summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_polarssl.c
blob: 4a8144731c67e83b44307b0d552e02e53637bff2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

/*
 * Copyright (C) NGINX, Inc.
 * Copyright (C) Igor Sysoev
 */

#include <nxt_main.h>
#include <polarssl/config.h>
#include <polarssl/ssl.h>
#include <polarssl/x509.h>
#include <polarssl/error.h>


typedef struct {
    ssl_context  ssl;
    x509_cert    certificate;
    rsa_context  key;
} nxt_polarssl_ctx_t;


static nxt_int_t nxt_polarssl_server_init(nxt_ssltls_conf_t *conf);
static void nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
    nxt_event_conn_t *c);
static void nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
    const char *fmt, ...);


nxt_ssltls_lib_t  nxt_polarssl_lib = {
    nxt_polarssl_server_init,
    NULL,
};


static nxt_int_t
nxt_polarssl_server_init(nxt_ssltls_conf_t *conf)
{
    int                 n;
    nxt_thread_t        *thr;
    nxt_polarssl_ctx_t  *ctx;

    thr = nxt_thread();

    /* TODO: mem_pool */

    ctx = nxt_zalloc(sizeof(nxt_polarssl_ctx_t));
    if (ctx == NULL) {
        return NXT_ERROR;
    }

    n = ssl_init(&ctx->ssl);
    if (n != 0) {
        nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n, "ssl_init() failed");
        return NXT_ERROR;
    }

    ssl_set_endpoint(&ctx->ssl, SSL_IS_SERVER );

    conf->ctx = ctx;
    conf->conn_init = nxt_polarssl_conn_init;

    n = x509parse_crtfile(&ctx->certificate, conf->certificate);
    if (n != 0) {
        nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n,
                               "x509parse_crt(\"%V\") failed",
                               &conf->certificate);
        goto fail;
    }

    rsa_init(&ctx->key, RSA_PKCS_V15, 0);

    n = x509parse_keyfile(&ctx->key, conf->certificate_key, NULL);
    if (n != 0) {
        nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n,
                               "x509parse_key(\"%V\") failed",
                               &conf->certificate_key);
        goto fail;
    }

    ssl_set_own_cert(&ctx->ssl, &ctx->certificate, &ctx->key);

    /* TODO: ciphers */

    /* TODO: ca_certificate */

    return NXT_OK;

fail:

    return NXT_ERROR;
}


static void
nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
    nxt_event_conn_t *c)
{
}


static void
nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
    const char *fmt, ...)
{
    va_list  args;
    u_char   *p, *end, msg[NXT_MAX_ERROR_STR];

    end = msg + NXT_MAX_ERROR_STR;

    va_start(args, fmt);
    p = nxt_vsprintf(msg, end, fmt, args);
    va_end(args);

    p = nxt_sprintf(p, end, " (%d: ", err);

    error_strerror(err, (char *) msg, p - msg);

    nxt_log_error(level, log, "%*s)", p - msg, msg);
}