Hi:
The model code I mentioned is attached to this note.
Best Regards,
Paul R.
On 06/01/2021 12:08 PM, pa...@rcom-software.com wrote:
Hi:
I have used OpenSSL for that kind of functionality successfully.
Howerver, be aware that it does have idiosyncracies
and you must decide on SSL Certficate Authority arrangements to
select the correct API calls. The verision I use
is 1.1.1e which is certainly not the latest one. Also, you need to
have your Certificate creation arrangments in
order before you can use OpenSsl. The postiive side to this is that
OpenSSL has an array of tools to simplify
this task. However, you must be willing to carefully read the
documentation.
The following links provide relevant information.
https://blog.devolutions.net/2020/07/tutorial-how-to-generate-secure-self-signed-server-and-client-certificates-with-openssl
https://www.scottbrady91.com/OpenSSL/Creating-RSA-Keys-using-OpenSSL
https://www.shellhacks.com/openssl-check-private-key-matches-ssl-certificate-csr/
A lot of the documentation is accessible as Linux man pages. I can
send you a
copy of some model code if you would like.
Best Regards,
Paul R.
On Wednesday, April 21, 2021 at 2:09:00 AM UTC-7 dlme...@gmail.com wrote:
Hi
I think I do have a POC that you can use
https://github.com/deleisha/evt-tls
On Wed, Apr 21, 2021 at 1:48 PM Reza Mahdi <rezam...@gmail.com> wrote:
Well, I didn't find any one for server or client. By the way,
what you want is 2 parts:
1. After creating the connection, create the request.
2. Create a tls engine that is performing in memory,
for example a MEM_BIO in openssl
And then perform the transportation.
Creating the request is easy, http is a textual protocol. For
tls side, read openssl ssl docs with memory BIO.
On Wed, Apr 21, 2021, 12:36 Boris Feinstein <mad...@gmail.com>
wrote:
Hi all,
I'm looking for a library to allow performing HTTP
requests using libuv with TLS support.
Not an HTTP server, only an HTTP client.
Is anyone familiar with such projects?
Thanks in advance,
Boris
--
You received this message because you are subscribed to
the Google Groups "libuv" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to libuv+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/libuv/8e7ee63c-2753-4b71-8ae3-ed5abf8c4f82n%40googlegroups.com
<https://groups.google.com/d/msgid/libuv/8e7ee63c-2753-4b71-8ae3-ed5abf8c4f82n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the
Google Groups "libuv" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to libuv+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/libuv/CAMLQwn%3DcjXmvv_d_DWZ7NyohuJCWeJVmOXPo6p7ie6HDjbbNog%40mail.gmail.com
<https://groups.google.com/d/msgid/libuv/CAMLQwn%3DcjXmvv_d_DWZ7NyohuJCWeJVmOXPo6p7ie6HDjbbNog%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
Warm Regards
--Dev
OpenPegasus Developer
"I'm one of those people that think Thomas Edison and the light
bulb changed the world more than Karl Marx ever did,” Steve Jobs
--
You received this message because you are subscribed to the Google
Groups "libuv" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to libuv+unsubscr...@googlegroups.com
<mailto:libuv+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/libuv/0bd3a276-16ca-486a-97af-cb6844fa1c16n%40googlegroups.com
<https://groups.google.com/d/msgid/libuv/0bd3a276-16ca-486a-97af-cb6844fa1c16n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Paul Romero
-----------
RCOM Communications Software
EMAIL: pa...@rcom-software.com
PHONE: (510)482-2769
--
You received this message because you are subscribed to the Google Groups
"libuv" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to libuv+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/libuv/60B68625.40100%40rcom-software.com.
#include "os_def.h"
#include "basic_def.h"
#include <uv.h>
#include "scram.h"
#include "framework.h"
#ifdef USE_SSL
//
// Use this definition once debugging is complete.
//
// #define PRIVATE static
//
#define PRIVATE static
// #define VTRACE
//
// **************************************************************************************
// ************************************ DATA *******************************************
// **************************************************************************************
//
//
// Protects the Service_Q and its condition variable.
//
extern uv_mutex_t Network_Conn_Mutex;
#ifdef USE_CRYPTO_LOCK
//
// An array of Mutexes used by the cryptography software and libraries to
// prevent corruption of shared memory by the main task/thread.
