82 |
|
|
83 |
#ifdef SSL_TLS |
#ifdef SSL_TLS |
84 |
if (protocol != SSL_DISABLED) |
if (protocol != SSL_DISABLED) |
85 |
if (!init_ssl_connection(sock, protocol)) |
if (!imf_ssl_init(sock, protocol)) |
86 |
return 0; |
return 0; |
87 |
else |
else |
88 |
return ERROR_SSL; |
return ERROR_SSL; |
99 |
* Initialize Secure Socket Layer connection. |
* Initialize Secure Socket Layer connection. |
100 |
*/ |
*/ |
101 |
int |
int |
102 |
init_ssl_connection(int *sock, unsigned int protocol) |
imf_ssl_init(int *sock, unsigned int protocol) |
103 |
{ |
{ |
104 |
int e; |
int e; |
105 |
SSL_CTX *ctx; |
SSL_CTX *ctx; |
106 |
SSL_METHOD *method; |
SSL_METHOD *method; |
107 |
SSL **ssl; |
SSL **ssl; |
108 |
|
SSL_CIPHER *cipher; |
109 |
|
char *ver; |
110 |
|
const char *name; |
111 |
|
int usebits, algbits; |
112 |
|
|
113 |
method = NULL; |
method = NULL; |
114 |
ssl = (sock == &sockpri ? &sslpri : &sslaux); |
ssl = (sock == &sockpri ? &sslpri : &sslaux); |
115 |
|
|
116 |
SSL_library_init(); |
SSL_library_init(); |
117 |
|
SSL_load_error_strings(); |
118 |
|
|
119 |
switch (protocol) { |
switch (protocol) { |
|
case SSL_SSL_V2: |
|
|
method = SSLv2_client_method(); |
|
|
break; |
|
|
case SSL_SSL_V3: |
|
|
method = SSLv3_client_method(); |
|
|
break; |
|
120 |
case SSL_TLS_V1: |
case SSL_TLS_V1: |
121 |
method = TLSv1_client_method(); |
method = TLSv1_client_method(); |
122 |
break; |
break; |
123 |
|
case SSL_SSL_V2: |
124 |
|
case SSL_SSL_V3: |
125 |
|
method = SSLv23_client_method(); |
126 |
|
break; |
127 |
} |
} |
128 |
|
|
129 |
if (!(ctx = SSL_CTX_new(method))) |
if (!(ctx = SSL_CTX_new(method))) |
130 |
return ERROR_SSL; |
goto fail; |
131 |
|
|
132 |
if (!(*ssl = SSL_new(ctx))) |
if (!(*ssl = SSL_new(ctx))) |
133 |
return ERROR_SSL; |
goto fail; |
134 |
|
|
135 |
SSL_set_fd(*ssl, *sock); |
SSL_set_fd(*ssl, *sock); |
136 |
|
|
137 |
if ((e = SSL_connect(*ssl)) <= 0) { |
if ((e = SSL_connect(*ssl)) <= 0) { |
138 |
SSL_get_error(*ssl, e); |
SSL_get_error(*ssl, e); |
139 |
error("initiating SSL connection; %s", |
error("initiating SSL connection; %s\n", |
140 |
ERR_error_string(ERR_get_error(), NULL)); |
ERR_error_string(ERR_get_error(), NULL)); |
141 |
return ERROR_SSL; |
goto fail; |
142 |
} |
} |
143 |
verbose("SSL/TLS handshake completed (%s).\n", |
cipher = SSL_get_current_cipher(*ssl); |
144 |
SSL_get_cipher(*ssl)); |
ver = SSL_CIPHER_get_version(cipher); |
145 |
|
name = SSL_CIPHER_get_name(cipher); |
146 |
|
usebits = SSL_CIPHER_get_bits(cipher, &algbits); |
147 |
|
verbose("SSL/TLS handshake completed: %s with cipher %s (%d/%d bits).\n", |
148 |
|
ver, name, usebits, algbits); |
149 |
|
|
150 |
if (imf_ssl_cert(*ssl)) |
if (imf_ssl_cert(*ssl)) |
151 |
return ERROR_SSL; |
goto fail; |
152 |
|
|
153 |
SSL_CTX_free(ctx); |
SSL_CTX_free(ctx); |
154 |
|
|
155 |
return 0; |
return 0; |
156 |
|
|
157 |
|
fail: |
158 |
|
*ssl = NULL; |
159 |
|
SSL_CTX_free(ctx); |
160 |
|
|
161 |
|
return ERROR_SSL; |
162 |
} |
} |
163 |
|
|
164 |
#endif /* SSL_TLS */ |
#endif /* SSL_TLS */ |
246 |
return ERROR_NETWORK; |
return ERROR_NETWORK; |
247 |
case SSL_ERROR_SYSCALL: |
case SSL_ERROR_SYSCALL: |
248 |
case SSL_ERROR_SSL: |
case SSL_ERROR_SSL: |
249 |
fatal(ERROR_NETWORK, "reading data; %s", |
fatal(ERROR_NETWORK, "reading data; %s\n", |
250 |
ERR_error_string(ERR_get_error(), NULL)); |
ERR_error_string(ERR_get_error(), NULL)); |
251 |
default: |
default: |
252 |
fatal(ERROR_NETWORK, |
fatal(ERROR_NETWORK, |
331 |
return ERROR_NETWORK; |
return ERROR_NETWORK; |
332 |
case SSL_ERROR_SYSCALL: |
case SSL_ERROR_SYSCALL: |
333 |
case SSL_ERROR_SSL: |
case SSL_ERROR_SSL: |
334 |
fatal(ERROR_NETWORK, "writing data; %s", |
fatal(ERROR_NETWORK, "writing data; %s\n", |
335 |
ERR_error_string(ERR_get_error(), NULL)); |
ERR_error_string(ERR_get_error(), NULL)); |
336 |
default: |
default: |
337 |
fatal(ERROR_NETWORK, |
fatal(ERROR_NETWORK, |