ssl.c File Reference

SSL Socket methods. More...

Go to the source code of this file.

Defines

#define RANDOM_BYTES   1024
 Number of random bytes to obtain.

#define URANDOM_DEVICE   "/dev/urandom"
 The PRIMARY random device selected for seeding the PRNG.

#define RANDOM_DEVICE   "/dev/random"
 If a non-blocking device is not found on the system a blocking entropy producer is tried instead.


Functions

int embed_ssl_socket (ssl_connection *ssl, int socket)
 Embeds a socket in a ssl connection.

int update_ssl_cert_data (ssl_connection *ssl)
 Updates some data in the ssl connection.

int check_ssl_md5sum (ssl_connection *ssl, char *md5sum)
 Compare certificate with given md5 sum.

ssl_connectioncreate_ssl_socket (char *hostname, int port, int protocol)
 Open a socket against hostname:port with the given protocol.

int close_ssl_socket (ssl_connection *ssl)
 Closes a ssl connection (ssl socket + net socket).

int cleanup_ssl_socket (ssl_connection *ssl)
 Garbage collection for non reusabe parts of the ssl connection.

int delete_ssl_socket (ssl_connection *ssl)
 Garbage collection for non-reusable parts a ssl connection.

ssl_server_connectioninit_ssl_server (char *pemfile, char *clientpemfile)
 Initializes a ssl connection for server use.

ssl_server_connectioncreate_ssl_server_socket (char *pemfile, int port, int backlog, char *bindAddr, char *clientpemfile)
 Creates a server socket (SOCK_STREAM type) and binds it to the specified local port number.

int close_ssl_server_socket (ssl_server_connection *ssl_server)
 Closes a ssl server connection (ssl socket + net socket).

int cleanup_ssl_server_socket (ssl_server_connection *ssl_server)
 Garbage collection for a SSL server connection.

int delete_ssl_server_socket (ssl_server_connection *ssl_server)
 Deletes a SSL server connection.

ssl_connectioninsert_accepted_ssl_socket (ssl_server_connection *ssl_server)
 Inserts an SSL connection in the connection list of a server.

int close_accepted_ssl_socket (ssl_server_connection *ssl_server, ssl_connection *ssl)
 Closes an accepted SSL server connection and deletes it form the connection list.

int delete_accepted_ssl_socket (ssl_server_connection *ssl_server, ssl_connection *ssl)
 Deletes an accepted SSL server connection from the connection list.

int embed_accepted_ssl_socket (ssl_connection *ssl, int socket)
 Embeds an accepted server socket in an existing ssl connection.

ssl_connectionaccept_ssl_socket (ssl_server_connection *ssl_server)
 Do "accept" for a ssl server socket.

int send_ssl_socket (ssl_connection *ssl, void *buffer, int len)
 Send data package though the ssl connection.

int recv_ssl_socket (ssl_connection *ssl, void *buffer, int len)
 Receive data package though the ssl connection.

char * gets_ssl_socket (ssl_connection *ssl, char *buffer, int len)
 Receives a string data package though the ssl connection.

int printf_ssl_socket (ssl_connection *ssl, const char *format,...)
 Sends a formated string though the ssl connection.

int start_ssl ()
 Start SSL support library.

int stop_ssl ()
 Stop SSL support library.

void config_ssl (int conf_allow_self_cert)
 Configures the ssl engine.

ssl_connectionnew_ssl_connection (char *clientpemfile)
 Generate a new ssl connection.

ssl_server_connectionnew_ssl_server_connection (char *pemfile, char *clientpemfile)
 Generate a new ssl server connection.

int have_ssl (void)
 Checks if openssl is compiled in.


Detailed Description

SSL Socket methods.

Author:
Christian Hopp <chopp@iei.tu-clausthal.de> , Jan-Henrik Haukeland, <hauk@tildeslash.com>
Version:
$Id: ssl.c,v 1.14 2002/12/19 20:50:06 hauk Exp $

Definition in file ssl.c.


Define Documentation

#define RANDOM_BYTES   1024
 

Number of random bytes to obtain.

Definition at line 116 of file ssl.c.

#define RANDOM_DEVICE   "/dev/random"
 

If a non-blocking device is not found on the system a blocking entropy producer is tried instead.

Definition at line 128 of file ssl.c.

#define URANDOM_DEVICE   "/dev/urandom"
 

The PRIMARY random device selected for seeding the PRNG.

We use a non-blocking pseudo random device, to generate pseudo entropy.

Definition at line 122 of file ssl.c.


Function Documentation

ssl_connection* accept_ssl_socket ssl_server_connection   ssl_server
 

Do "accept" for a ssl server socket.

Parameters:
ssl  ssl connection
Returns:
the ssl_connection of the socket, NULL in case of an error

Definition at line 1088 of file ssl.c.

References ASSERT, close_accepted_ssl_socket(), embed_accepted_ssl_socket(), insert_accepted_ssl_socket(), len, ssl_connection, and ssl_server_connection.

int check_ssl_md5sum ssl_connection   ssl,
char *    md5sum
 

Compare certificate with given md5 sum.

