diff options
author | Gernot Tenchio <gernot.tenchio@securepoint.de> | 2011-08-17 12:20:50 +0200 |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2011-08-17 12:41:24 +0200 |
commit | a2a6e256998c23af2d91a4475aa6d65893bf5bb5 (patch) | |
tree | 822a2debaa452150df01563523075ea447a7e797 | |
parent | 4aa35863676335917d2a25a7952031f0fba66dfb (diff) | |
download | libvncserver-a2a6e256998c23af2d91a4475aa6d65893bf5bb5.zip libvncserver-a2a6e256998c23af2d91a4475aa6d65893bf5bb5.tar.gz |
websockets: add GnuTLS and OpenSSL support
For now, only OpenSSL support is activated through configure, since GnuTLS
is only used in LibVNCClient.
[jes: separated this out from the commit adding encryption support, added
autoconf support.]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-rw-r--r-- | configure.ac | 187 | ||||
-rw-r--r-- | libvncserver/Makefile.am | 13 | ||||
-rw-r--r-- | libvncserver/rfbssl_gnutls.c | 286 | ||||
-rw-r--r-- | libvncserver/rfbssl_openssl.c | 135 |
4 files changed, 527 insertions, 94 deletions
diff --git a/configure.ac b/configure.ac index 029a600..79ce830 100644 --- a/configure.ac +++ b/configure.ac @@ -54,6 +54,99 @@ AM_CONDITIONAL(HAVE_MP3LAME, test "$HAVE_MP3LAME" = "true") # before it seemed to be inside the with_jpeg conditional. AC_CHECK_HEADER(thenonexistentheader.h, HAVE_THENONEXISTENTHEADER_H="true") +# set some ld -R nonsense +# +uname_s=`(uname -s) 2>/dev/null` +ld_minus_R="yes" +if test "x$uname_s" = "xHP-UX"; then + ld_minus_R="no" +elif test "x$uname_s" = "xOSF1"; then + ld_minus_R="no" +elif test "x$uname_s" = "xDarwin"; then + ld_minus_R="no" +fi + +# Check for OpenSSL + +AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present]) +AC_ARG_WITH(crypt, +[ --without-crypt disable support for libcrypt],,) +if test "x$with_crypt" != "xno"; then + AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true") + if test -z "$HAVE_LIBC_CRYPT"; then + AC_CHECK_LIB(crypt, crypt, + CRYPT_LIBS="-lcrypt" + [AC_DEFINE(HAVE_LIBCRYPT)], ,) + fi +fi +AC_SUBST(CRYPT_LIBS) + +# some OS's need both -lssl and -lcrypto on link line: +AH_TEMPLATE(HAVE_LIBCRYPTO, [openssl libcrypto library present]) +AC_ARG_WITH(crypto, +[ --without-crypto disable support for openssl libcrypto],,) + +AH_TEMPLATE(HAVE_LIBSSL, [openssl libssl library present]) +AC_ARG_WITH(ssl, +[ --without-ssl disable support for openssl libssl] +[ --with-ssl=DIR use openssl include/library files in DIR],,) + +if test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno"; then + if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" + CPPFLAGS="$CPPFLAGS -I$with_ssl/include" + LDFLAGS="$LDFLAGS -L$with_ssl/lib" + if test "x$ld_minus_R" = "xno"; then + : + elif test "x$GCC" = "xyes"; then + LDFLAGS="$LDFLAGS -Xlinker -R$with_ssl/lib" + else + LDFLAGS="$LDFLAGS -R$with_ssl/lib" + fi + fi + AC_CHECK_LIB(crypto, RAND_file_name, + [AC_DEFINE(HAVE_LIBCRYPTO) HAVE_LIBCRYPTO="true"], ,) + if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then + if test "x$HAVE_LIBCRYPTO" != "xtrue"; then + CPPFLAGS="$saved_CPPFLAGS" + LDFLAGS="$saved_LDFLAGS" + fi + fi +fi + +AH_TEMPLATE(HAVE_X509_PRINT_EX_FP, [open ssl X509_print_ex_fp available]) +if test "x$with_ssl" != "xno"; then + if test "x$HAVE_LIBCRYPTO" = "xtrue"; then + AC_CHECK_LIB(ssl, SSL_library_init, + SSL_LIBS="-lssl -lcrypto" + [AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], , + -lcrypto) + else + AC_CHECK_LIB(ssl, SSL_library_init, + SSL_LIBS="-lssl" + [AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,) + fi +fi +AC_SUBST(SSL_LIBS) + + if test "x$HAVE_LIBSSL" != "xtrue" -a "x$with_ssl" != "xno"; then + AC_MSG_WARN([ +========================================================================== +*** The openssl encryption library libssl.so was not found. *** +An x11vnc built this way will not support SSL encryption. To enable +SSL install the necessary development packages (perhaps it is named +something like libssl-dev) and run configure again. +========================================================================== +]) + sleep 5 + elif test "x$with_ssl" != "xno"; then + AC_CHECK_LIB(ssl, X509_print_ex_fp, + [AC_DEFINE(HAVE_X509_PRINT_EX_FP) HAVE_X509_PRINT_EX_FP="true"], , $SSL_LIBS + ) + fi +AM_CONDITIONAL(HAVE_LIBSSL, test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno") + # Checks for X libraries HAVE_X11="false" AC_PATH_XTRA @@ -296,98 +389,6 @@ configure again. sleep 5 fi -# set some ld -R nonsense -# -uname_s=`(uname -s) 2>/dev/null` -ld_minus_R="yes" -if test "x$uname_s" = "xHP-UX"; then - ld_minus_R="no" -elif test "x$uname_s" = "xOSF1"; then - ld_minus_R="no" -elif test "x$uname_s" = "xDarwin"; then - ld_minus_R="no" -fi - - - -AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present]) -AC_ARG_WITH(crypt, -[ --without-crypt disable support for libcrypt],,) -if test "x$with_crypt" != "xno"; then - AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true") - if test -z "$HAVE_LIBC_CRYPT"; then - AC_CHECK_LIB(crypt, crypt, - CRYPT_LIBS="-lcrypt" - [AC_DEFINE(HAVE_LIBCRYPT)], ,) - fi -fi -AC_SUBST(CRYPT_LIBS) - -# some OS's need both -lssl and -lcrypto on link line: -AH_TEMPLATE(HAVE_LIBCRYPTO, [openssl libcrypto library present]) -AC_ARG_WITH(crypto, -[ --without-crypto disable support for openssl libcrypto],,) - -AH_TEMPLATE(HAVE_LIBSSL, [openssl libssl library present]) -AC_ARG_WITH(ssl, -[ --without-ssl disable support for openssl libssl] -[ --with-ssl=DIR use openssl include/library files in DIR],,) - -if test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno"; then - if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" - CPPFLAGS="$CPPFLAGS -I$with_ssl/include" - LDFLAGS="$LDFLAGS -L$with_ssl/lib" - if test "x$ld_minus_R" = "xno"; then - : - elif test "x$GCC" = "xyes"; then - LDFLAGS="$LDFLAGS -Xlinker -R$with_ssl/lib" - else - LDFLAGS="$LDFLAGS -R$with_ssl/lib" - fi - fi - AC_CHECK_LIB(crypto, RAND_file_name, - [AC_DEFINE(HAVE_LIBCRYPTO) HAVE_LIBCRYPTO="true"], ,) - if test ! -z "$with_ssl" -a "x$with_ssl" != "xyes"; then - if test "x$HAVE_LIBCRYPTO" != "xtrue"; then - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - fi - fi -fi - -AH_TEMPLATE(HAVE_X509_PRINT_EX_FP, [open ssl X509_print_ex_fp available]) -if test "x$with_ssl" != "xno"; then - if test "x$HAVE_LIBCRYPTO" = "xtrue"; then - AC_CHECK_LIB(ssl, SSL_library_init, - SSL_LIBS="-lssl -lcrypto" - [AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], , - -lcrypto) - else - AC_CHECK_LIB(ssl, SSL_library_init, - SSL_LIBS="-lssl" - [AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,) - fi -fi -AC_SUBST(SSL_LIBS) - - if test "x$HAVE_LIBSSL" != "xtrue" -a "x$with_ssl" != "xno"; then - AC_MSG_WARN([ -========================================================================== -*** The openssl encryption library libssl.so was not found. *** -An x11vnc built this way will not support SSL encryption. To enable -SSL install the necessary development packages (perhaps it is named -something like libssl-dev) and run configure again. -========================================================================== -]) - sleep 5 - elif test "x$with_ssl" != "xno"; then - AC_CHECK_LIB(ssl, X509_print_ex_fp, - [AC_DEFINE(HAVE_X509_PRINT_EX_FP) HAVE_X509_PRINT_EX_FP="true"], , $SSL_LIBS - ) - fi - if test "x$with_v4l" != "xno"; then AC_CHECK_HEADER(linux/videodev.h, [AC_DEFINE(HAVE_LINUX_VIDEODEV_H)],,) @@ -720,7 +721,7 @@ if test "x$HAVE_B64" != "xtrue"; then with_websockets="" fi if test "x$with_websockets" = "xyes"; then - LIBS="$LIBS -lresolv" + LIBS="$LIBS -lresolv $SSL_LIBS" AC_DEFINE(WITH_WEBSOCKETS) fi AM_CONDITIONAL(WITH_WEBSOCKETS, test "$with_websockets" = "yes") diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index bbc8feb..c1f89df 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -13,7 +13,18 @@ TIGHTVNCFILETRANSFERSRCS = tightvnc-filetransfer/rfbtightserver.c \ endif if WITH_WEBSOCKETS -WEBSOCKETSSRCS = websockets.c md5.c rfbssl_none.c + +if HAVE_LIBSSL +WEBSOCKETSSSLSRCS = rfbssl_openssl.c +else +#if HAVE_GNUTLS +#WEBSOCKETSSSLSRCS = rfbssl_gnutls.c +#else +WEBSOCKETSSSLSRCS = rfbssl_none.c +#endif +endif + +WEBSOCKETSSRCS = websockets.c md5.c $(WEBSOCKETSSSLSRCS) endif includedir=$(prefix)/include/rfb diff --git a/libvncserver/rfbssl_gnutls.c b/libvncserver/rfbssl_gnutls.c new file mode 100644 index 0000000..09cc89e --- /dev/null +++ b/libvncserver/rfbssl_gnutls.c @@ -0,0 +1,286 @@ +/* + * rfbssl_gnutls.c - Secure socket funtions (gnutls version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include "rfbssl.h" +#include <gnutls/gnutls.h> +#include <errno.h> + +struct rfbssl_ctx { + char peekbuf[2048]; + int peeklen; + int peekstart; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_dh_params_t dh_params; +#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH + gnutls_rsa_params_t rsa_params; +#endif +}; + +void rfbssl_log_func(int level, const char *msg) +{ + rfbErr("SSL: %s", msg); +} + +static void rfbssl_error(const char *msg, int e) +{ + rfbErr("%s: %s (%ld)\n", msg, gnutls_strerror(e), e); +} + +static int rfbssl_init_session(struct rfbssl_ctx *ctx, int fd) +{ + gnutls_session_t session; + int ret; + + if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) { + /* */ + } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) { + /* */ + } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) { + /* */ + } else { + gnutls_session_enable_compatibility_mode(session); + gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)fd); + ctx->session = session; + } + return ret; +} + +static int generate_dh_params(struct rfbssl_ctx *ctx) +{ + int ret; + if (GNUTLS_E_SUCCESS == (ret = gnutls_dh_params_init(&ctx->dh_params))) + ret = gnutls_dh_params_generate2(ctx->dh_params, 1024); + return ret; +} + +#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH +static int generate_rsa_params(struct rfbssl_ctx *ctx) +{ + int ret; + if (GNUTLS_E_SUCCESS == (ret = gnutls_rsa_params_init(&ctx->rsa_params))) + ret = gnutls_rsa_params_generate2(ctx->rsa_params, 512); + return ret; +} +#endif + +struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert) +{ + int ret = GNUTLS_E_SUCCESS; + struct rfbssl_ctx *ctx = NULL; + + if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) { + ret = GNUTLS_E_MEMORY_ERROR; + } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_global_init())) { + /* */ + } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_allocate_credentials(&ctx->x509_cred))) { + /* */ + } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM))) { + /* */ + } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_key_file(ctx->x509_cred, cert, key, GNUTLS_X509_FMT_PEM))) { + /* */ + } else if (!GNUTLS_E_SUCCESS == (ret = generate_dh_params(ctx))) { + /* */ +#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH + } else if (!GNUTLS_E_SUCCESS == (ret = generate_rsa_params(ctx))) { + /* */ +#endif + } else { + gnutls_global_set_log_function(rfbssl_log_func); + gnutls_global_set_log_level(1); + gnutls_certificate_set_dh_params(ctx->x509_cred, ctx->dh_params); + return ctx; + } + + free(ctx); + return NULL; +} + +int rfbssl_init(rfbClientPtr cl) +{ + int ret = -1; + struct rfbssl_ctx *ctx; + char *keyfile; + if (!