nxt_cyassl.c (65:10688b89aa16) nxt_cyassl.c (564:762f8c976ead)
1
2/*
3 * Copyright (C) NGINX, Inc.
4 * Copyright (C) Igor Sysoev
5 */
6
7#include <nxt_main.h>
8#include <cyassl/ssl.h>

--- 73 unchanged lines hidden (view full) ---

82 started = 1;
83
84 thr = nxt_thread();
85
86 /* TODO: CyaSSL_Cleanup() */
87
88 err = CyaSSL_Init();
89 if (err != SSL_SUCCESS) {
1
2/*
3 * Copyright (C) NGINX, Inc.
4 * Copyright (C) Igor Sysoev
5 */
6
7#include <nxt_main.h>
8#include <cyassl/ssl.h>

--- 73 unchanged lines hidden (view full) ---

82 started = 1;
83
84 thr = nxt_thread();
85
86 /* TODO: CyaSSL_Cleanup() */
87
88 err = CyaSSL_Init();
89 if (err != SSL_SUCCESS) {
90 nxt_cyassl_log_error(NXT_LOG_CRIT, thr->log, err,
90 nxt_cyassl_log_error(NXT_LOG_ALERT, thr->log, err,
91 "CyaSSL_Init() failed");
92 return NXT_ERROR;
93 }
94
95 nxt_thread_log_error(NXT_LOG_INFO, "CyaSSL version: %s",
96 LIBCYASSL_VERSION_STRING);
97
98 /* CyaSSL_SetLoggingCb */

--- 14 unchanged lines hidden (view full) ---

113 thr = nxt_thread();
114
115 if (nxt_slow_path(nxt_cyassl_start() != NXT_OK)) {
116 return NXT_ERROR;
117 }
118
119 ctx = CyaSSL_CTX_new(CyaSSLv23_server_method());
120 if (ctx == NULL) {
91 "CyaSSL_Init() failed");
92 return NXT_ERROR;
93 }
94
95 nxt_thread_log_error(NXT_LOG_INFO, "CyaSSL version: %s",
96 LIBCYASSL_VERSION_STRING);
97
98 /* CyaSSL_SetLoggingCb */

--- 14 unchanged lines hidden (view full) ---

113 thr = nxt_thread();
114
115 if (nxt_slow_path(nxt_cyassl_start() != NXT_OK)) {
116 return NXT_ERROR;
117 }
118
119 ctx = CyaSSL_CTX_new(CyaSSLv23_server_method());
120 if (ctx == NULL) {
121 nxt_cyassl_log_error(NXT_LOG_CRIT, thr->log, 0,
121 nxt_cyassl_log_error(NXT_LOG_ALERT, thr->log, 0,
122 "CyaSSL_CTX_new() failed");
123 return NXT_ERROR;
124 }
125
126 conf->ctx = ctx;
127 conf->conn_init = nxt_cyassl_conn_init;
128
129 certificate = conf->certificate;
130
131 err = CyaSSL_CTX_use_certificate_file(ctx, certificate, SSL_FILETYPE_PEM);
132 if (err != SSL_SUCCESS) {
122 "CyaSSL_CTX_new() failed");
123 return NXT_ERROR;
124 }
125
126 conf->ctx = ctx;
127 conf->conn_init = nxt_cyassl_conn_init;
128
129 certificate = conf->certificate;
130
131 err = CyaSSL_CTX_use_certificate_file(ctx, certificate, SSL_FILETYPE_PEM);
132 if (err != SSL_SUCCESS) {
133 nxt_cyassl_log_error(NXT_LOG_CRIT, thr->log, err,
133 nxt_cyassl_log_error(NXT_LOG_ALERT, thr->log, err,
134 "CyaSSL_CTX_use_certificate_file(\"%s\") failed",
135 certificate);
136 goto fail;
137 }
138
139 key = conf->certificate_key;
140
141 err = CyaSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
142 if (err != SSL_SUCCESS) {
134 "CyaSSL_CTX_use_certificate_file(\"%s\") failed",
135 certificate);
136 goto fail;
137 }
138
139 key = conf->certificate_key;
140
141 err = CyaSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
142 if (err != SSL_SUCCESS) {
143 nxt_cyassl_log_error(NXT_LOG_CRIT, thr->log, err,
143 nxt_cyassl_log_error(NXT_LOG_ALERT, thr->log, err,
144 "CyaSSL_CTX_use_PrivateKey_file(\"%s\") failed",
145 key);
146 goto fail;
147 }
148
149 if (conf->ciphers != NULL) {
150 err = CyaSSL_CTX_set_cipher_list(ctx, conf->ciphers);
151 if (err != SSL_SUCCESS) {
144 "CyaSSL_CTX_use_PrivateKey_file(\"%s\") failed",
145 key);
146 goto fail;
147 }
148
149 if (conf->ciphers != NULL) {
150 err = CyaSSL_CTX_set_cipher_list(ctx, conf->ciphers);
151 if (err != SSL_SUCCESS) {
152 nxt_cyassl_log_error(NXT_LOG_CRIT, thr->log, err,
152 nxt_cyassl_log_error(NXT_LOG_ALERT, thr->log, err,
153 "CyaSSL_CTX_set_cipher_list(\"%s\") failed",
154 conf->ciphers);
155 goto fail;
156 }
157 }
158
159 /* TODO: ca_certificate */
160

