示例#1
0
int ssls_register_ssl_key( DSSL_Session* sess,EVP_PKEY* pk )
{
	struct in_addr server_ip = sess->last_packet->ip_header->ip_dst;
	uint16_t server_port = ntohs(sess->last_packet->tcp_header->th_dport);
	EVP_PKEY* dup_key = ssls_dup_PrivateRSA_ENV_PKEY( pk );
	int rc = DSSL_RC_OK;

#if !defined(__APPLE__)
	/* MacOS uses OpenSSL v 0.9.7 that doesn't have EVP_PKEY_cmp */
	_ASSERT( EVP_PKEY_cmp(pk, dup_key) == 1);
#endif

	rc = DSSL_EnvSetServerInfoWithKey(sess->env, &server_ip, server_port, dup_key);
	if( rc == DSSL_RC_OK)
	{
		sess->flags |= SSF_TEST_SSL_KEY; /* set a flag to watch this key until it's proven to work */
		sess->ssl_si = DSSL_EnvFindServerInfo( sess->env, server_ip, server_port);
		_ASSERT(sess->ssl_si);
	}
	else
	{
		EVP_PKEY_free(dup_key);
		dup_key = NULL;
	}

	return rc;
}
示例#2
0
int ssls_register_ssl_key( DSSL_Session* sess,EVP_PKEY* pk )
{
	struct ip_addr server_ip;
	uint16_t server_port = ntohs(sess->last_packet->tcp_header->th_dport);
	int rc = DSSL_RC_OK;
	int bAddToCache = 1;

	GET_IP_DST_ST(sess->last_packet->ip_header, &server_ip);
	/* check if need to add the server to the cache */
	if( sess->env->flags & DSSL_ENV_FORCE_TRY_SSL_KEYS )
	{
		/* only dup the key and add if the server is not already in the cache */
		bAddToCache = (DSSL_EnvFindServerInfo(sess->env, &server_ip, server_port) == NULL);
	}

	if( bAddToCache )
	{
		EVP_PKEY* dup_key = ssls_dup_PrivateRSA_ENV_PKEY( pk );
	#if !defined(__APPLE__)
		/* MacOS uses OpenSSL v 0.9.7 that doesn't have EVP_PKEY_cmp */
		_ASSERT( EVP_PKEY_cmp(pk, dup_key) == 1);
	#endif

		rc = DSSL_EnvSetServerInfoWithKey(sess->env, &server_ip, server_port, dup_key);
		dup_key = NULL; /*DSSL_EnvSetServerInfoWithKey is now managing dup_key data */
	}

	if(rc == DSSL_RC_OK)
	{
		if(sess->env->flags & DSSL_ENV_FORCE_TRY_SSL_KEYS)
		{
			/* don't use the cached value if "force" flag is set 
				because it may be a wrong key due to load balancer
				(multiple SSL servers at a single IP:port) */
			sess->ssl_pkey = pk;
		}
		else
		{
			 /* set a flag to watch this key until it's proven to work */
			sess->flags |= SSF_TEST_SSL_KEY;
			/* query the cached server info back and store in the session */
			sess->ssl_si = DSSL_EnvFindServerInfo( sess->env, &server_ip, server_port);
			_ASSERT(sess->ssl_si);
		}
	}

	return rc;
}