|
@@ -25,14 +25,14 @@ void *clear(void *ptr){
|
|
|
return NULL;
|
|
|
}
|
|
|
|
|
|
-void loadOpenSSL(){
|
|
|
+void loadOpenSSL(const char *dh){
|
|
|
if(!openSslLoaded){
|
|
|
- openSslLoaded = 1;
|
|
|
SSL_load_error_strings();
|
|
|
ERR_load_BIO_strings();
|
|
|
ERR_load_crypto_strings();
|
|
|
SSL_library_init();
|
|
|
- OpenSSL_add_all_algorithms();
|
|
|
+ OpenSSL_add_all_algorithms();
|
|
|
+ openSslLoaded = 1;
|
|
|
}
|
|
|
}
|
|
|
|
|
@@ -96,7 +96,7 @@ ds createFromFile(int f){
|
|
|
}
|
|
|
|
|
|
ds createFromFileName(const char *f){
|
|
|
- int fd = open(f, O_CREAT | O_RDWR);
|
|
|
+ int fd = open(f, O_CREAT | O_RDWR, 0666);
|
|
|
if(fd == -1){
|
|
|
return NULL;
|
|
|
}
|
|
@@ -201,10 +201,11 @@ int prepareToClose(ds d){
|
|
|
return fd;
|
|
|
}
|
|
|
|
|
|
-ds closeTlsDs(tlsDs d){
|
|
|
+ds closeTls(tlsDs d){
|
|
|
ds original = d->original;
|
|
|
SSL_shutdown(d->s);
|
|
|
- SSL_shutdown(d->s);
|
|
|
+
|
|
|
+
|
|
|
SSL_free(d->s);
|
|
|
free(d);
|
|
|
return original;
|
|
@@ -215,8 +216,10 @@ void closeHandler(nethandler h){
|
|
|
free(h);
|
|
|
}
|
|
|
|
|
|
-tlsDs startSockTls(ds d, const char *cert, const char *key){
|
|
|
- loadOpenSSL();
|
|
|
+tlsDs startSockTls(ds d, const char *cert, const char *key, const char *dh){
|
|
|
+ fprintf(stderr, "Starting TLS\n");
|
|
|
+ loadOpenSSL(dh);
|
|
|
+ fprintf(stderr, "OpenSSL loaded\n");
|
|
|
SSL_CTX * ctx = NULL;
|
|
|
if(d->server)
|
|
|
ctx = SSL_CTX_new(TLSv1_server_method());
|
|
@@ -224,19 +227,39 @@ tlsDs startSockTls(ds d, const char *cert, const char *key){
|
|
|
ctx = SSL_CTX_new(TLSv1_client_method());
|
|
|
if(!ctx)
|
|
|
return NULL;
|
|
|
+ fprintf(stderr, "Got CTX\n");
|
|
|
+ if(d->server){
|
|
|
+ FILE *dhfile = fopen(dh, "r");
|
|
|
+ fprintf(stderr, "dh is %s\n", dh);
|
|
|
+ fprintf(stderr, "dhfile is %x\n", dhfile);
|
|
|
+ DH *dhdt = PEM_read_DHparams(dhfile, NULL, NULL, NULL);
|
|
|
+ fprintf(stderr, "dhdt is %x\n", dhdt);
|
|
|
+ fclose(dhfile);
|
|
|
+ if(SSL_CTX_set_tmp_dh(ctx, dhdt) <= 0){
|
|
|
+ int f = prepareToClose(d);
|
|
|
+ closeFd(f);
|
|
|
+ clear(dhdt);
|
|
|
+ return clear(ctx);
|
|
|
+ }
|
|
|
+ fprintf(stderr, "Set DH parameters\n");
|
|
|
+ }
|
|
|
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
|
|
|
+ fprintf(stderr, "Set CTX options\n");
|
|
|
+ fprintf(stderr, "Set options\n");
|
|
|
if(cert)
|
|
|
if(SSL_CTX_use_certificate_chain_file(ctx, cert) != 1){
|
|
|
int f = prepareToClose(d);
|
|
|
closeFd(f);
|
|
|
return clear(ctx);
|
|
|
}
|
|
|
+ fprintf(stderr, "Set cert\n");
|
|
|
if(key)
|
|
|
if(SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) != 1){
|
|
|
int f = prepareToClose(d);
|
|
|
closeFd(f);
|
|
|
return clear(ctx);
|
|
|
}
|
|
|
+ fprintf(stderr, "Set key\n");
|
|
|
tlsDs t = (tlsDs)malloc(sizeof(s_tlsDs));
|
|
|
t->original = d;
|
|
|
if(!(t->s = SSL_new(ctx))){
|
|
@@ -245,30 +268,39 @@ tlsDs startSockTls(ds d, const char *cert, const char *key){
|
|
|
clear(ctx);
|
|
|
return clear(t);
|
|
|
}
|
|
|
+ fprintf(stderr, "Got SSL\n");
|
|
|
if(!SSL_set_fd(t->s, d->fd)){
|
|
|
- closeTlsDs(t);
|
|
|
+ closeTls(t);
|
|
|
return NULL;
|
|
|
}
|
|
|
+ fprintf(stderr, "Set fd\n");
|
|
|
int retry = 1;
|
|
|
int e;
|
|
|
while(retry){
|
|
|
retry = 0;
|
|
|
- if(d->server)
|
|
|
+ if(d->server){
|
|
|
+ SSL_set_accept_state(t->s);
|
|
|
e = SSL_accept(t->s);
|
|
|
- else
|
|
|
+ }else{
|
|
|
+ SSL_set_connect_state(t->s);
|
|
|
e = SSL_connect(t->s);
|
|
|
+ }
|
|
|
if(e <= 0){
|
|
|
- retry = 1;
|
|
|
- int erval = SSL_get_error(t->s, e);
|
|
|
+ unsigned long erval = SSL_get_error(t->s, e);
|
|
|
+ char ertxt[300];
|
|
|
+ ERR_error_string(erval, ertxt);
|
|
|
+ fprintf(stderr, "SSL Error: %s\n", ertxt);
|
|
|
+ ERR_print_errors(t->s->bbio);
|
|
|
if((erval == SSL_ERROR_WANT_READ) || (erval == SSL_ERROR_WANT_WRITE)){
|
|
|
-
|
|
|
+
|
|
|
+
|
|
|
}else{
|
|
|
-
|
|
|
- closeTlsDs(t);
|
|
|
+ closeTls(t);
|
|
|
return NULL;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+ fprintf(stderr, "TLS started\n");
|
|
|
return t;
|
|
|
}
|
|
|
|