Created
August 25, 2011 18:51
-
-
Save andj/1171458 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- /tmp/removed123.txt 2011-08-25 20:51:12.490866386 +0200 | |
+++ /tmp/added123.txt 2011-08-25 20:51:12.520881386 +0200 | |
@@ -1,4 +1,40 @@ | |
--- a/ssl.c | |
+++ b/ssl.c | |
+ CLEAR (*ks); | |
+ | |
+ key_state_ssl_init(&ks->ks_ssl, &session->opt->ssl_ctx, session->opt->server, | |
+ session); | |
+++ b/ssl_backend.h | |
+/* ************************************** | |
+ * | |
+ * Key-state specific functions | |
+ * | |
+ ***************************************/ | |
+ | |
+/** | |
+ * Initialise the SSL channel part of the given key state. Settings will be | |
+ * loaded from a previously initialised TLS context. | |
+ * | |
+ * @param ks_ssl The SSL channel's state info to initialise | |
+ * @param ssl_ctx The TLS context to use when initialising the channel. | |
+ * @param is_server Initialise a server? | |
+ * @param session The session associated with the given key_state | |
+ */ | |
+void key_state_ssl_init(struct key_state_ssl *ks_ssl, | |
+ const struct tls_root_ctx *ssl_ctx, bool is_server, void *session); | |
+ | |
+++ b/ssl_openssl.c | |
+/* ************************************** | |
+ * | |
+ * Key-state specific functions | |
+ * | |
+ ***************************************/ | |
+/* | |
+ * | |
+ * BIO functions | |
+ * | |
+ */ | |
+ | |
+/* | |
* OpenVPN's interface to SSL/TLS authentication, | |
* encryption, and decryption is exclusively | |
* through "memory BIOs". | |
@@ -13,33 +49,37 @@ | |
return ret; | |
} | |
-/* | |
- CLEAR (*ks); | |
+void | |
+key_state_ssl_init(struct key_state_ssl *ks_ssl, const struct tls_root_ctx *ssl_ctx, bool is_server, void *session) | |
+{ | |
+ ASSERT(NULL != ssl_ctx); | |
+ ASSERT(ks_ssl); | |
+ CLEAR (*ks_ssl); | |
- ks->ks_ssl.ssl = SSL_new (session->opt->ssl_ctx.ctx); | |
- if (!ks->ks_ssl.ssl) | |
+ ks_ssl->ssl = SSL_new (ssl_ctx->ctx); | |
+ if (!ks_ssl->ssl) | |
msg (M_SSLERR, "SSL_new failed"); | |
/* put session * in ssl object so we can access it | |
from verify callback*/ | |
- SSL_set_ex_data (ks->ks_ssl.ssl, mydata_index, session); | |
+ SSL_set_ex_data (ks_ssl->ssl, mydata_index, session); | |
- ks->ks_ssl.ssl_bio = getbio (BIO_f_ssl (), "ssl_bio"); | |
- ks->ks_ssl.ct_in = getbio (BIO_s_mem (), "ct_in"); | |
- ks->ks_ssl.ct_out = getbio (BIO_s_mem (), "ct_out"); | |
+ ks_ssl->ssl_bio = getbio (BIO_f_ssl (), "ssl_bio"); | |
+ ks_ssl->ct_in = getbio (BIO_s_mem (), "ct_in"); | |
+ ks_ssl->ct_out = getbio (BIO_s_mem (), "ct_out"); | |
#ifdef BIO_DEBUG | |
- bio_debug_oc ("open ssl_bio", ks->ks_ssl.ssl_bio); | |
- bio_debug_oc ("open ct_in", ks->ks_ssl.ct_in); | |
- bio_debug_oc ("open ct_out", ks->ks_ssl.ct_out); | |
+ bio_debug_oc ("open ssl_bio", ks_ssl->ssl_bio); | |
+ bio_debug_oc ("open ct_in", ks_ssl->ct_in); | |
+ bio_debug_oc ("open ct_out", ks_ssl->ct_out); | |
#endif | |
- if (session->opt->server) | |
- SSL_set_accept_state (ks->ks_ssl.ssl); | |
+ if (is_server) | |
+ SSL_set_accept_state (ks_ssl->ssl); | |
else | |
- SSL_set_connect_state (ks->ks_ssl.ssl); | |
+ SSL_set_connect_state (ks_ssl->ssl); | |
+ | |
+ SSL_set_bio (ks_ssl->ssl, ks_ssl->ct_in, ks_ssl->ct_out); | |
+ BIO_set_ssl (ks_ssl->ssl_bio, ks_ssl->ssl, BIO_NOCLOSE); | |
+} | |
- SSL_set_bio (ks->ks_ssl.ssl, ks->ks_ssl.ct_in, ks->ks_ssl.ct_out); | |
- BIO_set_ssl (ks->ks_ssl.ssl_bio, ks->ks_ssl.ssl, BIO_NOCLOSE); | |
--- a/ssl_backend.h | |
--- a/ssl_openssl.c |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment