Home | History | Annotate | Line # | Download | only in httpd
ssl-bozo.c revision 1.2 
      1  1.2  tls /*	$NetBSD: ssl-bozo.c,v 1.2 2007/10/17 18:48:01 tls Exp $	*/
      2  1.2  tls 
      3  1.1  tls /*	$eterna: ssl-bozo.c,v 1.6 2006/05/17 08:19:10 mrg Exp $	*/
      4  1.1  tls 
      5  1.1  tls /*
      6  1.1  tls  * Copyright (c) 1997-2006 Matthew R. Green
      7  1.1  tls  * All rights reserved.
      8  1.1  tls  *
      9  1.1  tls  * Redistribution and use in source and binary forms, with or without
     10  1.1  tls  * modification, are permitted provided that the following conditions
     11  1.1  tls  * are met:
     12  1.1  tls  * 1. Redistributions of source code must retain the above copyright
     13  1.1  tls  *    notice, this list of conditions and the following disclaimer.
     14  1.1  tls  * 2. Redistributions in binary form must reproduce the above copyright
     15  1.1  tls  *    notice, this list of conditions and the following disclaimer and
     16  1.1  tls  *    dedication in the documentation and/or other materials provided
     17  1.1  tls  *    with the distribution.
     18  1.1  tls  * 3. The name of the author may not be used to endorse or promote products
     19  1.1  tls  *    derived from this software without specific prior written permission.
     20  1.1  tls  *
     21  1.1  tls  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     22  1.1  tls  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     23  1.1  tls  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     24  1.1  tls  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     25  1.1  tls  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
     26  1.1  tls  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     27  1.1  tls  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
     28  1.1  tls  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
     29  1.1  tls  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     30  1.1  tls  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     31  1.1  tls  * SUCH DAMAGE.
     32  1.1  tls  *
     33  1.1  tls  */
     34  1.1  tls 
     35  1.1  tls /* this code implements SSL for bozohttpd */
     36  1.1  tls 
     37  1.1  tls #ifndef NO_SSL_SUPPORT
     38  1.1  tls 
     39  1.1  tls #include <unistd.h>
     40  1.1  tls 
     41  1.1  tls #include <openssl/ssl.h>
     42  1.1  tls #include <openssl/err.h>
     43  1.1  tls 
     44  1.1  tls #include "bozohttpd.h"
     45  1.1  tls 
     46  1.1  tls static	SSL_CTX		*ssl_context;
     47  1.1  tls static	SSL_METHOD	*ssl_method;
     48  1.1  tls static	SSL		*bozossl;
     49  1.1  tls static	char		*certificate_file;
     50  1.1  tls static	char		*privatekey_file;
     51  1.1  tls 
     52  1.1  tls static	int	ssl_printf(const char *, ...);
     53  1.1  tls static	ssize_t	ssl_read(int, void *, size_t);
     54  1.1  tls static	ssize_t	ssl_write(int, const void *, size_t);
     55  1.1  tls static	int	ssl_flush(FILE *);
     56  1.1  tls 
     57  1.1  tls void
     58  1.1  tls ssl_init(void)
     59  1.1  tls {
     60  1.1  tls 	if (!certificate_file)
     61  1.1  tls 		return;
     62  1.1  tls 	SSL_library_init();
     63  1.1  tls 	SSL_load_error_strings();
     64  1.1  tls 
     65  1.1  tls 	ssl_method = SSLv23_server_method();
     66  1.1  tls 	ssl_context = SSL_CTX_new(ssl_method);
     67  1.1  tls 
     68  1.1  tls 	/* XXX we need to learn how to check the SSL stack for more info */
     69  1.1  tls 	if (ssl_context == NULL)
     70  1.1  tls 		error(1, "SSL context initialization failed.");
