1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
/* See the file COPYING for licensing information. */
#if defined HAVE_CONFIG_H
#include <config.h>
#endif
#include <assert.h>
#include <openssl/ssl.h>
#include <radsec/radsec.h>
#include <radsec/radsec-impl.h>
#include <regex.h>
#include "rsp_list.h"
#include "../radsecproxy.h"
static struct tls *
_get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)
{
struct tls *c = rs_malloc (conn->ctx, sizeof (struct tls));
if (c)
{
memset (c, 0, sizeof (struct tls));
/* TODO: Make sure old radsecproxy code doesn't free these all
of a sudden, or strdup them. */
c->name = realm->name;
c->cacertfile = realm->cacertfile;
c->cacertpath = NULL; /* NYI */
c->certfile = realm->certfile;
c->certkeyfile = realm->certkeyfile;
c->certkeypwd = NULL; /* NYI */
c->cacheexpiry = 0; /* NYI */
c->crlcheck = 0; /* NYI */
c->policyoids = (char **) NULL; /* NYI */
}
else
rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL);
return c;
}
int
rs_tls_init (struct rs_connection *conn)
{
struct rs_context *ctx;
struct tls *tlsconf;
SSL_CTX *ssl_ctx;
SSL *ssl;
assert (conn->ctx);
ctx = conn->ctx;
tlsconf = _get_tlsconf (conn, conn->active_peer->realm);
if (!tlsconf)
return -1;
ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
if (!ssl_ctx)
{
/* TODO: check radsecproxy error */
return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
NULL);
}
ssl = SSL_new (ssl_ctx);
if (!ssl)
{
/* TODO: check and report SSL error */
/* TODO: free ssl_ctx */
return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
NULL);
}
conn->tls_ctx = ssl_ctx;
conn->tls_ssl = ssl;
rs_free (ctx, tlsconf);
return RSE_OK;
}
|