1 files changed, 73 insertions, 0 deletions

diff --git a/lib/tls.c b/lib/tls.c
new file mode 100644
index 0000000..15929d2
--- /dev/null
+++ b/lib/tls.c
@@ -0,0 +1,73 @@
+/* See the file COPYING for licensing information.  */
+
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <assert.h>
+#include <openssl/ssl.h>
+#include <radsec/radsec.h>
+#include <radsec/radsec-impl.h>
+
+#include <regex.h>
+#include "rsp_list.h"
+#include "../radsecproxy.h"
+
+static struct tls *
+_get_tlsconf (const struct rs_context *ctx, const struct rs_realm *realm)
+{
+  struct tls *c = rs_malloc (ctx, sizeof (struct tls));
+
+  if (c)
+    {
+      memset (c, 0, sizeof (struct tls));
+      /* TODO: Make sure old radsecproxy code doesn't free these all
+	 of a sudden, or strdup them.  */
+      c->name = realm->name;
+      c->cacertfile = realm->cacertfile;
+      c->cacertpath = NULL;	/* NYI */
+      c->certfile = realm->certfile;
+      c->certkeyfile = realm->certkeyfile;
+      c->certkeypwd = NULL;	/* NYI */
+      c->cacheexpiry = 0;	/* NYI */
+      c->crlcheck = 0;		/* NYI */
+      c->policyoids = (char **) NULL; /* NYI */
+    }
+
+  return c;
+}
+
+int
+rs_tls_init (struct rs_connection *conn)
+{
+  struct rs_context *ctx;
+  struct tls *tlsconf;
+  SSL_CTX *ssl_ctx;
+  SSL *ssl;
+  assert (conn->ctx);
+  ctx = conn->ctx;
+
+  tlsconf = _get_tlsconf (ctx, conn->active_peer->realm);
+  assert (tlsconf);
+  ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
+  if (!ssl_ctx)
+    {
+      /* TODO: check radsecproxy error  */
+      return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
+				  NULL);
+    }
+
+  ssl = SSL_new (ssl_ctx);
+  if (!ssl)
+    {
+      /* TODO: check and report SSL error  */
+      /* TODO: free ssl_ctx  */
+      return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
+				  NULL);
+    }
+
+  conn->tls_ctx = ssl_ctx;
+  conn->tls_ssl = ssl;
+  rs_free (ctx, tlsconf);
+  return RSE_OK;
+}