/* We'd also add the retry count here when we get to that -- adrian */
} connect;
SSL *ssl;
- int renegotiations;
struct _fde *hnext;
} fde_t;
if (F->ssl)
{
- SSL_set_app_data(F->ssl, NULL);
SSL_free(F->ssl);
}
}
SSL_set_fd(fd->ssl, fd->fd);
- SSL_set_app_data(fd->ssl, fd);
SSL_set_tlsext_host_name(fd->ssl, client_p->name);
ERR_clear_error();
length = SSL_read(fd->ssl, readBuf, READBUF_SIZE);
- if (!IsServer(client_p) && fd->renegotiations > 1)
- {
- exit_client(client_p, &me, "SSL renegotiation not allowed");
- return;
- }
-
/* translate openssl error codes, sigh */
if (length < 0)
switch (SSL_get_error(fd->ssl, length))
AddFlag(new_client, FLAGS_SSL);
SSL_set_fd(new_client->localClient->fd.ssl, fd);
- SSL_set_app_data(new_client->localClient->fd.ssl, &new_client->localClient->fd);
ssl_handshake(0, new_client);
}
else
}
SSL_set_fd(fd->ssl, fd->fd);
- SSL_set_app_data(fd->ssl, fd);
SSL_set_tlsext_host_name(fd->ssl, client_p->name);
ERR_clear_error();
retlen = SSL_write(to->localClient->fd.ssl, first->data + sendq->pos, first->size - sendq->pos);
- if (!IsServer(to) && to->localClient->fd.renegotiations > 1)
- {
- exit_client(to, &me, "SSL renegotiation not allowed");
- return;
- }
-
/* translate openssl error codes, sigh */
if (retlen < 0)
{
return 1;
}
-static void
-ssl_info_callback(const SSL *ssl, int where, int ret)
-{
- if (where & SSL_CB_HANDSHAKE_START)
- {
- fde_t *fd = SSL_get_app_data(ssl);
- if (fd)
- ++fd->renegotiations;
- }
-}
-
static int
ssl_servername_cb(SSL *s, int *ad, struct sslprofile *profile)
{
SSL_CTX_set_verify(identity->server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, always_accept_verify_cb);
SSL_CTX_set_session_cache_mode(identity->server_ctx, SSL_SESS_CACHE_OFF);
- SSL_CTX_set_info_callback(identity->server_ctx, ssl_info_callback);
-
SSL_CTX_set_tlsext_servername_callback(identity->server_ctx, ssl_servername_cb);
SSL_CTX_set_tlsext_servername_arg(identity->server_ctx, profile);