234
234
char *lockName = NULL;
236
236
Ns_DStringInit(&ds);
238
237
thisServer = ns_malloc(sizeof(Server));
239
if (thisServer == NULL)
238
if (thisServer == NULL) {
240
239
Ns_Log(Fatal, "%s (%s): memory allocation failed");
242
241
thisServer->server = server;
243
242
thisServer->defaultservercontext = NULL;
244
243
thisServer->defaultclientcontext = NULL;
245
244
thisServer->nextSessionCacheId = 1;
247
245
Ns_MutexInit(&thisServer->lock);
248
246
Ns_DStringPrintf(&ds, "server:%s", server);
249
247
lockName = Ns_DStringExport(&ds);
326
322
path = Ns_ConfigGetPath(server, MODULE, "defaults", NULL);
327
323
defaults = Ns_ConfigGetSection(path);
329
324
if (defaults == NULL) {
330
325
Ns_Log(Notice, "%s (%s): no default SSL contexts defined for this server",
335
329
for (i = 0; i < Ns_SetSize(defaults); ++i) {
336
330
name = Ns_SetKey(defaults, i);
337
331
value = Ns_ConfigGetValue(path, name);
339
//Ns_Log(Debug, "LoadSSLContexts: default context name = (%s), value = (%s)", name, value);
341
332
sslcontext = Ns_OpenSSLServerSSLContextGet(server, value);
342
333
if (sslcontext != NULL) {
343
334
Ns_Log(Notice, "%s (%s): default SSL context for %s is %s", MODULE, server, name, value);
344
if (STREQ(name, "server")) {
335
if (STRIEQ(name, "server")) {
345
336
thisServer->defaultservercontext = value;
346
337
Ns_Log(Notice, "default server SSL context: %s", thisServer->defaultservercontext);
347
} else if (STREQ(name, "client")) {
338
} else if (STRIEQ(name, "client")) {
348
339
thisServer->defaultclientcontext = value;
349
340
Ns_Log(Notice, "default client SSL context: %s", thisServer->defaultclientcontext);
497
484
if (sessionCache == NS_TRUE) {
498
485
NsOpenSSLContextSessionCacheSet(server, sslcontext, sessionCache);
501
487
if (Ns_ConfigGetInt(path, "sessioncachesize", &sessionCacheSize) == NS_TRUE) {
502
488
NsOpenSSLContextSessionCacheSizeSet(server, sslcontext, sessionCacheSize);
505
490
if (Ns_ConfigGetInt(path, "sessioncachetimeout", &sessionCacheTimeout) == NS_TRUE) {
506
491
NsOpenSSLContextSessionCacheTimeoutSet(server, sslcontext, sessionCacheTimeout);
597
578
if (CRYPTO_set_mem_functions(ns_malloc, ns_realloc, ns_free) == 0)
598
579
Ns_Log(Warning, "%s: OpenSSL memory callbacks failed in InitOpenSSL",
601
581
num_locks = CRYPTO_num_locks();
602
582
locks = ns_calloc(num_locks, sizeof(*locks));
604
583
for (i = 0; i < num_locks; i++) {
605
584
Ns_DStringPrintf(&ds, "crypto:%d", i);
606
585
lockName = Ns_DStringExport(&ds);
680
656
if (RAND_status()) {
684
659
path = Ns_ConfigGetPath(MODULE, NULL);
686
660
if (Ns_ConfigGetInt(path, "seedbytes", &seedBytes) == NS_FALSE) {
687
661
seedBytes = DEFAULT_SEEDBYTES;
690
663
if (Ns_ConfigGetInt(path, "maxbytes", &maxBytes) == NS_FALSE) {
691
664
maxBytes = DEFAULT_MAXBYTES;
720
692
size = sizeof(double) * seedBytes;
721
693
buf_ptr = Ns_Malloc(size);
722
694
bufoffset_ptr = buf_ptr;
724
695
for (i = 0; i < seedBytes; i++) {
725
696
*bufoffset_ptr = Ns_DRand();
729
699
RAND_add(buf_ptr, seedBytes, (double) seedBytes);
730
700
ns_free(buf_ptr);
732
701
if (!RAND_status()) {
733
702
Ns_Log(Warning, "%s: failed to seed PRNG", MODULE);
813
782
Ns_DStringInit(&ds);
815
783
lock = ns_calloc(1, sizeof(*lock));
816
784
Ns_DStringVarAppend(&ds, "openssl: ", file, ": ");
817
785
Ns_DStringPrintf(&ds, "%d", line);
818
786
Ns_MutexSetName2(lock, MODULE, Ns_DStringValue(&ds));
819
788
return (struct CRYPTO_dynlock_value *) lock;
902
871
path = Ns_ConfigGetPath(server, MODULE, "ssldrivers", NULL);
903
872
ssldrivers = Ns_ConfigGetSection(path);
905
873
if (ssldrivers == NULL) {
906
874
Ns_Log(Notice, "%s (%s): no SSL drivers defined for this server",
911
878
for (i = 0; i < Ns_SetSize(ssldrivers); ++i) {