//
PRIVATE uv_mutex_t *Main_Ssl_Mutex_List;
#endif // USE_CRYPTO_LOCK
//
// *****************************************************************************************
// *********************************** PROTOTYPES *******************************************
// *****************************************************************************************
//
SSL *Ssl_Accept(CONN_DESC *, int );
void Ssl_ReleaseConnect(CONN_DESC *, uv_mutex_t * );
int Ssl_RxData(SSL *, UCHAR *, int );
int Ssl_TxData(SSL *, const UCHAR *, int );
void Ssl_Init();
PRIVATE void Ssl_GetCredentials(SSL_CTX * );
#ifdef MOBILE_AUTH_SSL
PRIVATE BOOL Ssl_ConfigTrust(SSL_CTX *, X509_DESC * );
void Ssl_ReleaseAuth(CONN_DESC * );
#ifdef USE_CRYPTO_LOCK
void Ssl_InitLock(int );
PRIVATE void Ssl_TaskID(CRYPTO_THREADID * );
PRIVATE void Ssl_MainCryptoLock(int , int , const char *, int );
#endif // USE_CRYPTO_LOCK
#endif // MOBILE_AUTH_SSL
#ifdef VTRACE
void PRIVATE ShowCerts(SSL *);
#endif // VTRACE
void fatal_error(int , const char *, ...);
UCHAR *VALLOC(int n);
void VFREE(UCHAR *);
//
// FUNCTION - Ssl_Accept(): Establishes an incoming SSL connection, including insuring
// assessing the client authentication handshake result.
//
// ARGUMENTS
// -----------
// cdesc: A Connection Descriptor.
// sock_fd: The TCP socket descriptor obtained during incoming TCP connection establishment.
//
// RETURN VALUE
// --------------
// Returns an SSL operation socket handle if successful and NULL otherwise.
//
// NOTES
// -------
// If MOBILE_AUTH_SSL is defined, the Server validates the Client.
// The authentication handshake is just configured and initiated in the Server,
// and the handshake protocol exchanges occur within the SSL layer.
//
ROUTINE SSL *Ssl_Accept(CONN_DESC *cdesc, int sock_fd)
{
#ifdef MOBILE_AUTH_SSL
X509_DESC *x509_data;
#endif // MOBILE_AUTH_SSL
SSL_CTX *ctx;
SSL_METHOD *method;
SSL *socket;
int flags, r;
BOOL error;
// printf("TRY\n");
syslog(LOG_INFO, "MAIN_TASK: ATTEMPT SSL CONNECTION - CONN %d FD %d", cdesc->index, cdesc->fd);
ENTER_MUTEX(&Network_Conn_Mutex);
cdesc->ssl_ctx = NULL;
cdesc->ssl_socket = NULL;
EXIT_MUTEX(&Network_Conn_Mutex);
#ifdef MOBILE_AUTH_SSL
x509_data = &cdesc->x509_data;
bzero((void *) x509_data, sizeof(X509_DESC));
#endif // MOBILE_AUTH_SSL
//
// Allocate an SSL/TLS V1.2 Context.
//
method = (SSL_METHOD *) TLSv1_2_server_method();
//method = (SSL_METHOD *) SSLv3_server_method();
if( (ctx = SSL_CTX_new(method)) == NULL)
{
syslog(LOG_ERR, "MAIN_TASK: SSL Error - Context Allocation Failure");
ERR_print_errors_fp(stderr);
abort();
}
else
{
ENTER_MUTEX(&Network_Conn_Mutex);
cdesc->ssl_ctx = ctx;
EXIT_MUTEX(&Network_Conn_Mutex);
SSL_CTX_set_options(ctx,
(SSL_OP_TLS_BLOCK_PADDING_BUG | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1));
// (SSL_OP_TLS_BLOCK_PADDING_BUG | SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1));
}
Ssl_GetCredentials(ctx);
//
// Allocate a new SSL socket operation handle.
