/* Request ssl connection over already established connection. nsiod must be
* socket that is already connected to target using nsock_connect_tcp or
* nsock_connect_sctp. All parameters have the same meaning as in
* 'nsock_connect_ssl' */
nsock_event_id nsock_reconnect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs,
void *userdata, nsock_ssl_session ssl_session) {
#ifndef HAVE_OPENSSL
fatal("nsock_reconnect_ssl called - but nsock was built w/o SSL support. QUITTING");
return (nsock_event_id) 0; /* UNREACHED */
#else
struct niod *nsi = (struct niod *)nsiod;
struct npool *ms = (struct npool *)nsp;
struct nevent *nse;
if (!ms->sslctx)
nsock_pool_ssl_init(ms, 0);
nse = event_new(ms, NSE_TYPE_CONNECT_SSL, nsi, timeout_msecs, handler, userdata);
assert(nse);
/* Set our SSL_SESSION so we can benefit from session-id reuse. */
nsi_set_ssl_session(nsi, (SSL_SESSION *)ssl_session);
nsock_log_info("SSL reconnection requested (IOD #%li) EID %li",
nsi->id, nse->id);
/* Do the actual connect() */
nse->event_done = 0;
nse->status = NSE_STATUS_SUCCESS;
nsock_pool_add_event(ms, nse);
return nse->id;
#endif /* HAVE_OPENSSL */
}
/* Request an SSL over TCP/SCTP connection to another system (by IP address).
* The in_addr is normal network byte order, but the port number should be given
* in HOST BYTE ORDER. This function will call back only after it has made the
* connection AND done the initial SSL negotiation. From that point on, you use
* the normal read/write calls and decryption will happen transparently. ss
* should be a sockaddr_storage, sockaddr_in6, or sockaddr_in as appropriate
* (just like what you would pass to connect). sslen should be the sizeof the
* structure you are passing in. */
nsock_event_id nsock_connect_ssl(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler, int timeout_msecs,
void *userdata, struct sockaddr *saddr, size_t sslen, int proto, unsigned short port, nsock_ssl_session ssl_session) {
#ifndef HAVE_OPENSSL
fatal("nsock_connect_ssl called - but nsock was built w/o SSL support. QUITTING");
return (nsock_event_id)0; /* UNREACHED */
#else
struct sockaddr_storage *ss = (struct sockaddr_storage *)saddr;
msiod *nsi = (msiod *)nsiod;
mspool *ms = (mspool *)nsp;
msevent *nse;
if (!ms->sslctx)
nsp_ssl_init(ms);
assert(nsi->state == NSIOD_STATE_INITIAL || nsi->state == NSIOD_STATE_UNKNOWN);
nse = msevent_new(ms, NSE_TYPE_CONNECT_SSL, nsi, timeout_msecs, handler, userdata);
assert(nse);
/* Set our SSL_SESSION so we can benefit from session-id reuse. */
nsi_set_ssl_session(nsi, (SSL_SESSION *)ssl_session);
nsock_log_info(ms, "SSL connection requested to %s:%hu/%s (IOD #%li) EID %li",
inet_ntop_ez(ss, sslen), port, (proto == IPPROTO_TCP ? "tcp" : "sctp"),
nsi->id, nse->id);
/* Do the actual connect() */
nsock_connect_internal(ms, nse, SOCK_STREAM, proto, ss, sslen, port);
nsp_add_event(ms, nse);
return nse->id;
#endif /* HAVE_OPENSSL */
}
