2009-01-31 10:33:39 -08:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include <config.h>
|
|
|
|
#endif
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
#if USE_GNUTLS
|
|
|
|
# include <gnutls/gnutls.h>
|
2010-07-28 11:25:46 -07:00
|
|
|
# include <gnutls/x509.h>
|
|
|
|
# include <gcrypt.h>
|
2008-10-30 08:26:11 -07:00
|
|
|
#elif USE_OPENSSL
|
|
|
|
# include <openssl/ssl.h>
|
2010-07-26 23:30:27 -07:00
|
|
|
# include <openssl/err.h>
|
2008-10-30 08:26:11 -07:00
|
|
|
#endif
|
|
|
|
|
2010-02-20 11:12:52 -08:00
|
|
|
#ifdef HAVE_WS2TCPIP_H
|
2010-02-20 10:01:50 -08:00
|
|
|
# include <ws2tcpip.h>
|
|
|
|
#endif
|
|
|
|
|
2009-03-18 01:38:43 -07:00
|
|
|
#include "Ecore.h"
|
2009-12-22 13:15:12 -08:00
|
|
|
#include "ecore_con_private.h"
|
2010-07-28 11:25:46 -07:00
|
|
|
#include <sys/mman.h>
|
|
|
|
#include <errno.h>
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2009-10-09 22:28:43 -07:00
|
|
|
static int _init_con_ssl_init_count = 0;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
#if USE_GNUTLS
|
2010-07-28 11:25:46 -07:00
|
|
|
# ifdef EFL_HAVE_PTHREAD
|
|
|
|
GCRY_THREAD_OPTION_PTHREAD_IMPL;
|
|
|
|
# endif
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static int _client_connected = 0;
|
2010-07-26 23:30:27 -07:00
|
|
|
# define SSL_SUFFIX(ssl_func) ssl_func ## _gnutls
|
2008-10-30 08:26:11 -07:00
|
|
|
# define _ECORE_CON_SSL_AVAILABLE 1
|
|
|
|
|
|
|
|
#elif USE_OPENSSL
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
# define SSL_SUFFIX(ssl_func) ssl_func ## _openssl
|
2008-10-30 08:26:11 -07:00
|
|
|
# define _ECORE_CON_SSL_AVAILABLE 2
|
|
|
|
|
|
|
|
#else
|
2010-07-26 23:30:27 -07:00
|
|
|
# define SSL_SUFFIX(ssl_func) ssl_func ## _none
|
2008-10-30 08:26:11 -07:00
|
|
|
# define _ECORE_CON_SSL_AVAILABLE 0
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
#if USE_GNUTLS
|
2010-07-29 23:47:59 -07:00
|
|
|
typedef struct _cert_thingy
|
|
|
|
{
|
|
|
|
gnutls_certificate_credentials_t cert;
|
|
|
|
int count;
|
|
|
|
} gnutls;
|
|
|
|
static gnutls *client_cert = NULL;
|
|
|
|
static gnutls *server_cert = NULL;
|
2010-07-28 11:25:46 -07:00
|
|
|
#elif USE_OPENSSL
|
2010-07-29 23:47:59 -07:00
|
|
|
typedef struct _cert_thingy
|
|
|
|
{
|
|
|
|
X509 *cert;
|
|
|
|
int count;
|
|
|
|
} openssl;
|
|
|
|
typedef struct _key_thingy
|
|
|
|
{
|
|
|
|
EVP_PKEY *key;
|
|
|
|
int count;
|
|
|
|
} openssl_pkey;
|
|
|
|
static openssl_pkey *private_key = NULL;
|
|
|
|
static openssl *client_cert = NULL;
|
|
|
|
static openssl *server_cert = NULL;
|
2010-07-28 11:25:46 -07:00
|
|
|
#endif
|
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
#define SSL_ERROR_CHECK_GOTO_ERROR(X) \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
if ((X)) \
|
|
|
|
{ \
|
|
|
|
ERR("Error at %s:%s:%d!", __FILE__, __PRETTY_FUNCTION__, __LINE__); \
|
|
|
|
goto error; \
|
|
|
|
} \
|
|
|
|
} \
|
|
|
|
while (0)
|
|
|
|
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_init) (void);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_shutdown) (void);
|
|
|
|
|
|
|
|
static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_client_cert_add) (const char *
|
|
|
|
cert_file,
|
|
|
|
const char *
|
|
|
|
crl_file,
|
|
|
|
const char *
|
|
|
|
key_file);
|
|
|
|
static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (const char *cert);
|
|
|
|
|
|
|
|
static void SSL_SUFFIX(_ecore_con_ssl_server_prepare) (Ecore_Con_Server *
|
|
|
|
svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_server_init) (Ecore_Con_Server * svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_server_shutdown) (Ecore_Con_Server *
|
|
|
|
svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_State
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_server_try) (Ecore_Con_Server * svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
static int
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_server_read) (Ecore_Con_Server * svr,
|
2010-07-26 23:30:27 -07:00
|
|
|
unsigned char *buf, int size);
|
2008-10-30 08:26:11 -07:00
|
|
|
static int
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_server_write) (Ecore_Con_Server *
|
|
|
|
svr,
|
2010-07-26 23:30:27 -07:00
|
|
|
unsigned char *buf, int size);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
static void
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_client_prepare) (Ecore_Con_Client *
|
|
|
|
cl);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_client_init) (Ecore_Con_Client * cl);
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_client_shutdown) (Ecore_Con_Client *
|
|
|
|
cl);
|
2008-10-30 08:26:11 -07:00
|
|
|
static int
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_client_read) (Ecore_Con_Client * cl,
|
2010-07-26 23:30:27 -07:00
|
|
|
unsigned char *buf, int size);
|
2008-10-30 08:26:11 -07:00
|
|
|
static int
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_client_write) (Ecore_Con_Client * cl,
|
2010-07-26 23:30:27 -07:00
|
|
|
