int MaOpenSslSocket::initConnection()
{
BIO *bioSSL, *bioSock;
if (bio) {
return 0;
}
bio = BIO_new(BIO_f_buffer());
if (bio == 0) {
return MPR_ERR_CANT_INITIALIZE;
}
BIO_set_write_buffer_size(bio, 128);
ssl = (SSL*) SSL_new(context);
mprAssert(ssl);
if (ssl == 0) {
return MPR_ERR_CANT_INITIALIZE;
}
SSL_set_app_data(ssl, (void*) this);
SSL_set_session(ssl, 0);
bioSSL = BIO_new(BIO_f_ssl());
mprAssert(bioSSL);
bioSock = BIO_new_socket(sock, BIO_NOCLOSE);
mprAssert(bioSock);
SSL_set_bio(ssl, bioSock, bioSock);
SSL_set_accept_state(ssl);
BIO_set_ssl(bioSSL, ssl, BIO_CLOSE);
BIO_push(bio, bioSSL);
return 0;
}
BIO* BIO_new_rdp_tls(SSL_CTX* ctx, int client)
{
BIO* bio;
SSL* ssl;
bio = BIO_new(BIO_s_rdp_tls());
if (!bio)
return NULL;
ssl = SSL_new(ctx);
if (!ssl)
{
BIO_free(bio);
return NULL;
}
if (client)
SSL_set_connect_state(ssl);
else
SSL_set_accept_state(ssl);
BIO_set_ssl(bio, ssl, BIO_CLOSE);
return bio;
}
void
key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, struct tls_session *session)
{
ASSERT(NULL != ssl_ctx);
ASSERT(ks_ssl);
CLEAR (*ks_ssl);
ks_ssl->ssl = SSL_new (ssl_ctx->ctx);
if (!ks_ssl->ssl)
msg (M_SSLERR, "SSL_new failed");
/* put session * in ssl object so we can access it
from verify callback*/
SSL_set_ex_data (ks_ssl->ssl, mydata_index, session);
ks_ssl->ssl_bio = getbio (BIO_f_ssl (), "ssl_bio");
ks_ssl->ct_in = getbio (BIO_s_mem (), "ct_in");
ks_ssl->ct_out = getbio (BIO_s_mem (), "ct_out");
#ifdef BIO_DEBUG
bio_debug_oc ("open ssl_bio", ks_ssl->ssl_bio);
bio_debug_oc ("open ct_in", ks_ssl->ct_in);
bio_debug_oc ("open ct_out", ks_ssl->ct_out);
#endif
if (is_server)
SSL_set_accept_state (ks_ssl->ssl);
else
SSL_set_connect_state (ks_ssl->ssl);
SSL_set_bio (ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out);
BIO_set_ssl (ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE);
}
bool SSLClient::connection(const string& host, const int& port)
{
if(host=="localhost")
{
return connectionUnresolv(host, port);
}
struct sockaddr_in *remote;
int tmpres;
char *ip;
sockfd = create_tcp_socket();
ip = get_ip((char*)host.c_str());
fprintf(stderr, "IP is %s\n", ip);
remote = (struct sockaddr_in *)malloc(sizeof(struct sockaddr_in *));
remote->sin_family = AF_INET;
tmpres = inet_pton(AF_INET, ip, (void *)(&(remote->sin_addr.s_addr)));
if( tmpres < 0)
{
perror("Can't set remote->sin_addr.s_addr");
return false;
}
else if(tmpres == 0)
{
fprintf(stderr, "%s is not a valid IP address\n", ip);
return false;
}
remote->sin_port = htons(port);
if(connect(sockfd, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0){
perror("Could not connect");
connected = false;
} else {
connected = true;
}
free(remote);
free(ip);
/* Build our SSL context*/
init();
/* Connect the SSL socket */
ssl=SSL_new(ctx);
sbio=BIO_new_socket(sockfd,BIO_CLOSE);
SSL_set_bio(ssl,sbio,sbio);
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_NOCLOSE);
BIO_push(io,ssl_bio);
if(SSL_connect(ssl)<=0)
{
logger << "SSL connect error";
return false;
}
ERR_clear_error();
connected = true;
return true;
}
static int init_ssl_socket( pn_ssl_t *ssl )
{
if (ssl->ssl) return 0;
if (!ssl->domain) return -1;
ssl->ssl = SSL_new(ssl->domain->ctx);
if (!ssl->ssl) {
_log_error( "SSL socket setup failure.\n" );
return -1;
}
// store backpointer to pn_ssl_t in SSL object:
SSL_set_ex_data(ssl->ssl, ssl_ex_data_index, ssl);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (ssl->peer_hostname && ssl->domain->mode == PN_SSL_MODE_CLIENT) {
SSL_set_tlsext_host_name(ssl->ssl, ssl->peer_hostname);
}
#endif
// restore session, if available
if (ssl->session_id) {
pn_ssl_session_t *ssn = ssn_cache_find( ssl->domain, ssl->session_id );
if (ssn) {
_log( ssl, "Restoring previous session id=%s\n", ssn->id );
int rc = SSL_set_session( ssl->ssl, ssn->session );
if (rc != 1) {
_log( ssl, "Session restore failed, id=%s\n", ssn->id );
}
LL_REMOVE( ssl->domain, ssn_cache, ssn );
ssl_session_free( ssn );
}
}
// now layer a BIO over the SSL socket
ssl->bio_ssl = BIO_new(BIO_f_ssl());
if (!ssl->bio_ssl) {
_log_error( "BIO setup failure.\n" );
return -1;
}
(void)BIO_set_ssl(ssl->bio_ssl, ssl->ssl, BIO_NOCLOSE);
// create the "lower" BIO "pipe", and attach it below the SSL layer
if (!BIO_new_bio_pair(&ssl->bio_ssl_io, 0, &ssl->bio_net_io, 0)) {
_log_error( "BIO setup failure.\n" );
return -1;
}
SSL_set_bio(ssl->ssl, ssl->bio_ssl_io, ssl->bio_ssl_io);
if (ssl->domain->mode == PN_SSL_MODE_SERVER) {
SSL_set_accept_state(ssl->ssl);
BIO_set_ssl_mode(ssl->bio_ssl, 0); // server mode
_log( ssl, "Server SSL socket created.\n" );
} else { // client mode
SSL_set_connect_state(ssl->ssl);
BIO_set_ssl_mode(ssl->bio_ssl, 1); // client mode
_log( ssl, "Client SSL socket created.\n" );
}
return 0;
}
R_API RSocket *r_socket_accept(RSocket *s) {
RSocket *sock;
if (!s) return NULL;
sock = R_NEW (RSocket);
if (!sock) return NULL;
sock->is_ssl = s->is_ssl;
sock->fd = accept (s->fd, NULL, NULL);
if (sock->fd == -1) {
free (sock);
return NULL;
}
#if HAVE_LIB_SSL
if (sock->is_ssl) {
sock->sfd = NULL;
sock->ctx = NULL;
sock->bio = NULL;
BIO *sbio = BIO_new_socket (sock->fd, BIO_NOCLOSE);
sock->sfd = SSL_new (s->ctx);
SSL_set_bio (sock->sfd, sbio, sbio);
if (SSL_accept (sock->sfd) <= 0) {
r_socket_free (sock);
return NULL;
}
sock->bio = BIO_new (BIO_f_buffer ());
sbio = BIO_new (BIO_f_ssl ());
BIO_set_ssl (sbio, sock->sfd, BIO_CLOSE);
BIO_push (sock->bio, sbio);
}
#endif
return sock;
}
R_API RSocket *r_socket_accept(RSocket *s) {
RSocket *sock;
socklen_t salen = sizeof (s->sa);
if (!s) return NULL;
sock = R_NEW (RSocket);
if (!sock) return NULL;
//signal (SIGPIPE, SIG_DFL);
sock->fd = accept (s->fd, (struct sockaddr *)&s->sa, &salen);
if (sock->fd == -1) {
free (sock);
return NULL;
}
#if HAVE_LIB_SSL
sock->is_ssl = s->is_ssl;
if (sock->is_ssl) {
sock->sfd = NULL;
sock->ctx = NULL;
sock->bio = NULL;
BIO *sbio = BIO_new_socket (sock->fd, BIO_NOCLOSE);
sock->sfd = SSL_new (s->ctx);
SSL_set_bio (sock->sfd, sbio, sbio);
if (SSL_accept (sock->sfd) <= 0) {
r_socket_free (sock);
return NULL;
}
sock->bio = BIO_new (BIO_f_buffer ());
sbio = BIO_new (BIO_f_ssl ());
BIO_set_ssl (sbio, sock->sfd, BIO_CLOSE);
BIO_push (sock->bio, sbio);
}
#else
sock->is_ssl = 0;
#endif
return sock;
}
void* conn_handler(void *arg)
{
long err;
SSL *ssl;
struct conn_ctx *ctx = (struct conn_ctx *)arg;
struct freeq_ctx *freeqctx = ctx->srvctx->freeqctx;
struct freeqd_state *fst = ctx->srvctx->fst;
BIO *client = ctx->client;
pthread_detach(pthread_self());
ssl = freeq_ssl_new(freeqctx);
