annotate src/lib-ssl-iostream/iostream-openssl.c @ 12616:bd23d4e10fa1

Added lib-ssl-iostream for handling SSL connections more easily.
author Timo Sirainen <tss@iki.fi>
date Mon, 31 Jan 2011 18:40:27 +0200
parents
children dab0e52eb294
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
12616
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /* Copyright (c) 2009 Dovecot authors, see the included COPYING file */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "lib.h"
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 #include "istream.h"
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "ostream.h"
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 #include "iostream-openssl.h"
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 #include <openssl/err.h>
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 static void ssl_iostream_free(struct ssl_iostream *ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 static void ssl_info_callback(const SSL *ssl, int where, int ret)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 struct ssl_iostream *ssl_io;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 if ((where & SSL_CB_ALERT) != 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 i_warning("%s: SSL alert: where=0x%x, ret=%d: %s %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19 ssl_io->source, where, ret,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
20 SSL_alert_type_string_long(ret),
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
21 SSL_alert_desc_string_long(ret));
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22 } else if (ret == 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23 i_warning("%s: SSL failed: where=0x%x: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24 ssl_io->source, where, SSL_state_string_long(ssl));
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 } else {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26 i_warning("%s: SSL: where=0x%x, ret=%d: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
27 ssl_io->source, where, ret,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28 SSL_state_string_long(ssl));
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32 static int
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 ssl_iostream_use_certificate(struct ssl_iostream *ssl_io, const char *cert)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
34 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 BIO *in;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36 X509 *x;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 int ret = 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 in = BIO_new_mem_buf(t_strdup_noconst(cert), strlen(cert));
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 if (in == NULL) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41 i_error("BIO_new_mem_buf() failed: %s", ssl_iostream_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45 x = PEM_read_bio_X509(in, NULL, NULL, NULL);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 if (x != NULL) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47 ret = SSL_use_certificate(ssl_io->ssl, x);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 if (ERR_peek_error() != 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 ret = 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
50 X509_free(x);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52 BIO_free(in);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54 if (ret == 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 i_error("%s: Can't load ssl_cert: %s", ssl_io->source,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56 ssl_iostream_get_use_certificate_error(cert));
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
58 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59 return 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62 static int
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63 ssl_iostream_use_key(struct ssl_iostream *ssl_io,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
64 const struct ssl_iostream_settings *set)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
65 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
66 EVP_PKEY *pkey;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
67 int ret = 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 if (ssl_iostream_load_key(set, ssl_io->source, &pkey) < 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
70 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71 if (SSL_use_PrivateKey(ssl_io->ssl, pkey) != 1) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72 i_error("%s: Can't load SSL private key: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 ssl_io->source, ssl_iostream_key_load_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74 ret = -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 EVP_PKEY_free(pkey);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77 return ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 static int
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81 ssl_iostream_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
82 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
83 int ssl_extidx = SSL_get_ex_data_X509_STORE_CTX_idx();
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
84 SSL *ssl;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85 struct ssl_iostream *ssl_io;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87 ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_extidx);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 ssl_io->cert_received = TRUE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91 if (ssl_io->verbose ||
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92 (ssl_io->verbose_invalid_cert && !preverify_ok)) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 char buf[1024];
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 X509_NAME *subject;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
96 subject = X509_get_subject_name(ctx->current_cert);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 if (X509_NAME_oneline(subject, buf, sizeof(buf)) == NULL)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 buf[0] = '\0';
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 else
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100 buf[sizeof(buf)-1] = '\0'; /* just in case.. */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
101 if (!preverify_ok) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 i_info("Invalid certificate: %s: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
103 X509_verify_cert_error_string(ctx->error), buf);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
104 } else {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
105 i_info("Valid certificate: %s", buf);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
106 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
107 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
108 if (!preverify_ok) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 ssl_io->cert_broken = TRUE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110 if (ssl_io->require_valid_cert)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 return 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 return 1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 static int
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117 ssl_iostream_set(struct ssl_iostream *ssl_io,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 const struct ssl_iostream_settings *set)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 const struct ssl_iostream_settings *ctx_set = ssl_io->ctx->set;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122 if (set->verbose)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123 SSL_set_info_callback(ssl_io->ssl, ssl_info_callback);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 if (set->cipher_list != NULL &&
