Ignore:
Timestamp:
05/01/11 17:35:34 (9 years ago)
Author:
Admin
Message:

WebIf: Some restructuring of SSL, SSL object is now built from SSL context in singlethreaded code part.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/oscam-http-helpers.c

    r5150 r5152  
    731731};
    732732
    733 // function needs explicitly unsigned long to prevent compiler warning, uintptr_t is not valid here
     733/* function really needs unsigned long to prevent compiler warnings... */
    734734unsigned long SSL_id_function(void){
    735735    return ((unsigned long) pthread_self());
     
    746746}
    747747
    748 struct CRYPTO_dynlock_value *SSL_dyn_create_function(const char *file, int line){
    749     struct CRYPTO_dynlock_value *value;
    750     if(!cs_malloc(&value, sizeof(struct CRYPTO_dynlock_value), -1)) return (NULL);
    751     pthread_mutex_init(&value->mutex, NULL);
     748struct CRYPTO_dynlock_value *SSL_dyn_create_function(const char *file, int32_t line){
     749    struct CRYPTO_dynlock_value *l;
     750    if(!cs_malloc(&l, sizeof(struct CRYPTO_dynlock_value), -1)) return (NULL);
     751        if(pthread_mutex_init(&l->mutex, NULL)) {
     752            // Initialization of mutex failed.
     753            free(l);
     754            return (NULL);
     755        }
     756    pthread_mutex_init(&l->mutex, NULL);
    752757    // just to remove compiler warnings...
    753         if(file || line) return value;
    754     return value;
    755 }
    756 
    757 void SSL_dyn_lock_function(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line){
     758        if(file || line) return l;
     759    return l;
     760}
     761
     762void SSL_dyn_lock_function(int32_t mode, struct CRYPTO_dynlock_value *l, const char *file, int32_t line){
    758763    if (mode & CRYPTO_LOCK) {
    759764        pthread_mutex_lock(&l->mutex);
     
    765770}
    766771
    767 void SSL_dyn_destroy_function(struct CRYPTO_dynlock_value *l, const char *file, int line){
     772void SSL_dyn_destroy_function(struct CRYPTO_dynlock_value *l, const char *file, int32_t line){
    768773    pthread_mutex_destroy(&l->mutex);
    769774    free(l);
     
    771776    if(file || line) return;
    772777}
     778
     779/* Init necessary structures for SSL in WebIf*/
     780SSL_CTX *SSL_Webif_Init() {
     781    SSL_library_init();
     782    SSL_load_error_strings();
     783    ERR_load_BIO_strings();
     784    ERR_load_SSL_strings();
     785
     786    SSL_METHOD *meth;
     787    SSL_CTX *ctx;
     788
     789    static const char *cs_cert="oscam.pem";
     790   
     791    // set locking callbacks for SSL
     792    int32_t i, num = CRYPTO_num_locks();
     793    lock_cs = (pthread_mutex_t*) OPENSSL_malloc(num * sizeof(pthread_mutex_t));
     794   
     795    for (i = 0; i < num; ++i) {
     796        if(pthread_mutex_init(&lock_cs[i], NULL)){
     797            while(--i > 0){
     798                pthread_mutex_destroy(&lock_cs[i]);
     799                --i;
     800            }
     801            free(lock_cs);
     802            return NULL;
     803        };
     804    }
     805    /* static lock callbacks */
     806    CRYPTO_set_id_callback(SSL_id_function);
     807    CRYPTO_set_locking_callback(SSL_locking_function);
     808    /* dynamic lock callbacks */
     809    CRYPTO_set_dynlock_create_callback(SSL_dyn_create_function);
     810    CRYPTO_set_dynlock_lock_callback(SSL_dyn_lock_function);
     811    CRYPTO_set_dynlock_destroy_callback(SSL_dyn_destroy_function);
     812
     813    meth = SSLv23_server_method();
     814
     815    ctx = SSL_CTX_new(meth);
     816
     817    char path[128];
     818
     819    if (cfg.http_cert[0]==0)
     820        snprintf(path, sizeof(path), "%s%s", cs_confdir, cs_cert);
     821    else
     822        cs_strncpy(path, cfg.http_cert, sizeof(path));
     823
     824    if (!ctx) {
     825        ERR_print_errors_fp(stderr);
     826        return NULL;
     827       }
     828
     829    if (SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
     830        ERR_print_errors_fp(stderr);
     831        return NULL;
     832    }
     833
     834    if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
     835        ERR_print_errors_fp(stderr);
     836        return NULL;
     837    }
     838
     839    if (!SSL_CTX_check_private_key(ctx)) {
     840        cs_log("SSL: Private key does not match the certificate public key");
     841        return NULL;
     842    }
     843    cs_log("load ssl certificate file %s", path);
     844    return ctx;
     845}
    773846#endif
    774847#endif
Note: See TracChangeset for help on using the changeset viewer.