diff options
Diffstat (limited to 'src/lib/libtls/tls_client.c')
| -rw-r--r-- | src/lib/libtls/tls_client.c | 76 |
1 files changed, 56 insertions, 20 deletions
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index c360ecad52..f8d35a18c1 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_client.c,v 1.34 2016/08/15 14:04:23 jsing Exp $ */ | 1 | /* $OpenBSD: tls_client.c,v 1.35 2016/09/04 12:26:43 bcook Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -158,15 +158,8 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port, | |||
| 158 | return (rv); | 158 | return (rv); |
| 159 | } | 159 | } |
| 160 | 160 | ||
| 161 | int | 161 | static int |
| 162 | tls_connect_socket(struct tls *ctx, int s, const char *servername) | 162 | connect_common(struct tls *ctx, const char *servername) |
| 163 | { | ||
| 164 | return tls_connect_fds(ctx, s, s, servername); | ||
| 165 | } | ||
| 166 | |||
| 167 | int | ||
| 168 | tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | ||
| 169 | const char *servername) | ||
| 170 | { | 163 | { |
| 171 | union tls_addr addrbuf; | 164 | union tls_addr addrbuf; |
| 172 | int rv = -1; | 165 | int rv = -1; |
| @@ -176,11 +169,6 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | |||
| 176 | goto err; | 169 | goto err; |
| 177 | } | 170 | } |
| 178 | 171 | ||
| 179 | if (fd_read < 0 || fd_write < 0) { | ||
| 180 | tls_set_errorx(ctx, "invalid file descriptors"); | ||
| 181 | goto err; | ||
| 182 | } | ||
| 183 | |||
| 184 | if (servername != NULL) { | 172 | if (servername != NULL) { |
| 185 | if ((ctx->servername = strdup(servername)) == NULL) { | 173 | if ((ctx->servername = strdup(servername)) == NULL) { |
| 186 | tls_set_errorx(ctx, "out of memory"); | 174 | tls_set_errorx(ctx, "out of memory"); |
| @@ -195,6 +183,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | |||
| 195 | 183 | ||
| 196 | if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0) | 184 | if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0) |
| 197 | goto err; | 185 | goto err; |
| 186 | |||
| 198 | if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx, | 187 | if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx, |
| 199 | ctx->config->keypair, 0) != 0) | 188 | ctx->config->keypair, 0) != 0) |
| 200 | goto err; | 189 | goto err; |
| @@ -205,6 +194,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | |||
| 205 | goto err; | 194 | goto err; |
| 206 | } | 195 | } |
| 207 | } | 196 | } |
| 197 | |||
| 208 | if (ctx->config->verify_cert && | 198 | if (ctx->config->verify_cert && |
| 209 | (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, | 199 | (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, |
| 210 | SSL_VERIFY_PEER) == -1)) | 200 | SSL_VERIFY_PEER) == -1)) |
| @@ -214,15 +204,11 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | |||
| 214 | tls_set_errorx(ctx, "ssl connection failure"); | 204 | tls_set_errorx(ctx, "ssl connection failure"); |
| 215 | goto err; | 205 | goto err; |
| 216 | } | 206 | } |
| 207 | |||
| 217 | if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) { | 208 | if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) { |
| 218 | tls_set_errorx(ctx, "ssl application data failure"); | 209 | tls_set_errorx(ctx, "ssl application data failure"); |
| 219 | goto err; | 210 | goto err; |
| 220 | } | 211 | } |
| 221 | if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || | ||
| 222 | SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { | ||
| 223 | tls_set_errorx(ctx, "ssl file descriptor failure"); | ||
| 224 | goto err; | ||
| 225 | } | ||
| 226 | 212 | ||
| 227 | /* | 213 | /* |
| 228 | * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not | 214 | * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not |
| @@ -236,6 +222,56 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | |||
| 236 | goto err; | 222 | goto err; |
| 237 | } | 223 | } |
| 238 | } | 224 | } |
| 225 | rv = 0; | ||
| 226 | |||
| 227 | err: | ||
| 228 | return (rv); | ||
| 229 | } | ||
| 230 | |||
| 231 | int | ||
| 232 | tls_connect_socket(struct tls *ctx, int s, const char *servername) | ||
| 233 | { | ||
| 234 | return tls_connect_fds(ctx, s, s, servername); | ||
| 235 | } | ||
| 236 | |||
| 237 | int | ||
| 238 | tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | ||
| 239 | const char *servername) | ||
| 240 | { | ||
| 241 | int rv = -1; | ||
| 242 | |||
| 243 | if (fd_read < 0 || fd_write < 0) { | ||
| 244 | tls_set_errorx(ctx, "invalid file descriptors"); | ||
| 245 | goto err; | ||
| 246 | } | ||
| 247 | |||
| 248 | if (connect_common(ctx, servername) != 0) | ||
| 249 | goto err; | ||
| 250 | |||
| 251 | if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || | ||
| 252 | SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { | ||
| 253 | tls_set_errorx(ctx, "ssl file descriptor failure"); | ||
| 254 | goto err; | ||
| 255 | } | ||
| 256 | |||
| 257 | rv = 0; | ||
| 258 | err: | ||
| 259 | return (rv); | ||
| 260 | } | ||
| 261 | |||
| 262 | int | ||
| 263 | tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb, | ||
| 264 | tls_write_cb write_cb, void *cb_arg, const char *servername) | ||
| 265 | { | ||
| 266 | int rv = -1; | ||
| 267 | |||
| 268 | if (connect_common(ctx, servername) != 0) | ||
| 269 | goto err; | ||
| 270 | |||
| 271 | if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) { | ||
| 272 | tls_set_errorx(ctx, "callback registration failure"); | ||
| 273 | goto err; | ||
| 274 | } | ||
| 239 | 275 | ||
| 240 | rv = 0; | 276 | rv = 0; |
| 241 | 277 | ||