diff options
| author | Alexey Shchepin <alexey@process-one.net> | 2005-11-03 05:04:54 +0000 |
|---|---|---|
| committer | Alexey Shchepin <alexey@process-one.net> | 2005-11-03 05:04:54 +0000 |
| commit | f6343f01f7db7aa46658ce6ad580e96cc2710478 (patch) | |
| tree | cdf133e5090307934dee3bb7f57fd723046fad36 /src/tls/tls_drv.c | |
| parent | * src/mod_disco.erl: Minor fix (diff) | |
* src/ejabberd_s2s_out.erl: Support for STARTTLS+SASL EXTERNAL
* src/ejabberd_s2s_in.erl: Likewise
* src/tls/tls.erl: Likewise
* src/tls/tls_drv.c: Likewise
* src/tls/XmppAddr.asn1: Likewise
* src/tls/Makefile.in: Likewise
SVN Revision: 430
Diffstat (limited to '')
| -rw-r--r-- | src/tls/tls_drv.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/tls/tls_drv.c b/src/tls/tls_drv.c index 608830ffb..742eda8f0 100644 --- a/src/tls/tls_drv.c +++ b/src/tls/tls_drv.c @@ -46,12 +46,19 @@ static void tls_drv_stop(ErlDrvData handle) } +static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +{ + return 1; +} + #define SET_CERTIFICATE_FILE_ACCEPT 1 #define SET_CERTIFICATE_FILE_CONNECT 2 #define SET_ENCRYPTED_INPUT 3 #define SET_DECRYPTED_OUTPUT 4 #define GET_ENCRYPTED_OUTPUT 5 #define GET_DECRYPTED_INPUT 6 +#define GET_PEER_CERTIFICATE 7 +#define GET_VERIFY_RESULT 8 #define die_unless(cond, errstr) \ @@ -75,6 +82,7 @@ static int tls_drv_control(ErlDrvData handle, int res; int size; ErlDrvBinary *b; + X509 *cert; switch (command) { @@ -92,6 +100,15 @@ static int tls_drv_control(ErlDrvData handle, res = SSL_CTX_check_private_key(d->ctx); die_unless(res > 0, "SSL_CTX_check_private_key failed"); + SSL_CTX_set_default_verify_paths(d->ctx); + + if (command == SET_CERTIFICATE_FILE_ACCEPT) + { + SSL_CTX_set_verify(d->ctx, + SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, + verify_callback); + } + d->ssl = SSL_new(d->ctx); die_unless(d->ssl, "SSL_new failed"); @@ -182,6 +199,37 @@ static int tls_drv_control(ErlDrvData handle, return rlen; } break; + case GET_PEER_CERTIFICATE: + cert = SSL_get_peer_certificate(d->ssl); + if (cert == NULL) + { + b = driver_alloc_binary(1); + b->orig_bytes[0] = 1; + *rbuf = (char *)b; + return 1; + } else { + unsigned char *tmp_buf; + rlen = i2d_X509(cert, NULL); + if (rlen >= 0) + { + rlen++; + b = driver_alloc_binary(rlen); + b->orig_bytes[0] = 0; + tmp_buf = &b->orig_bytes[1]; + i2d_X509(cert, &tmp_buf); + X509_free(cert); + *rbuf = (char *)b; + return rlen; + } else + X509_free(cert); + } + break; + case GET_VERIFY_RESULT: + b = driver_alloc_binary(1); + b->orig_bytes[0] = SSL_get_verify_result(d->ssl); + *rbuf = (char *)b; + return 1; + break; } b = driver_alloc_binary(1); |