Mercurial Mercurial > pop3d / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssl.c
changeset 43 6903f7870c4c
parent 0 9e2cb1ed20b1
equal deleted inserted replaced
42:dcd95d2f3567 43:6903f7870c4c 
    31 #include "pop3d.h"
 
    31 #include "pop3d.h"
 
    32 #include "ssl.h"
 
    32 #include "ssl.h"
 
    33 
    33 
    34 #define SSL_CIPHERS		"HIGH"
 
    34 #define SSL_CIPHERS		"HIGH"
 
    35 #define SSL_SESSION_TIMEOUT	300
 
    35 #define SSL_SESSION_TIMEOUT	300
 
    36 #define CERTFILE		"/etc/ssl/server.crt"
 
       
    37 #define KEYFILE			"/etc/ssl/private/server.key"
 
       
    38 
    36 
    39 static char *ssl_load_file(const char *, off_t *);
 
    37 static char *ssl_load_file(const char *, off_t *);
 
    40 
    38 
    41 void
 
    39 void
 
    42 ssl_init(void)
 
    40 ssl_init(void)
 
    50 	ENGINE_load_builtin_engines();
 
    48 	ENGINE_load_builtin_engines();
 
    51 	ENGINE_register_all_complete();
 
    49 	ENGINE_register_all_complete();
 
    52 }
 
    50 }
 
    53 
    51 
    54 void *
 
    52 void *
 
    55 ssl_setup(void)
 
    53 ssl_setup(const char *certfile, const char *keyfile)
 
    56 {
 
    54 {
 
    57 	SSL_CTX *ctx = NULL;
 
    55 	SSL_CTX *ctx = NULL;
 
    58 	char	*cert, *key;
 
    56 	char	*cert, *key;
 
    59 	off_t	cert_len, key_len;
 
    57 	off_t	cert_len, key_len;
 
    60 
    58 
    71 	    SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET);
 
    69 	    SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET);
 
    72 	SSL_CTX_set_options(ctx,
 
    70 	SSL_CTX_set_options(ctx,
 
    73 	    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
    71 	    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
 
    74 
    72 
    75 	/* SSL certificate, key loading */
 
    73 	/* SSL certificate, key loading */
 
    76 	cert = ssl_load_file(CERTFILE, &cert_len);
 
    74 	cert = ssl_load_file(certfile, &cert_len);
 
    77 	if (cert == NULL)
 
    75 	if (cert == NULL)
 
    78 		fatal("ssl_load_file: Unable to load " CERTFILE);
 
    76 		fatal("ssl_load_file: certificate");
 
    79 
    77 
    80 	key = ssl_load_file(KEYFILE, &key_len);
 
    78 	key = ssl_load_file(keyfile, &key_len);
 
    81 	if (key == NULL)
 
    79 	if (key == NULL)
 
    82 		fatal("ssl_load_file: Unable to load " KEYFILE);
 
    80 		fatal("ssl_load_file: key");
 
    83 
    81 
    84 	if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS))
 
    82 	if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS))
 
    85 		goto err;
 
    83 		goto err;
 
    86 
    84 
    87 	if (!ssl_ctx_use_certificate_chain(ctx, cert, cert_len))
 
    85 	if (!ssl_ctx_use_certificate_chain(ctx, cert, cert_len))
pop3d