#include <sys/un.h>
#endif
#include <fcntl.h>
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#endif
+#ifdef HAVE_OPENSSL_ERR_H
+#include <openssl/err.h>
+#endif
/** number of messages to process in one output callback */
#define DTIO_MESSAGES_PER_CALLBACK 100
}
free(dtio->socket_path);
free(dtio->ip_str);
+ free(dtio->tls_server_name);
+ free(dtio->client_key_file);
+ free(dtio->client_cert_file);
+ if(dtio->ssl_ctx) {
+#ifdef HAVE_SSL
+ SSL_CTX_free(dtio->ssl_ctx);
+#endif
+ }
free(dtio);
}
dtio->upstream_is_tcp = 1;
dtio->ip_str = strdup("127.0.0.1@1234");
*/
+#ifdef HAVE_SSL
+ dtio->upstream_is_tls = 1;
+ dtio->ip_str = strdup("127.0.0.1@1234");
+ //dtio->tls_server_name;
+ dtio->use_client_certs = 0;
+ if(dtio->use_client_certs) {
+ //dtio->client_key_file = NULL;
+ //dtio->client_cert_file = NULL;
+ } else {
+ free(dtio->client_key_file);
+ dtio->client_key_file = NULL;
+ free(dtio->client_cert_file);
+ dtio->client_cert_file = NULL;
+ }
+ dtio->ssl_ctx = connect_sslctx_create(dtio->client_key_file,
+ dtio->client_cert_file, cfg->tls_cert_bundle,
+ cfg->tls_win_cert);
+ if(!dtio->ssl_ctx) {
+ log_err("could not setup SSL CTX");
+ return 0;
+ }
+ /* DEBUG */
+ return 1;
+#endif
if(cfg->dnstap_socket_path && cfg->dnstap_socket_path[0]) {
dtio->socket_path = strdup(cfg->dnstap_socket_path);
if(!dtio->socket_path) {
return;
ub_event_free(dtio->event);
dtio->event = NULL;
+ if(dtio->ssl) {
+#ifdef HAVE_SSL
+ SSL_shutdown(dtio->ssl);
+ SSL_free(dtio->ssl);
+ dtio->ssl = NULL;
+#endif
+ }
#ifndef USE_WINSOCK
close(dtio->fd);
#else
return 1;
}
+/** setup the SSL structure for new connection */
+static int dtio_setup_ssl(struct dt_io_thread* dtio)
+{
+ dtio->ssl = outgoing_ssl_fd(dtio->ssl_ctx, dtio->fd);
+ if(!dtio->ssl) return 0;
+ return 1;
+}
+
/** open the output file descriptor */
static void dtio_open_output(struct dt_io_thread* dtio)
{
return;
}
}
+ if(dtio->upstream_is_tls) {
+ if(!dtio_setup_ssl(dtio)) {
+#ifndef USE_WINSOCK
+ close(dtio->fd);
+#else
+ closesocket(dtio->fd);
+#endif
+ dtio->fd = -1;
+ dtio_reconnect_enable(dtio);
+ return;
+ }
+ }
dtio->check_nb_connect = 1;
/* the EV_READ is to catch channel close, write to write packets */
dtio);
if(!ev) {
log_err("dnstap io: out of memory");
+ if(dtio->ssl) {
+#ifdef HAVE_SSL
+ SSL_free(dtio->ssl);
+ dtio->ssl = NULL;
+#endif
+ }
#ifndef USE_WINSOCK
close(dtio->fd);
#else
log_err("dnstap io: out of memory");
ub_event_free(dtio->event);
dtio->event = NULL;
+ if(dtio->ssl) {
+#ifdef HAVE_SSL
+ SSL_free(dtio->ssl);
+ dtio->ssl = NULL;
+#endif
+ }
#ifndef USE_WINSOCK
close(dtio->fd);
#else
ub_thread_type tid;
/** if the io processing has started */
int started;
+ /** ssl context for the io thread, for tls connections. type SSL_CTX* */
+ void* ssl_ctx;
/** file descriptor that the thread writes to */
int fd;
int event_added_is_write;
/** check for nonblocking connect errors on fd */
int check_nb_connect;
+ /** ssl for current connection, type SSL* */
+ void* ssl;
/** the buffer that currently getting written, or NULL if no
* (partial) message written now */
projects / thirdparty / unbound.git / commitdiff