//
if( !(socket = SSL_new(ctx)) )
{
syslog(LOG_INFO, "MAIN_TASK: CONN[%d] SSL Error - Context Allocation Failure", cdesc->index);
ERR_print_errors_fp(stderr);
ENTER_MUTEX(&Network_Conn_Mutex);
cdesc->ssl_ctx = NULL;
EXIT_MUTEX(&Network_Conn_Mutex);
SSL_CTX_free(ctx);
}
else
{
ENTER_MUTEX(&Network_Conn_Mutex);
cdesc->ssl_socket = socket;
EXIT_MUTEX(&Network_Conn_Mutex);
//
// Configure the SSL authentication characteristics.
//
SSL_set_accept_state(socket);
#ifdef MOBILE_AUTH_SSL
//
// The Server will authenticate the Client.
//
SSL_set_verify(socket, (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
SSL_set_verify_depth(socket, 1);
//
// Configure the Server as a trusted CA to enable authentication of the Client.
//
if(Ssl_ConfigTrust(ctx, x509_data) != TRUE)
{
Ssl_ReleaseConnect(cdesc, &Network_Conn_Mutex);
socket = NULL;
ctx = NULL;
}
#else // MOBILE_AUTH_SSL
//
// No authentication.
//
SSL_set_verify(socket, SSL_VERIFY_NONE, NULL);
#endif // MOBILE_AUTH_SSL
if(socket)
{
// Establish the SSL connection.
//
// Set up SSL socket I/O
//
if( (r = SSL_set_fd(socket, sock_fd)) != 1)
{
syslog(LOG_ERR, "MAIN_TASK: SSL Error - Can't Set Socket Descriptor: Return %d Error %d",
r, SSL_get_error(socket, r));
ERR_print_errors_fp(stderr);
abort();
}
//
// Accept the SSL connection when the authentication handshake is complete.
//
error = FALSE;
while ((r = SSL_accept(socket)) != 1 ) /* do SSL-protocol accept */
{
r = SSL_get_error(socket, r);
switch(r)
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
pthread_yield();
break;
default:
error = TRUE;
}
if(error)
break;
}
if(error)
{
printf("SNAG %d: %s\n", errno, strerror(errno));
syslog(LOG_INFO, "MAIN_TASK: CONN[%d] SSL CONNECTION REJECTED: Return %d Error %d",
cdesc->index, r, SSL_get_error(socket, r));
ERR_print_errors_fp(stderr);
Ssl_ReleaseConnect(cdesc, &Network_Conn_Mutex);
socket = NULL;
ctx = NULL;
}
else
{
syslog(LOG_INFO, "MAIN_TASK: CONN[%d] SSL CONNECTION ESTABLISHED", cdesc->index);
// printf("OK\n");
#ifdef VTRACE
//
// Display certficates from client.
//
ShowCerts(socket);
#endif // VTRACE
//
// Configure the socket for non-blocking operation.
// Simple experimentation confirms this does not break Libuv and works.
//
flags = fcntl(sock_fd, F_GETFL, 0);
fcntl(sock_fd, F_SETFL, (flags | O_NONBLOCK));
}
}
}
return(socket);
}
#ifdef MOBILE_AUTH_SSL
//
// FUNCTION - Ssl_ConfigTrust(): Configures Server authentication of the Client.
//
// ARGUMENTS
// -----------
// ctx: An SSL context.
// x509_data: Points a caller allocated structure for holding the essential X509 authentication items.
//
// RETURN VALUE
// --------------
// Returns TRUE if successful and FALSE otherwise.
//
// NOTES
// -------
// None
//
ROUTINE PRIVATE BOOL Ssl_ConfigTrust(SSL_CTX *ctx, X509_DESC *x509_data)
{
X509_STORE *pstore = NULL;
X509_STORE_CTX *storeCtx = NULL;
BOOL rval = TRUE;
int r = 0;
syslog(LOG_DEBUG, "MAIN_TASK: Configure SSL Authentication");
//
// We no longer load the client's public certificate into memory
// because the underlying bugs making it necessary are fixed.
//
// Now allocate a store context
//
if( !(storeCtx = X509_STORE_CTX_new()) )
{
rval = FALSE;
syslog(LOG_ERR, "MAIN_TASK: X509 Error - Store Context Allocation Failure");
}
else
//
// First, fabricate a temporary trust store and
// add the CA Certificate to the new trust store.
