#include "subrou.h"
#include "unieml.h"
#include "uniprc.h"
-#include "unissl.h"
+#include "unitls.h"
#include "devsoc.h"
//Need to have GNU_SOURCE define within CFLAGS
PROTYP proto; //Connexion protocol type
int handle; //connexion handle
_Bool modtls; //soc is in TLS mode
- SSLTYP *ssl; //full TPS/SSL channel
+ TLSTYP *tls; //full TPS/SSL channel
int maxcarin; //absolute number within carin
char *EOL; //End of line marker
int carin; //number of char within incpt;
polling[0].revents=(short)0;
switch (soc->modtls) {
case true :
- polling[0].fd=SSL_get_fd(soc->ssl->ssl);
+ polling[0].fd=SSL_get_fd(soc->tls->ssl);
break;
case false :
polling[0].fd=soc->handle;
if (soc!=(SOCTYP *)0) {
switch (soc->modtls) {
case true :
- sent=ssl_write(soc->ssl,buffer,tosend);
+ sent=tls_write(soc->tls,buffer,tosend);
break;
case false :
sent=send(soc->handle,buffer,tosend,0);
buffer=soc->carpile+soc->carin;
switch (soc->modtls) {
case true :
- got=ssl_read(soc->ssl,buffer,limit);
+ got=tls_read(soc->tls,buffer,limit);
break;
case false :
got=recv(soc->handle,buffer,limit,MSG_DONTWAIT);
phase=999;
break;
case pro_smtps : //set secure socket
- if ((newsoc->ssl=ssl_openssl(newsoc->handle,true))==(SSLTYP *)0) {
+ if ((newsoc->tls=tls_opentls(newsoc->handle,true))==(TLSTYP *)0) {
newsoc=soc_release(newsoc); //trouble trouble
break;
}
- (void) ssl_check_peer(newsoc->ssl);
+ (void) tls_check_peer(newsoc->tls);
break;
default : //undefined socket type???
(void) rou_alert(0,"%s, Undefined socket protocol='%d' (Bug?)",
}
break;
case 3 : //freeing the SSL contaxt
- soc->ssl=ssl_closessl(soc->ssl);
+ soc->tls=tls_closetls(soc->tls);
break;
case 4 : //fee memory used by socket
soc=freesocket(soc);
(void) rou_modesubrou(mode);
(void) eml_modeunieml(mode);
(void) prc_modeuniprc(mode);
- (void) ssl_modeunissl(mode);
+ (void) tls_modeunitls(mode);
break;
case false :
- (void) ssl_modeunissl(mode);
+ (void) tls_modeunitls(mode);
(void) prc_modeuniprc(mode);
(void) eml_modeunieml(mode);
(void) rou_modesubrou(mode);
#include <stdio.h>
#include "subrou.h"
-#include "unissl.h"
+#include "unitls.h"
//alternate define SSL_CIPHER_LIST "ALL:!LOW"
#define SSL_CIPHER_LIST "DEFAULT"
/* fatal error found. */
/* */
/********************************************************/
-static _Bool showsslerror(SSLTYP *ssl,int sslerror,char *msg)
+static _Bool showtlserror(TLSTYP *tls,int sslerror,char *msg)
{
-#define OPEP "unissl.c:showsslerror"
+#define OPEP "unitls.c:showtlserror"
_Bool good;
good=true;
(void) showerrorstack(msg);
break;
default :
- if (ssl->ssl==(SSL *)0) //in case of trouble
+ if (tls->ssl==(SSL *)0) //in case of trouble
(void) rou_core_dump("%s Unexpected NULL SSL (Bug?)",OPEP);
- code=SSL_get_error(ssl->ssl,sslerror);
+ code=SSL_get_error(tls->ssl,sslerror);
(void) rou_alert(0,"JMPDBG err code='%d'",code);
switch (code) {
case SSL_ERROR_ZERO_RETURN :
/* Procedure to open an SSL channel */
/* */
/********************************************************/
-static SSLTYP *freessl(SSLTYP *ssl)
