From a0cae064c7fb3e6f9795357b0897fc7cfbada29a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 31 Mar 2015 14:03:38 +0000
Subject: Provide a tls_accept_fds() function, which allows a TLS connection to
 be accepted via an existing pair of file descriptors.

Based on a diff from Jan Klemkow.
---
 src/lib/libtls/tls_server.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'src/lib/libtls/tls_server.c')

diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index cbe064e2f5..55b19e472c 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.6 2015/03/31 12:21:27 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.7 2015/03/31 14:03:38 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -99,7 +99,7 @@ err:
 }
 
 int
-tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
+tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
 {
 	struct tls *conn_ctx = *cctx;
 	int ret, err;
@@ -116,14 +116,13 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
 		}
 		*cctx = conn_ctx;
 
-		conn_ctx->socket = socket;
-
 		if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
 			tls_set_error(ctx, "ssl failure");
 			goto err;
 		}
 
-		if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
+		if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
+		    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
 			tls_set_error(ctx, "ssl set fd failure");
 			goto err;
 		}
@@ -143,3 +142,15 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
 err:
 	return (-1);
 }
+
+int
+tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
+{
+	int rv;
+
+	rv = tls_accept_fds(ctx, cctx, socket, socket);
+	if (*cctx != NULL)
+		(*cctx)->socket = socket;
+
+	return (rv);
+}
-- 
cgit v1.2.3-55-g6feb