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126 strcmp(ctx_set->cipher_list, set->cipher_list) != 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 if (!SSL_set_cipher_list(ssl_io->ssl, set->cipher_list)) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 i_error("%s: Can't set cipher list to '%s': %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129 ssl_io->source, set->cipher_list,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130 ssl_iostream_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
133
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
134 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
135 if (set->cert != NULL && strcmp(ctx_set->cert, set->cert) != 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136 if (ssl_iostream_use_certificate(ssl_io, set->cert) < 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
139 if (set->key != NULL && strcmp(ctx_set->key, set->key) != 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140 if (ssl_iostream_use_key(ssl_io, set) < 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143 if (set->verify_remote_cert) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144 SSL_set_verify(ssl_io->ssl,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
146 ssl_iostream_verify_client_cert);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
147 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149 if (set->cert_username_field != NULL) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150 ssl_io->username_nid = OBJ_txt2nid(set->cert_username_field);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151 if (ssl_io->username_nid == NID_undef) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 i_error("%s: Invalid cert_username_field: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153 ssl_io->source, set->cert_username_field);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
154 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
155 } else {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
156 ssl_io->username_nid = ssl_io->ctx->username_nid;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
157 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
158
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 ssl_io->verbose = set->verbose;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 ssl_io->verbose_invalid_cert = set->verbose_invalid_cert;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 ssl_io->require_valid_cert = set->require_valid_cert;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 return 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165 int io_stream_create_ssl(struct ssl_iostream_context *ctx, const char *source,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 const struct ssl_iostream_settings *set,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167 struct istream **input, struct ostream **output,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 struct ssl_iostream **iostream_r)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170 struct ssl_iostream *ssl_io;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 SSL *ssl;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 BIO *bio_int, *bio_ext;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173 int ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175 ssl = SSL_new(ctx->ssl_ctx);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 if (ssl == NULL) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177 i_error("SSL_new() failed: %s", ssl_iostream_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 if (BIO_new_bio_pair(&bio_int, 0, &bio_ext, 0) != 1) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 i_error("BIO_new_bio_pair() failed: %s", ssl_iostream_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 SSL_free(ssl);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
187 ssl_io = i_new(struct ssl_iostream, 1);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
188 ssl_io->refcount = 1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 ssl_io->ctx = ctx;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 ssl_io->ssl = ssl;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191 ssl_io->bio_ext = bio_ext;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 ssl_io->plain_input = *input;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193 ssl_io->plain_output = *output;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194 ssl_io->source = i_strdup(source);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 SSL_set_bio(ssl_io->ssl, bio_int, bio_int);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
196 SSL_set_ex_data(ssl_io->ssl, dovecot_ssl_extdata_index, ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
197
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198 i_stream_ref(ssl_io->plain_input);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
199 o_stream_ref(ssl_io->plain_output);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
200
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
201 T_BEGIN {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
202 ret = ssl_iostream_set(ssl_io, set);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 } T_END;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 if (ret < 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205 ssl_iostream_free(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
209 *input = i_stream_create_ssl(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 *output = o_stream_create_ssl(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212 ssl_io->ssl_output = *output;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 *iostream_r = ssl_io;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
214 return 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
216
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 static void ssl_iostream_free(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
219 i_stream_unref(&ssl_io->plain_input);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
220 o_stream_unref(&ssl_io->plain_output);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
221 BIO_free(ssl_io->bio_ext);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
222 SSL_free(ssl_io->ssl);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223 i_free(ssl_io->last_error);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 i_free(ssl_io->source);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 i_free(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 void ssl_iostream_unref(struct ssl_iostream **_ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 struct ssl_iostream *ssl_io = *_ssl_io;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 *_ssl_io = NULL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 i_assert(ssl_io->refcount > 0);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235 if (--ssl_io->refcount >= 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 return;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238 ssl_iostream_free(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 static bool ssl_iostream_bio_output(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243 size_t bytes, max_bytes;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
244 ssize_t sent;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 unsigned char buffer[1024];
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246 bool bytes_sent = FALSE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 int ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249 while ((bytes = BIO_ctrl_pending(ssl_io->bio_ext)) > 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 max_bytes = o_stream_get_buffer_avail_size(ssl_io->plain_output);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 if (bytes > max_bytes) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252 if (max_bytes == 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 /* wait until output buffer clears */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 bytes = max_bytes;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 if (bytes > sizeof(buffer))