SSL_set_bio(ssl, client, client);
if (SSL_accept(ssl) <= 0)
{
int_error("Error accepting SSL connection");
return NULL;
}
if ((err = post_connection_check(freeqctx, ssl, "localhost")) != X509_V_OK)
{
err(freeqctx, "error: peer certificate: %s\n", X509_verify_cert_error_string(err));
int_error("Error checking SSL object after connection");
}
BIO *buf_io, *ssl_bio;
buf_io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
BIO_push(buf_io, ssl_bio);
dbg(freeqctx, "ssl client connection opened\n");
if (generation_table_merge(freeqctx, fst, buf_io))
{
err(freeqctx, "table merge failed\n");
SSL_shutdown(ssl);
}
else
{
dbg(freeqctx, "table merged ok\n");
SSL_clear(ssl);
}
dbg(freeqctx, "ssl client connection closed\n");
SSL_free(ssl);
ERR_remove_state(0);
return 0;
}
HybridSslConnection*
hybrid_ssl_connect(const gchar *hostname, gint port, ssl_callback func,
gpointer user_data)
{
BIO *buf_io;
BIO *ssl_bio;
HybridSslConnection *conn;
g_return_val_if_fail(hostname != NULL, NULL);
g_return_val_if_fail(port != 0, NULL);
g_return_val_if_fail(func != NULL, NULL);
SSLeay_add_all_algorithms();
SSL_load_error_strings();
SSL_library_init();
conn = g_new0(HybridSslConnection, 1);
if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) {
hybrid_debug_error("ssl", "initialize SSL CTX: %s",
ERR_reason_error_string(ERR_get_error()));
hybrid_ssl_connection_destory(conn);
return NULL;
}
if (!(conn->ssl = ssl_new_with_certs(conn->ssl_ctx))) {
hybrid_ssl_connection_destory(conn);
return NULL;
}
SSL_set_mode(conn->ssl, SSL_MODE_AUTO_RETRY);
buf_io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, conn->ssl, BIO_NOCLOSE);
BIO_push(buf_io, ssl_bio);
conn->conn_cb = func;
conn->conn_data = user_data;
conn->rbio = buf_io;
conn->conn = hybrid_proxy_connect(hostname, port, ssl_connect_cb, conn);
return conn;
}
BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
{
BIO *ret;
SSL *ssl;
if ((ret = BIO_new(BIO_f_ssl())) == NULL)
return NULL;
if ((ssl = SSL_new(ctx)) == NULL) {
BIO_free(ret);
return NULL;
}
if (client)
SSL_set_connect_state(ssl);
else
SSL_set_accept_state(ssl);
BIO_set_ssl(ret, ssl, BIO_CLOSE);
return ret;
}
void handle_table(struct freeq_ctx *ctx, SSL *ssl)
{
BIO *buf_io, *ssl_bio;
//char rbuf[1024];
//char wbuf[1024];
buf_io = BIO_new(BIO_f_buffer()); /* create a buffer BIO */
ssl_bio = BIO_new(BIO_f_ssl()); /* create an ssl BIO */
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); /* assign the ssl BIO to SSL */
BIO_push(buf_io, ssl_bio); /* add ssl_bio to buf_io */
/* ret = BIO_puts(buf_io, wbuf); */
/* Write contents of wbuf[] into buf_io */
/* ret = BIO_write(buf_io, wbuf, wlen); */
/* Write wlen-byte contents of wbuf[] into buf_io */
/* ret = BIO_gets(buf_io, rbuf, READBUF_SIZE); */
/* Read data from buf_io and store in rbuf[] */
/* ret = BIO_read(buf_io, rbuf, rlen); */
/* Read rlen-byte data from buf_io and store rbuf[] */
}
void ServiceTask::run()
{
//logger << dlib << endl;
string ip = "invalid session";
string alldatlg = "\ngot fd from parent";
SSL *ssl=NULL;
BIO *sbio=NULL;
BIO *io=NULL,*ssl_bio=NULL;
try
{
int cntlen = 0;
char buf[MAXBUFLENM];
strVec results;
stringstream ss;
string temp;
//int bytes = -1;
if(isSSLEnabled)
{
sbio=BIO_new_socket(fd,BIO_NOCLOSE);
ssl=SSL_new(ctx);
SSL_set_bio(ssl,sbio,sbio);
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
BIO_push(io,ssl_bio);
int r = SSL_accept(ssl);
cout << r << endl;
int bser = SSL_get_error(ssl,r);
cout << bser << endl;
if(r<=0)
{
sslHandler.error_occurred((char*)"SSL accept error",fd,ssl);
return;
}
int er=-1;
bool flag = true;
while(flag)
{
er = BIO_gets(io,buf,BUFSIZZ-1);
cout << er << endl;
int bser = SSL_get_error(ssl,er);
cout << bser << endl;
switch(bser)
{
case SSL_ERROR_WANT_READ:
{
logger << "more to read error" << endl;
break;
}
case SSL_ERROR_WANT_WRITE:
{
logger << "more to write error" << endl;
break;
}
case SSL_ERROR_NONE:
{
break;
}
case SSL_ERROR_ZERO_RETURN:
{
sslHandler.error_occurred((char*)"SSL error problem",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
default:
{
sslHandler.error_occurred((char*)"SSL read problem",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
}
ss << buf;
//logger <<buf <<endl;
if(!strcmp(buf,"\r\n") || !strcmp(buf,"\n"))
break;
string temp(buf);
if(temp=="")continue;
temp = temp.substr(0,temp.length()-1);
results.push_back(temp);
//logger << temp <<endl;
if(temp.find("Content-Length:")!=string::npos)
{
std::string cntle = temp.substr(temp.find(": ")+2);
cntle = cntle.substr(0,cntle.length()-1);
//logger << "contne-length="<<cntle <<endl;
try
{
cntlen = CastUtil::lexical_cast<int>(cntle);
}
catch(const char* ex)
{
logger << "bad lexical cast" <<endl;
}
}
memset(&buf[0], 0, sizeof(buf));
}
}
else
{
int er=-1;
bool flag = true;
sbio=BIO_new_socket(fd,BIO_CLOSE);
io=BIO_new(BIO_f_buffer());
BIO_push(io,sbio);
logger << "into run method" << endl;
while(flag)
{
er = BIO_gets(io,buf,BUFSIZZ-1);
if(er==0)
{
close(fd);
logger << "\nsocket closed before being serviced" <<flush;
return;
}
ss << buf;
if(!strcmp(buf,"\r\n") || !strcmp(buf,"\n") || er<0)
break;
string temp(buf);
temp = temp.substr(0,temp.length()-1);
results.push_back(temp);
//logger << temp <<endl;
if(temp.find("Content-Length:")!=string::npos)
{
std::string cntle = temp.substr(temp.find(": ")+2);
cntle = cntle.substr(0,cntle.length()-1);
//logger << "contne-length="<<cntle <<endl;
try
{
cntlen = CastUtil::lexical_cast<int>(cntle);
}
catch(const char* ex)
{
logger << "bad lexical cast" <<endl;
}
}
memset(&buf[0], 0, sizeof(buf));
}
}
ss.clear();
if(isSSLEnabled && cntlen>0)
{
int er=-1;
if(cntlen>0)
{
//logger << "reading conetnt " << cntlen << endl;
er = BIO_read(io,buf,cntlen);
switch(SSL_get_error(ssl,er))
{
case SSL_ERROR_NONE:
cntlen -= er;
break;
case SSL_ERROR_ZERO_RETURN:
{
sslHandler.error_occurred((char*)"SSL error problem",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
default:
{
sslHandler.error_occurred((char*)"SSL read problem",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
}
string temp(buf);
results.push_back("\r");
results.push_back(temp);
//logger <<buf <<endl;
memset(&buf[0], 0, sizeof(buf));
}
}
else if(cntlen>0)
{
int er=-1;
if(cntlen>0)
{
//logger << "reading conetnt " << cntlen << endl;
er = BIO_read(io,buf,cntlen);
if(er==0)
{
close(fd);
logger << "\nsocket closed before being serviced" <<flush;
return;
}
else if(er>0)
{
string temp(buf);
results.push_back("\r");
results.push_back(temp);
//logger << temp <<endl;
memset(&buf[0], 0, sizeof(buf));
}
}
}
alldatlg += "--read data";
