diff options
| author |   jsing <jsing@openbsd.org> | 2015-03-31 14:03:38 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-03-31 14:03:38 +0000 |
| commit | e1e4dea2b52940f45c0895e151bb50c59d22d0d7 (patch) | |
| tree | b9ee691f53d28686c32e7aebc35a0b6163c6d70b /lib/libtls/tls_server.c | |
| parent | Do not iterate past the size of the array. (diff) | |
| download | wireguard-openbsd-e1e4dea2b52940f45c0895e151bb50c59d22d0d7.tar.xz wireguard-openbsd-e1e4dea2b52940f45c0895e151bb50c59d22d0d7.zip | |
Provide a tls_accept_fds() function, which allows a TLS connection to be
accepted via an existing pair of file descriptors.
Based on a diff from Jan Klemkow.
Diffstat (limited to 'lib/libtls/tls_server.c')
| -rw-r--r-- | lib/libtls/tls_server.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c index cbe064e2f5e..55b19e472c0 100644 --- a/lib/libtls/tls_server.c +++ b/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.6 2015/03/31 12:21:27 jsing Exp $ */ +/* $OpenBSD: tls_server.c,v 1.7 2015/03/31 14:03:38 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -99,7 +99,7 @@ err: } int -tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket) +tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write) { struct tls *conn_ctx = *cctx; int ret, err; @@ -116,14 +116,13 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket) } *cctx = conn_ctx; - conn_ctx->socket = socket; - if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) { tls_set_error(ctx, "ssl failure"); goto err; } - if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) { + if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 || + SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) { tls_set_error(ctx, "ssl set fd failure"); goto err; } @@ -143,3 +142,15 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket) err: return (-1); } + +int +tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket) +{ + int rv; + + rv = tls_accept_fds(ctx, cctx, socket, socket); + if (*cctx != NULL) + (*cctx)->socket = socket; + + return (rv); +} |