/** * Embeds a socket in a ssl connection. * @param socket the socket to be used. * @return The ssl connection or NULL if an error occured. */ int embed_ssl_socket(ssl_connection *ssl, int socket) { int ssl_error; time_t ssl_time; if (!ssl) return FALSE; if (!ssl_initialized) start_ssl(); if (socket >= 0) { ssl->socket = socket; } else { LogError("%s: Socket error!\n", prog); goto sslerror; } if ((ssl->handler = SSL_new (ssl->ctx)) == NULL) { LogError("%s: Cannot initialize the SSL handler -- %s\n", prog, SSLERROR); goto sslerror; } set_noblock(ssl->socket); if ((ssl->socket_bio = BIO_new_socket(ssl->socket, BIO_NOCLOSE)) == NULL) { LogError("%s: Cannot generate IO buffer -- %s\n", prog, SSLERROR); goto sslerror; } SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio); ssl_time = time(NULL); while ((ssl_error = SSL_connect (ssl->handler)) < 0) { if ((time(NULL) - ssl_time) > SSL_TIMEOUT) { LogError("%s: SSL service timeout!\n", prog); goto sslerror; } if (!handle_error(ssl_error, ssl)) goto sslerror; if (!BIO_should_retry(ssl->socket_bio)) goto sslerror; } ssl->cipher = (char *) SSL_get_cipher(ssl->handler); if (! update_ssl_cert_data(ssl)) { LogError("%s: Cannot get the SSL server certificate!\n", prog); goto sslerror; } return TRUE; sslerror: cleanup_ssl_socket(ssl); return FALSE; }
/** * Garbage collection for non-reusable parts a ssl connection * @param ssl ssl connection */ void delete_ssl_socket(ssl_connection *ssl) { if (!ssl) return; cleanup_ssl_socket(ssl); if (ssl->ctx && !ssl->accepted) SSL_CTX_free(ssl->ctx); ssl->ctx = NULL; FREE(ssl); }
/** * Closes a ssl connection (ssl socket + net socket) * @param ssl ssl connection * @return TRUE, or FALSE if an error has occured. */ int close_ssl_socket(ssl_connection *ssl) { int rv; if (!ssl) return FALSE; if (! (rv = SSL_shutdown(ssl->handler))) { shutdown(ssl->socket, 1); rv = SSL_shutdown(ssl->handler); } close_socket(ssl->socket); cleanup_ssl_socket(ssl); return (rv > 0) ? TRUE : FALSE; }
/** * Deletes an accepted SSL server connection from the connection * list. * @param ssl_server data for ssl server connection * @param ssl data the connection to be deleted * @return TRUE, or FALSE if an error has occured. */ int delete_accepted_ssl_socket (ssl_server_connection *ssl_server, ssl_connection *ssl) { #ifdef HAVE_OPENSSL int return_value= TRUE; if ((ssl == NULL) || (ssl_server == NULL)) { return FALSE; } LOCK(ssl_mutex); if ( ssl->prev == NULL ) { ssl_server->ssl_conn_list=ssl->next; } else { ssl->prev->next=ssl->next; } END_LOCK; if(! cleanup_ssl_socket(ssl)) { return_value= FALSE; } if (! delete_ssl_socket(ssl)) { return_value= FALSE; } return return_value; #else return FALSE; #endif }
/** * Closes a ssl connection (ssl socket + net socket) * @param ssl ssl connection * @return TRUE, or FALSE if an error has occured. */ int close_ssl_socket(ssl_connection *ssl) { #ifdef HAVE_OPENSSL int error; if(ssl == NULL) { return FALSE; } if (! (error= SSL_shutdown (ssl->handler))) { shutdown(ssl->socket,1 ); error= SSL_shutdown (ssl->handler); } close_socket(ssl->socket); cleanup_ssl_socket(ssl); if ( error<=0 ) { return FALSE; } else { return TRUE; } #else return FALSE; #endif }
