/** * Deletes a SSL server connection. * @param ssl_server data for ssl server connection * @return TRUE, or FALSE if an error has occured. */ int delete_ssl_server_socket(ssl_server_connection *ssl_server) { #ifdef HAVE_OPENSSL if(ssl_server==NULL) { return FALSE; } cleanup_ssl_server_socket(ssl_server); if (ssl_server->ctx != NULL) { SSL_CTX_free(ssl_server->ctx); } FREE(ssl_server); ssl_server=NULL; return TRUE; #else return TRUE; #endif }
/** * Deletes a SSL server connection. * @param ssl_server data for ssl server connection */ void delete_ssl_server_socket(ssl_server_connection *ssl_server) { if (!ssl_server) return; cleanup_ssl_server_socket(ssl_server); if (ssl_server->ctx) SSL_CTX_free(ssl_server->ctx); FREE(ssl_server); }
/** * Closes a ssl server connection (ssl socket + net socket) * @param ssl ssl connection * @return TRUE, or FALSE if an error has occured. */ int close_ssl_server_socket(ssl_server_connection *ssl_server) { #ifdef HAVE_OPENSSL if (ssl_server==NULL) { return FALSE; } close(ssl_server->server_socket); cleanup_ssl_server_socket(ssl_server); return TRUE; #else return FALSE; #endif }
/** * Initializes a ssl connection for server use. * @param pemfilename Filename for the key/cert file * @return An ssl connection, or NULL if an error occured. */ ssl_server_connection *init_ssl_server (char *pemfile, char *clientpemfile) { #ifdef HAVE_OPENSSL ssl_server_connection *ssl_server = new_ssl_server_connection(pemfile, clientpemfile); ASSERT(pemfile); if (!ssl_initilized) { start_ssl(); } if ((ssl_server->method= SSLv23_server_method()) == NULL ) { handle_ssl_error("init_ssl_server()"); log("%s: init_ssl_server (): Cannot initialize the SSL method!\n", prog); goto sslerror; } if ((ssl_server->ctx= SSL_CTX_new(ssl_server->method)) == NULL ) { handle_ssl_error("init_ssl_server()"); log("%s: init_ssl_server (): Cannot initialize SSL server" " certificate handler!\n" , prog); goto sslerror; } if (SSL_CTX_use_certificate_file(ssl_server->ctx, pemfile, SSL_FILETYPE_PEM) <= 0) { handle_ssl_error("init_ssl_server()"); log("%s: init_ssl_server(): Cannot initialize SSL server" " certificate!\n", prog); goto sslerror; } if (SSL_CTX_use_PrivateKey_file(ssl_server->ctx, pemfile, SSL_FILETYPE_PEM) <= 0) { handle_ssl_error("init_ssl_server()"); log("%s: init_ssl_server(): Cannot initialize SSL server" " private key!\n", prog); goto sslerror; } if (!SSL_CTX_check_private_key(ssl_server->ctx)) { handle_ssl_error("init_ssl_server()"); log("%s: init_ssl_server(): The private key does not match the" " certificate public key!\n", prog); goto sslerror; } /* * We need this to force transmission of client certs */ if (!verify_init(ssl_server)) { handle_ssl_error("init_ssl_server()"); log("%s: init_ssl_server(): Verification engine was not" " properly initilized!\n", prog); goto sslerror; } if (ssl_server->clientpemfile != NULL) { verify_info(ssl_server); } return ssl_server; sslerror: cleanup_ssl_server_socket(ssl_server); return NULL; #else return NULL; #endif }