2009-01-31 10:33:39 -08:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include <config.h>
|
|
|
|
#endif
|
|
|
|
|
2012-11-23 14:38:23 -08:00
|
|
|
#ifdef STDC_HEADERS
|
|
|
|
# include <stdlib.h>
|
|
|
|
# include <stddef.h>
|
|
|
|
#else
|
|
|
|
# ifdef HAVE_STDLIB_H
|
|
|
|
# include <stdlib.h>
|
|
|
|
# endif
|
|
|
|
#endif
|
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#if HAVE_GNUTLS
|
2008-10-30 08:26:11 -07:00
|
|
|
# include <gnutls/gnutls.h>
|
2010-07-28 11:25:46 -07:00
|
|
|
# include <gnutls/x509.h>
|
|
|
|
# include <gcrypt.h>
|
2012-12-05 16:11:14 -08:00
|
|
|
#elif HAVE_OPENSSL
|
2008-10-30 08:26:11 -07:00
|
|
|
# include <openssl/ssl.h>
|
2010-07-26 23:30:27 -07:00
|
|
|
# include <openssl/err.h>
|
2010-09-22 10:37:25 -07:00
|
|
|
# include <openssl/dh.h>
|
2008-10-30 08:26:11 -07:00
|
|
|
#endif
|
|
|
|
|
2010-02-20 11:12:52 -08:00
|
|
|
#ifdef HAVE_WS2TCPIP_H
|
2010-02-20 10:01:50 -08:00
|
|
|
# include <ws2tcpip.h>
|
|
|
|
#endif
|
|
|
|
|
2011-12-07 19:25:53 -08:00
|
|
|
#include <sys/stat.h>
|
2009-03-18 01:38:43 -07:00
|
|
|
#include "Ecore.h"
|
2009-12-22 13:15:12 -08:00
|
|
|
#include "ecore_con_private.h"
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2011-06-15 11:58:34 -07:00
|
|
|
EAPI int ECORE_CON_EVENT_CLIENT_UPGRADE = 0;
|
|
|
|
EAPI int ECORE_CON_EVENT_SERVER_UPGRADE = 0;
|
|
|
|
|
2009-10-09 22:28:43 -07:00
|
|
|
static int _init_con_ssl_init_count = 0;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#ifdef HAVE_GNUTLS
|
2010-07-28 11:25:46 -07:00
|
|
|
GCRY_THREAD_OPTION_PTHREAD_IMPL;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static int _client_connected = 0;
|
2011-05-14 05:53:00 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
# define SSL_SUFFIX(ssl_func) ssl_func ## _gnutls
|
2008-10-30 08:26:11 -07:00
|
|
|
# define _ECORE_CON_SSL_AVAILABLE 1
|
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#elif HAVE_OPENSSL
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
# define SSL_SUFFIX(ssl_func) ssl_func ## _openssl
|
2008-10-30 08:26:11 -07:00
|
|
|
# define _ECORE_CON_SSL_AVAILABLE 2
|
|
|
|
|
|
|
|
#else
|
2010-07-26 23:30:27 -07:00
|
|
|
# define SSL_SUFFIX(ssl_func) ssl_func ## _none
|
2008-10-30 08:26:11 -07:00
|
|
|
# define _ECORE_CON_SSL_AVAILABLE 0
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#if HAVE_GNUTLS
|
2010-09-27 20:16:08 -07:00
|
|
|
static void
|
2014-12-30 02:18:21 -08:00
|
|
|
_gnutls_print_errors(Eo *conn, int type, int ret)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2011-02-10 00:49:23 -08:00
|
|
|
char buf[1024];
|
2011-04-20 07:15:33 -07:00
|
|
|
|
2011-02-10 00:49:23 -08:00
|
|
|
if (!ret) return;
|
2011-04-20 07:15:33 -07:00
|
|
|
|
2011-02-10 00:49:23 -08:00
|
|
|
snprintf(buf, sizeof(buf), "GNUTLS error: %s - %s", gnutls_strerror_name(ret), gnutls_strerror(ret));
|
|
|
|
if (type == ECORE_CON_EVENT_CLIENT_ERROR)
|
|
|
|
ecore_con_event_client_error(conn, buf);
|
|
|
|
else
|
|
|
|
ecore_con_event_server_error(conn, buf);
|
2010-09-27 20:16:08 -07:00
|
|
|
}
|
|
|
|
|
2011-12-07 21:58:47 -08:00
|
|
|
static void
|
|
|
|
_gnutls_print_session(const gnutls_datum_t *cert_list, unsigned int cert_list_size)
|
|
|
|
{
|
|
|
|
char *c = NULL;
|
|
|
|
gnutls_x509_crt_t crt;
|
|
|
|
unsigned int x;
|
|
|
|
|
|
|
|
if (!eina_log_domain_level_check(_ecore_con_log_dom, EINA_LOG_LEVEL_DBG)) return;
|
|
|
|
for (x = 0; x < cert_list_size; x++)
|
|
|
|
{
|
|
|
|
gnutls_x509_crt_init(&crt);
|
|
|
|
gnutls_x509_crt_import(crt, &cert_list[x], GNUTLS_X509_FMT_DER);
|
2013-12-19 21:07:50 -08:00
|
|
|
gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, (gnutls_datum_t *)&c);
|
2011-12-07 21:58:47 -08:00
|
|
|
INF("CERTIFICATE:\n%s", c);
|
|
|
|
gnutls_free(c);
|
|
|
|
gnutls_x509_crt_deinit(crt);
|
|
|
|
crt = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-11-30 19:19:28 -08:00
|
|
|
#ifdef ISCOMFITOR
|
2010-10-28 21:31:16 -07:00
|
|
|
static void
|
2013-12-19 21:07:50 -08:00
|
|
|
_gnutls_log_func(int level,
|
2010-11-03 10:58:37 -07:00
|
|
|
const char *str)
|
2010-10-28 21:31:16 -07:00
|
|
|
{
|
2011-12-07 21:58:47 -08:00
|
|
|
char buf[128];
|
|
|
|
strncat(buf, str, strlen(str) - 1);
|
|
|
|
DBG("|<%d>| %s", level, buf);
|
2010-10-28 21:31:16 -07:00
|
|
|
}
|
2013-12-19 21:07:50 -08:00
|
|
|
|
2010-11-30 19:19:28 -08:00
|
|
|
#endif
|
2010-10-28 21:31:16 -07:00
|
|
|
|
2010-11-03 10:58:37 -07:00
|
|
|
static const char *
|
2010-09-23 23:54:49 -07:00
|
|
|
SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_description_t status)
|
|
|
|
{
|
|
|
|
switch (status)
|
|
|
|
{
|
|
|
|
case GNUTLS_HANDSHAKE_HELLO_REQUEST:
|
|
|
|
return "Hello request";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_CLIENT_HELLO:
|
|
|
|
return "Client hello";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_SERVER_HELLO:
|
|
|
|
return "Server hello";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
|
|
|
|
return "New session ticket";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
|
|
|
|
return "Certificate packet";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
|
|
|
|
return "Server key exchange";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
|
|
|
|
return "Certificate request";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
|
|
|
|
return "Server hello done";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
|
|
|
|
return "Certificate verify";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
|
|
|
|
return "Client key exchange";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_FINISHED:
|
|
|
|
return "Finished";
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 23:54:49 -07:00
|
|
|
case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
|
|
|
|
return "Supplemental";
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#elif HAVE_OPENSSL
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2011-12-07 18:11:22 -08:00
|
|
|
static void
|
|
|
|
_openssl_print_verify_error(int error)
|
|
|
|
{
|
|
|
|
switch (error)
|
|
|
|
{
|
|
|
|
#define ERROR(X) \
|
2013-12-19 21:07:50 -08:00
|
|
|
case (X): \
|
|
|
|
ERR("%s", #X); \
|
|
|
|
break
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_GET_CRL
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_GET_CRL);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_SIGNATURE_FAILURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_SIGNATURE_FAILURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CRL_SIGNATURE_FAILURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CRL_SIGNATURE_FAILURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_NOT_YET_VALID
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_NOT_YET_VALID);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_HAS_EXPIRED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_HAS_EXPIRED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CRL_NOT_YET_VALID
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CRL_NOT_YET_VALID);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CRL_HAS_EXPIRED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CRL_HAS_EXPIRED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_OUT_OF_MEM
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_OUT_OF_MEM);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_CHAIN_TOO_LONG
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_CHAIN_TOO_LONG);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_REVOKED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_REVOKED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_INVALID_CA
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_INVALID_CA);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_PATH_LENGTH_EXCEEDED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_PATH_LENGTH_EXCEEDED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_INVALID_PURPOSE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_INVALID_PURPOSE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_UNTRUSTED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_UNTRUSTED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CERT_REJECTED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CERT_REJECTED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2013-12-19 21:07:50 -08:00
|
|
|
/* These are 'informational' when looking for issuer cert */
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_SUBJECT_ISSUER_MISMATCH
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_AKID_SKID_MISMATCH
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_AKID_SKID_MISMATCH);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_KEYUSAGE_NO_CERTSIGN
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_KEYUSAGE_NO_CERTSIGN);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2011-12-07 18:11:22 -08:00
|
|
|
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_INVALID_NON_CA
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_INVALID_NON_CA);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2011-12-07 18:11:22 -08:00
|
|
|
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_INVALID_EXTENSION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_INVALID_EXTENSION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_INVALID_POLICY_EXTENSION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_INVALID_POLICY_EXTENSION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_NO_EXPLICIT_POLICY
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_NO_EXPLICIT_POLICY);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_DIFFERENT_CRL_SCOPE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_DIFFERENT_CRL_SCOPE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2011-12-07 18:11:22 -08:00
|
|
|
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_UNNESTED_RESOURCE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNNESTED_RESOURCE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2011-12-07 18:11:22 -08:00
|
|
|
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_PERMITTED_VIOLATION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_PERMITTED_VIOLATION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_EXCLUDED_VIOLATION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_EXCLUDED_VIOLATION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_SUBTREE_MINMAX
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_SUBTREE_MINMAX);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
|
|
|
#ifdef X509_V_ERR_CRL_PATH_VALIDATION_ERROR
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_CRL_PATH_VALIDATION_ERROR);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2011-12-07 18:11:22 -08:00
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
/* The application is not happy */
|
2011-12-07 18:53:43 -08:00
|
|
|
#ifdef X509_V_ERR_APPLICATION_VERIFICATION
|
2013-12-19 21:07:50 -08:00
|
|
|
ERROR(X509_V_ERR_APPLICATION_VERIFICATION);
|
2011-12-07 18:53:43 -08:00
|
|
|
#endif
|
2011-12-07 18:11:22 -08:00
|
|
|
}
|
|
|
|
#undef ERROR
|
|
|
|
}
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
static void
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(Eo *conn, int type)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2011-02-10 00:49:23 -08:00
|
|
|
char buf[1024];
|
2010-09-27 20:16:08 -07:00
|
|
|
do
|
|
|
|
{
|
|
|
|
unsigned long err;
|
|
|
|
|
|
|
|
err = ERR_get_error();
|
|
|
|
if (!err) break;
|
2011-02-10 00:49:23 -08:00
|
|
|
snprintf(buf, sizeof(buf), "OpenSSL error: %s", ERR_reason_error_string(err));
|
|
|
|
if (type == ECORE_CON_EVENT_CLIENT_ERROR)
|
|
|
|
ecore_con_event_client_error(conn, buf);
|
|
|
|
else
|
|
|
|
ecore_con_event_server_error(conn, buf);
|
2010-09-27 20:16:08 -07:00
|
|
|
} while (1);
|
|
|
|
}
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2011-06-25 01:39:07 -07:00
|
|
|
static Eina_Bool
|
|
|
|
_openssl_name_verify(const char *name, const char *svrname)
|
|
|
|
{
|
|
|
|
if (name[0] == '*')
|
|
|
|
{
|
|
|
|
/* we allow *.domain.TLD with a wildcard, but nothing else */
|
|
|
|
const char *p, *s;
|
|
|
|
|
|
|
|
EINA_SAFETY_ON_TRUE_RETURN_VAL((name[1] != '.') || (!name[2]), EINA_FALSE);
|
|
|
|
p = strchr(name + 1, '*');
|
|
|
|
EINA_SAFETY_ON_TRUE_RETURN_VAL(!!p, EINA_FALSE);
|
|
|
|
/* verify that we have a domain of at least *.X.TLD and not *.TLD */
|
|
|
|
p = strchr(name + 2, '.');
|
|
|
|
EINA_SAFETY_ON_TRUE_RETURN_VAL(!p, EINA_FALSE);
|
|
|
|
s = strchr(svrname, '.');
|
|
|
|
EINA_SAFETY_ON_TRUE_RETURN_VAL(!s, EINA_FALSE);
|
|
|
|
/* same as above for the stored name */
|
|
|
|
EINA_SAFETY_ON_TRUE_RETURN_VAL(!strchr(s + 1, '.'), EINA_FALSE);
|
2011-12-07 19:56:29 -08:00
|
|
|
if (strcasecmp(s, name + 1))
|
|
|
|
{
|
|
|
|
ERR("%s != %s", s, name + 1);
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2011-06-25 01:39:07 -07:00
|
|
|
}
|
|
|
|
else
|
2013-12-19 21:07:50 -08:00
|
|
|
if (strcasecmp(name, svrname))
|
|
|
|
{
|
|
|
|
ERR("%s != %s", name, svrname);
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2011-06-25 01:39:07 -07:00
|
|
|
return EINA_TRUE;
|
|
|
|
}
|
|
|
|
|
2011-12-07 18:59:27 -08:00
|
|
|
static void
|
|
|
|
_openssl_print_session(SSL *ssl)
|
|
|
|
{
|
|
|
|
/* print session info into DBG */
|
|
|
|
SSL_SESSION *s;
|
2013-12-19 21:07:50 -08:00
|
|
|
STACK_OF(X509) * sk;
|
2011-12-07 18:59:27 -08:00
|
|
|
BIO *b;
|
|
|
|
char log[4096], *p;
|
|
|
|
int x;
|
|
|
|
|
|
|
|
if (!eina_log_domain_level_check(_ecore_con_log_dom, EINA_LOG_LEVEL_DBG)) return;
|
|
|
|
|
|
|
|
memset(log, 0, sizeof(log));
|
|
|
|
b = BIO_new(BIO_s_mem());
|
|
|
|
sk = SSL_get_peer_cert_chain(ssl);
|
|
|
|
if (sk)
|
|
|
|
{
|
|
|
|
DBG("CERTIFICATES:");
|
|
|
|
for (x = 0; x < sk_X509_num(sk); x++)
|
|
|
|
{
|
|
|
|
p = X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, x)), log, sizeof(log));
|
|
|
|
DBG("%2d s:%s", x, p);
|
|
|
|
p = X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, x)), log, sizeof(log));
|
2011-12-07 21:02:49 -08:00
|
|
|
DBG(" i:%s", p);
|
2011-12-07 18:59:27 -08:00
|
|
|
PEM_write_X509(stderr, sk_X509_value(sk, x));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
s = SSL_get_session(ssl);
|
|
|
|
SSL_SESSION_print(b, s);
|
|
|
|
fprintf(stderr, "\n");
|
|
|
|
while (BIO_read(b, log, sizeof(log)) > 0)
|
|
|
|
fprintf(stderr, "%s", log);
|
|
|
|
|
|
|
|
BIO_free(b);
|
|
|
|
}
|
|
|
|
|
2010-11-03 10:58:37 -07:00
|
|
|
#endif
|
2010-09-17 10:39:32 -07:00
|
|
|
|
2010-11-03 10:58:37 -07:00
|
|
|
#define SSL_ERROR_CHECK_GOTO_ERROR(X) \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
if ((X)) \
|
|
|
|
{ \
|
|
|
|
ERR("Error at %s:%s:%d!", __FILE__, __PRETTY_FUNCTION__, __LINE__); \
|
|
|
|
goto error; \
|
|
|
|
} \
|
|
|
|
} \
|
|
|
|
while (0)
|
2010-09-17 10:39:32 -07:00
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-11-03 10:58:37 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_init) (void);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-11-03 10:58:37 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_shutdown) (void);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_server_cafile_add) (Ecore_Con_Server *svr, const char *ca_file);
|
|
|
|
static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_server_crl_add) (Ecore_Con_Server *svr, const char *crl_file);
|
|
|
|
static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (Ecore_Con_Server *svr, const char *cert);
|
|
|
|
static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_server_privkey_add) (Ecore_Con_Server *svr, const char *key_file);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
static Ecore_Con_Ssl_Error SSL_SUFFIX(_ecore_con_ssl_server_prepare) (Ecore_Con_Server *svr, int ssl_type);
|
|
|
|
static Ecore_Con_Ssl_Error SSL_SUFFIX(_ecore_con_ssl_server_init) (Ecore_Con_Server *svr);
|
2011-06-15 11:58:34 -07:00
|
|
|
static Ecore_Con_Ssl_Error SSL_SUFFIX(_ecore_con_ssl_server_shutdown) (Ecore_Con_Server *svr);
|
2013-12-19 21:07:50 -08:00
|
|
|
static int SSL_SUFFIX(_ecore_con_ssl_server_read) (Ecore_Con_Server *svr, unsigned char *buf, int size);
|
|
|
|
static int SSL_SUFFIX(_ecore_con_ssl_server_write) (Ecore_Con_Server *svr, const unsigned char *buf, int size);
|
2011-06-15 11:58:34 -07:00
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
static Ecore_Con_Ssl_Error SSL_SUFFIX(_ecore_con_ssl_client_init) (Ecore_Con_Client *cl);
|
2011-06-15 11:58:34 -07:00
|
|
|
static Ecore_Con_Ssl_Error SSL_SUFFIX(_ecore_con_ssl_client_shutdown) (Ecore_Con_Client *cl);
|
2013-12-19 21:07:50 -08:00
|
|
|
static int SSL_SUFFIX(_ecore_con_ssl_client_read) (Ecore_Con_Client *cl,
|
|
|
|
unsigned char *buf, int size);
|
|
|
|
static int SSL_SUFFIX(_ecore_con_ssl_client_write) (Ecore_Con_Client *cl,
|
|
|
|
const unsigned char *buf, int size);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* General SSL API
|
|
|
|
*/
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_init(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!_init_con_ssl_init_count++)
|
2011-06-15 11:58:34 -07:00
|
|
|
{
|
|
|
|
SSL_SUFFIX(_ecore_con_ssl_init) ();
|
|
|
|
#if _ECORE_CON_SSL_AVAILABLE != 0
|
|
|
|
ECORE_CON_EVENT_CLIENT_UPGRADE = ecore_event_type_new();
|
|
|
|
ECORE_CON_EVENT_SERVER_UPGRADE = ecore_event_type_new();
|
|
|
|
#endif
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return _init_con_ssl_init_count;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_shutdown(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!--_init_con_ssl_init_count)
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_shutdown) ();
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return _init_con_ssl_init_count;
|
|
|
|
}
|
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
Ecore_Con_Ssl_Error
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_con_ssl_server_prepare(Ecore_Con_Server *svr,
|
2013-12-19 21:07:50 -08:00
|
|
|
int ssl_type)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-09-24 13:03:09 -07:00
|
|
|
if (!ssl_type)
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-18 12:26:05 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_prepare) (svr, ssl_type);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_init(Ecore_Con_Server *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr || !(svr->type & ECORE_CON_SSL))
|
2010-10-14 09:19:17 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2014-08-22 08:06:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_init) (obj);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_shutdown(Ecore_Con_Server *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr || !(svr->type & ECORE_CON_SSL))
|
2010-10-14 09:19:17 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2014-08-22 08:06:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_shutdown) (obj);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_con_ssl_server_read(Ecore_Con_Server *svr,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_read) (svr, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_con_ssl_server_write(Ecore_Con_Server *svr,
|
2011-07-16 06:07:39 -07:00
|
|
|
const unsigned char *buf,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_write) (svr, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2014-08-22 05:14:59 -07:00
|
|
|
ecore_con_ssl_client_init(Ecore_Con_Client *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2014-08-22 08:06:27 -07:00
|
|
|
if (!cl)
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
Ecore_Con_Server_Data *host_server = eo_data_scope_get(cl->host_server, ECORE_CON_SERVER_CLASS);
|
2014-08-27 01:18:22 -07:00
|
|
|
if (!host_server || !(host_server->type & ECORE_CON_SSL))
|
2010-10-14 09:19:17 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2014-08-22 05:14:59 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_init) (obj);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2014-08-22 05:14:59 -07:00
|
|
|
ecore_con_ssl_client_shutdown(Ecore_Con_Client *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2014-08-22 08:06:27 -07:00
|
|
|
if (!cl)
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
Ecore_Con_Server_Data *host_server = eo_data_scope_get(cl->host_server, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!host_server || !(host_server->type & ECORE_CON_SSL))
|
2010-10-14 09:19:17 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2014-08-22 05:14:59 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_shutdown) (obj);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_con_ssl_client_read(Ecore_Con_Client *cl,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_read) (cl, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_con_ssl_client_write(Ecore_Con_Client *cl,
|
2011-07-16 06:07:39 -07:00
|
|
|
const unsigned char *buf,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_write) (cl, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
/**
|
|
|
|
* Returns if SSL support is available
|
|
|
|
* @return 1 if SSL is available and provided by gnutls, 2 if provided by openssl,
|
|
|
|
* 0 if it is not available.
