diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2016-11-25 20:16:06 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2016-11-25 20:16:06 +0000 |
| commit | 8d532683386121e70810b0d7c6642cc2c2b89cb0 (patch) | |
| tree | 866010763c829a35b18603c5af58896bd14afd18 /src/sbearssl/sbearssl_s6tlsc.c | |
| parent | 018025f0f36a4847df265c9948dbaf7073ed3245 (diff) | |
| download | s6-networking-8d532683386121e70810b0d7c6642cc2c2b89cb0.tar.xz | |
Fix build bugs. It builds!
Two things remain to do:
- how to pass SNI information to libtls
- how to detect cert issuer key type for ECC in bearssl
Diffstat (limited to 'src/sbearssl/sbearssl_s6tlsc.c')
| -rw-r--r-- | src/sbearssl/sbearssl_s6tlsc.c | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c index a8a6582..8bc8f65 100644 --- a/src/sbearssl/sbearssl_s6tlsc.c +++ b/src/sbearssl/sbearssl_s6tlsc.c @@ -13,35 +13,37 @@ #include <skalibs/random.h> #include <s6-networking/sbearssl.h> -int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, int *sfd) +int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd) { int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ; stralloc storage = STRALLOC_ZERO ; genalloc tas = GENALLOC_ZERO ; - size_t chainlen ; - int r ; + size_t talen ; if (preoptions & 1) strerr_dief1x(100, "client certificates are not supported by BearSSL yet") ; - x = env_get2(envp, "CADIR") ; - if (x) - r = sbearssl_ta_readdir(x, &tas, &storage) ; - else { - x = env_get2(envp, "CAFILE") ; - if (!x) strerr_dienotset(100, "CADIR or CAFILE") ; - r = sbearssl_ta_readfile(x, &tas, &storage) ; - } + int r ; + char const *x = env_get2(envp, "CADIR") ; + if (x) + r = sbearssl_ta_readdir(x, &tas, &storage) ; + else + { + x = env_get2(envp, "CAFILE") ; + if (!x) strerr_dienotset(100, "CADIR or CAFILE") ; + r = sbearssl_ta_readfile(x, &tas, &storage) ; + } - if (r < 0) - strerr_diefu2sys(111, "read trust anchors in ", x) ; - else if (r) - strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ; + if (r < 0) + strerr_diefu2sys(111, "read trust anchors in ", x) ; + else if (r) + strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ; - talen = genalloc_len(sbearssl_ta, &tas) ; - if (!talen) - strerr_dief2x(96, "no trust anchor found in ", x) ; + talen = genalloc_len(sbearssl_ta, &tas) ; + if (!talen) + strerr_dief2x(96, "no trust anchor found in ", x) ; + } { unsigned char buf[BR_SSL_BUFSIZE_BIDI] ; @@ -59,7 +61,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co if (!random_init()) strerr_diefu1sys(111, "initialize random generator") ; - random_string(buf, 32) ; + random_string((char *)buf, 32) ; br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ; random_finish() ; @@ -68,7 +70,8 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; br_ssl_engine_set_buffer(&cc.eng, buf, sizeof(buf), 1) ; - br_ssl_client_reset(&cc) ; + if (!br_ssl_client_reset(&cc, servername, 0)) + strerr_diefu2x(97, "reset client context: ", sbearssl_error_str(br_ssl_engine_last_error(&cc.eng))) ; { int wstat ; |