int ssl_setup(SSL_CTX **ctxp, struct pki *pki) { DH *dh; SSL_CTX *ctx; ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len); if (!SSL_CTX_set_session_id_context(ctx, (const unsigned char *)pki->pki_name, strlen(pki->pki_name) + 1)) goto err; if (pki->pki_dhparams_len == 0) dh = get_dh1024(); else dh = get_dh_from_memory(pki->pki_dhparams, pki->pki_dhparams_len); ssl_set_ephemeral_key_exchange(ctx, dh); DH_free(dh); ssl_set_ecdh_curve(ctx, SSL_ECDH_CURVE); *ctxp = ctx; return 1; err: SSL_CTX_free(ctx); ssl_error("ssl_setup"); return 0; }
int ssl_setup(SSL_CTX **ctxp, struct pki *pki, int (*sni_cb)(SSL *,int *,void *), const char *ciphers) { SSL_CTX *ctx; uint8_t sid[SSL_MAX_SID_CTX_LENGTH]; ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len, ciphers); /* * Set session ID context to a random value. We don't support * persistent caching of sessions so it is OK to set a temporary * session ID context that is valid during run time. */ arc4random_buf(sid, sizeof(sid)); if (!SSL_CTX_set_session_id_context(ctx, sid, sizeof(sid))) goto err; if (sni_cb) SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb); SSL_CTX_set_dh_auto(ctx, pki->pki_dhe); SSL_CTX_set_ecdh_auto(ctx, 1); *ctxp = ctx; return 1; err: SSL_CTX_free(ctx); ssl_error("ssl_setup"); return 0; }
int ssl_setup(SSL_CTX **ctxp, struct pki *pki, int (*sni_cb)(SSL *,int *,void *), const char *ciphers, const char *curve) { DH *dh; SSL_CTX *ctx; u_int8_t sid[SSL_MAX_SID_CTX_LENGTH]; ctx = ssl_ctx_create(pki->pki_name, pki->pki_cert, pki->pki_cert_len, ciphers); /* * Set session ID context to a random value. We don't support * persistent caching of sessions so it is OK to set a temporary * session ID context that is valid during run time. */ arc4random_buf(sid, sizeof(sid)); if (!SSL_CTX_set_session_id_context(ctx, sid, sizeof(sid))) goto err; SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, dummy_verify); if (sni_cb) SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb); if (pki->pki_dhparams_len == 0) dh = get_dh(); else dh = get_dh_from_memory(pki->pki_dhparams, pki->pki_dhparams_len); ssl_set_ephemeral_key_exchange(ctx, dh); DH_free(dh); ssl_set_ecdh_curve(ctx, curve); *ctxp = ctx; return 1; err: SSL_CTX_free(ctx); ssl_error("ssl_setup"); return 0; }
void * ssl_mta_init(void *pkiname, char *cert, off_t cert_len, const char *ciphers) { SSL_CTX *ctx = NULL; SSL *ssl = NULL; ctx = ssl_ctx_create(pkiname, cert, cert_len, ciphers); if ((ssl = SSL_new(ctx)) == NULL) goto err; if (!SSL_set_ssl_method(ssl, SSLv23_client_method())) goto err; SSL_CTX_free(ctx); return (void *)(ssl); err: if (ssl != NULL) SSL_free(ssl); if (ctx != NULL) SSL_CTX_free(ctx); ssl_error("ssl_mta_init"); return (NULL); }