map<string,string> params1 = *params;
string webpath = serverRootDirectory + "web/";
HttpRequest* req= new HttpRequest(results,webpath);
//logger << req->toString() << endl;
if(req->getFile()=="")
{
logger << req->getFile() << endl;
req->setFile("index.html");
}
if(req->hasCookie())
{
logger << "has the session id" << endl;
if(!configData.sessatserv)
req->getSession()->setSessionAttributes(req->getCookieInfo());
else
{
string id = req->getCookieInfoAttribute("FFEADID");
logger << id << endl;
map<string,string> values = readFromSharedMemeory(id);
req->getSession()->setSessionAttributes(values);
}
}
if(configData.cntMap[req->getCntxt_name()]!="true")
{
req->setCntxt_name("default");
req->setCntxt_root(webpath+"default");
req->setUrl(webpath+"default"+req->getActUrl());
}
//logger << req->getCntxt_name() << req->getCntxt_root() << req->getUrl() << endl;
if(configData.appMap[req->getCntxt_name()]!="false")
{
if(dlib == NULL)
{
cerr << dlerror() << endl;
exit(-1);
}
string meth1 = (req->getCntxt_name()+"checkRules");
string path1;
void *mkr1 = dlsym(dlib, meth1.c_str());
if(mkr1!=NULL)
{
typedef string (*DCPPtr1) (string,HttpSession);
DCPPtr1 f = (DCPPtr1)mkr1;
path1 = f(req->getUrl(),*(req->getSession()));
//logger << path1 << flush;
if(path1=="FAILED")
{
req->setUrl("");
}
else if(path1!="" && path1!=req->getUrl())
{
req->setUrl(path1);
}
}
}
HttpResponse res;
string ext = getFileExtension(req->getUrl());
vector<unsigned char> test;
string content;
string claz;
bool isoAuthRes = false;
long sessionTimeoutVar = configData.sessionTimeout;
bool isContrl = securityHandler.handle(configData.ip_address, req, res, configData.securityObjectMap, sessionTimeoutVar, dlib, configData.cntMap);
filterHandler.handleIn(req, res, configData.filterMap, dlib, ext);
if(!isContrl)
{
isContrl = authHandler.handle(configData.autMap, configData.autpattMap, req, res, configData.filterMap, dlib, ext);
}
string pthwofile = req->getCntxt_name()+req->getActUrl();
if(req->getCntxt_name()!="default" && configData.cntMap[req->getCntxt_name()]=="true")
{
pthwofile = req->getActUrl();
}
if(!isContrl)
{
isContrl = controllerHandler.handle(req, res, configData.urlpattMap, configData.mappattMap, dlib, ext,
configData.rstCntMap, configData.mapMap, configData.urlMap, pthwofile);
}
/*After going through the controller the response might be blank, just set the HTTP version*/
res.setHttpVersion(req->getHttpVersion());
//logger << req->toString() << endl;
if(req->getMethod()!="TRACE")
{
if(isContrl)
{
}
else if(ext==".form")
{
formHandler.handle(req, res, configData.formMap, dlib);
}
else if((req->getContent_type().find("application/soap+xml")!=string::npos || req->getContent_type().find("text/xml")!=string::npos)
&& (req->getContent().find("<soap:Envelope")!=string::npos || req->getContent().find("<soapenv:Envelope")!=string::npos)
&& configData.wsdlmap[req->getFile()]==req->getCntxt_name())
{
soapHandler.handle(req, res, dlib, configData.props[".xml"]);
}
else
{
bool cntrlit = scriptHandler.handle(req, res, configData.handoffs, dlib, ext, configData.props);
logger << "html page requested" <<endl;
if(cntrlit)
{
}
else
{
cntrlit = extHandler.handle(req, res, dlib, configData.resourcePath, configData.tmplMap, configData.vwMap, ext, configData.props);
}
if(!cntrlit && ext==".fview")
{
content = fviewHandler.handle(req, res, configData.fviewmap);
}
else
{
if(res.getContent_str()=="")
content = getContentStr(req->getUrl(),configData.lprops[req->getDefaultLocale()],ext);
else
content = res.getContent_str();
}
if(content.length()==0)
{
res.setStatusCode("404");
res.setStatusMsg("Not Found");
//res.setContent_len(CastUtil::lexical_cast<string>(0));
}
else
{
res.setStatusCode("200");
res.setStatusMsg("OK");
if(res.getContent_type()=="")res.setContent_type(configData.props[ext]);
res.setContent_str(content);
//res.setContent_len(CastUtil::lexical_cast<string>(content.length()));
//sess.setAttribute("CURR",req->getUrl());
}
}
filterHandler.handleOut(req, res, configData.filterMap, dlib, ext);
}
alldatlg += "--processed data";
string h1;
bool sessionchanged = !req->hasCookie();
sessionchanged |= req->getSession()->isDirty();
if(req->getConnection()!="")
res.setConnection("close");
createResponse(res,sessionchanged,req->getSession()->getSessionAttributes(),req->getCookieInfoAttribute("FFEADID"), sessionTimeoutVar, configData.sessatserv);
//Head should behave exactly as Get but there should be no entity body
if(req->getMethod()=="HEAD")
{
h1 = res.generateHeadResponse();
}
else if(req->getMethod()=="OPTIONS")
{
h1 = res.generateOptionsResponse();
}
else if(req->getMethod()=="TRACE")
{
h1 = res.generateTraceResponse(req);
}
else
{
h1 = res.generateResponse();
}
//logger << h1 << endl;
if(isSSLEnabled)
{
int r;
/* Now perform renegotiation if requested */
if(configData.client_auth==CLIENT_AUTH_REHANDSHAKE){
SSL_set_verify(ssl,SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
/* Stop the client from just resuming the
un-authenticated session */
SSL_set_session_id_context(ssl,
(const unsigned char*)&SSLHandler::s_server_auth_session_id_context,
sizeof(SSLHandler::s_server_auth_session_id_context));
if(SSL_renegotiate(ssl)<=0)
{
sslHandler.error_occurred((char*)"SSL renegotiation error",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
if(SSL_do_handshake(ssl)<=0)
{
sslHandler.error_occurred((char*)"SSL renegotiation error",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
ssl->state=SSL_ST_ACCEPT;
if(SSL_do_handshake(ssl)<=0)
{
sslHandler.error_occurred((char*)"SSL renegotiation error",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
}
if((r=BIO_puts(io,h1.c_str()))<=0)
{
sslHandler.error_occurred((char*)"send failed",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
if((r=BIO_flush(io))<0)
{
sslHandler.error_occurred((char*)"Error flushing BIO",fd,ssl);
if(io!=NULL)BIO_free(io);
return;
}
sslHandler.closeSSL(fd,ssl,io);
}
else
{
int size;
if ((size=send(fd,&h1[0] , h1.length(), 0)) == -1)
logger << "send failed" << flush;
else if(size==0)
{
close(fd);
memset(&buf[0], 0, sizeof(buf));
logger << "socket closed for writing" << flush;
return;
}
if(io!=NULL)BIO_free_all(io);
}
close(fd);
memset(&buf[0], 0, sizeof(buf));
ss.clear();
//Logger::info("got new connection to process\n"+req->getFile()+" :: " + res.getStatusCode() + "\n"+req->getCntxt_name() + "\n"+req->getCntxt_root() + "\n"+req->getUrl());
delete req;
logger << alldatlg << "--sent data--DONE" << flush;
//sessionMap[sessId] = sess;
}
catch(...)