|
|
|
|
* @ingroup Ecore_Con_Client_Group
|
|
|
|
*/
|
|
|
|
EAPI int
|
|
|
|
ecore_con_ssl_available_get(void)
|
|
|
|
{
|
|
|
|
return _ECORE_CON_SSL_AVAILABLE;
|
|
|
|
}
|
|
|
|
|
2010-10-11 23:34:31 -07:00
|
|
|
/**
|
|
|
|
* @addtogroup Ecore_Con_SSL_Group Ecore Connection SSL Functions
|
|
|
|
*
|
|
|
|
* Functions that operate on Ecore connection objects pertaining to SSL.
|
|
|
|
*
|
|
|
|
* @{
|
|
|
|
*/
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
/**
|
|
|
|
* @brief Enable certificate verification on a server object
|
|
|
|
*
|
|
|
|
* Call this function on a server object before main loop has started
|
|
|
|
* to enable verification of certificates against loaded certificates.
|
|
|
|
* @param svr The server object
|
|
|
|
*/
|
|
|
|
EAPI void
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_verify(Ecore_Con_Server *obj)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return;
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
svr->verify = EINA_TRUE;
|
|
|
|
}
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2011-06-25 01:39:07 -07:00
|
|
|
/**
|
|
|
|
* @brief Enable hostname-based certificate verification on a server object
|
|
|
|
*
|
|
|
|
* Call this function on a server object before main loop has started
|
|
|
|
* to enable verification of certificates using ONLY their hostnames.
|
|
|
|
* @param svr The server object
|
|
|
|
* @note This function has no effect when used on a listening server created by
|
|
|
|
* ecore_con_server_add
|
|
|
|
* @since 1.1
|
|
|
|
*/
|
|
|
|
EAPI void
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_verify_basic(Ecore_Con_Server *obj)
|
2011-06-25 01:39:07 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return;
|
|
|
|
|
2011-06-25 01:39:07 -07:00
|
|
|
svr->verify_basic = EINA_TRUE;
|
|
|
|
}
|
|
|
|
|
2011-12-07 17:14:55 -08:00
|
|
|
/**
|
|
|
|
* @brief Set the hostname to verify against in certificate verification
|
|
|
|
*
|
|
|
|
* Sometimes the certificate hostname will not match the hostname that you are
|
|
|
|
* connecting to, and will instead match a different name. An example of this is
|
|
|
|
* that if you connect to talk.google.com to use Google Talk, you receive Google's
|
|
|
|
* certificate for gmail.com. This certificate should be trusted, and so you must call
|
|
|
|
* this function with "gmail.com" as @p name.
|
|
|
|
* See RFC2818 for more details.
|
|
|
|
* @param svr The server object
|
|
|
|
* @param name The hostname to verify against
|
|
|
|
* @since 1.2
|
|
|
|
*/
|
|
|
|
EAPI void
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_verify_name_set(Ecore_Con_Server *obj, const char *name)
|
2011-12-07 17:14:55 -08:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return;
|
|
|
|
|
2011-12-07 17:14:55 -08:00
|
|
|
eina_stringshare_replace(&svr->verify_name, name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Get the hostname to verify against in certificate verification
|
|
|
|
*
|
|
|
|
* This function returns the name which will be used to validate the SSL certificate
|
|
|
|
* common name (CN) or alt name (subjectAltName). It will default to the @p name
|
|
|
|
* param in ecore_con_server_connect(), but can be changed with ecore_con_ssl_server_verify_name_set().
|
|
|
|
* @param svr The server object
|
|
|
|
* @return The hostname which will be used
|
|
|
|
* @since 1.2
|
|
|
|
*/
|
|
|
|
EAPI const char *
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_verify_name_get(Ecore_Con_Server *obj)
|
2011-12-07 17:14:55 -08:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return NULL;
|
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
return svr->verify_name ? : svr->name;
|
2011-12-07 17:14:55 -08:00
|
|
|
}
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
/**
|
|
|
|
* @brief Add an ssl certificate for use in ecore_con functions.
|
|
|
|
*
|
|
|
|
* Use this function to add a SSL PEM certificate.
|
|
|
|
* Simply specify the cert here to use it in the server object for connecting or listening.
|
|
|
|
* If there is an error loading the certificate, an error will automatically be logged.
|
2012-02-20 20:16:53 -08:00
|
|
|
* @param svr The server object
|
2010-09-27 20:16:08 -07:00
|
|
|
* @param cert The path to the certificate.
|
2012-04-11 20:51:36 -07:00
|
|
|
* @return @c EINA_FALSE if the file cannot be loaded, otherwise @c EINA_TRUE.
|
2010-09-27 20:16:08 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
EAPI Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_cert_add(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *cert)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return EINA_FALSE;
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2011-12-07 15:36:15 -08:00
|
|
|
if (!svr->ssl_prepared)
|
|
|
|
{
|
|
|
|
svr->use_cert = EINA_TRUE;
|
|
|
|
svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
|
2014-08-22 08:06:27 -07:00
|
|
|
if (ecore_con_ssl_server_prepare(obj, svr->type & ECORE_CON_SSL))
|
2011-12-07 15:36:15 -08:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2014-08-22 08:06:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (obj, cert);
|
2010-09-27 20:16:08 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Add an ssl CA file for use in ecore_con functions.
|
|
|
|
*
|
|
|
|
* Use this function to add a SSL PEM CA file.
|
|
|
|
* Simply specify the file here to use it in the server object for connecting or listening.
|
|
|
|
* If there is an error loading the CAs, an error will automatically be logged.
|
2012-02-20 20:16:53 -08:00
|
|
|
* @param svr The server object
|
2010-09-27 20:16:08 -07:00
|
|
|
* @param ca_file The path to the CA file.
|
2012-04-11 20:51:36 -07:00
|
|
|
* @return @c EINA_FALSE if the file cannot be loaded, otherwise @c EINA_TRUE.
|
2011-12-07 19:25:53 -08:00
|
|
|
* @note since 1.2, this function can load directores
|
2010-09-27 20:16:08 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
EAPI Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_cafile_add(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *ca_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return EINA_FALSE;
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2011-12-07 15:36:15 -08:00
|
|
|
if (!svr->ssl_prepared)
|
|
|
|
{
|
|
|
|
svr->use_cert = EINA_TRUE;
|
|
|
|
svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
|
2014-08-22 08:06:27 -07:00
|
|
|
if (ecore_con_ssl_server_prepare(obj, svr->type & ECORE_CON_SSL))
|
2011-12-07 15:36:15 -08:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2014-08-22 08:06:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_cafile_add) (obj, ca_file);
|
2010-09-27 20:16:08 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Add an ssl private key for use in ecore_con functions.
|
|
|
|
*
|
|
|
|
* Use this function to add a SSL PEM private key
|
|
|
|
* Simply specify the key file here to use it in the server object for connecting or listening.
|
|
|
|
* If there is an error loading the key, an error will automatically be logged.
|
2012-03-31 05:03:05 -07:00
|
|
|
* @param svr The server object
|
2010-09-27 20:16:08 -07:00
|
|
|
* @param key_file The path to the key file.
|
2012-04-11 20:51:36 -07:00
|
|
|
* @return @c EINA_FALSE if the file cannot be loaded, otherwise @c EINA_TRUE.
|
2010-09-27 20:16:08 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
EAPI Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_privkey_add(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *key_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return EINA_FALSE;
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2011-12-07 15:36:15 -08:00
|
|
|
if (!svr->ssl_prepared)
|
|
|
|
{
|
|
|
|
svr->use_cert = EINA_TRUE;
|
|
|
|
svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
|
2014-08-22 08:06:27 -07:00
|
|
|
if (ecore_con_ssl_server_prepare(obj, svr->type & ECORE_CON_SSL))
|
2011-12-07 15:36:15 -08:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2014-08-22 08:06:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_privkey_add) (obj, key_file);
|
2010-09-27 20:16:08 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Add an ssl CRL for use in ecore_con functions.
|
|
|
|
*
|
|
|
|
* Use this function to add a SSL PEM CRL file
|
|
|
|
* Simply specify the CRL file here to use it in the server object for connecting or listening.
|
|
|
|
* If there is an error loading the CRL, an error will automatically be logged.
|
2012-02-20 20:16:53 -08:00
|
|
|
* @param svr The server object
|
2010-09-27 20:16:08 -07:00
|
|
|
* @param crl_file The path to the CRL file.
|
2012-04-11 20:51:36 -07:00
|
|
|
* @return @c EINA_FALSE if the file cannot be loaded, otherwise @c EINA_TRUE.
|
2010-09-27 20:16:08 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
EAPI Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_crl_add(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *crl_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return EINA_FALSE;
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2011-12-07 15:36:15 -08:00
|
|
|
if (!svr->ssl_prepared)
|
|
|
|
{
|
|
|
|
svr->use_cert = EINA_TRUE;
|
|
|
|
svr->type |= ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT;
|
2014-08-22 08:06:27 -07:00
|
|
|
if (ecore_con_ssl_server_prepare(obj, svr->type & ECORE_CON_SSL))
|
2011-12-07 15:36:15 -08:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2014-08-22 08:06:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_crl_add) (obj, crl_file);
|
2010-09-27 20:16:08 -07:00
|
|
|
}
|
|
|
|
|
2011-06-15 11:58:34 -07:00
|
|
|
/**
|
|
|
|
* @brief Upgrade a connection to a specified level of encryption
|
|
|
|
*
|
|
|
|
* Use this function to begin an SSL handshake on a connection (STARTTLS or similar).
|
|
|
|
* Once the upgrade has been completed, an ECORE_CON_EVENT_SERVER_UPGRADE event will be emitted.
|
|
|
|
* The connection should be treated as disconnected until the next event.
|
|
|
|
* @param svr The server object
|
|
|
|
* @param ssl_type The SSL connection type (ONLY).
|
2012-04-11 20:51:36 -07:00
|
|
|
* @return @c EINA_FALSE if the connection cannot be upgraded, otherwise @c EINA_TRUE.
|
2011-06-15 11:58:34 -07:00
|
|
|
* @note This function is NEVER to be used on a server object created with ecore_con_server_add
|
|
|
|
* @warning Setting a wrong value for @p compl_type WILL mess up your program.
