summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_polarssl.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/nxt_polarssl.c118
1 files changed, 118 insertions, 0 deletions
diff --git a/src/nxt_polarssl.c b/src/nxt_polarssl.c
new file mode 100644
index 00000000..fcee2da0
--- /dev/null
+++ b/src/nxt_polarssl.c
@@ -0,0 +1,118 @@
+
+/*
+ * Copyright (C) NGINX, Inc.
+ * Copyright (C) Igor Sysoev
+ */
+
+#include <nxt_main.h>
+#include <polarssl/config.h>
+#include <polarssl/ssl.h>
+#include <polarssl/x509.h>
+#include <polarssl/error.h>
+
+
+typedef struct {
+ ssl_context ssl;
+ x509_cert certificate;
+ rsa_context key;
+} nxt_polarssl_ctx_t;
+
+
+static nxt_int_t nxt_polarssl_server_init(nxt_ssltls_conf_t *conf);
+static void nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
+ nxt_event_conn_t *c);
+static void nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
+ const char *fmt, ...);
+
+
+nxt_ssltls_lib_t nxt_polarssl_lib = {
+ nxt_polarssl_server_init,
+ NULL,
+};
+
+
+static nxt_int_t
+nxt_polarssl_server_init(nxt_ssltls_conf_t *conf)
+{
+ int n;
+ nxt_thread_t *thr;
+ nxt_polarssl_ctx_t *ctx;
+
+ thr = nxt_thread();
+
+ /* TODO: mem_pool */
+
+ ctx = nxt_zalloc(sizeof(nxt_polarssl_ctx_t));
+ if (ctx == NULL) {
+ return NXT_ERROR;
+ }
+
+ n = ssl_init(&ctx->ssl);
+ if (n != 0) {
+ nxt_polarssl_log_error(NXT_LOG_CRIT, thr->log, n, "ssl_init() failed");
+ return NXT_ERROR;
+ }
+
+ ssl_set_endpoint(&ctx->ssl, SSL_IS_SERVER );
+
+ conf->ctx = ctx;
+ conf->conn_init = nxt_polarssl_conn_init;
+
+ n = x509parse_crtfile(&ctx->certificate, conf->certificate);
+ if (n != 0) {
+ nxt_polarssl_log_error(NXT_LOG_CRIT, thr->log, n,
+ "x509parse_crt(\"%V\") failed",
+ &conf->certificate);
+ goto fail;
+ }
+
+ rsa_init(&ctx->key, RSA_PKCS_V15, 0);
+
+ n = x509parse_keyfile(&ctx->key, conf->certificate_key, NULL);
+ if (n != 0) {
+ nxt_polarssl_log_error(NXT_LOG_CRIT, thr->log, n,
+ "x509parse_key(\"%V\") failed",
+ &conf->certificate_key);
+ goto fail;
+ }
+
+ ssl_set_own_cert(&ctx->ssl, &ctx->certificate, &ctx->key);
+
+ /* TODO: ciphers */
+
+ /* TODO: ca_certificate */
+
+ return NXT_OK;
+
+fail:
+
+ return NXT_ERROR;
+}
+
+
+static void
+nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
+ nxt_event_conn_t *c)
+{
+}
+
+
+static void
+nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
+ const char *fmt, ...)
+{
+ va_list args;
+ u_char *p, *end, msg[NXT_MAX_ERROR_STR];
+
+ end = msg + NXT_MAX_ERROR_STR;
+
+ va_start(args, fmt);
+ p = nxt_vsprintf(msg, end, fmt, args);
+ va_end(args);
+
+ p = nxt_sprintf(p, end, " (%d: ", err);
+
+ error_strerror(err, (char *) msg, p - msg);
+
+ nxt_log_error(level, log, "%*s)", p - msg, msg);
+}