6 # include <gnutls/gnutls.h>
7 # include <gnutls/x509.h>
10 # include <openssl/ssl.h>
11 # include <openssl/err.h>
14 #ifdef HAVE_WS2TCPIP_H
15 # include <ws2tcpip.h>
19 #include "ecore_con_private.h"
23 static int _init_con_ssl_init_count = 0;
26 # ifdef EFL_HAVE_PTHREAD
27 GCRY_THREAD_OPTION_PTHREAD_IMPL;
30 static int _client_connected = 0;
31 # define SSL_SUFFIX(ssl_func) ssl_func ## _gnutls
32 # define _ECORE_CON_SSL_AVAILABLE 1
36 # define SSL_SUFFIX(ssl_func) ssl_func ## _openssl
37 # define _ECORE_CON_SSL_AVAILABLE 2
40 # define SSL_SUFFIX(ssl_func) ssl_func ## _none
41 # define _ECORE_CON_SSL_AVAILABLE 0
46 typedef struct _cert_thingy
48 gnutls_certificate_credentials_t cert;
51 static gnutls *client_cert = NULL;
52 static gnutls *server_cert = NULL;
54 typedef struct _cert_thingy
59 typedef struct _key_thingy
64 static openssl_pkey *private_key = NULL;
65 static openssl *client_cert = NULL;
66 static openssl *server_cert = NULL;
69 static Ecore_Con_Ssl_Error
70 SSL_SUFFIX(_ecore_con_ssl_init) (void);
71 static Ecore_Con_Ssl_Error
72 SSL_SUFFIX(_ecore_con_ssl_shutdown) (void);
74 static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_client_cert_add) (const char *
80 static Eina_Bool SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (const char *cert);
82 static void SSL_SUFFIX(_ecore_con_ssl_server_prepare) (Ecore_Con_Server *
84 static Ecore_Con_Ssl_Error
85 SSL_SUFFIX(_ecore_con_ssl_server_init) (Ecore_Con_Server * svr);
86 static Ecore_Con_Ssl_Error
87 SSL_SUFFIX(_ecore_con_ssl_server_shutdown) (Ecore_Con_Server *
89 static Ecore_Con_State
90 SSL_SUFFIX(_ecore_con_ssl_server_try) (Ecore_Con_Server * svr);
92 SSL_SUFFIX(_ecore_con_ssl_server_read) (Ecore_Con_Server * svr,
93 unsigned char *buf, int size);
95 SSL_SUFFIX(_ecore_con_ssl_server_write) (Ecore_Con_Server *
97 unsigned char *buf, int size);
100 SSL_SUFFIX(_ecore_con_ssl_client_prepare) (Ecore_Con_Client *
102 static Ecore_Con_Ssl_Error
103 SSL_SUFFIX(_ecore_con_ssl_client_init) (Ecore_Con_Client * cl);
104 static Ecore_Con_Ssl_Error
105 SSL_SUFFIX(_ecore_con_ssl_client_shutdown) (Ecore_Con_Client *
108 SSL_SUFFIX(_ecore_con_ssl_client_read) (Ecore_Con_Client * cl,
109 unsigned char *buf, int size);
111 SSL_SUFFIX(_ecore_con_ssl_client_write) (Ecore_Con_Client * cl,
112 unsigned char *buf, int size);
119 ecore_con_ssl_init(void)
121 if (!_init_con_ssl_init_count++)
122 SSL_SUFFIX(_ecore_con_ssl_init) ();
124 return _init_con_ssl_init_count;
128 ecore_con_ssl_shutdown(void)
130 if (!--_init_con_ssl_init_count)
132 #if USE_OPENSSL || USE_GNUTLS
134 client_cert->count = 0;
137 server_cert->count = 0;
139 #if USE_OPENSSL && !USE_GNUTLS
141 private_key->count = 0;
144 SSL_SUFFIX(_ecore_con_ssl_shutdown) ();
147 return _init_con_ssl_init_count;
151 * Returns if SSL support is available
152 * @return 1 if SSL is available, 0 if it is not.
