int tls_init_data_session(const int fd, const int passive)
{
const SSL_CIPHER *cipher;
int ret;
int ret_;
(void) passive;
if (tls_ctx == NULL) {
logfile(LOG_ERR, MSG_TLS_NO_CTX);
tls_error(__LINE__, 0);
}
if (tls_data_cnx != NULL) {
tls_close_session(&tls_data_cnx);
} else if ((tls_data_cnx = SSL_new(tls_ctx)) == NULL) {
tls_error(__LINE__, 0);
}
if (SSL_set_fd(tls_data_cnx, fd) != 1) {
tls_error(__LINE__, 0);
}
SSL_set_accept_state(tls_data_cnx);
for (;;) {
ret = SSL_accept(tls_data_cnx);
if (ret <= 0) {
ret_ = SSL_get_error(tls_data_cnx, ret);
if (ret == -1 && (ret_ == SSL_ERROR_WANT_READ ||
ret_ == SSL_ERROR_WANT_WRITE)) {
continue;
}
logfile(LOG_INFO, MSG_LOGOUT);
_EXIT(EXIT_FAILURE);
}
break;
}
# if ONLY_ACCEPT_REUSED_SSL_SESSIONS
if (broken_client_compat == 0 && SSL_session_reused(tls_data_cnx) == 0) {
tls_error(__LINE__, 0);
}
# endif
if ((cipher = SSL_get_current_cipher(tls_data_cnx)) != NULL) {
int strength_bits = SSL_CIPHER_get_bits(cipher, NULL);
logfile(LOG_INFO, MSG_TLS_INFO, SSL_CIPHER_get_version(cipher),
SSL_CIPHER_get_name(cipher), strength_bits);
if (strength_bits < MINIMAL_CIPHER_STRENGTH_BITS) {
die(534, LOG_ERR, MSG_TLS_WEAK);
}
}
return 0;
}
void tls_free_library(void)
{
if (tls_data_cnx != NULL) {
tls_close_session(&tls_data_cnx);
}
if (tls_cnx != NULL) {
SSL_free(tls_cnx);
tls_cnx = NULL;
}
if (tls_ctx != NULL) {
SSL_CTX_free(tls_ctx);
tls_ctx = NULL;
}
EVP_cleanup();
}
void tls_free_library(void)
{
if (tls_data_cnx != NULL) {
tls_close_session(&tls_data_cnx);
}
if (tls_cnx != NULL) {
SSL_free(tls_cnx);
tls_cnx = NULL;
}
if (tls_ctx != NULL) {
SSL_CTX_free(tls_ctx);
tls_ctx = NULL;
}
# if OPENSSL_API_COMPAT < 0x10100000L
EVP_cleanup();
# endif
}