ssl-bozo.c revision 1.1.1.2
1 1.1.1.2 mrg /* $eterna: ssl-bozo.c,v 1.7 2008/03/03 03:36:12 mrg Exp $ */ 2 1.1 tls 3 1.1 tls /* 4 1.1.1.2 mrg * Copyright (c) 1997-2008 Matthew R. Green 5 1.1 tls * All rights reserved. 6 1.1 tls * 7 1.1 tls * Redistribution and use in source and binary forms, with or without 8 1.1 tls * modification, are permitted provided that the following conditions 9 1.1 tls * are met: 10 1.1 tls * 1. Redistributions of source code must retain the above copyright 11 1.1 tls * notice, this list of conditions and the following disclaimer. 12 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer and 14 1.1 tls * dedication in the documentation and/or other materials provided 15 1.1 tls * with the distribution. 16 1.1 tls * 3. The name of the author may not be used to endorse or promote products 17 1.1 tls * derived from this software without specific prior written permission. 18 1.1 tls * 19 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 tls * SUCH DAMAGE. 30 1.1 tls * 31 1.1 tls */ 32 1.1 tls 33 1.1 tls /* this code implements SSL for bozohttpd */ 34 1.1 tls 35 1.1 tls #ifndef NO_SSL_SUPPORT 36 1.1 tls 37 1.1 tls #include <unistd.h> 38 1.1 tls 39 1.1 tls #include <openssl/ssl.h> 40 1.1 tls #include <openssl/err.h> 41 1.1 tls 42 1.1 tls #include "bozohttpd.h" 43 1.1 tls 44 1.1 tls static SSL_CTX *ssl_context; 45 1.1 tls static SSL_METHOD *ssl_method; 46 1.1 tls static SSL *bozossl; 47 1.1 tls static char *certificate_file; 48 1.1 tls static char *privatekey_file; 49 1.1 tls 50 1.1 tls static int ssl_printf(const char *, ...); 51 1.1 tls static ssize_t ssl_read(int, void *, size_t); 52 1.1 tls static ssize_t ssl_write(int, const void *, size_t); 53 1.1 tls static int ssl_flush(FILE *); 54 1.1 tls 55 1.1 tls void 56 1.1 tls ssl_init(void) 57 1.1 tls { 58 1.1 tls if (!certificate_file) 59 1.1 tls return; 60 1.1 tls SSL_library_init(); 61 1.1 tls SSL_load_error_strings(); 62 1.1 tls 63 1.1 tls ssl_method = SSLv23_server_method(); 64 1.1 tls ssl_context = SSL_CTX_new(ssl_method); 65 1.1 tls 66 1.1 tls /* XXX we need to learn how to check the SSL stack for more info */ 67 1.1 tls if (ssl_context == NULL) 68 1.1 tls error(1, "SSL context initialization failed."); 69 1.1 tls 70 1.1 tls SSL_CTX_use_certificate_file(ssl_context, certificate_file, 71 1.1 tls SSL_FILETYPE_PEM); 72 1.1 tls SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file, 73 1.1 tls SSL_FILETYPE_PEM); 74 1.1 tls 75 1.1 tls /* check consistency of key vs certificate */ 76 1.1 tls if (!SSL_CTX_check_private_key(ssl_context)) 77 1.1 tls error(1, "check private key failed"); 78 1.1 tls } 79 1.1 tls 80 1.1 tls void 81 1.1 tls ssl_accept() 82 1.1 tls { 83 1.1 tls if (ssl_context) { 84 1.1 tls bozossl = SSL_new(ssl_context); /* XXX global sucks */ 85 1.1 tls SSL_set_rfd(bozossl, 0); 86 1.1 tls SSL_set_wfd(bozossl, 1); 87 1.1 tls SSL_accept(bozossl); 88 1.1 tls } 89 1.1 tls } 90 1.1 tls 91 1.1 tls void 92 1.1 tls ssl_destroy() 93 1.1 tls { 94 1.1 tls if (bozossl) 95 1.1 tls SSL_free(bozossl); 96 1.1 tls } 97 1.1 tls 98 1.1 tls void 99 1.1 tls ssl_set_opts(char *cert, char *priv) 100 1.1 tls { 101 1.1 tls certificate_file = cert; 102 1.1 tls privatekey_file = priv; 103 1.1 tls debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file, 104 1.1 tls privatekey_file)); 105 1.1 tls if (Iflag_set == 0) 106 1.1 tls Iflag = "https"; 107 1.1 tls bozoprintf = ssl_printf; 108 1.1 tls bozoread = ssl_read; 109 1.1 tls bozowrite = ssl_write; 110 1.1 tls bozoflush = ssl_flush; 111 1.1 tls } 112 1.1 tls 113 1.1 tls static int 114 1.1 tls ssl_printf(const char * fmt, ...) 115 1.1 tls { 116 1.1 tls int nbytes; 117 1.1 tls char *buf; 118 1.1 tls va_list ap; 119 1.1 tls 120 1.1 tls /* XXX we need more elegant/proper handling of SSL_write return */ 121 1.1 tls va_start(ap, fmt); 122 1.1 tls if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) 123 1.1 tls SSL_write(bozossl, buf, nbytes); 124 1.1 tls va_end(ap); 125 1.1 tls 126 1.1 tls return nbytes; 127 1.1 tls } 128 1.1 tls 129 1.1 tls static ssize_t 130 1.1 tls ssl_read(int fd, void *buf, size_t nbytes) 131 1.1 tls { 132 1.1 tls ssize_t rbytes; 133 1.1 tls 134 1.1 tls /* XXX we need elegant/proper handling of SSL_read return */ 135 1.1 tls rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes); 136 1.1 tls if (1 > rbytes) { 137 1.1 tls if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ) 138 1.1 tls warning("SSL_ERROR_WANT_READ"); 139 1.1 tls else 140 1.1 tls warning("SSL_ERROR OTHER"); 141 1.1 tls } 142 1.1 tls 143 1.1 tls return rbytes; 144 1.1 tls } 145 1.1 tls 146 1.1 tls static ssize_t 147 1.1 tls ssl_write(int fd, const void *buf, size_t nbytes) 148 1.1 tls { 149 1.1 tls ssize_t wbytes; 150 1.1 tls 151 1.1 tls /* XXX we need elegant/proper handling of SSL_write return */ 152 1.1 tls wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes); 153 1.1 tls 154 1.1 tls return wbytes; 155 1.1 tls } 156 1.1 tls 157 1.1 tls static int 158 1.1 tls ssl_flush(FILE *fp) 159 1.1 tls { 160 1.1 tls /* nothing to see here, move right along */ 161 1.1 tls return 0; 162 1.1 tls } 163 1.1 tls #endif /* NO_SSL_SUPPORT */ 164
Indexes created Fri Oct 03 02:09:57 GMT 2025