Implement ressl_accept_socket, which allocates a new server connection

author jsing <jsing@openbsd.org>

Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)

committer jsing <jsing@openbsd.org>

Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)
author jsing <jsing@openbsd.org>
Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)
committer jsing <jsing@openbsd.org>
Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)
diff --git a/lib/libressl/ressl.h b/lib/libressl/ressl.h

index 10e3dc8..bfe9b11 100644 (file)
--- a/lib/libressl/ressl.h
+++ b/lib/libressl/ressl.h
@@ -47,8 +47,8 @@ int ressl_configure(struct ressl *ctx, struct ressl_config *config);
  void ressl_reset(struct ressl *ctx);
  void ressl_free(struct ressl *ctx);
  
-int ressl_accept(struct ressl *ctx);
-int ressl_accept_socket(struct ressl *ctx, int socket);
+int ressl_accept(struct ressl *ctx, struct ressl **cctx);
+int ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket);
  int ressl_connect(struct ressl *ctx, const char *host, const char *port);
  int ressl_connect_socket(struct ressl *ctx, int s, const char *hostname);
  int ressl_listen(struct ressl *ctx, const char *host, const char *port, int af);
diff --git a/lib/libressl/ressl_server.c b/lib/libressl/ressl_server.c

index d9faa5d..ba127f8 100644 (file)
--- a/lib/libressl/ressl_server.c
+++ b/lib/libressl/ressl_server.c
@@ -17,6 +17,7 @@
  #include <openssl/ec.h>
  #include <openssl/ssl.h>
  
+#include <ressl.h>
  #include "ressl_internal.h"
  
  struct ressl *
@@ -92,7 +93,7 @@ err:
  }
  
  int
-ressl_accept(struct ressl *ctx)
+ressl_accept(struct ressl *ctx, struct ressl **cctx)
  {
         if ((ctx->flags & RESSL_SERVER) == 0) {
                 ressl_set_error(ctx, "not a server context");
@@ -104,13 +105,53 @@ err:
  }
  
  int
-ressl_accept_socket(struct ressl *ctx, int socket)
+ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket)
  {
+       struct ressl *conn_ctx = *cctx;
+       int ret, ssl_err;
+       
         if ((ctx->flags & RESSL_SERVER) == 0) {
                 ressl_set_error(ctx, "not a server context");
                 goto err;
         }
  
+       if (conn_ctx == NULL) {
+               if ((conn_ctx = ressl_server_conn(ctx)) == NULL) {
+                       ressl_set_error(ctx, "connection context failure");
+                       goto err;
+               }
+               *cctx = conn_ctx;
+
+               conn_ctx->socket = socket;
+
+               if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
+                       ressl_set_error(ctx, "ssl failure");
+                       goto err;
+               }
+
+               if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
+                       ressl_set_error(ctx, "ssl set fd failure");
+                       goto err;
+               }
+               SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
+       }
+
+       if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
+               ssl_err = SSL_get_error(conn_ctx->ssl_conn, ret);
+               switch (ssl_err) {
+               case SSL_ERROR_WANT_READ:
+                       return (RESSL_READ_AGAIN);
+               case SSL_ERROR_WANT_WRITE:
+                       return (RESSL_WRITE_AGAIN);
+               default:
+                       ressl_set_error(ctx, "ssl accept failure (%i)",
+                           ssl_err);
+                       goto err;
+               }
+       }
+
+       return (0);
+
  err:
         return (-1);
  }
author	jsing <jsing@openbsd.org>
	Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)
committer	jsing <jsing@openbsd.org>
	Mon, 4 Aug 2014 16:34:11 +0000 (16:34 +0000)
lib/libressl/ressl.h		patch \| blob \| history
lib/libressl/ressl_server.c		patch \| blob \| history