|
|
|
|
* @since 1.1
|
|
|
|
*/
|
|
|
|
|
|
|
|
EAPI Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
ecore_con_ssl_server_upgrade(Ecore_Con_Server *obj, Ecore_Con_Type ssl_type)
|
2011-06-15 11:58:34 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!svr) return EINA_FALSE;
|
2011-06-15 11:58:34 -07:00
|
|
|
#if _ECORE_CON_SSL_AVAILABLE == 0
|
|
|
|
return EINA_FALSE;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (!svr->ssl_prepared)
|
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
if (ecore_con_ssl_server_prepare(obj, ssl_type))
|
2011-06-15 11:58:34 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2011-12-07 15:36:15 -08:00
|
|
|
if (!svr->use_cert)
|
|
|
|
svr->type |= ssl_type;
|
2011-06-15 11:58:34 -07:00
|
|
|
svr->upgrade = EINA_TRUE;
|
|
|
|
svr->handshaking = EINA_TRUE;
|
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_INIT;
|
2014-08-22 08:06:27 -07:00
|
|
|
return !SSL_SUFFIX(_ecore_con_ssl_server_init) (obj);
|
2011-06-15 11:58:34 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Upgrade a connection to a specified level of encryption
|
|
|
|
*
|
|
|
|
* Use this function to begin an SSL handshake on a connection (STARTTLS or similar).
|
|
|
|
* Once the upgrade has been completed, an ECORE_CON_EVENT_CLIENT_UPGRADE event will be emitted.
|
|
|
|
* The connection should be treated as disconnected until the next event.
|
|
|
|
* @param cl The client object
|
2012-01-17 03:37:35 -08:00
|
|
|
* @param ssl_type The SSL connection type (ONLY).
|
2012-04-11 20:51:36 -07:00
|
|
|
* @return @c EINA_FALSE if the connection cannot be upgraded, otherwise @c EINA_TRUE.
|
2011-06-15 11:58:34 -07:00
|
|
|
* @warning Setting a wrong value for @p compl_type WILL mess up your program.
|
|
|
|
* @since 1.1
|
|
|
|
*/
|
|
|
|
|
|
|
|
EAPI Eina_Bool
|
2014-08-22 05:14:59 -07:00
|
|
|
ecore_con_ssl_client_upgrade(Ecore_Con_Client *obj, Ecore_Con_Type ssl_type)
|
2011-06-15 11:58:34 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
|
|
|
if (!cl)
|
2011-06-15 11:58:34 -07:00
|
|
|
{
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
#if _ECORE_CON_SSL_AVAILABLE == 0
|
|
|
|
return EINA_FALSE;
|
|
|
|
#endif
|
|
|
|
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *host_server = eo_data_scope_get(cl->host_server, ECORE_CON_SERVER_CLASS);
|
|
|
|
if (!host_server->ssl_prepared)
|
2011-06-15 11:58:34 -07:00
|
|
|
{
|
|
|
|
if (ecore_con_ssl_server_prepare(cl->host_server, ssl_type))
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2014-08-22 08:06:27 -07:00
|
|
|
if (!host_server->use_cert)
|
|
|
|
host_server->type |= ssl_type;
|
2011-06-15 11:58:34 -07:00
|
|
|
cl->upgrade = EINA_TRUE;
|
2014-08-22 08:06:27 -07:00
|
|
|
host_server->upgrade = EINA_TRUE;
|
2011-06-15 11:58:34 -07:00
|
|
|
cl->handshaking = EINA_TRUE;
|
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_INIT;
|
2014-08-22 05:14:59 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_init) (obj);
|
2011-06-15 11:58:34 -07:00
|
|
|
}
|
|
|
|
|
2010-10-11 23:34:31 -07:00
|
|
|
/**
|
|
|
|
* @}
|
|
|
|
*/
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#if HAVE_GNUTLS
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* GnuTLS
|
|
|
|
*/
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_init_gnutls(void)
|
|
|
|
{
|
2010-10-28 11:25:35 -07:00
|
|
|
if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread))
|
2010-11-03 10:58:37 -07:00
|
|
|
WRN("YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!");
|
2010-07-26 23:30:27 -07:00
|
|
|
if (gnutls_global_init())
|
2010-11-03 10:58:37 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_INIT_FAILED;
|
2010-11-30 19:19:28 -08:00
|
|
|
|
|
|
|
#ifdef ISCOMFITOR
|
2011-12-07 21:58:47 -08:00
|
|
|
if (eina_log_domain_level_check(_ecore_con_log_dom, EINA_LOG_LEVEL_DBG))
|
|
|
|
{
|
|
|
|
gnutls_global_set_log_level(9);
|
|
|
|
gnutls_global_set_log_function(_gnutls_log_func);
|
|
|
|
}
|
2010-11-30 19:19:28 -08:00
|
|
|
#endif
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_shutdown_gnutls(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
gnutls_global_deinit();
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
int ssl_type)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-19 12:25:47 -07:00
|
|
|
int ret;
|
2010-09-18 12:26:05 -07:00
|
|
|
|
2010-10-27 13:51:09 -07:00
|
|
|
if (ssl_type & ECORE_CON_USE_SSL2)
|
|
|
|
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
|
|
|
|
|
|
|
|
switch (ssl_type)
|
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL3:
|
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
|
|
|
case ECORE_CON_USE_TLS:
|
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
|
|
|
case ECORE_CON_USE_MIXED:
|
|
|
|
case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-10-27 13:51:09 -07:00
|
|
|
|
|
|
|
default:
|
2010-11-03 10:58:37 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-10-27 13:51:09 -07:00
|
|
|
}
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_allocate_credentials(&svr->cert));
|
2010-09-21 17:10:10 -07:00
|
|
|
|
2011-11-17 19:59:00 -08:00
|
|
|
if (svr->use_cert)
|
2010-09-21 17:10:10 -07:00
|
|
|
{
|
2013-12-19 21:07:50 -08:00
|
|
|
if (svr->created)
|
2011-11-17 19:59:00 -08:00
|
|
|
{
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_init(&svr->dh_params));
|
|
|
|
INF("Generating DH params");
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_generate2(svr->dh_params, 1024));
|
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_server_credentials(&svr->anoncred_s));
|
|
|
|
/* TODO: implement PSK */
|
|
|
|
// SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_server_credentials(&svr->pskcred_s));
|
|
|
|
|
|
|
|
gnutls_anon_set_server_dh_params(svr->anoncred_s, svr->dh_params);
|
|
|
|
gnutls_certificate_set_dh_params(svr->cert, svr->dh_params);
|
|
|
|
//gnutls_psk_set_server_dh_params(svr->pskcred_s, svr->dh_params);
|
|
|
|
INF("DH params successfully generated and applied!");
|
|
|
|
}
|
2013-12-19 21:07:50 -08:00
|
|
|
else
|
|
|
|
{
|
|
|
|
//SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_client_credentials(&svr->pskcred_c));
|
2011-11-17 19:59:00 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_client_credentials(&svr->anoncred_c));
|
2013-12-19 21:07:50 -08:00
|
|
|
}
|
2010-09-21 17:10:10 -07:00
|
|
|
}
|
2010-09-22 01:03:38 -07:00
|
|
|
|
2011-06-15 11:58:34 -07:00
|
|
|
svr->ssl_prepared = EINA_TRUE;
|
2010-09-18 12:26:05 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-19 12:25:47 -07:00
|
|
|
|
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_gnutls_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR, ret);
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_shutdown_gnutls(obj);
|
2010-09-19 12:25:47 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-27 20:16:08 -07:00
|
|
|
const gnutls_datum_t *cert_list;
|
|
|
|
unsigned int iter, cert_list_size;
|
|
|
|
gnutls_x509_crt_t cert = NULL;
|
2013-03-10 21:57:12 -07:00
|
|
|
const char *priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT";
|
2010-09-28 14:59:13 -07:00
|
|
|
int ret = 0;
|
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
switch (svr->ssl_state)
|
2010-07-26 23:30:27 -07:00
|
|
|
{
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_DONE:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_INIT:
|
|
|
|
if (svr->type & ECORE_CON_USE_SSL2) /* not supported because of security issues */
|
|
|
|
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
switch (svr->type & ECORE_CON_SSL)
|
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL3:
|
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2013-03-10 21:57:12 -07:00
|
|
|
priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT:!VERS-TLS1.0:!VERS-TLS1.1:!VERS-TLS1.2";
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2013-03-10 21:57:12 -07:00
|
|
|
priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT:!VERS-SSL3.0";
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
case ECORE_CON_USE_MIXED:
|
|
|
|
case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
default:
|
2010-11-03 10:58:37 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-23 21:15:42 -07:00
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_init(&svr->session, GNUTLS_CLIENT));
|
2010-09-23 23:54:49 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_session_ticket_enable_client(svr->session));
|
2010-09-24 12:47:25 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_server_name_set(svr->session, GNUTLS_NAME_DNS, svr->name, strlen(svr->name)));
|
2010-10-28 11:25:35 -07:00
|
|
|
INF("Applying priority string: %s", priority);
|
2010-09-28 14:59:13 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_priority_set_direct(svr->session, priority, NULL));
|
2013-03-10 21:57:12 -07:00
|
|
|
gnutls_handshake_set_private_extensions(svr->session, 1);
|
2010-09-23 21:15:42 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(svr->session, GNUTLS_CRD_CERTIFICATE, svr->cert));
|
2010-11-03 10:58:37 -07:00
|
|
|
// SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(svr->session, GNUTLS_CRD_PSK, svr->pskcred_c));
|
2010-10-28 16:51:08 -07:00
|
|
|
if (!svr->use_cert)
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(svr->session, GNUTLS_CRD_ANON, svr->anoncred_c));
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
gnutls_dh_set_prime_bits(svr->session, 512);
|
2011-03-19 13:27:16 -07:00
|
|
|
gnutls_transport_set_ptr(svr->session, (gnutls_transport_ptr_t)((intptr_t)svr->fd));
|
2010-09-23 21:15:42 -07:00
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_HANDSHAKING:
|
2010-11-06 22:36:40 -07:00
|
|
|
if (!svr->session)
|
|
|
|
{
|
|
|
|
DBG("Server was previously lost, going to error condition");
|
|
|
|
goto error;
|
|
|
|
}
|
2010-09-21 17:10:10 -07:00
|
|
|
ret = gnutls_handshake(svr->session);
|
2010-09-29 15:04:11 -07:00
|
|
|
DBG("calling gnutls_handshake(): returned with '%s'", gnutls_strerror_name(ret));
|
2010-09-21 17:10:10 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_error_is_fatal(ret));
|
2010-09-23 21:15:42 -07:00
|
|
|
if (!ret)
|
|
|
|
{
|
|
|
|
svr->handshaking = EINA_FALSE;
|
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_DONE;
|
2010-09-29 16:56:31 -07:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2010-09-29 16:53:00 -07:00
|
|
|
if (gnutls_record_get_direction(svr->session))
|
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_WRITE);
|
|
|
|
else
|
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
|
2010-09-29 17:45:48 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-23 21:15:42 -07:00
