void net_step_up(netc_t *netc) { if (netc->conn_type == NET_SERVER) { // Server send HelloRequest krypt_set_rsa(netc->kconn); // set security level to RSA SSL_renegotiate(netc->kconn->ssl); // move the SSL connection into renegotiation state krypt_do_handshake(netc->kconn, NULL, 0); // call SSL_do_handshake (1st time) net_do_krypt(netc); krypt_set_renegotiate(netc->kconn); // set handshake mode } }
int krypt_secure_connection(krypt_t *kconn, uint8_t protocol, uint8_t conn_type, uint8_t security_level) { switch (protocol) { case KRYPT_TLS: kconn->ctx = SSL_CTX_new(TLSv1_method()); break; default: jlog(L_ERROR, "unknown protocol"); return -1; } if (kconn->ctx == NULL) { jlog(L_ERROR, "unable to create SSL context"); ssl_error_stack(); return -1; } SSL_CTX_set_session_id_context(kconn->ctx, (void*)&s_server_session_id_context, sizeof(s_server_session_id_context)); if (security_level == KRYPT_ADH) krypt_set_adh(kconn); // Create the BIO pair BIO_new_bio_pair(&kconn->internal_bio, 0, &kconn->network_bio, 0); // Create the SSL object kconn->ssl = SSL_new(kconn->ctx); SSL_set_bio(kconn->ssl, kconn->internal_bio, kconn->internal_bio); SSL_set_mode(kconn->ssl, SSL_MODE_AUTO_RETRY); if (security_level == KRYPT_RSA) krypt_set_rsa(kconn); kconn->conn_type = conn_type; switch (conn_type) { case KRYPT_SERVER: jlog(L_NOTICE, "connection type server"); SSL_set_accept_state(kconn->ssl); break; case KRYPT_CLIENT: jlog(L_NOTICE, "connection type client"); SSL_set_connect_state(kconn->ssl); break; default: jlog(L_ERROR, "unknown connection type"); return -1; } kconn->status = KRYPT_HANDSHAKE; return 0; }