diff options
| author | Brent Cook <bcook@cvs.openbsd.org> | 2016-09-04 12:26:44 +0000 |
|---|---|---|
| committer | Brent Cook <bcook@cvs.openbsd.org> | 2016-09-04 12:26:44 +0000 |
| commit | a2005718008f8821c63824729b44deb5b983c8ef (patch) | |
| tree | b1057a3dfb108c600b04386116addd858f8fccb7 /lib/libtls/tls_client.c | |
| parent | b7c49ff4fa84db1a85dff35590381a345191fc53 (diff) | |
Add callback-based interface to libtls.
This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@
Diffstat (limited to 'lib/libtls/tls_client.c')
| -rw-r--r-- | lib/libtls/tls_client.c | 76 |
1 files changed, 56 insertions, 20 deletions
diff --git a/lib/libtls/tls_client.c b/lib/libtls/tls_client.c index c360ecad529..f8d35a18c15 100644 --- a/lib/libtls/tls_client.c +++ b/lib/libtls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.34 2016/08/15 14:04:23 jsing Exp $ */ +/* $OpenBSD: tls_client.c,v 1.35 2016/09/04 12:26:43 bcook Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -158,15 +158,8 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port, return (rv); } -int -tls_connect_socket(struct tls *ctx, int s, const char *servername) -{ - return tls_connect_fds(ctx, s, s, servername); -} - -int -tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, - const char *servername) +static int +connect_common(struct tls *ctx, const char *servername) { union tls_addr addrbuf; int rv = -1; @@ -176,11 +169,6 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, goto err; } - if (fd_read < 0 || fd_write < 0) { - tls_set_errorx(ctx, "invalid file descriptors"); - goto err; - } - if (servername != NULL) { if ((ctx->servername = strdup(servername)) == NULL) { tls_set_errorx(ctx, "out of memory"); @@ -195,6 +183,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0) goto err; + if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx, ctx->config->keypair, 0) != 0) goto err; @@ -205,6 +194,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, goto err; } } + if (ctx->config->verify_cert && (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1)) @@ -214,15 +204,11 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, tls_set_errorx(ctx, "ssl connection failure"); goto err; } + if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) { tls_set_errorx(ctx, "ssl application data failure"); goto err; } - if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || - SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { - tls_set_errorx(ctx, "ssl file descriptor failure"); - goto err; - } /* * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not @@ -236,6 +222,56 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, goto err; } } + rv = 0; + + err: + return (rv); +} + +int +tls_connect_socket(struct tls *ctx, int s, const char *servername) +{ + return tls_connect_fds(ctx, s, s, servername); +} + +int +tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, + const char *servername) +{ + int rv = -1; + + if (fd_read < 0 || fd_write < 0) { + tls_set_errorx(ctx, "invalid file descriptors"); + goto err; + } + + if (connect_common(ctx, servername) != 0) + goto err; + + if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || + SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { + tls_set_errorx(ctx, "ssl file descriptor failure"); + goto err; + } + + rv = 0; + err: + return (rv); +} + +int +tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb, + tls_write_cb write_cb, void *cb_arg, const char *servername) +{ + int rv = -1; + + if (connect_common(ctx, servername) != 0) + goto err; + + if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) { + tls_set_errorx(ctx, "callback registration failure"); + goto err; + } rv = 0; |