Implement ressl_accept_socket, which allocates a new server connection

context (if necessary) and handles the TLS/SSL handshake over the given socket.
2025-01-10 06:47:55 -08:00 · 2014-08-04 16:34:11 +00:00 · 2014-08-04 16:34:11 +00:00 · 2c0c4ff455
commit 2c0c4ff455
parent 031cf80d52
2 changed files with 45 additions and 4 deletions
--- a/lib/libressl/ressl.h
+++ b/lib/libressl/ressl.h
@ -47,8 +47,8 @@ int ressl_configure(struct ressl *ctx, struct ressl_config *config);
 void ressl_reset(struct ressl *ctx);
 void ressl_free(struct ressl *ctx);

-int ressl_accept(struct ressl *ctx);
-int ressl_accept_socket(struct ressl *ctx, int socket);
+int ressl_accept(struct ressl *ctx, struct ressl **cctx);
+int ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket);
 int ressl_connect(struct ressl *ctx, const char *host, const char *port);
 int ressl_connect_socket(struct ressl *ctx, int s, const char *hostname);
 int ressl_listen(struct ressl *ctx, const char *host, const char *port, int af);
--- a/lib/libressl/ressl_server.c
+++ b/lib/libressl/ressl_server.c
@ -17,6 +17,7 @@
 #include <openssl/ec.h>
 #include <openssl/ssl.h>

+#include <ressl.h>
 #include "ressl_internal.h"

 struct ressl *
@ -92,7 +93,7 @@ err:
 }

 int
-ressl_accept(struct ressl *ctx)
+ressl_accept(struct ressl *ctx, struct ressl **cctx)
 {
 	if ((ctx->flags & RESSL_SERVER) == 0) {
 		ressl_set_error(ctx, "not a server context");
@ -104,13 +105,53 @@ err:
 }

 int
-ressl_accept_socket(struct ressl *ctx, int socket)
+ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket)
 {
+	struct ressl *conn_ctx = *cctx;
+	int ret, ssl_err;
+	
 	if ((ctx->flags & RESSL_SERVER) == 0) {
 		ressl_set_error(ctx, "not a server context");
 		goto err;
 	}

+	if (conn_ctx == NULL) {
+		if ((conn_ctx = ressl_server_conn(ctx)) == NULL) {
+			ressl_set_error(ctx, "connection context failure");
+			goto err;
+		}
+		*cctx = conn_ctx;
+
+		conn_ctx->socket = socket;
+
+		if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
+			ressl_set_error(ctx, "ssl failure");
+			goto err;
+		}
+
+		if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
+			ressl_set_error(ctx, "ssl set fd failure");
+			goto err;
+		}
+		SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
+	}
+
+	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
+		ssl_err = SSL_get_error(conn_ctx->ssl_conn, ret);
+		switch (ssl_err) {
+		case SSL_ERROR_WANT_READ:
+			return (RESSL_READ_AGAIN);
+		case SSL_ERROR_WANT_WRITE:
+			return (RESSL_WRITE_AGAIN);
+		default:
+			ressl_set_error(ctx, "ssl accept failure (%i)",
+			    ssl_err);
+			goto err;
+		}
+	}
+
+	return (0);
+
 err:
 	return (-1);
 }