Lines Matching defs:ssl
327 cert = SSL_get_peer_certificate(net->ssl.ssl_handle);
524 pending = BIO_ctrl ? BIO_ctrl(n->ssl.write_bio, BIO_CTRL_PENDING, 0, NULL) : -1;
531 hasread = BIO_read ? BIO_read(n->ssl.write_bio, buf, pending) : -1;
539 n->ssl.sys_error = WSAGetLastError();
541 n->ssl.sys_error = errno;
543 if (n->ssl.sys_error != 0) {
545 n->options->log("%s error %d", thisfunc, n->ssl.sys_error);
547 AM_LOG_ERROR(n->instance_id, "%s error %d", thisfunc, n->ssl.sys_error);
561 if (n->ssl.ssl_handle != NULL) {
562 SSL_shutdown(n->ssl.ssl_handle);
567 if (n->ssl.ssl_handle != NULL) {
568 SSL_shutdown(n->ssl.ssl_handle);
569 SSL_free(n->ssl.ssl_handle);
571 if (n->ssl.ssl_context != NULL) {
572 SSL_CTX_free(n->ssl.ssl_context);
574 am_free(n->ssl.request_data);
575 n->ssl.request_data = NULL;
576 n->ssl.ssl_handle = NULL;
577 n->ssl.ssl_context = NULL;
578 n->ssl.on = AM_FALSE;
582 const void *buf, size_t len, SSL *ssl, void *arg) {
587 SSL_state_string_long(ssl), SSL_state_string(ssl));
590 thisfunc, SSL_state_string_long(ssl), SSL_state_string(ssl));
591 if (strstr(SSL_state_string_long(ssl), "read server key exchange") != NULL) {
601 n->ssl.on = AM_FALSE;
602 n->ssl.error = AM_SUCCESS;
604 /*check whether we have ssl library loaded and symbols are available*/
610 n->ssl.error = AM_ENOSSL;
614 n->ssl.ssl_context = SSL_CTX_new(SSLv23_client_method());
615 if (n->ssl.ssl_context == NULL) {
618 n->ssl.error = AM_ENOMEM;
622 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_OPTIONS, SSL_OP_NO_SSLv2, NULL);
623 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_MODE,
625 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_SET_SESS_CACHE_MODE, SSL_SESS_CACHE_OFF, NULL);
629 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, n);
630 SSL_CTX_set_msg_callback(n->ssl.ssl_context, net_ssl_msg_callback);
637 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_OPTIONS, SSL_OP_NO_SSLv3, NULL);
641 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_OPTIONS, SSL_OP_NO_TLSv1, NULL);
645 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_OPTIONS, SSL_OP_NO_TLSv1_1, NULL);
649 SSL_CTX_ctrl(n->ssl.ssl_context, SSL_CTRL_OPTIONS, SSL_OP_NO_TLSv1_2, NULL);
657 if (!SSL_CTX_set_cipher_list(n->ssl.ssl_context, n->options->ciphers)) {
664 if (!SSL_CTX_load_verify_locations(n->ssl.ssl_context, n->options->cert_ca_file, NULL)) {
673 if (!SSL_CTX_use_certificate_file(n->ssl.ssl_context, n->options->cert_file, SSL_FILETYPE_PEM)) {
682 SSL_CTX_set_default_passwd_cb_userdata(n->ssl.ssl_context, (void *) n->options->cert_key_pass);
683 SSL_CTX_set_default_passwd_cb(n->ssl.ssl_context, password_callback);
685 if (!SSL_CTX_use_PrivateKey_file(n->ssl.ssl_context, n->options->cert_key_file, SSL_FILETYPE_PEM)) {
691 if (!SSL_CTX_check_private_key(n->ssl.ssl_context)) {
699 SSL_CTX_set_verify(n->ssl.ssl_context, SSL_VERIFY_NONE, NULL);
701 SSL_CTX_set_verify(n->ssl.ssl_context, SSL_VERIFY_PEER, NULL);
702 SSL_CTX_set_verify_depth(n->ssl.ssl_context, 100);
709 n->ssl.error = AM_EINVAL;
713 n->ssl.ssl_handle = SSL_new(n->ssl.ssl_context);
714 if (n->ssl.ssl_handle != NULL) {
715 n->ssl.read_bio = BIO_new(BIO_s_mem());
716 n->ssl.write_bio = BIO_new(BIO_s_mem());
717 if (n->ssl.read_bio != NULL && n->ssl.write_bio != NULL) {
718 BIO_ctrl(n->ssl.read_bio, BIO_C_SET_BUF_MEM_EOF_RETURN, -1, NULL);
719 BIO_ctrl(n->ssl.write_bio, BIO_C_SET_BUF_MEM_EOF_RETURN, -1, NULL);
720 SSL_set_bio(n->ssl.ssl_handle, n->ssl.read_bio, n->ssl.write_bio);
721 SSL_set_connect_state(n->ssl.ssl_handle);
723 status = SSL_do_handshake(n->ssl.ssl_handle);
726 err = SSL_get_error(n->ssl.ssl_handle, status);
731 n->ssl.on = AM_TRUE;
752 ret = SSL_read(n->ssl.ssl_handle, buf, AM_SSL_BUFFER_SZ);
758 err = SSL_get_error(n->ssl.ssl_handle, ret);
777 ret = SSL_write(n->ssl.ssl_handle, n->ssl.request_data + written,
778 (int) n->ssl.request_data_sz - written);
784 err = SSL_get_error(n->ssl.ssl_handle, ret);
803 BIO_write(n->ssl.read_bio, buf, sz);
804 if (SSL_state(n->ssl.ssl_handle) != SSL_ST_OK) {
805 ret = SSL_connect(n->ssl.ssl_handle);
808 err = SSL_get_error(n->ssl.ssl_handle, ret);