improve ssl

configure.ac

@@ -71,10 +71,10 @@ AC_ARG_ENABLE(
 
 AC_ARG_WITH(
 	[ssl-library],
-	[AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl @<:@default=openssl@:>@])],
+	[AS_HELP_STRING([--with-ssl-library=library], [build with the given crypto library, TYPE=openssl|cyassl @<:@default=openssl@:>@])],
 	[
 	        case "${withval}" in
-	                openssl) ;;
+	                openssl|cyassl) ;;
 	                *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
 	        esac
 	],
@@ -134,7 +134,34 @@ AC_CHECK_LIB([config], [config_init], [CONFIG_LIBS="-lconfig"], [AC_MSG_ERROR(Yo
 AC_CHECK_HEADER([pthread.h], [], [AC_MSG_ERROR(You need the pthread headers)])
 AC_CHECK_LIB([pthread], [pthread_create], [PTHREAD_LIBS="-lpthread"], [AC_MSG_ERROR(You need the pthread library)])
 
+# Check nl80211
+has_libnl_ver=0
+PKG_CHECK_MODULES(
+	[LIBNL],
+	[libnl-3.0 >= 3.0 libnl-genl-3.0 >= 3.0], 
+	[AC_DEFINE([HAVE_LIBNL30], [1], [Use libnl-3.0 library])],
+	[PKG_CHECK_MODULES(
+		[LIBNL],
+		[libnl-2.0 >= 2.0],
+		[AC_DEFINE([HAVE_LIBNL20], [1], [Use libnl-2.0 library])],
+		[PKG_CHECK_MODULES(
+			[LIBNL],
+			[libnl-1],
+			[AC_DEFINE([HAVE_LIBNL10], [1], [Use libnl-1.0 library])],
+			[AC_MSG_ERROR(You need the libnl and libnl-genl)]
+		)]
+	)]
+)
+
+if test "${enable_wifi_drivers_nl80211}" = "yes"; then
+	AC_CHECK_HEADERS([netlink/genl/genl.h netlink/genl/family.h netlink/genl/ctrl.h], [], [AC_MSG_ERROR(You need the netlink header)])
+	AC_CHECK_HEADER([linux/nl80211.h], [], [AC_MSG_ERROR(You need the nl80211 header)])
+	AC_DEFINE([ENABLE_WIFI_DRIVERS_NL80211], [1], [Enable WTP support for nl80211 wifi binding])
+fi
+AM_CONDITIONAL([BUILD_WTP_WIFI_DRIVERS_NL80211], [test "${enable_wifi_drivers_nl80211}" = "yes"])
+
 # Check SSL library
+if test "${with_ssl_library}" = "openssl"; then
 	PKG_CHECK_MODULES(
 		[OPENSSL_CRYPTO],
 		[libcrypto >= 1.0.0],
@@ -174,6 +201,13 @@ if test "${have_openssl_ssl}" = "yes"; then
 		CFLAGS="${saved_CFLAGS}"
 		LIBS="${saved_LIBS}"
 	fi
+elif test "${with_ssl_library}" = "cyassl"; then
+	AC_CHECK_HEADER([cyassl/ssl.h], [], [AC_MSG_ERROR(You need the cyassl headers)])
+	AC_CHECK_HEADER([cyassl/openssl/ssl.h], [], [AC_MSG_ERROR(You need the cyassl opensslextra headers)])
+	AC_CHECK_LIB([cyassl], [CyaSSL_Init], [], [AC_MSG_ERROR(You need the cyassl library)])
+	have_cyassl_engine="yes"
+	have_cyassl_ssl="yes"
+fi
 