{
logger << "Standard exception: " << endl;
}
}
static LUA_FUNCTION(openssl_bio_new_filter)
{
/* 0 1 2 3 4 5 */
static const char* sType[] = {"base64", "buffer", "cipher", "md", "ssl", NULL};
int type = luaL_checkoption(L, 1, NULL, sType);
BIO* bio = NULL;
int ret = 1;
int closeflag = 0;
switch (type)
{
case 0:
bio = BIO_new(BIO_f_base64());
break;
case 1:
bio = BIO_new(BIO_f_buffer());
break;
case 2:
{
const EVP_CIPHER* c = get_cipher(L, 2, NULL);
size_t kl, il;
const char* k = luaL_checklstring(L, 3, &kl);
const char* v = luaL_checklstring(L, 4, &il);
int encrypt = auxiliar_checkboolean(L, 5);
bio = BIO_new(BIO_f_cipher());
BIO_set_cipher(bio, c, (const unsigned char*)k, (const unsigned char*)v, encrypt);
}
break;
case 3:
{
const EVP_MD* md = get_digest(L, 2);
bio = BIO_new(BIO_f_md());
ret = BIO_set_md(bio, md);
}
case 4:
{
SSL* ssl = CHECK_OBJECT(2, SSL, "openssl.ssl");
closeflag = luaL_checkoption(L, 3, "noclose", close_flags);
bio = BIO_new(BIO_f_ssl());
ret = BIO_set_ssl(bio, ssl, closeflag);
}
break;
default:
ret = 0;
}
if (ret == 1 && bio)
{
PUSH_OBJECT(bio, "openssl.bio");
if (closeflag)
{
openssl_newvalue(L, bio);
lua_pushboolean(L, 1);
openssl_setvalue(L, bio, "free_all");
}
return 1;
}
else
{
if (bio)
BIO_free(bio);
return openssl_pushresult(L, ret);
}
return 0;
}
int main(int argc, char *argv[])
{
const char *hostport = HOSTPORT;
const char *CAfile = CAFILE;
char *hostname;
char *cp;
BIO *out = NULL;
char buf[1024 * 10], *p;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl;
BIO *ssl_bio;
int i, len, off, ret = EXIT_FAILURE;
if (argc > 1)
hostport = argv[1];
if (argc > 2)
CAfile = argv[2];
hostname = OPENSSL_strdup(hostport);
if ((cp = strchr(hostname, ':')) != NULL)
*cp = 0;
#ifdef WATT32
dbug_init();
sock_init();
#endif
ssl_ctx = SSL_CTX_new(TLS_client_method());
/* Enable trust chain verification */
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
/* Lets make a SSL structure */
ssl = SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
/* Enable peername verification */
if (SSL_set1_host(ssl, hostname) <= 0)
goto err;
/* Use it inside an SSL BIO */
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
/* Lets use a connect BIO under the SSL BIO */
out = BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out, hostport);
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
p = "GET / HTTP/1.0\r\n\r\n";
len = strlen(p);
off = 0;
for (;;) {
i = BIO_write(out, &(p[off]), len);
if (i <= 0) {
if (BIO_should_retry(out)) {
fprintf(stderr, "write DELAY\n");
sleep(1);
continue;
} else {
goto err;
}
}
off += i;
len -= i;
if (len <= 0)
break;
}
for (;;) {
i = BIO_read(out, buf, sizeof(buf));
if (i == 0)
break;
if (i < 0) {
if (BIO_should_retry(out)) {
fprintf(stderr, "read DELAY\n");
sleep(1);
continue;
}
goto err;
}
fwrite(buf, 1, i, stdout);
}
ret = EXIT_SUCCESS;
goto done;
err:
if (ERR_peek_error() == 0) { /* system call error */
fprintf(stderr, "errno=%d ", errno);
perror("error");
} else {
ERR_print_errors_fp(stderr);
}
done:
BIO_free_all(out);
SSL_CTX_free(ssl_ctx);
return ret;
}
static int http_serve(SSL *ssl, int s)
{
char buf[BUFSIZZ];
int r,len;
BIO *io,*ssl_bio;
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
BIO_push(io,ssl_bio);
while(1){
r=BIO_gets(io,buf,BUFSIZZ-1);
switch(SSL_get_error(ssl,r)){
case SSL_ERROR_NONE:
len=r;
break;
case SSL_ERROR_ZERO_RETURN:
goto shutdown;
break;
default:
berr_exit("SSL read problem");
}
/* Look for the blank line that signals
the end of the HTTP headers */
if(!strcmp(buf,"\r\n") ||
!strcmp(buf,"\n"))
break;
}
/* Now perform renegotiation if requested */
if(client_auth==CLIENT_AUTH_REHANDSHAKE){
SSL_set_verify(ssl,SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
/* Stop the client from just resuming the
un-authenticated session */
SSL_set_session_id_context(ssl,
(void *)&s_server_auth_session_id_context,
sizeof(s_server_auth_session_id_context));
if(SSL_renegotiate(ssl)<=0)
berr_exit("SSL renegotiation error");
if(SSL_do_handshake(ssl)<=0)
berr_exit("SSL renegotiation error");
ssl->state=SSL_ST_ACCEPT;
if(SSL_do_handshake(ssl)<=0)
berr_exit("SSL renegotiation error");
}
if((r=BIO_puts
(io,"HTTP/1.0 200 OK\r\n"))<=0)
err_exit("Write error");
if((r=BIO_puts
(io,"Server: EKRServer\r\n\r\n"))<=0)
err_exit("Write error");
if((r=BIO_puts
(io,"Server test page\r\n"))<=0)
err_exit("Write error");
if((r=BIO_flush(io))<0)
err_exit("Error flushing BIO");
shutdown:
r=SSL_shutdown(ssl);
if(!r){
/* If we called SSL_shutdown() first then
we always get return value of '0'. In
this case, try again, but first send a
TCP FIN to trigger the other side's
close_notify*/
shutdown(s,1);
r=SSL_shutdown(ssl);
}
switch(r){
case 1:
break; /* Success */
case 0:
case -1:
default:
berr_exit("Shutdown failed");
}
SSL_free(ssl);
close(s);
return(0);
}
HybridSslConnection*
hybrid_ssl_connect_with_fd(gint sk, ssl_callback func, gpointer user_data)
{
gint l;
SSL *ssl;
BIO *sbio;
BIO *buf_io;
BIO *ssl_bio;
SSL_CTX *ssl_ctx;
HybridSslConnection *ssl_conn;
SSL_load_error_strings();
SSL_library_init();
if (!(ssl_ctx = SSL_CTX_new(TLSv1_client_method()))) {
hybrid_debug_error("ssl", "initialize SSL CTX: %s",
ERR_reason_error_string(ERR_get_error()));
return NULL;
}
if (!(ssl = ssl_new_with_certs(ssl_ctx))) {
return NULL;
}
if (!SSL_set_fd(ssl, sk)) {
hybrid_debug_error("ssl", "add ssl to tcp socket:%s",
ERR_reason_error_string(ERR_get_error()));
return NULL;
}
sbio = BIO_new(BIO_s_socket());
BIO_set_fd(sbio, sk, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);
SSL_set_connect_state(ssl);
reconnect:
l = SSL_connect(ssl);
switch (SSL_get_error(ssl, l)) {
case SSL_ERROR_NONE:
goto ssl_conn_sk_ok;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
usleep(100);
goto reconnect;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_WANT_X509_LOOKUP:
case SSL_ERROR_ZERO_RETURN:
case SSL_ERROR_SSL:
default:
hybrid_debug_error("ssl", "ssl hand-shake error:%s",
ERR_reason_error_string(ERR_get_error()));
return NULL;
}
ssl_conn_sk_ok:
if (HYBRID_OK != ssl_verify_certs(ssl)) {
return NULL;
}
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
buf_io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_NOCLOSE);
BIO_push(buf_io, ssl_bio);
ssl_conn = g_new0(HybridSslConnection, 1);
ssl_conn->sk = sk;
ssl_conn->ssl = ssl;
ssl_conn->ssl_ctx = ssl_ctx;
ssl_conn->conn_cb = func;
ssl_conn->conn_data = user_data;
ssl_conn->rbio = buf_io;
ssl_conn->wbio = sbio;
if (func) {
func(ssl_conn, user_data);
}
return ssl_conn;
}
bool SSLClient::connectionUnresolv(const string& host, const int& port)
{
struct addrinfo hints, *servinfo, *p;
int rv;
char s[INET6_ADDRSTRLEN];
memset(s, 0, sizeof(s));
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
string sport = CastUtil::lexical_cast<string>(port);
if ((rv = getaddrinfo(host.c_str(), sport.c_str(), &hints, &servinfo)) != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
return false;
}
// loop through all the results and connect to the first we can
for(p = servinfo; p != NULL; p = p->ai_next) {
if ((sockfd = socket(p->ai_family, p->ai_socktype,
p->ai_protocol)) == -1) {
perror("client: socket");
continue;
}
if (connect(sockfd, p->ai_addr, p->ai_addrlen) == -1) {
closesocket(sockfd);
perror("client: connect");
connected = false;
continue;
} else {
connected = true;
}
break;
}
if (p == NULL) {
fprintf(stderr, "client: failed to connect\n");
return false;
}
inet_ntop(p->ai_family, get_in_addr((struct sockaddr *)p->ai_addr),
s, sizeof s);
//printf("client: connecting to %s\n", s);
freeaddrinfo(servinfo); // all done with this structure
/* Build our SSL context*/
init();
/* Connect the SSL socket */
ssl=SSL_new(ctx);
sbio=BIO_new_socket(sockfd,BIO_CLOSE);
SSL_set_bio(ssl,sbio,sbio);
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_NOCLOSE);
BIO_push(io,ssl_bio);
if(SSL_connect(ssl)<=0)
{
logger << "SSL connect error";
return false;
}
ERR_clear_error();
return connected;
}
static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
