void
ssl_write_session(FILE * fp, SSL * ssl)
{
SSL_SESSION *s;
s = SSL_get_session(ssl);
PEM_write_SSL_SESSION(fp, s);
}
void writeSession(SSL *ssl, const char *filename)
{
FILE *fd = fopen(filename,"w");
CHECK(fd != NULL);
// We can faff with i2d_SSL_SESSION() but this is easier
SSL_SESSION *session = SSL_get_session(ssl);
CHECK(session != NULL);
PEM_write_SSL_SESSION(fd,session);
fclose(fd);
}
int ipfix_ssl_init_con( SSL *con )
{
extern FILE *mlog_fp; // todo: see if this is working
int i;
char *str;
long verify_error;
char buf[100];
if ((i=SSL_accept(con)) <= 0) {
if (BIO_sock_should_retry(i)) {
mlogf( 0, "[ipfix_ssl_init] DELAY\n");
return -1;
}
mlogf( 0, "[ipfix_ssl_init] ERROR\n");
verify_error=SSL_get_verify_result( con );
if (verify_error != X509_V_OK) {
mlogf( 0, "[ipfix_ssl_init] verify error: %s\n",
X509_verify_cert_error_string(verify_error));
}
else
ERR_print_errors_fp( mlog_fp );
return -1;
}
if ( 1 <= mlog_get_vlevel() ) {
PEM_write_SSL_SESSION( mlog_fp, SSL_get_session(con));
if ( SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) {
mlogf( 3, "[ipfix] Shared ciphers:%s\n", buf);
}
str=(char*)SSL_CIPHER_get_name( SSL_get_current_cipher(con) );
mlogf( 3, "[ipfix] CIPHER is %s\n",(str != NULL)?str:"(NONE)");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG) {
mlogf( 1, "[ipfix] Peer has incorrect TLSv1 block padding\n");
}
}
return 0;
}
