1 /* See the file COPYING for licensing information. */
3 #if defined HAVE_CONFIG_H
8 #include <openssl/ssl.h>
9 #include <radsec/radsec.h>
10 #include <radsec/radsec-impl.h>
14 #include "../radsecproxy.h"
17 _get_tlsconf (const struct rs_context *ctx, const struct rs_realm *realm)
19 struct tls *c = rs_malloc (ctx, sizeof (struct tls));
23 memset (c, 0, sizeof (struct tls));
24 /* TODO: Make sure old radsecproxy code doesn't free these all
25 of a sudden, or strdup them. */
26 c->name = realm->name;
27 c->cacertfile = realm->cacertfile;
28 c->cacertpath = NULL; /* NYI */
29 c->certfile = realm->certfile;
30 c->certkeyfile = realm->certkeyfile;
31 c->certkeypwd = NULL; /* NYI */
32 c->cacheexpiry = 0; /* NYI */
33 c->crlcheck = 0; /* NYI */
34 c->policyoids = (char **) NULL; /* NYI */
41 rs_tls_init (struct rs_connection *conn)
43 struct rs_context *ctx;
50 tlsconf = _get_tlsconf (ctx, conn->active_peer->realm);
52 ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
55 /* TODO: check radsecproxy error */
56 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
60 ssl = SSL_new (ssl_ctx);
63 /* TODO: check and report SSL error */
64 /* TODO: free ssl_ctx */
65 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
69 conn->tls_ctx = ssl_ctx;
71 rs_free (ctx, tlsconf);