27 #define TIMEOUT_MSEC 100
28 #define MAX_TIMEOUT 10000
37 if (!SSL_library_init()) {
return false; }
38 SSL_load_error_strings();
39 ERR_load_BIO_strings();
40 OpenSSL_add_ssl_algorithms();
56 ERR_print_errors_fp(stderr);
60 if (!SSL_set_fd(ssl, fd)) {
92 const SSL_METHOD *method = NULL;
94 #if KINETIC_USE_TLS_1_2
95 method = TLSv1_2_client_method();
97 method = TLSv1_1_client_method();
101 ctx = SSL_CTX_new(method);
103 ERR_print_errors_fp(stderr);
114 STACK_OF(SSL_COMP) *ssl_comp_methods;
115 ssl_comp_methods = SSL_COMP_get_compression_methods();
116 int n = sk_SSL_COMP_num(ssl_comp_methods);
117 for (
int i = 0; i < n; i++) {
118 (void) sk_SSL_COMP_pop(ssl_comp_methods);
123 const char CIPHER_LIST_CFG[] =
124 "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:"
125 "ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS";
126 int res = SSL_CTX_set_cipher_list(ctx, CIPHER_LIST_CFG);
132 "SSL_Connect handshake for socket %d", fd);
134 struct pollfd fds[1];
136 fds[0].events = POLLOUT;
138 bool connected =
false;
144 "SSL_Connect handshake for socket %d, poll res %d", fd, pres);
153 }
else if (pres > 0) {
154 if (fds[0].revents & (POLLOUT | POLLIN)) {
155 int connect_res = SSL_connect(ssl);
157 "socket %d: connect_res %d", fd, connect_res);
159 if (connect_res == 1) {
161 "socket %d: successfully connected", fd);
163 }
else if (connect_res < 0) {
164 int reason = SSL_get_error(ssl, connect_res);
167 case SSL_ERROR_WANT_WRITE:
169 fds[0].events = POLLOUT;
172 case SSL_ERROR_WANT_READ:
174 fds[0].events = POLLIN;
177 case SSL_ERROR_SYSCALL:
183 unsigned long errval = ERR_get_error();
186 "socket %d: ERROR -- %s", fd, ERR_error_string(errval, ebuf));
192 unsigned long errval = ERR_get_error();
195 "socket %d: ERROR %d -- %s", fd, reason, ERR_error_string(errval, ebuf));
202 "socket %d: unknown state, setting event bask to (POLLIN | POLLOUT)",
204 fds[0].events = (POLLIN | POLLOUT);
206 }
else if (fds[0].revents & POLLHUP) {
208 "SSL_Connect: HUP on %d", fd);
210 }
else if (fds[0].revents & POLLERR) {
212 "SSL_Connect: ERR on %d", fd);
bool Util_IsResumableIOError(int errno_)
static bool do_blocking_connection(struct bus *b, SSL *ssl, int fd)
bool BusSSL_Init(struct bus *b)
Initialize the SSL library internals for use by the messaging bus.
void BusSSL_CtxFree(struct bus *b)
Free all internal data for using SSL (the SSL_CTX).
bool BusSSL_Disconnect(struct bus *b, SSL *ssl)
Disconnect and free an individual SSL handle.
void * udata
User data for callbacks.
static void disable_SSL_compression(void)
SSL_CTX * ssl_ctx
SSL context.
static bool init_client_SSL_CTX(SSL_CTX **ctx_out)
#define BUS_LOG_SNPRINTF(B, LEVEL, EVENT_KEY, UDATA, MAX_SZ, FMT,...)
static void disable_known_bad_ciphers(SSL_CTX *ctx)
SSL * BusSSL_Connect(struct bus *b, int fd)
Do an SSL / TLS shake for a connection.
int syscall_poll(struct pollfd fds[], nfds_t nfds, int timeout)
Wrappers for syscalls, to allow mocking for testing.
#define BUS_LOG(B, LEVEL, EVENT_KEY, MSG, UDATA)