Possible compatibility problems with earlier versions marked with '*'.
+Implement cs_set_ssl_ctx which sets SSL_CTX for SSL comstack.
+
+Do not create SSL_CTX in cs_create (ssl_type). Create in tcpip_bind,
+tcpip_rcvconnect instead. This allows user to set custom SSL_CTX.
+
ZOOM now allows inspection of X509 peer certificate for verification.
The X509 buffer is retrived by reading ZOOM option "sslPeerCert".
/*
- * Copyright (c) 1995-2003, Index Data.
+ * Copyright (c) 1995-2004, Index Data.
*
* Permission to use, copy, modify, distribute, and sell this software and
* its documentation, in whole or in part, for any purpose, is hereby granted,
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
- * $Id: comstack.h,v 1.13 2004-04-28 22:44:59 adam Exp $
+ * $Id: comstack.h,v 1.14 2004-04-29 21:19:23 adam Exp $
*/
#ifndef COMSTACK_H
#define cs_straddr(handle, str) ((*(handle)->f_straddr)(handle, str))
#define cs_want_read(handle) ((handle)->io_pending & CS_WANT_READ)
#define cs_want_write(handle) ((handle)->io_pending & CS_WANT_WRITE)
-#define cs_set_blocking(handle,blocking) ((handle)->f_set_blocking(handle, blocking)
+#define cs_set_blocking(handle,blocking) ((handle)->f_set_blocking(handle, blocking))
#define CS_WANT_READ 1
#define CS_WANT_WRITE 2
-
+
YAZ_EXPORT int cs_look (COMSTACK);
YAZ_EXPORT const char *cs_strerror(COMSTACK h);
YAZ_EXPORT const char *cs_errmsg(int n);
YAZ_EXPORT void cs_get_host_args(const char *type_and_host, const char **args);
YAZ_EXPORT int cs_complete_auto(const unsigned char *buf, int len);
YAZ_EXPORT void *cs_get_ssl(COMSTACK cs);
+YAZ_EXPORT int cs_set_ssl_ctx(COMSTACK cs, void *ctx);
YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
/*
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: comstack.c,v 1.8 2004-04-29 08:55:17 adam Exp $
+ * $Id: comstack.c,v 1.9 2004-04-29 21:19:23 adam Exp $
*/
#include <string.h>
{
t = tcpip_type;
host = type_and_host;
-
}
cs = cs_create (t, blocking, proto);
if (!cs)
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: tcpip.c,v 1.4 2004-04-29 08:55:17 adam Exp $
+ * $Id: tcpip.c,v 1.5 2004-04-29 21:19:23 adam Exp $
*/
#include <stdio.h>
struct sockaddr_in addr; /* returned by cs_straddr */
char buf[128]; /* returned by cs_addrstr */
#if HAVE_OPENSSL_SSL_H
- SSL_CTX *ctx;
- SSL_CTX *ctx_alloc;
+ SSL_CTX *ctx; /* current CTX. */
+ SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */
SSL *ssl;
#endif
} tcpip_state;
p->f_put = ssl_put;
p->type = ssl_type;
state = (tcpip_state *) p->cprivate;
- if (vp)
- state->ctx = vp;
- else
- {
- SSL_load_error_strings();
- SSLeay_add_all_algorithms();
- state->ctx = state->ctx_alloc = SSL_CTX_new (SSLv23_method());
- if (!state->ctx)
- {
- tcpip_close(p);
- return 0;
- }
- }
+ state->ctx = vp; /* may be NULL */
+
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
}
int tcpip_connect(COMSTACK h, void *address)
{
struct sockaddr_in *add = (struct sockaddr_in *)address;
-#if HAVE_OPENSSL_SSL_H
- tcpip_state *sp = (tcpip_state *)h->cprivate;
-#endif
int r;
#ifdef __sun__
int recbuflen;
return -1;
}
#if HAVE_OPENSSL_SSL_H
+ if (h->type == ssl_type && !sp->ctx)
+ {
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+
+ sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+ if (!sp->ctx)
+ {
+ h->cerrno = CSERRORSSL;
+ return -1;
+ }
+ }
if (sp->ctx)
{
int res;
#if HAVE_OPENSSL_SSL_H
tcpip_state *sp = (tcpip_state *)h->cprivate;
+ if (h->type == ssl_type && !sp->ctx)
+ {
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+
+ sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method());
+ if (!sp->ctx)
+ {
+ h->cerrno = CSERRORSSL;
+ return -1;
+ }
+ }
if (sp->ctx)
{
if (sp->ctx_alloc)
}
#if HAVE_OPENSSL_SSL_H
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+ struct tcpip_state *state;
+ if (!cs || cs->type != ssl_type)
+ return 0;
+ state = (struct tcpip_state *) cs->cprivate;
+ if (state->ctx_alloc)
+ return 0;
+ state->ctx = ctx;
+ return 1;
+}
+
void *cs_get_ssl(COMSTACK cs)
{
struct tcpip_state *state;
return 0;
}
#else
+int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
+{
+ return 0;
+}
+
void *cs_get_ssl(COMSTACK cs)
{
return 0;
/*
- * Copyright (c) 1995-2003, Index Data
+ * Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: unix.c,v 1.3 2003-12-30 00:29:53 adam Exp $
+ * $Id: unix.c,v 1.4 2004-04-29 21:19:23 adam Exp $
* UNIX socket COMSTACK. By Morten Bøgeskov.
*/
#ifndef WIN32
return 0;
}
-#define CERTF "ztest.pem"
-#define KEYF "ztest.pem"
-
static int unix_bind(COMSTACK h, void *address, int mode)
{
unix_state *sp = (unix_state *)h->cprivate;