Mercurial > dovecot > core-2.2
annotate src/lib-ssl-iostream/iostream-openssl.c @ 12616:bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 31 Jan 2011 18:40:27 +0200 |
parents | |
children | dab0e52eb294 |
rev | line source |
---|---|
12616
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* Copyright (c) 2009 Dovecot authors, see the included COPYING file */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "istream.h" |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "ostream.h" |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "iostream-openssl.h" |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include <openssl/err.h> |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 static void ssl_iostream_free(struct ssl_iostream *ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 static void ssl_info_callback(const SSL *ssl, int where, int ret) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 struct ssl_iostream *ssl_io; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 if ((where & SSL_CB_ALERT) != 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 i_warning("%s: SSL alert: where=0x%x, ret=%d: %s %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 ssl_io->source, where, ret, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 SSL_alert_type_string_long(ret), |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 SSL_alert_desc_string_long(ret)); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 } else if (ret == 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 i_warning("%s: SSL failed: where=0x%x: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 ssl_io->source, where, SSL_state_string_long(ssl)); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 } else { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 i_warning("%s: SSL: where=0x%x, ret=%d: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 ssl_io->source, where, ret, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 SSL_state_string_long(ssl)); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 static int |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 ssl_iostream_use_certificate(struct ssl_iostream *ssl_io, const char *cert) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 BIO *in; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 X509 *x; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 int ret = 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 in = BIO_new_mem_buf(t_strdup_noconst(cert), strlen(cert)); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 if (in == NULL) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 i_error("BIO_new_mem_buf() failed: %s", ssl_iostream_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 x = PEM_read_bio_X509(in, NULL, NULL, NULL); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 if (x != NULL) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 ret = SSL_use_certificate(ssl_io->ssl, x); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 if (ERR_peek_error() != 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 ret = 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 X509_free(x); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 BIO_free(in); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 if (ret == 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 i_error("%s: Can't load ssl_cert: %s", ssl_io->source, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 ssl_iostream_get_use_certificate_error(cert)); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 return 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 static int |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 ssl_iostream_use_key(struct ssl_iostream *ssl_io, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 const struct ssl_iostream_settings *set) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 EVP_PKEY *pkey; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 int ret = 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 if (ssl_iostream_load_key(set, ssl_io->source, &pkey) < 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 if (SSL_use_PrivateKey(ssl_io->ssl, pkey) != 1) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 i_error("%s: Can't load SSL private key: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 ssl_io->source, ssl_iostream_key_load_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 ret = -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 EVP_PKEY_free(pkey); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 return ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 static int |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 ssl_iostream_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 int ssl_extidx = SSL_get_ex_data_X509_STORE_CTX_idx(); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 SSL *ssl; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 struct ssl_iostream *ssl_io; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_extidx); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 ssl_io->cert_received = TRUE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 if (ssl_io->verbose || |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 (ssl_io->verbose_invalid_cert && !preverify_ok)) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 char buf[1024]; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 X509_NAME *subject; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 subject = X509_get_subject_name(ctx->current_cert); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 if (X509_NAME_oneline(subject, buf, sizeof(buf)) == NULL) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 buf[0] = '\0'; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 else |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 buf[sizeof(buf)-1] = '\0'; /* just in case.. */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 if (!preverify_ok) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 i_info("Invalid certificate: %s: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 X509_verify_cert_error_string(ctx->error), buf); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 } else { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 i_info("Valid certificate: %s", buf); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 if (!preverify_ok) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 ssl_io->cert_broken = TRUE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 if (ssl_io->require_valid_cert) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 return 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 return 1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 static int |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 ssl_iostream_set(struct ssl_iostream *ssl_io, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 const struct ssl_iostream_settings *set) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 const struct ssl_iostream_settings *ctx_set = ssl_io->ctx->set; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 if (set->verbose) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 SSL_set_info_callback(ssl_io->ssl, ssl_info_callback); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 if (set->cipher_list != NULL && |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 strcmp(ctx_set->cipher_list, set->cipher_list) != 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 if (!SSL_set_cipher_list(ssl_io->ssl, set->cipher_list)) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 i_error("%s: Can't set cipher list to '%s': %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 ssl_io->source, set->cipher_list, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 ssl_iostream_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 if (set->cert != NULL && strcmp(ctx_set->cert, set->cert) != 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 if (ssl_iostream_use_certificate(ssl_io, set->cert) < 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 if (set->key != NULL && strcmp(ctx_set->key, set->key) != 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 if (ssl_iostream_use_key(ssl_io, set) < 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 if (set->verify_remote_cert) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 SSL_set_verify(ssl_io->ssl, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 ssl_iostream_verify_client_cert); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 if (set->cert_username_field != NULL) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 ssl_io->username_nid = OBJ_txt2nid(set->cert_username_field); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 if (ssl_io->username_nid == NID_undef) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 i_error("%s: Invalid cert_username_field: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 ssl_io->source, set->cert_username_field); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 } else { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 ssl_io->username_nid = ssl_io->ctx->username_nid; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 ssl_io->verbose = set->verbose; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 ssl_io->verbose_invalid_cert = set->verbose_invalid_cert; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 ssl_io->require_valid_cert = set->require_valid_cert; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 return 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 int io_stream_create_ssl(struct ssl_iostream_context *ctx, const char *source, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 const struct ssl_iostream_settings *set, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 struct istream **input, struct ostream **output, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 struct ssl_iostream **iostream_r) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 struct ssl_iostream *ssl_io; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 SSL *ssl; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 BIO *bio_int, *bio_ext; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 int ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 