hide the global tls context inside tortls.c

svn:r431
This commit is contained in:
Roger Dingledine 2003-09-08 06:22:19 +00:00
parent 413c7a19ed
commit ace475f01c
2 changed files with 22 additions and 15 deletions

View File

@ -32,6 +32,9 @@ struct tor_tls_st {
int isServer;
};
/* global tls context, keep it here because nobody else needs to touch it */
static tor_tls_context *global_tls_context=NULL;
#define _TOR_TLS_SYSCALL -6
#define _TOR_TLS_ZERORETURN -5
@ -82,6 +85,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
assert(rsa && rsa->type == CRYPTO_PK_RSA);
if (!(_rsa = RSAPrivateKey_dup((RSA*)rsa->key)))
/* XXX we have a crypto_pk_dup_key(), it's a shame we can't use it here */
return -1;
if (!(pkey = EVP_PKEY_new()))
return -1;
@ -130,9 +134,9 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
/* Create a new TLS context. If we are going to be using it as a
* server, it must have isServer set to true, certfile set to a
* filename for a certificate file, and RSA set to the private key
* used for that certificate.
* used for that certificate. Return -1 if failure, else 0.
*/
tor_tls_context *
int
tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
{
crypto_dh_env_t *dh = NULL;
@ -145,28 +149,28 @@ tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
result = tor_malloc(sizeof(tor_tls_context));
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
return NULL;
return -1;
/* XXXX This should use AES, but we'll need to require OpenSSL 0.9.7 first */
if (!SSL_CTX_set_cipher_list(result->ctx, TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA))
/* TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)) */
return NULL;
return -1;
if (certfile && !SSL_CTX_use_certificate_file(result->ctx,certfile,
SSL_FILETYPE_PEM))
return NULL;
return -1;
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
if (rsa) {
if (!(_rsa = RSAPrivateKey_dup((RSA*)rsa->key)))
return NULL;
return -1;
if (!(pkey = EVP_PKEY_new()))
return NULL;
return -1;
if (!EVP_PKEY_assign_RSA(pkey, _rsa))
return NULL;
return -1;
if (!SSL_CTX_use_PrivateKey(result->ctx, pkey))
return NULL;
return -1;
EVP_PKEY_free(pkey);
if (certfile) {
if (!SSL_CTX_check_private_key(result->ctx))
return NULL;
return -1;
}
}
dh = crypto_dh_new();
@ -175,17 +179,19 @@ tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
return result;
global_tls_context = result;
return 0;
}
/* Create a new TLS object from a TLS context, a filedescriptor, and
* a flag to determine whether it is functioning as a server.
*/
tor_tls *
tor_tls_new(tor_tls_context *ctx, int sock, int isServer)
tor_tls_new(int sock, int isServer)
{
tor_tls *result = tor_malloc(sizeof(tor_tls));
if (!(result->ssl = SSL_new(ctx->ctx)))
assert(global_tls_context); /* make sure somebody made it first */
if (!(result->ssl = SSL_new(global_tls_context->ctx)))
return NULL;
result->socket = sock;
SSL_set_fd(result->ssl, sock);
@ -322,3 +328,4 @@ tor_tls_shutdown(tor_tls *tls)
return err;
}
}

View File

@ -17,8 +17,8 @@ typedef struct tor_tls_st tor_tls;
#define TOR_TLS_DONE 0
int tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname);
tor_tls_context *tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer);
tor_tls *tor_tls_new(tor_tls_context *ctx, int sock, int isServer);
int tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer);
tor_tls *tor_tls_new(int sock, int isServer);
void tor_tls_free(tor_tls *tls);
int tor_tls_read(tor_tls *tls, char *cp, int len);
int tor_tls_write(tor_tls *tls, char *cp, int n);