 case "${with_ssl_library}" in
 	openssl)
@@ -182,14 +216,22 @@ case "${with_ssl_library}" in
 		have_crypto_ssl="${have_openssl_ssl}"
 		SSL_CFLAGS="${OPENSSL_CRYPTO_CFLAGS} ${OPENSSL_SSL_CFLAGS}"
 		SSL_LIBS="${OPENSSL_SSL_LIBS}"
-		test "${have_openssl_engine}" = "yes" && AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [Use crypto library])
+		test "${have_crypto_engine}" = "yes" && AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [Use ssl library])
+		;;
+	cyassl)
+		have_crypto_engine="${have_cyassl_engine}"
+		have_crypto_crypto="${have_cyassl_ssl}"
+		have_crypto_ssl="${have_cyassl_ssl}"
+		SSL_CFLAGS=""
+		SSL_LIBS="-lcyassl"
+		test "${have_crypto_engine}" = "yes" && AC_DEFINE([HAVE_CYASSL_ENGINE], [1], [Use ssl library])
 		;;
 esac
 
 if test "${enable_dtls}" = "yes"; then
 	test "${have_crypto_engine}" != "yes" && AC_MSG_ERROR([${with_ssl_library} engine is required but missing])
-	test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_ssl_library} crypto is required but missing])
 	test "${have_crypto_ssl}" != "yes" && AC_MSG_ERROR([${with_ssl_library} ssl is required but missing])
+	test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_ssl_library} crypto is required but missing])
 	AC_DEFINE([ENABLE_DTLS], [1], [Enable DTLS])
 fi
 
@@ -214,32 +256,6 @@ case "${with_mem_check}" in
 		;;
 esac
 
-# Check nl80211
-has_libnl_ver=0
-PKG_CHECK_MODULES(
-	[LIBNL],
-	[libnl-3.0 >= 3.0 libnl-genl-3.0 >= 3.0], 
-	[AC_DEFINE([HAVE_LIBNL30], [1], [Use libnl-3.0 library])],
-	[PKG_CHECK_MODULES(
-		[LIBNL],
-		[libnl-2.0 >= 2.0],
-		[AC_DEFINE([HAVE_LIBNL20], [1], [Use libnl-2.0 library])],
-		[PKG_CHECK_MODULES(
-			[LIBNL],
-			[libnl-1],
-			[AC_DEFINE([HAVE_LIBNL10], [1], [Use libnl-1.0 library])],
-			[AC_MSG_ERROR(You need the libnl and libnl-genl)]
-		)]
-	)]
-)
-
-if test "${enable_wifi_drivers_nl80211}" = "yes"; then
-	AC_CHECK_HEADERS([netlink/genl/genl.h netlink/genl/family.h netlink/genl/ctrl.h], [], [AC_MSG_ERROR(You need the netlink header)])
-	AC_CHECK_HEADER([linux/nl80211.h], [], [AC_MSG_ERROR(You need the nl80211 header)])
-	AC_DEFINE([ENABLE_WIFI_DRIVERS_NL80211], [1], [Enable WTP support for nl80211 wifi binding])
-fi
-AM_CONDITIONAL([BUILD_WTP_WIFI_DRIVERS_NL80211], [test "${enable_wifi_drivers_nl80211}" = "yes"])
-
 #
 AM_CONDITIONAL([BUILD_AC], [test "${enable_ac}" = "yes"])
 AM_CONDITIONAL([BUILD_WTP], [test "${enable_wtp}" = "yes"])

src/common/capwap_array.c

@@ -23,7 +23,6 @@ struct capwap_array* capwap_array_create(unsigned short itemsize, unsigned long
 
 /* */
 struct capwap_array* capwap_array_clone(struct capwap_array* array) {
-	unsigned long i;
 	struct capwap_array* clone;
 
 	ASSERT (array != NULL);

src/common/capwap_dtls.c

@@ -2,6 +2,7 @@
 #include "capwap_dtls.h"
 #include "capwap_protocol.h"
 
+#include <openssl/ssl.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
@@ -404,7 +405,7 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
 	dtlscontext->mode = param->mode;
 	