unsigned char *buf, int size);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* General SSL API
|
|
|
|
*/
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_init(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!_init_con_ssl_init_count++)
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_init) ();
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return _init_con_ssl_init_count;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_shutdown(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!--_init_con_ssl_init_count)
|
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
#if USE_OPENSSL || USE_GNUTLS
|
|
|
|
if (client_cert)
|
|
|
|
client_cert->count = 0;
|
|
|
|
|
|
|
|
if (server_cert)
|
|
|
|
server_cert->count = 0;
|
|
|
|
#endif
|
2010-07-28 17:13:56 -07:00
|
|
|
#if USE_OPENSSL && !USE_GNUTLS
|
2010-07-29 23:47:59 -07:00
|
|
|
if (private_key)
|
|
|
|
private_key->count = 0;
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
#endif
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_shutdown) ();
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return _init_con_ssl_init_count;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
/**
|
|
|
|
* Returns if SSL support is available
|
|
|
|
* @return 1 if SSL is available, 0 if it is not.
|
|
|
|
* @ingroup Ecore_Con_Client_Group
|
|
|
|
*/
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_available_get(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return _ECORE_CON_SSL_AVAILABLE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
void
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_server_prepare(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-28 11:25:46 -07:00
|
|
|
SSL_SUFFIX(_ecore_con_ssl_server_prepare) (svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_server_init(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_init) (svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
Eina_Bool
|
|
|
|
ecore_con_ssl_server_cert_add(const char *cert)
|
|
|
|
{
|
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (cert);
|
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_server_shutdown(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_shutdown) (svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_State
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_server_try(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_try) (svr);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
|
|
|
ecore_con_ssl_server_read(Ecore_Con_Server *svr, unsigned char *buf, int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_read) (svr, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
|
|
|
ecore_con_ssl_server_write(Ecore_Con_Server *svr, unsigned char *buf, int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_server_write) (svr, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_client_init(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_init) (cl);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
Eina_Bool
|
|
|
|
ecore_con_ssl_client_cert_add(const char *cert_file,
|
|
|
|
const char *crl_file,
|
|
|
|
const char *key_file)
|
|
|
|
{
|
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_cert_add) (cert_file, crl_file,
|
|
|
|
key_file);
|
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
Ecore_Con_Ssl_Error
|
2008-10-30 08:26:11 -07:00
|
|
|
ecore_con_ssl_client_shutdown(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_shutdown) (cl);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
|
|
|
ecore_con_ssl_client_read(Ecore_Con_Client *cl, unsigned char *buf, int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_read) (cl, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2008-12-15 09:59:19 -08:00
|
|
|
int
|
|
|
|
ecore_con_ssl_client_write(Ecore_Con_Client *cl, unsigned char *buf, int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return SSL_SUFFIX(_ecore_con_ssl_client_write) (cl, buf, size);
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
#if USE_GNUTLS
|
|
|
|
|
|
|
|
/*
|
|
|
|
* GnuTLS
|
|
|
|
*/
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_init_gnutls(void)
|
|
|
|
{
|
2010-07-28 11:25:46 -07:00
|
|
|
#ifdef EFL_HAVE_PTHREAD
|
|
|
|
if (gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread))
|
|
|
|
WRN(
|
|
|
|
"YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!");
|
|
|
|
|
|
|
|
#endif
|
2010-07-26 23:30:27 -07:00
|
|
|
if (gnutls_global_init())
|
|
|
|
return ECORE_CON_SSL_ERROR_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_shutdown_gnutls(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
gnutls_global_deinit();
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
svr->session = NULL;
|
|
|
|
svr->anoncred_c = NULL;
|
|
|
|
return;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 18:28:03 -07:00
|
|
|
/* Tries to connect an Ecore_Con_Server to an SSL host.
|
|
|
|
* Returns 1 on success, -1 on fatal errors and 0 if the caller
|
|
|
|
* should try again later.
