| 11 |
nishi |
1 |
/* $Id: ssl.c 19 2024-09-14 00:51:41Z nishi $ */
|
|
|
2 |
|
| 16 |
nishi |
3 |
#define SOURCE
|
|
|
4 |
|
| 11 |
nishi |
5 |
#include "tw_ssl.h"
|
| 12 |
nishi |
6 |
|
|
|
7 |
#include "tw_config.h"
|
|
|
8 |
|
|
|
9 |
#include <stdio.h>
|
|
|
10 |
|
|
|
11 |
#include <cm_log.h>
|
|
|
12 |
|
|
|
13 |
extern struct tw_config config;
|
|
|
14 |
|
|
|
15 |
int tw_ssl_cert_cb(SSL* ssl, void* arg) {
|
|
|
16 |
const char* s = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
17 |
if(s != NULL) {
|
|
|
18 |
cm_log("SSL", "Certificate request for %s", s);
|
|
|
19 |
} else {
|
|
|
20 |
s = config.hostname;
|
|
|
21 |
cm_log("SSL", "Could not get the servername, defaulting to the hostname: %s", s);
|
|
|
22 |
}
|
|
|
23 |
struct tw_config_entry* e = tw_vhost_match(s, (uint64_t)arg);
|
|
|
24 |
if(e != NULL && e->sslkey != NULL && e->sslcert != NULL) {
|
|
|
25 |
SSL_use_PrivateKey_file(ssl, e->sslkey, SSL_FILETYPE_PEM);
|
|
|
26 |
SSL_use_certificate_file(ssl, e->sslcert, SSL_FILETYPE_PEM);
|
|
|
27 |
return 1;
|
| 19 |
nishi |
28 |
} else if(config.root.sslkey != NULL && config.root.sslcert != NULL) {
|
|
|
29 |
SSL_use_PrivateKey_file(ssl, config.root.sslkey, SSL_FILETYPE_PEM);
|
|
|
30 |
SSL_use_certificate_file(ssl, config.root.sslcert, SSL_FILETYPE_PEM);
|
| 12 |
nishi |
31 |
} else {
|
|
|
32 |
return 0;
|
|
|
33 |
}
|
|
|
34 |
}
|
|
|
35 |
|
|
|
36 |
SSL_CTX* tw_create_ssl_ctx(uint64_t port) {
|
|
|
37 |
SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
|
|
|
38 |
SSL_CTX_set_cert_cb(ctx, tw_ssl_cert_cb, (void*)port);
|
|
|
39 |
return ctx;
|
|
|
40 |
}
|