/* Setup stdio pipes in parent process for communication with the subprocess */
static void setupParentPipes(Process_T P) {
close(P->stdin_pipe[0]); // close read end
Net_setNonBlocking(P->stdin_pipe[1]);
close(P->stdout_pipe[1]); // close write end
Net_setNonBlocking(P->stdout_pipe[0]);
close(P->stderr_pipe[1]); // close write end
Net_setNonBlocking(P->stderr_pipe[0]);
}
/**
* Embeds an accepted server socket in an existing ssl connection.
* @param ssl ssl connection
* @param socket the socket to be used.
* @return TRUE, or FALSE if an error has occured.
*/
int embed_accepted_ssl_socket(ssl_connection *ssl, int socket) {
int ssl_error;
time_t ssl_time;
ASSERT(ssl);
ssl->socket = socket;
if (!ssl_initialized)
start_ssl();
if (!(ssl->handler = SSL_new(ssl->ctx))) {
LogError("Cannot initialize the SSL handler -- %s\n", SSLERROR);
return FALSE;
}
if (socket < 0) {
LogError("SSL socket error\n");
return FALSE;
}
Net_setNonBlocking(ssl->socket);
if (!(ssl->socket_bio = BIO_new_socket(ssl->socket, BIO_NOCLOSE))) {
LogError("Cannot create IO buffer -- %s\n", SSLERROR);
return FALSE;
}
SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio);
ssl_time = time(NULL);
while ((ssl_error = SSL_accept(ssl->handler)) < 0) {
if ((time(NULL) - ssl_time) > SSL_TIMEOUT) {
LogError("SSL service timeout\n");
return FALSE;
}
if (!handle_error(ssl_error, ssl))
return FALSE;
if (!BIO_should_retry(ssl->socket_bio))
return FALSE;
}
ssl->cipher = (char *)SSL_get_cipher(ssl->handler);
if (!update_ssl_cert_data(ssl) && ssl->clientpemfile) {
LogError("The client did not supply a required client certificate\n");
return FALSE;
}
if (SSL_get_verify_result(ssl->handler) > 0) {
LogError("Verification of the certificate has failed\n");
return FALSE;
}
return TRUE;
}
/**
* Embeds a socket in a ssl connection.
* @param socket the socket to be used.
* @return The ssl connection or NULL if an error occured.
*/
int embed_ssl_socket(ssl_connection *ssl, int socket) {
int ssl_error;
time_t ssl_time;
if (!ssl)
return FALSE;
if (!ssl_initialized)
start_ssl();
if (socket >= 0) {
ssl->socket = socket;
} else {
LogError("SSL socket error\n");
goto sslerror;
}
if ((ssl->handler = SSL_new (ssl->ctx)) == NULL) {
LogError("Cannot initialize the SSL handler -- %s\n", SSLERROR);
goto sslerror;
}
if (SSL_CTX_set_cipher_list(ssl->ctx, CIPHER_LIST) != 1) {
LogError("Error setting cipher list '%s' (no valid ciphers)\n", CIPHER_LIST);
goto sslerror;
}
Net_setNonBlocking(ssl->socket);
if ((ssl->socket_bio = BIO_new_socket(ssl->socket, BIO_NOCLOSE)) == NULL) {
LogError("Cannot create IO buffer -- %s\n", SSLERROR);
goto sslerror;
}
SSL_set_bio(ssl->handler, ssl->socket_bio, ssl->socket_bio);
ssl_time = time(NULL);
while ((ssl_error = SSL_connect (ssl->handler)) < 0) {
if ((time(NULL) - ssl_time) > SSL_TIMEOUT) {
LogError("SSL service timeout\n");
goto sslerror;
}
if (!handle_error(ssl_error, ssl))
goto sslerror;
if (!BIO_should_retry(ssl->socket_bio))
goto sslerror;
}
ssl->cipher = (char *) SSL_get_cipher(ssl->handler);
if (! update_ssl_cert_data(ssl)) {
LogError("Cannot get the SSL server certificate\n");
goto sslerror;
}
return TRUE;
sslerror:
cleanup_ssl_socket(ssl);
return FALSE;
}
