static int init_ssl(void) { char *server_key; ne_ssl_certificate *cert; /* take srcdir as argv[1]. */ if (test_argc > 1) { server_key = ne_concat(test_argv[1], "/server.key", NULL); } else { server_key = ne_strdup("server.key"); } ONN("sock_init failed", ne_sock_init()); server_ctx = ne_ssl_context_create(1); ONN("SSL_CTX_new failed", server_ctx == NULL); ne_ssl_context_keypair(server_ctx, "server.cert", server_key); client_ctx = ne_ssl_context_create(0); ONN("SSL_CTX_new failed for client", client_ctx == NULL); cert = ne_ssl_cert_read("ca/cert.pem"); ONN("could not load ca/cert.pem", cert == NULL); ne_ssl_context_trustcert(client_ctx, cert); ne_free(server_key); return OK; }
ne_session *ne_session_create(const char *scheme, const char *hostname, unsigned int port) { ne_session *sess = ne_calloc(sizeof *sess); NE_DEBUG(NE_DBG_HTTP, "HTTP session to %s://%s:%d begins.\n", scheme, hostname, port); strcpy(sess->error, "Unknown error."); /* use SSL if scheme is https */ sess->use_ssl = !strcmp(scheme, "https"); /* set the hostname/port */ set_hostinfo(&sess->server, hostname, port); set_hostport(&sess->server, sess->use_ssl?443:80); #ifdef NE_HAVE_SSL if (sess->use_ssl) { sess->ssl_context = ne_ssl_context_create(0); sess->flags[NE_SESSFLAG_SSLv2] = 1; } #endif sess->scheme = ne_strdup(scheme); /* Set flags which default to on: */ sess->flags[NE_SESSFLAG_PERSIST] = 1; return sess; }
ne_session *ne_session_create(const char *scheme, const char *hostname, unsigned int port) { ne_session *sess = ne_calloc(sizeof *sess); NE_DEBUG(NE_DBG_HTTP, "HTTP session to %s://%s:%d begins.\n", scheme, hostname, port); strcpy(sess->error, "Unknown error."); /* use SSL if scheme is https */ sess->use_ssl = !strcmp(scheme, "https"); /* set the hostname/port */ set_hostinfo(&sess->server, PROXY_NONE, hostname, port); set_hostport(&sess->server, sess->use_ssl?443:80); #ifdef NE_HAVE_SSL if (sess->use_ssl) { ne_inet_addr *ia; sess->ssl_context = ne_ssl_context_create(0); sess->flags[NE_SESSFLAG_SSLv2] = 1; /* If the hostname parses as an IP address, don't * enable SNI by default. */ ia = ne_iaddr_parse(hostname, ne_iaddr_ipv4); if (ia == NULL) ia = ne_iaddr_parse(hostname, ne_iaddr_ipv6); if (ia) { ne_iaddr_free(ia); } else { sess->flags[NE_SESSFLAG_TLS_SNI] = 1; } NE_DEBUG(NE_DBG_SSL, "ssl: SNI %s by default.\n", sess->flags[NE_SESSFLAG_TLS_SNI] ? "enabled" : "disabled"); } #endif sess->scheme = ne_strdup(scheme); /* Set flags which default to on: */ sess->flags[NE_SESSFLAG_PERSIST] = 1; return sess; }