|
|
|
}
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2010-09-27 20:16:08 -07:00
|
|
|
|
2011-06-25 01:39:07 -07:00
|
|
|
if ((!svr->verify) && (!svr->verify_basic))
|
2010-09-27 20:16:08 -07:00
|
|
|
/* not verifying certificates, so we're done! */
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2011-06-25 01:39:07 -07:00
|
|
|
if (svr->verify)
|
|
|
|
{
|
|
|
|
/* use CRL/CA lists to verify */
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_verify_peers2(svr->session, &iter));
|
|
|
|
if (iter & GNUTLS_CERT_INVALID)
|
|
|
|
ERR("The certificate is not trusted.");
|
|
|
|
else if (iter & GNUTLS_CERT_SIGNER_NOT_FOUND)
|
|
|
|
ERR("The certificate hasn't got a known issuer.");
|
|
|
|
else if (iter & GNUTLS_CERT_REVOKED)
|
|
|
|
ERR("The certificate has been revoked.");
|
|
|
|
else if (iter & GNUTLS_CERT_EXPIRED)
|
|
|
|
ERR("The certificate has expired");
|
|
|
|
else if (iter & GNUTLS_CERT_NOT_ACTIVATED)
|
|
|
|
ERR("The certificate is not yet activated");
|
|
|
|
|
|
|
|
if (iter)
|
|
|
|
goto error;
|
|
|
|
}
|
2010-09-27 20:16:08 -07:00
|
|
|
if (gnutls_certificate_type_get(svr->session) != GNUTLS_CRT_X509)
|
|
|
|
{
|
|
|
|
ERR("Warning: PGP certificates are not yet supported!");
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(cert_list = gnutls_certificate_get_peers(svr->session, &cert_list_size)));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!cert_list_size);
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2011-12-07 21:58:47 -08:00
|
|
|
_gnutls_print_session(cert_list, cert_list_size);
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_init(&cert));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER));
|
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!gnutls_x509_crt_check_hostname(cert, svr->verify_name ? : svr->name));
|
2010-09-27 20:16:08 -07:00
|
|
|
gnutls_x509_crt_deinit(cert);
|
2010-10-02 15:27:30 -07:00
|
|
|
DBG("SSL certificate verification succeeded!");
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-22 01:03:38 -07:00
|
|
|
|
2010-09-17 10:18:41 -07:00
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_gnutls_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR, ret);
|
2010-09-23 23:54:49 -07:00
|
|
|
if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) || (ret == GNUTLS_E_FATAL_ALERT_RECEIVED))
|
|
|
|
ERR("Also received alert: %s", gnutls_alert_get_name(gnutls_alert_get(svr->session)));
|
2010-11-06 22:36:40 -07:00
|
|
|
if (svr->session && (svr->ssl_state != ECORE_CON_SSL_STATE_DONE))
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2010-11-03 10:58:37 -07:00
|
|
|
ERR("last out: %s", SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_get_last_out(svr->session)));
|
|
|
|
ERR("last in: %s", SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_get_last_in(svr->session)));
|
2010-09-27 20:16:08 -07:00
|
|
|
}
|
|
|
|
if (cert)
|
|
|
|
gnutls_x509_crt_deinit(cert);
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_shutdown_gnutls(obj);
|
2010-09-17 10:18:41 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static Eina_Bool
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_cafile_add_gnutls(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *ca_file)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2011-12-07 19:25:53 -08:00
|
|
|
struct stat st;
|
|
|
|
Eina_Iterator *it;
|
|
|
|
const char *file;
|
|
|
|
Eina_Bool error = EINA_FALSE;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2011-12-07 19:25:53 -08:00
|
|
|
if (stat(ca_file, &st)) return EINA_FALSE;
|
|
|
|
if (S_ISDIR(st.st_mode))
|
|
|
|
{
|
|
|
|
it = eina_file_ls(ca_file);
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!it);
|
|
|
|
EINA_ITERATOR_FOREACH(it, file)
|
|
|
|
{
|
|
|
|
if (!error)
|
|
|
|
{
|
|
|
|
if (gnutls_certificate_set_x509_trust_file(svr->cert, file, GNUTLS_X509_FMT_PEM) < 1)
|
|
|
|
error++;
|
|
|
|
}
|
|
|
|
eina_stringshare_del(file);
|
|
|
|
}
|
|
|
|
eina_iterator_free(it);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_trust_file(svr->cert, ca_file,
|
|
|
|
GNUTLS_X509_FMT_PEM) < 1);
|
|
|
|
|
|
|
|
return !error;
|
2010-09-27 20:16:08 -07:00
|
|
|
error:
|
|
|
|
ERR("Could not load CA file!");
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
static Eina_Bool
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_crl_add_gnutls(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *crl_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_crl_file(svr->cert, crl_file,
|
2010-11-03 10:58:37 -07:00
|
|
|
GNUTLS_X509_FMT_PEM) < 1);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
2010-09-27 20:16:08 -07:00
|
|
|
error:
|
|
|
|
ERR("Could not load CRL file!");
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
static Eina_Bool
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_privkey_add_gnutls(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *key_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_certificate_set_x509_key_file(svr->cert, svr->cert_file, key_file,
|
2010-11-03 10:58:37 -07:00
|
|
|
GNUTLS_X509_FMT_PEM));
|
2010-09-27 20:16:08 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
error:
|
|
|
|
ERR("Could not load certificate/key file!");
|
2010-07-28 11:25:46 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
static Eina_Bool
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_cert_add_gnutls(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *cert_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-27 20:16:08 -07:00
|
|
|
if (!(svr->cert_file = strdup(cert_file)))
|
|
|
|
return EINA_FALSE;
|
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->session)
|
|
|
|
{
|
|
|
|
gnutls_bye(svr->session, GNUTLS_SHUT_RDWR);
|
|
|
|
gnutls_deinit(svr->session);
|
|
|
|
}
|
|
|
|
|
2011-11-17 19:59:00 -08:00
|
|
|
free(svr->cert_file);
|
2010-09-27 20:16:08 -07:00
|
|
|
svr->cert_file = NULL;
|
|
|
|
if (svr->cert)
|
|
|
|
gnutls_certificate_free_credentials(svr->cert);
|
|
|
|
svr->cert = NULL;
|
|
|
|
|
2010-09-21 17:10:10 -07:00
|
|
|
if ((svr->type & ECORE_CON_SSL) && svr->created)
|
2010-09-19 12:25:47 -07:00
|
|
|
{
|
2010-09-21 17:10:10 -07:00
|
|
|
if (svr->dh_params)
|
|
|
|
{
|
|
|
|
gnutls_dh_params_deinit(svr->dh_params);
|
|
|
|
svr->dh_params = NULL;
|
|
|
|
}
|
|
|
|
if (svr->anoncred_s)
|
|
|
|
gnutls_anon_free_server_credentials(svr->anoncred_s);
|
2010-11-03 10:58:37 -07:00
|
|
|
// if (svr->pskcred_s)
|
|
|
|
// gnutls_psk_free_server_credentials(svr->pskcred_s);
|
2010-09-21 17:10:10 -07:00
|
|
|
|
|
|
|
svr->anoncred_s = NULL;
|
|
|
|
svr->pskcred_s = NULL;
|
2010-09-19 12:25:47 -07:00
|
|
|
}
|
2010-09-21 17:10:10 -07:00
|
|
|
else if (svr->type & ECORE_CON_SSL)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-09-21 17:10:10 -07:00
|
|
|
if (svr->anoncred_c)
|
|
|
|
gnutls_anon_free_client_credentials(svr->anoncred_c);
|
2010-11-03 10:58:37 -07:00
|
|
|
// if (svr->pskcred_c)
|
|
|
|
// gnutls_psk_free_client_credentials(svr->pskcred_c);
|
2010-09-21 17:10:10 -07:00
|
|
|
|
|
|
|
svr->anoncred_c = NULL;
|
|
|
|
svr->pskcred_c = NULL;
|
2010-07-28 11:25:46 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
svr->session = NULL;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
|
|
|
{
|
2010-09-28 20:52:32 -07:00
|
|
|
DBG("Continuing gnutls handshake");
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_server_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
return -1;
|
|
|
|
}
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
num = gnutls_record_recv(svr->session, buf, size);
|
|
|
|
if (num > 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (num == GNUTLS_E_REHANDSHAKE)
|
|
|
|
{
|
2010-09-26 16:56:31 -07:00
|
|
|
WRN("Rehandshake request ignored");
|
|
|
|
return 0;
|
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
svr->handshaking = EINA_TRUE;
|
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_server_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
}
|
2010-12-15 23:43:48 -08:00
|
|
|
else if ((!gnutls_error_is_fatal(num)) && (num != GNUTLS_E_SUCCESS))
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *obj,
|
2011-07-16 06:07:39 -07:00
|
|
|
const unsigned char *buf,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
|
|
|
{
|
2010-09-28 20:52:32 -07:00
|
|
|
DBG("Continuing gnutls handshake");
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_server_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
num = gnutls_record_send(svr->session, buf, size);
|
|
|
|
if (num > 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return num;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (num == GNUTLS_E_REHANDSHAKE)
|
|
|
|
{
|
2010-11-03 10:58:37 -07:00
|
|
|
WRN("Rehandshake request ignored");
|
|
|
|
return 0;
|
2010-09-26 16:56:31 -07:00
|
|
|
/* this is only partly functional I think? */
|
2010-09-24 20:02:10 -07:00
|
|
|
svr->handshaking = EINA_TRUE;
|
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_server_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
}
|
2010-11-01 13:46:39 -07:00
|
|
|
else if (!gnutls_error_is_fatal(num))
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
|
|
|
Ecore_Con_Server_Data *host_server = eo_data_scope_get(cl->host_server, ECORE_CON_SERVER_CLASS);
|
2010-10-28 11:25:35 -07:00
|
|
|
const gnutls_datum_t *cert_list;
|
|
|
|
unsigned int iter, cert_list_size;
|
2013-03-10 21:57:12 -07:00
|
|
|
const char *priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT";
|
2010-09-28 14:59:13 -07:00
|
|
|
int ret = 0;
|
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
switch (cl->ssl_state)
|
2010-07-26 23:30:27 -07:00
|
|
|
{
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_DONE:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_INIT:
|
2014-12-03 04:07:40 -08:00
|
|
|
if (host_server->type & ECORE_CON_USE_SSL2) /* not supported because of security issues */
|
2010-09-23 21:15:42 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
|
2010-09-18 01:46:17 -07:00
|
|
|
|
2014-12-03 04:07:40 -08:00
|
|
|
switch (host_server->type & ECORE_CON_SSL)
|
2010-09-23 21:15:42 -07:00
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL3:
|
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2013-03-10 21:57:12 -07:00
|
|
|
priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT:!VERS-TLS1.0:!VERS-TLS1.1:!VERS-TLS1.2";
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2013-03-10 21:57:12 -07:00
|
|
|
priority = "NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT:!VERS-SSL3.0";
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-09-23 21:15:42 -07:00