Parameters:
ssl  reference to ssl connection
md5sum  string of the md5sum to test against
Returns:
TRUE, if sums do not match FALSE

Definition at line 296 of file ssl.c.

References ASSERT, and ssl_connection.

int cleanup_ssl_server_socket ssl_server_connection   ssl_server
 

Garbage collection for a SSL server connection.

Parameters:
ssl_server  data for ssl server connection
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 727 of file ssl.c.

References close_accepted_ssl_socket(), delete_ssl_socket(), ssl_connection, and ssl_server_connection.

Referenced by close_ssl_server_socket(), delete_ssl_server_socket(), and init_ssl_server().

int cleanup_ssl_socket ssl_connection   ssl
 

Garbage collection for non reusabe parts of the ssl connection.

Parameters:
ssl  ssl connection
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 433 of file ssl.c.

References ssl_connection.

Referenced by close_ssl_socket(), delete_accepted_ssl_socket(), delete_ssl_socket(), and embed_ssl_socket().

int close_accepted_ssl_socket ssl_server_connection   ssl_server,
ssl_connection   ssl
 

Closes an accepted SSL server connection and deletes it form the connection list.

Parameters:
ssl_server  data for ssl server connection
ssl  data the connection to be deleted
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 890 of file ssl.c.

References delete_accepted_ssl_socket(), ssl_connection, and ssl_server_connection.

Referenced by accept_ssl_socket(), cleanup_ssl_server_socket(), and destroy_wrapper().

int close_ssl_server_socket ssl_server_connection   ssl_server
 

Closes a ssl server connection (ssl socket + net socket).

Parameters:
ssl  ssl connection
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 699 of file ssl.c.

References cleanup_ssl_server_socket(), and ssl_server_connection.

int close_ssl_socket ssl_connection   ssl
 

Closes a ssl connection (ssl socket + net socket).

Parameters:
ssl  ssl connection
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 387 of file ssl.c.

References cleanup_ssl_socket(), and ssl_connection.

Referenced by d_check_process().

void config_ssl int    conf_allow_self_cert
 

Configures the ssl engine.

Definition at line 1381 of file ssl.c.

ssl_server_connection* create_ssl_server_socket char *    pemfile,
int    port,
int    backlog,
char *    bindAddr,
char *    clientpemfile
 

Creates a server socket (SOCK_STREAM type) and binds it to the specified local port number.

The socket get a ssl layer for data transmission.

Parameters:
pemfilename  Filename for the key/cert file
port  The localhost port number to open
backlog  The maximum queue length for incomming connections
bindAddr  the local address the server will bind to
Returns:
An ssl connection ready for accept, or NULL if an error occured.

Definition at line 645 of file ssl.c.

References ASSERT, create_server_socket(), error(), init_ssl_server(), prog, ssl_server_connection, and start_ssl().

ssl_connection* create_ssl_socket char *    hostname,
int    port,
int    protocol
 

Open a socket against hostname:port with the given protocol.

This socket is sent through a ssl connection. The protocol is normaly either SOCK_STREAM or SOCK_DGRAM.

Parameters:
hostname  The host to open a socket at
port  The port number to connect to
protocol  Socket protocol to use (SOCK_STREAM|SOCK_DGRAM)
Returns:
The ssl connection or NULL if an error occured.

Definition at line 337 of file ssl.c.

References ASSERT, create_socket(), embed_ssl_socket(), error(), new_ssl_connection(), prog, ssl_connection, and start_ssl().

int delete_accepted_ssl_socket ssl_server_connection   ssl_server,
ssl_connection   ssl
 

Deletes an accepted SSL server connection from the connection list.

Parameters:
ssl_server  data for ssl server connection
ssl  data the connection to be deleted
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 931 of file ssl.c.

References cleanup_ssl_socket(), delete_ssl_socket(), END_LOCK, LOCK, ssl_connection, and ssl_server_connection.

Referenced by close_accepted_ssl_socket().

int delete_ssl_server_socket ssl_server_connection   ssl_server
 

Deletes a SSL server connection.

Parameters:
ssl_server  data for ssl server connection
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 780 of file ssl.c.

References cleanup_ssl_server_socket(), and ssl_server_connection.

Referenced by stop_httpd().

int delete_ssl_socket ssl_connection   ssl
 

Garbage collection for non-reusable parts a ssl connection.

Parameters:
ssl  ssl connection
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 512 of file ssl.c.

References cleanup_ssl_socket(), and ssl_connection.

Referenced by cleanup_ssl_server_socket(), d_check_process(), delete_accepted_ssl_socket(), new_ssl_connection(), status(), and status_group().

int embed_accepted_ssl_socket ssl_connection   ssl,
int    socket
 

Embeds an accepted server socket in an existing ssl connection.

Parameters:
ssl  ssl connection
socket  the socket to be used.
Returns:
TRUE, or FALSE if an error has occured.

Definition at line 985 of file ssl.c.

References ASSERT, error(), prog, set_noblock(), ssl_connection, SSL_TIMEOUT, start_ssl(), and update_ssl_cert_data().

