int dsd_init(struct dsd_cfg *cfg) { dsd_cfg = cfg; dsd_cfg->dsd_running = 1; dsd_passport = pki_passport_load_from_file(dsd_cfg->certificate, dsd_cfg->privatekey, dsd_cfg->trusted_cert); dsd_netc = net_server(dsd_cfg->ipaddr, dsd_cfg->port, NET_PROTO_TCP, NET_SECURE_RSA, dsd_passport, on_connect, on_disconnect, on_input, on_secure); if (dsd_netc == NULL) { jlog(L_NOTICE, "net_server failed"); return -1; } pthread_t thread_loop; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); pthread_create(&thread_loop, &attr, dsd_loop, NULL); return 0; }
SSL_CTX * evssl_init() { DH *dh; SSL_CTX *ctx; SSL_load_error_strings(); SSL_library_init(); RAND_poll(); if ((passport = pki_passport_load_from_file(cfg->cert, cfg->pkey, cfg->tcert)) == NULL) { return NULL; } if ((ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { jlog(L_ERROR, "SSL_CTX_new failed"); return NULL; } if ((dh = get_dh_1024()) == NULL) { jlog(L_ERROR, "get_dh_1024 failed"); goto out; } if ((SSL_CTX_set_tmp_dh(ctx, dh)) == 0) { jlog(L_ERROR, "SSL_CTX_set_tmp_dh failed"); goto out; } //SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES256-GCM-SHA384"); if ((SSL_CTX_set_cipher_list(ctx, "AES256-GCM-SHA384")) == 0) { jlog(L_ERROR, "SSL_CTX_set_cipher failed"); goto out; } SSL_CTX_set_cert_store(ctx, passport->cacert_store); if ((SSL_CTX_use_certificate(ctx, passport->certificate)) == 0) { jlog(L_ERROR, "SSL_CTX_use_certificate failed"); goto out; } if ((SSL_CTX_use_PrivateKey(ctx, passport->keyring)) == 0) { jlog(L_ERROR, "SSL_CTX_use_PrivateKey failed"); goto out; } DH_free(dh); return ctx; out: DH_free(dh); SSL_CTX_free(ctx); return NULL; }