//
if( !(pstore = X509_STORE_new()) )
{
rval = FALSE;
syslog(LOG_INFO, "MAIN_TASK: X509 Error - Store Allocation Failure");
}
else
if( (r = X509_STORE_load_locations(pstore, SSL_CA_CERT_FILE, NULL)) != 1)
syslog(LOG_ERR, "MAIN_TASK: X509 Error - Store Certificate Addition Failure");
else
if( (r = X509_STORE_set_default_paths(pstore)) != 1)
syslog(LOG_ERR, "MAIN_TASK: X509 Error - Store Path Configuration Failure");
else
//
// Now configure the authentication characteristics.
//
if( (r = X509_STORE_CTX_init(storeCtx, pstore, NULL, NULL)) != 1)
syslog(LOG_ERR, "MAIN_TASK: X509 Error - Store Initialization Failure");
else
{
//
// Insert the new store settings in the SSL context.
//
// Finally set the authentication characteristics.
// This flag is just enhance debugging on most SSL versions and
// should be set.
//
SSL_CTX_set_cert_store(ctx, pstore);
X509_STORE_CTX_set_flags(storeCtx, ( X509_V_FLAG_CB_ISSUER_CHECK ) );
}
if(r != 1)
{
syslog(LOG_ERR, "MAIN_TASK: SSL Authentication Configuration Error");
ERR_print_errors_fp(stderr);
abort();
}
if(rval)
{
syslog(LOG_DEBUG, "MAIN_TASK: Authentication Configuration Succeeded");
x509_data->storeCtx = storeCtx;
x509_data->store = pstore;
}
else
{
syslog(LOG_INFO, "MAIN_TASK: Transient SSL Authentication Configuration Failure");
if(pstore)
X509_STORE_free(pstore);
if(storeCtx)
{
X509_STORE_CTX_cleanup(storeCtx);
X509_STORE_CTX_free(storeCtx);
}
}
return(rval);
}
#endif // MOBILE_AUTH_SSL
//
// FUNCTION - Ssl_TxData(): Writes data to the SSL network socket.
//
// ARGUMENTS
// ---------
// socket: The SSL socket.
// buf: The buffer with the data.
// nbytes: The number of bytes to be written.
//
// RETURNS
// -------
// Returns the number of bytes written if successful and -1 if an irrecoverable error occurs.
//
// NOTES
// -----
// If the return value is not -1, it is possible to write more data on the socket.
// Otherwise, for logical purposes, the socket connection is lost.
//
// A threaded environment is assumed.
//
ROUTINE int Ssl_TxData(SSL *socket, const UCHAR *buf, int nbytes)
{
int n, err;
int rval;
if(nbytes <= 0)
{
if(nbytes < 0)
rval = -1;
return(rval);
}
n = SSL_write(socket, buf, nbytes);
if(n > 0)
rval = n;
else
{
err = SSL_get_error(socket, n);
switch(err)
{
case SSL_ERROR_NONE:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
//
// Retry
//
pthread_yield();
break;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_ZERO_RETURN:
//
// The write failed and we have to asuume to connection is lost.
// If errno is ECONNRESET, the connection is lost due to a remote disconnect.
//
ERR_print_errors_fp(stderr);
rval = -1;
break;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
case SSL_ERROR_WANT_X509_LOOKUP:
//
// We should never get this return value because, the X509 authentication
// should be complete when this routine is called, the client cannot
// initiate renegotriation, and the server does not currently initiate
// renegotiaon.
//
syslog(LOG_EMERG, "TRANSMIT_TASK: SSL Error - Unexpected Negotiation");
ERR_print_errors_fp(stderr);
abort();
break;
case SSL_ERROR_SSL:
syslog(LOG_EMERG, "TRANSMIT_TASK: SSL Error - Libary Failure");
ERR_print_errors_fp(stderr);
abort();
break;
default:
fatal_error(LOG_EMERG, "BUG - Invalid SSL Write Return = %d", err);
}
}
return(rval);
}
//
// FUNCTION - Ssl_RxData(): Reads incoming network data from an SSL socket.
//
// ARGUMENTS
// ---------
// socket: The SSL socket.
// buf: The buffer for the data.
// size: Ths size of the buffer.
//
// RETURNS
// -------
// Returns the postive number of bytes read if successful, 0 if no data is read, and
// -1 if an irrecoverable error occurs.
//
// NOTES
// -----
// If the return value is not -1, it is possible more data may arrive on the socket.
// Otherwise, for logical purposes, the socket connection is lost.