 	/* Alloc context */
-	dtlscontext->sslcontext = SSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method()));
+	dtlscontext->sslcontext = (void*)SSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method()));
 	if (!dtlscontext->sslcontext) {
 		capwap_logging_debug("Error to initialize dtls context");
 		return 0;
@@ -427,7 +428,7 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
 		}
 		
 		/* Public certificate */
-		if (!SSL_CTX_use_certificate_file(dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) {
+		if (!SSL_CTX_use_certificate_file((SSL_CTX*)dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) {
 			capwap_logging_debug("Error to load certificate file");
 			capwap_crypt_freecontext(dtlscontext);
 			return 0;
@@ -441,36 +442,36 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
 		}
 		dtlscontext->cert.pwdprivatekey[length] = 0;
 		
-		SSL_CTX_set_default_passwd_cb(dtlscontext->sslcontext, check_passwd);
+		SSL_CTX_set_default_passwd_cb((SSL_CTX*)dtlscontext->sslcontext, check_passwd);
-		SSL_CTX_set_default_passwd_cb_userdata(dtlscontext->sslcontext, dtlscontext);
+		SSL_CTX_set_default_passwd_cb_userdata((SSL_CTX*)dtlscontext->sslcontext, dtlscontext);
 		
 		/* Private key */
-		if (!SSL_CTX_use_PrivateKey_file(dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) {
+		if (!SSL_CTX_use_PrivateKey_file((SSL_CTX*)dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) {
 			capwap_logging_debug("Error to load private key file");
 			capwap_crypt_freecontext(dtlscontext);
 			return 0;
 		}
 		
-		if (!SSL_CTX_check_private_key(dtlscontext->sslcontext)) {
+		if (!SSL_CTX_check_private_key((SSL_CTX*)dtlscontext->sslcontext)) {
 			capwap_logging_debug("Error to check private key");
 			capwap_crypt_freecontext(dtlscontext);
 			return 0;
 		}
 		
 		/* Certificate Authority */
-		if (!SSL_CTX_load_verify_locations(dtlscontext->sslcontext, param->cert.fileca, NULL)) {
+		if (!SSL_CTX_load_verify_locations((SSL_CTX*)dtlscontext->sslcontext, param->cert.fileca, NULL)) {
 			capwap_logging_debug("Error to load ca file");
 			capwap_crypt_freecontext(dtlscontext);
 			return 0;
 		}
 		
-		if (!SSL_CTX_set_default_verify_paths(dtlscontext->sslcontext)) {
+		if (!SSL_CTX_set_default_verify_paths((SSL_CTX*)dtlscontext->sslcontext)) {
 			capwap_crypt_freecontext(dtlscontext);
 			return 0;
 		}
 		
 		/* Verify certificate callback */
-		SSL_CTX_set_verify(dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), verify_certificate);
+		SSL_CTX_set_verify((SSL_CTX*)dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), verify_certificate);
 
 		/* 	Cipher list: 
 				TLS_RSA_WITH_AES_128_CBC_SHA
@@ -478,7 +479,7 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
 				TLS_RSA_WITH_AES_256_CBC_SHA
 				TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 		*/
-		if (!SSL_CTX_set_cipher_list(dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) {
+		if (!SSL_CTX_set_cipher_list((SSL_CTX*)dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) {
 			capwap_logging_debug("Error to select cipher list");
 			capwap_crypt_freecontext(dtlscontext);
 			return 0;
@@ -493,11 +494,11 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
 
 	/* Cookie callback */
 	RAND_bytes(dtlscontext->cookie, CAPWAP_COOKIE_SECRET_LENGTH);
-	SSL_CTX_set_cookie_generate_cb(dtlscontext->sslcontext, generate_cookie);
+	SSL_CTX_set_cookie_generate_cb((SSL_CTX*)dtlscontext->sslcontext, generate_cookie);
-	SSL_CTX_set_cookie_verify_cb(dtlscontext->sslcontext, verify_cookie);
+	SSL_CTX_set_cookie_verify_cb((SSL_CTX*)dtlscontext->sslcontext, verify_cookie);
 
