int dsd_init(struct dsd_cfg *cfg)
{
dsd_cfg = cfg;
dsd_cfg->dsd_running = 1;
dsd_passport = pki_passport_load_from_file(dsd_cfg->certificate, dsd_cfg->privatekey, dsd_cfg->trusted_cert);
dsd_netc = net_server(dsd_cfg->ipaddr, dsd_cfg->port, NET_PROTO_TCP, NET_SECURE_RSA, dsd_passport,
on_connect, on_disconnect, on_input, on_secure);
if (dsd_netc == NULL) {
jlog(L_NOTICE, "net_server failed");
return -1;
}
pthread_t thread_loop;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
pthread_create(&thread_loop, &attr, dsd_loop, NULL);
return 0;
}
SSL_CTX *
evssl_init()
{
DH *dh;
SSL_CTX *ctx;
SSL_load_error_strings();
SSL_library_init();
RAND_poll();
if ((passport = pki_passport_load_from_file(cfg->cert,
cfg->pkey, cfg->tcert)) == NULL) {
return NULL;
}
if ((ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) {
jlog(L_ERROR, "SSL_CTX_new failed");
return NULL;
}
if ((dh = get_dh_1024()) == NULL) {
jlog(L_ERROR, "get_dh_1024 failed");
goto out;
}
if ((SSL_CTX_set_tmp_dh(ctx, dh)) == 0) {
jlog(L_ERROR, "SSL_CTX_set_tmp_dh failed");
goto out;
}
//SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES256-GCM-SHA384");
if ((SSL_CTX_set_cipher_list(ctx, "AES256-GCM-SHA384")) == 0) {
jlog(L_ERROR, "SSL_CTX_set_cipher failed");
goto out;
}
SSL_CTX_set_cert_store(ctx, passport->cacert_store);
if ((SSL_CTX_use_certificate(ctx, passport->certificate)) == 0) {
jlog(L_ERROR, "SSL_CTX_use_certificate failed");
goto out;
}
if ((SSL_CTX_use_PrivateKey(ctx, passport->keyring)) == 0) {
jlog(L_ERROR, "SSL_CTX_use_PrivateKey failed");
goto out;
}
DH_free(dh);
return ctx;
out:
DH_free(dh);
SSL_CTX_free(ctx);
return NULL;
}