+static TLSTYP *freetls(TLSTYP *tls)
{
-if (ssl!=(SSLTYP *)0) {
- if (ssl->ctx!=(SSL_CTX *)0)
- (void) SSL_CTX_free(ssl->ctx);
- (void) free(ssl);
- ssl=(SSLTYP *)0;
+if (tls!=(TLSTYP *)0) {
+ if (tls->ctx!=(SSL_CTX *)0)
+ (void) SSL_CTX_free(tls->ctx);
+ (void) free(tls);
+ tls=(TLSTYP *)0;
}
-return ssl;
+return tls;
}
/*
^L
switch (phase) {
case 0 : //load CA trusted file
if (SSL_CTX_use_certificate_chain_file(ctx,certpub[0])!=1) {
- (void) showsslerror((SSLTYP *)0,0,"Get trusted file");
+ (void) showtlserror((TLSTYP *)0,0,"Get trusted file");
phase=999; //no need to go furter
}
break;
case 1 : //loading default CA verify dir
if (SSL_CTX_set_default_verify_paths(ctx)==0) {
- (void) showsslerror((SSLTYP *)0,0,"Get trusted file");
+ (void) showtlserror((TLSTYP *)0,0,"Get trusted file");
phase=999; //no need to go furter
}
break;
case 2 : //set certificate
if (SSL_CTX_use_certificate_file(ctx,certpub[1],SSL_FILETYPE_PEM)!=1) {
- (void) showsslerror((SSLTYP *)0,0,"Get local Certificate");
+ (void) showtlserror((TLSTYP *)0,0,"Get local Certificate");
phase=999; //no need to go furter
}
break;
case 3 : //set key
if (SSL_CTX_use_PrivateKey_file(ctx,certpub[2],SSL_FILETYPE_PEM)!=1) {
- (void) showsslerror((SSLTYP *)0,0,"Get Private Key");
+ (void) showtlserror((TLSTYP *)0,0,"Get Private Key");
phase=999;
}
break;
(void) SSL_CTX_set_verify_depth(ctx,5);
(void) SSL_CTX_set_options(ctx,SSL_OP_ALL);
if (SSL_CTX_set_cipher_list(ctx,SSL_CIPHER_LIST)==0) {
- (void) showsslerror((SSLTYP *)0,0,"set cipher list");
+ (void) showtlserror((TLSTYP *)0,0,"set cipher list");
phase=999;
}
break;
/* Procedure to open an SSL channel */
/* */
/********************************************************/
-PUBLIC SSLTYP *ssl_openssl(int handle,_Bool server)
+PUBLIC TLSTYP *tls_opentls(int handle,_Bool server)
{
-#define OPEP "unissl.c:ssl_openssl"
+#define OPEP "unitls.c:tls_opentls"
-SSLTYP *ssl;
+TLSTYP *tls;
const SSL_METHOD *(*tls_methode)();
int phase;
_Bool proceed;
-ssl=(SSLTYP *)0;
+tls=(TLSTYP *)0;
tls_methode=TLS_client_method;
if (server==true)
tls_methode=TLS_server_method;
while (proceed==true) {
switch (phase) {
case 0 : //prepare the structure first;
- ssl=(SSLTYP *)calloc(1,sizeof(SSLTYP));
- ssl->server=server;
- if ((ssl->ctx=SSL_CTX_new(tls_methode()))==(SSL_CTX *)0) {
- (void) showsslerror(ssl,0,"Get CTX");
- ssl=freessl(ssl);
+ tls=(TLSTYP *)calloc(1,sizeof(TLSTYP));
+ tls->server=server;
+ if ((tls->ctx=SSL_CTX_new(tls_methode()))==(SSL_CTX *)0) {
+ (void) showtlserror(tls,0,"Get CTX");
+ tls=freetls(tls);
phase=999; //no need to go furter
}
break;
case 1 : //set certificate
if (server==true) {
- if (set_server_certificate(ssl->ctx)==false) {
- ssl=freessl(ssl);
+ if (set_server_certificate(tls->ctx)==false) {
+ tls=freetls(tls);
phase=999; //trouble, trouble no need to go furter
}
}
}
phase++;
}
-return ssl;
+return tls;
#undef OPEP
}
/*
/* Procedure to close an SSL channel */
/* */
/********************************************************/
-PUBLIC SSLTYP *ssl_closessl(SSLTYP *ssl)
