Annotation of src/libexec/httpd/ssl-bozo.c, Revision 1.1.1.3
1.1.1.3 ! mrg 1: /* $eterna: ssl-bozo.c,v 1.9 2008/11/06 05:08:11 mrg Exp $ */
1.1 tls 2:
3: /*
1.1.1.2 mrg 4: * Copyright (c) 1997-2008 Matthew R. Green
1.1 tls 5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer and
14: * dedication in the documentation and/or other materials provided
15: * with the distribution.
16: *
17: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
22: * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24: * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27: * SUCH DAMAGE.
28: *
29: */
30:
31: /* this code implements SSL for bozohttpd */
32:
33: #ifndef NO_SSL_SUPPORT
34:
35: #include <unistd.h>
36:
37: #include <openssl/ssl.h>
38: #include <openssl/err.h>
39:
40: #include "bozohttpd.h"
41:
42: static SSL_CTX *ssl_context;
1.1.1.3 ! mrg 43: static const SSL_METHOD *ssl_method;
1.1 tls 44: static SSL *bozossl;
45: static char *certificate_file;
46: static char *privatekey_file;
47:
48: static int ssl_printf(const char *, ...);
49: static ssize_t ssl_read(int, void *, size_t);
50: static ssize_t ssl_write(int, const void *, size_t);
51: static int ssl_flush(FILE *);
52:
53: void
54: ssl_init(void)
55: {
56: if (!certificate_file)
57: return;
58: SSL_library_init();
59: SSL_load_error_strings();
60:
61: ssl_method = SSLv23_server_method();
62: ssl_context = SSL_CTX_new(ssl_method);
63:
64: /* XXX we need to learn how to check the SSL stack for more info */
65: if (ssl_context == NULL)
66: error(1, "SSL context initialization failed.");
67:
68: SSL_CTX_use_certificate_file(ssl_context, certificate_file,
69: SSL_FILETYPE_PEM);
70: SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file,
71: SSL_FILETYPE_PEM);
72:
73: /* check consistency of key vs certificate */
74: if (!SSL_CTX_check_private_key(ssl_context))
75: error(1, "check private key failed");
76: }
77:
78: void
79: ssl_accept()
80: {
81: if (ssl_context) {
82: bozossl = SSL_new(ssl_context); /* XXX global sucks */
83: SSL_set_rfd(bozossl, 0);
84: SSL_set_wfd(bozossl, 1);
85: SSL_accept(bozossl);
86: }
87: }
88:
89: void
90: ssl_destroy()
91: {
92: if (bozossl)
93: SSL_free(bozossl);
94: }
95:
96: void
97: ssl_set_opts(char *cert, char *priv)
98: {
99: certificate_file = cert;
100: privatekey_file = priv;
101: debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file,
102: privatekey_file));
103: if (Iflag_set == 0)
104: Iflag = "https";
105: bozoprintf = ssl_printf;
106: bozoread = ssl_read;
107: bozowrite = ssl_write;
108: bozoflush = ssl_flush;
109: }
110:
111: static int
112: ssl_printf(const char * fmt, ...)
113: {
114: int nbytes;
115: char *buf;
116: va_list ap;
117:
118: /* XXX we need more elegant/proper handling of SSL_write return */
119: va_start(ap, fmt);
120: if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)
121: SSL_write(bozossl, buf, nbytes);
122: va_end(ap);
123:
124: return nbytes;
125: }
126:
127: static ssize_t
128: ssl_read(int fd, void *buf, size_t nbytes)
129: {
130: ssize_t rbytes;
131:
132: /* XXX we need elegant/proper handling of SSL_read return */
133: rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes);
134: if (1 > rbytes) {
135: if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ)
136: warning("SSL_ERROR_WANT_READ");
137: else
138: warning("SSL_ERROR OTHER");
139: }
140:
141: return rbytes;
142: }
143:
144: static ssize_t
145: ssl_write(int fd, const void *buf, size_t nbytes)
146: {
147: ssize_t wbytes;
148:
149: /* XXX we need elegant/proper handling of SSL_write return */
150: wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes);
151:
152: return wbytes;
153: }
154:
155: static int
156: ssl_flush(FILE *fp)
157: {
158: /* nothing to see here, move right along */
159: return 0;
160: }
161: #endif /* NO_SSL_SUPPORT */
CVSweb <webmaster@jp.NetBSD.org>