//
// A threaded environment is assumed.
//
ROUTINE int Ssl_RxData(SSL *socket, UCHAR *buf, int size)
{
int n, err;
// printf("START READ\n");
n = SSL_read(socket, buf, size);
if(n <= 0)
{
err = SSL_get_error(socket, n);
// printf("ERR %d\n", err);
switch(err)
{
case SSL_ERROR_NONE:
//
// No data.
//
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
//
// Retry later.
//
if(n <= 0)
pthread_yield();
break;
case SSL_ERROR_SYSCALL:
if(n && errno != EINTR)
{
printf("Bad Call ! E %d\n", errno);
//
// Assume the connection is lost in all cases.
// If errno is ECONNRESET, it is lost due to a remote disconnect.
//
syslog(LOG_ERR, "IO_TASK: SSL Error - Read Failure. Errno %d:%s",
errno, strerror(errno));
ERR_print_errors_fp(stderr);
if(n <= 0)
n = -1;
}
else
{
//
// No data
//
// TBD: It isn't clear if there is still a connection at this point.
//
if(errno == ECONNRESET)
{
syslog(LOG_ERR, "IO_TASK: SSL Error - Connection Loss on Read");
ERR_print_errors_fp(stderr);
if(n <= 0)
n = -1;
}
break;
}
break;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
case SSL_ERROR_WANT_X509_LOOKUP:
//
// We should never get this return value because, the X509 authentication
// should be complete when this routine is called, the client cannot
// initiate renegotriation, and the server does not currently initiate
// renegotiaon.
//
syslog(LOG_EMERG, "TRANSMIT_TASK: SSL Error - Unexpected Negotiation");
ERR_print_errors_fp(stderr);
abort();
break;
case SSL_ERROR_ZERO_RETURN:
syslog(LOG_ERR, "IO_TASK: SSL Error - Unexpected Connection Loss");
if(n <= 0)
n = -1;
break;
case SSL_ERROR_SSL:
syslog(LOG_EMERG, "IO_TASK: SSL Error - Library Failure");
ERR_print_errors_fp(stderr);
abort();
break;
default:
fatal_error(LOG_EMERG, "IO_TASK: BUG - Invalid SSL Read Return = %d", err);
}
}
// printf("RX DONE: %d\n", n);
return(n);
}
#ifdef VTRACE
//
// Display certificates sent by the Client.
//
ROUTINE PRIVATE void ShowCerts(SSL* ssl)
{
X509 *cert;
char *line;
cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
if ( cert != NULL )
{
syslog(LOG_DEBUG, "MAIN_TASK: *** Client Certificate ***");
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
syslog(LOG_DEBUG, "Subject: %s", line);
free(line);
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
syslog(LOG_DEBUG, "Issuer: %s", line);
free(line);
X509_free(cert);
}
else
syslog(LOG_DEBUG, "MAIN_TASK: *** No Client Certificate ***");
return;
}
#endif // VTRACE
//
// FUNCTION - Ssl_GetCreditails(): Configure the SSL context with the certificate files
// required for SSL connection establishment.
//
// ARGUMENTS
// -----------
// ctx: An SSL context.
//
// RETURN VALUE
// --------------
// None
//
// NOTES
// -------
// None
//
ROUTINE PRIVATE void Ssl_GetCredentials(SSL_CTX* ctx)
{
int r = 0;
if( (r = SSL_CTX_use_certificate_file(ctx, SSL_SERVER_CERT_FILE, SSL_FILETYPE_PEM)) != 1)
syslog(LOG_ERR, "MAIN_TASK: SSL Error - Invalid Server Certificate File = %s", SSL_SERVER_CERT_FILE);
else
if( (r = SSL_CTX_use_PrivateKey_file(ctx, SSL_SERVER_KEY_FILE, SSL_FILETYPE_PEM)) != 1)
syslog(LOG_ERR, "MAIN_TASK: SSL Error - Invalid Client Key File = %s", SSL_SERVER_KEY_FILE);
else
if ( (r = SSL_CTX_check_private_key(ctx)) != 1)
syslog(LOG_ERR, "MAIN_TASK: SSL Error -Private Key Public Certificate Mismatch");
if(r != 1)
{
ERR_print_errors_fp(stderr);
abort();
}
return;
}
//
// FUNCTION - ReleaseConnect(): the Releases resources during an SSL encryption session.