153 * @ingroup Ecore_Con_Client_Group
156 ecore_con_ssl_available_get(void)
158 return _ECORE_CON_SSL_AVAILABLE;
163 ecore_con_ssl_server_prepare(Ecore_Con_Server *svr)
165 SSL_SUFFIX(_ecore_con_ssl_server_prepare) (svr);
169 ecore_con_ssl_server_init(Ecore_Con_Server *svr)
171 return SSL_SUFFIX(_ecore_con_ssl_server_init) (svr);
175 ecore_con_ssl_server_cert_add(const char *cert)
177 return SSL_SUFFIX(_ecore_con_ssl_server_cert_add) (cert);
181 ecore_con_ssl_server_shutdown(Ecore_Con_Server *svr)
183 return SSL_SUFFIX(_ecore_con_ssl_server_shutdown) (svr);
187 ecore_con_ssl_server_try(Ecore_Con_Server *svr)
189 return SSL_SUFFIX(_ecore_con_ssl_server_try) (svr);
193 ecore_con_ssl_server_read(Ecore_Con_Server *svr, unsigned char *buf, int size)
195 return SSL_SUFFIX(_ecore_con_ssl_server_read) (svr, buf, size);
199 ecore_con_ssl_server_write(Ecore_Con_Server *svr, unsigned char *buf, int size)
201 return SSL_SUFFIX(_ecore_con_ssl_server_write) (svr, buf, size);
205 ecore_con_ssl_client_init(Ecore_Con_Client *cl)
207 return SSL_SUFFIX(_ecore_con_ssl_client_init) (cl);
211 ecore_con_ssl_client_cert_add(const char *cert_file,
212 const char *crl_file,
213 const char *key_file)
215 return SSL_SUFFIX(_ecore_con_ssl_client_cert_add) (cert_file, crl_file,
220 ecore_con_ssl_client_shutdown(Ecore_Con_Client *cl)
222 return SSL_SUFFIX(_ecore_con_ssl_client_shutdown) (cl);
226 ecore_con_ssl_client_read(Ecore_Con_Client *cl, unsigned char *buf, int size)
228 return SSL_SUFFIX(_ecore_con_ssl_client_read) (cl, buf, size);
232 ecore_con_ssl_client_write(Ecore_Con_Client *cl, unsigned char *buf, int size)
234 return SSL_SUFFIX(_ecore_con_ssl_client_write) (cl, buf, size);
243 static Ecore_Con_Ssl_Error
244 _ecore_con_ssl_init_gnutls(void)
246 #ifdef EFL_HAVE_PTHREAD
247 if (gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread))
249 "YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!");
252 if (gnutls_global_init())
253 return ECORE_CON_SSL_ERROR_INIT_FAILED;
255 return ECORE_CON_SSL_ERROR_NONE;
258 static Ecore_Con_Ssl_Error
259 _ecore_con_ssl_shutdown_gnutls(void)
261 gnutls_global_deinit();
263 return ECORE_CON_SSL_ERROR_NONE;
267 _ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr)
270 svr->anoncred_c = NULL;
274 /* Tries to connect an Ecore_Con_Server to an SSL host.
275 * Returns 1 on success, -1 on fatal errors and 0 if the caller
276 * should try again later.
