From: Daniel KouĊ™il Date: Tue, 17 Jan 2012 20:13:20 +0000 (+0000) Subject: SSL_CTX removed from the global context. X-Git-Tag: emi-canl-c_R_1_0_0_0~44 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=837f1b118ae7b9983ed7284dfd0b8799c2039b12;p=jra1mw.git SSL_CTX removed from the global context. --- diff --git a/emi.canl.canl-c/src/canl.c b/emi.canl.canl-c/src/canl.c index 0d1a380..5a8e2fd 100644 --- a/emi.canl.canl-c/src/canl.c +++ b/emi.canl.canl-c/src/canl.c @@ -243,9 +243,11 @@ canl_io_accept(canl_ctx cc, canl_io_handler io, int new_fd, struct sockaddr s_addr, int flags, canl_principal *peer, struct timeval *timeout) { - int err = 0; + int err = 0; io_handler *io_cc = (io_handler*) io; glb_ctx *glb_cc = (glb_ctx*) cc; + struct canl_mech *mech = find_mech(GSS_C_NO_OID); + void *conn_ctx = NULL; if (!glb_cc) return EINVAL; /* XXX Should rather be a CANL error */ @@ -255,19 +257,24 @@ canl_io_accept(canl_ctx cc, canl_io_handler io, int new_fd, io_cc->sock = new_fd; - err = ssl_server_init(glb_cc, glb_cc->ssl_ctx, (void **) &io_cc->s_ctx->ssl_io); + err = ssl_server_init(glb_cc, mech->global_context, &conn_ctx); if (err) goto end; - err = ssl_accept(glb_cc, io_cc, timeout); + err = ssl_accept(glb_cc, io_cc, timeout, conn_ctx); if (err) goto end; + io_cc->authn_mech.ctx = conn_ctx; + io_cc->authn_mech.type = mech->mech; + err = 0; end: - if (err) + if (err) { (io_cc)->sock = -1; + mech->free_ctx(glb_cc, conn_ctx); + } return err; } diff --git a/emi.canl.canl-c/src/canl_locl.h b/emi.canl.canl-c/src/canl_locl.h index 3cec90b..51233a6 100644 --- a/emi.canl.canl-c/src/canl_locl.h +++ b/emi.canl.canl-c/src/canl_locl.h @@ -67,7 +67,6 @@ typedef struct _glb_ctx unsigned long err_code; CANL_ERROR_ORIGIN err_orig; cert_key_store *cert_key; - SSL_CTX *ssl_ctx; } glb_ctx; typedef struct _ossl_ctx @@ -148,8 +147,8 @@ int asyn_getservbyname(int a_family, asyn_result *ares_result,char const *name, int ssl_client_init(glb_ctx *cc, void *mech_ctx, void **ctx); int ssl_server_init(glb_ctx *cc, void *mech_ctx, void **ctx); int ssl_free(glb_ctx *cc, void *ctx); -int ssl_connect(glb_ctx *cc, io_handler *io, struct timeval *timeout, const char * host); -int ssl_accept(glb_ctx *cc, io_handler *io, +int ssl_connect(glb_ctx *cc, io_handler *io, void *conn_ctx, struct timeval *timeout, const char * host); +int ssl_accept(glb_ctx *cc, io_handler *io, void *conn_ctx, struct timeval *timeout); int ssl_read(glb_ctx *cc, io_handler *io, void *buffer, size_t size, struct timeval *tout); diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index bde33b6..7f855f6 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -103,8 +103,8 @@ int ssl_server_init(glb_ctx *cc, void *mech_ctx, void **ctx) "Failed to create SSL connection context"); /* XXX: should be only defined on the SSL level: */ - SSL_CTX_set_verify(ssl, SSL_VERIFY_NONE, proxy_verify_callback); - SSL_CTX_set_cert_verify_callback(ssl, proxy_app_verify_callback, 0); + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, proxy_verify_callback); + SSL_CTX_set_cert_verify_callback(ssl_ctx, proxy_app_verify_callback, 0); SSL_set_accept_state(ssl); @@ -210,11 +210,11 @@ int ssl_client_init(glb_ctx *cc, void *mech_ctx, void **ctx) return 0; } -int ssl_connect(glb_ctx *cc, io_handler *io, void *mech_ctx, void *auth_ctx, +int ssl_connect(glb_ctx *cc, io_handler *io, void *conn_ctx, struct timeval *timeout, const char * host) { - SSL_ctx *ctx = (SSL_ctx *) mech_ctx; - SSL *ssl = (SSL *) auth_ctx; + SSL_CTX *ctx; + SSL *ssl = (SSL *) conn_ctx; int err = 0, flags; if (!cc) { @@ -224,6 +224,10 @@ int ssl_connect(glb_ctx *cc, io_handler *io, void *mech_ctx, void *auth_ctx, err = EINVAL; goto end; } + if (conn_ctx == NULL) + return set_error(cc, EINVAL, posix_error, "SSL not initialized"); + + ctx = SSL_get_SSL_CTX(ssl); flags = fcntl(io->sock, F_GETFL, 0); (void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK); @@ -321,10 +325,10 @@ end: } } -int ssl_accept(glb_ctx *cc, io_handler *io, void *mech_ctx, void *auth_ctx, +int ssl_accept(glb_ctx *cc, io_handler *io, void *auth_ctx, struct timeval *timeout) { - SSL_ctx *ctx = (SSL_ctx *) mech_ctx; + SSL_CTX *ctx = NULL; SSL *ssl = (SSL *) auth_ctx; int err = 0, flags; @@ -335,6 +339,10 @@ int ssl_accept(glb_ctx *cc, io_handler *io, void *mech_ctx, void *auth_ctx, err = EINVAL; goto end; } + if (auth_ctx == NULL) + return set_error(cc, EINVAL, posix_error, "SSL not initialized"); + + ctx = SSL_get_SSL_CTX(ssl); flags = fcntl(io->sock, F_GETFL, 0); (void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK); @@ -672,19 +680,27 @@ int ssl_read(glb_ctx *cc, io_handler *io, void *buffer, size_t size, struct time * ret = 0 connection closed successfully (one direction) * ret = 1 connection closed successfully (both directions) * ret < 0 error occured (e.g. timeout reached) */ -int ssl_close(glb_ctx *cc, io_handler *io, void *auth_ctx) +int ssl_close(glb_ctx *cc, io_handler *io) { - SSL_ctx *ctx = (SSL_ctx *) mech_ctx; - SSL *ssl = (SSL *) auth_ctx; + SSL_CTX *ctx; + SSL *ssl = NULL; int timeout = DESTROY_TIMEOUT; time_t starttime, curtime; int expected = 0, error = 0, ret = 0, ret2 = 0; int fd; unsigned long ssl_err = 0; - if (!io->s_ctx->ssl_io) { - return 2; - } + if (!cc) + return EINVAL; + if (!io) + return set_error(cc, EINVAL, posix_error, + "Connection not initialized"); + + ssl = io->s_ctx->ssl_io; + if (!ssl) + return set_error(cc, EINVAL, posix_error, "SSL not initialized"); + + ctx = SSL_get_SSL_CTX(ssl); fd = BIO_get_fd(SSL_get_rbio(io->s_ctx->ssl_io), NULL); curtime = starttime = time(NULL);