Works now with certificates.

FossilOrigin-Name: 229b007cb1cef06e286a938bc6225bd88976df32e6ec3253a5701e292fedd388
2014-08-02 07:42:09 +00:00 · 2014-08-02 07:42:09 +00:00 · ca88f63bc0
commit ca88f63bc0
parent c67f4920dc
1 changed files with 88 additions and 11 deletions
--- a/src/capwap/dtls_openssl.c
+++ b/src/capwap/dtls_openssl.c
@ -28,6 +28,20 @@
 #include "conn.h"


+int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
+{
+         strncpy(buf, (char *)(password), size);
+         buf[size - 1] = '\0';
+         return(strlen(buf));
+}
+
+
+
+
+
+
+
+
 int dtls_openssl_init()
 {
 	cw_log_debug0("Init ssl library");
@ -61,6 +75,11 @@ int dtls_openssl_log_error(SSL * ssl, int rc, const char *txt)

 	int e;
 	e = SSL_get_error(ssl,rc);
+
+	char errstr[256];
+	ERR_error_string(e,errstr);
+	cw_log(LOG_ERR,"%s - %s","SSSSS",errstr);
+
 	switch (e){
 		case SSL_ERROR_ZERO_RETURN:
 			break;
@ -76,6 +95,7 @@ int dtls_openssl_log_error(SSL * ssl, int rc, const char *txt)
 				return 1;
 			}
 			
+
 	}	
 	return 0;
 }
@ -96,6 +116,10 @@ void dtls_openssl_data_destroy(struct dtls_openssl_data * d){
 }


+
+
+
+
 struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio)
 {
 	struct dtls_openssl_data * d = malloc(sizeof(struct dtls_openssl_data));
@ -114,20 +138,56 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
 	
 	//int rc = SSL_CTX_set_cipher_list(d->ctx, "PSiaK-AXES128-C5BC-SaHA");
 	int rc = SSL_CTX_set_cipher_list(d->ctx, conn->dtls_cipher);
-
-	
 	if (!rc){
 		dtls_openssl_log_error(0,rc,"DTLS:");
 		dtls_openssl_data_destroy(d);	
 		return 0;
 	}

+
+	if (conn->dtls_key_file && conn->dtls_cert_file){
+		SSL_CTX_set_default_passwd_cb_userdata(d->ctx, conn->dtls_key_pass);
+		SSL_CTX_set_default_passwd_cb(d->ctx, pem_passwd_cb);
+
+
+		cw_log_debug1("DTLS - Setting key file %s",conn->dtls_key_file);
+		rc = SSL_CTX_use_PrivateKey_file(d->ctx,conn->dtls_key_file,SSL_FILETYPE_PEM);
+		if (!rc){
+
+			dtls_openssl_log_error(0,rc,"DTLS:");
+			dtls_openssl_data_destroy(d);	
+			return 0;
+		}
+
+		cw_log_debug1("DTLS - Setting cert file %s",conn->dtls_cert_file);
+		rc = SSL_CTX_use_certificate_file(d->ctx,conn->dtls_cert_file,SSL_FILETYPE_PEM);
+		if (!rc){
+
+			dtls_openssl_log_error(0,rc,"DTLS:");
+			dtls_openssl_data_destroy(d);	
+			return 0;
+		}
+
+
+
+	}
+
+
+
+
 	d->ssl = SSL_new(d->ctx);
 	if (!d->ssl){
 		dtls_openssl_data_destroy(d);
 		return 0;
 	}

+
+/*
+printf("Checccccccccccccccccccccccccccccc Allllllllllllllllllllllllllllllllllllll is ok!\n");
+
+printf("Allllllllllllllllllllllllllllllllllllll is ok!\n");
+*/
+	
 	d->bio = BIO_new(bio);
 	d->bio->ptr = conn;
 	SSL_set_bio(d->ssl, d->bio, d->bio);
@ -198,6 +258,20 @@ int dtls_openssl_shutdown(struct conn *conn)
 }


+
+
+
+
+
+
+
+
+
+
+
+
+
+
 int cookie_initialized=0;
 #define COOKIE_SECRET_LENGTH 16
 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@ -282,6 +356,8 @@ int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *
 }


+
+
 int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
 {
 	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
@ -315,8 +391,7 @@ int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int coo
 	length += sizeof(in_port_t);
 	buffer = (unsigned char*) OPENSSL_malloc(length);

-	if (buffer == NULL)
-		{
+	if (buffer == NULL){
 		printf("out of memory\n");
 		return 0;
 	}
@ -354,6 +429,8 @@ int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int coo
 	return 0;
 	}

+
+/*
 struct pass_info {
 	union {
 		struct sockaddr_storage ss;
@ -362,7 +439,7 @@ struct pass_info {
 	} server_addr, client_addr;
 	SSL *ssl;
 };
-
+*/


 int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len)