Paste: foo
| Author: | fn0rd |
|---|
| Mode: | c |
|---|
| Date: | Sun, 20 Mar 2011 14:35:43 |
|---|
Plain Text |
if (sslflag) {
SSL *ssl;
SSL_CTX *sslctx;
xinfo("{%s} info: setting up TLS/SSL", ctx->conn_id);
setinfo(ctx, "ssl setup");
e = 0;
(void)SSL_load_error_strings();
(void)SSL_library_init();
if ((sslctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
xfatal("{%s} fatal: do_smtp() => local error: SSL_CTX_new() failed: %s", ctx->conn_id, ssl_error());
goto dropout;
}
if (SSL_CTX_use_RSAPrivateKey_file(sslctx, nsmc_ssl_server_pem, SSL_FILETYPE_PEM) != 1) {
xfatal("{%s} fatal: do_smtp() => local error: SSL_CTX_use_RSAPrivateKey() failed, check server pem file <%s> for valid private key; %s", ctx->conn_id, nsmc_ssl_server_pem, ssl_error());
SSL_CTX_free(sslctx);
goto dropout;
}
if (SSL_CTX_use_certificate_chain_file(sslctx, nsmc_ssl_server_pem) != 1) {
xfatal("{%s} fatal: do_smtp() => local error: SSL_CTX_use_certficate_chain_file() failed, check server cert pem file <%s>; %s", ctx->conn_id, nsmc_ssl_server_pem, ssl_error());
SSL_CTX_free(sslctx);
goto dropout;
}
ssl_callbacks(sslctx);
if ((ssl = SSL_new(sslctx)) == NULL) {
xfatal("{%s} fatal: do_smtp() => local error: SSL_new() failed: %s", ctx->conn_id, ssl_error());
SSL_CTX_free(sslctx);
goto dropout;
}
SSL_CTX_free(sslctx);
if (SSL_set_fd(ssl, ctx->client) != 1) {
xfatal("{%s} fatal: do_smtp() => SSL_set_fd() failed", ctx->conn_id);
SSL_free(ssl);
goto dropout;
}
if ((e = SSL_accept(ssl)) != 1) {
xwarn("{%s} warn: do_smtp() => TLS/SSL handshake failed at SSL_accept(), returned (%d), SSL error code (%d): %s", ctx->conn_id, e, SSL_get_error(ssl, e), ssl_error());
SSL_free(ssl);
goto dropout;
}
ctx->sslinfo = nsm_strdup(ssl_info(ssl));
ctx->ssl = ssl;
xinfo("{%s} info: SSL/TLS handshake success, session is encrypted: %s", ctx->conn_id, ctx->sslinfo);
}
New Annotation