1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
/*
* Copyright (C) NGINX, Inc.
* Copyright (C) Igor Sysoev
*/
#include <nxt_main.h>
#include <polarssl/config.h>
#include <polarssl/ssl.h>
#include <polarssl/x509.h>
#include <polarssl/error.h>
typedef struct {
ssl_context ssl;
x509_cert certificate;
rsa_context key;
} nxt_polarssl_ctx_t;
static nxt_int_t nxt_polarssl_server_init(nxt_ssltls_conf_t *conf);
static void nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
nxt_event_conn_t *c);
static void nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
const char *fmt, ...);
nxt_ssltls_lib_t nxt_polarssl_lib = {
nxt_polarssl_server_init,
NULL,
};
static nxt_int_t
nxt_polarssl_server_init(nxt_ssltls_conf_t *conf)
{
int n;
nxt_thread_t *thr;
nxt_polarssl_ctx_t *ctx;
thr = nxt_thread();
/* TODO: mem_pool */
ctx = nxt_zalloc(sizeof(nxt_polarssl_ctx_t));
if (ctx == NULL) {
return NXT_ERROR;
}
n = ssl_init(&ctx->ssl);
if (n != 0) {
nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n, "ssl_init() failed");
return NXT_ERROR;
}
ssl_set_endpoint(&ctx->ssl, SSL_IS_SERVER );
conf->ctx = ctx;
conf->conn_init = nxt_polarssl_conn_init;
n = x509parse_crtfile(&ctx->certificate, conf->certificate);
if (n != 0) {
nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n,
"x509parse_crt(\"%V\") failed",
&conf->certificate);
goto fail;
}
rsa_init(&ctx->key, RSA_PKCS_V15, 0);
n = x509parse_keyfile(&ctx->key, conf->certificate_key, NULL);
if (n != 0) {
nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n,
"x509parse_key(\"%V\") failed",
&conf->certificate_key);
goto fail;
}
ssl_set_own_cert(&ctx->ssl, &ctx->certificate, &ctx->key);
/* TODO: ciphers */
/* TODO: ca_certificate */
return NXT_OK;
fail:
return NXT_ERROR;
}
static void
nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
nxt_event_conn_t *c)
{
}
static void
nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
const char *fmt, ...)
{
va_list args;
u_char *p, *end, msg[NXT_MAX_ERROR_STR];
end = msg + NXT_MAX_ERROR_STR;
va_start(args, fmt);
p = nxt_vsprintf(msg, end, fmt, args);
va_end(args);
p = nxt_sprintf(p, end, " (%d: ", err);
error_strerror(err, (char *) msg, p - msg);
nxt_log_error(level, log, "%*s)", p - msg, msg);
}
|