*/
/*@{*/
+#include "sysdep.h"
#ifdef HAVE_OPENSSL
#include "webcit.h"
/** \todo dirify */
/** where to find the keys */
#define CTDL_CRYPTO_DIR "./keys"
-#define CTDL_KEY_PATH CTDL_CRYPTO_DIR "/citadel.key" /**< the key */
-#define CTDL_CSR_PATH CTDL_CRYPTO_DIR "/citadel.csr" /**< the csr file */
-#define CTDL_CER_PATH CTDL_CRYPTO_DIR "/citadel.cer" /**< the cer file */
+#define CTDL_KEY_PATH file_crpt_file_key /**< the key */
+#define CTDL_CSR_PATH file_crpt_file_csr /**< the csr file */
+#define CTDL_CER_PATH file_crpt_file_cer /**< the cer file */
#define SIGN_DAYS 365 /**< how long our certificate should live */
SSL_CTX *ssl_ctx; /**< SSL context */
if (!SSLCritters) {
lprintf(1, "citserver: can't allocate memory!!\n");
/* Nothing's been initialized, just die */
- exit(1);
+ exit(WC_EXIT_SSL);
} else {
int a;
lprintf(1,
"citserver: can't allocate memory!!\n");
/** Nothing's been initialized, just die */
- exit(1);
+ exit(WC_EXIT_SSL);
}
pthread_mutex_init(SSLCritters[a], NULL);
}
}
}
- /**
- * Generate a CSR if we don't have one.
+ /*
+ * If there is no certificate file on disk, we will be generating a self-signed certificate
+ * in the next step. Therefore, if we have neither a CSR nor a certificate, generate
+ * the CSR in this step so that the next step may commence.
*/
- if (access(CTDL_CSR_PATH, R_OK) != 0) {
+ if ( (access(CTDL_CER_PATH, R_OK) != 0) && (access(CTDL_CSR_PATH, R_OK) != 0) ) {
lprintf(5, "Generating a certificate signing request.\n");
/**
*/
X509_NAME_add_entry_by_txt(name, "O",
- MBSTRING_ASC, "FIXME.FIXME.org", -1, -1, 0);
+ MBSTRING_ASC, "Organization name", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU",
MBSTRING_ASC, "Citadel server", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
- MBSTRING_ASC, "FIXME.FIXME.org", -1, -1, 0);
+ MBSTRING_ASC, "*", -1, -1, 0);
X509_REQ_set_subject_name(req, name);
return(4);
}
BIO_set_close(newssl->rbio, BIO_NOCLOSE);
- bits =
- SSL_CIPHER_get_bits(SSL_get_current_cipher(newssl),
- &alg_bits);
+ bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(newssl), &alg_bits);
lprintf(5, "SSL/TLS using %s on %s (%d of %d bits)\n",
SSL_CIPHER_get_name(SSL_get_current_cipher(newssl)),
SSL_CIPHER_get_version(SSL_get_current_cipher(newssl)),
*/
void endtls(void)
{
+ SSL_CTX *ctx = NULL;
+
if (THREADSSL == NULL) return;
lprintf(5, "Ending SSL/TLS\n");
SSL_shutdown(THREADSSL);
+ ctx = SSL_get_SSL_CTX(THREADSSL);
+
+ /** I don't think this is needed, and it crashes the server anyway
+ *
+ * if (ctx != NULL) {
+ * lprintf(9, "Freeing CTX at %x\n", (int)ctx );
+ * SSL_CTX_free(ctx);
+ * }
+ */
+
SSL_free(THREADSSL);
pthread_setspecific(ThreadSSL, NULL);
}