/**
* Deletes a SSL server connection.
* @param ssl_server data for ssl server connection
* @return TRUE, or FALSE if an error has occured.
*/
int delete_ssl_server_socket(ssl_server_connection *ssl_server) {
#ifdef HAVE_OPENSSL
if(ssl_server==NULL) {
return FALSE;
}
cleanup_ssl_server_socket(ssl_server);
if (ssl_server->ctx != NULL) {
SSL_CTX_free(ssl_server->ctx);
}
FREE(ssl_server);
ssl_server=NULL;
return TRUE;
#else
return TRUE;
#endif
}
/**
* Deletes a SSL server connection.
* @param ssl_server data for ssl server connection
*/
void delete_ssl_server_socket(ssl_server_connection *ssl_server) {
if (!ssl_server)
return;
cleanup_ssl_server_socket(ssl_server);
if (ssl_server->ctx)
SSL_CTX_free(ssl_server->ctx);
FREE(ssl_server);
}
/**
* Closes a ssl server connection (ssl socket + net socket)
* @param ssl ssl connection
* @return TRUE, or FALSE if an error has occured.
*/
int close_ssl_server_socket(ssl_server_connection *ssl_server) {
#ifdef HAVE_OPENSSL
if (ssl_server==NULL) {
return FALSE;
}
close(ssl_server->server_socket);
cleanup_ssl_server_socket(ssl_server);
return TRUE;
#else
return FALSE;
#endif
}
/**
* Initializes a ssl connection for server use.
* @param pemfilename Filename for the key/cert file
* @return An ssl connection, or NULL if an error occured.
*/
ssl_server_connection *init_ssl_server (char *pemfile, char *clientpemfile) {
#ifdef HAVE_OPENSSL
ssl_server_connection *ssl_server = new_ssl_server_connection(pemfile,
clientpemfile);
ASSERT(pemfile);
if (!ssl_initilized) {
start_ssl();
}
if ((ssl_server->method= SSLv23_server_method()) == NULL ) {
handle_ssl_error("init_ssl_server()");
log("%s: init_ssl_server (): Cannot initialize the SSL method!\n", prog);
goto sslerror;
}
if ((ssl_server->ctx= SSL_CTX_new(ssl_server->method)) == NULL ) {
handle_ssl_error("init_ssl_server()");
log("%s: init_ssl_server (): Cannot initialize SSL server"
" certificate handler!\n"
, prog);
goto sslerror;
}
if (SSL_CTX_use_certificate_file(ssl_server->ctx, pemfile,
SSL_FILETYPE_PEM) <= 0) {
handle_ssl_error("init_ssl_server()");
log("%s: init_ssl_server(): Cannot initialize SSL server"
" certificate!\n", prog);
goto sslerror;
}
if (SSL_CTX_use_PrivateKey_file(ssl_server->ctx, pemfile,
SSL_FILETYPE_PEM) <= 0) {
handle_ssl_error("init_ssl_server()");
log("%s: init_ssl_server(): Cannot initialize SSL server"
" private key!\n", prog);
goto sslerror;
}
if (!SSL_CTX_check_private_key(ssl_server->ctx)) {
handle_ssl_error("init_ssl_server()");
log("%s: init_ssl_server(): The private key does not match the"
" certificate public key!\n", prog);
goto sslerror;
}
/*
* We need this to force transmission of client certs
*/
if (!verify_init(ssl_server)) {
handle_ssl_error("init_ssl_server()");
log("%s: init_ssl_server(): Verification engine was not"
" properly initilized!\n", prog);
goto sslerror;
}
if (ssl_server->clientpemfile != NULL) {
verify_info(ssl_server);
}
return ssl_server;
sslerror:
cleanup_ssl_server_socket(ssl_server);
return NULL;
#else
return NULL;
#endif
}
