#include "util/net_help.h"
#include "util/random.h"
#include "util/fptr_wlist.h"
+#include <openssl/ssl.h>
#ifdef HAVE_NETDB_H
#include <netdb.h>
return 0;
}
}
+ if(w->outnet->sslctx) {
+ pend->c->ssl = outgoing_ssl_fd(w->outnet->sslctx, s);
+ if(!pend->c->ssl) {
+ pend->c->fd = s;
+ comm_point_close(pend->c);
+ return 0;
+ }
+#ifdef USE_WINSOCK
+ comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);
+#endif
+ pend->c->ssl_shake_state = comm_ssl_shake_write;
+ }
w->pkt = NULL;
w->next_waiting = (void*)pend;
pend->id = LDNS_ID_WIRE(pkt);
decomission_pending_tcp(struct outside_network* outnet,
struct pending_tcp* pend)
{
+ if(pend->c->ssl) {
+ SSL_shutdown(pend->c->ssl);
+ SSL_free(pend->c->ssl);
+ pend->c->ssl = NULL;
+ }
comm_point_close(pend->c);
pend->next_free = outnet->tcp_free;
outnet->tcp_free = pend;
/* return original return value */
return retvalue;
}
+
+/** set win bio callbacks for nonblocking operations */
+void
+comm_point_tcp_win_bio_cb(struct comm_point* c, void* thessl)
+{
+ SSL* ssl = (SSL*)thessl;
+ /* set them both just in case, but usually they are the same BIO */
+ BIO_set_callback(SSL_get_rbio(ssl), &win_bio_cb);
+ BIO_set_callback_arg(SSL_get_rbio(ssl), (char*)comm_point_internal(c));
+ BIO_set_callback(SSL_get_wbio(ssl), &win_bio_cb);
+ BIO_set_callback_arg(SSL_get_wbio(ssl), (char*)comm_point_internal(c));
+}
#endif
void
return;
if(c->ssl) {
c_hdl->ssl = incoming_ssl_fd(c->ssl, new_fd);
- if(!c_hdl->ssl)
+ if(!c_hdl->ssl) {
+ c_hdl->fd = new_fd;
+ comm_point_close(c_hdl);
return;
+ }
c_hdl->ssl_shake_state = comm_ssl_shake_read;
#ifdef USE_WINSOCK
- /* set them both just in case, but usually they are the same BIO */
- BIO_set_callback(SSL_get_rbio(c_hdl->ssl), &win_bio_cb);
- BIO_set_callback_arg(SSL_get_rbio(c_hdl->ssl),
- (char*)comm_point_internal(c_hdl));
- BIO_set_callback(SSL_get_wbio(c_hdl->ssl), &win_bio_cb);
- BIO_set_callback_arg(SSL_get_wbio(c_hdl->ssl),
- (char*)comm_point_internal(c_hdl));
+ comm_point_tcp_win_bio_cb(c_hdl, c_hdl->ssl);
#endif
}
}
}
/* this is where peer verification could take place */
- log_addr(VERB_ALGO, "SSL connection from", &c->repinfo.addr,
+ log_addr(VERB_ALGO, "SSL DNS connection", &c->repinfo.addr,
c->repinfo.addrlen);
/* setup listen rw correctly */
return 1;
}
+/** handle ssl tcp connection with dns contents */
+static int
+ssl_handle_it(struct comm_point* c)
+{
+ if(c->tcp_is_reading)
+ return ssl_handle_read(c);
+ return ssl_handle_write(c);
+}
+
/** Handle tcp reading callback.
* @param fd: file descriptor of socket.
* @param c: comm point to read from into buffer.
{
ssize_t r;
log_assert(c->type == comm_tcp || c->type == comm_local);
+ if(c->ssl)
+ return ssl_handle_it(c);
if(!c->tcp_is_reading)
return 0;
- if(c->ssl)
- return ssl_handle_read(c);
log_assert(fd != -1);
if(c->tcp_byte_count < sizeof(uint16_t)) {
{
ssize_t r;
log_assert(c->type == comm_tcp);
- if(c->tcp_is_reading)
+ if(c->tcp_is_reading && !c->ssl)
return 0;
log_assert(fd != -1);
if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) {
}
}
if(c->ssl)
- return ssl_handle_write(c);
+ return ssl_handle_it(c);
if(c->tcp_byte_count < sizeof(uint16_t)) {
uint16_t len = htons(ldns_buffer_limit(c->buffer));
projects / thirdparty / unbound.git / commitdiff
