
These two files represent my attempt at using OpenSSL as a library. Memory BIOs
are used for SSL I/O and error messages are captured and output through
a tracing package (not supplied). Functions are provided for initialisation
and data transfer. There is one callback for data transfer. (Arrangements
would need to be made to support tracing and diagnostics which might involve
callbacks. The code provided here contains embedded tracing calls.)

This is a work in progress.

The API consists of the routines ssld_ssl_XXX. (The code forms part of a
crypto server, whence the unusual names.) The routines are:

ssld_ssl_init

Initialise OpenSSL and create two contexts (SSL_CTX). The reason that two are
created is that one context cannot act in both client and server mode. This is
not a good thing. (Have I missed something here?) The modes I support are
SSL3 or TLS with the option of client authentication.

ssld_ssl_ctx

Create a connection context (SSL). The first two parameters form my
reference for the connection. The third parameter is the type of connection
required, either client or server. The return value is meant to be opaque.
No connection as such is set up. The SSL connection is given memory BIOs
for its input and output.

ssld_ssl_free

Free a SSL connection. SSL_free has already been called so this just tidies
up the API.

ssld_ssl_request

This handles two cases: data from the local application and data from the
remote peer.

Application data, also called user data, is handled by calling SSL_write.
BIO_read is then called on the write BIO to see if any peer data has been
generated.

Peer data is handled by calling BIO_write on the read BIO. SSL_read is
called to cause processing to occur and to handle any application data
generated. BIO_read is then called on the write BIO to see if any peer data
has been generated.

ssld_ssl_response

This is the callback. It can signal data for the application or data for the
peer. In this code it also signals the distinguished name of the subject of
the peer certificate for authentication purposes. It is also possible to
signal that the connection should be closed but I use the return value of
ssld_ssl_request for this. (A return of -1 indicates that the connection
should be closed. A return of 0 indicates no error.) ssld_ssl_response has
no return value. (All my callbacks are void.)

NOTES

The code is taken from s_server.c and s_client.c. The verify callback has
been recoded to behave more correctly. It should have code to examine CRLs
but this hasn't been written yet.

The tracing routines belong to the larger package. The header "rsinfo.h"
supports the tracing routines which all have the form RSXXX. There intention
should be clear. The OpenSSL logging has been removed. The routine
local_get_errors performs ERR_print_errors on a memory BIO and sends any
results via the package logging.

Some code has been commented out with #ifdef UNUSED. It is code from the
OpenSSL examples that is not appropriate in this context. (I keep it to
provide a context to relate my code back to the examples.)

WARNING

THIS SOFTWARE AND DOCUMANTATION IS PROVIDED ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR PLATINUM TECHNOLOGY IP,
INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
