/* Procedure to set the link certificate */
/* */
/********************************************************/
-static int set_server_certificate(TLSTYP *tls)
+static int set_certificate(TLSTYP *tls)
{
#define OPEP "unitls.c:set_link_certificate"
}
break;
case 1 : //set certificate
- if (server==true) {
- if (set_server_certificate(tls)==false)
- phase=999; //trouble, trouble no need to go furter
- }
+ if (set_certificate(tls)==false)
+ phase=999; //trouble, trouble no need to go furter
break;
case 2 : //Setting the TLS channel
if ((tls->ssl=tls_setsocket(handle,tls->ctx))==(SSL *)0)
switch (server) {
case false : //mode client
(void) rou_alert(0,"%s JMPDBG should be in client mode",OPEP);
- (void) SSL_set_connect_state(tls->ssl);
+ if (tls_connect(tls)<0)
+ phase=999; //trouble trouble
break;
case true : //mode server
- (void) SSL_set_accept_state(tls->ssl);
+ if (tls_accept(tls)<0)
+ phase=999; //trouble trouble
break;
}
break;
peer=(X509 *)0;
tic=30; //30 second MAX to extablish SSL connexio
done=false;
+(void) rou_alert(0,"%s JMPDBG in tls_accept",OPEP);
if ((tls->bio=BIO_new_fd(tls->handle,BIO_NOCLOSE))==(BIO *)0) {
(void) rou_core_dump("%s Unable to get the BIO (error=<%s>)",
OPEP,strerror(errno));
switch (sslerr=SSL_get_error(tls->ssl,statut)) {
case SSL_ERROR_NONE :
statut=0;
+ (void) rou_alert(0,"%s JMPDBG ask for Peer",OPEP);
if ((peer=SSL_get_peer_certificate(tls->ssl))!=(X509 *)0) {
+ (void) rou_alert(0,"%s JMPDBG Got Peer",OPEP);
if (SSL_get_verify_result(tls->ssl)!=X509_V_OK)
statut=-1;
(void) X509_free(peer);
#undef OPEP
}
/*
+\f
+*/
+/********************************************************/
+/* */
+/* Procedur to initiate a TLS connection from the */
+/* client side. */
+/* Return -1 if trouble, 0 otherwise */
+/* */
+/********************************************************/
+PUBLIC int tls_connect(TLSTYP *tls)
+
+{
+#define OPEP "unitls.c:tls_connect,"
+
+int done;
+int statut;
+int tic;
+
+done=false;
+statut=-1;
+tic=30; //trying for 30 second
+if ((tls->bio=BIO_new_fd(tls->handle,BIO_NOCLOSE))==(BIO *)0) {
+ (void) rou_core_dump("%s Unable to get the BIO (error=<%s>)",
+ OPEP,strerror(errno));
+ }
+(void) SSL_set_bio(tls->ssl,tls->bio,tls->bio);
+while (done==false) {
+ statut=SSL_connect(tls->ssl);
+ switch (SSL_get_error(tls->ssl,statut)) {
+ case SSL_ERROR_NONE :
+ done=true;
+ statut=0;
+ break;
+ case SSL_ERROR_WANT_READ :
+ switch (tls_waitforchar(tls,(u_int)1000)) {
+ case -1 :
+ switch(errno) { /*received a signal, lets see...*/
+ case EINTR : /*could be a TERM signal */
+ break;
+ default : /*hummm real code fault report */
+ (void) rou_core_dump("%s poll error '%s'",OPEP,strerror(errno));
+ done=true;
+ statut=-1;
+ break;
+ }
+ break;
+ case 0 : /*standard time out */
+ tic--;
+ if (tic<=0) {
+ done=true;
+ (void) rou_alert(0,"%s, SSL_connect too long to establish",OPEP);
+ statut=-1;
+ }
+ break;
+ default :
+ break;
+ }
+ break;
+ case SSL_ERROR_WANT_WRITE :
+ case SSL_ERROR_WANT_CONNECT :
+ break;
+ default :
+ (void) showtlserror(tls,statut,"%s SSL_connect fatal error",OPEP);
+ statut=-1;
+ done=true;
+ break;
+ }
+ }
+return statut;
+#undef OPEP
+}
+/*
^L
*/
/********************************************************/
vps2: / jmp / mailleur / commitdiff