Home | History | Annotate | Line # | Download | only in httpd
ssl-bozo.c revision 1.1.1.3 
      1 /*	$eterna: ssl-bozo.c,v 1.9 2008/11/06 05:08:11 mrg Exp $	*/
      2 
      3 /*
      4  * Copyright (c) 1997-2008 Matthew R. Green
      5  * All rights reserved.
      6  *
      7  * Redistribution and use in source and binary forms, with or without
      8  * modification, are permitted provided that the following conditions
      9  * are met:
     10  * 1. Redistributions of source code must retain the above copyright
     11  *    notice, this list of conditions and the following disclaimer.
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer and
     14  *    dedication in the documentation and/or other materials provided
     15  *    with the distribution.
     16  *
     17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
     22  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
     24  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
     25  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     27  * SUCH DAMAGE.
     28  *
     29  */
     30 
     31 /* this code implements SSL for bozohttpd */
     32 
     33 #ifndef NO_SSL_SUPPORT
     34 
     35 #include <unistd.h>
     36 
     37 #include <openssl/ssl.h>
     38 #include <openssl/err.h>
     39 
     40 #include "bozohttpd.h"
     41 
     42 static	SSL_CTX		*ssl_context;
     43 static	const SSL_METHOD	*ssl_method;
     44 static	SSL		*bozossl;
     45 static	char		*certificate_file;
     46 static	char		*privatekey_file;
     47 
     48 static	int	ssl_printf(const char *, ...);
     49 static	ssize_t	ssl_read(int, void *, size_t);
     50 static	ssize_t	ssl_write(int, const void *, size_t);
     51 static	int	ssl_flush(FILE *);
     52 
     53 void
     54 ssl_init(void)
     55 {
     56 	if (!certificate_file)
     57 		return;
     58 	SSL_library_init();
     59 	SSL_load_error_strings();
     60 
     61 	ssl_method = SSLv23_server_method();
     62 	ssl_context = SSL_CTX_new(ssl_method);
     63 
     64 	/* XXX we need to learn how to check the SSL stack for more info */
     65 	if (ssl_context == NULL)
     66 		error(1, "SSL context initialization failed.");
     67 
     68 	SSL_CTX_use_certificate_file(ssl_context, certificate_file,
     69 	    SSL_FILETYPE_PEM);
     70 	SSL_CTX_use_PrivateKey_file(ssl_context, privatekey_file,
     71 	    SSL_FILETYPE_PEM);
     72 
     73 	/* check consistency of key vs certificate */
     74 	if (!SSL_CTX_check_private_key(ssl_context))
     75 		error(1, "check private key failed");
     76 }
     77 
     78 void
     79 ssl_accept()
     80 {
     81 	if (ssl_context) {
     82 		bozossl = SSL_new(ssl_context); /* XXX global sucks */
     83 		SSL_set_rfd(bozossl, 0);
     84 		SSL_set_wfd(bozossl, 1);
     85 		SSL_accept(bozossl);
     86 	}
     87 }
     88 
     89 void
     90 ssl_destroy()
     91 {
     92 	if (bozossl)
     93 		SSL_free(bozossl);
     94 }
     95 
     96 void
     97 ssl_set_opts(char *cert, char *priv)
     98 {
     99 	certificate_file = cert;
    100 	privatekey_file = priv;
    101 	debug((DEBUG_NORMAL, "using cert/priv files: %s & %s", certificate_file,
    102 	    privatekey_file));
    103 	if (Iflag_set == 0)
    104 		Iflag = "https";
    105 	bozoprintf = ssl_printf;
    106 	bozoread = ssl_read;
    107 	bozowrite = ssl_write;
    108 	bozoflush = ssl_flush;
    109 }
    110 
    111 static int
    112 ssl_printf(const char * fmt, ...)
    113 {
    114 	int nbytes;
    115 	char *buf;
    116 	va_list ap;
    117 
    118 	/* XXX we need more elegant/proper handling of SSL_write return */
    119 	va_start(ap, fmt);
    120 	if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)
    121 		SSL_write(bozossl, buf, nbytes);
    122 	va_end(ap);
    123 
    124 	return nbytes;
    125 }
    126 
    127 static ssize_t
    128 ssl_read(int fd, void *buf, size_t nbytes)
    129 {
    130 	ssize_t rbytes;
    131 
    132 	/* XXX we need elegant/proper handling of SSL_read return */
    133 	rbytes = (ssize_t)SSL_read(bozossl, buf, nbytes);
    134 	if (1 > rbytes) {
    135 		if (SSL_get_error(bozossl, rbytes) == SSL_ERROR_WANT_READ)
    136 			warning("SSL_ERROR_WANT_READ");
    137 		else
    138 			warning("SSL_ERROR OTHER");
    139 	}
    140 
    141 	return rbytes;
    142 }
    143 
    144 static ssize_t
    145 ssl_write(int fd, const void *buf, size_t nbytes)
    146 {
    147 	ssize_t wbytes;
    148 
    149 	/* XXX we need elegant/proper handling of SSL_write return */
    150 	wbytes = (ssize_t)SSL_write(bozossl, buf, nbytes);
    151 
    152 	return wbytes;
    153 }
    154 
    155 static int
    156 ssl_flush(FILE *fp)
    157 {
    158 	/* nothing to see here, move right along */
    159 	return 0;
    160 }
    161 #endif /* NO_SSL_SUPPORT */
    162