1 /* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
2 See the file COPYING for licensing information. */
4 #if defined HAVE_CONFIG_H
9 #include <openssl/ssl.h>
10 #include <openssl/err.h>
11 #include <radsec/radsec.h>
12 #include <radsec/radsec-impl.h>
16 #include "radsecproxy.h"
19 _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)
21 struct tls *c = rs_malloc (conn->ctx, sizeof (struct tls));
25 memset (c, 0, sizeof (struct tls));
26 /* TODO: Make sure old radsecproxy code doesn't free these all
27 of a sudden, or strdup them. */
28 c->name = realm->name;
29 c->cacertfile = realm->cacertfile;
30 c->cacertpath = NULL; /* NYI */
31 c->certfile = realm->certfile;
32 c->certkeyfile = realm->certkeyfile;
33 c->certkeypwd = NULL; /* NYI */
34 c->cacheexpiry = 0; /* NYI */
35 c->crlcheck = 0; /* NYI */
36 c->policyoids = (char **) NULL; /* NYI */
39 rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL);
45 rs_tls_init (struct rs_connection *conn)
47 struct rs_context *ctx = NULL;
48 struct tls *tlsconf = NULL;
49 SSL_CTX *ssl_ctx = NULL;
51 unsigned long sslerr = 0;
56 tlsconf = _get_tlsconf (conn, conn->active_peer->realm);
59 ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
62 for (sslerr = ERR_get_error (); sslerr; sslerr = ERR_get_error ())
63 rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__,
64 ERR_error_string (sslerr, NULL));
67 ssl = SSL_new (ssl_ctx);
70 for (sslerr = ERR_get_error (); sslerr; sslerr = ERR_get_error ())
71 rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__,
72 ERR_error_string (sslerr, NULL));
76 conn->tls_ctx = ssl_ctx;
78 rs_free (ctx, tlsconf);