Example #1
0
void net_step_up(netc_t *netc)
{
	if (netc->conn_type == NET_SERVER) {	// Server send HelloRequest

		krypt_set_rsa(netc->kconn);         // set security level to RSA
		SSL_renegotiate(netc->kconn->ssl);	// move the SSL connection into renegotiation state

		krypt_do_handshake(netc->kconn, NULL, 0); // call SSL_do_handshake (1st time)
		net_do_krypt(netc);

		krypt_set_renegotiate(netc->kconn);	// set handshake mode
	}
}
Example #2
0
int krypt_secure_connection(krypt_t *kconn, uint8_t protocol, uint8_t conn_type, uint8_t security_level)
{
	switch (protocol) {

		case KRYPT_TLS:
			kconn->ctx = SSL_CTX_new(TLSv1_method());
			break;

		default:
			jlog(L_ERROR, "unknown protocol");
			return -1;
	}

	if (kconn->ctx == NULL) {
		jlog(L_ERROR, "unable to create SSL context");
		ssl_error_stack();
		return -1;
	}

	SSL_CTX_set_session_id_context(kconn->ctx,
		(void*)&s_server_session_id_context,
		sizeof(s_server_session_id_context));

	if (security_level == KRYPT_ADH)
		krypt_set_adh(kconn);

	// Create the BIO pair
	BIO_new_bio_pair(&kconn->internal_bio, 0, &kconn->network_bio, 0);

	// Create the SSL object
	kconn->ssl = SSL_new(kconn->ctx);
	SSL_set_bio(kconn->ssl, kconn->internal_bio, kconn->internal_bio);
	SSL_set_mode(kconn->ssl, SSL_MODE_AUTO_RETRY);

	if (security_level == KRYPT_RSA)
		krypt_set_rsa(kconn);

	kconn->conn_type = conn_type;
	switch (conn_type) {

		case KRYPT_SERVER:
			jlog(L_NOTICE, "connection type server");
			SSL_set_accept_state(kconn->ssl);

			break;

		case KRYPT_CLIENT:
			jlog(L_NOTICE, "connection type client");
			SSL_set_connect_state(kconn->ssl);

			break;

		default:
			jlog(L_ERROR, "unknown connection type");
			return -1;
	}

	kconn->status = KRYPT_HANDSHAKE;

	return 0;
}