summaryrefslogtreecommitdiff
path: root/lib/tls.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2010-11-11 10:30:35 +0100
committerLinus Nordberg <linus@nordu.net>2010-11-11 10:30:35 +0100
commit83e82dba47aced4a93f9e431b4d8bca94c2f8517 (patch)
tree7ff1779ea924d557b6ded9bd21c0cc8a65f062dd /lib/tls.c
parentf9b25cad24ec4e3e89e818457beb29cbe08eed0c (diff)
Bringing up TLS connections working.
NOTE: Clean up of resources not yet sane. Expect resource leakages. NOTE: Most failure cases are not handled properly. With the wind at your back and the sun shining, it might work.
Diffstat (limited to 'lib/tls.c')
-rw-r--r--lib/tls.c73
1 files changed, 73 insertions, 0 deletions
diff --git a/lib/tls.c b/lib/tls.c
new file mode 100644
index 0000000..15929d2
--- /dev/null
+++ b/lib/tls.c
@@ -0,0 +1,73 @@
+/* See the file COPYING for licensing information. */
+
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <assert.h>
+#include <openssl/ssl.h>
+#include <radsec/radsec.h>
+#include <radsec/radsec-impl.h>
+
+#include <regex.h>
+#include "rsp_list.h"
+#include "../radsecproxy.h"
+
+static struct tls *
+_get_tlsconf (const struct rs_context *ctx, const struct rs_realm *realm)
+{
+ struct tls *c = rs_malloc (ctx, sizeof (struct tls));
+
+ if (c)
+ {
+ memset (c, 0, sizeof (struct tls));
+ /* TODO: Make sure old radsecproxy code doesn't free these all
+ of a sudden, or strdup them. */
+ c->name = realm->name;
+ c->cacertfile = realm->cacertfile;
+ c->cacertpath = NULL; /* NYI */
+ c->certfile = realm->certfile;
+ c->certkeyfile = realm->certkeyfile;
+ c->certkeypwd = NULL; /* NYI */
+ c->cacheexpiry = 0; /* NYI */
+ c->crlcheck = 0; /* NYI */
+ c->policyoids = (char **) NULL; /* NYI */
+ }
+
+ return c;
+}
+
+int
+rs_tls_init (struct rs_connection *conn)
+{
+ struct rs_context *ctx;
+ struct tls *tlsconf;
+ SSL_CTX *ssl_ctx;
+ SSL *ssl;
+ assert (conn->ctx);
+ ctx = conn->ctx;
+
+ tlsconf = _get_tlsconf (ctx, conn->active_peer->realm);
+ assert (tlsconf);
+ ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
+ if (!ssl_ctx)
+ {
+ /* TODO: check radsecproxy error */
+ return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
+ NULL);
+ }
+
+ ssl = SSL_new (ssl_ctx);
+ if (!ssl)
+ {
+ /* TODO: check and report SSL error */
+ /* TODO: free ssl_ctx */
+ return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
+ NULL);
+ }
+
+ conn->tls_ctx = ssl_ctx;
+ conn->tls_ssl = ssl;
+ rs_free (ctx, tlsconf);
+ return RSE_OK;
+}