{
BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
SSL_CTX *ctx = SSL_CTX_new(TLS_method());
SSL *ssl = NULL;
int testresult = 0;
if (ctx == NULL) {
printf("Failed to allocate SSL_CTX\n");
return 0;
}
ssl = SSL_new(ctx);
if (ssl == NULL) {
printf("Failed to allocate SSL object\n");
goto end;
}
sslbio = BIO_new(BIO_f_ssl());
membio1 = BIO_new(BIO_s_mem());
if (sslbio == NULL || membio1 == NULL) {
printf("Malloc failure creating BIOs\n");
goto end;
}
BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
/*
* If anything goes wrong here then we could leak memory, so this will
* be caught in a crypto-mdebug build
*/
BIO_push(sslbio, membio1);
/* Verify changing the rbio/wbio directly does not cause leaks */
if (fix.change_bio != NO_BIO_CHANGE) {
membio2 = BIO_new(BIO_s_mem());
if (membio2 == NULL) {
printf("Malloc failure creating membio2\n");
goto end;
}
if (fix.change_bio == CHANGE_RBIO)
SSL_set0_rbio(ssl, membio2);
else
SSL_set0_wbio(ssl, membio2);
}
ssl = NULL;
if (fix.pop_ssl)
BIO_pop(sslbio);
else
BIO_pop(membio1);
testresult = 1;
end:
BIO_free(membio1);
BIO_free(sslbio);
SSL_free(ssl);
SSL_CTX_free(ctx);
return testresult;
}
void* sqlhandler(void *arg) {
char sql[MAX_MSG];
int ret, err;
SSL *ssl;
sqlite4_stmt *pStmt;
struct conn_ctx *conn = (struct conn_ctx *)arg;
struct freeq_ctx *freeqctx = conn->srvctx->freeqctx;
BIO *client = conn->client;
if (!(ssl = freeq_ssl_new(freeqctx)))
{
err(freeqctx, "couldn't allocate new ssl instance");
BIO_free_all(client);
free(conn);
pthread_exit(NULL);
}
SSL_set_bio(ssl, client, client);
if (SSL_accept(ssl) <= 0)
{
int_error("Error accepting SSL connection");
BIO_free_all(client);
free(conn);
pthread_exit(NULL);
}
if ((err = post_connection_check(freeqctx, ssl, "localhost")) != X509_V_OK)
{
err(freeqctx, "error: peer certificate: %s\n", X509_verify_cert_error_string(err));
BIO_free_all(client);
free(conn);
pthread_exit(NULL);
}
BIO *b, *ssl_bio;
b = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
BIO_push(b, ssl_bio);
memset(sql, 0, MAX_MSG);
ret = BIO_gets(b, sql, MAX_MSG);
ret = sqlite4_prepare(pDb, sql, strlen(sql), &pStmt, 0);
if (ret != SQLITE4_OK)
{
dbg(freeqctx, "prepare failed for %s sending error, ret was %d\n", sql, ret);
//freeq_error_write_sock(freeqctx, sqlite4_errmsg(pDb), b);
dbg(freeqctx, sqlite4_errmsg(pDb));
//BIO_printf(b, "error: %s\n", sqlite4_errmsg(pDb));
sqlite4_finalize(pStmt);
//pthread_exit(FREEQ_ERR);
}
freeq_sqlite_to_bio(freeqctx, b, pStmt);
SSL_shutdown(ssl);
SSL_free(ssl);
BIO_free_all(client);
free(conn);
pthread_exit(FREEQ_OK);
}
int doit(char *ctx[4])
{
SSL_CTX *s_ctx, *c_ctx;
static char cbuf[200], sbuf[200];
SSL *c_ssl = NULL;
SSL *s_ssl = NULL;
BIO *c_to_s = NULL;
BIO *s_to_c = NULL;
BIO *c_bio = NULL;
BIO *s_bio = NULL;
int c_r, c_w, s_r, s_w;
int c_want, s_want;
int i;
int done = 0;
int c_write, s_write;
int do_server = 0, do_client = 0;
s_ctx = (SSL_CTX *)ctx[0];
c_ctx = (SSL_CTX *)ctx[1];
if (ctx[2] != NULL)
s_ssl = (SSL *)ctx[2];
else
s_ssl = SSL_new(s_ctx);
if (ctx[3] != NULL)
c_ssl = (SSL *)ctx[3];
else
c_ssl = SSL_new(c_ctx);
if ((s_ssl == NULL) || (c_ssl == NULL))
goto err;
c_to_s = BIO_new(BIO_s_mem());
s_to_c = BIO_new(BIO_s_mem());
if ((s_to_c == NULL) || (c_to_s == NULL))
goto err;
c_bio = BIO_new(BIO_f_ssl());
s_bio = BIO_new(BIO_f_ssl());
if ((c_bio == NULL) || (s_bio == NULL))
goto err;
SSL_set_connect_state(c_ssl);
SSL_set_bio(c_ssl, s_to_c, c_to_s);
BIO_set_ssl(c_bio, c_ssl, (ctx[2] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
SSL_set_accept_state(s_ssl);
SSL_set_bio(s_ssl, c_to_s, s_to_c);
BIO_set_ssl(s_bio, s_ssl, (ctx[3] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
c_r = 0;
s_r = 1;
c_w = 1;
s_w = 0;
c_want = W_WRITE;
s_want = 0;
c_write = 1, s_write = 0;
/* We can always do writes */
for (;;) {
do_server = 0;
do_client = 0;
i = (int)BIO_pending(s_bio);
if ((i && s_r) || s_w)
do_server = 1;
i = (int)BIO_pending(c_bio);
if ((i && c_r) || c_w)
do_client = 1;
if (do_server && verbose) {
if (SSL_in_init(s_ssl))
printf("server waiting in SSL_accept - %s\n",
SSL_state_string_long(s_ssl));
else if (s_write)
printf("server:SSL_write()\n");
else
printf("server:SSL_read()\n");
}
if (do_client && verbose) {
if (SSL_in_init(c_ssl))
printf("client waiting in SSL_connect - %s\n",
SSL_state_string_long(c_ssl));
else if (c_write)
printf("client:SSL_write()\n");
else
printf("client:SSL_read()\n");
}
if (!do_client && !do_server) {
fprintf(stdout, "ERROR IN STARTUP\n");
break;
}
if (do_client && !(done & C_DONE)) {
if (c_write) {
i = BIO_write(c_bio, "hello from client\n", 18);
if (i < 0) {
c_r = 0;
c_w = 0;
if (BIO_should_retry(c_bio)) {
if (BIO_should_read(c_bio))
c_r = 1;
if (BIO_should_write(c_bio))
c_w = 1;
} else {
fprintf(stderr, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
/* ok */
c_write = 0;
}
} else {
i = BIO_read(c_bio, cbuf, 100);
if (i < 0) {
c_r = 0;
c_w = 0;
if (BIO_should_retry(c_bio)) {
if (BIO_should_read(c_bio))
c_r = 1;
if (BIO_should_write(c_bio))
c_w = 1;
} else {
fprintf(stderr, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
done |= C_DONE;
#ifdef undef
fprintf(stdout, "CLIENT:from server:");
fwrite(cbuf, 1, i, stdout);
fflush(stdout);
#endif
}
}
}
if (do_server && !(done & S_DONE)) {
if (!s_write) {
i = BIO_read(s_bio, sbuf, 100);
if (i < 0) {
s_r = 0;
s_w = 0;
if (BIO_should_retry(s_bio)) {
if (BIO_should_read(s_bio))
s_r = 1;
if (BIO_should_write(s_bio))
s_w = 1;
} else {
fprintf(stderr, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 1;
s_w = 1;
#ifdef undef
fprintf(stdout, "SERVER:from client:");
fwrite(sbuf, 1, i, stdout);
fflush(stdout);
#endif
}
} else {
i = BIO_write(s_bio, "hello from server\n", 18);
if (i < 0) {
s_r = 0;
s_w = 0;
if (BIO_should_retry(s_bio)) {
if (BIO_should_read(s_bio))
s_r = 1;
if (BIO_should_write(s_bio))
s_w = 1;
} else {
fprintf(stderr, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 0;
s_r = 1;
done |= S_DONE;
}
}
}
if ((done & S_DONE) && (done & C_DONE))
break;
#if defined(OPENSSL_SYS_NETWARE)
ThreadSwitchWithDelay();
#endif
}
SSL_set_shutdown(c_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#ifdef undef
fprintf(stdout, "DONE\n");
#endif
err:
/*
* We have to set the BIO's to NULL otherwise they will be free()ed
* twice. Once when th s_ssl is SSL_free()ed and again when c_ssl is
* SSL_free()ed. This is a hack required because s_ssl and c_ssl are
* sharing the same BIO structure and SSL_set_bio() and SSL_free()
* automatically BIO_free non NULL entries. You should not normally do
* this or be required to do this
*/
if (s_ssl != NULL) {
s_ssl->rbio = NULL;
s_ssl->wbio = NULL;
}
if (c_ssl != NULL) {
c_ssl->rbio = NULL;
c_ssl->wbio = NULL;
}
/* The SSL's are optionally freed in the following calls */
if (c_to_s != NULL)
BIO_free(c_to_s);
if (s_to_c != NULL)
BIO_free(s_to_c);
if (c_bio != NULL)
BIO_free(c_bio);
if (s_bio != NULL)
BIO_free(s_bio);
return (0);
}
int doit(io_channel chan, SSL_CTX *s_ctx )
{
int status, length, link_state;
struct rpc_msg msg;
static char cbuf[200],sbuf[200];
SSL *s_ssl=NULL;
BIO *c_to_s=NULL;
BIO *s_to_c=NULL;
BIO *c_bio=NULL;
BIO *s_bio=NULL;
int i;
int done=0;
s_ssl=SSL_new(s_ctx);
if (s_ssl == NULL) goto err;
c_to_s=BIO_new(BIO_s_rtcp());
s_to_c=BIO_new(BIO_s_rtcp());
if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
/* original, DRM 24-SEP-1997
BIO_set_fd ( c_to_s, "", chan );
BIO_set_fd ( s_to_c, "", chan );
*/
BIO_set_fd ( c_to_s, 0, chan );
BIO_set_fd ( s_to_c, 0, chan );
c_bio=BIO_new(BIO_f_ssl());
s_bio=BIO_new(BIO_f_ssl());
if ((c_bio == NULL) || (s_bio == NULL)) goto err;
SSL_set_accept_state(s_ssl);
SSL_set_bio(s_ssl,c_to_s,s_to_c);
BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
/* We can always do writes */
printf("Begin doit main loop\n");
/*
* Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
*/
for (link_state = 0; link_state < 3; ) {
/*
* Wait for remote end to request data action on A channel.