(keyfile = cl->screen->sslkeyfile)) + keyfile = cl->screen->sslcertfile; + + if (NULL == (ctx = rfbssl_init_global(keyfile, cl->screen->sslcertfile))) { + /* */ + } else if (GNUTLS_E_SUCCESS != (ret = rfbssl_init_session(ctx, cl->sock))) { + /* */ + } else { + while (GNUTLS_E_SUCCESS != (ret = gnutls_handshake(ctx->session))) { + if (ret == GNUTLS_E_AGAIN) + continue; + break; + } + } + + if (ret != GNUTLS_E_SUCCESS) { + rfbssl_error(__func__, ret); + } else { + cl->sslctx = (rfbSslCtx *)ctx; + rfbLog("%s protocol initialized\n", gnutls_protocol_get_name(gnutls_protocol_get_version(ctx->session))); + } + return ret; +} + +static int rfbssl_do_read(rfbClientPtr cl, char *buf, int bufsize) +{ + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + int ret; + + while ((ret = gnutls_record_recv(ctx->session, buf, bufsize)) < 0) { + if (ret == GNUTLS_E_AGAIN) { + /* continue */ + } else if (ret == GNUTLS_E_INTERRUPTED) { + /* continue */ + } else { + break; + } + } + + if (ret < 0) { + rfbssl_error(__func__, ret); + errno = EIO; + ret = -1; + } + + return ret < 0 ? -1 : ret; +} + +int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize) +{ + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + int ret; + + while ((ret = gnutls_record_send(ctx->session, buf, bufsize)) < 0) { + if (ret == GNUTLS_E_AGAIN) { + /* continue */ + } else if (ret == GNUTLS_E_INTERRUPTED) { + /* continue */ + } else { + break; + } + } + + if (ret < 0) + rfbssl_error(__func__, ret); + + return ret; +} + +int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize) +{ + int ret = -1; + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + + if (ctx->peekstart) { + int spaceleft = sizeof(ctx->peekbuf) - ctx->peeklen - ctx->peekstart; + if (spaceleft < bufsize) { + memmove(ctx->peekbuf, ctx->peekbuf + ctx->peekstart, ctx->peeklen); + ctx->peekstart = 0; + } + } + + /* If we have any peek data, simply return that. */ + if (ctx->peeklen) { + if (bufsize > ctx->peeklen) { + /* more than we have, so we are trying to read the remaining + * bytes + **/ + int required = bufsize - ctx->peeklen; + int total = ctx->peekstart + ctx->peeklen; + int n, avail = sizeof(ctx->peekbuf) - total; + + if (required > avail) + required = avail; + + if (!required) { + rfbErr("%s: no space left\n", __func__); + } else if ((n = rfbssl_do_read(cl, ctx->peekbuf + total, required)) < 0) { + rfbErr("%s: read error\n", __func__); + return n; + } else { + ctx->peeklen += n; + } + ret = ctx->peeklen; + } else { + /* simply return what we have */ + ret = bufsize; + } + } else { + ret = bufsize; + if (ret > sizeof(ctx->peekbuf)) + ret = sizeof(ctx->peekbuf); + + if ((ret = rfbssl_do_read(cl, ctx->peekbuf, ret)) > 0) + ctx->peeklen = ret; + } + + if (ret >= 0) { + memcpy(buf, ctx->peekbuf + ctx->peekstart, ret); + } + + return ret; +} + +int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize) +{ + int ret; + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + + if (ctx->peeklen) { + /* If we have any peek data, simply return that. */ + ret = bufsize < ctx->peeklen ? bufsize : ctx->peeklen; + memcpy (buf, ctx->peekbuf + ctx->peekstart, ret); + ctx->peeklen -= ret; + if (ctx->peeklen != 0) + ctx->peekstart += ret; + else + ctx->peekstart = 0; + } else { + ret = rfbssl_do_read(cl, buf, bufsize); + } + + return ret; +} + +int rfbssl_pending(rfbClientPtr