summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
c58035e)
Do not create SSL_CTX in cs_create (ssl_type). Create in tcpip_bind,
tcpip_rcvconnect instead. This allows user to set custom SSL_CTX.
Possible compatibility problems with earlier versions marked with '*'.
Possible compatibility problems with earlier versions marked with '*'.
+Implement cs_set_ssl_ctx which sets SSL_CTX for SSL comstack.
+
+Do not create SSL_CTX in cs_create (ssl_type). Create in tcpip_bind,
+tcpip_rcvconnect instead. This allows user to set custom SSL_CTX.
+
ZOOM now allows inspection of X509 peer certificate for verification.
The X509 buffer is retrived by reading ZOOM option "sslPeerCert".
ZOOM now allows inspection of X509 peer certificate for verification.
The X509 buffer is retrived by reading ZOOM option "sslPeerCert".
- * Copyright (c) 1995-2003, Index Data.
+ * Copyright (c) 1995-2004, Index Data.
*
* Permission to use, copy, modify, distribute, and sell this software and
* its documentation, in whole or in part, for any purpose, is hereby granted,
*
* Permission to use, copy, modify, distribute, and sell this software and
* its documentation, in whole or in part, for any purpose, is hereby granted,
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
- * $Id: comstack.h,v 1.13 2004-04-28 22:44:59 adam Exp $
+ * $Id: comstack.h,v 1.14 2004-04-29 21:19:23 adam Exp $
#define cs_straddr(handle, str) ((*(handle)->f_straddr)(handle, str))
#define cs_want_read(handle) ((handle)->io_pending & CS_WANT_READ)
#define cs_want_write(handle) ((handle)->io_pending & CS_WANT_WRITE)
#define cs_straddr(handle, str) ((*(handle)->f_straddr)(handle, str))
#define cs_want_read(handle) ((handle)->io_pending & CS_WANT_READ)
#define cs_want_write(handle) ((handle)->io_pending & CS_WANT_WRITE)
-#define cs_set_blocking(handle,blocking) ((handle)->f_set_blocking(handle, blocking)
+#define cs_set_blocking(handle,blocking) ((handle)->f_set_blocking(handle, blocking))
#define CS_WANT_READ 1
#define CS_WANT_WRITE 2
#define CS_WANT_READ 1
#define CS_WANT_WRITE 2
YAZ_EXPORT int cs_look (COMSTACK);
YAZ_EXPORT const char *cs_strerror(COMSTACK h);
YAZ_EXPORT const char *cs_errmsg(int n);
YAZ_EXPORT int cs_look (COMSTACK);
YAZ_EXPORT const char *cs_strerror(COMSTACK h);
YAZ_EXPORT const char *cs_errmsg(int n);
YAZ_EXPORT void cs_get_host_args(const char *type_and_host, const char **args);
YAZ_EXPORT int cs_complete_auto(const unsigned char *buf, int len);
YAZ_EXPORT void *cs_get_ssl(COMSTACK cs);
YAZ_EXPORT void cs_get_host_args(const char *type_and_host, const char **args);
YAZ_EXPORT int cs_complete_auto(const unsigned char *buf, int len);
YAZ_EXPORT void *cs_get_ssl(COMSTACK cs);
+YAZ_EXPORT int cs_set_ssl_ctx(COMSTACK cs, void *ctx);
YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
/*
YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
/*
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: comstack.c,v 1.8 2004-04-29 08:55:17 adam Exp $
+ * $Id: comstack.c,v 1.9 2004-04-29 21:19:23 adam Exp $
{
t = tcpip_type;
host = type_and_host;
{
t = tcpip_type;
host = type_and_host;
}
cs = cs_create (t, blocking, proto);
if (!cs)
}
cs = cs_create (t, blocking, proto);
if (!cs)
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: tcpip.c,v 1.4 2004-04-29 08:55:17 adam Exp $
