X-Git-Url: http://lists.indexdata.com/cgi-bin?a=blobdiff_plain;f=src%2Ftcpip.c;h=24e205a85f64e1b3766230397393139222e33fe4;hb=e8687e3d59ba411ee1ed143c8726ab9449bbbe57;hp=ee80c6beb6edea4b1a678f6954195a7563c57b25;hpb=7812eaf5e45de650b8629df5a231dbcab1182b55;p=yaz-moved-to-github.git diff --git a/src/tcpip.c b/src/tcpip.c index ee80c6b..24e205a 100644 --- a/src/tcpip.c +++ b/src/tcpip.c @@ -1,8 +1,6 @@ -/* - * Copyright (C) 1995-2007, Index Data ApS +/* This file is part of the YAZ toolkit. + * Copyright (C) 1995-2008 Index Data * See the file LICENSE for details. - * - * $Id: tcpip.c,v 1.41 2008-01-21 13:34:34 adam Exp $ */ /** * \file tcpip.c @@ -50,9 +48,15 @@ #include #endif +#if HAVE_GNUTLS_H +#include +#define ENABLE_SSL 1 +#endif + #if HAVE_OPENSSL_SSL_H #include #include +#define ENABLE_SSL 1 #endif #include @@ -73,7 +77,7 @@ static int tcpip_listen(COMSTACK h, char *raddr, int *addrlen, void *cd); static int tcpip_set_blocking(COMSTACK p, int blocking); -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL static int ssl_get(COMSTACK h, char **buf, int *bufsize); static int ssl_put(COMSTACK h, char *buf, int size); #endif @@ -108,7 +112,7 @@ typedef struct tcpip_state struct sockaddr_in addr; /* returned by cs_straddr */ #endif char buf[128]; /* returned by cs_addrstr */ -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL SSL_CTX *ctx; /* current CTX. */ SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */ SSL *ssl; @@ -187,7 +191,7 @@ COMSTACK tcpip_type(int s, int flags, int protocol, void *vp) p->stackerr = 0; p->user = 0; -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL sp->ctx = sp->ctx_alloc = 0; sp->ssl = 0; strcpy(sp->cert_fname, "yaz.pem"); @@ -236,7 +240,7 @@ COMSTACK yaz_tcpip_create(int s, int flags, int protocol, } -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL COMSTACK ssl_type(int s, int flags, int protocol, void *vp) { @@ -507,7 +511,7 @@ int tcpip_connect(COMSTACK h, void *address) */ int tcpip_rcvconnect(COMSTACK h) { -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL tcpip_state *sp = (tcpip_state *)h->cprivate; #endif TRC(fprintf(stderr, "tcpip_rcvconnect\n")); @@ -519,13 +523,13 @@ int tcpip_rcvconnect(COMSTACK h) h->cerrno = CSOUTSTATE; return -1; } -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL if (h->type == ssl_type && !sp->ctx) { SSL_library_init(); SSL_load_error_strings(); - sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method()); + sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_client_method()); if (!sp->ctx) { h->cerrno = CSERRORSSL; @@ -611,13 +615,13 @@ static int tcpip_bind(COMSTACK h, void *address, int mode) } #endif -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL if (h->type == ssl_type && !sp->ctx) { SSL_library_init(); SSL_load_error_strings(); - sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method()); + sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_server_method()); if (!sp->ctx) { h->cerrno = CSERRORSSL; @@ -629,25 +633,38 @@ static int tcpip_bind(COMSTACK h, void *address, int mode) if (sp->ctx_alloc) { int res; - res = SSL_CTX_use_certificate_chain_file(sp->ctx, sp->cert_fname); + res = SSL_CTX_use_certificate_file(sp->ctx, sp->cert_fname, + SSL_FILETYPE_PEM); if (res <= 0) { +#if HAVE_OPENSSL_SSL_H ERR_print_errors_fp(stderr); +#else + fprintf(stderr, " SSL_CTX_use_certificate_file %s failed\n", + sp->cert_fname); +#endif exit (2); } res = SSL_CTX_use_PrivateKey_file (sp->ctx, sp->cert_fname, SSL_FILETYPE_PEM); if (res <= 0) { +#if HAVE_OPENSSL_SSL_H ERR_print_errors_fp(stderr); +#else + fprintf(stderr, " SSL_CTX_use_certificate_file %s failed\n", + sp->cert_fname); +#endif exit (3); } +#if HAVE_OPENSSL_SSL_H res = SSL_CTX_check_private_key (sp->ctx); if (res <= 0) { ERR_print_errors_fp(stderr); exit(5); } +#endif } TRC (fprintf (stderr, "ssl_bind\n")); } @@ -819,7 +836,7 @@ COMSTACK tcpip_accept(COMSTACK h) cnew->state = CS_ST_ACCEPT; h->state = CS_ST_IDLE; -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL state->ctx = st->ctx; state->ctx_alloc = 0; state->ssl = st->ssl; @@ -835,7 +852,7 @@ COMSTACK tcpip_accept(COMSTACK h) } if (h->state == CS_ST_ACCEPT) { -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL tcpip_state *state = (tcpip_state *)h->cprivate; if (state->ctx) { @@ -1003,7 +1020,7 @@ int tcpip_get(COMSTACK h, char **buf, int *bufsize) } -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL /* * Return: -1 error, >1 good, len of buffer, ==1 incomplete buffer, * 0=connection closed. @@ -1157,7 +1174,7 @@ int tcpip_put(COMSTACK h, char *buf, int size) } -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL /* * Returns 1, 0 or -1 * In nonblocking mode, you must call again with same buffer while @@ -1218,7 +1235,7 @@ int tcpip_close(COMSTACK h) TRC(fprintf(stderr, "tcpip_close\n")); if (h->iofile != -1) { -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL if (sp->ssl) { SSL_shutdown (sp->ssl); @@ -1232,7 +1249,7 @@ int tcpip_close(COMSTACK h) } if (sp->altbuf) xfree(sp->altbuf); -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL if (sp->ssl) { TRC (fprintf(stderr, "SSL_free\n")); @@ -1303,7 +1320,7 @@ char *tcpip_addrstr(COMSTACK h) sprintf(buf, "http:%s", r); else sprintf(buf, "tcp:%s", r); -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL if (sp->ctx) { if (h->protocol == PROTO_HTTP) @@ -1339,7 +1356,7 @@ int static tcpip_set_blocking(COMSTACK p, int flags) return 1; } -#if HAVE_OPENSSL_SSL_H +#if ENABLE_SSL int cs_set_ssl_ctx(COMSTACK cs, void *ctx) { struct tcpip_state *sp; @@ -1378,6 +1395,7 @@ int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len) if (ssl) { X509 *server_cert = SSL_get_peer_certificate (ssl); +#if HAVE_OPENSSL_SSL_H if (server_cert) { BIO *bio = BIO_new(BIO_s_mem()); @@ -1390,6 +1408,7 @@ int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len) BIO_free(bio); return 1; } +#endif } return 0; }