void net_step_up(netc_t *netc)
{
if (netc->conn_type == NET_SERVER) { // Server send HelloRequest
krypt_set_rsa(netc->kconn); // set security level to RSA
SSL_renegotiate(netc->kconn->ssl); // move the SSL connection into renegotiation state
krypt_do_handshake(netc->kconn, NULL, 0); // call SSL_do_handshake (1st time)
net_do_krypt(netc);
krypt_set_renegotiate(netc->kconn); // set handshake mode
}
}
int krypt_secure_connection(krypt_t *kconn, uint8_t protocol, uint8_t conn_type, uint8_t security_level)
{
switch (protocol) {
case KRYPT_TLS:
kconn->ctx = SSL_CTX_new(TLSv1_method());
break;
default:
jlog(L_ERROR, "unknown protocol");
return -1;
}
if (kconn->ctx == NULL) {
jlog(L_ERROR, "unable to create SSL context");
ssl_error_stack();
return -1;
}
SSL_CTX_set_session_id_context(kconn->ctx,
(void*)&s_server_session_id_context,
sizeof(s_server_session_id_context));
if (security_level == KRYPT_ADH)
krypt_set_adh(kconn);
// Create the BIO pair
BIO_new_bio_pair(&kconn->internal_bio, 0, &kconn->network_bio, 0);
// Create the SSL object
kconn->ssl = SSL_new(kconn->ctx);
SSL_set_bio(kconn->ssl, kconn->internal_bio, kconn->internal_bio);
SSL_set_mode(kconn->ssl, SSL_MODE_AUTO_RETRY);
if (security_level == KRYPT_RSA)
krypt_set_rsa(kconn);
kconn->conn_type = conn_type;
switch (conn_type) {
case KRYPT_SERVER:
jlog(L_NOTICE, "connection type server");
SSL_set_accept_state(kconn->ssl);
break;
case KRYPT_CLIENT:
jlog(L_NOTICE, "connection type client");
SSL_set_connect_state(kconn->ssl);
break;
default:
jlog(L_ERROR, "unknown connection type");
return -1;
}
kconn->status = KRYPT_HANDSHAKE;
return 0;
}
