diff options
| author | Linus Nordberg <linus@nordu.net> | 2010-11-11 10:30:35 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2010-11-11 10:30:35 +0100 |
| commit | 83e82dba47aced4a93f9e431b4d8bca94c2f8517 (patch) | |
| tree | 7ff1779ea924d557b6ded9bd21c0cc8a65f062dd /lib/tls.c | |
| parent | f9b25cad24ec4e3e89e818457beb29cbe08eed0c (diff) | |
Bringing up TLS connections working.
NOTE: Clean up of resources not yet sane. Expect resource leakages.
NOTE: Most failure cases are not handled properly. With the wind at
your back and the sun shining, it might work.
Diffstat (limited to 'lib/tls.c')
| -rw-r--r-- | lib/tls.c | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/lib/tls.c b/lib/tls.c new file mode 100644 index 0000000..15929d2 --- /dev/null +++ b/lib/tls.c @@ -0,0 +1,73 @@ +/* See the file COPYING for licensing information. */ + +#if defined HAVE_CONFIG_H +#include <config.h> +#endif + +#include <assert.h> +#include <openssl/ssl.h> +#include <radsec/radsec.h> +#include <radsec/radsec-impl.h> + +#include <regex.h> +#include "rsp_list.h" +#include "../radsecproxy.h" + +static struct tls * +_get_tlsconf (const struct rs_context *ctx, const struct rs_realm *realm) +{ + struct tls *c = rs_malloc (ctx, sizeof (struct tls)); + + if (c) + { + memset (c, 0, sizeof (struct tls)); + /* TODO: Make sure old radsecproxy code doesn't free these all + of a sudden, or strdup them. */ + c->name = realm->name; + c->cacertfile = realm->cacertfile; + c->cacertpath = NULL; /* NYI */ + c->certfile = realm->certfile; + c->certkeyfile = realm->certkeyfile; + c->certkeypwd = NULL; /* NYI */ + c->cacheexpiry = 0; /* NYI */ + c->crlcheck = 0; /* NYI */ + c->policyoids = (char **) NULL; /* NYI */ + } + + return c; +} + +int +rs_tls_init (struct rs_connection *conn) +{ + struct rs_context *ctx; + struct tls *tlsconf; + SSL_CTX *ssl_ctx; + SSL *ssl; + assert (conn->ctx); + ctx = conn->ctx; + + tlsconf = _get_tlsconf (ctx, conn->active_peer->realm); + assert (tlsconf); + ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf); + if (!ssl_ctx) + { + /* TODO: check radsecproxy error */ + return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__, + NULL); + } + + ssl = SSL_new (ssl_ctx); + if (!ssl) + { + /* TODO: check and report SSL error */ + /* TODO: free ssl_ctx */ + return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__, + NULL); + } + + conn->tls_ctx = ssl_ctx; + conn->tls_ssl = ssl; + rs_free (ctx, tlsconf); + return RSE_OK; +} |