     71  1.1  tls 
     72  1.1  tls 	SSL_CTX_use_certificate_file(ssl_context, certificate_file,
     73  1.1  tls 	    SSL_FILETYPE_PEM);
     74  1.1  tls 	SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file,
     75  1.1  tls 	    SSL_FILETYPE_PEM);
     76  1.1  tls 
     77  1.1  tls 	/* check consistency of key vs certificate */
     78  1.1  tls 	if (!SSL_CTX_check_private_key(ssl_context))
     79  1.1  tls 		error(1, "check private key failed");
     80  1.1  tls }
     81  1.1  tls 
     82  1.1  tls void
     83  1.1  tls ssl_accept()
     84  1.1  tls {
     85  1.1  tls 	if (ssl_context) {
     86  1.1  tls 		bozossl = SSL_new(ssl_context); /* XXX global sucks */
     87  1.1  tls 		SSL_set_rfd(bozossl, 0);
     88  1.1  tls 		SSL_set_wfd(bozossl, 1);
     89  1.1  tls 		SSL_accept(bozossl);
     90  1.1  tls 	}
     91  1.1  tls }
     92  1.1  tls 
     93  1.1  tls void
     94  1.1  tls ssl_destroy()
     95  1.1  tls {
     96  1.1  tls 	if (bozossl)
     97  1.1  tls 		SSL_free(bozossl);
     98  1.1  tls }
     99  1.1  tls 
    100  1.1  tls void
    101  1.1  tls ssl_set_opts(char *cert, char *priv)
    102  1.1  tls {
    103  1.1  tls 	certificate_file = cert;
    104  1.1  tls 	privatekey_file = priv;
    105  1.1  tls 	debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file,
    106  1.1  tls 	    privatekey_file));
    107  1.1  tls 	if (Iflag_set == 0)
    108  1.1  tls 		Iflag = "https";
    109  1.1  tls 	bozoprintf = ssl_printf;
    110  1.1  tls 	bozoread = ssl_read;
    111  1.1  tls 	bozowrite = ssl_write;
    112  1.1  tls 	bozoflush = ssl_flush;
    113  1.1  tls }
    114  1.1  tls 
    115  1.1  tls static int
    116  1.1  tls ssl_printf(const char * fmt, ...)
    117  1.1  tls {
    118  1.1  tls 	int nbytes;
    119  1.1  tls 	char *buf;
    120  1.1  tls 	va_list ap;
    121  1.1  tls 
    122  1.1  tls 	/* XXX we need more elegant/proper handling of SSL_write return */
    123  1.1  tls 	va_start(ap, fmt);
    124  1.1  tls 	if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)
    125  1.1  tls 		SSL_write(bozossl, buf, nbytes);
    126  1.1  tls 	va_end(ap);
    127  1.1  tls 
    128  1.1  tls 	return nbytes;
    129  1.1  tls }
    130  1.1  tls 
    131  1.1  tls static ssize_t
    132  1.1  tls ssl_read(int fd, void *buf, size_t nbytes)
    133  1.1  tls {
    134  1.1  tls 	ssize_t rbytes;
    135  1.1  tls 
    136  1.1  tls 	/* XXX we need elegant/proper handling of SSL_read return */
    137  1.1  tls 	rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes);
    138  1.1  tls 	if (1 > rbytes) {
    139  1.1  tls 		if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ)
    140  1.1  tls 			warning("SSL_ERROR_WANT_READ");
    141  1.1  tls 		else
    142  1.1  tls 			warning("SSL_ERROR OTHER");
    143  1.1  tls 	}
    144  1.1  tls 
    145  1.1  tls 	return rbytes;
    146  1.1  tls }
    147  1.1  tls 
    148  1.1  tls static ssize_t
    149  1.1  tls ssl_write(int fd, const void *buf, size_t nbytes)
    150  1.1  tls {
    151  1.1  tls 	ssize_t wbytes;
    152  1.1  tls 
    153  1.1  tls 	/* XXX we need elegant/proper handling of SSL_write return */
    154  1.1  tls 	wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes);
    155  1.1  tls 
    156  1.1  tls 	return wbytes;
    157  1.1  tls }
    158  1.1  tls 
    159  1.1  tls static int
    160  1.1  tls ssl_flush(FILE *fp)
    161  1.1  tls {
    162  1.1  tls 	/* nothing to see here, move right along */
    163  1.1  tls 	return 0;
    164  1.1  tls }
    165  1.1  tls #endif /* NO_SSL_SUPPORT */
    166