1 /* See the file COPYING for licensing information. */
3 #if defined HAVE_CONFIG_H
8 #include <openssl/ssl.h>
9 #include <radsec/radsec.h>
10 #include <radsec/radsec-impl.h>
14 #include "../radsecproxy.h"
17 _get_tlsconf (struct rs_context *ctx, const struct rs_realm *realm)
19 struct tls *c = rs_malloc (ctx, sizeof (struct tls));
23 memset (c, 0, sizeof (struct tls));
24 /* TODO: Make sure old radsecproxy code doesn't free these all
25 of a sudden, or strdup them. */
26 c->name = realm->name;
27 c->cacertfile = realm->cacertfile;
28 c->cacertpath = NULL; /* NYI */
29 c->certfile = realm->certfile;
30 c->certkeyfile = realm->certkeyfile;
31 c->certkeypwd = NULL; /* NYI */
32 c->cacheexpiry = 0; /* NYI */
33 c->crlcheck = 0; /* NYI */
34 c->policyoids = (char **) NULL; /* NYI */
37 rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL);
43 rs_tls_init (struct rs_connection *conn)
45 struct rs_context *ctx;
52 tlsconf = _get_tlsconf (ctx, conn->active_peer->realm);
55 ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
58 /* TODO: check radsecproxy error */
59 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
63 ssl = SSL_new (ssl_ctx);
66 /* TODO: check and report SSL error */
67 /* TODO: free ssl_ctx */
68 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
72 conn->tls_ctx = ssl_ctx;
74 rs_free (ctx, tlsconf);