* derivatives without specific, written prior permission.
*/
+#include <config.h>
#include "vconn-ssl.h"
#include "dhparams.h"
#include <assert.h>
#include <errno.h>
+#include <inttypes.h>
#include <string.h>
#include <netinet/tcp.h>
#include <openssl/err.h>
#include "socket-util.h"
#include "util.h"
#include "openflow.h"
+#include "packets.h"
#include "poll-loop.h"
#include "ofp-print.h"
#include "socket-util.h"
static int
new_ssl_vconn(const char *name, int fd, enum session_type type,
- enum ssl_state state, struct vconn **vconnp)
+ enum ssl_state state, const struct sockaddr_in *sin,
+ struct vconn **vconnp)
{
struct ssl_vconn *sslv;
SSL *ssl = NULL;
sslv = xmalloc(sizeof *sslv);
sslv->vconn.class = &ssl_vconn_class;
sslv->vconn.connect_status = EAGAIN;
+ sslv->vconn.ip = sin->sin_addr.s_addr;
sslv->state = state;
sslv->type = type;
sslv->fd = fd;
host_name = strtok_r(suffix, "::", &save_ptr);
port_string = strtok_r(NULL, "::", &save_ptr);
if (!host_name) {
- fatal(0, "%s: bad peer name format", name);
+ error(0, "%s: bad peer name format", name);
+ return EAFNOSUPPORT;
}
memset(&sin, 0, sizeof sin);
if (retval < 0) {
if (errno == EINPROGRESS) {
return new_ssl_vconn(name, fd, CLIENT, STATE_TCP_CONNECTING,
- vconnp);
+ &sin, vconnp);
} else {
int error = errno;
VLOG_ERR("%s: connect: %s", name, strerror(error));
}
} else {
return new_ssl_vconn(name, fd, CLIENT, STATE_SSL_CONNECTING,
- vconnp);
+ &sin, vconnp);
}
}
if (retval < 0 && ssl_wants_io(error)) {
return EAGAIN;
} else {
+ int unused;
interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect"
- : "SSL_accept"), retval, error, NULL);
+ : "SSL_accept"), retval, error, &unused);
shutdown(sslv->fd, SHUT_RDWR);
return EPROTO;
}
return 0;
}
}
- buffer_reserve_tailroom(rx, want_bytes);
+ buffer_prealloc_tailroom(rx, want_bytes);
/* Behavior of zero-byte SSL_read is poorly defined. */
assert(want_bytes > 0);
pssl_accept(struct vconn *vconn, struct vconn **new_vconnp)
{
struct pssl_vconn *pssl = pssl_vconn_cast(vconn);
+ struct sockaddr_in sin;
+ socklen_t sin_len = sizeof sin;
+ char name[128];
int new_fd;
int error;
- new_fd = accept(pssl->fd, NULL, NULL);
+ new_fd = accept(pssl->fd, &sin, &sin_len);
if (new_fd < 0) {
int error = errno;
if (error != EAGAIN) {
return error;
}
- return new_ssl_vconn("ssl" /* FIXME */, new_fd,
- SERVER, STATE_SSL_CONNECTING, new_vconnp);
+ sprintf(name, "ssl:"IP_FMT, IP_ARGS(&sin.sin_addr));
+ if (sin.sin_port != htons(OFP_SSL_PORT)) {
+ sprintf(strchr(name, '\0'), ":%"PRIu16, ntohs(sin.sin_port));
+ }
+ return new_ssl_vconn(name, new_fd, SERVER, STATE_SSL_CONNECTING, &sin,
+ new_vconnp);
}
static void
return NULL;
}
+/* Returns true if SSL is at least partially configured. */
+bool
+vconn_ssl_is_configured(void)
+{
+ return has_private_key || has_certificate || has_ca_cert;
+}
+
void
vconn_ssl_set_private_key_file(const char *file_name)
{