#include <sys/stat.h>
#endif
+#ifdef WITH_TCP
#ifdef WITH_TLS
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
rad_assert(sock->packet != NULL);
request->packet = talloc_steal(request, sock->packet);
- request->component = "<core>";
request->component = "<tls-connect>";
request->reply = rad_alloc(request, false);
SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_REQUEST, (void *)request);
SSL_set_ex_data(sock->ssn->ssl, fr_tls_ex_index_certs, (void *) &sock->certs);
- SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, sock->parent);
+ SSL_set_ex_data(sock->ssn->ssl, FR_TLS_EX_INDEX_TALLOC, NULL);
doing_init = true;
}
return 0;
}
+static int try_connect(tls_session_t *ssn)
+{
+ int ret;
+ ret = SSL_connect(ssn->ssl);
+ if (ret < 0) {
+ switch (SSL_get_error(ssn->ssl, ret)) {
+ default:
+ break;
+
+
+
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ ssn->connected = false;
+ return 0;
+ }
+ }
+
+ if (ret <= 0) {
+ tls_error_io_log(NULL, ssn, ret, "Failed in " STRINGIFY(__FUNCTION__) " (SSL_connect)");
+ talloc_free(ssn);
+
+ return -1;
+ }
+
+ return 1;
+}
+
#ifdef WITH_PROXY
/*
uint8_t *data;
listen_socket_t *sock = listener->data;
+ if (!sock->ssn->connected) {
+ rcode = try_connect(sock->ssn);
+ if (rcode == 0) return 0;
+
+ if (rcode < 0) {
+ SSL_shutdown(sock->ssn->ssl);
+ return -1;
+ }
+
+ sock->ssn->connected = true;
+ }
+
/*
* Get the maximum size of data to receive.
*/
request);
}
+ if (!sock->ssn->connected) {
+ PTHREAD_MUTEX_LOCK(&sock->mutex);
+ rcode = try_connect(sock->ssn);
+ PTHREAD_MUTEX_LOCK(&sock->mutex);
+ if (rcode == 0) return 0;
+
+ if (rcode < 0) {
+ SSL_shutdown(sock->ssn->ssl);
+ return -1;
+ }
+
+ sock->ssn->connected = true;
+ }
+
DEBUG3("Proxy is writing %u bytes to SSL",
(unsigned int) request->proxy->data_len);
PTHREAD_MUTEX_LOCK(&sock->mutex);
#endif /* WITH_PROXY */
#endif /* WITH_TLS */
+#endif /* WITH_TCP */
projects / freeradius.git / blobdiff