static int shutdown_ssl() {
if (server.conn.sslcon) {
openssl_shutdown(server.conn.sslcon, 2);
openssl_free(server.conn.sslcon);
}
close(server.conn.sock);
server.conn.sock = 0;
server.conn.connected = 0;
return 0;
}
int conn_close(struct conn_t *conn) {
if (conn->sock)
close(conn->sock);
#ifdef HAVE_SSL
if (conn->sslcon) {
openssl_shutdown(conn->sslcon, 2);
openssl_free(conn->sslcon);
conn->sslcon = 0;
}
#endif
conn->sock = 0;
return 0;
}
int
openssl_error(openssl_con *con, int ret, char *func) {
#ifdef HAVE_OPENSSL
int err = -1;
if (con->con) {
err = SSL_get_error(con->con, ret);
#if(_debug_ > 1)
syslog(LOG_DEBUG, "%s(%d): SSL: (%s()) %s", __FUNCTION__, __LINE__, func,
err == SSL_ERROR_NONE ? "None":
err == SSL_ERROR_ZERO_RETURN ? "Return!":
err == SSL_ERROR_WANT_READ ? "Read (continue)":
err == SSL_ERROR_WANT_WRITE ? "Write (continue)":
err == SSL_ERROR_WANT_X509_LOOKUP ? "Lookup (continue)":
err == SSL_ERROR_SYSCALL ? "Syscall error, abort!":
err == SSL_ERROR_SSL ? "SSL error, abort!":
"Error");
#endif
switch (err) {
case SSL_ERROR_NONE: return 0;
case SSL_ERROR_WANT_READ: return 1;
case SSL_ERROR_WANT_WRITE: return 2;
case SSL_ERROR_SYSCALL:
/*
* This is a protocol violation, but we got
* an EOF (remote connection did a shutdown(fd, 1).
* We will treat it as a zero value.
*/
if (ret == 0) return 0;
/* If some other error, fall through */
case SSL_ERROR_ZERO_RETURN: openssl_shutdown(con, 0);
case SSL_ERROR_SSL: return -1;
default: break;
}
return 1;
}
return err;
#else
syslog(LOG_ERR, "%s: ssl error in %s", strerror(errno), func);
return 0;
#endif
}
int
main(int argc, char **argv)
{
ARGS arg;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
FUNCTION f, *fp;
const char *prompt;
char buf[1024];
char *to_free = NULL;
int n, i, ret = 0;
char *p;
LHASH_OF(FUNCTION) * prog = NULL;
long errline;
arg.data = NULL;
arg.count = 0;
if (pledge("stdio cpath wpath rpath inet dns proc flock tty", NULL) == -1) {
fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
exit(1);
}
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (bio_err == NULL) {
fprintf(stderr, "openssl: failed to initialise bio_err\n");
exit(1);
}
if (BIO_sock_init() != 1) {
BIO_printf(bio_err, "BIO_sock_init failed\n");
exit(1);
}
CRYPTO_set_locking_callback(lock_dbg_cb);
openssl_startup();
/* Lets load up our environment a little */
p = getenv("OPENSSL_CONF");
if (p == NULL) {
p = to_free = make_config_name();
if (p == NULL) {
BIO_printf(bio_err, "error making config file name\n");
goto end;
}
}
default_config_file = p;
config = NCONF_new(NULL);
i = NCONF_load(config, p, &errline);
if (i == 0) {
if (ERR_GET_REASON(ERR_peek_last_error()) ==
CONF_R_NO_SUCH_FILE) {
BIO_printf(bio_err,
"WARNING: can't open config file: %s\n", p);
ERR_clear_error();
NCONF_free(config);
config = NULL;
} else {
ERR_print_errors(bio_err);
NCONF_free(config);
exit(1);
}
}
if (!load_config(bio_err, NULL)) {
BIO_printf(bio_err, "failed to load configuration\n");
goto end;
}
prog = prog_init();
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp != NULL) {
argv[0] = pname;
single_execution = 1;
ret = fp->func(argc, argv);
goto end;
}
/*
* ok, now check that there are not arguments, if there are, run with
* them, shifting the ssleay off the front
*/
if (argc != 1) {
argc--;
argv++;
single_execution = 1;
ret = do_cmd(prog, argc, argv);
if (ret < 0)
ret = 0;
goto end;
}
/* ok, lets enter the old 'OpenSSL>' mode */
for (;;) {
ret = 0;
p = buf;
n = sizeof buf;
i = 0;
for (;;) {
p[0] = '\0';
if (i++)
prompt = ">";
else
prompt = "OpenSSL> ";
fputs(prompt, stdout);
fflush(stdout);
if (!fgets(p, n, stdin))
goto end;
if (p[0] == '\0')
goto end;
i = strlen(p);
if (i <= 1)
break;
if (p[i - 2] != '\\')
break;
i -= 2;
p += i;
n -= i;
}
if (!chopup_args(&arg, buf, &argc, &argv))
break;
ret = do_cmd(prog, argc, argv);
if (ret < 0) {
ret = 0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err, "error in %s\n", argv[0]);
(void) BIO_flush(bio_err);
}
BIO_printf(bio_err, "bad exit\n");
ret = 1;
end:
free(to_free);
if (config != NULL) {
NCONF_free(config);
config = NULL;
}
if (prog != NULL)
lh_FUNCTION_free(prog);
free(arg.data);
openssl_shutdown();
if (bio_err != NULL) {
BIO_free(bio_err);
bio_err = NULL;
}
return (ret);
}
