From 1adde65db245ec1fca752cfee4c198badf40fb5f Mon Sep 17 00:00:00 2001
From: Jakub Sławiński
Date: Tue, 15 Mar 2005 01:22:55 +0100
Subject: v0.6

  - Fixed: default password incompatibilities from config file
  - Added: "client's id" option
  - Lightly Modified: verbose mode
  - Added: temporary listen ports
  - Fixed: bug in printing "client's id"
  - Added: 'dateformat' option to set format of the date in the logs
  - Modified: command line option and config file behaviour
  - Added: logging to a socket
  - Fixed: parsing config file
  - Fixed: major bug in packet buffering
  - Added: several clients-users in one realm
  - Modified: default hostname used by afserver
  - Modified: server listening behaviour (for clients)
  - Fixed: bug in checking options values
  - Modified: verbose mode
  - Modified: client initial connection to server
  - Added: connection time / uptime statistics
  - Added: first version of remote administration (statistics only)
  - Fixed: major bug in remove_client routine
  - Added: 'raclients' option
  - Added: use of automake/autoconf
  - Added: creating ~/.apf directory
  - Modified: the way of creating/managing keys/certificates
  - Added: 'dnslookups' option
  - Modified: usage functions
  - Fixed: no handling of missing 'listen' option after 'newrealm' in config file
  - Added: 'quit' command in remote administration mode
  - Modified: logging error messages during initialization
  - Modified: 'newrealm' changed to 'realm' in config file
  - Added: realm names
  - Modified: connection time / uptime
  - Added: client names / unique numbers
  - Added: user unique numbers
  - Fixed: segmentation fault after 'quit' command
---
 src/make_ssl_handshake.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 src/make_ssl_handshake.c

(limited to 'src/make_ssl_handshake.c')

diff --git a/src/make_ssl_handshake.c b/src/make_ssl_handshake.c
new file mode 100644
index 0000000..a5c97eb
--- /dev/null
+++ b/src/make_ssl_handshake.c
@@ -0,0 +1,103 @@
+/*
+ * active port forwarder - software for secure forwarding
+ * Copyright (C) 2003,2004,2005 jeremian <jeremian [at] poczta.fm>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#include "make_ssl_handshake.h"
+#include "stats.h"
+
+#include <config.h>
+
+#include <errno.h>
+#include <openssl/err.h>
+
+void
+make_ssl_initialize(clifd *cliconn)
+{
+  if (SSL_set_fd(cliconn->ssl, cliconn->commfd) != 1) {
+    aflog(0, "Problem with initializing ssl... exiting");
+    exit(1);
+  }
+}
+
+int
+make_ssl_accept(clifd *cliconn)
+{
+  int result;
+  if ((result = SSL_accept(cliconn->ssl)) != 1) {
+    return get_ssl_error(cliconn, "  SSL_accept has failed", result);
+  }
+  return 0;
+}
+
+int
+get_ssl_error(clifd *cliconn, char* info, int result)
+{
+  int merror;
+#ifdef HAVE_ERR_ERROR_STRING
+  char err_buff[200];
+#endif
+  merror = SSL_get_error(cliconn->ssl, result);
+  switch (merror) {
+    case SSL_ERROR_NONE : {
+                            aflog(2, "%s(%d): none", info, result);
+                            break;
+                          }
+    case SSL_ERROR_ZERO_RETURN : {
+                                   aflog(2, "%s(%d): zero", info, result);
+                                   break;
+                                 }
+    case SSL_ERROR_WANT_READ : { 
+                                 aflog(2, "%s(%d): w_read", info, result);
+                                 break;
+                               }
+    case SSL_ERROR_WANT_WRITE : {
+                                  aflog(2, "%s(%d): w_write", info, result);
+                                  break;
+                                }
+    case SSL_ERROR_WANT_CONNECT : {
+                                    aflog(2, "%s(%d): w_connect", info, result);
+                                    break;
+                                  }
+    case SSL_ERROR_WANT_X509_LOOKUP : {
+                                        aflog(2, "%s(%d): w_x509_lookup", info, result);
+                                        break;
+                                      }
+    case SSL_ERROR_SYSCALL : {
+                               aflog(2, "%s(%d): syscall", info, result);
+                               break;
+                             }
+    case SSL_ERROR_SSL : {
+                           SSL_load_error_strings();
+#ifdef HAVE_ERR_ERROR_STRING
+                           aflog(2, "%s(%d): ssl:%s", info, result,
+                               ERR_error_string(ERR_get_error(), err_buff));
+#else
+                           aflog(2, "%s(%d): ssl", info, result);
+#endif
+                           break;
+                         }
+    default: {
+               aflog(2, "%s(%d): unrecognized error (%d)", info, result, errno);
+             }
+  }
+  if (merror == SSL_ERROR_WANT_READ) {
+    return 1;
+  }
+  return 2;
+}
-- 
cgit v1.1