//
// ARGUMENTS
// -----------
// cdesc: A connection descriptor.
//
// RETURN VALUE
// --------------
// None
//
// NOTES
// -------
// None
//
ROUTINE void Ssl_ReleaseConnect(CONN_DESC *cdesc, uv_mutex_t *mutex)
{
SSL_CTX *ctx;
SSL *sock;
syslog(LOG_INFO, "PROTO_TASK: CONN[%d] SSL Release Resources", cdesc->index);
if(mutex)
ENTER_MUTEX(mutex);
if(cdesc->ssl_socket)
{
ctx = cdesc->ssl_ctx;
sock = cdesc->ssl_socket;
cdesc->ssl_socket = NULL;
cdesc->ssl_ctx = NULL;
if(mutex)
EXIT_MUTEX(mutex);
SSL_free(sock);
SSL_CTX_sess_set_remove_cb(ctx, NULL);
SSL_CTX_free(ctx);
// printf("FREED SSL CTX %p\n", cdesc->ssl_ctx);
// printf("FREED SSL SOCKET %p\n", cdesc->ssl_socket);
}
else
{
if(mutex)
EXIT_MUTEX(mutex);
}
return;
}
//
// Initialize SSL operation a startup time.
//
ROUTINE void Ssl_Init()
{
//
// Initialize the basic SSL data.
//
ERR_load_crypto_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
SSL_load_error_strings();
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
return;
}
#ifdef USE_CRYPTO_LOCK
//
// A callback function used to set the ID of the executing task.
//
ROUTINE PRIVATE void Ssl_TaskID(CRYPTO_THREADID *id)
{
ULONG tid = uv_thread_self();
CRYPTO_THREADID_set_numeric(id, tid);
return;
}
//
// A callback fuction for aquiring and releasing a Mutex.
//
ROUTINE PRIVATE void Ssl_MainCryptoLock(int mode, int type, const char *file, int line)
{
if(mode & CRYPTO_LOCK)
ENTER_MUTEX(&Main_Ssl_Mutex_List[type]);
else
EXIT_MUTEX(&Main_Ssl_Mutex_List[type]);
return;
}
//
// FUNCTION - Ssl_InitLock(): Intialize the cryptograpy software locking mechanism.
//
// ARGUMENTS
// -----------
// task: The static ID of the main task/thread.
//
// RETURN VALUE
// --------------
// None
//
// NOTES
// -------
// This must be called within the main() thread/task at startup time.
// A set of Mutexes is used by the cryptography libraries and software to
// to prevent data corruption in a threaded environment. This mechanism
// is not used in recent versions of the OpenSSL library.
//
ROUTINE void Ssl_InitLock(int task)
{
int nlocks, k;
//
// Determine if the SSL library is compiled with thread support.
//
// #if defined(OPENSSL_THREADS)
// printf("THREADS OK\n");
// #else
// printf("THREADS FUCKED\n");
// #endif
//
//
// Just make sure the right task is calling this routine.
//
switch(task)
{
case MAIN_TASK:
// fprintf(stderr, "MAIN_TASK: SSL/Crypto Lock Init\n");
break;
default:
fatal_error(LOG_EMERG, "BUG: Can't Lock Non SSL Task: %d", task);
}
//
// Allocate and intialize the Mutexes.
//
nlocks = CRYPTO_num_locks();
Main_Ssl_Mutex_List = (uv_mutex_t *) VALLOC( (nlocks * sizeof(uv_mutex_t)) );
for(k = 0; k < nlocks; k++)
uv_mutex_init(&Main_Ssl_Mutex_List[k]);
//
// Configure the callback functions. Ssl_TaskID sets the thread/task ID of
// the executing task, and SSl_MainCryptoLock() invokes the appropriate Mutex
// as required.
//
CRYPTO_THREADID_set_callback((void (*) (CRYPTO_THREADID * )) Ssl_TaskID);
CRYPTO_set_locking_callback((void (*)(int, int, const char*, int)) Ssl_MainCryptoLock);
syslog(LOG_INFO, "Task %d: SSL/Crypto Lock Configured", task);
return;
}
#endif // USE_CRYPTO_LOCK
#endif // USE_SSL
