diff options
author | des <des@FreeBSD.org> | 2002-06-05 12:46:36 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2002-06-05 12:46:36 +0000 |
commit | ce6d4c4a6e426fbee036993034abddf7975be771 (patch) | |
tree | 9329a9d7ff9e99806101b26229c66f397ccc0f8c /lib/libfetch/common.c | |
parent | 12c36bfb94e95d0f9c4ebb1e1e407ca44b3f9c24 (diff) | |
download | FreeBSD-src-ce6d4c4a6e426fbee036993034abddf7975be771.zip FreeBSD-src-ce6d4c4a6e426fbee036993034abddf7975be771.tar.gz |
Add SSL support + slight cleanup.
Submitted by: Henry Whincup <henry@techiebod.com> (in principle)
Diffstat (limited to 'lib/libfetch/common.c')
-rw-r--r-- | lib/libfetch/common.c | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index 6f49709..775b4c7 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -35,7 +35,6 @@ __FBSDID("$FreeBSD$"); #include <sys/uio.h> #include <netinet/in.h> -#include <ctype.h> /* XXX */ #include <errno.h> #include <netdb.h> #include <stdarg.h> @@ -265,6 +264,55 @@ _fetch_connect(const char *host, int port, int af, int verbose) /* + * Enable SSL on a connection. + */ +int +_fetch_ssl(conn_t *conn, int verbose) +{ + + /* Init the SSL library and context */ + if (!SSL_library_init()){ + fprintf(stderr, "SSL library init failed\n"); + return (-1); + } + + SSL_load_error_strings(); + + conn->ssl_meth = SSLv23_client_method(); + conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); + + conn->ssl = SSL_new(conn->ssl_ctx); + if (conn->ssl == NULL){ + fprintf(stderr, "SSL context creation failed\n"); + return (-1); + } + SSL_set_fd(conn->ssl, conn->sd); + if (SSL_connect(conn->ssl) == -1){ + ERR_print_errors_fp(stderr); + return (-1); + } + + if (verbose) { + X509_NAME *name; + char *str; + + fprintf(stderr, "SSL connection established using %s\n", + SSL_get_cipher(conn->ssl)); + conn->ssl_cert = SSL_get_peer_certificate(conn->ssl); + name = X509_get_subject_name(conn->ssl_cert); + str = X509_NAME_oneline(name, 0, 0); + printf("Certificate subject: %s\n", str); + free(str); + name = X509_get_issuer_name(conn->ssl_cert); + str = X509_NAME_oneline(name, 0, 0); + printf("Certificate issuer: %s\n", str); + free(str); + } + + return (0); +} + +/* * Read a character from a connection w/ timeout */ ssize_t |