From 9523d39517bc24c116ec783d23bc3d7a52eb2d4f Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Wed, 7 Aug 2024 21:25:47 -0400 Subject: [PATCH] Starting to have an SSL working --- lib/devsoc.c | 21 ++++++++++++++------- lib/subrou.c | 2 +- lib/unitls.c | 24 ++++++++++++++++++++---- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/lib/devsoc.c b/lib/devsoc.c index 9fbb60b..ed6b5ad 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -248,16 +248,22 @@ while (proceed==true) { switch (phase) { case 0 : //First prepare a new socket newsoc=dupsocket(soc); + if (plainsoc(newsoc)==false) { + phase=999; //trouble trouble + } break; case 1 : //wait for incoming connexion switch (newsoc->proto) { case pro_smtp : //plain socket case pro_starttls : //plain socket + STARTTLS - ready=plainsoc(newsoc); + //nothing to do break; case pro_smtps : //set secure socket - if ((newsoc->tls=tls_opentls(newsoc->handle,true))!=(TLSTYP *)0) - ready=tls_accept(newsoc->tls); + newsoc->modtls=true; + if ((newsoc->tls=tls_opentls(newsoc->handle,true))==(TLSTYP *)0) { + (void) rou_alert(0,"%s Unable to get a TLS channel",OPEP); + phase=999; //trouble trouble + } break; default : (void) rou_alert(0,"%s Protocol '%d' unset (Bug?)", @@ -265,12 +271,12 @@ while (proceed==true) { break; } break; - case 2 : //wait for incoming connexion - if (ready==false) { - newsoc=soc_release(newsoc); //trouble touble - } + case 2 : //Everything is fine + ready=true; break; default : //SAFE guard + if (ready==false) + newsoc=soc_release(newsoc); //trouble touble proceed=false; break; } @@ -597,6 +603,7 @@ if (soc!=(SOCTYP *)0) { polling[0].events=POLLIN|POLLPRI; polling[0].revents=(short)0; + (void) printf("JMPDBG modtls='%d'\n",soc->modtls); switch (soc->modtls) { case true : polling[0].fd=SSL_get_fd(soc->tls->ssl); diff --git a/lib/subrou.c b/lib/subrou.c index dd7e7f0..360a2f6 100644 --- a/lib/subrou.c +++ b/lib/subrou.c @@ -20,7 +20,7 @@ //version definition #define VERSION "0.3" -#define RELEASE "30" +#define RELEASE "31" //Public variables PUBLIC int debug=0; //debug level diff --git a/lib/unitls.c b/lib/unitls.c index 0e6aa4b..0d0ebc2 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -184,6 +184,7 @@ while (done==false) { int sslerr; status=SSL_accept(tls->ssl); + (void) printf("after SSL_accept status='%d'\n",status); done=true; switch (sslerr=SSL_get_error(tls->ssl,status)) { case SSL_ERROR_NONE : @@ -323,6 +324,7 @@ PUBLIC TLSTYP *tls_opentls(int handle,_Bool server) TLSTYP *tls; const SSL_METHOD *(*tls_methode)(); +_Bool ready; int phase; _Bool proceed; @@ -330,6 +332,7 @@ tls=(TLSTYP *)0; tls_methode=TLS_client_method; if (server==true) tls_methode=TLS_server_method; +ready=false; phase=0; proceed=true; while (proceed==true) { @@ -343,19 +346,32 @@ while (proceed==true) { (void) ERR_clear_error(); if ((tls->ctx=SSL_CTX_new(tls_methode()))==(SSL_CTX *)0) { (void) showtlserror(tls,0,"Get CTX"); - tls=freetls(tls); phase=999; //no need to go furter } break; case 1 : //set certificate if (server==true) { - if (set_server_certificate(tls->ctx)==false) { - tls=freetls(tls); + if (set_server_certificate(tls->ctx)==false) phase=999; //trouble, trouble no need to go furter - } } break; + case 2 : //Setting the TLS channel + if ((tls->ssl=tls_setsocket(handle,tls->ctx))==(SSL *)0) + phase=999; //trouble, trouble no need to go furter + break; + case 3 : //Setting the TLS channel actif + switch (server) { + case false : //mode client + break; + case true : //mode server + (void) SSL_set_accept_state(tls->ssl); + break; + } + ready=true; + break; default : //SAFE guard + if (ready==false) + tls=freetls(tls); proceed=false; break; } -- 2.47.3