diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-29 15:30:34 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-19 22:31:46 +0200 |
commit | 6245178696842fb22f2c53d87184236fd471a334 (patch) | |
tree | a40bdda0e4296e6dfb428f7566bab23da3e8d302 /ssl_openssl.c | |
parent | b64ffdcf09edd7110c1f851942d0e8d4e05d883c (diff) | |
download | openvpn-6245178696842fb22f2c53d87184236fd471a334.tar.gz openvpn-6245178696842fb22f2c53d87184236fd471a334.tar.xz openvpn-6245178696842fb22f2c53d87184236fd471a334.zip |
Refactored root SSL context initialisation
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_openssl.c')
-rw-r--r-- | ssl_openssl.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ssl_openssl.c b/ssl_openssl.c index c80dfb1..c03fb54 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -75,6 +75,61 @@ tls_clear_error() ERR_clear_error (); } +/* + * OpenSSL callback to get a temporary RSA key, mostly + * used for export ciphers. + */ +static RSA * +tmp_rsa_cb (SSL * s, int is_export, int keylength) +{ + static RSA *rsa_tmp = NULL; + if (rsa_tmp == NULL) + { + msg (D_HANDSHAKE, "Generating temp (%d bit) RSA key", keylength); + rsa_tmp = RSA_generate_key (keylength, RSA_F4, NULL, NULL); + } + return (rsa_tmp); +} + +void +tls_ctx_server_new(struct tls_root_ctx *ctx) +{ + ASSERT(NULL != ctx); + + ctx->ctx = SSL_CTX_new (TLSv1_server_method ()); + + if (ctx->ctx == NULL) + msg (M_SSLERR, "SSL_CTX_new TLSv1_server_method"); + + SSL_CTX_set_tmp_rsa_callback (ctx->ctx, tmp_rsa_cb); +} + +void +tls_ctx_client_new(struct tls_root_ctx *ctx) +{ + ASSERT(NULL != ctx); + + ctx->ctx = SSL_CTX_new (TLSv1_client_method ()); + + if (ctx->ctx == NULL) + msg (M_SSLERR, "SSL_CTX_new TLSv1_client_method"); +} + +void +tls_ctx_free(struct tls_root_ctx *ctx) +{ + ASSERT(NULL != ctx); + if (NULL != ctx->ctx) + SSL_CTX_free (ctx->ctx); + ctx->ctx = NULL; +} + +bool tls_ctx_initialised(struct tls_root_ctx *ctx) +{ + ASSERT(NULL != ctx); + return NULL != ctx->ctx; +} + void show_available_tls_ciphers () { |