X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/07cc384cf2e6e3589f2892026a9b8f9835c8eb2c..3b2676435dc4af39acd77e7fe232902e6651e42d:/openssl/openssl_sml.c diff --git a/openssl/openssl_sml.c b/openssl/openssl_sml.c index b2fbb89..201d816 100644 --- a/openssl/openssl_sml.c +++ b/openssl/openssl_sml.c @@ -2,12 +2,18 @@ #include "openssl/ssl.h" #include "openssl/err.h" -void OpenSSL_SML_add_all_algorithms() { - OpenSSL_add_all_algorithms(); +#include +#include +#include +#include + +void OpenSSL_SML_init() { + SSL_library_init(); } void OpenSSL_SML_load_error_strings() { SSL_load_error_strings(); + ERR_load_X509_strings(); } void OpenSSL_SML_load_BIO_strings() { @@ -57,3 +63,151 @@ int OpenSSL_SML_do_connect(BIO *b) { int OpenSSL_SML_do_accept(BIO *b) { return BIO_do_accept(b); } + +SSL_CTX *OpenSSL_SML_CTX_new(SSL_METHOD *meth) { + SSL_CTX *ctx = SSL_CTX_new(meth); + SSL_CTX_set_verify(ctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + 0); + return ctx; +} + +void OpenSSL_SML_CTX_free(SSL_CTX *ctx) { + return SSL_CTX_free(ctx); +} + +SSL_METHOD *OpenSSL_SML_SSLv23_method() { + return SSLv23_method(); +} + +int OpenSSL_SML_load_verify_locations(SSL_CTX *ctx, const char *trust, const char *certs) { + return SSL_CTX_load_verify_locations(ctx, trust, certs); +} + +BIO *OpenSSL_SML_new_ssl_connect(SSL_CTX *ctx) { + BIO *bio = BIO_new_ssl_connect(ctx); + SSL *ssl; + + BIO_get_ssl(bio, &ssl); + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + return bio; +} + + +SSL *OpenSSL_SML_get_ssl(BIO *bio) { + SSL *ssl; + + if (BIO_get_ssl(bio, &ssl) <= 0) + return NULL; + else + return ssl; +} + +int OpenSSL_SML_set_conn_hostname(BIO *bio, char *hostname) { + BIO_set_conn_hostname(bio, hostname); +} + +int OpenSSL_SML_set_accept_port(BIO *bio, char *port) { + BIO_set_accept_port(bio, port); +} + +int OpenSSL_SML_tcp_listen(int port, int qsize) { + int sock; + struct sockaddr_in sin; + int val=1; + + if((sock=socket(AF_INET,SOCK_STREAM,0))<0) + return -1; + + memset(&sin,0,sizeof(sin)); + sin.sin_addr.s_addr=INADDR_ANY; + sin.sin_family=AF_INET; + sin.sin_port=htons(port); + setsockopt(sock,SOL_SOCKET,SO_REUSEADDR, + &val,sizeof(val)); + + if(bind(sock,(struct sockaddr *)&sin, + sizeof(sin))<0) + return -1; + listen(sock, qsize); + + return sock; +} + +int OpenSSL_SML_accept(int sock) { + return accept(sock, 0, 0); +} + +BIO *OpenSSL_SML_new_socket(int sock) { + return BIO_new_socket(sock, BIO_NOCLOSE); +} + +SSL *OpenSSL_SML_SSL_new(SSL_CTX *ctx) { + SSL *ssl = SSL_new(ctx); + + return ssl; +} + +int OpenSSL_SML_SSL_shutdown(SSL *ssl) { + return SSL_shutdown(ssl); +} + +void OpenSSL_SML_shutdown(int sock) { + shutdown(sock, 1); +} + +void OpenSSL_SML_SSL_set_bio(SSL *ssl, BIO *b1, BIO *b2) { + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + SSL_set_bio(ssl, b1, b2); +} + +int OpenSSL_SML_use_PrivateKey_file(SSL_CTX *ctx, char *keyfile) { + return SSL_CTX_use_PrivateKey_file(ctx, + keyfile, + SSL_FILETYPE_PEM); +} + +int OpenSSL_SML_SSL_accept(SSL *ssl) { + return SSL_accept(ssl); +} + +int OpenSSL_SML_use_certificate_chain_file(SSL_CTX *ctx, char *keyfile) { + return SSL_CTX_use_certificate_chain_file(ctx, + keyfile); +} + +static unsigned char subject[] = "Subject"; + +const char *OpenSSL_SML_get_peer_name(SSL *ssl) { + X509 *x = SSL_get_peer_certificate(ssl); + unsigned char *name = subject; + X509_NAME *nm; + + if (x) { + X509_NAME *name = X509_get_subject_name(x); + + if (name) { + unsigned char *out; + X509_NAME_ENTRY *ne; + + ne = X509_NAME_get_entry(name, 3); + + if (ne) { + ASN1_STRING *s = X509_NAME_ENTRY_get_data(ne); + static char ret[1024]; + + if (M_ASN1_STRING_length(s) >= sizeof ret) + return NULL; + else { + memcpy(ret, M_ASN1_STRING_data(s), M_ASN1_STRING_length(s)); + ret[M_ASN1_STRING_length(s)] = 0; + return ret; + } + } else + return NULL; + } else + return NULL; + } else + return NULL; +}