--- 33 unchanged lines hidden (view full) ---

194 if (mpcl == NULL) {
195 goto fail;
196 }
197
198 ctx = conf->ctx;
199
200 s = CyaSSL_new(ctx);
201 if (s == NULL) {
153 "CyaSSL_CTX_set_cipher_list(\"%s\") failed",
154 conf->ciphers);
155 goto fail;
156 }
157 }
158
159 /* TODO: ca_certificate */
160

--- 33 unchanged lines hidden (view full) ---

194 if (mpcl == NULL) {
195 goto fail;
196 }
197
198 ctx = conf->ctx;
199
200 s = CyaSSL_new(ctx);
201 if (s == NULL) {
202 nxt_cyassl_log_error(NXT_LOG_CRIT, c->socket.log, 0,
202 nxt_cyassl_log_error(NXT_LOG_ALERT, c->socket.log, 0,
203 "CyaSSL_new() failed");
204 goto fail;
205 }
206
207 ssltls->session = s;
208 mpcl->handler = nxt_cyassl_session_cleanup;
209 mpcl->data = ssltls;
210

--- 358 unchanged lines hidden (view full) ---

569{
570 switch (ssl_error) {
571
572 case SOCKET_ERROR_E: /* -208 */
573 case MATCH_SUITE_ERROR: /* -261 */
574 break;
575
576 default:
203 "CyaSSL_new() failed");
204 goto fail;
205 }
206
207 ssltls->session = s;
208 mpcl->handler = nxt_cyassl_session_cleanup;
209 mpcl->data = ssltls;
210

--- 358 unchanged lines hidden (view full) ---

569{
570 switch (ssl_error) {
571
572 case SOCKET_ERROR_E: /* -208 */
573 case MATCH_SUITE_ERROR: /* -261 */
574 break;
575
576 default:
577 return NXT_LOG_CRIT;
577 return NXT_LOG_ALERT;
578 }
579
580 return NXT_LOG_INFO;
581}
582
583
584static void nxt_cdecl
585nxt_cyassl_log_error(nxt_uint_t level, nxt_log_t *log, int err,

--- 36 unchanged lines hidden ---
578 }
579
580 return NXT_LOG_INFO;
581}
582
583
584static void nxt_cdecl
585nxt_cyassl_log_error(nxt_uint_t level, nxt_log_t *log, int err,

--- 36 unchanged lines hidden ---