Bringing up TLS connections working.

NOTE: Clean up of resources not yet sane.  Expect resource leakages.

NOTE: Most failure cases are not handled properly.  With the wind at
your back and the sun shining, it might work.

2 files changed, 14 insertions, 0 deletions

diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h
index 6e5ee83..2b3d878 100644
--- a/lib/include/radsec/radsec-impl.h
+++ b/lib/include/radsec/radsec-impl.h
@@ -5,6 +5,9 @@
 
 #include <freeradius/libradius.h>
 #include <event2/util.h>
+#if defined(RS_ENABLE_TLS)
+#include <openssl/ssl.h>
+#endif
 
 /* Constants.  */
 #define RS_HEADER_LEN 4
@@ -32,6 +35,7 @@ struct rs_error {
 
 struct rs_peer {
     struct rs_connection *conn;
+    struct rs_realm *realm;
     struct evutil_addrinfo *addr;
     int fd;			/* Socket.  */
     char is_connecting;		/* FIXME: replace with a single state member */
@@ -45,6 +49,10 @@ struct rs_peer {
 struct rs_realm {
     char *name;
     enum rs_conn_type type;
+    char *cacertfile;
+    char *cacertpath;
+    char *certfile;
+    char *certkeyfile;
     struct rs_peer *peers;
     struct rs_realm *next;
 };
@@ -69,6 +77,10 @@ struct rs_connection {
     struct rs_error *err;
     int nextid;
     int user_dispatch_flag : 1;	/* User does the dispatching.  */
+#if defined(RS_ENABLE_TLS)
+    SSL_CTX *tls_ctx;
+    SSL *tls_ssl;
+#endif
 };
 
 struct rs_packet {
diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index 8e97072..d80c296 100644
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -18,6 +18,8 @@ enum rs_err_code {
     RSE_CONNERR = 10,
     RSE_CONFIG = 11,
     RSE_BADAUTH = 12,
+    RSE_INTERNAL = 13,
+    RSE_SSLERR = 14,
     RSE_SOME_ERROR = 21,
 };