From ae4a0ba982e7f6609f71539c65c23a5bdfdf446d Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 2 Nov 2014 14:45:05 +0000 Subject: Add a tls_connect_fds() function that allows a secure connection to be established using a pair of existing file descriptors. Based on a diff/request from Jan Klemkow. Rides previous libtls rename/library bump. Discussed with tedu@. --- src/lib/libtls/tls_client.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'src/lib/libtls/tls_client.c') diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index 853766f87b..a4528b9b87 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */ +/* $OpenBSD: tls_client.c,v 1.2 2014/11/02 14:45:05 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -122,6 +122,15 @@ err: int tls_connect_socket(struct tls *ctx, int socket, const char *hostname) +{ + ctx->socket = socket; + + return tls_connect_fds(ctx, socket, socket, hostname); +} + +int +tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, + const char *hostname) { union { struct in_addr ip4; struct in6_addr ip6; } addrbuf; X509 *cert = NULL; @@ -132,7 +141,10 @@ tls_connect_socket(struct tls *ctx, int socket, const char *hostname) goto err; } - ctx->socket = socket; + if (fd_read < 0 || fd_write < 0) { + tls_set_error(ctx, "invalid file descriptors"); + return (-1); + } if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { tls_set_error(ctx, "ssl context failure"); @@ -166,7 +178,8 @@ tls_connect_socket(struct tls *ctx, int socket, const char *hostname) tls_set_error(ctx, "ssl connection failure"); goto err; } - if (SSL_set_fd(ctx->ssl_conn, ctx->socket) != 1) { + if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || + SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { tls_set_error(ctx, "ssl file descriptor failure"); goto err; } -- cgit v1.2.3-55-g6feb