*/
while ( link_state == 0 ) {
status = get ( chan, (char *) &msg, sizeof(msg), &length );
if ( (status&1) == 0 ) {
printf("Error in main loop get: %d\n", status );
link_state = 3;
break;
}
if ( length < RPC_HDR_SIZE ) {
printf("Error in main loop get size: %d\n", length );
break;
link_state = 3;
}
if ( msg.channel != 'A' ) {
printf("Error in main loop, unexpected channel: %c\n",
msg.channel );
break;
link_state = 3;
}
if ( msg.function == 'G' ) {
link_state = 1;
} else if ( msg.function == 'P' ) {
link_state = 2; /* write pending */
} else if ( msg.function == 'X' ) {
link_state = 3;
} else {
link_state = 3;
}
}
if ( link_state == 1 ) {
i = BIO_read ( s_bio, msg.data, msg.length );
if ( i < 0 ) link_state = 3;
else {
msg.channel = 'A';
msg.function = 'C'; /* confirm */
msg.length = i;
status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
if ( (status&1) == 0 ) break;
link_state = 0;
}
} else if ( link_state == 2 ) {
i = BIO_write ( s_bio, msg.data, msg.length );
if ( i < 0 ) link_state = 3;
else {
msg.channel = 'A';
msg.function = 'C'; /* confirm */
msg.length = 0;
status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
if ( (status&1) == 0 ) break;
link_state = 0;
}
}
}
fprintf(stdout,"DONE\n");
err:
/* We have to set the BIO's to NULL otherwise they will be
* free()ed twice. Once when th s_ssl is SSL_free()ed and
* again when c_ssl is SSL_free()ed.
* This is a hack required because s_ssl and c_ssl are sharing the same
* BIO structure and SSL_set_bio() and SSL_free() automatically
* BIO_free non NULL entries.
* You should not normally do this or be required to do this */
s_ssl->rbio=NULL;
s_ssl->wbio=NULL;
if (c_to_s != NULL) BIO_free(c_to_s);
if (s_to_c != NULL) BIO_free(s_to_c);
if (c_bio != NULL) BIO_free(c_bio);
if (s_bio != NULL) BIO_free(s_bio);
return(0);
}
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
clock_t *s_time, clock_t *c_time)
{
long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
int ret = 1;
size_t bufsiz = 256; /* small buffer for testing */
if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
goto err;
if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
goto err;
s_ssl_bio = BIO_new(BIO_f_ssl());
if (!s_ssl_bio)
goto err;
c_ssl_bio = BIO_new(BIO_f_ssl());
if (!c_ssl_bio)
goto err;
SSL_set_connect_state(c_ssl);
SSL_set_bio(c_ssl, client, client);
(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
SSL_set_accept_state(s_ssl);
SSL_set_bio(s_ssl, server, server);
(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
do
{
/* c_ssl_bio: SSL filter BIO
*
* client: pseudo-I/O for SSL library
*
* client_io: client's SSL communication; usually to be
* relayed over some I/O facility, but in this
* test program, we're the server, too:
*
* server_io: server's SSL communication
*
* server: pseudo-I/O for SSL library
*
* s_ssl_bio: SSL filter BIO
*
* The client and the server each employ a "BIO pair":
* client + client_io, server + server_io.
* BIO pairs are symmetric. A BIO pair behaves similar
* to a non-blocking socketpair (but both endpoints must
* be handled by the same thread).
* [Here we could connect client and server to the ends
* of a single BIO pair, but then this code would be less
* suitable as an example for BIO pairs in general.]
*
* Useful functions for querying the state of BIO pair endpoints:
*
* BIO_ctrl_pending(bio) number of bytes we can read now
* BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
* other side's read attempt
* BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
*
* ..._read_request is never more than ..._write_guarantee;
* it depends on the application which one you should use.
*/
/* We have non-blocking behaviour throughout this test program, but
* can be sure that there is *some* progress in each iteration; so
* we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
* -- we just try everything in each iteration
*/
{
/* CLIENT */
MS_STATIC char cbuf[1024*8];
int i, r;
clock_t c_clock = clock();
memset(cbuf, 0, sizeof(cbuf));
if (debug)
if (SSL_in_init(c_ssl))
printf("client waiting in SSL_connect - %s\n",
SSL_state_string_long(c_ssl));
if (cw_num > 0)
{
/* Write to server. */
if (cw_num > (long)sizeof cbuf)
i = sizeof cbuf;
else
i = (int)cw_num;
r = BIO_write(c_ssl_bio, cbuf, i);
if (r < 0)
{
if (!BIO_should_retry(c_ssl_bio))
{
fprintf(stderr,"ERROR in CLIENT\n");
goto err;
}
/* BIO_should_retry(...) can just be ignored here.
* The library expects us to call BIO_write with
* the same arguments again, and that's what we will
* do in the next iteration. */
}
else if (r == 0)
{
fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
goto err;
}
else
{
if (debug)
printf("client wrote %d\n", r);
cw_num -= r;
}
}
if (cr_num > 0)
{
/* Read from server. */
r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
if (r < 0)
{
if (!BIO_should_retry(c_ssl_bio))
{
fprintf(stderr,"ERROR in CLIENT\n");
goto err;
}
/* Again, "BIO_should_retry" can be ignored. */
}
else if (r == 0)
{
fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
goto err;
}
else
{
if (debug)
printf("client read %d\n", r);
cr_num -= r;
}
}
/* c_time and s_time increments will typically be very small
* (depending on machine speed and clock tick intervals),
* but sampling over a large number of connections should
* result in fairly accurate figures. We cannot guarantee
* a lot, however -- if each connection lasts for exactly
* one clock tick, it will be counted only for the client
* or only for the server or even not at all.