ssl = SSL_new(ctx->ssl_ctx); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 if (ssl == NULL) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 i_error("SSL_new() failed: %s", ssl_iostream_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 if (BIO_new_bio_pair(&bio_int, 0, &bio_ext, 0) != 1) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 i_error("BIO_new_bio_pair() failed: %s", ssl_iostream_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 SSL_free(ssl); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 ssl_io = i_new(struct ssl_iostream, 1); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 ssl_io->refcount = 1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 ssl_io->ctx = ctx; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 ssl_io->ssl = ssl; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 ssl_io->bio_ext = bio_ext; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 ssl_io->plain_input = *input; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 ssl_io->plain_output = *output; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 ssl_io->source = i_strdup(source); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 SSL_set_bio(ssl_io->ssl, bio_int, bio_int); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 SSL_set_ex_data(ssl_io->ssl, dovecot_ssl_extdata_index, ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 i_stream_ref(ssl_io->plain_input); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 o_stream_ref(ssl_io->plain_output); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 T_BEGIN { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 ret = ssl_iostream_set(ssl_io, set); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 } T_END; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 if (ret < 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 ssl_iostream_free(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 *input = i_stream_create_ssl(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 *output = o_stream_create_ssl(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 ssl_io->ssl_output = *output; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 *iostream_r = ssl_io; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 return 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 static void ssl_iostream_free(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 i_stream_unref(&ssl_io->plain_input); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 o_stream_unref(&ssl_io->plain_output); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 BIO_free(ssl_io->bio_ext); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 SSL_free(ssl_io->ssl); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 i_free(ssl_io->last_error); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 i_free(ssl_io->source); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 i_free(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 void ssl_iostream_unref(struct ssl_iostream **_ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 struct ssl_iostream *ssl_io = *_ssl_io; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 *_ssl_io = NULL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 i_assert(ssl_io->refcount > 0); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 if (--ssl_io->refcount >= 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 return; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 ssl_iostream_free(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 static bool ssl_iostream_bio_output(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 size_t bytes, max_bytes; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 ssize_t sent; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 unsigned char buffer[1024]; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 bool bytes_sent = FALSE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 int ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 while ((bytes = BIO_ctrl_pending(ssl_io->bio_ext)) > 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 max_bytes = o_stream_get_buffer_avail_size(ssl_io->plain_output); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 if (bytes > max_bytes) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 if (max_bytes == 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 /* wait until output buffer clears */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 bytes = max_bytes; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 if (bytes > sizeof(buffer)) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 bytes = sizeof(buffer); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 ret = BIO_read(ssl_io->bio_ext, buffer, bytes); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 i_assert(ret == (int)bytes); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 sent = o_stream_send(ssl_io->plain_output, buffer, bytes); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 i_assert(sent == (ssize_t)bytes); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 bytes_sent = TRUE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 return bytes_sent; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 static bool ssl_iostream_bio_input(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 const unsigned char *data; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 size_t size; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 bool bytes_read = FALSE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 int ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 while (BIO_ctrl_get_read_request(ssl_io->bio_ext) > 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 (void)i_stream_read_data(ssl_io->plain_input, &data, &size, 0); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 if (size == 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 /* wait for more input */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 ret = BIO_write(ssl_io->bio_ext, data, size); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 i_assert(ret == (ssize_t)size); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 i_stream_skip(ssl_io->plain_input, size); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 bytes_read = TRUE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
289 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
290 return bytes_read; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
291 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
293 bool ssl_iostream_bio_sync(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
294 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
295 bool ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 ret = ssl_iostream_bio_output(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 if (ssl_iostream_bio_input(ssl_io)) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 ret = TRUE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 return ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 int ssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 const char *func_name) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 const char *errstr = NULL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 int err; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
308 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 err = SSL_get_error(ssl_io->ssl, ret); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
310 switch (err) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
311 case SSL_ERROR_WANT_WRITE: |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 if (!ssl_iostream_bio_sync(ssl_io)) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 return 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 return 1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 case SSL_ERROR_WANT_READ: |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
316 if (!ssl_iostream_bio_sync(ssl_io)) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 return 0; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
318 return 1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
319 case SSL_ERROR_SYSCALL: |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
320 /* eat up the error queue */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
321 if (ERR_peek_error() != 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
322 errstr = ssl_iostream_error(); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
323 errno = EINVAL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
324 } else if (ret != 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
325 errstr = strerror(errno); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
326 } else { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
327 /* EOF. */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
328 errno = ECONNRESET; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
329 errstr = "Disconnected"; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 errstr = t_strdup_printf("%s syscall failed: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
333 func_name, errstr); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
334 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
335 case SSL_ERROR_ZERO_RETURN: |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
336 /* clean connection closing */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 errno = ECONNRESET; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
338 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
339 case SSL_ERROR_SSL: |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
340 errstr = t_strdup_printf("%s failed: %s", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
341 func_name, ssl_iostream_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
342 errno = EINVAL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
344 default: |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
345 errstr = t_strdup_printf("%s failed: unknown failure %d (%s)", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
346 func_name, err, ssl_iostream_error()); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