cl) +{ + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + int ret = ctx->peeklen; + + if (ret <= 0) + ret = gnutls_record_check_pending(ctx->session); + + return ret; +} + +void rfbssl_destroy(rfbClientPtr cl) +{ + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + gnutls_bye(ctx->session, GNUTLS_SHUT_WR); + gnutls_deinit(ctx->session); + gnutls_certificate_free_credentials(ctx->x509_cred); +} diff --git a/libvncserver/rfbssl_openssl.c b/libvncserver/rfbssl_openssl.c new file mode 100644 index 0000000..cbd6865 --- /dev/null +++ b/libvncserver/rfbssl_openssl.c @@ -0,0 +1,135 @@ +/* + * rfbssl_openssl.c - Secure socket funtions (openssl version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include "rfbssl.h" +#include <openssl/ssl.h> +#include <openssl/err.h> + +struct rfbssl_ctx { + SSL_CTX *ssl_ctx; + SSL *ssl; +}; + +static void rfbssl_error(void) +{ + char buf[1024]; + unsigned long e = ERR_get_error(); + rfbErr("%s (%ld)\n", ERR_error_string(e, buf), e); +} + +int rfbssl_init(rfbClientPtr cl) +{ + char *keyfile; + int r, ret = -1; + struct rfbssl_ctx *ctx; + + SSL_library_init(); + SSL_load_error_strings(); + + if (cl->screen->sslkeyfile && *cl->screen->sslkeyfile) { + keyfile = cl->screen->sslkeyfile; + } else { + keyfile = cl->screen->sslcertfile; + } + + if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) { + rfbErr("OOM\n"); + } else if (!cl->screen->sslcertfile || !cl->screen->sslcertfile[0]) { + rfbErr("SSL connection but no cert specified\n"); + } else if (NULL == (ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()))) { + rfbssl_error(); + } else if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, keyfile, SSL_FILETYPE_PEM) <= 0) { + rfbErr("Unable to load private key file %s\n", keyfile); + } else if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, cl->screen->sslcertfile, SSL_FILETYPE_PEM) <= 0) { + rfbErr("Unable to load certificate file %s\n", cl->screen->sslcertfile); + } else if (NULL == (ctx->ssl = SSL_new(ctx->ssl_ctx))) { + rfbErr("SSL_new failed\n"); + rfbssl_error(); + } else if (!(SSL_set_fd(ctx->ssl, cl->sock))) { + rfbErr("SSL_set_fd failed\n"); + rfbssl_error(); + } else { + while ((r = SSL_accept(ctx->ssl)) < 0) { + if (SSL_get_error(ctx->ssl, r) != SSL_ERROR_WANT_READ) + break; + } + if (r < 0) { + rfbErr("SSL_accept failed %d\n", SSL_get_error(ctx->ssl, r)); + } else { + cl->sslctx = (rfbSslCtx *)ctx; + ret = 0; + } + } + return ret; +} + +int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize) +{ + int ret; + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + + while ((ret = SSL_write(ctx->ssl, buf, bufsize)) <= 0) { + if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_WRITE) + break; + } + return ret; +} + +int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize) +{ + int ret; + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + + while ((ret = SSL_peek(ctx->ssl, buf, bufsize)) <= 0) { + if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_READ) + break; + } + return ret; +} + +int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize) +{ + int ret; + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + + while ((ret = SSL_read(ctx->ssl, buf, bufsize)) <= 0) { + if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_READ) + break; + } + return ret; +} + +int rfbssl_pending(rfbClientPtr cl) +{ + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + return SSL_pending(ctx->ssl); +} + +void rfbssl_destroy(rfbClientPtr cl) +{ + struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx; + if (ctx->ssl) + SSL_free(ctx->ssl); + if (ctx->ssl_ctx) + SSL_CTX_free(ctx->ssl_ctx); +} |