 	/* */
-	SSL_CTX_set_read_ahead(dtlscontext->sslcontext, 1);
+	SSL_CTX_set_read_ahead((SSL_CTX*)dtlscontext->sslcontext, 1);
 	return 1;
 }
 
@@ -514,7 +515,7 @@ void capwap_crypt_freecontext(struct capwap_dtls_context* dtlscontext) {
 
 	/* Free context */	
 	if (dtlscontext->sslcontext) {
-		SSL_CTX_free(dtlscontext->sslcontext);
+		SSL_CTX_free((SSL_CTX*)dtlscontext->sslcontext);
 	}
 
 	memset(dtlscontext, 0, sizeof(struct capwap_dtls));
@@ -532,7 +533,7 @@ int capwap_crypt_createsession(struct capwap_dtls* dtls, int sessiontype, struct
 	memset(dtls, 0, sizeof(struct capwap_dtls));
 	
 	/* Create ssl session */
-	dtls->sslsession = SSL_new(dtlscontext->sslcontext);
+	dtls->sslsession = (void*)SSL_new((SSL_CTX*)dtlscontext->sslcontext);
 	if (!dtls->sslsession) {
 		capwap_logging_debug("Error to initialize dtls session");
 		return 0;
@@ -552,27 +553,27 @@ int capwap_crypt_createsession(struct capwap_dtls* dtls, int sessiontype, struct
 	}
 
 	/* Configure BIO */
-	SSL_set_bio(dtls->sslsession, bio, bio);
+	SSL_set_bio((SSL*)dtls->sslsession, bio, bio);
 
 	/* In server mode enable cookie exchange */
 	if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
-		SSL_set_options(dtls->sslsession, SSL_OP_COOKIE_EXCHANGE);
+		SSL_set_options((SSL*)dtls->sslsession, SSL_OP_COOKIE_EXCHANGE);
 	}
 
 	/* Set static MTU size */
-	SSL_set_options(dtls->sslsession, SSL_OP_NO_QUERY_MTU);
+	SSL_set_options((SSL*)dtls->sslsession, SSL_OP_NO_QUERY_MTU);
-	SSL_set_mtu(dtls->sslsession, CAPWAP_DTLS_MTU_SIZE);
+	SSL_set_mtu((SSL*)dtls->sslsession, CAPWAP_DTLS_MTU_SIZE);
 
 	/* */
-	SSL_set_verify_depth(dtls->sslsession, CAPWAP_DTLS_CERT_VERIFY_DEPTH + 1);
+	SSL_set_verify_depth((SSL*)dtls->sslsession, CAPWAP_DTLS_CERT_VERIFY_DEPTH + 1);
 
 	/* */
-	SSL_set_read_ahead(dtls->sslsession, 1);
+	SSL_set_read_ahead((SSL*)dtls->sslsession, 1);
 	
 	if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
-		SSL_set_accept_state(dtls->sslsession);
+		SSL_set_accept_state((SSL*)dtls->sslsession);
 	} else {
-		SSL_set_connect_state(dtls->sslsession);
+		SSL_set_connect_state((SSL*)dtls->sslsession);
 	}
 
 	/* SSL session app data */
@@ -582,7 +583,7 @@ int capwap_crypt_createsession(struct capwap_dtls* dtls, int sessiontype, struct
 	}
 
 	appdata->cookie = &dtlscontext->cookie[0];
-	SSL_set_app_data(dtls->sslsession, (void*)appdata);
+	SSL_set_ex_data((SSL*)dtls->sslsession, 0, (void*)appdata);
 
 	/* */
 	dtls->action = CAPWAP_DTLS_ACTION_NONE;
@@ -601,9 +602,9 @@ static int capwap_crypt_handshake(struct capwap_dtls* dtls) {
 	ASSERT((dtls->action == CAPWAP_DTLS_ACTION_NONE) || (dtls->action == CAPWAP_DTLS_ACTION_HANDSHAKE));
 