912
879
name = Ns_SetKey(ssldrivers, i);
913
880
Ns_Log(Notice, "%s (%s): loading '%s' SSL driver", MODULE, server, name);
915
881
path = Ns_ConfigGetPath(server, MODULE, "ssldriver", name, NULL);
916
882
if (path == NULL) {
917
883
Ns_Log(Error, "%s (%s): SSL driver '%s' not defined in configuration file",
918
884
MODULE, server, name);
922
887
sslcontextname = Ns_ConfigGetValue(path, "sslcontext");
923
888
if (sslcontextname == NULL) {
924
889
Ns_Log(Error, "%s (%s): 'sslcontext' parameter not defined for driver '%s'",
939
904
ssldriver = ns_calloc(1, sizeof(NsOpenSSLDriver));
941
//Ns_Log(Debug, "LoadSSLDrivers: ssldriver = (%p)", ssldriver);
943
905
ssldriver->server = server;
944
906
ssldriver->sslcontext = sslcontext;
945
907
ssldriver->name = name;
946
908
ssldriver->path = path;
947
909
ssldriver->refcnt = 0;
949
910
if (!Ns_ConfigGetInt(path, "port", &ssldriver->port)) {
950
911
ssldriver->port = 443;
1105
1065
OpenSSLProc(Ns_DriverCmd cmd, Ns_Sock *sock, struct iovec *bufs, int nbufs)
1107
NsOpenSSLDriver *ssldriver = (NsOpenSSLDriver *) sock->driver->arg;
1108
NsOpenSSLConn *sslconn = (NsOpenSSLConn *) sock->arg;
1067
NsOpenSSLDriver *driver = (NsOpenSSLDriver *) sock->driver->arg;
1068
NsOpenSSLConn *conn = (NsOpenSSLConn *) sock->arg;
1069
int n = -1, total, op;
1113
1072
case DriverRecv:
1114
1073
case DriverSend:
1117
* Create the SSL layer on first I/O and run SSL handshake.
1120
if (sslconn == NULL) {
1122
/* XXX core driver socket handles this, no? */
1123
/* XXX look at interaction issues - when driver sock dies, how do I handle it? */
1124
n = sock->driver->recvwait;
1125
if (n > sock->driver->sendwait)
1126
n = sock->driver->sendwait;
1129
sslconn = NsOpenSSLConnCreate(sock->sock, ssldriver->sslcontext);
1130
if (sslconn == NULL) {
1135
// XXX Ns_Log(Debug, "OpenSSLProc: ssldriver = (%p), sslcontext = (%p), sslconn = (%p)",
1136
// XXX ssldriver, ssldriver->sslcontext, sslconn);
1138
/* XXX find way to ditch this part -- set later or on-demand */
1139
sslconn->peerport = ssldriver->port;
1140
sock->arg = (void *) sslconn;
1076
* If first connection, wrap SSL around the socket.
1079
conn = NsOpenSSLConnCreate(sock->sock, driver->sslcontext);
1081
conn->peerport = driver->port;
1082
conn->recvwait = sock->driver->recvwait;
1083
conn->sendwait = sock->driver->sendwait;
1084
sock->arg = (void *) conn;
1144
* Process each buffer one at a time
1088
* Process each buffer one at a time.
1091
op = (cmd == DriverSend) ? NSOPENSSL_SEND : NSOPENSSL_RECV;
1149
if (cmd == DriverSend) {
1150
// XXX Ns_Log(Debug, "OpenSSLProc: DriverSend: towrite = %d", (int) bufs->iov_len);
1151
n = NsOpenSSLConnSend(sslconn->ssl, bufs->iov_base, (int) bufs->iov_len);
1153
// XXX Ns_Log(Debug, "OpenSSLProc: DriverRecv: toread = %d", (int) bufs->iov_len);
1154
n = NsOpenSSLConnRecv(sslconn->ssl, bufs->iov_base, (int) bufs->iov_len);
1156
if (n < 0 && total > 0) {
1157
/* NB: Mask error if some bytes were read. */
1094
n = NsOpenSSLConnOp(conn->ssl, bufs->iov_base,
1095
(int) bufs->iov_len, op);
1162
1100
} while (n > 0 && --nbufs > 0);
1166
1106
case DriverKeep:
1167
if (sslconn != NULL && NsOpenSSLConnFlush(sslconn) == NS_OK) {
1107
if (conn != NULL && NsOpenSSLConnFlush(conn) == NS_OK) {
1174
1114
case DriverClose:
1175
if (sslconn != NULL) {
1176
(void) NsOpenSSLConnFlush(sslconn);
1177
NsOpenSSLConnDestroy(sslconn);
1116
(void) NsOpenSSLConnFlush(conn);
1117
NsOpenSSLConnDestroy(conn);
1178
1118
sock->arg = NULL;
1184
Ns_Log(Error, "%s (%s): Unsupported driver command encountered",
1185
MODULE, ssldriver->server);
1124
Ns_Log(Error, "%s (%s): Unsupported driver command '%d'",
1125
MODULE, driver->server, cmd);