static void
virgo__global_init(virgo_t **p_v) {
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
#endif
if (global_virgo_init++) {
return;
}
SSL_library_init();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_digests();
SSL_load_error_strings();
ERR_load_crypto_strings();
/* Turn off compression. Saves memory - do it in userland. */
#if !defined(OPENSSL_NO_COMP)
#if OPENSSL_VERSION_NUMBER < 0x00908000L
comp_methods = SSL_COMP_get_compression_method()
#else
comp_methods = SSL_COMP_get_compression_methods();
#endif
sk_SSL_COMP_zero(comp_methods);
assert(sk_SSL_COMP_num(comp_methods) == 0);
#endif
/* TODO: other platform init */
}
int
SPDYF_openssl_init(struct SPDY_Daemon *daemon)
{
int options;
//create ssl context. TLSv1 used
if(NULL == (daemon->io_context = SSL_CTX_new(TLSv1_server_method())))
{
SPDYF_DEBUG("Couldn't create ssl context");
return SPDY_NO;
}
//set options for tls
//TODO DH is not enabled for easier debugging
//SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE);
//TODO here session tickets are disabled for easier debuging with
//wireshark when using Chrome
// SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack
options = SSL_OP_NO_TICKET;
#ifdef SSL_OP_NO_COMPRESSION
options |= SSL_OP_NO_COMPRESSION;
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
SSL_CTX_set_options(daemon->io_context, options);
if(1 != SSL_CTX_use_certificate_file(daemon->io_context, daemon->certfile , SSL_FILETYPE_PEM))
{
SPDYF_DEBUG("Couldn't load the cert file");
SSL_CTX_free(daemon->io_context);
return SPDY_NO;
}
if(1 != SSL_CTX_use_PrivateKey_file(daemon->io_context, daemon->keyfile, SSL_FILETYPE_PEM))
{
SPDYF_DEBUG("Couldn't load the name file");
SSL_CTX_free(daemon->io_context);
return SPDY_NO;
}
SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL);
//TODO only RC4-SHA is used to make it easy to debug with wireshark
if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "RC4-SHA"))
{
SPDYF_DEBUG("Couldn't set the desired cipher list");
SSL_CTX_free(daemon->io_context);
return SPDY_NO;
}
return SPDY_YES;
}
void lwp_init ()
{
if (init_called)
return;
init_called = lw_true;
#ifdef ENABLE_SSL
STACK_OF (SSL_COMP) * comp_methods;
SSL_library_init ();
SSL_load_error_strings ();
ERR_load_crypto_strings ();
comp_methods = SSL_COMP_get_compression_methods ();
sk_SSL_COMP_zero (comp_methods);
#endif
}
SSL_CTX *
_SSL_context_init (void (*info_cb_func), int server)
{
SSL_CTX *ctx;
#ifdef WIN32
int i, r;
#endif
SSLeay_add_ssl_algorithms ();
SSL_load_error_strings ();
ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ());
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout (ctx, 300);
SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
|SSL_OP_NO_COMPRESSION
|SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
|SSL_OP_NO_TICKET
|SSL_OP_CIPHER_SERVER_PREFERENCE);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
/* used in SSL_connect(), SSL_accept() */
SSL_CTX_set_info_callback (ctx, info_cb_func);
#ifdef WIN32
/* under win32, OpenSSL needs to be seeded with some randomness */
for (i = 0; i < 128; i++)
{
r = rand ();
RAND_seed ((unsigned char *)&r, sizeof (r));
}
#endif
return(ctx);
}
/*
* called once from main.c (main process)
*/
int
init_tls(void)
{
int i;
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
#endif
LM_DBG("entered\n");
#if OPENSSL_VERSION_NUMBER < 0x00907000L
LM_WARN("using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
#endif
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
LM_ERR("unable to set the memory allocation functions\n");
return -1;
}
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
i = check_for_krb();
if (i==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( i ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(i==1)?"":"no ",(i!=1)?"no ":"");
return -1;
}
/*
* now initialize tls default domains
*/
if ( (i=init_tls_domains(tls_default_server_domain)) ) {
return i;
}
if ( (i=init_tls_domains(tls_default_client_domain)) ) {
return i;
}
/*
* now initialize tls virtual domains
*/
if ( (i=init_tls_domains(tls_server_domains)) ) {
return i;
}
if ( (i=init_tls_domains(tls_client_domains)) ) {
return i;
}
/*
* we are all set
*/
return 0;
}
static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
ssl_handshake_func_t func,
unsigned long *ssl_errno_holder)
{
int r;
SSL *ssl;
my_socket sd= mysql_socket_getfd(vio->mysql_socket);
/* Declared here to make compiler happy */
#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
int j, n;
#endif
DBUG_ENTER("ssl_do");
DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx",
(long) ptr, sd, (long) ptr->ssl_context));
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
*ssl_errno_holder= ERR_get_error();
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, sd);
#if !defined(HAVE_YASSL) && defined(SSL_OP_NO_COMPRESSION)
SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); /* OpenSSL >= 1.0 only */
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
{
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
ssl_comp_methods = SSL_COMP_get_compression_methods();
n= sk_SSL_COMP_num(ssl_comp_methods);
DBUG_PRINT("info", ("Available compression methods:\n"));
if (n == 0)
DBUG_PRINT("info", ("NONE\n"));
else
for (j = 0; j < n; j++)
{
SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
DBUG_PRINT("info", (" %d: %s\n", c->id, c->name));
}
}
#endif
/*
Since yaSSL does not support non-blocking send operations, use
special transport functions that properly handles non-blocking
sockets. These functions emulate the behavior of blocking I/O
operations by waiting for I/O to become available.
