/*
* Establish a new SSL connection to an SSL server.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
{
SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
if (session_id && ssl_ctx->num_sessions)
{
if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
{
ssl_free(ssl);
return NULL;
}
memcpy(ssl->session_id, session_id, sess_id_size);
ssl->sess_id_size = sess_id_size;
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
}
if(host_name != NULL && strlen(host_name) > 0) {
ssl->host_name = (char *)strdup(host_name);
}
SET_SSL_FLAG(SSL_IS_CLIENT);
do_client_connect(ssl);
return ssl;
}
int SSL_connect(SSL *ssl)
{
SET_SSL_FLAG(SSL_IS_CLIENT);
int stat = do_client_connect(ssl);
ssl_display_error(stat);
return (stat == SSL_OK) ? 1 : -1;
}
/*
* Process the handshake record.
*/
int ICACHE_FLASH_ATTR do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
{
int ret;
/* To get here the state must be valid */
// ssl_printf("do_clnt_handshake: %d %d\n",__LINE__, handshake_type);
switch (handshake_type)
{
case HS_SERVER_HELLO:
ret = process_server_hello(ssl);
break;
case HS_CERTIFICATE:
ret = process_certificate(ssl, &ssl->x509_ctx);
break;
case HS_SERVER_HELLO_DONE:
if ((ret = process_server_hello_done(ssl)) == SSL_OK)
{
if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
{
if ((ret = send_certificate(ssl)) == SSL_OK &&
(ret = send_client_key_xchg(ssl)) == SSL_OK)
{
send_cert_verify(ssl);
}
}
else
{
ret = send_client_key_xchg(ssl);
}
if (ret == SSL_OK &&
(ret = send_change_cipher_spec(ssl)) == SSL_OK)
{
ret = send_finished(ssl);
}
}
break;
case HS_CERT_REQ:
ret = process_cert_req(ssl);
break;
case HS_FINISHED:
ret = process_finished(ssl, buf, hs_len);
disposable_free(ssl); /* free up some memory */
/* note: client renegotiation is not allowed after this */
break;
case HS_HELLO_REQUEST:
disposable_new(ssl);
ret = do_client_connect(ssl);
break;
default:
ret = SSL_ERROR_INVALID_HANDSHAKE;
break;
}
return ret;
}
int SSL_connect(SSL *ssl)
{
return do_client_connect(ssl) == SSL_OK ? 1 : -1;
}
int
main(int argc, char *argv[])
{
char ch;
int u_csock, i_csock;
progname = strrchr(argv[0], '/');
if (!progname)
progname = argv[0];
else
progname++;
/* Initialise configuration values from file. */
config_setdefaults();
while ((ch = getopt(argc, argv, "d:")) != -1) {
switch (ch) {
case 'd':
config.nast_dir = optarg;
break;
default:
usage();
/* NOTREACHED */
}
}
if (config_init())
return 1;
if (init_daemon()) {
log_err("Couldn't initialise nastd. Exiting.");
return 1;
}
u_csock = make_u_csock();
if (u_csock == -1)
return 1;
i_csock = make_i_csock();
if (i_csock == -1)
return 1;
/* Create the FQM threads. */
(void)fqm_new(10);
/*
* Creat a thread that runs periodically.
*/
if (periodic_new() == -1) {
log_err("Couldn't start periodic thread. Exiting.");
return 1;
}
start_time = time(NULL);
/*
* Main control loop. Sit on the socket and wait for a client to
* connect. As soon as it does, make another thread to handle it.
*/
for (;;) {
fd_set read_fds;
int rc;
FD_ZERO(&read_fds);
FD_SET(i_csock, &read_fds);
FD_SET(u_csock, &read_fds);
rc = select(10, &read_fds, NULL, NULL, NULL);
if (rc == -1) {
log_err("Couldn't select on sockets: %s.",
strerror(errno));
sleep(30);
}
if (FD_ISSET(i_csock, &read_fds))
(void)do_client_connect(i_csock);
if (FD_ISSET(u_csock, &read_fds))
(void)do_client_connect(u_csock);
}
return 0;
}
