Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/rpc.tlsservd/rpc.tlsservd.c
| Show First 20 Lines • Show All 410 Lines • ▼ Show 20 Lines | if (rpctls_syscall(RPCTLS_SYSC_SRVSETPATH, rpctls_sockname[mypos]) < 0){ | ||||
| } | } | ||||
| err(1, "Can't set upcall socket path=%s", | err(1, "Can't set upcall socket path=%s", | ||||
| rpctls_sockname[mypos]); | rpctls_sockname[mypos]); | ||||
| } | } | ||||
| rpctls_svc_run(); | rpctls_svc_run(); | ||||
| SSL_CTX_free(rpctls_ctx); | SSL_CTX_free(rpctls_ctx); | ||||
| EVP_cleanup(); | |||||
| return (0); | return (0); | ||||
| } | } | ||||
| bool_t | bool_t | ||||
| rpctlssd_null_1_svc(__unused void *argp, __unused void *result, | rpctlssd_null_1_svc(__unused void *argp, __unused void *result, | ||||
| __unused struct svc_req *rqstp) | __unused struct svc_req *rqstp) | ||||
| { | { | ||||
| ▲ Show 20 Lines • Show All 219 Lines • ▼ Show 20 Lines | |||||
| static SSL_CTX * | static SSL_CTX * | ||||
| rpctls_setup_ssl(const char *certdir) | rpctls_setup_ssl(const char *certdir) | ||||
| { | { | ||||
| SSL_CTX *ctx; | SSL_CTX *ctx; | ||||
| char path[PATH_MAX]; | char path[PATH_MAX]; | ||||
| size_t len, rlen; | size_t len, rlen; | ||||
| int ret; | int ret; | ||||
| SSL_library_init(); | |||||
| SSL_load_error_strings(); | |||||
| OpenSSL_add_all_algorithms(); | |||||
| ctx = SSL_CTX_new(TLS_server_method()); | ctx = SSL_CTX_new(TLS_server_method()); | ||||
| if (ctx == NULL) { | if (ctx == NULL) { | ||||
| rpctls_verbose_out("rpctls_setup_ssl: SSL_CTX_new failed\n"); | rpctls_verbose_out("rpctls_setup_ssl: SSL_CTX_new failed\n"); | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| SSL_CTX_set_ecdh_auto(ctx, 1); | |||||
| if (rpctls_ciphers != NULL) { | if (rpctls_ciphers != NULL) { | ||||
| /* | /* | ||||
| * Set available ciphers, since KERN_TLS only supports a | * Set available ciphers, since KERN_TLS only supports a | ||||
| * few of them. Normally, not doing this should be ok, | * few of them. Normally, not doing this should be ok, | ||||
| * since the library defaults will work. | * since the library defaults will work. | ||||
| */ | */ | ||||
| ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); | ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); | ||||
| ▲ Show 20 Lines • Show All 133 Lines • ▼ Show 20 Lines | if (rpctls_verbose) { | ||||
| gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam)); | gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam)); | ||||
| if (gethostret == 0) | if (gethostret == 0) | ||||
| hostnam[0] = '\0'; | hostnam[0] = '\0'; | ||||
| rpctls_verbose_out("rpctls_server: SSL handshake ok for host %s" | rpctls_verbose_out("rpctls_server: SSL handshake ok for host %s" | ||||
| " <%s %s>\n", hostnam, SSL_get_version(ssl), | " <%s %s>\n", hostnam, SSL_get_version(ssl), | ||||
| SSL_get_cipher(ssl)); | SSL_get_cipher(ssl)); | ||||
| } | } | ||||
| if (rpctls_do_mutual) { | if (rpctls_do_mutual) { | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x30000000 | |||||
| cert = SSL_get1_peer_certificate(ssl); | |||||
| #else | |||||
| cert = SSL_get_peer_certificate(ssl); | cert = SSL_get_peer_certificate(ssl); | ||||
| #endif | |||||
| if (cert != NULL) { | if (cert != NULL) { | ||||
| if (!rpctls_verbose) { | if (!rpctls_verbose) { | ||||
| gethostret = rpctls_gethost(s, sad, hostnam, | gethostret = rpctls_gethost(s, sad, hostnam, | ||||
| sizeof(hostnam)); | sizeof(hostnam)); | ||||
| if (gethostret == 0) | if (gethostret == 0) | ||||
| hostnam[0] = '\0'; | hostnam[0] = '\0'; | ||||
| } | } | ||||
| cp2 = X509_NAME_oneline( | cp2 = X509_NAME_oneline( | ||||
| ▲ Show 20 Lines • Show All 202 Lines • Show Last 20 Lines | |||||