3 #include <openssl/lhash.h>
4 #include <openssl/bn.h>
5 #include <openssl/err.h>
6 #include <openssl/pem.h>
7 #include <openssl/x509.h>
8 #include <openssl/ssl.h>
10 static SSL_CTX *tls_ctx = NULL;
11 static SSL *tls_conn = NULL;
14 tls_ssl_ctx_new (cert_file, key_file)
15 const char *cert_file, *key_file;
17 SSL_load_error_strings ();
18 SSLeay_add_ssl_algorithms ();
20 tls_ctx = SSL_CTX_new (TLSv1_client_method());
24 SSL_CTX_set_options (tls_ctx, SSL_OP_ALL /* Work around all known bugs */);
28 if (SSL_CTX_use_certificate_file (tls_ctx, cert_file,
29 SSL_FILETYPE_PEM) <= 0)
33 if (SSL_CTX_use_PrivateKey_file (tls_ctx, key_file,
34 SSL_FILETYPE_PEM) <= 0)
36 if (!SSL_CTX_check_private_key (tls_ctx))
40 SSL_CTX_set_verify (tls_ctx, SSL_VERIFY_NONE, NULL);
54 tls_conn = (SSL *) SSL_new (ctx);
59 if (!SSL_set_fd (tls_conn, s))
62 SSL_set_connect_state (tls_conn);
64 if (SSL_connect (tls_conn) <= 0)
66 session = SSL_get_session (tls_conn);
68 SSL_CTX_remove_session (ctx, session);
78 tls_negotiate (fd, cert_file, key_file)
80 const char *cert_file, *key_file;
82 if (tls_ssl_ctx_new (cert_file, key_file) == -1)
85 (void) tls_ssl_new (tls_ctx, fd); /* Negotiation has done. */
89 tls_write(fd, buf, num)
94 return SSL_write (tls_conn, buf, num);
95 return write (fd, buf, num);
99 tls_read(fd, buf, num)
104 return SSL_read (tls_conn, buf, num);
105 return read (fd, buf, num);
111 return tls_conn && SSL_pending (tls_conn);