|
|
|
|
*/
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
const int *proto = NULL;
|
2010-09-17 10:18:41 -07:00
|
|
|
const int compress[] = { GNUTLS_COMP_DEFLATE, GNUTLS_COMP_NULL, 0 };
|
2010-07-26 23:30:27 -07:00
|
|
|
int ret = 0;
|
|
|
|
const int ssl3_proto[] = { GNUTLS_SSL3, 0 };
|
|
|
|
const int tls_proto[] = {
|
|
|
|
GNUTLS_TLS1_0,
|
|
|
|
GNUTLS_TLS1_1,
|
2008-10-30 08:26:11 -07:00
|
|
|
#ifdef USE_GNUTLS2
|
2010-07-26 23:30:27 -07:00
|
|
|
GNUTLS_TLS1_2,
|
2008-10-30 08:26:11 -07:00
|
|
|
#endif
|
2010-07-26 23:30:27 -07:00
|
|
|
0
|
|
|
|
};
|
|
|
|
|
|
|
|
switch (svr->type & ECORE_CON_SSL)
|
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL2: /* not supported because of security issues */
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT: /* not supported because of security issues */
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_SSL3:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
proto = ssl3_proto;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
proto = tls_proto;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
}
|
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if ((server_cert) && (server_cert->cert) &&
|
2010-09-17 01:00:42 -07:00
|
|
|
((svr->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT) == ECORE_CON_LOAD_CERT)
|
2010-07-26 23:30:27 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
svr->cert = server_cert->cert;
|
|
|
|
server_cert->count++;
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_init(&(svr->session), GNUTLS_CLIENT));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_set_default_priority(svr->session));
|
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->cert)
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(svr->session, GNUTLS_CRD_CERTIFICATE,
|
|
|
|
svr->cert));
|
2010-07-26 23:30:27 -07:00
|
|
|
else
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-09-17 12:43:03 -07:00
|
|
|
const int kx[] = { GNUTLS_KX_ANON_DH, 0 };
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_kx_set_priority(svr->session, kx));
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_client_credentials(&svr->anoncred_c));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(svr->session, GNUTLS_CRD_ANON, svr->anoncred_c));
|
2010-07-28 11:25:46 -07:00
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_protocol_set_priority(svr->session, proto));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_compression_set_priority(svr->session, compress));
|
2010-07-28 11:25:46 -07:00
|
|
|
gnutls_dh_set_prime_bits(svr->session, 2048);
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
gnutls_transport_set_ptr(svr->session, (gnutls_transport_ptr_t)svr->fd);
|
|
|
|
|
|
|
|
while ((ret = gnutls_handshake(svr->session)) < 0)
|
|
|
|
{
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR((ret != GNUTLS_E_AGAIN) &&
|
|
|
|
(ret != GNUTLS_E_INTERRUPTED));
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-17 10:18:41 -07:00
|
|
|
|
|
|
|
error:
|
2010-09-17 10:22:59 -07:00
|
|
|
ERR("gnutls returned with error: %s - %s", gnutls_strerror_name(ret), gnutls_strerror(ret));
|
|
|
|
_ecore_con_ssl_server_shutdown_gnutls(svr);
|
2010-09-17 10:18:41 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static Eina_Bool
|
|
|
|
_ecore_con_ssl_server_cert_add_gnutls(const char *cert_file)
|
|
|
|
{
|
|
|
|
gnutls_certificate_credentials_t cert = NULL;
|
|
|
|
|
|
|
|
/* cert load */
|
|
|
|
if (gnutls_certificate_set_x509_trust_file(cert, cert_file,
|
|
|
|
GNUTLS_X509_FMT_PEM) < 0)
|
|
|
|
goto on_error;
|
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if (!server_cert)
|
|
|
|
{
|
|
|
|
server_cert = malloc(sizeof(gnutls));
|
|
|
|
if (!server_cert)
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
else if ((server_cert->cert) && ((--server_cert->count) < 1))
|
|
|
|
gnutls_certificate_free_credentials(server_cert->cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
server_cert->cert = cert;
|
|
|
|
server_cert->count = 1;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
|
|
|
|
on_error:
|
|
|
|
if (cert)
|
|
|
|
gnutls_certificate_free_credentials(cert);
|
|
|
|
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->session)
|
|
|
|
{
|
|
|
|
gnutls_bye(svr->session, GNUTLS_SHUT_RDWR);
|
|
|
|
gnutls_deinit(svr->session);
|
|
|
|
}
|
|
|
|
|
2010-07-30 08:57:19 -07:00
|
|
|
if (((svr->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
|
2010-07-29 23:47:59 -07:00
|
|
|
(server_cert) &&
|
|
|
|
(server_cert->cert) && (--server_cert->count < 1))
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
gnutls_certificate_free_credentials(server_cert->cert);
|
|
|
|
free(server_cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
server_cert = NULL;
|
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
else if (svr->anoncred_c)
|
|
|
|
gnutls_anon_free_client_credentials(svr->anoncred_c);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_prepare_gnutls(svr);
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 18:28:03 -07:00
|
|
|
/* this is a stub function, the handshake is done in _init_gnutls */
