/* Request ssl connection over already established connection. nsiod must be * socket that is already connected to target using nsock_connect_tcp or * nsock_connect_sctp. All parameters have the same meaning as in * 'nsock_connect_ssl' */ nsock_event_id nsock_reconnect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, void *userdata, nsock_ssl_session ssl_session) { #ifndef HAVE_OPENSSL fatal("nsock_reconnect_ssl called - but nsock was built w/o SSL support. QUITTING"); return (nsock_event_id) 0; /* UNREACHED */ #else struct niod *nsi = (struct niod *)nsiod; struct npool *ms = (struct npool *)nsp; struct nevent *nse; if (!ms->sslctx) nsock_pool_ssl_init(ms, 0); nse = event_new(ms, NSE_TYPE_CONNECT_SSL, nsi, timeout_msecs, handler, userdata); assert(nse); /* Set our SSL_SESSION so we can benefit from session-id reuse. */ nsi_set_ssl_session(nsi, (SSL_SESSION *)ssl_session); nsock_log_info("SSL reconnection requested (IOD #%li) EID %li", nsi->id, nse->id); /* Do the actual connect() */ nse->event_done = 0; nse->status = NSE_STATUS_SUCCESS; nsock_pool_add_event(ms, nse); return nse->id; #endif /* HAVE_OPENSSL */ }
/* Request an SSL over TCP/SCTP connection to another system (by IP address). * The in_addr is normal network byte order, but the port number should be given * in HOST BYTE ORDER. This function will call back only after it has made the * connection AND done the initial SSL negotiation. From that point on, you use * the normal read/write calls and decryption will happen transparently. ss * should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as appropriate * (just like what you would pass to connect). sslen should be the sizeof the * structure you are passing in. */ nsock_event_id nsock_connect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs, void *userdata, struct sockaddr *saddr, size_t sslen, int proto, unsigned short port, nsock_ssl_session ssl_session) { #ifndef HAVE_OPENSSL fatal("nsock_connect_ssl called - but nsock was built w/o SSL support. QUITTING"); return (nsock_event_id)0; /* UNREACHED */ #else struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr; msiod *nsi = (msiod *)nsiod; mspool *ms = (mspool *)nsp; msevent *nse; if (!ms->sslctx) nsp_ssl_init(ms); assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN); nse = msevent_new(ms, NSE_TYPE_CONNECT_SSL, nsi, timeout_msecs, handler, userdata); assert(nse); /* Set our SSL_SESSION so we can benefit from session-id reuse. */ nsi_set_ssl_session(nsi, (SSL_SESSION *)ssl_session); nsock_log_info(ms, "SSL connection requested to %s:%hu/%s (IOD #%li) EID %li", inet_ntop_ez(ss, sslen), port, (proto == IPPROTO_TCP ? "tcp" : "sctp"), nsi->id, nse->id); /* Do the actual connect() */ nsock_connect_internal(ms, nse, SOCK_STREAM, proto, ss, sslen, port); nsp_add_event(ms, nse); return nse->id; #endif /* HAVE_OPENSSL */ }