278 static Ecore_Con_Ssl_Error
279 _ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *svr)
281 const int *proto = NULL;
283 const int kx[] = { GNUTLS_KX_ANON_DH, 0 };
284 const int ssl3_proto[] = { GNUTLS_SSL3, 0 };
285 const int tls_proto[] = {
294 switch (svr->type & ECORE_CON_SSL)
296 case ECORE_CON_USE_SSL2: /* not supported because of security issues */
297 return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
299 case ECORE_CON_USE_SSL3:
303 case ECORE_CON_USE_TLS:
308 return ECORE_CON_SSL_ERROR_NONE;
311 if ((server_cert) && (server_cert->cert) &&
312 ((svr->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT))
314 svr->cert = server_cert->cert;
315 server_cert->count++;
318 gnutls_init(&(svr->session), GNUTLS_CLIENT);
319 gnutls_set_default_priority(svr->session);
320 gnutls_kx_set_priority(svr->session, kx);
322 gnutls_credentials_set(svr->session, GNUTLS_CRD_CERTIFICATE,
326 gnutls_anon_allocate_client_credentials(&svr->anoncred_c);
327 gnutls_credentials_set(svr->session, GNUTLS_CRD_ANON, svr->anoncred_c);
330 gnutls_kx_set_priority(svr->session, kx);
331 gnutls_protocol_set_priority(svr->session, proto);
332 gnutls_dh_set_prime_bits(svr->session, 2048);
334 gnutls_transport_set_ptr(svr->session, (gnutls_transport_ptr_t)svr->fd);
336 while ((ret = gnutls_handshake(svr->session)) < 0)
338 if ((ret == GNUTLS_E_AGAIN) ||
339 (ret == GNUTLS_E_INTERRUPTED))
342 _ecore_con_ssl_server_shutdown_gnutls(svr);
343 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
346 return ECORE_CON_SSL_ERROR_NONE;
350 _ecore_con_ssl_server_cert_add_gnutls(const char *cert_file)
352 gnutls_certificate_credentials_t cert = NULL;
355 if (gnutls_certificate_set_x509_trust_file(cert, cert_file,
356 GNUTLS_X509_FMT_PEM) < 0)
361 server_cert = malloc(sizeof(gnutls));
365 else if ((server_cert->cert) && ((--server_cert->count) < 1))
366 gnutls_certificate_free_credentials(server_cert->cert);
368 server_cert->cert = cert;
369 server_cert->count = 1;
375 gnutls_certificate_free_credentials(cert);
380 static Ecore_Con_Ssl_Error
381 _ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *svr)
385 gnutls_bye(svr->session, GNUTLS_SHUT_RDWR);
386 gnutls_deinit(svr->session);
389 if (((svr->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
391 (server_cert->cert) && (--server_cert->count < 1))
393 gnutls_certificate_free_credentials(server_cert->cert);
397 else if (svr->anoncred_c)
398 gnutls_anon_free_client_credentials(svr->anoncred_c);
400 _ecore_con_ssl_server_prepare_gnutls(svr);
402 return ECORE_CON_SSL_ERROR_NONE;
405 /* this is a stub function, the handshake is done in _init_gnutls */
406 static Ecore_Con_State
407 _ecore_con_ssl_server_try_gnutls(Ecore_Con_Server *svr __UNUSED__)
409 return ECORE_CON_CONNECTED;
413 _ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
418 num = gnutls_record_recv(svr->session, buf, size);
422 if ((num == GNUTLS_E_AGAIN) ||
423 (num == GNUTLS_E_REHANDSHAKE) ||
424 (num == GNUTLS_E_INTERRUPTED))
431 _ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
436 num = gnutls_record_send(svr->session, buf, size);
440 if ((num == GNUTLS_E_AGAIN) ||
441 (num == GNUTLS_E_REHANDSHAKE) ||
442 (num == GNUTLS_E_INTERRUPTED))
449 _ecore_con_ssl_client_prepare_gnutls(Ecore_Con_Client *cl)
452 if (!_client_connected)
454 cl->server->anoncred_s = NULL;
455 cl->server->cert = NULL;
459 static Ecore_Con_Ssl_Error
460 _ecore_con_ssl_client_init_gnutls(Ecore_Con_Client *cl)
462 const int *proto = NULL;
463 gnutls_dh_params_t dh_params;
465 const int kx[] = { GNUTLS_KX_ANON_DH, 0 };
466 const int ssl3_proto[] = { GNUTLS_SSL3, 0 };
467 const int tls_proto[] = {
476 switch (cl->server->type & ECORE_CON_SSL)
478 case ECORE_CON_USE_SSL2: /* not supported because of security issues */
479 return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
481 case ECORE_CON_USE_SSL3:
485 case ECORE_CON_USE_TLS:
490 return ECORE_CON_SSL_ERROR_NONE;
495 gnutls_dh_params_init(&dh_params);
496 gnutls_dh_params_generate2(dh_params, 1024);
498 if ((client_cert) && (client_cert->cert) &&
499 ((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT))
501 cl->server->cert = client_cert->cert;
502 client_cert->count++;
503 gnutls_certificate_set_dh_params(cl->server->cert, dh_params);
