summaryrefslogtreecommitdiff
path: root/src/sbearssl/sbearssl_s6tlsc.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2016-11-25 20:16:06 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2016-11-25 20:16:06 +0000
commit8d532683386121e70810b0d7c6642cc2c2b89cb0 (patch)
tree866010763c829a35b18603c5af58896bd14afd18 /src/sbearssl/sbearssl_s6tlsc.c
parent018025f0f36a4847df265c9948dbaf7073ed3245 (diff)
downloads6-networking-8d532683386121e70810b0d7c6642cc2c2b89cb0.tar.xz
Fix build bugs. It builds!
Two things remain to do: - how to pass SNI information to libtls - how to detect cert issuer key type for ECC in bearssl
Diffstat (limited to 'src/sbearssl/sbearssl_s6tlsc.c')
-rw-r--r--src/sbearssl/sbearssl_s6tlsc.c43
1 files changed, 23 insertions, 20 deletions
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c
index a8a6582..8bc8f65 100644
--- a/src/sbearssl/sbearssl_s6tlsc.c
+++ b/src/sbearssl/sbearssl_s6tlsc.c
@@ -13,35 +13,37 @@
#include <skalibs/random.h>
#include <s6-networking/sbearssl.h>
-int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, int *sfd)
+int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
{
int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ;
stralloc storage = STRALLOC_ZERO ;
genalloc tas = GENALLOC_ZERO ;
- size_t chainlen ;
- int r ;
+ size_t talen ;
if (preoptions & 1)
strerr_dief1x(100, "client certificates are not supported by BearSSL yet") ;
- x = env_get2(envp, "CADIR") ;
- if (x)
- r = sbearssl_ta_readdir(x, &tas, &storage) ;
- else
{
- x = env_get2(envp, "CAFILE") ;
- if (!x) strerr_dienotset(100, "CADIR or CAFILE") ;
- r = sbearssl_ta_readfile(x, &tas, &storage) ;
- }
+ int r ;
+ char const *x = env_get2(envp, "CADIR") ;
+ if (x)
+ r = sbearssl_ta_readdir(x, &tas, &storage) ;
+ else
+ {
+ x = env_get2(envp, "CAFILE") ;
+ if (!x) strerr_dienotset(100, "CADIR or CAFILE") ;
+ r = sbearssl_ta_readfile(x, &tas, &storage) ;
+ }
- if (r < 0)
- strerr_diefu2sys(111, "read trust anchors in ", x) ;
- else if (r)
- strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ;
+ if (r < 0)
+ strerr_diefu2sys(111, "read trust anchors in ", x) ;
+ else if (r)
+ strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ;
- talen = genalloc_len(sbearssl_ta, &tas) ;
- if (!talen)
- strerr_dief2x(96, "no trust anchor found in ", x) ;
+ talen = genalloc_len(sbearssl_ta, &tas) ;
+ if (!talen)
+ strerr_dief2x(96, "no trust anchor found in ", x) ;
+ }
{
unsigned char buf[BR_SSL_BUFSIZE_BIDI] ;
@@ -59,7 +61,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
if (!random_init())
strerr_diefu1sys(111, "initialize random generator") ;
- random_string(buf, 32) ;
+ random_string((char *)buf, 32) ;
br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ;
random_finish() ;
@@ -68,7 +70,8 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
br_ssl_engine_set_buffer(&cc.eng, buf, sizeof(buf), 1) ;
- br_ssl_client_reset(&cc) ;
+ if (!br_ssl_client_reset(&cc, servername, 0))
+ strerr_diefu2x(97, "reset client context: ", sbearssl_error_str(br_ssl_engine_last_error(&cc.eng))) ;
{
int wstat ;