void print_socks(void)
{
int i;
for(i = 0; i < nfds; i++) {
print_cdata(i, 0);
}
}
static int
print_open(dtd_parser * p, dtd_element * e, int argc, sgml_attribute *argv)
{ int i;
for (i = 0; i < argc; i++)
{ print_word(p, 'A', argv[i].definition->name->name, 0);
switch (argv[i].definition->type)
{ case AT_CDATA:
printf(" CDATA");
print_cdata(' ', &argv[i]);
continue; /* so we don't get two line breaks */
case AT_NUMBER:
printf(" NUMBER ");
if (argv[i].value.textW)
print_word(p, ' ', argv[i].value.textW, 0);
else
printf("%ld", argv[i].value.number);
break;
case AT_NAMEOF:
printf(" NAME");
print_word(p, ' ', argv[i].value.textW, 0);
break;
default:
{ atdef *ad = find_attrdef(argv[i].definition->type);
ichar const *val = argv[i].value.textW;
printf(" %s", ad->name);
if (ad->islist)
{ ichar const *n;
while ((n = istrblank(val)) != 0)
{ if (n != val)
print_word(p, ' ', val, n);
val = n + 1;
}
}
print_word(p, ' ', val, 0);
}
break;
}
putchar('\n');
}
print_word(p, '(', e->name->name, 0);
putchar('\n');
return TRUE;
}
/**
* called on an cleartext socket after accept,
* if we want to do the SSL nego on this socket
*/
int
ssl_negotiate(int idx, int is_server)
{
int err = 0;
X509 *client_cert;
char *str;
if(cdata[idx].is_ssl) {
debug(DBG_SSL, 0,
"ERROR: trying to start SSL for index %d, when already started - assuming success",
idx);
print_cdata(idx, 0);
return 1;
}
if(cdata[idx].is_udp) {
debug(DBG_SSL, 0, "ERROR: trying to start SSL for index UDP %d", idx);
print_cdata(idx, 0);
return 0;
}
if(cdata[idx].ssl == NULL) {
cdata[idx].ssl = SSL_new(ssl_server_ctx);
if(cdata[idx].ssl == NULL) {
debug(DBG_SSL, 0, "Could not create SSL for index %d", idx);
return -100;
}
err = SSL_set_fd(cdata[idx].ssl, ufds[idx].fd);
if(err == 0) {
debug(DBG_SSL, 0, "Could not assign socket to SSL for index %d", idx);
SSL_free(cdata[idx].ssl);
cdata[idx].ssl = NULL;
return -101;
}
SSL_set_verify(cdata[idx].ssl,
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, test_verify);
}
if(is_server) {
err = SSL_accept(cdata[idx].ssl);
debug(DBG_SSL, 2, "Error from SSL_accept: %d", err);
} else {
err = SSL_connect(cdata[idx].ssl);
debug(DBG_SSL, 2, "Error from SSL_connect: %d", err);
}
if(err <= 0) {
ERR_print_errors_fp(stderr);
return err;
}
debug(DBG_SSL, 2, "Index %d: SSL connection with cipher %s",
idx, SSL_get_cipher(cdata[idx].ssl));
// Get the client cert and compare it if needed. (NB: dynamic allocation)
client_cert = SSL_get_peer_certificate(cdata[idx].ssl);
if(client_cert != NULL) {
debug(DBG_SSL, 10, "Peer certificate:");
str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0);
if(str != NULL) {
debug(DBG_SSL, 10, " subject: %s", str);
free(str);
}
str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0);
if(str != NULL) {
debug(DBG_SSL, 10, " issuer: %s", str);
free(str);
}
// some checks on client cert go here
X509_free(client_cert);
} else {
debug(DBG_SSL, 1, "Peer does not have a certificate");
}
// all SSL things done, now consider socket as SSL
cdata[idx].is_ssl = 1;
return 1;
}
