int
SecureSocket::secureConnect(int socket)
{
createSSL();
// attach the socket descriptor
SSL_set_fd(m_ssl->m_ssl, socket);
LOG((CLOG_DEBUG2 "connecting secure socket"));
int r = SSL_connect(m_ssl->m_ssl);
static int retry;
checkResult(r, retry);
if (isFatal()) {
LOG((CLOG_ERR "failed to connect secure socket"));
return -1;
}
// If we should retry, not ready and return 0
if (retry > 0) {
LOG((CLOG_DEBUG2 "retry connect secure socket"));
m_secureReady = false;
return 0;
}
// No error, set ready, process and return ok
m_secureReady = true;
if (verifyCertFingerprint()) {
LOG((CLOG_INFO "connected to secure socket"));
if (!showCertificate()) {
disconnect();
return -1;// Cert fail, error
}
}
else {
LOG((CLOG_ERR "failed to verify server certificate fingerprint"));
disconnect();
return -1; // Fingerprint failed, error
}
LOG((CLOG_DEBUG2 "connected secure socket"));
const SSL_CIPHER* cipher = SSL_get_current_cipher(m_ssl->m_ssl);
if(cipher != NULL) {
char * cipherVersion = SSL_CIPHER_description(cipher, NULL, 0);
if(cipherVersion != NULL) {
LOG((CLOG_INFO "%s", cipherVersion));
OPENSSL_free(cipherVersion);
}
}
return 1;
}
int
SecureSocket::secureConnect(int socket)
{
createSSL();
// attach the socket descriptor
SSL_set_fd(m_ssl->m_ssl, socket);
LOG((CLOG_DEBUG2 "connecting secure socket"));
int r = SSL_connect(m_ssl->m_ssl);
static int retry;
checkResult(r, retry);
if (isFatal()) {
LOG((CLOG_ERR "failed to connect secure socket"));
retry = 0;
return -1;
}
// If we should retry, not ready and return 0
if (retry > 0) {
LOG((CLOG_DEBUG2 "retry connect secure socket"));
m_secureReady = false;
ARCH->sleep(s_retryDelay);
return 0;
}
retry = 0;
// No error, set ready, process and return ok
m_secureReady = true;
if (verifyCertFingerprint()) {
LOG((CLOG_INFO "connected to secure socket"));
if (!showCertificate()) {
disconnect();
return -1;// Cert fail, error
}
}
else {
LOG((CLOG_ERR "failed to verify server certificate fingerprint"));
disconnect();
return -1; // Fingerprint failed, error
}
LOG((CLOG_DEBUG2 "connected secure socket"));
if (CLOG->getFilter() >= kDEBUG1) {
showSecureCipherInfo();
}
showSecureConnectInfo();
return 1;
}
