secret/postfix_src/tls__session_8c_source.html

 /*++

 /* NAME

 /*  tls_session

 /* SUMMARY

 /*  TLS client and server session routines

 /* SYNOPSIS

 /*  #include <tls.h>

 /*

 /*  void    tls_session_stop(ctx, stream, timeout, failure, TLScontext)

 /*  TLS_APPL_STATE *ctx;

 /*  VSTREAM *stream;

 /*  int timeout;

 /*  int failure;

 /*  TLS_SESS_STATE *TLScontext;

 /*

 /*  VSTRING *tls_session_passivate(session)

 /*  SSL_SESSION *session;

 /*

 /*  SSL_SESSION *tls_session_activate(session_data, session_data_len)

 /*  char    *session_data;

 /*  int session_data_len;

 /* DESCRIPTION

 /*  tls_session_stop() implements the tls_server_shutdown()

 /*  and the tls_client_shutdown() routines.

 /*

 /*  tls_session_passivate() converts an SSL_SESSION object to

 /*  VSTRING. The result is a null pointer in case of problems,

 /*  otherwise it should be disposed of with vstring_free().

 /*

 /*  tls_session_activate() reanimates a passivated SSL_SESSION object.

 /*  The result is a null pointer in case of problems,

 /*  otherwise it should be disposed of with SSL_SESSION_free().

 /* LICENSE

 /* .ad

 /* .fi

 /*  This software is free. You can do with it whatever you want.

 /*  The original author kindly requests that you acknowledge

 /*  the use of his software.

 /* AUTHOR(S)

 /*  Originally written by:

 /*  Lutz Jaenicke

 /*  BTU Cottbus

 /*  Allgemeine Elektrotechnik

 /*  Universitaetsplatz 3-4

 /*  D-03044 Cottbus, Germany

 /*

 /*  Updated by:

 /*  Wietse Venema

 /*  IBM T.J. Watson Research

 /*  P.O. Box 704

 /*  Yorktown Heights, NY 10598, USA

 /*

 /*  Victor Duchovni

 /*  Morgan Stanley

 /*--*/


 /* System library. */


 #include <sys_defs.h>


 #ifdef USE_TLS


 /* Utility library. */


 #include <vstream.h>

 #include <msg.h>

 #include <mymalloc.h>


 /* TLS library. */


 #define TLS_INTERNAL

 #include <tls.h>


 /* Application-specific. */


 #define STR vstring_str


 /* tls_session_stop - shut down the TLS connection and reset state */


 void    tls_session_stop(TLS_APPL_STATE *unused_ctx, VSTREAM *stream, int timeout,

                      int failure, TLS_SESS_STATE *TLScontext)

 {

     const char *myname = "tls_session_stop";

     int     retval;


     /*

      * Sanity check.

      */

     if (TLScontext == 0)

     msg_panic("%s: stream has no active TLS context", myname);


     /*

      * Perform SSL_shutdown() twice, as the first attempt will send out the

      * shutdown alert but it will not wait for the peer's shutdown alert.

      * Therefore, when we are the first party to send the alert, we must call

      * SSL_shutdown() again. On failure we don't want to resume the session,

      * so we will not perform SSL_shutdown() and the session will be removed

      * as being bad.

      */

     if (!failure) {

     retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);

     if (retval == 0)

         tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);

     }

     tls_free_context(TLScontext);

     tls_stream_stop(stream);

 }


 /* tls_session_passivate - passivate SSL_SESSION object */


 VSTRING *tls_session_passivate(SSL_SESSION *session)

 {

     const char *myname = "tls_session_passivate";

     int     estimate;

     int     actual_size;

     VSTRING *session_data;

     unsigned char *ptr;


     /*

      * First, find out how much memory is needed for the passivated

      * SSL_SESSION object.

      */

     estimate = i2d_SSL_SESSION(session, (unsigned char **) 0);

     if (estimate <= 0) {

     msg_warn("%s: i2d_SSL_SESSION failed: unable to cache session", myname);

     return (0);

     }


     /*

      * Passivate the SSL_SESSION object. The use of a VSTRING is slightly

      * wasteful but is convenient to combine data and length.

      */

     session_data = vstring_alloc(estimate);

     ptr = (unsigned char *) STR(session_data);

     actual_size = i2d_SSL_SESSION(session, &ptr);

     if (actual_size != estimate) {

     msg_warn("%s: i2d_SSL_SESSION failed: unable to cache session", myname);

     vstring_free(session_data);

     return (0);

     }

     VSTRING_AT_OFFSET(session_data, actual_size);   /* XXX not public */


     return (session_data);

 }


 /* tls_session_activate - activate passivated session */


 SSL_SESSION *tls_session_activate(const char *session_data, int session_data_len)

 {

 #if (OPENSSL_VERSION_NUMBER < 0x0090707fL)

 #define BOGUS_CONST

 #else

 #define BOGUS_CONST const

 #endif

     SSL_SESSION *session;

     BOGUS_CONST unsigned char *ptr;


     /*

      * Activate the SSL_SESSION object.

      */

     ptr = (BOGUS_CONST unsigned char *) session_data;

     session = d2i_SSL_SESSION((SSL_SESSION **) 0, &ptr, session_data_len);

     if (!session)

     tls_print_errors();


     return (session);

 }


 #endif

tls.h

VSTREAM
Definition: vstream.h:43

msg_panic
NORETURN msg_panic(const char *fmt,...)
Definition: msg.c:295

STR
#define STR(x)
Definition: anvil.c:518

msg.h

msg_warn
void msg_warn(const char *fmt,...)
Definition: msg.c:215

vstring_alloc
VSTRING * vstring_alloc(ssize_t len)
Definition: vstring.c:353

VSTRING
Definition: vstring.h:29

sys_defs.h

vstream.h

vstring_free
VSTRING * vstring_free(VSTRING *vp)
Definition: vstring.c:380

vstream_fileno
#define vstream_fileno(vp)
Definition: vstream.h:115

VSTRING_AT_OFFSET
#define VSTRING_AT_OFFSET(vp, offset)
Definition: vstring.h:92

mymalloc.h