int ipfix_ssl_init_con( SSL *con ) { extern FILE *mlog_fp; // todo: see if this is working int i; char *str; long verify_error; char buf[100]; if ((i=SSL_accept(con)) <= 0) { if (BIO_sock_should_retry(i)) { mlogf( 0, "[ipfix_ssl_init] DELAY\n"); return -1; } mlogf( 0, "[ipfix_ssl_init] ERROR\n"); verify_error=SSL_get_verify_result( con ); if (verify_error != X509_V_OK) { mlogf( 0, "[ipfix_ssl_init] verify error: %s\n", X509_verify_cert_error_string(verify_error)); } else ERR_print_errors_fp( mlog_fp ); return -1; } if ( 1 <= mlog_get_vlevel() ) { PEM_write_SSL_SESSION( mlog_fp, SSL_get_session(con)); if ( SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) { mlogf( 3, "[ipfix] Shared ciphers:%s\n", buf); } str=(char*)SSL_CIPHER_get_name( SSL_get_current_cipher(con) ); mlogf( 3, "[ipfix] CIPHER is %s\n",(str != NULL)?str:"(NONE)"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) { mlogf( 1, "[ipfix] Peer has incorrect TLSv1 block padding\n"); } } return 0; }
int local_SSL_session_reused(SSL* ssl) { return (int)SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, NULL); }
static int init_ssl_connection(SSL *con) { int i; #ifdef DEBUG const char *str; X509 *peer; static char buf[BUFSIZ]; #endif long verify_error; int err = 0; if ((i = SSL_accept(con)) <= 0) { err = SSL_get_error (con, i); if ((SSL_ERROR_WANT_READ == err) || (SSL_ERROR_WANT_WRITE == err)) fprintf (stderr, "%s: %s(): Error [SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE]\n", \ __FILE__, __func__); if (BIO_sock_should_retry (i)) { BIO_printf(bio_s_out, "DELAY\n"); return 1; } BIO_printf(bio_err, "ERROR\n"); verify_error = SSL_get_verify_result (con); if (verify_error != X509_V_OK) { BIO_printf(bio_err,"verify error:%s\n", X509_verify_cert_error_string(verify_error)); } else { fprintf (stderr, "%s: %s(): X509_V_OK but error\n", __FILE__, __func__); ERR_print_errors (bio_err); } return 0; } #ifdef DEBUG PEM_write_bio_SSL_SESSION (bio_s_out, SSL_get_session (con)); peer = SSL_get_peer_certificate (con); if (NULL != peer) { BIO_printf (bio_s_out, "Client certificate\n"); PEM_write_bio_X509 (bio_s_out, peer); X509_NAME_oneline (X509_get_subject_name (peer), buf, sizeof buf); BIO_printf (bio_s_out, "subject = %s\n", buf); X509_NAME_oneline (X509_get_issuer_name (peer), buf, sizeof buf); BIO_printf (bio_s_out, "issuer = %s\n", buf); X509_free(peer); } if (SSL_get_shared_ciphers (con, buf, sizeof buf) != NULL) BIO_printf (bio_s_out, "Shared ciphers: %s\n", buf); str = SSL_CIPHER_get_name (SSL_get_current_cipher (con)); BIO_printf (bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); #endif if (con->hit) BIO_printf (bio_s_out, "Reused session-id\n"); if (SSL_ctrl (con, SSL_CTRL_GET_FLAGS, 0, NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf (bio_s_out, "Peer has incorrect TLSv1 block padding\n"); return 1; }