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 bytes = sizeof(buffer);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261 ret = BIO_read(ssl_io->bio_ext, buffer, bytes);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 i_assert(ret == (int)bytes);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264 sent = o_stream_send(ssl_io->plain_output, buffer, bytes);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265 i_assert(sent == (ssize_t)bytes);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 bytes_sent = TRUE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 return bytes_sent;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 static bool ssl_iostream_bio_input(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 const unsigned char *data;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 size_t size;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 bool bytes_read = FALSE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 int ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 while (BIO_ctrl_get_read_request(ssl_io->bio_ext) > 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 (void)i_stream_read_data(ssl_io->plain_input, &data, &size, 0);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 if (size == 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 /* wait for more input */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284 ret = BIO_write(ssl_io->bio_ext, data, size);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 i_assert(ret == (ssize_t)size);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 i_stream_skip(ssl_io->plain_input, size);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288 bytes_read = TRUE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
289 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
290 return bytes_read;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
291 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
292
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
293 bool ssl_iostream_bio_sync(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 bool ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 ret = ssl_iostream_bio_output(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 if (ssl_iostream_bio_input(ssl_io))
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299 ret = TRUE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 return ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 int ssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 const char *func_name)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306 const char *errstr = NULL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307 int err;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
308
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309 err = SSL_get_error(ssl_io->ssl, ret);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310 switch (err) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 case SSL_ERROR_WANT_WRITE:
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312 if (!ssl_iostream_bio_sync(ssl_io))
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
313 return 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 return 1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315 case SSL_ERROR_WANT_READ:
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316 if (!ssl_iostream_bio_sync(ssl_io))
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317 return 0;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 return 1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319 case SSL_ERROR_SYSCALL:
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
320 /* eat up the error queue */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321 if (ERR_peek_error() != 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
322 errstr = ssl_iostream_error();
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
323 errno = EINVAL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
324 } else if (ret != 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
325 errstr = strerror(errno);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
326 } else {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
327 /* EOF. */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
328 errno = ECONNRESET;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329 errstr = "Disconnected";
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332 errstr = t_strdup_printf("%s syscall failed: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333 func_name, errstr);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
335 case SSL_ERROR_ZERO_RETURN:
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
336 /* clean connection closing */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337 errno = ECONNRESET;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 case SSL_ERROR_SSL:
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340 errstr = t_strdup_printf("%s failed: %s",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 func_name, ssl_iostream_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 errno = EINVAL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344 default:
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345 errstr = t_strdup_printf("%s failed: unknown failure %d (%s)",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346 func_name, err, ssl_iostream_error());
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
347 errno = EINVAL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348 break;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
349 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
350
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
351 if (errstr != NULL) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
352 i_free(ssl_io->last_error);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
353 ssl_io->last_error = i_strdup(errstr);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
354 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
355 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
356 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
357
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
358 int ssl_iostream_handshake(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
359 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
360 int ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
361
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
362 i_assert(!ssl_io->handshaked);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
363
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
364 if (ssl_io->ctx->client_ctx) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
365 while ((ret = SSL_connect(ssl_io->ssl)) <= 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
366 ret = ssl_iostream_handle_error(ssl_io, ret,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
367 "SSL_connect()");
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
368 if (ret <= 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
369 return ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
370 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
371 } else {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 while ((ret = SSL_accept(ssl_io->ssl)) <= 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373 ret = ssl_iostream_handle_error(ssl_io, ret,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
374 "SSL_accept()");
