int BSckSendData(BSOCK_HANDLE hBSock, char const *pszBuffer, int iSize, int iTimeout)
{
BuffSocketData *pBSD = (BuffSocketData *) hBSock;
SysLogMessage(LOG_LEV_DEBUG, "socket write data (len = %d)\n", iSize);
if (BSckWriteLL(pBSD, pszBuffer, iSize, iTimeout) != iSize)
return ErrGetErrorCode();
return iSize;
}
static int BSslCertVerifyCB(int iOK, X509_STORE_CTX *pXsCtx)
{
int iError, iDepth;
SSL *pSSL;
SSL_CTX *pSCtx;
SslServerBind const *pSSLB;
X509 *pCert;
iError = X509_STORE_CTX_get_error(pXsCtx);
iDepth = X509_STORE_CTX_get_error_depth(pXsCtx);
if ((pSSL = (SSL *)
X509_STORE_CTX_get_ex_data(pXsCtx, SSL_get_ex_data_X509_STORE_CTX_idx())) == NULL)
return iOK;
pSCtx = SSL_get_SSL_CTX(pSSL);
pSSLB = (SslServerBind const *) SSL_CTX_get_app_data(pSCtx);
pCert = X509_STORE_CTX_get_current_cert(pXsCtx);
#ifdef DEBUG_OSSL
char *pszVal;
pszVal = X509_NAME_oneline(X509_get_issuer_name(pCert), 0, 0);
SysLogMessage(LOG_LEV_MESSAGE, "CERT Issuer: %s\n", pszVal);
OPENSSL_free(pszVal);
pszVal = X509_NAME_oneline(X509_get_subject_name(pCert), 0, 0);
SysLogMessage(LOG_LEV_MESSAGE, "CERT Subject: %s\n", pszVal);
OPENSSL_free(pszVal);
#endif
if (!iOK) {
SysLogMessage(LOG_LEV_MESSAGE, "CERT verify error: depth = %d error = '%s'\n",
iDepth, X509_verify_cert_error_string(iError));
if (iError == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT &&
pSSLB->ulFlags & BSSLF_ALLOW_SEFLSIGNED) {
SysLogMessage(LOG_LEV_MESSAGE, "Self signed CERT allowed (override)\n");
iOK = 1;
}
}
return iOK;
}
int BSckSendString(BSOCK_HANDLE hBSock, char const *pszBuffer, int iTimeout)
{
BuffSocketData *pBSD = (BuffSocketData *) hBSock;
char *pszSendBuffer = (char *) SysAlloc(strlen(pszBuffer) + 3);
if (pszSendBuffer == NULL)
return ErrGetErrorCode();
SysLogMessage(LOG_LEV_DEBUG, "socket write line: [%s]\n", pszBuffer);
sprintf(pszSendBuffer, "%s\r\n", pszBuffer);
int iSendLength = (int)strlen(pszSendBuffer);
if (BSckWriteLL(pBSD, pszSendBuffer, iSendLength, iTimeout) != iSendLength) {
SysFree(pszSendBuffer);
return ErrGetErrorCode();
}
SysFree(pszSendBuffer);
return iSendLength;
}
char *BSckGetString(BSOCK_HANDLE hBSock, char *pszBuffer, int iMaxChars, int iTimeout,
int *pLineLength, int *piGotNL)
{
int i;
BuffSocketData *pBSD = (BuffSocketData *) hBSock;
for (i = 0, iMaxChars--; i < iMaxChars;) {
/* Verify to have something to read */
if (pBSD->iBytesInBuffer == 0 && BSckFetchData(pBSD, iTimeout) <= 0)
return NULL;
int iBytesLookup = Min(pBSD->iBytesInBuffer, iMaxChars - i);
if (iBytesLookup > 0) {
char *pszNL = (char *) memchr(pBSD->pszBuffer + pBSD->iReadIndex, '\n',
iBytesLookup);
if (pszNL != NULL) {
int iCopySize = (int) (pszNL - (pBSD->pszBuffer + pBSD->iReadIndex));
memcpy(pszBuffer + i, pBSD->pszBuffer + pBSD->iReadIndex,
iCopySize);
i += iCopySize;
pBSD->iReadIndex += iCopySize + 1;
pBSD->iBytesInBuffer -= iCopySize + 1;
/* Line cleanup */
for (; i > 0 && pszBuffer[i - 1] == '\r'; i--);
pszBuffer[i] = '\0';
if (pLineLength != NULL)
*pLineLength = i;
if (piGotNL != NULL)
*piGotNL = 1;
SysLogMessage(LOG_LEV_DEBUG, "socket read line: [%s]\n", pszBuffer);
return pszBuffer;
} else {