506 if ((!cl->server->anoncred_s) && (!cl->server->cert))
508 gnutls_anon_allocate_server_credentials(&(cl->server->anoncred_s));
509 gnutls_anon_set_server_dh_params(cl->server->anoncred_s, dh_params);
512 gnutls_init(&(cl->session), GNUTLS_SERVER);
513 gnutls_set_default_priority(cl->session);
514 if (cl->server->cert)
516 gnutls_credentials_set(cl->session,
517 GNUTLS_CRD_CERTIFICATE,
519 gnutls_certificate_server_set_request(cl->session, GNUTLS_CERT_REQUEST);
522 gnutls_credentials_set(cl->session, GNUTLS_CRD_ANON,
523 cl->server->anoncred_s);
525 gnutls_kx_set_priority(cl->session, kx);
527 gnutls_protocol_set_priority(cl->session, proto);
529 gnutls_transport_set_ptr(cl->session, (gnutls_transport_ptr_t)cl->fd);
531 while ((ret = gnutls_handshake(cl->session)) < 0)
533 if ((ret == GNUTLS_E_AGAIN) ||
534 (ret == GNUTLS_E_INTERRUPTED))
537 _ecore_con_ssl_client_shutdown_gnutls(cl);
538 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
541 /* TODO: add cert verification support */
542 return ECORE_CON_SSL_ERROR_NONE;
545 static Ecore_Con_Ssl_Error
546 _ecore_con_ssl_client_shutdown_gnutls(Ecore_Con_Client *cl)
550 gnutls_bye(cl->session, GNUTLS_SHUT_RDWR);
551 gnutls_deinit(cl->session);
554 if (cl->server->anoncred_s && !--_client_connected)
555 gnutls_anon_free_server_credentials(cl->server->anoncred_s);
557 if (((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
559 (client_cert->cert) && (--client_cert->count < 1))
561 gnutls_certificate_free_credentials(client_cert->cert);
566 _ecore_con_ssl_client_prepare_gnutls(cl);
568 return ECORE_CON_SSL_ERROR_NONE;
572 _ecore_con_ssl_client_cert_add_gnutls(const char *cert_file,
573 const char *crl_file,
574 const char *key_file)
576 gnutls_certificate_credentials_t cert = NULL;
578 if (gnutls_certificate_allocate_credentials(&cert) < 0)
582 if (gnutls_certificate_set_x509_trust_file(cert, cert_file,
583 GNUTLS_X509_FMT_PEM) < 0)
586 /* private key load */
587 if (gnutls_certificate_set_x509_key_file(cert, cert_file, key_file,
588 GNUTLS_X509_FMT_PEM) < 0)
592 //TODO: uncomment once we implement cert checking
595 if (gnutls_certificate_set_x509_crl_mem(cert, crl_file,
596 GNUTLS_X509_FMT_PEM) < 0)
603 client_cert = malloc(sizeof(gnutls));
607 else if ((client_cert->cert) && ((--client_cert->count) < 1))
608 gnutls_certificate_free_credentials(client_cert->cert);
610 client_cert->cert = cert;
611 client_cert->count = 1;
617 gnutls_certificate_free_credentials(cert);
623 _ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
628 num = gnutls_record_recv(cl->session, buf, size);
632 if ((num == GNUTLS_E_AGAIN) ||
633 (num == GNUTLS_E_REHANDSHAKE) ||
634 (num == GNUTLS_E_INTERRUPTED))
641 _ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
646 num = gnutls_record_send(cl->session, buf, size);
650 if ((num == GNUTLS_E_AGAIN) ||
651 (num == GNUTLS_E_REHANDSHAKE) ||
652 (num == GNUTLS_E_INTERRUPTED))
658 #elif USE_OPENSSL && !USE_GNUTLS
664 static Ecore_Con_Ssl_Error
665 _ecore_con_ssl_init_openssl(void)
668 SSL_load_error_strings();
670 return ECORE_CON_SSL_ERROR_NONE;
673 static Ecore_Con_Ssl_Error
674 _ecore_con_ssl_shutdown_openssl(void)
677 return ECORE_CON_SSL_ERROR_NONE;
681 _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server *svr)
685 svr->ssl_err = SSL_ERROR_NONE;
688 static Ecore_Con_Ssl_Error
689 _ecore_con_ssl_server_init_openssl(Ecore_Con_Server *svr)
691 switch (svr->type & ECORE_CON_SSL)
693 case ECORE_CON_USE_SSL2:
694 /* Unsafe version of SSL */
696 SSL_CTX_new(SSLv2_client_method())))
698 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
702 case ECORE_CON_USE_SSL3:
704 SSL_CTX_new(SSLv3_client_method())))
706 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
710 case ECORE_CON_USE_TLS:
712 SSL_CTX_new(TLSv1_client_method())))
714 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
719 return ECORE_CON_SSL_ERROR_NONE;
721 if (!(svr->ssl = SSL_new(svr->ssl_ctx)))
723 SSL_CTX_free(svr->ssl_ctx);
724 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
727 if ((server_cert) && (server_cert->cert) &&
728 ((svr->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT))
730 //FIXME: just log and go on without cert if loading fails?
