116 lines
3.1 KiB
C
116 lines
3.1 KiB
C
/*
|
|
* ssl.c
|
|
*
|
|
* Copyright (C) 2003 Hugo Villeneuve <hugo@hugovil.com>
|
|
* Based on ssl_client.c (Sean Walton and Macmillan Publishers).
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*/
|
|
|
|
#if HAVE_CONFIG_H
|
|
# include "config.h"
|
|
#endif
|
|
|
|
#if HAVE_SSL
|
|
|
|
/* Define filename_M */
|
|
#define SSL_M 1
|
|
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <unistd.h>
|
|
#include <malloc.h>
|
|
#include <string.h>
|
|
#include <sys/socket.h>
|
|
#include <resolv.h>
|
|
#include <netdb.h>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/err.h>
|
|
|
|
#include "common.h"
|
|
#include "wmnotify.h"
|
|
#include "ssl.h"
|
|
|
|
|
|
/* InitCTX - initialize the SSL engine. */
|
|
SSL_CTX *
|
|
InitCTX( void )
|
|
{
|
|
SSL_METHOD *method;
|
|
SSL_CTX *ctx;
|
|
|
|
SSL_library_init(); /* Load cryptos, et.al. */
|
|
SSL_load_error_strings(); /* Bring in and register error messages */
|
|
method = SSLv23_client_method(); /* Indicate we support SSLv2, SSLv3 and TLSv1 methods. */
|
|
ctx = SSL_CTX_new(method); /* Create new context */
|
|
if( ctx == NULL ) {
|
|
ERR_print_errors_fp(stderr);
|
|
abort();
|
|
}
|
|
return ctx;
|
|
}
|
|
|
|
|
|
/* ShowCerts - print out the certificates. */
|
|
void
|
|
ShowCerts( SSL *ssl )
|
|
{
|
|
X509 *cert;
|
|
char *line;
|
|
|
|
cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
|
|
if ( cert != NULL ) {
|
|
printf("Server certificates:\n");
|
|
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
|
|
printf("Subject: %s\n", line);
|
|
free(line); /* free the malloc'ed string */
|
|
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
|
|
printf("Issuer: %s\n", line);
|
|
free(line); /* free the malloc'ed string */
|
|
X509_free(cert); /* free the malloc'ed certificate copy */
|
|
}
|
|
else {
|
|
printf("No certificates.\n");
|
|
}
|
|
}
|
|
|
|
|
|
int
|
|
InitSSL( int sock_fd )
|
|
{
|
|
ssl_infos.ctx = InitCTX();
|
|
ssl_infos.ssl = SSL_new( ssl_infos.ctx ); /* create new SSL connection state */
|
|
if( ssl_infos.ssl == NULL ) {
|
|
printf( "%s: Error in SSL_new()\n", PACKAGE );
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
SSL_set_fd( ssl_infos.ssl, sock_fd ); /* attach the socket descriptor */
|
|
if( SSL_connect( ssl_infos.ssl ) == FAIL ) { /* perform the connection */
|
|
ERR_print_errors_fp(stderr);
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
if( wmnotify_infos.debug ) {
|
|
printf("Connected with %s encryption\n", SSL_get_cipher( ssl_infos.ssl ));
|
|
ShowCerts( ssl_infos.ssl ); /* get any certs */
|
|
}
|
|
|
|
return EXIT_SUCCESS;
|
|
}
|
|
|
|
|
|
#endif /* HAVE_SSL */
|