memcpy(pszBuffer + i, pBSD->pszBuffer + pBSD->iReadIndex,
iBytesLookup);
i += iBytesLookup;
pBSD->iReadIndex += iBytesLookup;
pBSD->iBytesInBuffer -= iBytesLookup;
}
}
}
pszBuffer[i] = '\0';
if (pLineLength != NULL)
*pLineLength = i;
if (piGotNL != NULL) {
*piGotNL = 0;
SysLogMessage(LOG_LEV_DEBUG, "socket read line: [%s]\n", pszBuffer);
return pszBuffer;
}
ErrSetErrorCode(ERR_LINE_TOO_LONG);
return NULL;
}
static void SSLInfoCallback(const SSL *s, int where, int ret) {
#else
static void SSLInfoCallback(SSL *s, int where, int ret) {
#endif
if(where & SSL_CB_LOOP)
printf("SSL state (%s): %s\r\n",
where & SSL_ST_CONNECT ? "connect" :
where & SSL_ST_ACCEPT ? "accept" :
"undefined", SSL_state_string_long(s));
else if(where & SSL_CB_ALERT)
printf("SSL alert (%s): %s: %s\r\n",
where & SSL_CB_READ ? "read" : "write",
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
else if(where==SSL_CB_HANDSHAKE_DONE)
print_stats();
else
if (where & SSL_CB_EXIT)
{
if (ret == 0)
printf("%failed in %s\r\n",
SSL_state_string_long(s));
}
}
#endif /*DEBUG_SSL*/
static void CDECL LockSSL(int iMode,
int iType,
const char* pszFileName,
int iLine)
{
if(iMode & CRYPTO_LOCK)
{
#ifdef _WIN32
EnterCriticalSection(&lock);
#else
pthread_mutex_lock(&lock);
#endif
}
else
{
if(iMode & CRYPTO_UNLOCK)
{
#ifdef _WIN32
LeaveCriticalSection(&lock);
#else
pthread_mutex_unlock(&lock);
#endif
}
}
}
SSL_CTX* SSLMakeCtx(const SSLOptions& sslOpt,
int iServer)
{
SSL_CTX* pSSLCtx;
if(iServer)
{
pSSLCtx = SSL_CTX_new(SSLv23_server_method());
}
else
{
pSSLCtx = SSL_CTX_new(SSLv23_client_method());
}
if(!pSSLCtx)
{
SysLogMessage(LOG_LEV_ERROR,
"Cannot create SSL context, ssl support is disabled\r\n");
return (NULL);
}
int iSSLOpt = SSL_OP_ALL;
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
iSSLOpt |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
SSL_CTX_set_options(pSSLCtx,
iSSLOpt);
#if SSLEAY_VERSION_NUMBER >= 0x00906000L
SSL_CTX_set_mode(pSSLCtx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif /* OpenSSL-0.9.6 */
/*
SSL_CTX_set_session_cache_mode(pSSLCtx,
SSL_SESS_CACHE_OFF);
*/
SSL_CTX_set_session_cache_mode(pSSLCtx,
SSL_SESS_CACHE_BOTH);
SSL_CTX_sess_set_cache_size(pSSLCtx,
128);
if(!sslOpt.pszCertFile)
{
SysLogMessage(LOG_LEV_ERROR,
"Certificate file not found, ssl support is disabled\r\n");
SSL_CTX_free(pSSLCtx);
return (NULL);
}
if(!SSL_CTX_use_certificate_chain_file(pSSLCtx,
sslOpt.pszCertFile))
{
SysLogMessage(LOG_LEV_ERROR,
"Error reading certificate file: %s, ssl support is disabled\r\n",
sslOpt.pszCertFile);
SSL_CTX_free(pSSLCtx);
return (NULL);
}
SSL_CTX_use_RSAPrivateKey_file(pSSLCtx,
sslOpt.pszCertFile,
SSL_FILETYPE_PEM);
if(!SSL_CTX_check_private_key(pSSLCtx))
{
SysLogMessage(LOG_LEV_ERROR,
"Private key does not match the certificate, ssl support is disabled\r\n");
SSL_CTX_free(pSSLCtx);
return (NULL);
}
#ifdef DEBUG_SSL
SSL_CTX_set_info_callback(pSSLCtx,
SSLInfoCallback);
#endif
if(!SSL_CTX_set_cipher_list(pSSLCtx,
SSL_DEFAULT_CIPHER_LIST))
{
SysLogMessage(LOG_LEV_ERROR,
"Cannot set ciphers: %s, ssl support is disabled\r\n",
SSL_DEFAULT_CIPHER_LIST);
SSL_CTX_free(pSSLCtx);
return (NULL);
}
return (pSSLCtx);
}