731 if (!SSL_CTX_use_certificate(svr->ssl_ctx, server_cert->cert))
733 "ssl cert load failed: %s", ERR_reason_error_string(ERR_get_error()));
735 server_cert->count++;
738 SSL_set_fd(svr->ssl, svr->fd);
740 return ECORE_CON_SSL_ERROR_NONE;
744 _ecore_con_ssl_server_cert_add_openssl(const char *cert_file)
749 if (!(fp = fopen(cert_file, "r")))
752 if (!(cert = PEM_read_X509(fp, NULL, NULL, NULL)))
759 server_cert = malloc(sizeof(openssl));
763 else if ((server_cert->cert) && ((--server_cert->count) < 1))
764 X509_free(server_cert->cert);
766 server_cert->cert = cert;
768 server_cert->count = 1;
779 static Ecore_Con_Ssl_Error
780 _ecore_con_ssl_server_shutdown_openssl(Ecore_Con_Server *svr)
784 if (!SSL_shutdown(svr->ssl))
785 SSL_shutdown(svr->ssl);
790 if (((svr->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
791 (server_cert) && (server_cert->cert) &&
792 (--server_cert->count < 1))
794 X509_free(server_cert->cert);
800 SSL_CTX_free(svr->ssl_ctx);
802 _ecore_con_ssl_server_prepare_openssl(svr);
804 return ECORE_CON_SSL_ERROR_NONE;
807 /* Tries to connect an Ecore_Con_Server to an SSL host.
808 * Returns 1 on success, -1 on fatal errors and 0 if the caller
809 * should try again later.
811 static Ecore_Con_State
812 _ecore_con_ssl_server_try_openssl(Ecore_Con_Server *svr)
816 if ((res = SSL_connect(svr->ssl)) == 1)
817 return ECORE_CON_CONNECTED;
819 svr->ssl_err = SSL_get_error(svr->ssl, res);
821 switch (svr->ssl_err)
824 return ECORE_CON_CONNECTED;
826 case SSL_ERROR_WANT_READ:
827 flag = ECORE_FD_READ;
830 case SSL_ERROR_WANT_WRITE:
831 flag = ECORE_FD_WRITE;
835 return ECORE_CON_DISCONNECTED;
838 if (svr->fd_handler && flag)
839 ecore_main_fd_handler_active_set(svr->fd_handler,
842 return ECORE_CON_INPROGRESS;
846 _ecore_con_ssl_server_read_openssl(Ecore_Con_Server *svr, unsigned char *buf,
851 num = SSL_read(svr->ssl, buf, size);
852 svr->ssl_err = SSL_get_error(svr->ssl, num);
856 if (svr->ssl && svr->ssl_err ==
858 ecore_main_fd_handler_active_set(svr->fd_handler,
860 else if (svr->ssl && svr->ssl_err ==
861 SSL_ERROR_WANT_WRITE)
862 ecore_main_fd_handler_active_set(
867 if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
868 (svr->ssl_err == SSL_ERROR_SYSCALL) ||
869 (svr->ssl_err == SSL_ERROR_SSL))
879 _ecore_con_ssl_server_write_openssl(Ecore_Con_Server *svr, unsigned char *buf,
884 num = SSL_write(svr->ssl, buf, size);
885 svr->ssl_err = SSL_get_error(svr->ssl, num);
889 if (svr->ssl && svr->ssl_err ==
891 ecore_main_fd_handler_active_set(svr->fd_handler,
893 else if (svr->ssl && svr->ssl_err ==
894 SSL_ERROR_WANT_WRITE)
895 ecore_main_fd_handler_active_set(
900 if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
901 (svr->ssl_err == SSL_ERROR_SYSCALL) ||
902 (svr->ssl_err == SSL_ERROR_SSL))
912 _ecore_con_ssl_client_prepare_openssl(Ecore_Con_Client *cl)
