diff options
author | Chris Toshok <toshok@ximian.com> | 2001-07-06 03:11:50 +0800 |
---|---|---|
committer | Chris Toshok <toshok@src.gnome.org> | 2001-07-06 03:11:50 +0800 |
commit | 1421494ea6e96090d26597703022254ebead1ec8 (patch) | |
tree | 7b4855bbc46dd24e010a1c4eb2b5f25f52f64c1b /camel/camel-tcp-stream-openssl.c | |
parent | f639972a2bc2e78eec1bb1b6f6630c0e70c7c19f (diff) | |
download | gsoc2013-evolution-1421494ea6e96090d26597703022254ebead1ec8.tar.gz gsoc2013-evolution-1421494ea6e96090d26597703022254ebead1ec8.tar.zst gsoc2013-evolution-1421494ea6e96090d26597703022254ebead1ec8.zip |
use X509_STORE_CTX_get_ex_data to get at the SSL* - don't use the
2001-07-05 Chris Toshok <toshok@ximian.com>
* camel-tcp-stream-openssl.c (ssl_verify): use
X509_STORE_CTX_get_ex_data to get at the SSL* - don't use the
X509_STORE_CTX to look up our stream, since it's not what we used
to insert our stream into the hashtable.
(open_ssl_connection): insert the stream into the hashtable before
calling SSL_connect, as this can cause ssl_verify to be called,
and we need to look up the stream there. remove the stream from
the hashtable if there's an error connecting.
(stream_connect): pass the CamelTcpStreamOpenSSL* to
open_ssl_connection since it handles the hashtable stuff. remove
hashtable stuff from here.
svn path=/trunk/; revision=10819
Diffstat (limited to 'camel/camel-tcp-stream-openssl.c')
-rw-r--r-- | camel/camel-tcp-stream-openssl.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c index 214269a433..8923c31425 100644 --- a/camel/camel-tcp-stream-openssl.c +++ b/camel/camel-tcp-stream-openssl.c @@ -402,12 +402,15 @@ socket_connect (struct hostent *h, int port) static int ssl_verify (int ok, X509_STORE_CTX *ctx) { + SSL *ssl; CamelTcpStreamOpenSSL *stream; X509 *cert; int err; + + ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); OPENSSL_TABLE_LOCK (); - stream = CAMEL_TCP_STREAM_OPENSSL (g_hash_table_lookup (openssl_table, ctx)); + stream = CAMEL_TCP_STREAM_OPENSSL (g_hash_table_lookup (openssl_table, ssl->ctx)); OPENSSL_TABLE_UNLOCK (); cert = X509_STORE_CTX_get_current_cert (ctx); @@ -437,12 +440,15 @@ ssl_verify (int ok, X509_STORE_CTX *ctx) } static SSL * -open_ssl_connection (CamelService *service, int sockfd) +open_ssl_connection (CamelService *service, int sockfd, CamelTcpStreamOpenSSL *openssl) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; int n; + SSLeay_add_ssl_algorithms(); + SSL_load_error_strings(); + /* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */ ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); g_return_val_if_fail (ssl_ctx != NULL, NULL); @@ -450,9 +456,22 @@ open_ssl_connection (CamelService *service, int sockfd) SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &ssl_verify); ssl = SSL_new (ssl_ctx); SSL_set_fd (ssl, sockfd); + + OPENSSL_TABLE_LOCK (); + if (!openssl_table) + openssl_table = g_hash_table_new (g_direct_hash, g_direct_equal); + + g_hash_table_insert (openssl_table, ssl->ctx, openssl); + OPENSSL_TABLE_UNLOCK (); + n = SSL_connect (ssl); if (n != 1) { + + OPENSSL_TABLE_LOCK (); + g_hash_table_remove (openssl_table, ssl->ctx); + OPENSSL_TABLE_UNLOCK (); + SSL_shutdown (ssl); if (ssl->ctx) @@ -478,20 +497,13 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port) if (fd == -1) return -1; - ssl = open_ssl_connection (openssl->priv->service, fd); + ssl = open_ssl_connection (openssl->priv->service, fd, openssl); if (!ssl) return -1; openssl->priv->sockfd = fd; openssl->priv->ssl = ssl; - OPENSSL_TABLE_LOCK (); - if (!openssl_table) - openssl_table = g_hash_table_new (g_direct_hash, g_direct_equal); - - g_hash_table_insert (openssl_table, ssl->ctx, openssl); - OPENSSL_TABLE_UNLOCK (); - return 0; } |