|
|
|
|
2010-10-28 09:07:47 -07:00
|
|
|
case ECORE_CON_USE_MIXED:
|
|
|
|
case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
|
2010-11-03 10:58:37 -07:00
|
|
|
break;
|
2010-10-28 09:07:47 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
default:
|
2010-11-03 10:58:37 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-23 21:15:42 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
_client_connected++;
|
2010-09-22 01:03:38 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_init(&cl->session, GNUTLS_SERVER));
|
2010-09-23 23:54:49 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_session_ticket_key_generate(&cl->session_ticket));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_session_ticket_enable_server(cl->session, &cl->session_ticket));
|
2010-10-28 11:25:35 -07:00
|
|
|
INF("Applying priority string: %s", priority);
|
2010-09-28 14:59:13 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_priority_set_direct(cl->session, priority, NULL));
|
2013-03-10 21:57:12 -07:00
|
|
|
gnutls_handshake_set_private_extensions(cl->session, 1);
|
2014-12-03 04:07:40 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_CERTIFICATE, host_server->cert));
|
|
|
|
// SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_PSK, host_server->pskcred_s));
|
|
|
|
if (!host_server->use_cert)
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_ANON, host_server->anoncred_s));
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
gnutls_certificate_server_set_request(cl->session, GNUTLS_CERT_REQUEST);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
gnutls_dh_set_prime_bits(cl->session, 2048);
|
2011-03-19 13:27:16 -07:00
|
|
|
gnutls_transport_set_ptr(cl->session, (gnutls_transport_ptr_t)((intptr_t)cl->fd));
|
2010-09-23 21:15:42 -07:00
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_HANDSHAKING:
|
2010-11-06 22:36:40 -07:00
|
|
|
if (!cl->session)
|
|
|
|
{
|
|
|
|
DBG("Client was previously lost, going to error condition");
|
|
|
|
goto error;
|
|
|
|
}
|
2010-09-29 07:52:36 -07:00
|
|
|
DBG("calling gnutls_handshake()");
|
2010-09-21 17:10:10 -07:00
|
|
|
ret = gnutls_handshake(cl->session);
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_error_is_fatal(ret));
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
if (!ret)
|
|
|
|
{
|
|
|
|
cl->handshaking = EINA_FALSE;
|
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_DONE;
|
2010-09-29 16:56:31 -07:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2010-09-29 16:53:00 -07:00
|
|
|
if (gnutls_record_get_direction(cl->session))
|
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_WRITE);
|
|
|
|
else
|
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_READ);
|
2010-09-29 17:45:48 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-23 21:15:42 -07:00
|
|
|
}
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!host_server->verify)
|
2010-10-28 11:25:35 -07:00
|
|
|
/* not verifying certificates, so we're done! */
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
/* use CRL/CA lists to verify */
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_verify_peers2(cl->session, &iter));
|
|
|
|
if (iter & GNUTLS_CERT_INVALID)
|
|
|
|
ERR("The certificate is not trusted.");
|
|
|
|
else if (iter & GNUTLS_CERT_SIGNER_NOT_FOUND)
|
|
|
|
ERR("The certificate hasn't got a known issuer.");
|
|
|
|
else if (iter & GNUTLS_CERT_REVOKED)
|
|
|
|
ERR("The certificate has been revoked.");
|
|
|
|
else if (iter & GNUTLS_CERT_EXPIRED)
|
|
|
|
ERR("The certificate has expired");
|
|
|
|
else if (iter & GNUTLS_CERT_NOT_ACTIVATED)
|
|
|
|
ERR("The certificate is not yet activated");
|
|
|
|
|
|
|
|
if (iter)
|
|
|
|
goto error;
|
|
|
|
if (gnutls_certificate_type_get(cl->session) != GNUTLS_CRT_X509)
|
|
|
|
{
|
|
|
|
ERR("Warning: PGP certificates are not yet supported!");
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(cert_list = gnutls_certificate_get_peers(cl->session, &cert_list_size)));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!cert_list_size);
|
|
|
|
|
2011-12-07 21:58:47 -08:00
|
|
|
_gnutls_print_session(cert_list, cert_list_size);
|
2011-06-25 01:39:07 -07:00
|
|
|
/*
|
|
|
|
gnutls_x509_crt_t cert = NULL;
|
2010-10-28 11:25:35 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_init(&cert));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER));
|
|
|
|
|
2014-12-03 04:07:40 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!gnutls_x509_crt_check_hostname(cert, host_server->name));
|
2010-10-28 11:25:35 -07:00
|
|
|
gnutls_x509_crt_deinit(cert);
|
2013-12-19 21:07:50 -08:00
|
|
|
*/
|
2010-10-28 11:25:35 -07:00
|
|
|
DBG("SSL certificate verification succeeded!");
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-17 10:22:59 -07:00
|
|
|
|
2010-09-17 10:03:15 -07:00
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_gnutls_print_errors(obj, ECORE_CON_EVENT_CLIENT_ERROR, ret);
|
2010-09-23 23:54:49 -07:00
|
|
|
if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) || (ret == GNUTLS_E_FATAL_ALERT_RECEIVED))
|
|
|
|
ERR("Also received alert: %s", gnutls_alert_get_name(gnutls_alert_get(cl->session)));
|
2010-11-06 22:36:40 -07:00
|
|
|
if (cl->session && (cl->ssl_state != ECORE_CON_SSL_STATE_DONE))
|
2010-10-28 11:25:35 -07:00
|
|
|
{
|
2010-11-03 10:58:37 -07:00
|
|
|
ERR("last out: %s", SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_get_last_out(cl->session)));
|
|
|
|
ERR("last in: %s", SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_get_last_in(cl->session)));
|
2010-10-28 11:25:35 -07:00
|
|
|
}
|
2011-06-25 01:39:07 -07:00
|
|
|
/*
|
2010-10-28 11:25:35 -07:00
|
|
|
if (cert)
|
|
|
|
gnutls_x509_crt_deinit(cert);
|
2013-12-19 21:07:50 -08:00
|
|
|
*/
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_client_shutdown_gnutls(obj);
|
2010-09-17 10:03:15 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_client_shutdown_gnutls(Ecore_Con_Client *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->session)
|
|
|
|
{
|
|
|
|
gnutls_bye(cl->session, GNUTLS_SHUT_RDWR);
|
|
|
|
gnutls_deinit(cl->session);
|
2010-09-23 23:54:49 -07:00
|
|
|
gnutls_free(cl->session_ticket.data);
|
|
|
|
cl->session_ticket.data = NULL;
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
cl->session = NULL;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_client_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
num = gnutls_record_recv(cl->session, buf, size);
|
|
|
|
if (num > 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (num == GNUTLS_E_REHANDSHAKE)
|
|
|
|
{
|
2010-09-26 16:56:31 -07:00
|
|
|
WRN("Rehandshake request ignored");
|
|
|
|
return 0;
|
2010-09-24 20:02:10 -07:00
|
|
|
cl->handshaking = EINA_TRUE;
|
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_client_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
2010-11-03 10:58:37 -07:00
|
|
|
WRN("Rehandshake request ignored");
|
|
|
|
return 0;
|
2010-09-24 20:02:10 -07:00
|
|
|
}
|
2010-12-15 23:43:48 -08:00
|
|
|
else if ((!gnutls_error_is_fatal(num)) && (num != GNUTLS_E_SUCCESS))
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-12-03 04:07:40 -08:00
|
|
|
_ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *obj,
|
2011-07-16 06:07:39 -07:00
|
|
|
const unsigned char *buf,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
|
|
|
{
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_client_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
num = gnutls_record_send(cl->session, buf, size);
|
|
|
|
if (num > 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-24 20:02:10 -07:00
|
|
|
if (num == GNUTLS_E_REHANDSHAKE)
|
|
|
|
{
|
2010-09-26 16:56:31 -07:00
|
|
|
WRN("Rehandshake request ignored");
|
|
|
|
return 0;
|
2010-09-24 20:02:10 -07:00
|
|
|
cl->handshaking = EINA_TRUE;
|
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2014-12-03 04:07:40 -08:00
|
|
|
if (!_ecore_con_ssl_client_init_gnutls(obj))
|
2010-09-24 20:02:10 -07:00
|
|
|
return 0;
|
|
|
|
}
|
2010-11-01 13:46:39 -07:00
|
|
|
else if (!gnutls_error_is_fatal(num))
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2012-12-05 16:11:14 -08:00
|
|
|
#elif HAVE_OPENSSL && !HAVE_GNUTLS
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* OpenSSL
|
|
|
|
*/
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_init_openssl(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_library_init();
|
|
|
|
SSL_load_error_strings();
|
2010-09-17 18:27:38 -07:00
|
|
|
OpenSSL_add_all_algorithms();
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_shutdown_openssl(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
ERR_free_strings();
|
2010-09-17 18:27:38 -07:00
|
|
|
EVP_cleanup();
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
int ssl_type)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-18 01:36:13 -07:00
|
|
|
long options;
|
2010-09-22 15:06:49 -07:00
|
|
|
int dh = 0;
|
2010-09-18 01:36:13 -07:00
|
|
|
|
2010-09-19 12:38:38 -07:00
|
|
|
if (ssl_type & ECORE_CON_USE_SSL2)
|
|
|
|
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
|
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
switch (ssl_type)
|
2010-07-26 23:30:27 -07:00
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL3:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2010-11-03 10:58:37 -07:00
|
|
|
if (!svr->created)
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv3_client_method())));
|
|
|
|
else
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv3_server_method())));
|
|
|
|
break;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2010-11-03 10:58:37 -07:00
|
|
|
if (!svr->created)
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(TLSv1_client_method())));
|
|
|
|
else
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(TLSv1_server_method())));
|
|
|
|
break;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-22 15:44:54 -07:00
|
|
|
case ECORE_CON_USE_MIXED:
|
|
|
|
case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
|
2010-11-03 10:58:37 -07:00
|
|
|
if (!svr->created)
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv23_client_method())));
|
|
|
|
else
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv23_server_method())));
|
|
|
|
options = SSL_CTX_get_options(svr->ssl_ctx);
|
|
|
|
SSL_CTX_set_options(svr->ssl_ctx, options | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE);
|
|
|
|
break;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
default:
|
2012-09-06 01:03:41 -07:00
|
|
|
svr->ssl_prepared = EINA_TRUE;
|
2010-11-03 10:58:37 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
