// sslAccept() is how the server waits for connections for clients
size_t
SSLServer::sslAccept(int fd)
{
GNASH_REPORT_FUNCTION;
setKeyfile(SERVER_KEYFILE);
if (!_ctx) {
if (!sslSetupCTX()) {
return false;
}
}
loadDhParams(_ctx.get(), const_cast<char *>(DHFILE));
log_debug(_("Got an incoming SSL connection request"));
_bio.reset(BIO_new_socket(fd, BIO_NOCLOSE));
_ssl.reset(SSL_new(_ctx.get()));
SSL_set_accept_state(_ssl.get());
SSL_set_bio(_ssl.get(), _bio.get(), _bio.get());
int ret = 0;
if((ret = SSL_accept(_ssl.get()) <= 0)) {
log_error(_("Error was: \"%s\"!"),
ERR_reason_error_string(ERR_get_error()));
}
return 0;
}
bool
SSLClient::sslConnect(int fd, std::string &hostname, short port)
{
GNASH_REPORT_FUNCTION;
int ret;
if (!_ctx) {
if (!sslSetupCTX()) {
return false;
}
}
_ssl.reset(SSL_new(_ctx.get()));
// // Make a tcp/ip connect to the server
// if (createClient(hostname, getPort()) == false) {
// log_error("Can't connect to server %s", hostname);
// return false;
// }
// Handshake the server
ERR_clear_error();
#if 0
_bio.reset(BIO_new_socket(fd, BIO_NOCLOSE));
#else
// BIO_set_conn_hostname(_bio.get(), _hostname.c_str());
_bio.reset(BIO_new_connect(const_cast<char *>(_hostname.c_str())));
BIO_set_conn_int_port(_bio.get(), &port);
log_debug("PORT is: %d", BIO_get_conn_port(_bio.get()));
if (BIO_do_connect(_bio.get()) <= 0) {
log_error("Error connecting to remote machine: %s",
ERR_reason_error_string(ERR_get_error()));
}
#endif
SSL_set_bio(_ssl.get(), _bio.get(), _bio.get());
SSL_set_connect_state(_ssl.get());
if ((ret = SSL_connect(_ssl.get())) < 0) {
log_error("Can't connect to SSL server %s", hostname);
log_error("Error was: \"%s\"!", ERR_reason_error_string(ERR_get_error()));
return false;
} else {
log_debug("Connected to SSL server %s", hostname);
}
ERR_clear_error();
#if 0
if (_need_server_auth) {
checkCert(hostname);
}
#endif
return true;
}
// Setup the Context for this connection
bool
SSLClient::sslSetupCTX()
{
return sslSetupCTX(_keyfile, _calist);
}