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_State
|
2009-01-31 10:33:39 -08:00
|
|
|
_ecore_con_ssl_server_try_gnutls(Ecore_Con_Server *svr __UNUSED__)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
|
|
|
return ECORE_CON_CONNECTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = gnutls_record_recv(svr->session, buf, size);
|
|
|
|
if (num > 0)
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((num == GNUTLS_E_AGAIN) ||
|
|
|
|
(num == GNUTLS_E_REHANDSHAKE) ||
|
|
|
|
(num == GNUTLS_E_INTERRUPTED))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = gnutls_record_send(svr->session, buf, size);
|
|
|
|
if (num > 0)
|
|
|
|
return num;
|
|
|
|
|
|
|
|
if ((num == GNUTLS_E_AGAIN) ||
|
|
|
|
(num == GNUTLS_E_REHANDSHAKE) ||
|
|
|
|
(num == GNUTLS_E_INTERRUPTED))
|
|
|
|
return 0;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_ecore_con_ssl_client_prepare_gnutls(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
cl->session = NULL;
|
|
|
|
if (!_client_connected)
|
|
|
|
{
|
|
|
|
cl->server->anoncred_s = NULL;
|
|
|
|
cl->server->cert = NULL;
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
const int *proto = NULL;
|
|
|
|
gnutls_dh_params_t dh_params;
|
|
|
|
int ret;
|
2010-09-17 10:18:41 -07:00
|
|
|
const int compress[] = { GNUTLS_COMP_DEFLATE, GNUTLS_COMP_NULL, 0 };
|
2010-07-26 23:30:27 -07:00
|
|
|
const int ssl3_proto[] = { GNUTLS_SSL3, 0 };
|
|
|
|
const int tls_proto[] = {
|
|
|
|
GNUTLS_TLS1_0,
|
|
|
|
GNUTLS_TLS1_1,
|
2008-10-30 08:26:11 -07:00
|
|
|
#ifdef USE_GNUTLS2
|
2010-07-26 23:30:27 -07:00
|
|
|
GNUTLS_TLS1_2,
|
2008-10-30 08:26:11 -07:00
|
|
|
#endif
|
2010-07-26 23:30:27 -07:00
|
|
|
0
|
|
|
|
};
|
|
|
|
|
|
|
|
switch (cl->server->type & ECORE_CON_SSL)
|
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL2: /* not supported because of security issues */
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT: /* not supported because of security issues */
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_SSL3:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
proto = ssl3_proto;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
proto = tls_proto;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
}
|
|
|
|
|
|
|
|
_client_connected++;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_init(&dh_params));
|
2010-09-17 10:03:15 -07:00
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_generate2(dh_params, 1024));
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if ((client_cert) && (client_cert->cert) &&
|
2010-09-17 01:00:42 -07:00
|
|
|
((cl->server->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT) == ECORE_CON_LOAD_CERT)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
cl->server->cert = client_cert->cert;
|
|
|
|
client_cert->count++;
|
2010-07-28 11:25:46 -07:00
|
|
|
gnutls_certificate_set_dh_params(cl->server->cert, dh_params);
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
if ((!cl->server->anoncred_s) && (!cl->server->cert))
|
2010-07-26 23:30:27 -07:00
|
|
|
{
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_server_credentials(&(cl->server->anoncred_s)));
|
2010-07-26 23:30:27 -07:00
|
|
|
gnutls_anon_set_server_dh_params(cl->server->anoncred_s, dh_params);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_init(&(cl->session), GNUTLS_SERVER));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_set_default_priority(cl->session));
|
2010-07-28 11:25:46 -07:00
|
|
|
if (cl->server->cert)
|
|
|
|
{
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session,
|
2010-07-28 11:25:46 -07:00
|
|
|
GNUTLS_CRD_CERTIFICATE,
|
2010-09-17 10:39:32 -07:00
|
|
|
cl->server->cert));
|
2010-07-28 11:25:46 -07:00
|
|
|
gnutls_certificate_server_set_request(cl->session, GNUTLS_CERT_REQUEST);
|
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
else
|
2010-09-17 12:43:03 -07:00
|
|
|
{
|
|
|
|
const int kx[] = { GNUTLS_KX_ANON_DH, 0 };
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_kx_set_priority(cl->session, kx));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_credentials_set(cl->session, GNUTLS_CRD_ANON,
|
2010-09-17 10:39:32 -07:00
|
|
|
cl->server->anoncred_s));
|
2010-09-17 12:43:03 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_protocol_set_priority(cl->session, proto));
|
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_compression_set_priority(cl->session, compress));
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
gnutls_transport_set_ptr(cl->session, (gnutls_transport_ptr_t)cl->fd);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
while ((ret = gnutls_handshake(cl->session)) < 0)
|
|
|
|
{
|
2010-09-17 10:39:32 -07:00
|
|
|
SSL_ERROR_CHECK_GOTO_ERROR((ret != GNUTLS_E_AGAIN) &&
|
|
|
|
(ret != GNUTLS_E_INTERRUPTED));
|
2010-07-26 23:30:27 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
/* TODO: add cert verification support */
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2010-09-17 10:22:59 -07:00
|
|
|
|
2010-09-17 10:03:15 -07:00
|
|
|
error:
|
2010-09-17 10:22:59 -07:00
|
|
|
ERR("gnutls returned with error: %s - %s", gnutls_strerror_name(ret), gnutls_strerror(ret));
