Ejemplo n.º 1
0
int config_uplink_ssl_setup(struct uplink_config_t *l)
{
	l->ssl = ssl_alloc();
	
	if (ssl_create(l->ssl, (void *)l)) {
		hlog(LOG_ERR, "Uplink: Failed to create SSL context for '%s*'", l->name);
		return -1;
	}
	
	/* optional client cert for server-side validation */
	if (l->certfile && l->keyfile) {
		if (ssl_certificate(l->ssl, l->certfile, l->keyfile)) {
			hlog(LOG_ERR, "Uplink '%s': Failed to load SSL certificatess", l->name);
			ssl_free(l->ssl);
			l->ssl = NULL;
			return -1;
		}
	}
	
	/* optional server cert validation */
	if (l->cafile) {
		if (ssl_ca_certificate(l->ssl, l->cafile, 2)) {
			hlog(LOG_ERR, "Uplink '%s': Failed to load trusted SSL CA certificates", l->name);
			ssl_free(l->ssl);
			l->ssl = NULL;
			return -1;
		}
	}
	
	hlog(LOG_INFO, "Uplink %s: SSL initialized%s%s",
		l->name,
		(l->cafile) ? ", server validated" : "",
		(l->certfile) ? ", client cert loaded" : "");
		
	return 0;
}
Ejemplo n.º 2
0
static int open_listener(struct listen_config_t *lc)
{
	struct listen_t *l;
	int i;
	
	l = listener_alloc();
	l->id = lc->id;
	l->hidden = lc->hidden;
	l->corepeer = lc->corepeer;
	l->client_flags = lc->client_flags;
	l->clients_max = lc->clients_max;
	
	l->portaccount = port_accounter_alloc();
	
	/* Pick first of the AIs for this listen definition */
	l->addr_s = strsockaddr( lc->ai->ai_addr, lc->ai->ai_addrlen );
	l->name   = hstrdup(lc->name);
	l->portnum = lc->portnum;
	l->ai_protocol = lc->ai->ai_protocol;
	l->listener_id = keyhash(l->addr_s, strlen(l->addr_s), 0);
	l->listener_id = keyhash(&lc->ai->ai_socktype, sizeof(lc->ai->ai_socktype), l->listener_id);
	l->listener_id = keyhash(&lc->ai->ai_protocol, sizeof(lc->ai->ai_protocol), l->listener_id);
	hlog(LOG_DEBUG, "Opening listener %d/%d '%s': %s", lc->id, l->listener_id, lc->name, l->addr_s);
	
	if (lc->ai->ai_socktype == SOCK_DGRAM &&
	    lc->ai->ai_protocol == IPPROTO_UDP) {
		/* UDP listenting is not quite same as TCP listening.. */
		i = open_udp_listener(l, lc->ai);
	} else if (lc->ai->ai_socktype == SOCK_STREAM && lc->ai->ai_protocol == IPPROTO_TCP) {
		/* TCP listenting... */
		i = open_tcp_listener(l, lc->ai, "TCP");
#ifdef USE_SCTP
	} else if (lc->ai->ai_socktype == SOCK_STREAM &&
		   lc->ai->ai_protocol == IPPROTO_SCTP) {
		i = open_tcp_listener(l, lc->ai, "SCTP");
		if (i >= 0)
			i = sctp_set_listen_params(l);
#endif
	} else {
		hlog(LOG_ERR, "Unsupported listener protocol for '%s'", l->name);
		listener_free(l);
		return -1;
	}
	
	if (i < 0) {
		hlog(LOG_DEBUG, "... failed");
		listener_free(l);
		return -1;
	}
	
	hlog(LOG_DEBUG, "... ok, bound");
	
	/* Set up an SSL context if necessary */
#ifdef USE_SSL
	if (lc->keyfile && lc->certfile) {
		l->ssl = ssl_alloc();
		
		if (ssl_create(l->ssl, (void *)l)) {
			hlog(LOG_ERR, "Failed to create SSL context for '%s*': %s", lc->name, l->addr_s);
			listener_free(l);
			return -1;
		}
		
		if (ssl_certificate(l->ssl, lc->certfile, lc->keyfile)) {
			hlog(LOG_ERR, "Failed to load SSL key and certificates for '%s*': %s", lc->name, l->addr_s);
			listener_free(l);
			return -1;
		}
		
		/* optional client cert validation */
		if (lc->cafile) {
			if (ssl_ca_certificate(l->ssl, lc->cafile, 2)) {
				hlog(LOG_ERR, "Failed to load trusted SSL CA certificates for '%s*': %s", lc->name, l->addr_s);
				listener_free(l);
				return -1;
			}
		}
		
		hlog(LOG_INFO, "SSL initialized for '%s': %s%s", lc->name, l->addr_s, (lc->cafile) ? " (client validation enabled)" : "");
	}
#endif
	
	/* Copy access lists */
	if (lc->acl)
		l->acl = acl_dup(lc->acl);
	
	/* Copy filter definitions */
	listener_copy_filters(l, lc);
	
	hlog(LOG_DEBUG, "... adding %s to listened sockets", l->addr_s);
	// put (first) in the list of listening sockets
	l->next = listen_list;
	l->prevp = &listen_list;
	if (listen_list)
		listen_list->prevp = &l->next;
	listen_list = l;
	
	return 0;
}