diff --git a/src/utils/ssl.c b/src/utils/ssl.c
index 477d16c28ae1fe7cb2ae9cd78c270a30d2125d55..fe509d05c3dd461e5e0d79620070abdeb5d97444 100644 (file)
--- a/src/utils/ssl.c
+++ b/src/utils/ssl.c
} /* ssl_log_err */
static int
-copy_options(sdb_ssl_options_t *dst, sdb_ssl_options_t *src)
+copy_options(sdb_ssl_options_t *dst, const sdb_ssl_options_t *src)
{
+ sdb_ssl_options_t tmp;
sdb_ssl_options_t def = SDB_SSL_DEFAULT_OPTIONS;
- if (! src)
- src = &def;
-
- if (! src->ca_file)
- src->ca_file = def.ca_file;
- if (! src->key_file)
- src->key_file = def.key_file;
- if (! src->cert_file)
- src->cert_file = def.cert_file;
-
- dst->ca_file = strdup(src->ca_file);
- dst->key_file = strdup(src->key_file);
- dst->cert_file = strdup(src->cert_file);
+ if (src)
+ tmp = *src;
+ else
+ tmp = def;
+
+ if (! tmp.ca_file)
+ tmp.ca_file = def.ca_file;
+ if (! tmp.key_file)
+ tmp.key_file = def.key_file;
+ if (! tmp.cert_file)
+ tmp.cert_file = def.cert_file;
+
+ dst->ca_file = strdup(tmp.ca_file);
+ dst->key_file = strdup(tmp.key_file);
+ dst->cert_file = strdup(tmp.cert_file);
if ((! dst->ca_file) || (! dst->key_file) || (! dst->cert_file))
return -1;
- if (src->crl_file) {
- dst->crl_file = strdup(src->crl_file);
+ if (tmp.crl_file) {
+ dst->crl_file = strdup(tmp.crl_file);
if (! dst->crl_file)
return -1;
}
return 0;
} /* copy_options */
-static void
-free_options(sdb_ssl_options_t *opts)
-{
- if (opts->ca_file)
- free(opts->ca_file);
- if (opts->key_file)
- free(opts->key_file);
- if (opts->cert_file)
- free(opts->cert_file);
- if (opts->crl_file)
- free(opts->crl_file);
-} /* free_options */
-
/*
* public API
*/
+void
+sdb_ssl_init(void)
+{
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+} /* sdb_ssl_init */
+
+void
+sdb_ssl_shutdown(void)
+{
+ ERR_free_strings();
+} /* sdb_ssl_shutdown */
+
sdb_ssl_client_t *
-sdb_ssl_client_create(sdb_ssl_options_t *opts)
+sdb_ssl_client_create(const sdb_ssl_options_t *opts)
{
sdb_ssl_client_t *client;
if (! SSL_CTX_load_verify_locations(client->ctx,
client->opts.ca_file, NULL)) {
- ssl_log(SDB_LOG_ERR, "ssl: Failed to load CA file");
+ ssl_log(SDB_LOG_ERR, "ssl: Failed to load CA file '%s'",
+ client->opts.ca_file);
sdb_ssl_client_destroy(client);
return NULL;
}
if (client->ctx)
SSL_CTX_free(client->ctx);
- free_options(&client->opts);
+ sdb_ssl_free_options(&client->opts);
free(client);
} /* sdb_ssl_client_destroy */
} /* sdb_ssl_client_connect */
sdb_ssl_server_t *
-sdb_ssl_server_create(sdb_ssl_options_t *opts)
+sdb_ssl_server_create(const sdb_ssl_options_t *opts)
{
sdb_ssl_server_t *server;
if (server->ctx)
SSL_CTX_free(server->ctx);
- free_options(&server->opts);
+ sdb_ssl_free_options(&server->opts);
free(server);
} /* sdb_ssl_server_destroy */
return -1;
} /* sdb_ssl_session_read */
+void
+sdb_ssl_free_options(sdb_ssl_options_t *opts)
+{
+ if (! opts)
+ return;
+
+ if (opts->ca_file)
+ free(opts->ca_file);
+ if (opts->key_file)
+ free(opts->key_file);
+ if (opts->cert_file)
+ free(opts->cert_file);
+ if (opts->crl_file)
+ free(opts->crl_file);
+
+ opts->ca_file = opts->key_file = opts->cert_file = opts->crl_file = NULL;
+} /* sdb_ssl_free_options */
+
/* vim: set tw=78 sw=4 ts=4 noexpandtab : */