Referenced by accept_ssl_socket(), and start_httpd().

int embed_ssl_socket ssl_connection   ssl,
int    socket
 

Embeds a socket in a ssl connection.

Parameters:
socket  the socket to be used.
Returns:
The ssl connection or NULL if an error occured.

Definition at line 161 of file ssl.c.

References cleanup_ssl_socket(), error(), prog, set_noblock(), ssl_connection, SSL_TIMEOUT, start_ssl(), and update_ssl_cert_data().

Referenced by create_ssl_socket(), and d_check_process().

char* gets_ssl_socket ssl_connection   ssl,
char *    buffer,
int    len
 

Receives a string data package though the ssl connection.

Parameters:
ssl  ssl connection
buffer  array to hold the data
len  size of the data container
Returns:
pointer to buffer, NULL if failed

Definition at line 1232 of file ssl.c.

References ASSERT, len, recv_ssl_socket(), and ssl_connection.

int have_ssl void   
 

Checks if openssl is compiled in.

Returns:
TRUE if installed

Definition at line 1545 of file ssl.c.

ssl_server_connection* init_ssl_server char *    pemfile,
char *    clientpemfile
 

Initializes a ssl connection for server use.

Parameters:
pemfilename  Filename for the key/cert file
Returns:
An ssl connection, or NULL if an error occured.

Definition at line 548 of file ssl.c.

References ASSERT, cleanup_ssl_server_socket(), error(), new_ssl_server_connection(), prog, ssl_server_connection, and start_ssl().

Referenced by create_ssl_server_socket(), and start_httpd().

ssl_connection* insert_accepted_ssl_socket ssl_server_connection   ssl_server
 

Inserts an SSL connection in the connection list of a server.

Parameters:
ssl_server  data for ssl server connection
Returns:
new SSL connection for the connection, or NULL if failed

Definition at line 816 of file ssl.c.

References ASSERT, END_LOCK, LOCK, NEW, ssl_connection, ssl_server_connection, start_ssl(), and xstrdup().

Referenced by accept_ssl_socket(), and start_httpd().

ssl_connection* new_ssl_connection char *    clientpemfile
 

Generate a new ssl connection.

Returns:
ssl connection container

Definition at line 1397 of file ssl.c.

References delete_ssl_socket(), error(), NEW, prog, ssl_connection, start_ssl(), and xstrdup().

Referenced by create_ssl_socket(), d_check_process(), status(), and status_group().

ssl_server_connection* new_ssl_server_connection char *    pemfile,
char *    clientpemfile
 

Generate a new ssl server connection.

Returns:
ssl server connection container

Definition at line 1498 of file ssl.c.

References ASSERT, NEW, ssl_server_connection, start_ssl(), and xstrdup().

Referenced by init_ssl_server().

int printf_ssl_socket ssl_connection   ssl,
const char *    format,
...   
 

Sends a formated string though the ssl connection.

Parameters:
ssl  ssl connection
format  string holding the format information
...  data for the string
Returns:
number for characters transmitted

Definition at line 1292 of file ssl.c.

References ASSERT, len, send_ssl_socket(), and ssl_connection.

int recv_ssl_socket ssl_connection   ssl,
void *    buffer,
int    len
 

Receive data package though the ssl connection.

Parameters:
ssl  ssl connection
buffer  array to hold the data
len  size of the data container
Returns:
number of bytes transmitted, -1 in case of an error

Definition at line 1189 of file ssl.c.

References ASSERT, error(), len, prog, ssl_connection, and SSL_TIMEOUT.

Referenced by gets_ssl_socket(), and port_recv().

int send_ssl_socket ssl_connection   ssl,
void *    buffer,
int    len
 

Send data package though the ssl connection.

Parameters:
ssl  ssl connection
buffer  array containg the data
len  size of the data container
Returns:
number of bytes transmitted, -1 in case of an error

Definition at line 1144 of file ssl.c.

References ASSERT, error(), len, prog, ssl_connection, and SSL_TIMEOUT.

Referenced by d_check_process(), port_send(), and printf_ssl_socket().

int start_ssl void   
 

Start SSL support library.

It has to be run before the SSL support can be used.

Returns:
TRUE, or FALSE if an error has occured.

Definition at line 1324 of file ssl.c.

Referenced by create_ssl_server_socket(), create_ssl_socket(), embed_accepted_ssl_socket(), embed_ssl_socket(), init_ssl_server(), insert_accepted_ssl_socket(), new_ssl_connection(), and new_ssl_server_connection().

int stop_ssl void   
 

Stop SSL support library.

Returns:
TRUE, or FALSE if an error has occured.

Definition at line 1353 of file ssl.c.

int update_ssl_cert_data ssl_connection   ssl
 

Updates some data in the ssl connection.

Parameters:
ssl  reference to ssl connection
Returns:
TRUE, if not successful FALSE

Definition at line 260 of file ssl.c.

References ASSERT, ssl_connection, and xstrdup().

Referenced by embed_accepted_ssl_socket(), and embed_ssl_socket().