|
@ -20,7 +20,7 @@ Signed-off-by: Rosen Penev <rosenp@gmail.com> |
|
|
#include <errno.h> |
|
|
#include <errno.h> |
|
|
#include <limits.h> |
|
|
#include <limits.h> |
|
|
|
|
|
|
|
|
@@ -59,8 +62,12 @@ ssl_init(struct vsf_session* p_sess)
|
|
|
|
|
|
|
|
|
@@ -66,8 +69,12 @@ ssl_init(struct vsf_session* p_sess)
|
|
|
SSL_CTX* p_ctx; |
|
|
SSL_CTX* p_ctx; |
|
|
long options; |
|
|
long options; |
|
|
int verify_option = 0; |
|
|
int verify_option = 0; |
|
@ -33,7 +33,7 @@ Signed-off-by: Rosen Penev <rosenp@gmail.com> |
|
|
if (p_ctx == NULL) |
|
|
if (p_ctx == NULL) |
|
|
{ |
|
|
{ |
|
|
die("SSL: could not allocate SSL context"); |
|
|
die("SSL: could not allocate SSL context"); |
|
|
@@ -120,6 +127,7 @@ ssl_init(struct vsf_session* p_sess)
|
|
|
|
|
|
|
|
|
@@ -139,6 +146,7 @@ ssl_init(struct vsf_session* p_sess)
|
|
|
{ |
|
|
{ |
|
|
die("SSL: RNG is not seeded"); |
|
|
die("SSL: RNG is not seeded"); |
|
|
} |
|
|
} |
|
@ -41,7 +41,7 @@ Signed-off-by: Rosen Penev <rosenp@gmail.com> |
|
|
{ |
|
|
{ |
|
|
EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
|
|
EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
|
|
if (key == NULL) |
|
|
if (key == NULL) |
|
|
@@ -129,6 +137,7 @@ ssl_init(struct vsf_session* p_sess)
|
|
|
|
|
|
|
|
|
@@ -148,6 +156,7 @@ ssl_init(struct vsf_session* p_sess)
|
|
|
SSL_CTX_set_tmp_ecdh(p_ctx, key); |
|
|
SSL_CTX_set_tmp_ecdh(p_ctx, key); |
|
|
EC_KEY_free(key); |
|
|
EC_KEY_free(key); |
|
|
} |
|
|
} |
|
@ -49,7 +49,7 @@ Signed-off-by: Rosen Penev <rosenp@gmail.com> |
|
|
if (tunable_ssl_request_cert) |
|
|
if (tunable_ssl_request_cert) |
|
|
{ |
|
|
{ |
|
|
verify_option |= SSL_VERIFY_PEER; |
|
|
verify_option |= SSL_VERIFY_PEER; |
|
|
@@ -660,7 +669,9 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_s
|
|
|
|
|
|
|
|
|
@@ -685,7 +694,9 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_s
|
|
|
static char* |
|
|
static char* |
|
|
get_ssl_error() |
|
|
get_ssl_error() |
|
|
{ |
|
|
{ |
|
|