#include <stdlib.h>
#include "portability.h"
+
#include "sslutils.h"
-#include "pcap/pcap.h"
-char ssl_keyfile[PATH_MAX]; //!< file containing the private key in PEM format
-char ssl_certfile[PATH_MAX]; //!< file containing the server's certificate in PEM format
-char ssl_rootfile[PATH_MAX]; //!< file containing the list of CAs trusted by the client
+static const char *ssl_keyfile = ""; //!< file containing the private key in PEM format
+static const char *ssl_certfile = ""; //!< file containing the server's certificate in PEM format
+static const char *ssl_rootfile = ""; //!< file containing the list of CAs trusted by the client
// TODO: a way to set ssl_rootfile from the command line, or an envvar?
// TODO: lock?
static SSL_CTX *ctx;
+void ssl_set_certfile(const char *certfile)
+{
+ ssl_certfile = certfile;
+}
+
+void ssl_set_keyfile(const char *keyfile)
+{
+ ssl_keyfile = keyfile;
+}
+
int ssl_init_once(int is_server, int enable_compression, char *errbuf, size_t errbuflen)
{
static int inited = 0;
return -1;
}
-SSL *ssl_promotion_rw(int is_server, SOCKET in, SOCKET out, char *errbuf, size_t errbuflen)
+SSL *ssl_promotion(int is_server, SOCKET s, char *errbuf, size_t errbuflen)
{
if (ssl_init_once(is_server, 1, errbuf, errbuflen) < 0) {
return NULL;
}
SSL *ssl = SSL_new(ctx); // TODO: also a DTLS context
- SSL_set_rfd(ssl, in);
- SSL_set_wfd(ssl, out);
+ SSL_set_fd(ssl, s);
if (is_server) {
if (SSL_accept(ssl) <= 0) {
return ssl;
}
-SSL *ssl_promotion(int is_server, SOCKET s, char *errbuf, size_t errbuflen)
-{
- return ssl_promotion_rw(is_server, s, s, errbuf, errbuflen);
-}
-
// Same return value as sock_send:
// 0 on OK, -1 on error but closed connection (-2).
int ssl_send(SSL *ssl, char const *buffer, int size, char *errbuf, size_t errbuflen)
projects / libpcap / blobdiff