2017-03-24 14:53:39 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* machinarium.
|
|
|
|
|
*
|
|
|
|
|
* cooperative multitasking engine.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <machinarium_private.h>
|
|
|
|
|
#include <machinarium.h>
|
|
|
|
|
|
|
|
|
|
int mm_tls_openssl_init(void)
|
|
|
|
|
{
|
|
|
|
|
SSL_library_init();
|
|
|
|
|
SSL_load_error_strings();
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-28 10:14:52 +00:00
|
|
|
static int
|
|
|
|
|
mm_tls_write(BIO *bio, const char *buf, int size)
|
|
|
|
|
{
|
2017-03-28 10:31:14 +00:00
|
|
|
mm_tlsio_t *io;
|
2017-03-28 10:14:52 +00:00
|
|
|
io = BIO_get_app_data(bio);
|
|
|
|
|
(void)io;
|
|
|
|
|
|
|
|
|
|
(void)bio;
|
|
|
|
|
(void)buf;
|
|
|
|
|
(void)size;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
mm_tls_read(BIO *bio, char *buf, int size)
|
|
|
|
|
{
|
2017-03-28 10:31:14 +00:00
|
|
|
mm_tlsio_t *io;
|
2017-03-28 10:14:52 +00:00
|
|
|
io = BIO_get_app_data(bio);
|
|
|
|
|
(void)io;
|
|
|
|
|
|
|
|
|
|
(void)buf;
|
|
|
|
|
(void)size;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
mm_tls_prepare(mm_tls_t *tls, mm_tlsio_t *io)
|
2017-03-24 14:53:39 +00:00
|
|
|
{
|
|
|
|
|
BIO *bio;
|
|
|
|
|
SSL_CTX *ctx;
|
|
|
|
|
SSL *ssl;
|
|
|
|
|
SSL_METHOD *method;
|
|
|
|
|
method = (SSL_METHOD*)TLS_client_method();
|
|
|
|
|
if (method == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
ctx = SSL_CTX_new(method);
|
|
|
|
|
if (ctx == NULL)
|
|
|
|
|
return -1;
|
2017-03-28 10:14:52 +00:00
|
|
|
|
|
|
|
|
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
|
|
|
|
|
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
|
|
|
|
|
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
|
|
|
|
|
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
|
|
|
|
|
|
|
|
|
|
/* cert file */
|
|
|
|
|
int rc;
|
|
|
|
|
if (tls->cert_file) {
|
|
|
|
|
rc = SSL_CTX_use_certificate_chain_file(ctx, tls->cert_file);
|
|
|
|
|
if (! rc) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* key file */
|
|
|
|
|
if (tls->key_file) {
|
|
|
|
|
rc = SSL_CTX_use_PrivateKey_file(ctx, tls->key_file, SSL_FILETYPE_PEM);
|
|
|
|
|
if (! rc) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
rc = SSL_CTX_check_private_key(ctx);
|
|
|
|
|
if(! rc) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ca file and ca_path */
|
|
|
|
|
if (tls->ca_file || tls->ca_path) {
|
|
|
|
|
rc = SSL_CTX_load_verify_locations(ctx, tls->ca_file, tls->ca_path);
|
|
|
|
|
if (! rc) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* verify mode */
|
|
|
|
|
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
|
|
|
|
SSL_CTX_set_verify_depth(ctx, 6);
|
|
|
|
|
|
|
|
|
|
/* ocsp */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
SSL_set_cipher_list()
|
|
|
|
|
SSL_set_tlsext_host_name()
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
ssl = SSL_new(ctx);
|
|
|
|
|
if (ssl == NULL) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BIO_METHOD *bio_method;
|
|
|
|
|
bio_method = BIO_meth_new(BIO_TYPE_MEM, "machinarium-tls");
|
|
|
|
|
if (bio_method == NULL) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
BIO_meth_set_write(bio_method, mm_tls_write);
|
|
|
|
|
BIO_meth_set_read(bio_method, mm_tls_read);
|
|
|
|
|
|
|
|
|
|
bio = BIO_new(bio_method);
|
|
|
|
|
if (bio == NULL) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
BIO_set_app_data(bio, io);
|
|
|
|
|
SSL_set_bio(ssl, bio, bio);
|
|
|
|
|
|
2017-03-24 14:53:39 +00:00
|
|
|
/*
|
2017-03-28 10:14:52 +00:00
|
|
|
BIO_do_connect()
|
|
|
|
|
BIO_do_handshake()
|
|
|
|
|
cert verify
|
2017-03-24 14:53:39 +00:00
|
|
|
*/
|
2017-03-28 10:14:52 +00:00
|
|
|
|
2017-03-24 14:53:39 +00:00
|
|
|
(void)ssl;
|
|
|
|
|
(void)bio;
|
2017-03-28 10:14:52 +00:00
|
|
|
(void)tls;
|
|
|
|
|
(void)io;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int mm_tls_client(mm_tls_t *tls, mm_tlsio_t *io)
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
rc = mm_tls_prepare(tls, io);
|
|
|
|
|
if (rc == -1)
|
|
|
|
|
return -1;
|
2017-03-24 14:53:39 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