+ * $Id: tcpip.c,v 1.5 2004-04-29 21:19:23 adam Exp $
struct sockaddr_in addr; /* returned by cs_straddr */
char buf[128]; /* returned by cs_addrstr */
#if HAVE_OPENSSL_SSL_H
struct sockaddr_in addr; /* returned by cs_straddr */
char buf[128]; /* returned by cs_addrstr */
#if HAVE_OPENSSL_SSL_H
- SSL_CTX *ctx;
- SSL_CTX *ctx_alloc;
+ SSL_CTX *ctx; /* current CTX. */
+ SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */
SSL *ssl;
#endif
} tcpip_state;
SSL *ssl;
#endif
} tcpip_state;
p->f_put = ssl_put;
p->type = ssl_type;
state = (tcpip_state *) p->cprivate;
p->f_put = ssl_put;
p->type = ssl_type;
state = (tcpip_state *) p->cprivate;
- if (vp)
- state->ctx = vp;
- else
- {
- SSL_load_error_strings();
- SSLeay_add_all_algorithms();
- state->ctx = state->ctx_alloc = SSL_CTX_new (SSLv23_method());
- if (!state->ctx)
- {
- tcpip_close(p);
- return 0;
- }
- }
+ state->ctx = vp; /* may be NULL */
+
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
}
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
}
int tcpip_connect(COMSTACK h, void *address)
{
struct sockaddr_in *add = (struct sockaddr_in *)address;
int tcpip_connect(COMSTACK h, void *address)
{
struct sockaddr_in *add = (struct sockaddr_in *)address;
-#if HAVE_OPENSSL_SSL_H
- tcpip_state *sp = (tcpip_state *)h->cprivate;
-#endif
int r;
#ifdef __sun__
int recbuflen;
int r;
#ifdef __sun__
int recbuflen;
return -1;
}
#if HAVE_OPENSSL_SSL_H
return -1;
}
#if HAVE_OPENSSL_SSL_H
+ if (h->type == ssl_type && !sp->ctx)
+ {
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+
+ sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+ if (!sp->ctx)
+ {
+ h->cerrno = CSERRORSSL;
+ return -1;
+ }
+ }
#if HAVE_OPENSSL_SSL_H
tcpip_state *sp = (tcpip_state *)h->cprivate;
#if HAVE_OPENSSL_SSL_H
tcpip_state *sp = (tcpip_state *)h->cprivate;
+ if (h->type == ssl_type && !sp->ctx)
+ {
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+
+ sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+ if (!sp->ctx)
+ {
+ h->cerrno = CSERRORSSL;
+ return -1;
+ }
+ }
if (sp->ctx)
{
if (sp->ctx_alloc)
if (sp->ctx)
{
if (sp->ctx_alloc)
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+ struct tcpip_state *state;
+ if (!cs || cs->type != ssl_type)
+ return 0;
+ state = (struct tcpip_state *) cs->cprivate;
+ if (state->ctx_alloc)
+ return 0;
+ state->ctx = ctx;
+ return 1;
+}
+
void *cs_get_ssl(COMSTACK cs)
{
struct tcpip_state *state;
void *cs_get_ssl(COMSTACK cs)
{
struct tcpip_state *state;
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+ return 0;
+}
+
void *cs_get_ssl(COMSTACK cs)
{
return 0;
void *cs_get_ssl(COMSTACK cs)
{
return 0;
- * Copyright (c) 1995-2003, Index Data
+ * Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
* See the file LICENSE for details.
*
- * $Id: unix.c,v 1.3 2003-12-30 00:29:53 adam Exp $
+ * $Id: unix.c,v 1.4 2004-04-29 21:19:23 adam Exp $
* UNIX socket COMSTACK. By Morten Bøgeskov.
*/
#ifndef WIN32
* UNIX socket COMSTACK. By Morten Bøgeskov.
*/
#ifndef WIN32
-#define CERTF "ztest.pem"
-#define KEYF "ztest.pem"
-
static int unix_bind(COMSTACK h, void *address, int mode)
{
unix_state *sp = (unix_state *)h->cprivate;
static int unix_bind(COMSTACK h, void *address, int mode)
{
unix_state *sp = (unix_state *)h->cprivate;