| 1 |
/* $Id: ssl.c 31 2024-09-16 07:52:02Z nishi $ */ |
| 2 |
|
| 3 |
#define SOURCE |
| 4 |
|
| 5 |
#include "tw_ssl.h" |
| 6 |
|
| 7 |
#include "tw_config.h" |
| 8 |
|
| 9 |
#include <stdio.h> |
| 10 |
|
| 11 |
#include <cm_log.h> |
| 12 |
|
| 13 |
extern struct tw_config config; |
| 14 |
|
| 15 |
int tw_ssl_cert_cb(SSL* ssl, void* arg) { |
| 16 |
const char* s = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); |
| 17 |
if(s != NULL) { |
| 18 |
cm_log("SSL", "Certificate request for %s", s); |
| 19 |
} else { |
| 20 |
s = config.hostname; |
| 21 |
cm_log("SSL", "Could not get the servername, defaulting to the hostname: %s", s); |
| 22 |
} |
| 23 |
struct tw_config_entry* e = tw_vhost_match(s, (__UINTPTR_TYPE__)arg); |
| 24 |
if(e != NULL && e->sslkey != NULL && e->sslcert != NULL) { |
| 25 |
SSL_use_PrivateKey_file(ssl, e->sslkey, SSL_FILETYPE_PEM); |
| 26 |
SSL_use_certificate_file(ssl, e->sslcert, SSL_FILETYPE_PEM); |
| 27 |
return 1; |
| 28 |
} else if(config.root.sslkey != NULL && config.root.sslcert != NULL) { |
| 29 |
SSL_use_PrivateKey_file(ssl, config.root.sslkey, SSL_FILETYPE_PEM); |
| 30 |
SSL_use_certificate_file(ssl, config.root.sslcert, SSL_FILETYPE_PEM); |
| 31 |
return 1; |
| 32 |
} else { |
| 33 |
return 0; |
| 34 |
} |
| 35 |
} |
| 36 |
|
| 37 |
SSL_CTX* tw_create_ssl_ctx(__UINTPTR_TYPE__ port) { |
| 38 |
SSL_CTX* ctx = SSL_CTX_new(TLS_server_method()); |
| 39 |
SSL_CTX_set_cert_cb(ctx, tw_ssl_cert_cb, (void*)port); |
| 40 |
return ctx; |
| 41 |
} |