*/
*c_time += (clock() - c_clock);
}
{
/* SERVER */
MS_STATIC char sbuf[1024*8];
int i, r;
clock_t s_clock = clock();
memset(sbuf, 0, sizeof(sbuf));
if (debug)
if (SSL_in_init(s_ssl))
printf("server waiting in SSL_accept - %s\n",
SSL_state_string_long(s_ssl));
if (sw_num > 0)
{
/* Write to client. */
if (sw_num > (long)sizeof sbuf)
i = sizeof sbuf;
else
i = (int)sw_num;
r = BIO_write(s_ssl_bio, sbuf, i);
if (r < 0)
{
if (!BIO_should_retry(s_ssl_bio))
{
fprintf(stderr,"ERROR in SERVER\n");
goto err;
}
/* Ignore "BIO_should_retry". */
}
else if (r == 0)
{
fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
goto err;
}
else
{
if (debug)
printf("server wrote %d\n", r);
sw_num -= r;
}
}
if (sr_num > 0)
{
/* Read from client. */
r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
if (r < 0)
{
if (!BIO_should_retry(s_ssl_bio))
{
fprintf(stderr,"ERROR in SERVER\n");
goto err;
}
/* blah, blah */
}
else if (r == 0)
{
fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
goto err;
}
else
{
if (debug)
printf("server read %d\n", r);
sr_num -= r;
}
}
*s_time += (clock() - s_clock);
}
{
/* "I/O" BETWEEN CLIENT AND SERVER. */
size_t r1, r2;
BIO *io1 = server_io, *io2 = client_io;
/* we use the non-copying interface for io1
* and the standard BIO_write/BIO_read interface for io2
*/
static int prev_progress = 1;
int progress = 0;
/* io1 to io2 */
do
{
size_t num;
int r;
r1 = BIO_ctrl_pending(io1);
r2 = BIO_ctrl_get_write_guarantee(io2);
num = r1;
if (r2 < num)
num = r2;
if (num)
{
char *dataptr;
if (INT_MAX < num) /* yeah, right */
num = INT_MAX;
r = BIO_nread(io1, &dataptr, (int)num);
assert(r > 0);
assert(r <= (int)num);
/* possibly r < num (non-contiguous data) */
num = r;
r = BIO_write(io2, dataptr, (int)num);
if (r != (int)num) /* can't happen */
{
fprintf(stderr, "ERROR: BIO_write could not write "
"BIO_ctrl_get_write_guarantee() bytes");
goto err;
}
progress = 1;
if (debug)
printf((io1 == client_io) ?
"C->S relaying: %d bytes\n" :
"S->C relaying: %d bytes\n",
(int)num);
}
}
while (r1 && r2);
/* io2 to io1 */
{
size_t num;
int r;
r1 = BIO_ctrl_pending(io2);
r2 = BIO_ctrl_get_read_request(io1);
/* here we could use ..._get_write_guarantee instead of
* ..._get_read_request, but by using the latter
* we test restartability of the SSL implementation
* more thoroughly */
num = r1;
if (r2 < num)
num = r2;
if (num)
{
char *dataptr;
if (INT_MAX < num)
num = INT_MAX;
if (num > 1)
--num; /* test restartability even more thoroughly */
r = BIO_nwrite0(io1, &dataptr);
assert(r > 0);
if (r < (int)num)
num = r;
r = BIO_read(io2, dataptr, (int)num);
if (r != (int)num) /* can't happen */
{
fprintf(stderr, "ERROR: BIO_read could not read "
"BIO_ctrl_pending() bytes");
goto err;
}
progress = 1;
r = BIO_nwrite(io1, &dataptr, (int)num);
if (r != (int)num) /* can't happen */
{
fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
"BIO_nwrite0() bytes");
goto err;
}
if (debug)
printf((io2 == client_io) ?
"C->S relaying: %d bytes\n" :
"S->C relaying: %d bytes\n",
(int)num);
}
} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
if (!progress && !prev_progress)
if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
{
fprintf(stderr, "ERROR: got stuck\n");
if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
{
fprintf(stderr, "This can happen for SSL2 because "
"CLIENT-FINISHED and SERVER-VERIFY are written \n"
"concurrently ...");
if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
{
fprintf(stderr, " ok.\n");
goto end;
}
}
fprintf(stderr, " ERROR.\n");
goto err;
}
prev_progress = progress;
}
}
while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
if (verbose)
print_details(c_ssl, "DONE via BIO pair: ");
end:
ret = 0;
err:
ERR_print_errors(bio_err);
if (server)
BIO_free(server);
if (server_io)
BIO_free(server_io);
if (client)
BIO_free(client);
if (client_io)
BIO_free(client_io);
if (s_ssl_bio)
BIO_free(s_ssl_bio);
if (c_ssl_bio)
BIO_free(c_ssl_bio);
return ret;
}
/**
* oh_ssl_connect
* @hostname: Name of target host. Format:
* "hostname:port" or "IPaddress:port"
* @ctx: pointer to SSL_CTX as returned by oh_ssl_ctx_init()
* @timeout: maximum number of seconds to wait for a connection to
* hostname, or zero to wait forever
*
* Create and open a new ssl conection to the specified host.
*
* Return value: pointer to BIO, or NULL for failure
**/
BIO *oh_ssl_connect(char *hostname, SSL_CTX *ctx, long timeout)
{
BIO *bio;
SSL *ssl;
int err;
int len, retval = 0;
int RetVal, socket_desc = 0;
char *Server = NULL;
char *Port = NULL;
struct addrinfo Hints, *AddrInfo = NULL, *ai = NULL;
memset(&Hints, 0, sizeof(Hints));
Hints.ai_family = AF_UNSPEC;
Hints.ai_socktype = SOCK_STREAM;
len = strlen(hostname);
if (hostname == NULL) {
CRIT("NULL hostname in oh_ssl_connect()");
return(NULL);
}
if (ctx == NULL) {
CRIT("NULL ctx in oh_ssl_connect()");
return(NULL);
}
if (timeout < 0) {
CRIT("inappropriate timeout in oh_ssl_connect()");
return(NULL);
}
/* Allocate memory to a char pointer "Server" */
Server = (char *) g_malloc0(sizeof(char) * len);
if (Server == NULL){
CRIT("out of memory");
return NULL;
}
memset(Server, 0, len);
/* hostname contains "Port" along with "IP Address". As, only
* "IP Address" is needed for some of the below operations, so copy
* "IP Address" from hostname to "Server".
*/
strncpy(Server, hostname, (len - 4));
/* Allocate memory to a char pointer "Port" */
Port = (char *) g_malloc0(sizeof(char) * 4);
if (Port == NULL){
CRIT("out of memory");
g_free(Server);
return NULL;
}
/* As Port number is needed separately for some of the below
* operations, so copy port number from hostname to "Port".
*/
strncpy(Port, hostname + (len - 3), 3);
/* Create socket address structure to prepare client socket */
RetVal = getaddrinfo(Server, Port, &Hints, &AddrInfo);
if (RetVal != 0) {
CRIT("Cannot resolve address [%s] and port [%s],"
" error %d: %s",
Server, Port, RetVal, gai_strerror(RetVal));
g_free(Server);
g_free(Port);
return NULL;
}
ai = AddrInfo;
/* Create a socket point */
socket_desc = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (socket_desc == -1) {
CRIT("Socket failed with error: %s",
strerror(errno));
g_free(Server);
g_free(Port);
freeaddrinfo(AddrInfo);
return NULL;
}
/* Now connect to target IP Address */
retval = connect(socket_desc, ai->ai_addr, ai->ai_addrlen);
if (retval != 0) {
CRIT("Socket connect failed with error: %s",
strerror(errno));
g_free(Server);
g_free(Port);
freeaddrinfo(AddrInfo);
close(socket_desc);
return NULL;
}
/* Create new SSL structure for connection */
ssl = SSL_new(ctx);
/* Connect ssl object with a socket descriptor */
SSL_set_fd(ssl, socket_desc);
/* Initiate SSL connection */
err = SSL_connect(ssl);
if (err != 1) {
CRIT("SSL connection failed");
g_free(Server);
g_free(Port);
freeaddrinfo(AddrInfo);
close(socket_desc);
return (NULL);
}
bio = BIO_new(BIO_f_ssl()); /* create an ssl BIO */
BIO_set_ssl(bio, ssl, BIO_CLOSE); /* assign the ssl BIO to SSL */
/* TODO: Do I need to set the client or server mode here? I don't
* think so.