/** * Garbage collection for non-reusable parts a ssl connection * @param ssl ssl connection * @return TRUE, or FALSE if an error has occured. */ int delete_ssl_socket(ssl_connection *ssl) { #ifdef HAVE_OPENSSL if(ssl==NULL) { return FALSE; } cleanup_ssl_socket(ssl); if((ssl->ctx != NULL) && (! ssl->accepted)) { SSL_CTX_free(ssl->ctx); ssl->ctx=NULL; } else { ssl->ctx=NULL; } FREE(ssl); ssl=NULL; return TRUE; #else return TRUE; #endif }
/** * Embeds a socket in a ssl connection. * @param socket the socket to be used. * @return The ssl connection or NULL if an error occured. */ int embed_ssl_socket (ssl_connection *ssl, int socket) { #ifdef HAVE_OPENSSL int ssl_error; time_t ssl_time; if ( ssl == NULL ) { return FALSE; } if (!ssl_initilized) { start_ssl(); } if ( socket >= 0 ) { ssl->socket= socket; } else { log("%s: embed_ssl_socket (): Socket error!\n", prog); goto sslerror; } if ((ssl->handler= SSL_new (ssl->ctx)) == NULL ) { handle_ssl_error("embed_ssl_socket()"); log("%s: embed_ssl_socket (): Cannot initialize the SSL handler!\n", prog); goto sslerror; } set_noblock(ssl->socket); if((ssl->socket_bio= BIO_new_socket(ssl->socket, BIO_NOCLOSE)) == NULL) { handle_ssl_error("embed_ssl_socket()"); log("%s: embed_ssl_socket (): Cannot generate IO buffer!\n", prog); goto sslerror; } SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio); ssl_time=time(NULL); while((ssl_error= SSL_connect (ssl->handler)) < 0) { if((time(NULL)-ssl_time) > SSL_TIMEOUT) { log("%s: embed_ssl_socket (): SSL service timeout!\n", prog); goto sslerror; } if (!handle_connection_error(ssl_error, ssl, "embed_ssl_socket()", SSL_TIMEOUT)) { goto sslerror; } if (!BIO_should_retry(ssl->socket_bio)) { goto sslerror; } } ssl->cipher= (char *) SSL_get_cipher(ssl->handler); if (! update_ssl_cert_data(ssl)) { log("%s: embed_ssl_socket (): Cannot get the SSL server certificate!\n", prog); goto sslerror; } return TRUE; sslerror: cleanup_ssl_socket(ssl); return FALSE; #else return FALSE; #endif }
/** * Embeds a socket in a ssl connection. * @param socket the socket to be used. * @return The ssl connection or NULL if an error occured. */ int embed_ssl_socket(ssl_connection *ssl, int socket) { int ssl_error; time_t ssl_time; if (!ssl) return FALSE; if (!ssl_initialized) start_ssl(); if (socket >= 0) { ssl->socket = socket; } else { LogError("SSL socket error\n"); goto sslerror; } if ((ssl->handler = SSL_new (ssl->ctx)) == NULL) { LogError("Cannot initialize the SSL handler -- %s\n", SSLERROR); goto sslerror; } if (SSL_CTX_set_cipher_list(ssl->ctx, CIPHER_LIST) != 1) { LogError("Error setting cipher list '%s' (no valid ciphers)\n", CIPHER_LIST); goto sslerror; } Net_setNonBlocking(ssl->socket); if ((ssl->socket_bio = BIO_new_socket(ssl->socket, BIO_NOCLOSE)) == NULL) { LogError("Cannot create IO buffer -- %s\n", SSLERROR); goto sslerror; } SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio); ssl_time = time(NULL); while ((ssl_error = SSL_connect (ssl->handler)) < 0) { if ((time(NULL) - ssl_time) > SSL_TIMEOUT) { LogError("SSL service timeout\n"); goto sslerror; } if (!handle_error(ssl_error, ssl)) goto sslerror; if (!BIO_should_retry(ssl->socket_bio)) goto sslerror; } ssl->cipher = (char *) SSL_get_cipher(ssl->handler); if (! update_ssl_cert_data(ssl)) { LogError("Cannot get the SSL server certificate\n"); goto sslerror; } return TRUE; sslerror: cleanup_ssl_socket(ssl); return FALSE; }