6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com>
21 * Copyright 2006 The FreeRADIUS server project
24 #include <freeradius-devel/ident.h>
31 void cbtls_info(const SSL *s, int where, int ret)
33 const char *str, *state;
36 w = where & ~SSL_ST_MASK;
37 if (w & SSL_ST_CONNECT) str=" TLS_connect";
38 else if (w & SSL_ST_ACCEPT) str=" TLS_accept";
41 state = SSL_state_string_long(s);
42 state = state ? state : "NULL";
44 if (where & SSL_CB_LOOP) {
45 if (debug_flag) radlog(L_INFO, "%s: %s\n", str, state);
46 } else if (where & SSL_CB_HANDSHAKE_START) {
47 if (debug_flag) radlog(L_INFO, "%s: %s\n", str, state);
48 } else if (where & SSL_CB_HANDSHAKE_DONE) {
49 radlog(L_INFO, "%s: %s\n", str, state);
50 } else if (where & SSL_CB_ALERT) {
51 str=(where & SSL_CB_READ)?"read":"write";
52 radlog(L_ERR,"TLS Alert %s:%s:%s\n", str,
53 SSL_alert_type_string_long(ret),
54 SSL_alert_desc_string_long(ret));
55 } else if (where & SSL_CB_EXIT) {
57 radlog(L_ERR, "%s:failed in %s\n", str, state);
59 radlog(L_ERR, "%s:error in %s\n", str, state);
64 * Fill in our 'info' with TLS data.
66 void cbtls_msg(int write_p, int msg_version, int content_type,
67 const void *buf, size_t len,
68 SSL *ssl UNUSED, void *arg)
70 tls_session_t *state = (tls_session_t *)arg;
73 * Work around bug #298, where we may be called with a NULL
74 * argument. We should really log a serious error
78 state->info.origin = (unsigned char)write_p;
79 state->info.content_type = (unsigned char)content_type;
80 state->info.record_len = len;
81 state->info.version = msg_version;
82 state->info.initialized = 1;
84 if (content_type == SSL3_RT_ALERT) {
85 state->info.alert_level = ((const unsigned char*)buf)[0];
86 state->info.alert_description = ((const unsigned char*)buf)[1];
87 state->info.handshake_type = 0x00;
89 } else if (content_type == SSL3_RT_HANDSHAKE) {
90 state->info.handshake_type = ((const unsigned char*)buf)[0];
91 state->info.alert_level = 0x00;
92 state->info.alert_description = 0x00;
94 tls_session_information(state);
97 int cbtls_password(char *buf,
102 strcpy(buf, (char *)userdata);
103 return(strlen((char *)userdata));
106 RSA *cbtls_rsa(SSL *s UNUSED, int is_export UNUSED, int keylength)
108 static RSA *rsa_tmp=NULL;
110 if (rsa_tmp == NULL) {
111 radlog(L_INFO, "Generating temp (%d bit) RSA key...", keylength);
112 rsa_tmp=RSA_generate_key(keylength, RSA_F4, NULL, NULL);
117 #endif /* !defined(NO_OPENSSL) */