From 1421494ea6e96090d26597703022254ebead1ec8 Mon Sep 17 00:00:00 2001 From: Chris Toshok Date: Thu, 5 Jul 2001 19:11:50 +0000 Subject: use X509_STORE_CTX_get_ex_data to get at the SSL* - don't use the 2001-07-05 Chris Toshok * camel-tcp-stream-openssl.c (ssl_verify): use X509_STORE_CTX_get_ex_data to get at the SSL* - don't use the X509_STORE_CTX to look up our stream, since it's not what we used to insert our stream into the hashtable. (open_ssl_connection): insert the stream into the hashtable before calling SSL_connect, as this can cause ssl_verify to be called, and we need to look up the stream there. remove the stream from the hashtable if there's an error connecting. (stream_connect): pass the CamelTcpStreamOpenSSL* to open_ssl_connection since it handles the hashtable stuff. remove hashtable stuff from here. svn path=/trunk/; revision=10819 --- camel/ChangeLog | 14 ++++++++++++++ camel/camel-tcp-stream-openssl.c | 32 ++++++++++++++++++++++---------- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/camel/ChangeLog b/camel/ChangeLog index a55a98b336..7481dcaa39 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,17 @@ +2001-07-05 Chris Toshok + + * camel-tcp-stream-openssl.c (ssl_verify): use + X509_STORE_CTX_get_ex_data to get at the SSL* - don't use the + X509_STORE_CTX to look up our stream, since it's not what we used + to insert our stream into the hashtable. + (open_ssl_connection): insert the stream into the hashtable before + calling SSL_connect, as this can cause ssl_verify to be called, + and we need to look up the stream there. remove the stream from + the hashtable if there's an error connecting. + (stream_connect): pass the CamelTcpStreamOpenSSL* to + open_ssl_connection since it handles the hashtable stuff. remove + hashtable stuff from here. + 2001-07-05 Jeffrey Stedfast * camel-folder.c (camel_folder_copy_messages_to): if source == diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c index 214269a433..8923c31425 100644 --- a/camel/camel-tcp-stream-openssl.c +++ b/camel/camel-tcp-stream-openssl.c @@ -402,12 +402,15 @@ socket_connect (struct hostent *h, int port) static int ssl_verify (int ok, X509_STORE_CTX *ctx) { + SSL *ssl; CamelTcpStreamOpenSSL *stream; X509 *cert; int err; + + ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); OPENSSL_TABLE_LOCK (); - stream = CAMEL_TCP_STREAM_OPENSSL (g_hash_table_lookup (openssl_table, ctx)); + stream = CAMEL_TCP_STREAM_OPENSSL (g_hash_table_lookup (openssl_table, ssl->ctx)); OPENSSL_TABLE_UNLOCK (); cert = X509_STORE_CTX_get_current_cert (ctx); @@ -437,12 +440,15 @@ ssl_verify (int ok, X509_STORE_CTX *ctx) } static SSL * -open_ssl_connection (CamelService *service, int sockfd) +open_ssl_connection (CamelService *service, int sockfd, CamelTcpStreamOpenSSL *openssl) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; int n; + SSLeay_add_ssl_algorithms(); + SSL_load_error_strings(); + /* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */ ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); g_return_val_if_fail (ssl_ctx != NULL, NULL); @@ -450,9 +456,22 @@ open_ssl_connection (CamelService *service, int sockfd) SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &ssl_verify); ssl = SSL_new (ssl_ctx); SSL_set_fd (ssl, sockfd); + + OPENSSL_TABLE_LOCK (); + if (!openssl_table) + openssl_table = g_hash_table_new (g_direct_hash, g_direct_equal); + + g_hash_table_insert (openssl_table, ssl->ctx, openssl); + OPENSSL_TABLE_UNLOCK (); + n = SSL_connect (ssl); if (n != 1) { + + OPENSSL_TABLE_LOCK (); + g_hash_table_remove (openssl_table, ssl->ctx); + OPENSSL_TABLE_UNLOCK (); + SSL_shutdown (ssl); if (ssl->ctx) @@ -478,20 +497,13 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port) if (fd == -1) return -1; - ssl = open_ssl_connection (openssl->priv->service, fd); + ssl = open_ssl_connection (openssl->priv->service, fd, openssl); if (!ssl) return -1; openssl->priv->sockfd = fd; openssl->priv->ssl = ssl; - OPENSSL_TABLE_LOCK (); - if (!openssl_table) - openssl_table = g_hash_table_new (g_direct_hash, g_direct_equal); - - g_hash_table_insert (openssl_table, ssl->ctx, openssl); - OPENSSL_TABLE_UNLOCK (); - return 0; } -- cgit v1.2.3