if (sslflag) { SSL *ssl; SSL_CTX *sslctx; xinfo("{%s} info: setting up TLS/SSL", ctx->conn_id); setinfo(ctx, "ssl setup"); e = 0; (void)SSL_load_error_strings(); (void)SSL_library_init(); /* * Create and Initialize SSL Context */ if ((sslctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { xfatal("{%s} fatal: do_smtp() => local error: SSL_CTX_new() failed: %s", ctx->conn_id, ssl_error()); goto dropout; } if (SSL_CTX_use_RSAPrivateKey_file(sslctx, nsmc_ssl_server_pem, SSL_FILETYPE_PEM) != 1) { xfatal("{%s} fatal: do_smtp() => local error: SSL_CTX_use_RSAPrivateKey() failed, check server pem file <%s> for valid private key; %s", ctx->conn_id, nsmc_ssl_server_pem, ssl_error()); SSL_CTX_free(sslctx); goto dropout; } if (SSL_CTX_use_certificate_chain_file(sslctx, nsmc_ssl_server_pem) != 1) { xfatal("{%s} fatal: do_smtp() => local error: SSL_CTX_use_certficate_chain_file() failed, check server cert pem file <%s>; %s", ctx->conn_id, nsmc_ssl_server_pem, ssl_error()); SSL_CTX_free(sslctx); goto dropout; } ssl_callbacks(sslctx); if ((ssl = SSL_new(sslctx)) == NULL) { xfatal("{%s} fatal: do_smtp() => local error: SSL_new() failed: %s", ctx->conn_id, ssl_error()); SSL_CTX_free(sslctx); goto dropout; } SSL_CTX_free(sslctx); if (SSL_set_fd(ssl, ctx->client) != 1) { xfatal("{%s} fatal: do_smtp() => SSL_set_fd() failed", ctx->conn_id); SSL_free(ssl); goto dropout; } /* * Handshake */ if ((e = SSL_accept(ssl)) != 1) { xwarn("{%s} warn: do_smtp() => TLS/SSL handshake failed at SSL_accept(), returned (%d), SSL error code (%d): %s", ctx->conn_id, e, SSL_get_error(ssl, e), ssl_error()); SSL_free(ssl); goto dropout; } ctx->sslinfo = nsm_strdup(ssl_info(ssl)); ctx->ssl = ssl; xinfo("{%s} info: SSL/TLS handshake success, session is encrypted: %s", ctx->conn_id, ctx->sslinfo); }