916 cl->ssl_err = SSL_ERROR_NONE;
919 static Ecore_Con_Ssl_Error
920 _ecore_con_ssl_client_init_openssl(Ecore_Con_Client *cl)
922 switch (cl->server->type & ECORE_CON_SSL)
924 case ECORE_CON_USE_SSL2:
925 /* Unsafe version of SSL */
927 SSL_CTX_new(SSLv2_client_method())))
929 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
933 case ECORE_CON_USE_SSL3:
935 SSL_CTX_new(SSLv3_client_method())))
937 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
941 case ECORE_CON_USE_TLS:
943 SSL_CTX_new(TLSv1_client_method())))
945 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
950 return ECORE_CON_SSL_ERROR_NONE;
952 if (!(cl->ssl = SSL_new(cl->ssl_ctx)))
954 SSL_CTX_free(cl->ssl_ctx);
955 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
958 if ((client_cert) && (client_cert->cert) && (private_key->key) &&
959 ((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT))
961 //FIXME: just log and go on without cert if loading fails?
962 if (!SSL_CTX_use_certificate(cl->server->ssl_ctx, client_cert->cert) ||
963 !SSL_CTX_use_PrivateKey(cl->server->ssl_ctx, private_key->key) ||
964 !SSL_CTX_check_private_key(cl->server->ssl_ctx))
966 "ssl cert load failed: %s", ERR_reason_error_string(ERR_get_error()));
968 client_cert->count++;
969 private_key->count++;
972 SSL_set_fd(cl->ssl, cl->fd);
974 return ECORE_CON_SSL_ERROR_NONE;
979 _ecore_con_ssl_client_cert_add_openssl(const char *cert_file,
980 const char *crl_file,
981 const char *key_file)
984 EVP_PKEY *privkey = NULL;
987 if (!(fp = fopen(cert_file, "r")))
990 if (!(cert = PEM_read_X509(fp, NULL, NULL, NULL)))
996 if (!(fp = fopen(key_file, "r")))
1000 if (!(privkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL)))
1007 client_cert = malloc(sizeof(openssl));
1011 else if ((client_cert->cert) && (--client_cert->count < 1))
1012 X509_free(client_cert->cert);
1016 private_key = malloc(sizeof(openssl_pkey));
1017 if (!private_key) return EINA_FALSE;
1019 else if ((private_key->key) && ((--private_key->count) < 1))
1020 EVP_PKEY_free(private_key->key);
1022 private_key->key = privkey;
1023 client_cert->cert = cert;
1025 private_key->count = client_cert->count = 1;
1037 EVP_PKEY_free(privkey);
1042 static Ecore_Con_Ssl_Error
1043 _ecore_con_ssl_client_shutdown_openssl(Ecore_Con_Client *cl)
1047 if (!SSL_shutdown(cl->ssl))
1048 SSL_shutdown(cl->ssl);
1055 SSL_CTX_free(cl->ssl_ctx);
1056 if (((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
1057 (client_cert) && (client_cert->cert) && (--client_cert->count < 1))
1059 X509_free(client_cert->cert);
1064 if (((cl->server->type & ECORE_CON_TYPE) & ECORE_CON_LOAD_CERT) &&
1065 (private_key) && (private_key->key) && (--private_key->count < 1))
1067 EVP_PKEY_free(private_key->key);
1073 _ecore_con_ssl_client_prepare_openssl(cl);
1075 return ECORE_CON_SSL_ERROR_NONE;