+PUBLIC TLSTYP *tls_closetls(TLSTYP *tls)
{
-return ssl;
+return tls;
}
/*
^L
/* -1 if trouble. */
/* */
/********************************************************/
-PUBLIC int ssl_write(SSLTYP *ssl,char *buffer,int tosend)
+PUBLIC int tls_write(TLSTYP *tls,char *buffer,int tosend)
{
int sent;
sent=-1;
-if (ssl!=(SSLTYP *)0) {
- if ((sent=SSL_write(ssl->ssl,buffer,tosend))<=0)
- (void) showsslerror(ssl,sent,"Trouble to send data");
+if (tls!=(TLSTYP *)0) {
+ if ((sent=SSL_write(tls->ssl,buffer,tosend))<=0)
+ (void) showtlserror(tls,sent,"Trouble to send data");
}
return sent;
}
/********************************************************/
/* */
/* Procedure to read up to maxread character from */
-/* an ssl channel and store into a buffer. */
+/* an tls channel and store into a buffer. */
/* return the number of char read, or -1 if */
/* trouble. */
/* */
/********************************************************/
-PUBLIC int ssl_read(SSLTYP *ssl,char *buffer,int maxread)
+PUBLIC int tls_read(TLSTYP *tls,char *buffer,int maxread)
{
int got;
got=-1;
-if (ssl!=(SSLTYP *)0) {
- if ((got=SSL_read(ssl->ssl,buffer,maxread))<=0)
- (void) showsslerror(ssl,got,"Trouble to read data");
+if (tls!=(TLSTYP *)0) {
+ if ((got=SSL_read(tls->ssl,buffer,maxread))<=0)
+ (void) showtlserror(tls,got,"Trouble to read data");
}
return got;
}
/* return -1if trouble, 0 otherwise */
/* */
/********************************************************/
-PUBLIC int ssl_check_peer(SSLTYP *ssl)
+PUBLIC int tls_check_peer(TLSTYP *tls)
{
-#define OPEP "unissl.c:ssl_check_peer"
+#define OPEP "unitls.c:tls_check_peer"
int status;
X509 *peer;
(void) printf("JMPDBG phase='%d', check peer\n",phase);
switch (phase) {
case 0 : //check SSL
- if ((ssl==(SSLTYP *)0)||(ssl->ssl=(SSL *)0)) {
+ if ((tls==(TLSTYP *)0)||(tls->ssl=(SSL *)0)) {
phase=999; //trouble trouble (Bug?)
}
break;
case 1 : //get peer
- if ((peer=SSL_get_peer_certificate(ssl->ssl))==(X509 *)0) {
- (void) showsslerror(ssl,0,"Get peer Certificate");
+ if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) {
+ (void) showtlserror(tls,0,"Get peer Certificate");
phase=999; //trouble trouble
}
break;
case 2 : //is peer valid?
- if (SSL_get_verify_result(ssl->ssl)!=X509_V_OK) {
- (void) showsslerror(ssl,0,"Get Verify peer Certificate");
+ if (SSL_get_verify_result(tls->ssl)!=X509_V_OK) {
+ (void) showtlserror(tls,0,"Get Verify peer Certificate");
phase=999; //trouble trouble
}
(void) X509_free(peer);
/* return an SSL pointer or a NULL pointer */
/* */
/********************************************************/
-PUBLIC SSL *ssl_setsocket(int handle,SSL_CTX *ctx)
+PUBLIC SSL *tls_setsocket(int handle,SSL_CTX *ctx)
{
-#define OPEP "unissl.c:ssl_setsocket"
+#define OPEP "unitls.c:tls_setsocket"
SSL *ssl;
int phase;
/* return zero if everything right */
/* */
/********************************************************/
-int ssl_modeunissl(_Bool mode)
+int tls_modeunitls(_Bool mode)
{
#define OPEP "unidoc.c:soc_modeunisoc"
vps2: / jmp / mailleur / commitdiff