|
|
|
|
_ecore_con_ssl_client_shutdown_gnutls(cl);
|
2010-09-17 10:03:15 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_client_shutdown_gnutls(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->session)
|
|
|
|
{
|
|
|
|
gnutls_bye(cl->session, GNUTLS_SHUT_RDWR);
|
|
|
|
gnutls_deinit(cl->session);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
if (cl->server->anoncred_s && !--_client_connected)
|
|
|
|
gnutls_anon_free_server_credentials(cl->server->anoncred_s);
|
|
|
|
|
2010-07-30 08:57:19 -07:00
|
|
|
if (((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
|
2010-07-29 23:47:59 -07:00
|
|
|
(client_cert) &&
|
|
|
|
(client_cert->cert) && (--client_cert->count < 1))
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
gnutls_certificate_free_credentials(client_cert->cert);
|
|
|
|
free(client_cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
client_cert = NULL;
|
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
_ecore_con_ssl_client_prepare_gnutls(cl);
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static Eina_Bool
|
|
|
|
_ecore_con_ssl_client_cert_add_gnutls(const char *cert_file,
|
|
|
|
const char *crl_file,
|
|
|
|
const char *key_file)
|
|
|
|
{
|
|
|
|
gnutls_certificate_credentials_t cert = NULL;
|
|
|
|
|
|
|
|
if (gnutls_certificate_allocate_credentials(&cert) < 0)
|
|
|
|
return EINA_FALSE;
|
|
|
|
|
|
|
|
/* cert load */
|
|
|
|
if (gnutls_certificate_set_x509_trust_file(cert, cert_file,
|
|
|
|
GNUTLS_X509_FMT_PEM) < 0)
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
/* private key load */
|
|
|
|
if (gnutls_certificate_set_x509_key_file(cert, cert_file, key_file,
|
|
|
|
GNUTLS_X509_FMT_PEM) < 0)
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
//TODO: uncomment once we implement cert checking
|
|
|
|
if (crl_file)
|
|
|
|
/* CRL file load */
|
|
|
|
if (gnutls_certificate_set_x509_crl_mem(cert, crl_file,
|
|
|
|
GNUTLS_X509_FMT_PEM) < 0)
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
}
|
|
|
|
#endif
|
2010-07-29 23:47:59 -07:00
|
|
|
if (!client_cert)
|
|
|
|
{
|
|
|
|
client_cert = malloc(sizeof(gnutls));
|
|
|
|
if (!client_cert)
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
else if ((client_cert->cert) && ((--client_cert->count) < 1))
|
|
|
|
gnutls_certificate_free_credentials(client_cert->cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
client_cert->cert = cert;
|
|
|
|
client_cert->count = 1;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
|
|
|
|
on_error:
|
|
|
|
if (cert)
|
|
|
|
gnutls_certificate_free_credentials(cert);
|
|
|
|
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = gnutls_record_recv(cl->session, buf, size);
|
|
|
|
if (num > 0)
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((num == GNUTLS_E_AGAIN) ||
|
|
|
|
(num == GNUTLS_E_REHANDSHAKE) ||
|
|
|
|
(num == GNUTLS_E_INTERRUPTED))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = gnutls_record_send(cl->session, buf, size);
|
|
|
|
if (num > 0)
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((num == GNUTLS_E_AGAIN) ||
|
|
|
|
(num == GNUTLS_E_REHANDSHAKE) ||
|
|
|
|
(num == GNUTLS_E_INTERRUPTED))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 17:13:56 -07:00
|
|
|
#elif USE_OPENSSL && !USE_GNUTLS
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* OpenSSL
|
|
|
|
*/
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_init_openssl(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_library_init();
|
|
|
|
SSL_load_error_strings();
|
2010-09-17 18:27:38 -07:00
|
|
|
OpenSSL_add_all_algorithms();
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_shutdown_openssl(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
ERR_free_strings();
|
2010-09-17 18:27:38 -07:00
|
|
|
EVP_cleanup();
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
svr->ssl = NULL;
|
|
|
|
svr->ssl_ctx = NULL;
|
|
|
|
svr->ssl_err = SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_server_init_openssl(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
switch (svr->type & ECORE_CON_SSL)
|
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL2:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
/* Unsafe version of SSL */
|
|
|
|
if (!(svr->ssl_ctx =
|
|
|
|
SSL_CTX_new(SSLv2_client_method())))
|
|
|
|
return
|
|
|
|
ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_SSL3:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!(svr->ssl_ctx =
|
|
|
|
SSL_CTX_new(SSLv3_client_method())))
|
|
|
|
return
|
|
|
|
ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!(svr->ssl_ctx =
|
|
|
|
SSL_CTX_new(TLSv1_client_method())))
|
|
|
|
return
|
|
|
|
ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
}
|
|
|
|
if (!(svr->ssl = SSL_new(svr->ssl_ctx)))
|
|
|
|
{
|
|
|
|
SSL_CTX_free(svr->ssl_ctx);
|
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if ((server_cert) && (server_cert->cert) &&
|
2010-09-17 01:00:42 -07:00
|
|
|
((svr->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT) == ECORE_CON_LOAD_CERT)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
|
|
|
//FIXME: just log and go on without cert if loading fails?