*/
#ifdef HAVE_YASSL
/* Set first argument of the transport functions. */
yaSSL_transport_set_ptr(ssl, vio);
/* Set functions to use in order to send and receive data. */
yaSSL_transport_set_recv_function(ssl, yassl_recv);
yaSSL_transport_set_send_function(ssl, yassl_send);
#endif
if ((r= ssl_handshake_loop(vio, ssl, func, ssl_errno_holder)) < 1)
{
DBUG_PRINT("error", ("SSL_connect/accept failure"));
SSL_free(ssl);
DBUG_RETURN(1);
}
/*
Connection succeeded. Install new function handlers,
change type, set sd to the fd used when connecting
and set pointer to the SSL structure
*/
if (vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), ssl, 0))
DBUG_RETURN(1);
#ifndef DBUG_OFF
{
/* Print some info about the peer */
X509 *cert;
char buf[512];
DBUG_PRINT("info",("SSL connection succeeded"));
DBUG_PRINT("info",("Using cipher: '%s'" , SSL_get_cipher_name(ssl)));
if ((cert= SSL_get_peer_certificate (ssl)))
{
DBUG_PRINT("info",("Peer certificate:"));
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: '%s'", buf));
X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: '%s'", buf));
X509_free(cert);
}
else
DBUG_PRINT("info",("Peer does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
}
#endif
DBUG_RETURN(0);
}
static int mod_init(void){
str s;
int n;
LM_INFO("initializing TLS protocol\n");
if (tls_db_enabled != 0 && tls_db_enabled != 1) {
tls_db_enabled = 1;
}
if (tls_db_enabled) {
/* create & init lock */
if ((dom_lock = lock_init_rw()) == NULL) {
LM_CRIT("failed to init lock\n");
return -1;
}
init_db_url(tls_db_url, 0 /*cannot be null*/);
tls_db_table.len = strlen(tls_db_table.s);
if (tls_db_table.len == 0) {
LM_ERR("db url not specified\n");
return -1;
}
id_col.len = strlen(id_col.s);
address_col.len = strlen(address_col.s);
type_col.len = strlen(type_col.s);
method_col.len = strlen(method_col.s);
verify_cert_col.len = strlen(verify_cert_col.s);
require_cert_col.len = strlen(require_cert_col.s);
certificate_col.len = strlen(certificate_col.s);
pk_col.len = strlen(pk_col.s);
crl_check_col.len = strlen(crl_check_col.s);
calist_col.len = strlen(calist_col.s);
cadir_col.len = strlen(cadir_col.s);
cplist_col.len = strlen(cplist_col.s);
dhparams_col.len = strlen(dhparams_col.s);
eccurve_col.len = strlen(eccurve_col.s);
if (db_bind_mod(&tls_db_url, &dr_dbf)) {
LM_CRIT("cannot bind to database module! "
"Did you forget to load a database module ?\n");
return -1;
}
/* init DB connection */
if ((db_hdl = dr_dbf.init(&tls_db_url)) == 0) {
LM_CRIT("cannot initialize database connection\n");
return -1;
}
if (dr_dbf.use_table(db_hdl, &tls_db_table) < 0) {
LM_ERR("cannot select table \"%.*s\"\n", tls_db_table.len, tls_db_table.s);
return -1;
}
}
if (tls_domain_avp) {
s.s = tls_domain_avp;
s.len = strlen(s.s);
if (parse_avp_spec( &s, &tls_client_domain_avp)) {
LM_ERR("cannot parse tls_client_avp");
return -1;
}
}
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
LM_ERR("unable to set the memory allocation functions\n");
LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
"version is know to be broken; if so, you need to upgrade or "
"downgrade to a differen openssl version !!\n");
return -1;
}
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
n = check_for_krb();
if (n==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( n ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(n==1)?"":"no ",(n!=1)?"no ":"");
return -1;
}
/*
* finish setting up the tls default domains
*/
tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ;
tls_default_client_domain.addr.af = AF_INET;
tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV;
tls_default_server_domain.addr.af = AF_INET;
/*
* now initialize tls default domains
*/
if ( (n=init_tls_domains(&tls_default_server_domain)) ) {
return n;
}
if ( (n=init_tls_domains(&tls_default_client_domain)) ) {
return n;
}
/*
* now initialize tls virtual domains
*/
if (tls_db_enabled && load_info(&dr_dbf, db_hdl, &tls_db_table, &tls_server_domains,
&tls_client_domains)){
return -1;
}
if ( (n=init_tls_domains(tls_server_domains)) ) {
return n;
}
if ( (n=init_tls_domains(tls_client_domains)) ) {
return n;
}
/*
* we are all set
*/
return 0;
}
/*
* Initialize OpenSSL and verify the random number generator works.
* Returns -1 on failure, 0 on success.
*/
int
ssl_init(void)
{
#ifndef PURIFY
int fd;
#endif /* !PURIFY */
char buf[256];
if (ssl_initialized)
return 0;
/* general initialization */
SSL_library_init();
#ifdef PURIFY
CRYPTO_umalloc_init();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif /* PURIFY */
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
/* thread-safety */
#ifdef OPENSSL_THREADS
ssl_mutex_num = CRYPTO_num_locks();
ssl_mutex = umalloc(ssl_mutex_num * sizeof(*ssl_mutex));
int i;
for (i = 0; i < ssl_mutex_num; i++) {
pthread_mutex_init(&ssl_mutex[i], NULL);
}
CRYPTO_set_locking_callback(ssl_thr_locking_cb);
CRYPTO_set_dynlock_create_callback(ssl_thr_dyn_create_cb);
CRYPTO_set_dynlock_lock_callback(ssl_thr_dyn_lock_cb);
CRYPTO_set_dynlock_destroy_callback(ssl_thr_dyn_destroy_cb);
#ifdef OPENSSL_NO_THREADID
CRYPTO_set_id_callback(ssl_thr_id_cb);
#else /* !OPENSSL_NO_THREADID */
CRYPTO_THREADID_set_callback(ssl_thr_id_cb);
#endif /* !OPENSSL_NO_THREADID */
#endif /* OPENSSL_THREADS */
/* randomness */
#ifndef PURIFY
if ((fd = open("/dev/urandom", O_RDONLY)) == -1) {
log_err_printf("Error opening /dev/urandom for reading: %s\n",
strerror(errno));
return -1;
}
while (!RAND_status()) {
if (read(fd, buf, sizeof(buf)) == -1) {
log_err_printf("Error reading from /dev/urandom: %s\n",
strerror(errno));
close(fd);
return -1;
}
RAND_seed(buf, sizeof(buf));
}
close(fd);
if (!RAND_poll()) {
log_err_printf("RAND_poll() failed.\n");
return -1;
}
#else /* PURIFY */
log_err_printf("Warning: not seeding OpenSSL RAND due to PURITY!\n");
memset(buf, 0, sizeof(buf));
while (!RAND_status()) {
RAND_seed(buf, sizeof(buf));
}
#endif /* PURIFY */
#ifdef USE_FOOTPRINT_HACKS
/* HACK: disable compression by zeroing the global comp algo stack.
