Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
| Show First 20 Lines • Show All 293 Lines • ▼ Show 20 Lines | if (rpctls_syscall(RPCTLS_SYSC_CLSETPATH, _PATH_RPCTLSCDSOCK) < 0) { | ||||
| err(1, "Can't set upcall socket path"); | err(1, "Can't set upcall socket path"); | ||||
| } | } | ||||
| rpctls_svc_run(); | rpctls_svc_run(); | ||||
| rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); | rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); | ||||
| SSL_CTX_free(rpctls_ctx); | SSL_CTX_free(rpctls_ctx); | ||||
| EVP_cleanup(); | |||||
| return (0); | return (0); | ||||
| } | } | ||||
| bool_t | bool_t | ||||
| rpctlscd_null_1_svc(__unused void *argp, __unused void *result, | rpctlscd_null_1_svc(__unused void *argp, __unused void *result, | ||||
| __unused struct svc_req *rqstp) | __unused struct svc_req *rqstp) | ||||
| { | { | ||||
| ▲ Show 20 Lines • Show All 164 Lines • ▼ Show 20 Lines | |||||
| static SSL_CTX * | static SSL_CTX * | ||||
| rpctls_setupcl_ssl(void) | rpctls_setupcl_ssl(void) | ||||
| { | { | ||||
| SSL_CTX *ctx; | SSL_CTX *ctx; | ||||
| char path[PATH_MAX]; | char path[PATH_MAX]; | ||||
| size_t len, rlen; | size_t len, rlen; | ||||
| int ret; | int ret; | ||||
| SSL_library_init(); | |||||
| SSL_load_error_strings(); | |||||
| OpenSSL_add_all_algorithms(); | |||||
| ctx = SSL_CTX_new(TLS_client_method()); | ctx = SSL_CTX_new(TLS_client_method()); | ||||
| if (ctx == NULL) { | if (ctx == NULL) { | ||||
| rpctls_verbose_out("rpctls_setupcl_ssl: SSL_CTX_new " | rpctls_verbose_out("rpctls_setupcl_ssl: SSL_CTX_new " | ||||
| "failed\n"); | "failed\n"); | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| SSL_CTX_set_ecdh_auto(ctx, 1); | |||||
| if (rpctls_ciphers != NULL) { | if (rpctls_ciphers != NULL) { | ||||
| /* | /* | ||||
| * Set available ciphers, since KERN_TLS only supports a | * Set available ciphers, since KERN_TLS only supports a | ||||
| * few of them. | * few of them. | ||||
| */ | */ | ||||
| ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); | ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); | ||||
| if (ret == 0) { | if (ret == 0) { | ||||
| ▲ Show 20 Lines • Show All 179 Lines • ▼ Show 20 Lines | rpctls_connect(SSL_CTX *ctx, int s, char *certname, u_int certlen, X509 **certp) | ||||
| if (ret != 1) { | if (ret != 1) { | ||||
| rpctls_verbose_out("rpctls_connect: " | rpctls_verbose_out("rpctls_connect: " | ||||
| "SSL_connect failed %d: %s\n", | "SSL_connect failed %d: %s\n", | ||||
| ret, ERR_error_string(ERR_get_error(), NULL)); | ret, ERR_error_string(ERR_get_error(), NULL)); | ||||
| SSL_free(ssl); | SSL_free(ssl); | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x30000000 | |||||
| cert = SSL_get1_peer_certificate(ssl); | |||||
| #else | |||||
| cert = SSL_get_peer_certificate(ssl); | cert = SSL_get_peer_certificate(ssl); | ||||
| #endif | |||||
| if (cert == NULL) { | if (cert == NULL) { | ||||
| rpctls_verbose_out("rpctls_connect: get peer" | rpctls_verbose_out("rpctls_connect: get peer" | ||||
| " certificate failed\n"); | " certificate failed\n"); | ||||
| SSL_free(ssl); | SSL_free(ssl); | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam)); | gethostret = rpctls_gethost(s, sad, hostnam, sizeof(hostnam)); | ||||
| if (gethostret == 0) | if (gethostret == 0) | ||||
| ▲ Show 20 Lines • Show All 63 Lines • Show Last 20 Lines | |||||