*/
g_free(Server);
g_free(Port);
freeaddrinfo(AddrInfo);
return(bio);
}
static int http_serve(SSL *ssl, int s)
{
char buf[BUFSIZZ];
int r,len;
BIO *io,*ssl_bio;
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
BIO_push(io,ssl_bio);
r=BIO_gets(io,buf,BUFSIZZ-1);
switch(SSL_get_error(ssl,r)){
case SSL_ERROR_NONE:
len=r;
break;
default:
berr_exit("SSL read problem");
}
char *saveptr;
char resource[512] = {'\0'};
char *token = strtok_r(buf, " ", &saveptr);
if (token && strcasecmp(token, "GET") == 0)
{
token = strtok_r(NULL, " ", &saveptr);
if (token)
{
strncpy(resource, token, sizeof(resource));
}
}
if (resource[0])
{
while(1){
r=BIO_gets(io,buf,BUFSIZZ-1);
switch(SSL_get_error(ssl,r)){
case SSL_ERROR_NONE:
len=r;
break;
default:
berr_exit("SSL read problem");
}
/* Look for the blank line that signals
the end of the HTTP headers */
if(!strcmp(buf,"\r\n") || !strcmp(buf,"\n"))
break;
}
}
if (strcasecmp(resource, "/ciphersuites.txt") == 0)
{
http_serve_headers(io, 200, "OK", "text/plain");
print_ciphersuite_data(io, ssl, 0);
}
else if (strcasecmp(resource, "/ciphersuites.js") == 0)
{
long protocol = SSL_version(ssl);
http_serve_headers(io, 200, "OK", "text/javascript");
if(BIO_printf(io, "$(function() {\n insert_text('%s', '", get_protocol_name(protocol)) <= 0)
err_exit("Write error");
print_ciphersuite_data(io, ssl, 1);
if(BIO_printf(io, "');\n});") <= 0)
err_exit("Write error");
}
else
{
http_serve_headers(io, 404, "Not Found", "text/plain");
if(BIO_puts(io, "Not found.") <= 0)
err_exit("Write error");
}
if((r=BIO_flush(io))<0)
err_exit("Error flushing BIO");
r=SSL_shutdown(ssl);
if(!r){
/* If we called SSL_shutdown() first then
we always get return value of '0'. In
this case, try again, but first send a
TCP FIN to trigger the other side's
close_notify*/
shutdown(s,1);
r=SSL_shutdown(ssl);
}
switch(r){
case 1:
break; /* Success */
case 0:
case -1:
default:
berr_exit("Shutdown failed");
}
SSL_free(ssl);
close(s);
return(0);
}
int doit(SSL *s_ssl, SSL *c_ssl, long count)
{
MS_STATIC char cbuf[1024*8],sbuf[1024*8];
long cw_num=count,cr_num=count;
long sw_num=count,sr_num=count;
int ret=1;
BIO *c_to_s=NULL;
BIO *s_to_c=NULL;
BIO *c_bio=NULL;
BIO *s_bio=NULL;
int c_r,c_w,s_r,s_w;
int c_want,s_want;
int i,j;
int done=0;
int c_write,s_write;
int do_server=0,do_client=0;
memset(cbuf,0,sizeof(cbuf));
memset(sbuf,0,sizeof(sbuf));
c_to_s=BIO_new(BIO_s_mem());
s_to_c=BIO_new(BIO_s_mem());
if ((s_to_c == NULL) || (c_to_s == NULL))
{
ERR_print_errors(bio_err);
goto err;
}
c_bio=BIO_new(BIO_f_ssl());
s_bio=BIO_new(BIO_f_ssl());
if ((c_bio == NULL) || (s_bio == NULL))
{
ERR_print_errors(bio_err);
goto err;
}
SSL_set_connect_state(c_ssl);
SSL_set_bio(c_ssl,s_to_c,c_to_s);
BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
SSL_set_accept_state(s_ssl);
SSL_set_bio(s_ssl,c_to_s,s_to_c);
BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
c_r=0; s_r=1;
c_w=1; s_w=0;
c_want=W_WRITE;
s_want=0;
c_write=1,s_write=0;
/* We can always do writes */
for (;;)
{
do_server=0;
do_client=0;
i=(int)BIO_pending(s_bio);
if ((i && s_r) || s_w) do_server=1;
i=(int)BIO_pending(c_bio);
if ((i && c_r) || c_w) do_client=1;
if (do_server && debug)
{
if (SSL_in_init(s_ssl))
printf("server waiting in SSL_accept - %s\n",
SSL_state_string_long(s_ssl));
/* else if (s_write)
printf("server:SSL_write()\n");
else
printf("server:SSL_read()\n"); */
}
if (do_client && debug)
{
if (SSL_in_init(c_ssl))
printf("client waiting in SSL_connect - %s\n",
SSL_state_string_long(c_ssl));
/* else if (c_write)
printf("client:SSL_write()\n");
else
printf("client:SSL_read()\n"); */
}
if (!do_client && !do_server)
{
fprintf(stdout,"ERROR IN STARTUP\n");
ERR_print_errors(bio_err);
break;
}
if (do_client && !(done & C_DONE))
{
if (c_write)
{
j=(cw_num > (long)sizeof(cbuf))
?sizeof(cbuf):(int)cw_num;
i=BIO_write(c_bio,cbuf,j);
if (i < 0)
{
c_r=0;
c_w=0;
if (BIO_should_retry(c_bio))
{
if (BIO_should_read(c_bio))
c_r=1;
if (BIO_should_write(c_bio))
c_w=1;
}
else
{
fprintf(stderr,"ERROR in CLIENT\n");
ERR_print_errors(bio_err);
goto err;
}
}
else if (i == 0)
{
fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
goto err;
}
else
{
if (debug)
printf("client wrote %d\n",i);
/* ok */
s_r=1;
c_write=0;
cw_num-=i;
}
}
else
{
i=BIO_read(c_bio,cbuf,sizeof(cbuf));
if (i < 0)
{
c_r=0;
c_w=0;
if (BIO_should_retry(c_bio))
{
if (BIO_should_read(c_bio))
c_r=1;
if (BIO_should_write(c_bio))
c_w=1;
}
else
{
fprintf(stderr,"ERROR in CLIENT\n");
ERR_print_errors(bio_err);
goto err;
}
}
else if (i == 0)
{
fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
goto err;
}
else
{
if (debug)
printf("client read %d\n",i);
cr_num-=i;
if (sw_num > 0)
{
s_write=1;
s_w=1;
}
if (cr_num <= 0)
{
s_write=1;
s_w=1;
done=S_DONE|C_DONE;
}
}
}
}
if (do_server && !(done & S_DONE))
{
if (!s_write)
{
i=BIO_read(s_bio,sbuf,sizeof(cbuf));
if (i < 0)
{
s_r=0;
s_w=0;
if (BIO_should_retry(s_bio))
{
if (BIO_should_read(s_bio))
s_r=1;
if (BIO_should_write(s_bio))
s_w=1;
}
else
{
fprintf(stderr,"ERROR in SERVER\n");
ERR_print_errors(bio_err);
goto err;
}
}
else if (i == 0)
{
ERR_print_errors(bio_err);
fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
goto err;
}
else
{
if (debug)
printf("server read %d\n",i);
sr_num-=i;
if (cw_num > 0)
{
c_write=1;
c_w=1;
}
if (sr_num <= 0)
{
s_write=1;
s_w=1;
c_write=0;
}
}
}
else
{
j=(sw_num > (long)sizeof(sbuf))?
sizeof(sbuf):(int)sw_num;
i=BIO_write(s_bio,sbuf,j);
if (i < 0)
{
s_r=0;
s_w=0;
if (BIO_should_retry(s_bio))
{
if (BIO_should_read(s_bio))
s_r=1;
if (BIO_should_write(s_bio))
s_w=1;
}
else
{
fprintf(stderr,"ERROR in SERVER\n");
ERR_print_errors(bio_err);
goto err;
}
}
else if (i == 0)
{
ERR_print_errors(bio_err);
fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
goto err;
}
else
{
if (debug)
printf("server wrote %d\n",i);
sw_num-=i;
s_write=0;
c_r=1;
if (sw_num <= 0)
done|=S_DONE;
}
}
}
if ((done & S_DONE) && (done & C_DONE)) break;
}
if (verbose)
print_details(c_ssl, "DONE: ");
ret=0;
err:
/* We have to set the BIO's to NULL otherwise they will be
* OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
* again when c_ssl is SSL_free()ed.
* This is a hack required because s_ssl and c_ssl are sharing the same
* BIO structure and SSL_set_bio() and SSL_free() automatically
* BIO_free non NULL entries.
* You should not normally do this or be required to do this */
if (s_ssl != NULL)
{
s_ssl->rbio=NULL;
s_ssl->wbio=NULL;
}
if (c_ssl != NULL)
{
c_ssl->rbio=NULL;
c_ssl->wbio=NULL;
}
if (c_to_s != NULL) BIO_free(c_to_s);
if (s_to_c != NULL) BIO_free(s_to_c);
if (c_bio != NULL) BIO_free_all(c_bio);
if (s_bio != NULL) BIO_free_all(s_bio);
return(ret);
}