* This lowers the per-connection memory footprint by ~500k. */
STACK_OF(SSL_COMP)* comp_methods = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(comp_methods);
#endif /* USE_FOOTPRINT_HACKS */
ssl_initialized = 1;
return 0;
}
int
evhtp_ssl_init(evhtp * htp, evhtp_ssl_cfg * cfg) {
long cache_mode;
evhtp_ssl_scache_init init_cb = NULL;
evhtp_ssl_scache_add add_cb = NULL;
evhtp_ssl_scache_get get_cb = NULL;
evhtp_ssl_scache_del del_cb = NULL;
if (cfg == NULL || htp == NULL || cfg->pemfile == NULL) {
return -1;
}
SSL_library_init();
SSL_load_error_strings();
RAND_poll();
STACK_OF(SSL_COMP) * comp_methods = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(comp_methods);
htp->ssl_cfg = cfg;
htp->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
SSL_CTX_set_options(htp->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
SSL_CTX_set_timeout(htp->ssl_ctx, 60 * 60 * 48);
#endif
SSL_CTX_set_options(htp->ssl_ctx, cfg->ssl_opts);
if (cfg->ciphers != NULL) {
SSL_CTX_set_cipher_list(htp->ssl_ctx, cfg->ciphers);
}
SSL_CTX_load_verify_locations(htp->ssl_ctx, cfg->cafile, cfg->capath);
X509_STORE_set_flags(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->store_flags);
SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
if (cfg->x509_chk_issued_cb != NULL) {
htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
}
if (cfg->verify_depth) {
SSL_CTX_set_verify_depth(htp->ssl_ctx, cfg->verify_depth);
}
switch (cfg->scache_type) {
case evhtp_ssl_scache_type_disabled:
cache_mode = SSL_SESS_CACHE_OFF;
break;
case evhtp_ssl_scache_type_user:
cache_mode = SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_INTERNAL |
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
init_cb = cfg->scache_init;
add_cb = cfg->scache_add;
get_cb = cfg->scache_get;
del_cb = cfg->scache_del;
break;
case evhtp_ssl_scache_type_builtin:
cache_mode = SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_INTERNAL |
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
#if 0
init_cb = _evhtp_ssl_builtin_init;
add_cb = _evhtp_ssl_builtin_add;
get_cb = _evhtp_ssl_builtin_get;
del_cb = _evhtp_ssl_builtin_del;
#endif
break;
case evhtp_ssl_scache_type_internal:
default:
cache_mode = SSL_SESS_CACHE_SERVER;
break;
} /* switch */
SSL_CTX_use_certificate_file(htp->ssl_ctx, cfg->pemfile, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(htp->ssl_ctx, cfg->privfile ? cfg->privfile: cfg->pemfile, SSL_FILETYPE_PEM);
SSL_CTX_set_session_id_context(htp->ssl_ctx,
(const unsigned char*)&session_id_context,
sizeof(session_id_context));
SSL_CTX_set_app_data(htp->ssl_ctx, htp);
SSL_CTX_set_session_cache_mode(htp->ssl_ctx, cache_mode);
if (cache_mode != SSL_SESS_CACHE_OFF) {
SSL_CTX_sess_set_cache_size(htp->ssl_ctx,
cfg->scache_size ? cfg->scache_size : 1024);
if (cfg->scache_type == evhtp_ssl_scache_type_builtin ||
cfg->scache_type == evhtp_ssl_scache_type_user) {
SSL_CTX_sess_set_new_cb(htp->ssl_ctx, _evhtp_ssl_add_scache_ent);
SSL_CTX_sess_set_get_cb(htp->ssl_ctx, _evhtp_ssl_get_scache_ent);
SSL_CTX_sess_set_remove_cb(htp->ssl_ctx, _evhtp_ssl_delete_scache_ent);
if (cfg->scache_init) {
cfg->args = (cfg->scache_init)(htp);
}
}
}
return 0;
} /* evhtp_use_ssl */
static int mod_init(void)
{
str s;
int n;
LM_INFO("initializing TLS protocol\n");
if (tls_domain_avp) {
s.s = tls_domain_avp;
s.len = strlen(s.s);
if (parse_avp_spec( &s, &tls_client_domain_avp)) {
LM_ERR("cannot parse tls_client_avp");
return -1;
}
}
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
LM_ERR("unable to set the memory allocation functions\n");
return -1;
}
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
n = check_for_krb();
if (n==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( n ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(n==1)?"":"no ",(n!=1)?"no ":"");
return -1;
}
/*
* finish setting up the tls default domains
*/
tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ;
tls_default_client_domain.addr.af = AF_INET;
tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV;
tls_default_server_domain.addr.af = AF_INET;
/*
* now initialize tls default domains
*/
if ( (n=init_tls_domains(&tls_default_server_domain)) ) {
return n;
}
if ( (n=init_tls_domains(&tls_default_client_domain)) ) {
return n;
}
/*
* now initialize tls virtual domains
*/
if ( (n=init_tls_domains(tls_server_domains)) ) {
return n;
}
if ( (n=init_tls_domains(tls_client_domains)) ) {
return n;
}
/*
* we are all set
*/
return 0;
}
