/*
* This callback is issued during the TLS-SRP handshake.
* We can use this to get the userid from the TLS-SRP handshake.
* If a verifier file as provided, we must pull the SRP verifier
* parameters and invoke SSL_set_srp_server_param() with these
* values to allow the TLS handshake to succeed. If the application
* layer wants to use their own verifier store, they would
* hook into it here. They would lookup the verifier parameters
* based on the userid and return those parameters by invoking
* SSL_set_srp_server_param().
*/
static int process_ssl_srp_auth (SSL *s, int *ad, void *arg)
{
char *login = SSL_get_srp_username(s);
SRP_user_pwd *user;
if (!login)
return (-1);
user = SRP_VBASE_get_by_user(srp_db, login);
if (user == NULL) {
printf("User doesn't exist in SRP database\n");
return SSL3_AL_FATAL;
}
/*
* Get the SRP parameters for the user from the verifier database.
* Provide these parameters to TLS to complete the handshake
*/
if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v,
user->info) < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
return SSL3_AL_FATAL;
}
printf("SRP parameters set: username = \"%s\" info=\"%s\" \n", login,
user->info);
user = NULL;
login = NULL;
fflush(stdout);
return SSL_ERROR_NONE;
}
static int SSLSRPServerParamCallback(SSL *s, int *ad, void *arg)
{
const char* userName = SSL_get_srp_username(s);
LOG(INFO) << "User " << userName;
const User* user = GetUser(userName);
if (!user)
{
LOG(ERROR) << "User " << userName << " doesn't exist";
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
return SSL3_AL_FATAL;
}
SRP_gN *GN = SRP_get_default_gN(FLAGS_srp_default_gN.c_str());
if(GN == NULL)
{
*ad = SSL_AD_INTERNAL_ERROR;
return SSL3_AL_FATAL;
}
if (!SSL_set_srp_server_param(s, GN->N, GN->g, user->GetSalt(), user->GetVerifier(), NULL))
{
*ad = SSL_AD_INTERNAL_ERROR;
return SSL3_AL_FATAL;
}
return SSL_ERROR_NONE;
}
