diff options
author | Christophe Fergeau <cfergeau@redhat.com> | 2013-10-07 18:46:31 +0200 |
---|---|---|
committer | Christophe Fergeau <cfergeau@redhat.com> | 2014-01-20 12:15:41 +0100 |
commit | d533f72fe6d20a20f26846a3b3c43b3571f4f2a8 (patch) | |
tree | aaa710b2008096d7bf967adf5c1a9f9db0951d95 /server/reds_stream.c | |
parent | e46743100f1668bc1af358d65442b282f89784c1 (diff) | |
download | spice-d533f72fe6d20a20f26846a3b3c43b3571f4f2a8.tar.gz spice-d533f72fe6d20a20f26846a3b3c43b3571f4f2a8.tar.xz spice-d533f72fe6d20a20f26846a3b3c43b3571f4f2a8.zip |
reds: Move SSL-related code to RedsStream
Code to initiate a SSL stream belongs there
Diffstat (limited to 'server/reds_stream.c')
-rw-r--r-- | server/reds_stream.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/server/reds_stream.c b/server/reds_stream.c index 093621fb..5ec0efa8 100644 --- a/server/reds_stream.c +++ b/server/reds_stream.c @@ -149,6 +149,56 @@ void reds_stream_push_channel_event(RedsStream *s, int event) main_dispatcher_channel_event(event, s->info); } +RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream) +{ + int ssl_error; + int return_code; + + return_code = SSL_accept(stream->ssl); + if (return_code == 1) { + return REDS_STREAM_SSL_STATUS_OK; + } + + ssl_error = SSL_get_error(stream->ssl, return_code); + if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ || + ssl_error == SSL_ERROR_WANT_WRITE)) { + if (ssl_error == SSL_ERROR_WANT_READ) { + return REDS_STREAM_SSL_STATUS_WAIT_FOR_READ; + } else { + return REDS_STREAM_SSL_STATUS_WAIT_FOR_WRITE; + } + } + + ERR_print_errors_fp(stderr); + spice_warning("SSL_accept failed, error=%d", ssl_error); + SSL_free(stream->ssl); + stream->ssl = NULL; + + return REDS_STREAM_SSL_STATUS_ERROR; +} + +int reds_stream_enable_ssl(RedsStream *stream, SSL_CTX *ctx) +{ + BIO *sbio; + + // Handle SSL handshaking + if (!(sbio = BIO_new_socket(stream->socket, BIO_NOCLOSE))) { + spice_warning("could not allocate ssl bio socket"); + return REDS_STREAM_SSL_STATUS_ERROR; + } + + stream->ssl = SSL_new(ctx); + if (!stream->ssl) { + spice_warning("could not allocate ssl context"); + BIO_free(sbio); + return REDS_STREAM_SSL_STATUS_ERROR; + } + + SSL_set_bio(stream->ssl, sbio, sbio); + + return reds_stream_ssl_accept(stream); +} + #if HAVE_SASL bool reds_stream_write_u8(RedsStream *s, uint8_t n) { |