ssl-bozo.c revision 1.1.1.3
1 1.1.1.3 mrg /* $eterna: ssl-bozo.c,v 1.9 2008/11/06 05:08:11 mrg Exp $ */ 2 1.1 tls 3 1.1 tls /* 4 1.1.1.2 mrg * Copyright (c) 1997-2008 Matthew R. Green 5 1.1 tls * All rights reserved. 6 1.1 tls * 7 1.1 tls * Redistribution and use in source and binary forms, with or without 8 1.1 tls * modification, are permitted provided that the following conditions 9 1.1 tls * are met: 10 1.1 tls * 1. Redistributions of source code must retain the above copyright 11 1.1 tls * notice, this list of conditions and the following disclaimer. 12 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer and 14 1.1 tls * dedication in the documentation and/or other materials provided 15 1.1 tls * with the distribution. 16 1.1 tls * 17 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 22 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 24 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 1.1 tls * SUCH DAMAGE. 28 1.1 tls * 29 1.1 tls */ 30 1.1 tls 31 1.1 tls /* this code implements SSL for bozohttpd */ 32 1.1 tls 33 1.1 tls #ifndef NO_SSL_SUPPORT 34 1.1 tls 35 1.1 tls #include <unistd.h> 36 1.1 tls 37 1.1 tls #include <openssl/ssl.h> 38 1.1 tls #include <openssl/err.h> 39 1.1 tls 40 1.1 tls #include "bozohttpd.h" 41 1.1 tls 42 1.1 tls static SSL_CTX *ssl_context; 43 1.1.1.3 mrg static const SSL_METHOD *ssl_method; 44 1.1 tls static SSL *bozossl; 45 1.1 tls static char *certificate_file; 46 1.1 tls static char *privatekey_file; 47 1.1 tls 48 1.1 tls static int ssl_printf(const char *, ...); 49 1.1 tls static ssize_t ssl_read(int, void *, size_t); 50 1.1 tls static ssize_t ssl_write(int, const void *, size_t); 51 1.1 tls static int ssl_flush(FILE *); 52 1.1 tls 53 1.1 tls void 54 1.1 tls ssl_init(void) 55 1.1 tls { 56 1.1 tls if (!certificate_file) 57 1.1 tls return; 58 1.1 tls SSL_library_init(); 59 1.1 tls SSL_load_error_strings(); 60 1.1 tls 61 1.1 tls ssl_method = SSLv23_server_method(); 62 1.1 tls ssl_context = SSL_CTX_new(ssl_method); 63 1.1 tls 64 1.1 tls /* XXX we need to learn how to check the SSL stack for more info */ 65 1.1 tls if (ssl_context == NULL) 66 1.1 tls error(1, "SSL context initialization failed."); 67 1.1 tls 68 1.1 tls SSL_CTX_use_certificate_file(ssl_context, certificate_file, 69 1.1 tls SSL_FILETYPE_PEM); 70 1.1 tls SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file, 71 1.1 tls SSL_FILETYPE_PEM); 72 1.1 tls 73 1.1 tls /* check consistency of key vs certificate */ 74 1.1 tls if (!SSL_CTX_check_private_key(ssl_context)) 75 1.1 tls error(1, "check private key failed"); 76 1.1 tls } 77 1.1 tls 78 1.1 tls void 79 1.1 tls ssl_accept() 80 1.1 tls { 81 1.1 tls if (ssl_context) { 82 1.1 tls bozossl = SSL_new(ssl_context); /* XXX global sucks */ 83 1.1 tls SSL_set_rfd(bozossl, 0); 84 1.1 tls SSL_set_wfd(bozossl, 1); 85 1.1 tls SSL_accept(bozossl); 86 1.1 tls } 87 1.1 tls } 88 1.1 tls 89 1.1 tls void 90 1.1 tls ssl_destroy() 91 1.1 tls { 92 1.1 tls if (bozossl) 93 1.1 tls SSL_free(bozossl); 94 1.1 tls } 95 1.1 tls 96 1.1 tls void 97 1.1 tls ssl_set_opts(char *cert, char *priv) 98 1.1 tls { 99 1.1 tls certificate_file = cert; 100 1.1 tls privatekey_file = priv; 101 1.1 tls debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file, 102 1.1 tls privatekey_file)); 103 1.1 tls if (Iflag_set == 0) 104 1.1 tls Iflag = "https"; 105 1.1 tls bozoprintf = ssl_printf; 106 1.1 tls bozoread = ssl_read; 107 1.1 tls bozowrite = ssl_write; 108 1.1 tls bozoflush = ssl_flush; 109 1.1 tls } 110 1.1 tls 111 1.1 tls static int 112 1.1 tls ssl_printf(const char * fmt, ...) 113 1.1 tls { 114 1.1 tls int nbytes; 115 1.1 tls char *buf; 116 1.1 tls va_list ap; 117 1.1 tls 118 1.1 tls /* XXX we need more elegant/proper handling of SSL_write return */ 119 1.1 tls va_start(ap, fmt); 120 1.1 tls if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) 121 1.1 tls SSL_write(bozossl, buf, nbytes); 122 1.1 tls va_end(ap); 123 1.1 tls 124 1.1 tls return nbytes; 125 1.1 tls } 126 1.1 tls 127 1.1 tls static ssize_t 128 1.1 tls ssl_read(int fd, void *buf, size_t nbytes) 129 1.1 tls { 130 1.1 tls ssize_t rbytes; 131 1.1 tls 132 1.1 tls /* XXX we need elegant/proper handling of SSL_read return */ 133 1.1 tls rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes); 134 1.1 tls if (1 > rbytes) { 135 1.1 tls if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ) 136 1.1 tls warning("SSL_ERROR_WANT_READ"); 137 1.1 tls else 138 1.1 tls warning("SSL_ERROR OTHER"); 139 1.1 tls } 140 1.1 tls 141 1.1 tls return rbytes; 142 1.1 tls } 143 1.1 tls 144 1.1 tls static ssize_t 145 1.1 tls ssl_write(int fd, const void *buf, size_t nbytes) 146 1.1 tls { 147 1.1 tls ssize_t wbytes; 148 1.1 tls 149 1.1 tls /* XXX we need elegant/proper handling of SSL_write return */ 150 1.1 tls wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes); 151 1.1 tls 152 1.1 tls return wbytes; 153 1.1 tls } 154 1.1 tls 155 1.1 tls static int 156 1.1 tls ssl_flush(FILE *fp) 157 1.1 tls { 158 1.1 tls /* nothing to see here, move right along */ 159 1.1 tls return 0; 160 1.1 tls } 161 1.1 tls #endif /* NO_SSL_SUPPORT */ 162
Indexes created Thu Oct 02 14:10:14 GMT 2025