cyassl.c
00001
00002
00003
00004
00005
00006
00007
00008 #include "klone_conf.h"
00009 #include <u/libu.h>
00010 #include <klone/io.h>
00011 #include <klone/emb.h>
00012 #include <klone/tlsprv.h>
00013
00014 #ifndef SSL_CYASSL
00015 int tls_dummy_decl_stub = 0;
00016 #else
00017 #include <openssl/ssl.h>
00018 #include <openssl/x509.h>
00019 #include <openssl/opensslv.h>
00020
00021 static int tls_fsfile_to_ubuf(const char *filename, u_buf_t **pubuf)
00022 {
00023 u_buf_t *ubuf = NULL;
00024
00025 dbg_err_if(filename == NULL);
00026 dbg_err_if(pubuf == NULL);
00027
00028 dbg_err_if(u_buf_create(&ubuf));
00029
00030 dbg_err_if(u_buf_load(ubuf, filename));
00031
00032 *pubuf = ubuf;
00033
00034 return 0;
00035 err:
00036 if(ubuf)
00037 u_buf_free(ubuf);
00038 return ~0;
00039 }
00040
00041 static int tls_file_to_ubuf(const char *filename, u_buf_t **pubuf)
00042 {
00043 dbg_err_if(filename == NULL);
00044 dbg_err_if(pubuf == NULL);
00045
00046 if(emb_to_ubuf(filename, pubuf) == 0)
00047 return 0;
00048
00049 if(tls_fsfile_to_ubuf(filename, pubuf) == 0)
00050 return 0;
00051
00052 err:
00053 return ~0;
00054 }
00055
00056 int tls_load_verify_locations (SSL_CTX *c, const char *res_name)
00057 {
00058 u_buf_t *ubuf = NULL;
00059
00060 dbg_err_if(c == NULL);
00061 dbg_err_if(res_name == NULL);
00062
00063 dbg_err_if(tls_file_to_ubuf(res_name, &ubuf));
00064
00065 dbg_err_if( CyaSSL_CTX_load_verify_buffer(c, u_buf_ptr(ubuf),
00066 u_buf_len(ubuf), SSL_FILETYPE_PEM) != SSL_SUCCESS);
00067
00068 u_buf_free(ubuf); ubuf = NULL;
00069
00070 return 0;
00071 err:
00072 if(ubuf)
00073 u_buf_free(ubuf);
00074 return ~0;
00075 }
00076
00077 int tls_use_certificate_file (SSL_CTX *ctx, const char *res_name, int type)
00078 {
00079 u_buf_t *ubuf = NULL;
00080 int rc = 0;
00081
00082 dbg_err_if(ctx == NULL);
00083 dbg_err_if(res_name == NULL);
00084
00085 dbg_err_if(tls_file_to_ubuf(res_name, &ubuf));
00086
00087 dbg_err_if((rc = CyaSSL_CTX_use_certificate_buffer(ctx, u_buf_ptr(ubuf),
00088 u_buf_len(ubuf), type)) != SSL_SUCCESS);
00089
00090 u_buf_free(ubuf); ubuf = NULL;
00091
00092 return SSL_SUCCESS;
00093 err:
00094 if(rc)
00095 crit("load cert error %d", rc);
00096 if(ubuf)
00097 u_buf_free(ubuf);
00098 return -1;
00099 }
00100
00101 int tls_use_PrivateKey_file (SSL_CTX *ctx, const char *res_name, int type)
00102 {
00103 u_buf_t *ubuf = NULL;
00104 int rc = 0;
00105
00106 dbg_err_if(ctx == NULL);
00107 dbg_err_if(res_name == NULL);
00108
00109 dbg_err_if(tls_file_to_ubuf(res_name, &ubuf));
00110
00111 dbg_err_if((rc = CyaSSL_CTX_use_PrivateKey_buffer(ctx, u_buf_ptr(ubuf),
00112 u_buf_len(ubuf), type)) != SSL_SUCCESS);
00113
00114 u_buf_free(ubuf); ubuf = NULL;
00115
00116 return SSL_SUCCESS;
00117 err:
00118 if(rc)
00119 crit("load private key error %d", rc);
00120 if(ubuf)
00121 u_buf_free(ubuf);
00122 return -1;
00123 }
00124
00125 int tls_use_crls (SSL_CTX *ctx, tls_ctx_args_t *cargs)
00126 {
00127 u_unused_args(ctx, cargs);
00128 warn("CyaSSL (%d): CRLs not supported", OPENSSL_VERSION_NUMBER);
00129 return 0;
00130 }
00131
00132 int tls_use_certificate_chain (SSL_CTX *ctx, const char *res_name,
00133 int skipfirst, int (*cb)(char *, int, int, void *))
00134 {
00135 u_buf_t *ubuf = NULL;
00136 int rc = 0;
00137
00138 u_unused_args(skipfirst, cb);
00139
00140 dbg_err_if(ctx == NULL);
00141 dbg_err_if(res_name == NULL);
00142
00143 dbg_err_if(tls_file_to_ubuf(res_name, &ubuf));
00144
00145 dbg_err_if((rc = CyaSSL_CTX_use_certificate_chain_buffer(ctx,
00146 u_buf_ptr(ubuf), u_buf_len(ubuf))) != SSL_SUCCESS);
00147
00148 u_buf_free(ubuf); ubuf = NULL;
00149
00150 return SSL_SUCCESS;
00151 err:
00152 if(rc)
00153 crit("load cert chain error %d", rc);
00154 if(ubuf)
00155 u_buf_free(ubuf);
00156 return -1;
00157 }
00158
00159 #endif