737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
|
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
|
+
-
-
+
-
+
+
-
-
+
+
-
-
+
-
-
-
-
-
-
|
|| sslctx_use_pkey_from_mem(sslCtx, sslSelfPKey, -1) ){
fossil_fatal("Error loading self-signed CERT");
}
if( !SSL_CTX_check_private_key(sslCtx) ){
fossil_fatal("PRIVATE KEY \"%s\" does not match CERT \"%s\"",
zKeyFile, zCertFile);
}
SSL_CTX_set_mode(sslCtx, SSL_MODE_AUTO_RETRY);
sslIsInit = 2;
}else{
assert( sslIsInit==2 );
}
}
typedef struct SslServerConn {
SSL *ssl; /* The SSL codec */
int atEof; /* True when EOF reached. */
int fd0; /* Read channel, or socket */
int fd1; /* Write channel */
void *ssl_new_server(int readFd, int writeFd){
void *ssl_new_server(int iSocket){
SslServerConn *pServer = fossil_malloc_zero(sizeof(*pServer));
BIO *b = BIO_new_socket(iSocket, 0);
pServer->ssl = SSL_new(sslCtx);
pServer->fd0 = readFd;
pServer->fd1 = writeFd;
pServer->atEof = 0;
pServer->iSocket = iSocket;
if( writeFd<0 ){
SSL_set_fd(pServer->ssl, readFd);
}else{
SSL_set_rfd(pServer->ssl, readFd);
SSL_set_wfd(pServer->ssl, writeFd);
}
close(pServer->fd0);
if( pServer->fd1>=0 ) close(pServer->fd0);
|
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
|
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
|
-
-
+
+
|
*/
size_t ssl_read_server(void *pServerArg, char *zBuf, size_t nBuf){
int n;
SslServerConn *pServer = (SslServerConn*)pServerArg;
if( pServer->atEof ) return 0;
if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); }
n = SSL_read(pServer->ssl, zBuf, (int)nBuf);
if( n<nBuf ) pServer->atEof = 1;
return n;
if( n==0 ) pServer->atEof = 1;
return n<=0 ? 0 : n;
}
/*
** Read a single line of text from the client.
*/
char *ssl_gets(void *pServerArg, char *zBuf, int nBuf){
int n = 0;
|
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
|
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
|
-
+
+
+
+
-
+
+
|
/*
** Write cleartext bytes into the SSL server codec so that they can
** be encrypted and sent back to the client.
*/
size_t ssl_write_server(void *pServerArg, char *zBuf, size_t nBuf){
int n;
SslServerConn *pServer = (SslServerConn*)pServerArg;
if( pServer->atEof ) return 0;
if( nBuf<=0 ) return 0;
if( nBuf>0x7fffffff ){ fossil_fatal("SSL write too big"); }
n = SSL_write(pServer->ssl, zBuf, (int)nBuf);
if( n<=0 ){
return -SSL_get_error(pServer->ssl, n);
}else{
return n;
return n;
}
}
#endif /* FOSSIL_ENABLE_SSL */
/*
** COMMAND: tls-config*
** COMMAND: ssl-config
|