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
375 if (ret <= 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
376 return ret;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
377 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
378 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
379 (void)ssl_iostream_bio_sync(ssl_io);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
380
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
381 i_free_and_null(ssl_io->last_error);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
382 ssl_io->handshaked = TRUE;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
383
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
384 if (ssl_io->handshake_callback != NULL) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
385 if (ssl_io->handshake_callback(ssl_io->handshake_context) < 0) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
386 errno = EINVAL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
387 return -1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
388 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
389 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
390 if (ssl_io->ssl_output != NULL)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
391 (void)o_stream_flush(ssl_io->ssl_output);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
392 return 1;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
393 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
394
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
395 void ssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
396 int (*callback)(void *context),
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
397 void *context)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
398 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
399 ssl_io->handshake_callback = callback;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
400 ssl_io->handshake_context = context;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
403 bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405 return ssl_io->handshaked;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
406 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
407
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
408 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
409 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
410 return ssl_io->cert_received && !ssl_io->cert_broken;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413 bool ssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
414 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
415 return ssl_io->cert_received && ssl_io->cert_broken;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
416 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
417
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
418 const char *ssl_iostream_get_peer_name(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
419 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
420 X509 *x509;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
421 char *name;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
422 int len;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
423
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
424 if (!ssl_iostream_has_valid_client_cert(ssl_io))
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
425 return NULL;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
426
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
427 x509 = SSL_get_peer_certificate(ssl_io->ssl);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
428 if (x509 == NULL)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
429 return NULL; /* we should have had it.. */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
430
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
431 len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
432 ssl_io->username_nid, NULL, 0);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
433 if (len < 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
434 name = "";
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
435 else {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
436 name = t_malloc(len + 1);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
437 if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
438 ssl_io->username_nid,
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
439 name, len + 1) < 0)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
440 name = "";
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
441 else if (strlen(name) != (size_t)len) {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
442 /* NUL characters in name. Someone's trying to fake
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
443 being another user? Don't allow it. */
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
444 name = "";
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
445 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
446 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
447 X509_free(x509);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
448
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
449 return *name == '\0' ? NULL : name;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
450 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
451
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
452 const char *ssl_iostream_get_security_string(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
453 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
454 SSL_CIPHER *cipher;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
455 #ifdef HAVE_SSL_COMPRESSION
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
456 const COMP_METHOD *comp;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
457 #endif
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
458 const char *comp_str;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
459 int bits, alg_bits;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
460
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
461 if (!ssl_io->handshaked)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
462 return "";
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
463
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
464 cipher = SSL_get_current_cipher(ssl_io->ssl);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
465 bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
466 #ifdef HAVE_SSL_COMPRESSION
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
467 comp = SSL_get_current_compression(ssl_io->ssl);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
468 comp_str = comp == NULL ? "" :
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
469 t_strconcat(" ", SSL_COMP_get_name(comp), NULL);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
470 #else
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
471 comp_str = "";
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
472 #endif
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
473 return t_strdup_printf("%s with cipher %s (%d/%d bits)",
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
474 SSL_get_version(ssl_io->ssl),
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
475 SSL_CIPHER_get_name(cipher),
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
476 bits, alg_bits);
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
477 }
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
478
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
479 const char *ssl_iostream_get_last_error(struct ssl_iostream *ssl_io)
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
480 {
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
481 return ssl_io->last_error;
bd23d4e10fa1 Added lib-ssl-iostream for handling SSL connections more easily.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
482 }