From 2c0c4ff45542062120275aeeb867bd525fdaa6cf Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Mon, 4 Aug 2014 16:34:11 +0000
Subject: [PATCH] Implement ressl_accept_socket, which allocates a new server
 connection context (if necessary) and handles the TLS/SSL handshake over the
 given socket.

---
 lib/libressl/ressl.h        |  4 ++--
 lib/libressl/ressl_server.c | 45 +++++++++++++++++++++++++++++++++++--
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/lib/libressl/ressl.h b/lib/libressl/ressl.h
index 10e3dc85edf..bfe9b11f7b9 100644
--- a/lib/libressl/ressl.h
+++ b/lib/libressl/ressl.h
@@ -47,8 +47,8 @@ int ressl_configure(struct ressl *ctx, struct ressl_config *config);
 void ressl_reset(struct ressl *ctx);
 void ressl_free(struct ressl *ctx);
 
-int ressl_accept(struct ressl *ctx);
-int ressl_accept_socket(struct ressl *ctx, int socket);
+int ressl_accept(struct ressl *ctx, struct ressl **cctx);
+int ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket);
 int ressl_connect(struct ressl *ctx, const char *host, const char *port);
 int ressl_connect_socket(struct ressl *ctx, int s, const char *hostname);
 int ressl_listen(struct ressl *ctx, const char *host, const char *port, int af);
diff --git a/lib/libressl/ressl_server.c b/lib/libressl/ressl_server.c
index d9faa5da451..ba127f8cdd1 100644
--- a/lib/libressl/ressl_server.c
+++ b/lib/libressl/ressl_server.c
@@ -17,6 +17,7 @@
 #include <openssl/ec.h>
 #include <openssl/ssl.h>
 
+#include <ressl.h>
 #include "ressl_internal.h"
 
 struct ressl *
@@ -92,7 +93,7 @@ err:
 }
 
 int
-ressl_accept(struct ressl *ctx)
+ressl_accept(struct ressl *ctx, struct ressl **cctx)
 {
 	if ((ctx->flags & RESSL_SERVER) == 0) {
 		ressl_set_error(ctx, "not a server context");
@@ -104,13 +105,53 @@ err:
 }
 
 int
-ressl_accept_socket(struct ressl *ctx, int socket)
+ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket)
 {
+	struct ressl *conn_ctx = *cctx;
+	int ret, ssl_err;
+	
 	if ((ctx->flags & RESSL_SERVER) == 0) {
 		ressl_set_error(ctx, "not a server context");
 		goto err;
 	}
 
+	if (conn_ctx == NULL) {
+		if ((conn_ctx = ressl_server_conn(ctx)) == NULL) {
+			ressl_set_error(ctx, "connection context failure");
+			goto err;
+		}
+		*cctx = conn_ctx;
+
+		conn_ctx->socket = socket;
+
+		if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
+			ressl_set_error(ctx, "ssl failure");
+			goto err;
+		}
+
+		if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
+			ressl_set_error(ctx, "ssl set fd failure");
+			goto err;
+		}
+		SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
+	}
+
+	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
+		ssl_err = SSL_get_error(conn_ctx->ssl_conn, ret);
+		switch (ssl_err) {
+		case SSL_ERROR_WANT_READ:
+			return (RESSL_READ_AGAIN);
+		case SSL_ERROR_WANT_WRITE:
+			return (RESSL_WRITE_AGAIN);
+		default:
+			ressl_set_error(ctx, "ssl accept failure (%i)",
+			    ssl_err);
+			goto err;
+		}
+	}
+
+	return (0);
+
 err:
 	return (-1);
 }
-- 
2.20.1