|
2010-07-29 23:47:59 -07:00
|
|
|
if (!SSL_CTX_use_certificate(svr->ssl_ctx, server_cert->cert))
|
2010-07-28 11:25:46 -07:00
|
|
|
ERR(
|
|
|
|
"ssl cert load failed: %s", ERR_reason_error_string(ERR_get_error()));
|
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
server_cert->count++;
|
2010-07-28 11:25:46 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_set_fd(svr->ssl, svr->fd);
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
static Eina_Bool
|
|
|
|
_ecore_con_ssl_server_cert_add_openssl(const char *cert_file)
|
|
|
|
{
|
2010-07-28 11:27:47 -07:00
|
|
|
FILE *fp = NULL;
|
|
|
|
X509 *cert = NULL;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-28 13:03:28 -07:00
|
|
|
if (!(fp = fopen(cert_file, "r")))
|
2010-07-28 11:25:46 -07:00
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
if (!(cert = PEM_read_X509(fp, NULL, NULL, NULL)))
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
fclose(fp);
|
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if (!server_cert)
|
|
|
|
{
|
|
|
|
server_cert = malloc(sizeof(openssl));
|
|
|
|
if (!server_cert)
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
else if ((server_cert->cert) && ((--server_cert->count) < 1))
|
|
|
|
X509_free(server_cert->cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
server_cert->cert = cert;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
server_cert->count = 1;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
|
|
|
|
on_error:
|
|
|
|
if (fp)
|
|
|
|
fclose(fp);
|
|
|
|
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_server_shutdown_openssl(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->ssl)
|
|
|
|
{
|
|
|
|
if (!SSL_shutdown(svr->ssl))
|
|
|
|
SSL_shutdown(svr->ssl);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_free(svr->ssl);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-30 08:57:19 -07:00
|
|
|
if (((svr->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
|
2010-07-29 23:47:59 -07:00
|
|
|
(server_cert) && (server_cert->cert) &&
|
|
|
|
(--server_cert->count < 1))
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
X509_free(server_cert->cert);
|
|
|
|
free(server_cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
server_cert = NULL;
|
|
|
|
}
|
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->ssl_ctx)
|
|
|
|
SSL_CTX_free(svr->ssl_ctx);
|
|
|
|
|
|
|
|
_ecore_con_ssl_server_prepare_openssl(svr);
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Tries to connect an Ecore_Con_Server to an SSL host.
|
|
|
|
* Returns 1 on success, -1 on fatal errors and 0 if the caller
|
|
|
|
* should try again later.
|
|
|
|
*/
|
|
|
|
static Ecore_Con_State
|
|
|
|
_ecore_con_ssl_server_try_openssl(Ecore_Con_Server *svr)
|
|
|
|
{
|
|
|
|
int res, flag = 0;
|
|
|
|
|
|
|
|
if ((res = SSL_connect(svr->ssl)) == 1)
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_CONNECTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
svr->ssl_err = SSL_get_error(svr->ssl, res);
|
|
|
|
|
|
|
|
switch (svr->ssl_err)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
case SSL_ERROR_NONE:
|
|
|
|
return ECORE_CON_CONNECTED;
|
|
|
|
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
flag = ECORE_FD_READ;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
flag = ECORE_FD_WRITE;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return ECORE_CON_DISCONNECTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
if (svr->fd_handler && flag)
|
2010-07-26 23:30:27 -07:00
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler,
|
|
|
|
flag);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
|
|
|
return ECORE_CON_INPROGRESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_read_openssl(Ecore_Con_Server *svr, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
num = SSL_read(svr->ssl, buf, size);
|
|
|
|
svr->ssl_err = SSL_get_error(svr->ssl, num);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->fd_handler)
|
|
|
|
{
|
|
|
|
if (svr->ssl && svr->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_READ)
|
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler,
|
|
|
|
ECORE_FD_READ);
|
|
|
|
else if (svr->ssl && svr->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_WRITE)
|
|
|
|
ecore_main_fd_handler_active_set(
|
|
|
|
svr->fd_handler,
|
|
|
|
ECORE_FD_WRITE);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SSL))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (num < 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_write_openssl(Ecore_Con_Server *svr, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = SSL_write(svr->ssl, buf, size);
|
|
|
|
svr->ssl_err = SSL_get_error(svr->ssl, num);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (svr->fd_handler)
|
|
|
|
{
|
|
|
|
if (svr->ssl && svr->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_READ)
|
|
|
|
ecore_main_fd_handler_active_set(svr->fd_handler,
|
|
|
|
ECORE_FD_READ);
|
|
|
|
else if (svr->ssl && svr->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_WRITE)
|
|
|
|
ecore_main_fd_handler_active_set(
|
|
|
|
svr->fd_handler,
|
|
|
|
ECORE_FD_WRITE);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(svr->ssl_err == SSL_ERROR_SSL))
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (num < 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_ecore_con_ssl_client_prepare_openssl(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
cl->ssl = NULL;
|
|
|
|
cl->ssl_ctx = NULL;
|
|
|
|
cl->ssl_err = SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_client_init_openssl(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
switch (cl->server->type & ECORE_CON_SSL)
|
|
|
|
{
|
|
|
|
case ECORE_CON_USE_SSL2:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
/* Unsafe version of SSL */
|
|
|
|
if (!(cl->ssl_ctx =
|
|
|
|
SSL_CTX_new(SSLv2_client_method())))
|
|
|
|
return
|
|
|
|
ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_SSL3:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!(cl->ssl_ctx =
|
|
|
|
SSL_CTX_new(SSLv3_client_method())))
|
|
|
|
return
|
|
|
|
ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case ECORE_CON_USE_TLS:
|
2010-09-17 01:00:42 -07:00
|
|
|
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
|
2010-07-26 23:30:27 -07:00
|
|
|
if (!(cl->ssl_ctx =
|
|
|
|
SSL_CTX_new(TLSv1_client_method())))
|
|
|
|
return
|
|
|
|
ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
|
|
|
}
|
|
|
|
if (!(cl->ssl = SSL_new(cl->ssl_ctx)))
|
|
|
|
{
|
|
|
|
SSL_CTX_free(cl->ssl_ctx);
|
|
|
|
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if ((client_cert) && (client_cert->cert) && (private_key->key) &&
|
2010-09-17 01:00:42 -07:00
|
|
|
((cl->server->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT) == ECORE_CON_LOAD_CERT)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
|
|
|
//FIXME: just log and go on without cert if loading fails?
|
2010-09-17 01:58:23 -07:00
|
|
|
if (!SSL_CTX_use_certificate(cl->ssl_ctx, client_cert->cert) ||
|
|
|
|
!SSL_CTX_use_PrivateKey(cl->ssl_ctx, private_key->key) ||
|
|
|
|
!SSL_CTX_check_private_key(cl->ssl_ctx))
|
2010-07-28 11:25:46 -07:00
|
|
|
ERR(
|
|
|
|
"ssl cert load failed: %s", ERR_reason_error_string(ERR_get_error()));
|
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
client_cert->count++;
|
|
|
|
private_key->count++;
|
2010-07-28 11:25:46 -07:00
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_set_fd(cl->ssl, cl->fd);
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
static Eina_Bool
|
|
|
|
_ecore_con_ssl_client_cert_add_openssl(const char *cert_file,
|
|
|
|
const char *crl_file,
|
|
|
|
const char *key_file)
|
|
|
|
{
|
|
|
|
FILE *fp = NULL;
|
|
|
|
EVP_PKEY *privkey = NULL;
|
|
|
|
X509 *cert = NULL;
|
|
|
|
|
|
|
|
if (!(fp = fopen(cert_file, "r")))
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
if (!(cert = PEM_read_X509(fp, NULL, NULL, NULL)))
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
if (key_file)
|
|
|
|
{
|
|
|
|
fclose(fp);
|
|
|
|
if (!(fp = fopen(key_file, "r")))
|
|
|
|
goto on_error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(privkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL)))
|
|
|
|
goto on_error;
|
|
|
|
|
|
|
|
fclose(fp);
|
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if (!client_cert)
|
|
|
|
{
|
|
|
|
client_cert = malloc(sizeof(openssl));
|
|
|
|
if (!client_cert)
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
else if ((client_cert->cert) && (--client_cert->count < 1))
|
|
|
|
X509_free(client_cert->cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
if (!private_key)
|
|
|
|
{
|
|
|
|
private_key = malloc(sizeof(openssl_pkey));
|
|
|
|
if (!private_key) return EINA_FALSE;
|
|
|
|
}
|
|
|
|
else if ((private_key->key) && ((--private_key->count) < 1))
|
|
|
|
EVP_PKEY_free(private_key->key);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
private_key->key = privkey;
|
|
|
|
client_cert->cert = cert;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
2010-07-29 23:47:59 -07:00
|
|
|
private_key->count = client_cert->count = 1;
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_TRUE;
|
|
|
|
|
|
|
|
on_error:
|
|
|
|
if (fp)
|
|
|
|
fclose(fp);
|
|
|
|
|
|
|
|
if (cert)
|
|
|
|
X509_free(cert);
|
|
|
|
|
|
|
|
if (privkey)
|
2010-07-29 01:13:58 -07:00
|
|
|
EVP_PKEY_free(privkey);
|
2010-07-28 11:25:46 -07:00
|
|
|
|
|
|
|
return EINA_FALSE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_client_shutdown_openssl(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->ssl)
|
|
|
|
{
|
|
|
|
if (!SSL_shutdown(cl->ssl))
|
|
|
|
SSL_shutdown(cl->ssl);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
SSL_free(cl->ssl);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->ssl_ctx)
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
|
|
|
SSL_CTX_free(cl->ssl_ctx);
|
2010-07-30 08:57:19 -07:00
|
|
|
if (((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
|
2010-07-29 23:47:59 -07:00
|
|
|
