static SSL_CTX *ssl_server_ctx;
static SSL_CTX *ssl_client_ctx;
+static int libratbox_index = -1;
static unsigned long get_last_err(void)
{
SSL_free((SSL *) F->ssl);
}
+unsigned int
+rb_ssl_handshake_count(rb_fde_t *F)
+{
+ return F->handshake_count;
+}
+
+void
+rb_ssl_clear_handshake_count(rb_fde_t *F)
+{
+ F->handshake_count = 0;
+}
+
static void
rb_ssl_timeout(rb_fde_t * F, void *notused)
{
}
+static void rb_ssl_info_callback(SSL *ssl, int where, int ret)
+{
+ if(where & SSL_CB_HANDSHAKE_START)
+ {
+ rb_fde_t *F = SSL_get_ex_data(ssl, libratbox_index);
+ if(F == NULL)
+ return;
+ F->handshake_count++;
+ }
+}
+
+static void
+rb_setup_ssl_cb(rb_fde_t *F)
+{
+ SSL_set_ex_data(F->ssl, libratbox_index, (char *)F);
+ SSL_set_info_callback((SSL *)F->ssl, (void *)rb_ssl_info_callback);
+}
+
static void
rb_ssl_tryaccept(rb_fde_t * F, void *data)
{
}
-void
-rb_ssl_start_accepted(rb_fde_t * new_F, ACCB * cb, void *data, int timeout)
+
+static void
+rb_ssl_accept_common(rb_fde_t *new_F)
{
int ssl_err;
-
- new_F->type |= RB_FD_SSL;
- new_F->ssl = SSL_new(ssl_server_ctx);
- new_F->accept = rb_malloc(sizeof(struct acceptdata));
-
- new_F->accept->callback = cb;
- new_F->accept->data = data;
- rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL);
-
- new_F->accept->addrlen = 0;
- SSL_set_fd((SSL *) new_F->ssl, rb_get_fd(new_F));
if((ssl_err = SSL_accept((SSL *) new_F->ssl)) <= 0)
{
switch (ssl_err = SSL_get_error((SSL *) new_F->ssl, ssl_err))
}
}
+void
+rb_ssl_start_accepted(rb_fde_t * new_F, ACCB * cb, void *data, int timeout)
+{
+ new_F->type |= RB_FD_SSL;
+ new_F->ssl = SSL_new(ssl_server_ctx);
+ new_F->accept = rb_malloc(sizeof(struct acceptdata));
+
+ new_F->accept->callback = cb;
+ new_F->accept->data = data;
+ rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL);
+
+ new_F->accept->addrlen = 0;
+ SSL_set_fd((SSL *) new_F->ssl, rb_get_fd(new_F));
+ rb_setup_ssl_cb(new_F);
+ rb_ssl_accept_common(new_F);
+}
+
rb_ssl_accept_setup(rb_fde_t * F, int new_fd, struct sockaddr *st, int addrlen)
{
rb_fde_t *new_F;
- int ssl_err;
new_F = rb_find_fd(new_fd);
+ if(new_F == NULL)
+ return;
new_F->type |= RB_FD_SSL;
new_F->ssl = SSL_new(ssl_server_ctx);
new_F->accept = rb_malloc(sizeof(struct acceptdata));
new_F->accept->addrlen = addrlen;
SSL_set_fd((SSL *) new_F->ssl, new_fd);
- if((ssl_err = SSL_accept((SSL *) new_F->ssl)) <= 0)
- {
- switch (ssl_err = SSL_get_error((SSL *) new_F->ssl, ssl_err))
- {
- case SSL_ERROR_SYSCALL:
- if(rb_ignore_errno(errno))
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- {
- F->ssl_errno = get_last_err();
- rb_setselect(new_F, RB_SELECT_READ | RB_SELECT_WRITE,
- rb_ssl_tryaccept, NULL);
- return;
- }
- default:
- F->ssl_errno = get_last_err();
- F->accept->callback(F, RB_ERROR_SSL, NULL, 0, F->accept->data);
- return;
- }
- }
- else
- {
- rb_ssl_tryaccept(new_F, NULL);
- }
+ rb_setup_ssl_cb(new_F);
+ rb_ssl_accept_common(new_F);
}
static ssize_t
rb_init_ssl(void)
{
int ret = 1;
+ char libratbox_data[] = "libratbox data";
SSL_load_error_strings();
SSL_library_init();
+ libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);
ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
if(ssl_server_ctx == NULL)
{
F->type |= RB_FD_SSL;
F->ssl = SSL_new(ssl_client_ctx);
SSL_set_fd((SSL *) F->ssl, F->fd);
-
+ rb_setup_ssl_cb(F);
rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
if((ssl_err = SSL_connect((SSL *) F->ssl)) <= 0)
{
F->ssl = SSL_new(ssl_client_ctx);
SSL_set_fd((SSL *) F->ssl, F->fd);
+ rb_setup_ssl_cb(F);
rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
if((ssl_err = SSL_connect((SSL *) F->ssl)) <= 0)
{