[BACK]Return to ssl-bozo.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / libexec / httpd

Annotation of src/libexec/httpd/ssl-bozo.c, Revision 1.1.1.3

1.1.1.3 ! mrg         1: /*     $eterna: ssl-bozo.c,v 1.9 2008/11/06 05:08:11 mrg Exp $ */
1.1       tls         2:
                      3: /*
1.1.1.2   mrg         4:  * Copyright (c) 1997-2008 Matthew R. Green
1.1       tls         5:  * All rights reserved.
                      6:  *
                      7:  * Redistribution and use in source and binary forms, with or without
                      8:  * modification, are permitted provided that the following conditions
                      9:  * are met:
                     10:  * 1. Redistributions of source code must retain the above copyright
                     11:  *    notice, this list of conditions and the following disclaimer.
                     12:  * 2. Redistributions in binary form must reproduce the above copyright
                     13:  *    notice, this list of conditions and the following disclaimer and
                     14:  *    dedication in the documentation and/or other materials provided
                     15:  *    with the distribution.
                     16:  *
                     17:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     18:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     19:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     20:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     21:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
                     22:  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
                     23:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
                     24:  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
                     25:  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
                     26:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
                     27:  * SUCH DAMAGE.
                     28:  *
                     29:  */
                     30:
                     31: /* this code implements SSL for bozohttpd */
                     32:
                     33: #ifndef NO_SSL_SUPPORT
                     34:
                     35: #include <unistd.h>
                     36:
                     37: #include <openssl/ssl.h>
                     38: #include <openssl/err.h>
                     39:
                     40: #include "bozohttpd.h"
                     41:
                     42: static SSL_CTX         *ssl_context;
1.1.1.3 ! mrg        43: static const SSL_METHOD        *ssl_method;
1.1       tls        44: static SSL             *bozossl;
                     45: static char            *certificate_file;
                     46: static char            *privatekey_file;
                     47:
                     48: static int     ssl_printf(const char *, ...);
                     49: static ssize_t ssl_read(int, void *, size_t);
                     50: static ssize_t ssl_write(int, const void *, size_t);
                     51: static int     ssl_flush(FILE *);
                     52:
                     53: void
                     54: ssl_init(void)
                     55: {
                     56:        if (!certificate_file)
                     57:                return;
                     58:        SSL_library_init();
                     59:        SSL_load_error_strings();
                     60:
                     61:        ssl_method = SSLv23_server_method();
                     62:        ssl_context = SSL_CTX_new(ssl_method);
                     63:
                     64:        /* XXX we need to learn how to check the SSL stack for more info */
                     65:        if (ssl_context == NULL)
                     66:                error(1, "SSL context initialization failed.");
                     67:
                     68:        SSL_CTX_use_certificate_file(ssl_context, certificate_file,
                     69:            SSL_FILETYPE_PEM);
                     70:        SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file,
                     71:            SSL_FILETYPE_PEM);
                     72:
                     73:        /* check consistency of key vs certificate */
                     74:        if (!SSL_CTX_check_private_key(ssl_context))
                     75:                error(1, "check private key failed");
                     76: }
                     77:
                     78: void
                     79: ssl_accept()
                     80: {
                     81:        if (ssl_context) {
                     82:                bozossl = SSL_new(ssl_context); /* XXX global sucks */
                     83:                SSL_set_rfd(bozossl, 0);
                     84:                SSL_set_wfd(bozossl, 1);
                     85:                SSL_accept(bozossl);
                     86:        }
                     87: }
                     88:
                     89: void
                     90: ssl_destroy()
                     91: {
                     92:        if (bozossl)
                     93:                SSL_free(bozossl);
                     94: }
                     95:
                     96: void
                     97: ssl_set_opts(char *cert, char *priv)
                     98: {
                     99:        certificate_file = cert;
                    100:        privatekey_file = priv;
                    101:        debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file,
                    102:            privatekey_file));
                    103:        if (Iflag_set == 0)
                    104:                Iflag = "https";
                    105:        bozoprintf = ssl_printf;
                    106:        bozoread = ssl_read;
                    107:        bozowrite = ssl_write;
                    108:        bozoflush = ssl_flush;
                    109: }
                    110:
                    111: static int
                    112: ssl_printf(const char * fmt, ...)
                    113: {
                    114:        int nbytes;
                    115:        char *buf;
                    116:        va_list ap;
                    117:
                    118:        /* XXX we need more elegant/proper handling of SSL_write return */
                    119:        va_start(ap, fmt);
                    120:        if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)
                    121:                SSL_write(bozossl, buf, nbytes);
                    122:        va_end(ap);
                    123:
                    124:        return nbytes;
                    125: }
                    126:
                    127: static ssize_t
                    128: ssl_read(int fd, void *buf, size_t nbytes)
                    129: {
                    130:        ssize_t rbytes;
                    131:
                    132:        /* XXX we need elegant/proper handling of SSL_read return */
                    133:        rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes);
                    134:        if (1 > rbytes) {
                    135:                if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ)
                    136:                        warning("SSL_ERROR_WANT_READ");
                    137:                else
                    138:                        warning("SSL_ERROR OTHER");
                    139:        }
                    140:
                    141:        return rbytes;
                    142: }
                    143:
                    144: static ssize_t
                    145: ssl_write(int fd, const void *buf, size_t nbytes)
                    146: {
                    147:        ssize_t wbytes;
                    148:
                    149:        /* XXX we need elegant/proper handling of SSL_write return */
                    150:        wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes);
                    151:
                    152:        return wbytes;
                    153: }
                    154:
                    155: static int
                    156: ssl_flush(FILE *fp)
                    157: {
                    158:        /* nothing to see here, move right along */
                    159:        return 0;
                    160: }
                    161: #endif /* NO_SSL_SUPPORT */

CVSweb <webmaster@jp.NetBSD.org>