1079 _ecore_con_ssl_client_read_openssl(Ecore_Con_Client *cl, unsigned char *buf,
1084 num = SSL_read(cl->ssl, buf, size);
1085 cl->ssl_err = SSL_get_error(cl->ssl, num);
1089 if (cl->ssl && cl->ssl_err ==
1090 SSL_ERROR_WANT_READ)
1091 ecore_main_fd_handler_active_set(cl->fd_handler,
1093 else if (cl->ssl && cl->ssl_err ==
1094 SSL_ERROR_WANT_WRITE)
1095 ecore_main_fd_handler_active_set(
1100 if ((cl->ssl_err == SSL_ERROR_ZERO_RETURN) ||
1101 (cl->ssl_err == SSL_ERROR_SYSCALL) ||
1102 (cl->ssl_err == SSL_ERROR_SSL))
1112 _ecore_con_ssl_client_write_openssl(Ecore_Con_Client *cl, unsigned char *buf,
1117 num = SSL_write(cl->ssl, buf, size);
1118 cl->ssl_err = SSL_get_error(cl->ssl, num);
1122 if (cl->ssl && cl->ssl_err ==
1123 SSL_ERROR_WANT_READ)
1124 ecore_main_fd_handler_active_set(cl->fd_handler,
1126 else if (cl->ssl && cl->ssl_err ==
1127 SSL_ERROR_WANT_WRITE)
1128 ecore_main_fd_handler_active_set(
1133 if ((cl->ssl_err == SSL_ERROR_ZERO_RETURN) ||
1134 (cl->ssl_err == SSL_ERROR_SYSCALL) ||
1135 (cl->ssl_err == SSL_ERROR_SSL))
1150 static Ecore_Con_Ssl_Error
1151 _ecore_con_ssl_init_none(void)
1153 return ECORE_CON_SSL_ERROR_NONE;
1156 static Ecore_Con_Ssl_Error
1157 _ecore_con_ssl_shutdown_none(void)
1159 return ECORE_CON_SSL_ERROR_NONE;
1163 _ecore_con_ssl_server_prepare_none(Ecore_Con_Server *svr)
1167 static Ecore_Con_Ssl_Error
1168 _ecore_con_ssl_server_init_none(Ecore_Con_Server *svr)
1170 return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
1174 _ecore_con_ssl_server_cert_add_none(const char *cert_file)
1179 static Ecore_Con_Ssl_Error
1180 _ecore_con_ssl_server_shutdown_none(Ecore_Con_Server *svr)
1182 return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
1185 /* Tries to connect an Ecore_Con_Server to an SSL host.
1186 * Returns 1 on success, -1 on fatal errors and 0 if the caller
1187 * should try again later.
1189 static Ecore_Con_State
1190 _ecore_con_ssl_server_try_none(Ecore_Con_Server *svr)
1192 return ECORE_CON_DISCONNECTED;
1196 _ecore_con_ssl_server_read_none(Ecore_Con_Server *svr, unsigned char *buf,
1203 _ecore_con_ssl_server_write_none(Ecore_Con_Server *svr, unsigned char *buf,
1210 _ecore_con_ssl_client_prepare_none(Ecore_Con_Client *cl)
1215 static Ecore_Con_Ssl_Error
1216 _ecore_con_ssl_client_init_none(Ecore_Con_Client *cl)
1218 return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
1222 _ecore_con_ssl_client_cert_add_none(const char *cert_file,
1223 const char *crl_file,
1224 const char *key_file)
1229 static Ecore_Con_Ssl_Error
1230 _ecore_con_ssl_client_shutdown_none(Ecore_Con_Client *cl)
1232 return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
1236 _ecore_con_ssl_client_read_none(Ecore_Con_Client *cl, unsigned char *buf,
1243 _ecore_con_ssl_client_write_none(Ecore_Con_Client *cl, unsigned char *buf,