*/
/*@{*/
+#include "config.h"
#ifdef HAVE_OPENSSL
#include "webcit.h"
if (!SSLCritters) {
lprintf(1, "citserver: can't allocate memory!!\n");
/* Nothing's been initialized, just die */
- exit(1);
+ exit(WC_EXIT_SSL);
} else {
int a;
lprintf(1,
"citserver: can't allocate memory!!\n");
/** Nothing's been initialized, just die */
- exit(1);
+ exit(WC_EXIT_SSL);
}
pthread_mutex_init(SSLCritters[a], NULL);
}
*/
X509_NAME_add_entry_by_txt(name, "O",
- MBSTRING_ASC, "FIXME.FIXME.org", -1, -1, 0);
+ MBSTRING_ASC, "Organization name", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU",
MBSTRING_ASC, "Citadel server", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
- MBSTRING_ASC, "FIXME.FIXME.org", -1, -1, 0);
+ MBSTRING_ASC, "*", -1, -1, 0);
X509_REQ_set_subject_name(req, name);
/**
* \brief starts SSL/TLS encryption for the current session.
* \param sock the socket connection
- * \return foo????
+ * \return Zero if the SSL/TLS handshake succeeded, non-zero otherwise.
*/
int starttls(int sock) {
int retval, bits, alg_bits;
return(4);
}
BIO_set_close(newssl->rbio, BIO_NOCLOSE);
- bits =
- SSL_CIPHER_get_bits(SSL_get_current_cipher(newssl),
- &alg_bits);
+ bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(newssl), &alg_bits);
lprintf(5, "SSL/TLS using %s on %s (%d of %d bits)\n",
SSL_CIPHER_get_name(SSL_get_current_cipher(newssl)),
SSL_CIPHER_get_version(SSL_get_current_cipher(newssl)),
*/
void endtls(void)
{
+ SSL_CTX *ctx = NULL;
+
if (THREADSSL == NULL) return;
lprintf(5, "Ending SSL/TLS\n");
SSL_shutdown(THREADSSL);
+ ctx = SSL_get_SSL_CTX(THREADSSL);
+
+ /** I don't think this is needed, and it crashes the server anyway
+ *
+ * if (ctx != NULL) {
+ * lprintf(9, "Freeing CTX at %x\n", (int)ctx );
+ * SSL_CTX_free(ctx);
+ * }
+ */
+
SSL_free(THREADSSL);
pthread_setspecific(ThreadSSL, NULL);
}