7
7
* url, compute a MD5 over this result and match it to the
10
* Version: $Id: check_ssl.c,v 1.1.7 2004/04/04 23:28:05 acassen Exp $
10
* Version: $Id: check_ssl.c,v 1.1.11 2005/03/01 01:22:13 acassen Exp $
12
12
* Authors: Alexandre Cassen, <acassen@linux-vs.org>
13
13
* Jan Holmberg, <jan@artech.net>
22
22
* as published by the Free Software Foundation; either version
23
23
* 2 of the License, or (at your option) any later version.
25
* Copyright (C) 2001-2004 Alexandre Cassen, <acassen@linux-vs.org>
25
* Copyright (C) 2001-2005 Alexandre Cassen, <acassen@linux-vs.org>
28
28
#include <openssl/err.h>
195
ssl_connect(thread * thread)
192
ssl_connect(thread * thread_obj)
197
checker *checker = THREAD_ARG(thread);
198
http_get_checker *http_get_check = CHECKER_ARG(checker);
199
http_arg *http_arg = HTTP_ARG(http_get_check);
200
REQ *req = HTTP_REQ(http_arg);
194
checker *checker_obj = THREAD_ARG(thread_obj);
195
http_get_checker *http_get_check = CHECKER_ARG(checker_obj);
196
http_arg *http_arg_obj = HTTP_ARG(http_get_check);
197
REQ *req = HTTP_REQ(http_arg_obj);
202
199
req->ssl = SSL_new(check_data->ssl->ctx);
203
req->bio = BIO_new_socket(thread->u.fd, BIO_NOCLOSE);
200
req->bio = BIO_new_socket(thread_obj->u.fd, BIO_NOCLOSE);
204
201
SSL_set_bio(req->ssl, req->bio, req->bio);
206
203
return (SSL_connect(req->ssl) > 0) ? 1 : 0;
229
226
/* Asynchronous SSL stream reader */
231
ssl_read_thread(thread * thread)
228
ssl_read_thread(thread * thread_obj)
233
checker *checker = THREAD_ARG(thread);
234
http_get_checker *http_get_check = CHECKER_ARG(checker);
235
http_arg *http_arg = HTTP_ARG(http_get_check);
236
REQ *req = HTTP_REQ(http_arg);
230
checker *checker_obj = THREAD_ARG(thread_obj);
231
http_get_checker *http_get_check = CHECKER_ARG(checker_obj);
232
http_arg *http_arg_obj = HTTP_ARG(http_get_check);
233
REQ *req = HTTP_REQ(http_arg_obj);
237
234
unsigned char digest[16];
240
238
/* Handle read timeout */
241
if (thread->type == THREAD_READ_TIMEOUT && !req->extracted)
242
return timeout_epilog(thread, "=> SSL CHECK failed on service"
239
if (thread_obj->type == THREAD_READ_TIMEOUT && !req->extracted)
240
return timeout_epilog(thread_obj, "=> SSL CHECK failed on service"
243
241
" : recevice data <=\n\n", "SSL read");
243
/* Set descriptor non blocking */
244
val = fcntl(thread_obj->u.fd, F_GETFL, 0);
245
fcntl(thread_obj->u.fd, F_SETFL, val | O_NONBLOCK);
245
247
/* read the SSL stream */
246
248
r = SSL_read(req->ssl, req->buffer + req->len,
247
249
MAX_BUFFER_LENGTH - req->len);
251
/* restore descriptor flags */
252
fcntl(thread_obj->u.fd, F_SETFL, val);
248
254
req->error = SSL_get_error(req->ssl, r);
250
256
if (req->error) {
259
265
if (r && !req->extracted) {
260
266
/* check if server is currently alive */
261
if (svr_checker_up(checker->id, checker->rs)) {
262
smtp_alert(thread->master, checker->rs, NULL, NULL,
267
if (svr_checker_up(checker_obj->id, checker_obj->rs)) {
268
smtp_alert(checker_obj->rs, NULL, NULL,
264
270
"=> SSL CHECK failed on service"
265
271
" : cannot receive data <=\n\n");
266
update_svr_checker_state(DOWN, checker->id
272
update_svr_checker_state(DOWN, checker_obj->id
270
return epilog(thread, 1, 0, 0);
276
return epilog(thread_obj, 1, 0, 0);
273
279
/* Handle response stream */
274
http_handle_response(thread, digest, (!req->extracted) ? 1 : 0);
280
http_handle_response(thread_obj, digest, (!req->extracted) ? 1 : 0);
276
282
} else if (r > 0 && req->error == 0) {
282
288
* Register next ssl stream reader.
283
289
* Register itself to not perturbe global I/O multiplexer.
285
thread_add_read(thread->master, ssl_read_thread, checker,
286
thread->u.fd, http_get_check->connection_to);
291
thread_add_read(thread_obj->master, ssl_read_thread, checker_obj,
292
thread_obj->u.fd, http_get_check->connection_to);
added
removed
keepalived/check/check_ssl.c
