summaryrefslogtreecommitdiff
path: root/lib/packet.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2010-11-11 10:30:35 +0100
committerLinus Nordberg <linus@nordu.net>2010-11-11 10:30:35 +0100
commit83e82dba47aced4a93f9e431b4d8bca94c2f8517 (patch)
tree7ff1779ea924d557b6ded9bd21c0cc8a65f062dd /lib/packet.c
parentf9b25cad24ec4e3e89e818457beb29cbe08eed0c (diff)
Bringing up TLS connections working.
NOTE: Clean up of resources not yet sane. Expect resource leakages. NOTE: Most failure cases are not handled properly. With the wind at your back and the sun shining, it might work.
Diffstat (limited to 'lib/packet.c')
-rw-r--r--lib/packet.c62
1 files changed, 58 insertions, 4 deletions
diff --git a/lib/packet.c b/lib/packet.c
index cdd094a..154abc8 100644
--- a/lib/packet.c
+++ b/lib/packet.c
@@ -1,12 +1,22 @@
/* See the file COPYING for licensing information. */
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <freeradius/libradius.h>
#include <event2/event.h>
#include <event2/bufferevent.h>
+#if defined RS_ENABLE_TLS
+#include <event2/bufferevent_ssl.h>
+#include <openssl/err.h>
+#endif
#include <radsec/radsec.h>
#include <radsec/radsec-impl.h>
+#include "tls.h"
#if defined DEBUG
#include <netdb.h>
#include <sys/socket.h>
@@ -89,7 +99,7 @@ _event_cb (struct bufferevent *bev, short events, void *ctx)
struct rs_packet *pkt = (struct rs_packet *)ctx;
struct rs_connection *conn;
struct rs_peer *p;
- int err;
+ unsigned long err;
assert (pkt);
assert (pkt->conn);
@@ -103,7 +113,6 @@ _event_cb (struct bufferevent *bev, short events, void *ctx)
p->is_connected = 1;
if (conn->callbacks.connected_cb)
conn->callbacks.connected_cb (conn->user_data);
-
#if defined (DEBUG)
fprintf (stderr, "%s: connected\n", __func__);
#endif
@@ -114,7 +123,24 @@ _event_cb (struct bufferevent *bev, short events, void *ctx)
/* Packet will be freed in write callback. */
}
else if (events & BEV_EVENT_ERROR)
- rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
+ {
+#if defined RS_ENABLE_TLS
+ if (conn->tls_ssl) /* FIXME: correct check? */
+ {
+ for (err = bufferevent_get_openssl_error (conn->bev);
+ err;
+ err = bufferevent_get_openssl_error (conn->bev))
+ {
+ fprintf (stderr, "%s: openssl error: %s\n", __func__,
+ ERR_error_string (err, NULL)); /* DEBUG, until verified that pushed errors will actually be handled */
+ rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
+ "%d", err);
+ }
+ }
+#endif
+ rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
+ fprintf (stderr, "%s: BEV_EVENT_ERROR\n", __func__); /* DEBUG, until verified that pushed errors will actually be handled */
+ }
}
static void
@@ -301,13 +327,41 @@ _pick_peer (struct rs_connection *conn)
static int
_init_bev (struct rs_connection *conn, struct rs_peer *peer)
{
- if (!conn->bev)
+ if (conn->bev)
+ return RSE_OK;
+
+ switch (conn->type)
{
+ case RS_CONN_TYPE_UDP:
+ case RS_CONN_TYPE_TCP:
conn->bev = bufferevent_socket_new (conn->evb, peer->fd, 0);
if (!conn->bev)
return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
"bufferevent_socket_new");
+ break;
+ case RS_CONN_TYPE_TLS:
+ if (rs_tls_init (conn))
+ return -1;
+ /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things
+ seem to break when be_openssl_ctrl() (in libevent) calls
+ SSL_set_bio() after BIO_new_socket() with flag=1. */
+ conn->bev =
+ bufferevent_openssl_socket_new (conn->evb, peer->fd, conn->tls_ssl,
+ BUFFEREVENT_SSL_CONNECTING, 0);
+ if (!conn->bev)
+ return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
+ "bufferevent_openssl_socket_new");
+
+ break;
+ case RS_CONN_TYPE_DTLS:
+ return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__,
+ "%s: NYI", __func__);
+ default:
+ return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__,
+ "%s: invalid connection type: %d", __func__,
+ conn->type);
}
+
return RSE_OK;
}