 	ERR_clear_error();
-	result = SSL_do_handshake(dtls->sslsession);
+	result = SSL_do_handshake((SSL*)dtls->sslsession);
 	if (result <= 0) {
-		result = SSL_get_error(dtls->sslsession, result);
+		result = SSL_get_error((SSL*)dtls->sslsession, result);
 		if ((result == SSL_ERROR_WANT_READ) || (result == SSL_ERROR_WANT_WRITE)) {
 			/* Incomplete handshake */
 			dtls->action = CAPWAP_DTLS_ACTION_HANDSHAKE;
@@ -616,7 +617,7 @@ static int capwap_crypt_handshake(struct capwap_dtls* dtls) {
 	}
 	
 	/* Check certificate */
-	result = SSL_get_verify_result(dtls->sslsession);
+	result = SSL_get_verify_result((SSL*)dtls->sslsession);
 	if (result != X509_V_OK) {
 		dtls->action = CAPWAP_DTLS_ACTION_ERROR;
 		return CAPWAP_HANDSHAKE_ERROR;
@@ -629,7 +630,7 @@ static int capwap_crypt_handshake(struct capwap_dtls* dtls) {
 
 /* */
 int capwap_crypt_open(struct capwap_dtls* dtls, struct sockaddr_storage* peeraddr) {
-	BIO_dgram_set_peer(SSL_get_rbio(dtls->sslsession), peeraddr);
+	BIO_dgram_set_peer(SSL_get_rbio((SSL*)dtls->sslsession), peeraddr);
 	return capwap_crypt_handshake(dtls);
 }
 
@@ -639,7 +640,7 @@ void capwap_crypt_close(struct capwap_dtls* dtls) {
 	ASSERT(dtls->enable != 0);
 	
 	if ((dtls->action == CAPWAP_DTLS_ACTION_DATA) || (dtls->action == CAPWAP_DTLS_ACTION_SHUTDOWN)) {
-		SSL_shutdown(dtls->sslsession);
+		SSL_shutdown((SSL*)dtls->sslsession);
 	}
 }
 
@@ -651,7 +652,7 @@ void capwap_crypt_change_bio_send(struct capwap_dtls* dtls, capwap_bio_send bios
 	ASSERT(dtls->enable != 0);
 	ASSERT(biosend != NULL);
 
-	bio = SSL_get_wbio(dtls->sslsession);
+	bio = SSL_get_wbio((SSL*)dtls->sslsession);
 	if ((bio != NULL) && (bio->ptr != NULL)) {
 		struct bio_capwap_data* data = (struct bio_capwap_data*)bio->ptr;
 
@@ -671,7 +672,7 @@ void capwap_crypt_change_dtls(struct capwap_dtls* dtls, struct capwap_dtls* newd
 	memcpy(newdtls, dtls, sizeof(struct capwap_dtls));
 
 	/* Update DTLS into BIO */
-	bio = SSL_get_rbio(dtls->sslsession);
+	bio = SSL_get_rbio((SSL*)dtls->sslsession);
 	if ((bio != NULL) && (bio->ptr != NULL)) {
 		struct bio_capwap_data* data = (struct bio_capwap_data*)bio->ptr;
 
@@ -685,12 +686,12 @@ void capwap_crypt_freesession(struct capwap_dtls* dtls) {
 	
 	/* Free SSL session */
 	if (dtls->sslsession) {
-		struct capwap_app_data* appdata = (struct capwap_app_data*)SSL_get_app_data(dtls->sslsession);
+		struct capwap_app_data* appdata = (struct capwap_app_data*)SSL_get_ex_data(dtls->sslsession, 0);
 		if (appdata) {
 			capwap_free(appdata);
 		}
 
-		SSL_free(dtls->sslsession);
+		SSL_free((SSL*)dtls->sslsession);
 	}
 	
 	memset(dtls, 0, sizeof(struct capwap_dtls));
@@ -713,7 +714,7 @@ int capwap_crypt_sendto(struct capwap_dtls* dtls, int sock, void* buffer, int si
 	}
 