if ((!svr->use_cert) && svr->created)
|
2010-09-22 10:37:25 -07:00
|
|
|
{
|
2010-09-22 17:16:42 -07:00
|
|
|
DH *dh_params;
|
2010-10-15 14:31:25 -07:00
|
|
|
INF("Generating DH params");
|
2010-09-22 17:16:42 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(dh_params = DH_new()));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!DH_generate_parameters_ex(dh_params, 1024, DH_GENERATOR_5, NULL));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!DH_check(dh_params, &dh));
|
2010-09-22 15:06:49 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR((dh & DH_CHECK_P_NOT_PRIME) || (dh & DH_CHECK_P_NOT_SAFE_PRIME));
|
2010-09-22 17:16:42 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!DH_generate_key(dh_params));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_set_tmp_dh(svr->ssl_ctx, dh_params));
|
|
|
|
DH_free(dh_params);
|
2010-10-28 07:07:47 -07:00
|
|
|
INF("DH params successfully generated and applied!");
|
2010-09-23 03:35:30 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_set_cipher_list(svr->ssl_ctx, "aNULL:!eNULL:!LOW:!EXPORT:@STRENGTH"));
|
2010-09-22 10:37:25 -07:00
|
|
|
}
|
2010-09-27 20:16:08 -07:00
|
|
|
else if (!svr->use_cert)
|
2010-09-23 03:35:30 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_set_cipher_list(svr->ssl_ctx, "aNULL:!eNULL:!LOW:!EXPORT:!ECDH:RSA:AES:!PSK:@STRENGTH"));
|
2010-09-22 17:16:42 -07:00
|
|
|
|
2012-09-06 01:03:41 -07:00
|
|
|
svr->ssl_prepared = EINA_TRUE;
|
2010-10-02 15:01:43 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-18 12:26:05 -07:00
|
|
|
|
|
|
|
error:
|
2010-09-22 15:06:49 -07:00
|
|
|
if (dh)
|
|
|
|
{
|
|
|
|
if (dh & DH_CHECK_P_NOT_PRIME)
|
|
|
|
ERR("openssl error: dh_params could not generate a prime!");
|
|
|
|
else
|
|
|
|
ERR("openssl error: dh_params could not generate a safe prime!");
|
|
|
|
}
|
|
|
|
else
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR);
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_shutdown_openssl(obj);
|
2010-09-18 12:26:05 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_init_openssl(Ecore_Con_Server *obj)
|
2010-09-18 12:26:05 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-10-02 02:14:41 -07:00
|
|
|
int ret = -1;
|
2010-09-21 00:04:10 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
switch (svr->ssl_state)
|
2010-09-21 00:04:10 -07:00
|
|
|
{
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_DONE:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_INIT:
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl = SSL_new(svr->ssl_ctx)));
|
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_set_fd(svr->ssl, svr->fd));
|
|
|
|
SSL_set_connect_state(svr->ssl);
|
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
|
|
|
case ECORE_CON_SSL_STATE_HANDSHAKING:
|
2010-11-06 22:36:40 -07:00
|
|
|
if (!svr->ssl)
|
|
|
|
{
|
|
|
|
DBG("Server was previously lost, going to error condition");
|
|
|
|
goto error;
|
|
|
|
}
|
2010-09-22 10:37:25 -07:00
|
|
|
ret = SSL_do_handshake(svr->ssl);
|
2010-10-02 02:14:41 -07:00
|
|
|
svr->ssl_err = SSL_get_error(svr->ssl, ret);
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR((svr->ssl_err == SSL_ERROR_SYSCALL) || (svr->ssl_err == SSL_ERROR_SSL));
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
if (ret == 1)
|
|
|
|
{
|
|
|
|
svr->handshaking = EINA_FALSE;
|
|
|
|
svr->ssl_state = ECORE_CON_SSL_STATE_DONE;
|
|
|
|
}
|
2010-09-29 18:50:58 -07:00
|
|
|
else
|
|
|
|
{
|
2010-10-02 02:14:41 -07:00
|
|
|
if (svr->ssl_err == SSL_ERROR_WANT_READ)
|
2010-09-29 18:53:23 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
|
2010-10-02 02:14:41 -07:00
|
|
|
else if (svr->ssl_err == SSL_ERROR_WANT_WRITE)
|
2010-09-29 18:53:23 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_WRITE);
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-29 18:50:58 -07:00
|
|
|
}
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2011-12-07 18:59:27 -08:00
|
|
|
_openssl_print_session(svr->ssl);
|
2011-06-25 01:39:07 -07:00
|
|
|
if ((!svr->verify) && (!svr->verify_basic))
|
2010-10-02 02:14:41 -07:00
|
|
|
/* not verifying certificates, so we're done! */
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
|
2011-06-25 01:39:07 -07:00
|
|
|
{
|
|
|
|
X509 *cert;
|
|
|
|
SSL_set_verify(svr->ssl, SSL_VERIFY_PEER, NULL);
|
|
|
|
/* use CRL/CA lists to verify */
|
|
|
|
cert = SSL_get_peer_certificate(svr->ssl);
|
|
|
|
if (cert)
|
|
|
|
{
|
2011-12-07 17:14:55 -08:00
|
|
|
char *c;
|
2011-12-07 19:53:49 -08:00
|
|
|
int clen;
|
2011-12-07 17:30:53 -08:00
|
|
|
int name = 0;
|
2011-12-07 17:14:55 -08:00
|
|
|
|
2011-06-25 01:39:07 -07:00
|
|
|
if (svr->verify)
|
2011-12-07 18:11:22 -08:00
|
|
|
{
|
2013-12-19 21:07:50 -08:00
|
|
|
int err;
|
2011-12-07 18:11:22 -08:00
|
|
|
|
2013-12-19 21:07:50 -08:00
|
|
|
err = SSL_get_verify_result(svr->ssl);
|
|
|
|
_openssl_print_verify_error(err);
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(err);
|
2011-12-07 18:11:22 -08:00
|
|
|
}
|
2011-12-07 17:14:55 -08:00
|
|
|
clen = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_subject_alt_name, NULL, 0);
|
2011-12-07 19:53:49 -08:00
|
|
|
if (clen > 0)
|
2011-12-07 17:30:53 -08:00
|
|
|
name = NID_subject_alt_name;
|
2011-06-25 01:39:07 -07:00
|
|
|
else
|
2011-12-07 17:14:55 -08:00
|
|
|
clen = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, NULL, 0);
|
2011-12-07 19:53:49 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(clen < 1);
|
2011-12-07 17:30:53 -08:00
|
|
|
if (!name) name = NID_commonName;
|
2011-12-07 17:14:55 -08:00
|
|
|
c = alloca(++clen);
|
2011-12-07 17:30:53 -08:00
|
|
|
X509_NAME_get_text_by_NID(X509_get_subject_name(cert), name, c, clen);
|
2011-12-07 17:14:55 -08:00
|
|
|
INF("CERT NAME: %s\n", c);
|
2013-12-19 21:07:50 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!_openssl_name_verify(c, svr->verify_name ? : svr->name));
|
2011-06-25 01:39:07 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-10-02 15:27:30 -07:00
|
|
|
DBG("SSL certificate verification succeeded!");
|
2010-10-02 02:14:41 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-17 22:31:00 -07:00
|
|
|
|
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR);
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_shutdown_openssl(obj);
|
2010-09-17 22:31:00 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_cafile_add_openssl(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *ca_file)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2011-12-07 19:25:53 -08:00
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
if (stat(ca_file, &st)) return EINA_FALSE;
|
|
|
|
if (S_ISDIR(st.st_mode))
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_load_verify_locations(svr->ssl_ctx, NULL, ca_file));
|
|
|
|
else
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_load_verify_locations(svr->ssl_ctx, ca_file, NULL));
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_TRUE;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR);
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
static Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_crl_add_openssl(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *crl_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-10-01 18:32:05 -07:00
|
|
|
X509_STORE *st;
|
|
|
|
X509_LOOKUP *lu;
|
2010-10-02 02:58:06 -07:00
|
|
|
static Eina_Bool flag = EINA_FALSE;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-10-01 18:32:05 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(st = SSL_CTX_get_cert_store(svr->ssl_ctx)));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(lu = X509_STORE_add_lookup(st, X509_LOOKUP_file())));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(X509_load_crl_file(lu, crl_file, X509_FILETYPE_PEM) < 1);
|
2010-10-02 02:58:06 -07:00
|
|
|
if (!flag)
|
|
|
|
{
|
|
|
|
X509_STORE_set_flags(st, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
|
|
|
|
flag = EINA_TRUE;
|
|
|
|
}
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_TRUE;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR);
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_privkey_add_openssl(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *key_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-27 20:16:08 -07:00
|
|
|
FILE *fp = NULL;
|
|
|
|
EVP_PKEY *privkey = NULL;
|
|
|
|
|
|
|
|
if (!(fp = fopen(key_file, "r")))
|
2010-11-03 10:58:37 -07:00
|
|
|
goto error;
|
2010-09-27 20:16:08 -07:00
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(privkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL)));
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
fclose(fp);
|
2012-09-05 05:41:50 -07:00
|
|
|
fp = NULL;
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(SSL_CTX_use_PrivateKey(svr->ssl_ctx, privkey) < 1);
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(SSL_CTX_check_private_key(svr->ssl_ctx) < 1);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
error:
|
2010-07-28 11:25:46 -07:00
|
|
|
if (fp)
|
2010-11-03 10:58:37 -07:00
|
|
|
fclose(fp);
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR);
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Eina_Bool
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_cert_add_openssl(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *cert_file)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-09-27 20:16:08 -07:00
|
|
|
FILE *fp = NULL;
|
|
|
|
X509 *cert = NULL;
|
|
|
|
|
|
|
|
if (!(fp = fopen(cert_file, "r")))
|
2010-11-03 10:58:37 -07:00
|
|
|
goto error;
|
2010-09-27 20:16:08 -07:00
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(cert = PEM_read_X509(fp, NULL, NULL, NULL)));
|
|
|
|
|
|
|
|
fclose(fp);
|
2012-09-05 05:41:50 -07:00
|
|
|
fp = NULL;
|
2010-09-27 20:16:08 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(SSL_CTX_use_certificate(svr->ssl_ctx, cert) < 1);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_TRUE;
|
|
|
|
|
|
|
|
error:
|
|
|
|
if (fp)
|
2010-11-03 10:58:37 -07:00
|
|
|
fclose(fp);
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_SERVER_ERROR);
|
2010-07-28 11:25:46 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_shutdown_openssl(Ecore_Con_Server *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->ssl)
|
|
|
|
{
|
|
|
|
if (!SSL_shutdown(svr->ssl))
|
2010-11-03 10:58:37 -07:00
|
|
|
SSL_shutdown(svr->ssl);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_free(svr->ssl);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->ssl_ctx)
|
2010-11-03 10:58:37 -07:00
|
|
|
SSL_CTX_free(svr->ssl_ctx);
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
