diff options
author | Linus Nordberg <linus@nordberg.se> | 2013-03-01 14:34:21 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2013-03-01 14:34:21 +0100 |
commit | f3252b34114236c65624862d2a572f5e290e8cc8 (patch) | |
tree | 7a7f720b89443c1cd2dd80290ed039e10d0f7d67 /lib/tls.c | |
parent | cb9748d119ec0ebd4e8e1bbecb5ef86a65a56061 (diff) |
Revamping for listeners.
Split rs_connection into rs_baseconn plus rs_connection and rs_listener.
Connections now has a state variable.
Connect buffer event and fd of _source_ connection, not that of
conn->active_peer. The connection object referred to by a peer is not
meant for using as a connection, only for reporting errors on.
Make sure things are sane even when not using a config file.
Bump library interface version to 1.0.0 since it's changed.
Diffstat (limited to 'lib/tls.c')
-rw-r--r-- | lib/tls.c | 20 |
1 files changed, 10 insertions, 10 deletions
@@ -26,14 +26,14 @@ _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm) { memset (c, 0, sizeof (struct tls)); /* _conn_open() should've picked a peer by now. */ - assert (conn->active_peer); + assert (conn->base_.active_peer); /* TODO: Make sure old radsecproxy code doesn't free these all of a sudden, or strdup them. */ c->name = realm->name; - c->cacertfile = conn->active_peer->cacertfile; + c->cacertfile = conn->base_.active_peer->cacertfile; c->cacertpath = NULL; /* NYI */ - c->certfile = conn->active_peer->certfile; - c->certkeyfile = conn->active_peer->certkeyfile; + c->certfile = conn->base_.active_peer->certfile; + c->certkeyfile = conn->base_.active_peer->certkeyfile; c->certkeypwd = NULL; /* NYI */ c->cacheexpiry = 0; /* NYI */ c->crlcheck = 0; /* NYI */ @@ -60,7 +60,7 @@ psk_client_cb (SSL *ssl, conn = SSL_get_ex_data (ssl, 0); assert (conn != NULL); - cred = conn->active_peer->transport_cred; + cred = conn->base_.active_peer->transport_cred; assert (cred != NULL); /* NOTE: Ignoring identity hint from server. */ @@ -126,7 +126,7 @@ rs_tls_init (struct rs_connection *conn) assert (conn->base_.ctx); ctx = conn->base_.ctx; - tlsconf = _get_tlsconf (conn, conn->active_peer->realm); + tlsconf = _get_tlsconf (conn, conn->base_.active_peer->realm); if (!tlsconf) return -1; ssl_ctx = tlsgetctx (RAD_TLS, tlsconf); @@ -147,7 +147,7 @@ rs_tls_init (struct rs_connection *conn) } #if defined RS_ENABLE_TLS_PSK - if (conn->active_peer->transport_cred != NULL) + if (conn->base_.active_peer->transport_cred != NULL) { SSL_set_psk_client_callback (ssl, psk_client_cb); SSL_set_ex_data (ssl, 0, conn); @@ -203,9 +203,9 @@ tls_verify_cert (struct rs_connection *conn) struct in6_addr addr; const char *hostname = NULL; - assert (conn->active_peer->conn == conn); - assert (conn->active_peer->hostname != NULL); - hostname = conn->active_peer->hostname; + assert (conn->base_.active_peer != NULL); + assert (conn->base_.active_peer->hostname != NULL); + hostname = conn->base_.active_peer->hostname; /* verifytlscert() performs basic verification as described by OpenSSL VERIFY(1), i.e. verification of the certificate chain. */ |