocol, void *vp)
     p->stackerr = 0;
 
 #if HAVE_OPENSSL_SSL_H
-    state->ctx = state->ctx_alloc = 0;
-    state->ssl = 0;
+    sp->ctx = sp->ctx_alloc = 0;
+    sp->ssl = 0;
+    strcpy(sp->cert_fname, "yaz.pem");
 #endif
 
-    state->altbuf = 0;
-    state->altsize = state->altlen = 0;
-    state->towrite = state->written = -1;
+    sp->altbuf = 0;
+    sp->altsize = sp->altlen = 0;
+    sp->towrite = sp->written = -1;
     if (protocol == PROTO_WAIS)
-	state->complete = completeWAIS;
+	sp->complete = completeWAIS;
     else
-	state->complete = cs_complete_auto;
+	sp->complete = cs_complete_auto;
 
     p->timeout = COMSTACK_DEFAULT_TIMEOUT;
     TRC(fprintf(stderr, "Created new TCPIP comstack\n"));
@@ -194,7 +199,7 @@ COMSTACK tcpip_type(int s, int blocking, int protocol, void *vp)
 
 COMSTACK ssl_type(int s, int blocking, int protocol, void *vp)
 {
-    tcpip_state *state;
+    tcpip_state *sp;
     COMSTACK p;
 
     p = tcpip_type (s, blocking, protocol, 0);
@@ -203,21 +208,10 @@ COMSTACK ssl_type(int s, int blocking, int protocol, void *vp)
     p->f_get = ssl_get;
     p->f_put = ssl_put;
     p->type = ssl_type;
-    state = (tcpip_state *) p->cprivate;
-    if (vp)
-	state->ctx = vp;
-    else
-    {
-	SSL_load_error_strings();
-	SSLeay_add_all_algorithms();
+    sp = (tcpip_state *) p->cprivate;
+
+    sp->ctx = (SSL_CTX *) vp;  /* may be NULL */
 
-	state->ctx = state->ctx_alloc = SSL_CTX_new (SSLv23_method());
-	if (!state->ctx)
-	{
-	    tcpip_close(p);
-	    return 0;
-	}
-    }
     /* note: we don't handle already opened socket in SSL mode - yet */
     return p;
 }
@@ -295,9 +289,6 @@ int tcpip_more(COMSTACK h)
 int tcpip_connect(COMSTACK h, void *address)
 {
     struct sockaddr_in *add = (struct sockaddr_in *)address;
-#if HAVE_OPENSSL_SSL_H
-    tcpip_state *sp = (tcpip_state *)h->cprivate;
-#endif
     int r;
 #ifdef __sun__
     int recbuflen;
@@ -383,6 +374,18 @@ int tcpip_rcvconnect(COMSTACK h)
 	return -1;
     }
 #if HAVE_OPENSSL_SSL_H
+    if (h->type == ssl_type && !sp->ctx)
+    {
+	SSL_load_error_strings();
+	SSLeay_add_all_algorithms();
+
+	sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+	if (!sp->ctx)
+	{
+	    h->cerrno = CSERRORSSL;
+	    return -1;
+	}
+    }
     if (sp->ctx)
     {
 	int res;
@@ -451,19 +454,31 @@ static int tcpip_bind(COMSTACK h, void *address, int mode)
 
 #if HAVE_OPENSSL_SSL_H
     tcpip_state *sp = (tcpip_state *)h->cprivate;
+    if (h->type == ssl_type && !sp->ctx)
+    {
+	SSL_load_error_strings();
+	SSLeay_add_all_algorithms();
+
+	sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+	if (!sp->ctx)
+	{
+	    h->cerrno = CSERRORSSL;
+	    return -1;
+	}
+    }
     if (sp->ctx)
     {
 	if (sp->ctx_alloc)
 	{
 	    int res;
-	    res = SSL_CTX_use_certificate_file (sp->ctx, CERTF,
+	    res = SSL_CTX_use_certificate_file (sp->ctx, sp->cert_fname,
 						SSL_FILETYPE_PEM);
 	    if (res <= 0)
 	    {
 		ERR_print_errors_fp(stderr);
 		exit (2);
 	    }
-	    res = SSL_CTX_use_PrivateKey_file (sp->ctx, KEYF,
+	    res = SSL_CTX_use_PrivateKey_file (sp->ctx, sp->cert_fname,
 					       SSL_FILETYPE_PEM);
 	    if (res <= 0)
 	    {
@@ -764,7 +779,7 @@ int tcpip_get(COMSTACK h, char **buf, int *bufsize)
 #endif
 	}
 	else if (!res)
-	    return 0;
+	    return hasread;
         hasread += res;
     }
     TRC (fprintf (stderr, "  Out of read loop with hasread=%d, berlen=%d\n",
@@ -1098,18 +1113,41 @@ int static tcpip_set_blocking(COMSTACK p, int blocking)
 }
 
 #if HAVE_OPENSSL_SSL_H
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+    struct tcpip_state *sp;
+    if (!cs || cs->type != ssl_type)
+        return 0;
+    sp = (struct tcpip_state *) cs->cprivate;
+    if (sp->ctx_alloc)
+	return 0;
+    sp->ctx = (SSL_CTX *) ctx;
+    return 1;
+}
+
 void *cs_get_ssl(COMSTACK cs)
 {
-    struct tcpip_state *state;
+    struct tcpip_state *sp;
     if (!cs || cs->type != ssl_type)
         return 0;
-    state = (struct tcpip_state *) cs->cprivate;
-    return state->ssl;  
+    sp = (struct tcpip_state *) cs->cprivate;
+    return sp->ssl;  
+}
+
+int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
+{
+    struct tcpip_state *sp;
+    if (!cs || cs->type != ssl_type)
+	return 0;
+    sp = (struct tcpip_state *) cs->cprivate;
+    strncpy(sp->cert_fname, fname, sizeof(sp->cert_fname)-1);
+    sp->cert_fname[sizeof(sp->cert_fname)-1] = '\0';
+    return 1;
 }
 
 int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
 {
-    SSL *ssl = cs_get_ssl(cs);
+    SSL *ssl = (SSL *) cs_get_ssl(cs);
     if (ssl)
     {
 	X509 *server_cert = SSL_get_peer_certificate (ssl);
@@ -1120,7 +1158,7 @@ int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
 	    /* get PEM buffer in memory */
 	    PEM_write_bio_X509(bio, server_cert);
 	    *len = BIO_get_mem_data(bio, &pem_buf);
-	    *buf = xmalloc(*len);
+	    *buf = (char *) xmalloc(*len);
 	    memcpy(*buf, pem_buf, *len);
 	    BIO_free(bio);
 	    return 1;
@@ -1129,6 +1167,11 @@ int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
     return 0;
 }
 #else
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+    return 0;
+}
+
 void *cs_get_ssl(COMSTACK cs)
 {
     return 0;
@@ -1139,5 +1182,9 @@ int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
     return 0;
 }
 
+int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
+{
+    return 0;
+}
 #endif