From 9a26336563cb8af4249204da47f10158607241a4 Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Sat, 3 May 2025 17:28:03 -0400
Subject: [PATCH] Client is getting the server certificate

---
 Makefile     |  2 +-
 lib/unitls.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 83 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 513b9f1..3a33738 100644
--- a/Makefile
+++ b/Makefile
@@ -103,10 +103,10 @@ xxx	:
 			-cert certs/localhost_cert.pem	\
 			-CAfile certs/safe_CA.pem	\
 			-starttls smtp			\
-			-tls1_2				\
 			-connect $(TESTSRV):1025
 
 #			-showcerts			
+#			-tls1_2
 #			-connect mailprod1.safe.ca:25
 #			-connect $(TESTSRV):$(TESTPORT)	
 #			-connect smtp.google.com:25
diff --git a/lib/unitls.c b/lib/unitls.c
index b7e16e8..f7595c1 100644
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -219,7 +219,7 @@ return tls;
 /*	Procedure to set the link certificate           */
 /*                                                      */
 /********************************************************/
-static int set_server_certificate(TLSTYP *tls)
+static int set_certificate(TLSTYP *tls)
 
 {
 #define OPEP    "unitls.c:set_link_certificate"
@@ -420,10 +420,8 @@ while (proceed==true) {
         }
       break;
     case 1      :       //set certificate
-      if (server==true) {
-        if (set_server_certificate(tls)==false) 
-          phase=999;      //trouble, trouble no need to go furter
-        }
+      if (set_certificate(tls)==false) 
+        phase=999;      //trouble, trouble no need to go furter
       break;
     case 2      :       //Setting the TLS channel
       if ((tls->ssl=tls_setsocket(handle,tls->ctx))==(SSL *)0) 
@@ -433,10 +431,12 @@ while (proceed==true) {
       switch (server) {
         case false  :   //mode client
           (void) rou_alert(0,"%s JMPDBG should be in client mode",OPEP);
-          (void) SSL_set_connect_state(tls->ssl);
+          if (tls_connect(tls)<0) 
+            phase=999;  //trouble trouble
           break;
         case true   :   //mode server
-          (void) SSL_set_accept_state(tls->ssl);
+          if (tls_accept(tls)<0) 
+            phase=999;  //trouble trouble
           break;
         }
       break;
@@ -716,6 +716,7 @@ statut=-1;
 peer=(X509 *)0;
 tic=30;         //30 second MAX to extablish SSL connexio
 done=false;
+(void) rou_alert(0,"%s JMPDBG in tls_accept",OPEP);
 if ((tls->bio=BIO_new_fd(tls->handle,BIO_NOCLOSE))==(BIO *)0) {
   (void) rou_core_dump("%s Unable to get the BIO (error=<%s>)",
 		        OPEP,strerror(errno));
@@ -728,7 +729,9 @@ while (done==false) {
   switch (sslerr=SSL_get_error(tls->ssl,statut)) {
     case SSL_ERROR_NONE	     :
       statut=0;
+      (void) rou_alert(0,"%s JMPDBG ask for Peer",OPEP);
       if ((peer=SSL_get_peer_certificate(tls->ssl))!=(X509 *)0) {
+        (void) rou_alert(0,"%s JMPDBG Got Peer",OPEP);
         if (SSL_get_verify_result(tls->ssl)!=X509_V_OK)
           statut=-1;
         (void) X509_free(peer);
@@ -785,6 +788,78 @@ return statut;
 #undef   OPEP
 }
 /*
+
+*/
+/********************************************************/
+/*                                                      */
+/*	Procedur to initiate a TLS connection from the  */
+/*      client side.			                */
+/*	Return -1 if trouble, 0 otherwise	        */
+/*                                                      */
+/********************************************************/
+PUBLIC int tls_connect(TLSTYP *tls)
+
+{
+#define OPEP	"unitls.c:tls_connect,"
+
+int done;
+int statut;
+int tic;
+
+done=false;
+statut=-1;
+tic=30;         //trying for 30 second
+if ((tls->bio=BIO_new_fd(tls->handle,BIO_NOCLOSE))==(BIO *)0) {
+  (void) rou_core_dump("%s Unable to get the BIO (error=<%s>)",
+		        OPEP,strerror(errno));
+  }
+(void) SSL_set_bio(tls->ssl,tls->bio,tls->bio);
+while (done==false) {
+  statut=SSL_connect(tls->ssl);
+  switch (SSL_get_error(tls->ssl,statut)) {
+    case SSL_ERROR_NONE	     :
+      done=true;
+      statut=0;
+      break;
+    case SSL_ERROR_WANT_READ :
+      switch (tls_waitforchar(tls,(u_int)1000)) {
+        case -1		     :
+          switch(errno) {	/*received a signal, lets see...*/
+	    case EINTR	     :	/*could be a TERM signal	*/
+	      break;	
+	    default	     :	/*hummm real code fault report	*/
+	      (void) rou_core_dump("%s poll error '%s'",OPEP,strerror(errno));
+              done=true;
+	      statut=-1;
+	      break;
+	    }
+	  break;
+        case  0		     :	/*standard time out		*/
+          tic--; 
+          if (tic<=0) {
+            done=true;
+            (void) rou_alert(0,"%s, SSL_connect too long to establish",OPEP);
+	    statut=-1;
+	    }
+          break;
+	default		     :
+          break;
+        }
+      break;
+    case SSL_ERROR_WANT_WRITE	:
+    case SSL_ERROR_WANT_CONNECT	:
+      break;
+    default				:
+      (void) showtlserror(tls,statut,"%s SSL_connect fatal error",OPEP);
+      statut=-1;
+      done=true;
+      break;
+    }
+  }
+return statut;
+#undef  OPEP
+}
+/*
 ^L
 */
 /********************************************************/
-- 
2.47.3