$Log$
+ Revision 614.33 2004/02/16 18:14:00 error
+ * Fixed IMAP STARTTLS; trouble was in client_read_ssl the whole time.
+ It should now be possible to implement SSL/TLS for any protocol.
+
Revision 614.32 2004/02/16 18:13:10 error
* Log session IDs in syslog as well as stderr
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
-
SSL_MODE_AUTO_RETRY);
#endif
#endif
+ SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
+ SSL_MODE_AUTO_RETRY);
+
CRYPTO_set_locking_callback(ssl_lock);
CRYPTO_set_id_callback(id_callback);
/* Get our certificates in order */
if (set_cert_stuff(ssl_ctx,
- "/etc/ssh/mail01.jemcaterers.net.cer",
- "/etc/ssh/ssh_host_rsa_key") != 1) {
+ BBSDIR "/keys/citadel.cer",
+ BBSDIR "/keys/citadel.key") != 1) {
lprintf(3, "SSL ERROR: cert is bad!\n");
sleep(1);
continue;
}
- lprintf(9, "SSL_write got error %ld\n", errval);
+ lprintf(9, "SSL_write got error %ld, ret %d\n", errval, retval);
+ if (retval == -1)
+ lprintf(9, "errno is %d\n", errno);
endtls();
client_write(&buf[nbytes - nremain], nremain);
return;
*/
int client_read_ssl(char *buf, int bytes, int timeout)
{
- int len, rlen;
+#if 0
fd_set rfds;
struct timeval tv;
int retval;
int s;
+#endif
+ int len, rlen;
char junk[1];
len = 0;
while (len < bytes) {
+#if 0
+ /*
+ * This code is disabled because we don't need it when
+ * using blocking reads (which we are). -IO
+ */
FD_ZERO(&rfds);
s = BIO_get_fd(CC->ssl->rbio, NULL);
FD_SET(s, &rfds);
return (0);
}
+#endif
if (SSL_want_read(CC->ssl)) {
if ((SSL_write(CC->ssl, junk, 0)) < 1) {
lprintf(9, "SSL_write in client_read:\n");