347 errno = EINVAL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
348 break; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
349 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
350 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
351 if (errstr != NULL) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
352 i_free(ssl_io->last_error); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
353 ssl_io->last_error = i_strdup(errstr); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
354 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
355 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
356 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
357 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
358 int ssl_iostream_handshake(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
359 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
360 int ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
361 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
362 i_assert(!ssl_io->handshaked); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
363 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
364 if (ssl_io->ctx->client_ctx) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
365 while ((ret = SSL_connect(ssl_io->ssl)) <= 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
366 ret = ssl_iostream_handle_error(ssl_io, ret, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
367 "SSL_connect()"); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
368 if (ret <= 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
369 return ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
370 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
371 } else { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
372 while ((ret = SSL_accept(ssl_io->ssl)) <= 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
373 ret = ssl_iostream_handle_error(ssl_io, ret, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
374 "SSL_accept()"); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
375 if (ret <= 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
376 return ret; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
377 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
378 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
379 (void)ssl_iostream_bio_sync(ssl_io); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
380 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
381 i_free_and_null(ssl_io->last_error); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
382 ssl_io->handshaked = TRUE; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
383 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
384 if (ssl_io->handshake_callback != NULL) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
385 if (ssl_io->handshake_callback(ssl_io->handshake_context) < 0) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
386 errno = EINVAL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
387 return -1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
388 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
389 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
390 if (ssl_io->ssl_output != NULL) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
391 (void)o_stream_flush(ssl_io->ssl_output); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
392 return 1; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
393 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
394 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
395 void ssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
396 int (*callback)(void *context), |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
397 void *context) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
398 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
399 ssl_io->handshake_callback = callback; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
400 ssl_io->handshake_context = context; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
401 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
402 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
403 bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
404 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
405 return ssl_io->handshaked; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
406 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
407 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
408 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
409 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
410 return ssl_io->cert_received && !ssl_io->cert_broken; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 bool ssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
414 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
415 return ssl_io->cert_received && ssl_io->cert_broken; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
416 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
417 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
418 const char *ssl_iostream_get_peer_name(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
419 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
420 X509 *x509; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
421 char *name; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
422 int len; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
423 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 if (!ssl_iostream_has_valid_client_cert(ssl_io)) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
425 return NULL; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
426 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
427 x509 = SSL_get_peer_certificate(ssl_io->ssl); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
428 if (x509 == NULL) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
429 return NULL; /* we should have had it.. */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
430 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
431 len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509), |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
432 ssl_io->username_nid, NULL, 0); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
433 if (len < 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
434 name = ""; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
435 else { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
436 name = t_malloc(len + 1); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
437 if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509), |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
438 ssl_io->username_nid, |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
439 name, len + 1) < 0) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
440 name = ""; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
441 else if (strlen(name) != (size_t)len) { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
442 /* NUL characters in name. Someone's trying to fake |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
443 being another user? Don't allow it. */ |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
444 name = ""; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
445 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
446 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
447 X509_free(x509); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
448 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
449 return *name == '\0' ? NULL : name; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
450 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
451 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
452 const char *ssl_iostream_get_security_string(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
453 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
454 SSL_CIPHER *cipher; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
455 #ifdef HAVE_SSL_COMPRESSION |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
456 const COMP_METHOD *comp; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
457 #endif |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
458 const char *comp_str; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
459 int bits, alg_bits; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
460 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
461 if (!ssl_io->handshaked) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
462 return ""; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
463 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
464 cipher = SSL_get_current_cipher(ssl_io->ssl); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
465 bits = SSL_CIPHER_get_bits(cipher, &alg_bits); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
466 #ifdef HAVE_SSL_COMPRESSION |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
467 comp = SSL_get_current_compression(ssl_io->ssl); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
468 comp_str = comp == NULL ? "" : |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
469 t_strconcat(" ", SSL_COMP_get_name(comp), NULL); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
470 #else |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
471 comp_str = ""; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
472 #endif |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
473 return t_strdup_printf("%s with cipher %s (%d/%d bits)", |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
474 SSL_get_version(ssl_io->ssl), |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
475 SSL_CIPHER_get_name(cipher), |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
476 bits, alg_bits); |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
477 } |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
478 |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
479 const char *ssl_iostream_get_last_error(struct ssl_iostream *ssl_io) |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
480 { |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
481 return ssl_io->last_error; |
bd23d4e10fa1
Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
482 } |