summaryrefslogtreecommitdiff
path: root/lib/tls.c
blob: 15929d265d5aa19300e53efddede2fe1a45077b6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/* See the file COPYING for licensing information.  */

#if defined HAVE_CONFIG_H
#include <config.h>
#endif

#include <assert.h>
#include <openssl/ssl.h>
#include <radsec/radsec.h>
#include <radsec/radsec-impl.h>

#include <regex.h>
#include "rsp_list.h"
#include "../radsecproxy.h"

static struct tls *
_get_tlsconf (const struct rs_context *ctx, const struct rs_realm *realm)
{
  struct tls *c = rs_malloc (ctx, sizeof (struct tls));

  if (c)
    {
      memset (c, 0, sizeof (struct tls));
      /* TODO: Make sure old radsecproxy code doesn't free these all
	 of a sudden, or strdup them.  */
      c->name = realm->name;
      c->cacertfile = realm->cacertfile;
      c->cacertpath = NULL;	/* NYI */
      c->certfile = realm->certfile;
      c->certkeyfile = realm->certkeyfile;
      c->certkeypwd = NULL;	/* NYI */
      c->cacheexpiry = 0;	/* NYI */
      c->crlcheck = 0;		/* NYI */
      c->policyoids = (char **) NULL; /* NYI */
    }

  return c;
}

int
rs_tls_init (struct rs_connection *conn)
{
  struct rs_context *ctx;
  struct tls *tlsconf;
  SSL_CTX *ssl_ctx;
  SSL *ssl;
  assert (conn->ctx);
  ctx = conn->ctx;

  tlsconf = _get_tlsconf (ctx, conn->active_peer->realm);
  assert (tlsconf);
  ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
  if (!ssl_ctx)
    {
      /* TODO: check radsecproxy error  */
      return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
				  NULL);
    }

  ssl = SSL_new (ssl_ctx);
  if (!ssl)
    {
      /* TODO: check and report SSL error  */
      /* TODO: free ssl_ctx  */
      return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
				  NULL);
    }

  conn->tls_ctx = ssl_ctx;
  conn->tls_ssl = ssl;
  rs_free (ctx, tlsconf);
  return RSE_OK;
}