 	ERR_clear_error();
-	return SSL_write(dtls->sslsession, buffer, size);
+	return SSL_write((SSL*)dtls->sslsession, buffer, size);
 }
 
 /* */
@@ -749,12 +750,12 @@ int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size,
 		}
 	} else if (dtls->action == CAPWAP_DTLS_ACTION_DATA) {
 		ERR_clear_error();
-		result = SSL_read(dtls->sslsession, (plainbuffer ? plainbuffer : encrybuffer), maxsize);
+		result = SSL_read((SSL*)dtls->sslsession, (plainbuffer ? plainbuffer : encrybuffer), maxsize);
 		if (!result) {
 			int shutdown;
 
 			/* Check shutdown status */
-			shutdown = SSL_get_shutdown(dtls->sslsession);
+			shutdown = SSL_get_shutdown((SSL*)dtls->sslsession);
 			if (shutdown & SSL_RECEIVED_SHUTDOWN) {
 				dtls->action = CAPWAP_DTLS_ACTION_SHUTDOWN;
 				result = CAPWAP_ERROR_SHUTDOWN;
@@ -763,7 +764,7 @@ int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size,
 			}
 		} else if (result < 0) {
 			/* Check error */
-			sslerror = SSL_get_error(dtls->sslsession, result);
+			sslerror = SSL_get_error((SSL*)dtls->sslsession, result);
 			if ((sslerror == SSL_ERROR_WANT_READ) || (sslerror == SSL_ERROR_WANT_WRITE)) {
 				result = CAPWAP_ERROR_AGAIN;			/* DTLS Renegotiation */
 			} else {

src/common/capwap_dtls.h

@@ -1,8 +1,6 @@
 #ifndef __CAPWAP_DTLS_HEADER__
 #define __CAPWAP_DTLS_HEADER__
 
-#include <openssl/ssl.h>
-
 #define CAPWAP_DTLS_CLIENT						0
 #define CAPWAP_DTLS_SERVER						1
 
@@ -29,6 +27,41 @@
 #define CAPWAP_ERROR_SHUTDOWN					-1
 #define CAPWAP_ERROR_CLOSE						-2
 
+/* */
+struct capwap_dtls_context {
+	int type;
+	int mode;
+
+	void* sslcontext;
+
+	/* Cookie */
+	unsigned char cookie[CAPWAP_COOKIE_SECRET_LENGTH];
+
+	union {
+		struct {
+			int dummy;							/* TODO */
+		} presharedkey;
+
+		struct {
+			char* pwdprivatekey;				/* Password for private key */
+		} cert;
+	};
+};
+
+/* */
+struct capwap_dtls {
+	int enable;
+	int action;
+	int session;
+
+	void* sslsession;
+
+	/* Buffer read */
+	void* buffer;
+	int length;
+};
+
+/* */
 struct capwap_dtls_param {
 	int type;
 	int mode;
@@ -50,42 +83,12 @@ struct capwap_dtls_param {
 	};
 };
 
-struct capwap_dtls_context {
+/* */
-	int type;
-	int mode;
-
-	SSL_CTX* sslcontext;
-
-	/* Cookie */
-	unsigned char cookie[CAPWAP_COOKIE_SECRET_LENGTH];
-
-	union {
-		struct {
-			int dummy;							/* TODO */
-		} presharedkey;
-
-		struct {
-			char* pwdprivatekey;				/* Password for private key */
-		} cert;
-	};
-};
-
-struct capwap_dtls {
-	int enable;
-	int action;
-	int session;
-
-	SSL* sslsession;
-
-	/* Buffer read */
-	void* buffer;
-	int length;
-};
-
 struct capwap_app_data {
 	unsigned char* cookie;
 };
 
+/* */
 typedef int(*capwap_bio_send)(struct capwap_dtls* dtls, char* buffer, int length, void* param);
 
 int capwap_crypt_init();