(client_cert) && (client_cert->cert) && (--client_cert->count < 1))
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
X509_free(client_cert->cert);
|
|
|
|
free(client_cert);
|
2010-07-28 11:25:46 -07:00
|
|
|
client_cert = NULL;
|
|
|
|
}
|
|
|
|
|
2010-07-30 08:57:19 -07:00
|
|
|
if (((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
|
2010-07-29 23:47:59 -07:00
|
|
|
(private_key) && (private_key->key) && (--private_key->count < 1))
|
2010-07-28 11:25:46 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
EVP_PKEY_free(private_key->key);
|
|
|
|
free(private_key);
|
2010-07-28 11:25:46 -07:00
|
|
|
private_key = NULL;
|
|
|
|
}
|
|
|
|
}
|
2010-07-26 23:30:27 -07:00
|
|
|
|
|
|
|
_ecore_con_ssl_client_prepare_openssl(cl);
|
|
|
|
|
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_client_read_openssl(Ecore_Con_Client *cl, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = SSL_read(cl->ssl, buf, size);
|
|
|
|
cl->ssl_err = SSL_get_error(cl->ssl, num);
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (cl->fd_handler)
|
|
|
|
{
|
|
|
|
if (cl->ssl && cl->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_READ)
|
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler,
|
|
|
|
ECORE_FD_READ);
|
|
|
|
else if (cl->ssl && cl->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_WRITE)
|
|
|
|
ecore_main_fd_handler_active_set(
|
|
|
|
cl->fd_handler,
|
|
|
|
ECORE_FD_WRITE);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((cl->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SSL))
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (num < 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_client_write_openssl(Ecore_Con_Client *cl, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
int num;
|
|
|
|
|
|
|
|
num = SSL_write(cl->ssl, buf, size);
|
|
|
|
cl->ssl_err = SSL_get_error(cl->ssl, num);
|
|
|
|
|
|
|
|
if (cl->fd_handler)
|
|
|
|
{
|
|
|
|
if (cl->ssl && cl->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_READ)
|
|
|
|
ecore_main_fd_handler_active_set(cl->fd_handler,
|
|
|
|
ECORE_FD_READ);
|
|
|
|
else if (cl->ssl && cl->ssl_err ==
|
|
|
|
SSL_ERROR_WANT_WRITE)
|
|
|
|
ecore_main_fd_handler_active_set(
|
|
|
|
cl->fd_handler,
|
|
|
|
ECORE_FD_WRITE);
|
|
|
|
}
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if ((cl->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SYSCALL) ||
|
|
|
|
(cl->ssl_err == SSL_ERROR_SSL))
|
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
if (num < 0)
|
|
|
|
return 0;
|
2008-10-30 08:26:11 -07:00
|
|
|
|
2010-07-26 23:30:27 -07:00
|
|
|
return num;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
/*
|
|
|
|
* No Ssl
|
|
|
|
*/
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_init_none(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_shutdown_none(void)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NONE;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_ecore_con_ssl_server_prepare_none(Ecore_Con_Server *svr)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_server_init_none(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 12:58:57 -07:00
|
|
|
static Eina_Bool
|
|
|
|
_ecore_con_ssl_server_cert_add_none(const char *cert_file)
|
|
|
|
{
|
|
|
|
return EINA_TRUE;
|
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_server_shutdown_none(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Tries to connect an Ecore_Con_Server to an SSL host.
|
|
|
|
* Returns 1 on success, -1 on fatal errors and 0 if the caller
|
|
|
|
* should try again later.
|
|
|
|
*/
|
|
|
|
static Ecore_Con_State
|
|
|
|
_ecore_con_ssl_server_try_none(Ecore_Con_Server *svr)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_DISCONNECTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_read_none(Ecore_Con_Server *svr, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_server_write_none(Ecore_Con_Server *svr, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_ecore_con_ssl_client_prepare_none(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_client_init_none(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
2010-07-28 12:58:57 -07:00
|
|
|
static Eina_Bool
|
|
|
|
_ecore_con_ssl_client_cert_add_none(const char *cert_file,
|
2010-07-29 23:47:59 -07:00
|
|
|
const char *crl_file,
|
|
|
|
const char *key_file)
|
2010-07-28 12:58:57 -07:00
|
|
|
{
|
2010-07-29 23:47:59 -07:00
|
|
|
return EINA_TRUE;
|
2010-07-28 12:58:57 -07:00
|
|
|
}
|
|
|
|
|
2008-10-30 08:26:11 -07:00
|
|
|
static Ecore_Con_Ssl_Error
|
|
|
|
_ecore_con_ssl_client_shutdown_none(Ecore_Con_Client *cl)
|
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_client_read_none(Ecore_Con_Client *cl, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2010-07-26 23:30:27 -07:00
|
|
|
_ecore_con_ssl_client_write_none(Ecore_Con_Client *cl, unsigned char *buf,
|
|
|
|
int size)
|
2008-10-30 08:26:11 -07:00
|
|
|
{
|
2010-07-26 23:30:27 -07:00
|
|
|
return -1;
|
2008-10-30 08:26:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|