svr->ssl = NULL;
|
|
|
|
svr->ssl_ctx = NULL;
|
|
|
|
svr->ssl_err = SSL_ERROR_NONE;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_read_openssl(Ecore_Con_Server *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2011-03-18 22:02:37 -07:00
|
|
|
if (!svr->ssl) return -1;
|
2010-07-26 23:30:27 -07:00
|
|
|
num = SSL_read(svr->ssl, buf, size);
|
|
|
|
svr->ssl_err = SSL_get_error(svr->ssl, num);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->fd_handler)
|
|
|
|
{
|
2010-09-24 20:02:10 -07:00
|
|
|
if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_READ)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
|
2010-09-24 20:02:10 -07:00
|
|
|
else if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_WRITE)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_WRITE);
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SSL))
|
2010-11-03 10:58:37 -07:00
|
|
|
return -1;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
if (num < 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-08-22 08:06:27 -07:00
|
|
|
_ecore_con_ssl_server_write_openssl(Ecore_Con_Server *obj,
|
2011-07-16 06:07:39 -07:00
|
|
|
const unsigned char *buf,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *svr = eo_data_scope_get(obj, ECORE_CON_SERVER_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = SSL_write(svr->ssl, buf, size);
|
|
|
|
svr->ssl_err = SSL_get_error(svr->ssl, num);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->fd_handler)
|
|
|
|
{
|
2010-09-29 18:01:41 -07:00
|
|
|
if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_READ)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
|
2010-09-29 18:01:41 -07:00
|
|
|
else if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_WRITE)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_WRITE);
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SSL))
|
2010-11-03 10:58:37 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (num < 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-08-22 05:14:59 -07:00
|
|
|
_ecore_con_ssl_client_init_openssl(Ecore_Con_Client *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2014-08-22 08:06:27 -07:00
|
|
|
Ecore_Con_Server_Data *host_server = eo_data_scope_get(cl->host_server, ECORE_CON_SERVER_CLASS);
|
2010-10-02 02:14:41 -07:00
|
|
|
int ret = -1;
|
2010-09-23 21:15:42 -07:00
|
|
|
switch (cl->ssl_state)
|
2010-09-20 11:25:21 -07:00
|
|
|
{
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_DONE:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_INIT:
|
2014-08-22 08:06:27 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!(cl->ssl = SSL_new(host_server->ssl_ctx)));
|
2010-09-23 21:15:42 -07:00
|
|
|
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(!SSL_set_fd(cl->ssl, cl->fd));
|
|
|
|
SSL_set_accept_state(cl->ssl);
|
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
case ECORE_CON_SSL_STATE_HANDSHAKING:
|
2013-12-19 21:07:50 -08:00
|
|
|
if (!cl->ssl)
|
2010-11-06 22:36:40 -07:00
|
|
|
{
|
|
|
|
DBG("Client was previously lost, going to error condition");
|
|
|
|
goto error;
|
|
|
|
}
|
2010-09-22 10:37:25 -07:00
|
|
|
ret = SSL_do_handshake(cl->ssl);
|
2010-10-02 02:14:41 -07:00
|
|
|
cl->ssl_err = SSL_get_error(cl->ssl, ret);
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR((cl->ssl_err == SSL_ERROR_SYSCALL) || (cl->ssl_err == SSL_ERROR_SSL));
|
2010-09-23 21:15:42 -07:00
|
|
|
if (ret == 1)
|
|
|
|
{
|
|
|
|
cl->handshaking = EINA_FALSE;
|
|
|
|
cl->ssl_state = ECORE_CON_SSL_STATE_DONE;
|
|
|
|
}
|
2010-09-29 18:50:58 -07:00
|
|
|
else
|
|
|
|
{
|
2010-10-02 02:14:41 -07:00
|
|
|
if (cl->ssl_err == SSL_ERROR_WANT_READ)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_READ);
|
2010-10-02 02:14:41 -07:00
|
|
|
else if (cl->ssl_err == SSL_ERROR_WANT_WRITE)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_WRITE);
|
2010-09-29 18:53:23 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-29 18:50:58 -07:00
|
|
|
}
|
2010-11-03 10:58:37 -07:00
|
|
|
|
2010-09-23 21:15:42 -07:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2010-09-22 01:03:38 -07:00
|
|
|
|
2011-12-07 18:59:27 -08:00
|
|
|
_openssl_print_session(cl->ssl);
|
2014-08-22 08:06:27 -07:00
|
|
|
if (!host_server->verify)
|
2010-10-02 02:14:41 -07:00
|
|
|
/* not verifying certificates, so we're done! */
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-10-28 06:15:36 -07:00
|
|
|
SSL_set_verify(cl->ssl, SSL_VERIFY_PEER, NULL);
|
2010-10-02 02:14:41 -07:00
|
|
|
/* use CRL/CA lists to verify */
|
|
|
|
if (SSL_get_peer_certificate(cl->ssl))
|
2011-12-07 18:11:22 -08:00
|
|
|
{
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = SSL_get_verify_result(cl->ssl);
|
2011-12-07 18:53:43 -08:00
|
|
|
_openssl_print_verify_error(err);
|
2011-12-07 18:11:22 -08:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(err);
|
|
|
|
}
|
2010-10-02 02:14:41 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-17 22:31:00 -07:00
|
|
|
|
|
|
|
error:
|
2014-12-30 02:18:21 -08:00
|
|
|
_openssl_print_errors(obj, ECORE_CON_EVENT_CLIENT_ERROR);
|
2014-08-22 05:14:59 -07:00
|
|
|
_ecore_con_ssl_client_shutdown_openssl(obj);
|
2010-09-17 22:31:00 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2014-08-22 05:14:59 -07:00
|
|
|
_ecore_con_ssl_client_shutdown_openssl(Ecore_Con_Client *obj)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->ssl)
|
|
|
|
{
|
|
|
|
if (!SSL_shutdown(cl->ssl))
|
2010-11-03 10:58:37 -07:00
|
|
|
SSL_shutdown(cl->ssl);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_free(cl->ssl);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
cl->ssl = NULL;
|
|
|
|
cl->ssl_err = SSL_ERROR_NONE;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-08-22 05:14:59 -07:00
|
|
|
_ecore_con_ssl_client_read_openssl(Ecore_Con_Client *obj,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
2011-03-18 22:02:37 -07:00
|
|
|
if (!cl->ssl) return -1;
|
2010-07-26 23:30:27 -07:00
|
|
|
num = SSL_read(cl->ssl, buf, size);
|
|
|
|
cl->ssl_err = SSL_get_error(cl->ssl, num);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->fd_handler)
|
|
|
|
{
|
2010-09-29 18:01:41 -07:00
|
|
|
if (cl->ssl && cl->ssl_err == SSL_ERROR_WANT_READ)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_READ);
|
2010-09-29 18:01:41 -07:00
|
|
|
else if (cl->ssl && cl->ssl_err == SSL_ERROR_WANT_WRITE)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_WRITE);
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((cl->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SSL))
|
2010-11-03 10:58:37 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (num < 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2014-08-22 05:14:59 -07:00
|
|
|
_ecore_con_ssl_client_write_openssl(Ecore_Con_Client *obj,
|
2011-07-16 06:07:39 -07:00
|
|
|
const unsigned char *buf,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2014-08-22 05:14:59 -07:00
|
|
|
Ecore_Con_Client_Data *cl = eo_data_scope_get(obj, ECORE_CON_CLIENT_CLASS);
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = SSL_write(cl->ssl, buf, size);
|
|
|
|
cl->ssl_err = SSL_get_error(cl->ssl, num);
|
|
|
|
|
|
|
|
if (cl->fd_handler)
|
|
|
|
{
|
2010-09-29 18:01:41 -07:00
|
|
|
if (cl->ssl && cl->ssl_err == SSL_ERROR_WANT_READ)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_READ);
|
2010-09-29 18:01:41 -07:00
|
|
|
else if (cl->ssl && cl->ssl_err == SSL_ERROR_WANT_WRITE)
|
2010-11-03 10:58:37 -07:00
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler, ECORE_FD_WRITE);
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((cl->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SSL))
|
2010-11-03 10:58:37 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (num < 0)
|
2010-11-03 10:58:37 -07:00
|
|
|
return 0;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
/*
|
|
|
|
* No Ssl
|
|
|
|
*/
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_init_none(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_shutdown_none(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-09-18 12:26:05 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_prepare_none(Ecore_Con_Server *svr EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
int ssl_type EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-09-18 12:26:05 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_init_none(Ecore_Con_Server *svr EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 12:58:57 -07:00
|
|
|
static Eina_Bool
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_cafile_add_none(Ecore_Con_Server *svr EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *ca_file EINA_UNUSED)
|
2010-07-28 12:58:57 -07:00
|
|
|
{
|
2010-09-27 20:16:08 -07:00
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Eina_Bool
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_cert_add_none(Ecore_Con_Server *svr EINA_UNUSED,
|
|
|
|
const char *cert_file EINA_UNUSED)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Eina_Bool
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_privkey_add_none(Ecore_Con_Server *svr EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *key_file EINA_UNUSED)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Eina_Bool
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_crl_add_none(Ecore_Con_Server *svr EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
const char *crl_file EINA_UNUSED)
|
2010-09-27 20:16:08 -07:00
|
|
|
{
|
|
|
|
return EINA_FALSE;
|
2010-07-28 12:58:57 -07:00
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_shutdown_none(Ecore_Con_Server *svr EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_read_none(Ecore_Con_Server *svr EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf EINA_UNUSED,
|
|
|
|
int size EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_server_write_none(Ecore_Con_Server *svr EINA_UNUSED,
|
|
|
|
const unsigned char *buf EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_client_init_none(Ecore_Con_Client *cl EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_client_shutdown_none(Ecore_Con_Client *cl EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_client_read_none(Ecore_Con_Client *cl EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
unsigned char *buf EINA_UNUSED,
|
|
|
|
int size EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2012-11-25 01:55:32 -08:00
|
|
|
_ecore_con_ssl_client_write_none(Ecore_Con_Client *cl EINA_UNUSED,
|
|
|
|
const unsigned char *buf EINA_UNUSED,
|
2013-12-19 21:07:50 -08:00
|
|
|
int size EINA_UNUSED)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|