summaryrefslogtreecommitdiff
path: root/lib/tls.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2013-03-01 14:34:21 +0100
committerLinus Nordberg <linus@nordberg.se>2013-03-01 14:34:21 +0100
commitf3252b34114236c65624862d2a572f5e290e8cc8 (patch)
tree7a7f720b89443c1cd2dd80290ed039e10d0f7d67 /lib/tls.c
parentcb9748d119ec0ebd4e8e1bbecb5ef86a65a56061 (diff)
Revamping for listeners.
Split rs_connection into rs_baseconn plus rs_connection and rs_listener. Connections now has a state variable. Connect buffer event and fd of _source_ connection, not that of conn->active_peer. The connection object referred to by a peer is not meant for using as a connection, only for reporting errors on. Make sure things are sane even when not using a config file. Bump library interface version to 1.0.0 since it's changed.
Diffstat (limited to 'lib/tls.c')
-rw-r--r--lib/tls.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/tls.c b/lib/tls.c
index 979ee3c..b9fb3cf 100644
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -26,14 +26,14 @@ _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)
{
memset (c, 0, sizeof (struct tls));
/* _conn_open() should've picked a peer by now. */
- assert (conn->active_peer);
+ assert (conn->base_.active_peer);
/* TODO: Make sure old radsecproxy code doesn't free these all
of a sudden, or strdup them. */
c->name = realm->name;
- c->cacertfile = conn->active_peer->cacertfile;
+ c->cacertfile = conn->base_.active_peer->cacertfile;
c->cacertpath = NULL; /* NYI */
- c->certfile = conn->active_peer->certfile;
- c->certkeyfile = conn->active_peer->certkeyfile;
+ c->certfile = conn->base_.active_peer->certfile;
+ c->certkeyfile = conn->base_.active_peer->certkeyfile;
c->certkeypwd = NULL; /* NYI */
c->cacheexpiry = 0; /* NYI */
c->crlcheck = 0; /* NYI */
@@ -60,7 +60,7 @@ psk_client_cb (SSL *ssl,
conn = SSL_get_ex_data (ssl, 0);
assert (conn != NULL);
- cred = conn->active_peer->transport_cred;
+ cred = conn->base_.active_peer->transport_cred;
assert (cred != NULL);
/* NOTE: Ignoring identity hint from server. */
@@ -126,7 +126,7 @@ rs_tls_init (struct rs_connection *conn)
assert (conn->base_.ctx);
ctx = conn->base_.ctx;
- tlsconf = _get_tlsconf (conn, conn->active_peer->realm);
+ tlsconf = _get_tlsconf (conn, conn->base_.active_peer->realm);
if (!tlsconf)
return -1;
ssl_ctx = tlsgetctx (RAD_TLS, tlsconf);
@@ -147,7 +147,7 @@ rs_tls_init (struct rs_connection *conn)
}
#if defined RS_ENABLE_TLS_PSK
- if (conn->active_peer->transport_cred != NULL)
+ if (conn->base_.active_peer->transport_cred != NULL)
{
SSL_set_psk_client_callback (ssl, psk_client_cb);
SSL_set_ex_data (ssl, 0, conn);
@@ -203,9 +203,9 @@ tls_verify_cert (struct rs_connection *conn)
struct in6_addr addr;
const char *hostname = NULL;
- assert (conn->active_peer->conn == conn);
- assert (conn->active_peer->hostname != NULL);
- hostname = conn->active_peer->hostname;
+ assert (conn->base_.active_peer != NULL);
+ assert (conn->base_.active_peer->hostname != NULL);
+ hostname = conn->base_.active_peer->hostname;
/* verifytlscert() performs basic verification as described by
OpenSSL VERIFY(1), i.e. verification of the certificate chain. */