From fc8918b1f2d77d32880ca0297dcb069fccc1e0e1 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 2 Jun 2015 09:15:08 +0300 Subject: [PATCH] Added a dcb_connect_SSL function which starts a client SSL connection. --- server/core/dcb.c | 66 ++++++++++++++++++++++++++++++++++++++++++++ server/include/dcb.h | 1 + 2 files changed, 67 insertions(+) diff --git a/server/core/dcb.c b/server/core/dcb.c index 2948dae2e..2dcbd9b4c 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -2843,5 +2843,71 @@ int dcb_accept_SSL(DCB* dcb) break; } + return rval; +} + +/** + * Initiate an SSL client connection to a server + * + * This functions starts an SSL client connection to a server which is expecting + * an SSL handshake. The DCB should already have a TCP connection to the server and + * this connection should be in a state that expects an SSL handshake. + * @param dcb DCB to connect + * @return 1 on success, -1 on error and 0 if the SSL handshake is still ongoing + */ +int dcb_connect_SSL(DCB* dcb) +{ + int rval,errnum; + + rval = SSL_connect(dcb->ssl); + + switch(rval) + { + case 0: + errnum = SSL_get_error(dcb->ssl,rval); + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect shutdown for %s@%s", + dcb->user, + dcb->remote))); + return -1; + break; + case 1: + rval = 1; + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect done for %s@%s", + dcb->user, + dcb->remote))); + break; + + case -1: + errnum = SSL_get_error(dcb->ssl,rval); + + if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || + errnum == SSL_ERROR_WANT_X509_LOOKUP) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + + rval = 0; + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect ongoing for %s@%s", + dcb->user, + dcb->remote))); + } + else + { + rval = -1; + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_connect for %s@%s: %s", + dcb->user, + dcb->remote, + ERR_error_string(errnum,NULL)); + } + break; + + default: + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_connect, returned value was %d.", + rval); + break; + } + return rval; } \ No newline at end of file diff --git a/server/include/dcb.h b/server/include/dcb.h index 58a4eb532..cc96a2c0e 100644 --- a/server/include/dcb.h +++ b/server/include/dcb.h @@ -343,6 +343,7 @@ size_t dcb_get_session_id(DCB* dcb); bool dcb_get_ses_log_info(DCB* dcb, size_t* sesid, int* enabled_logs); int dcb_create_SSL(DCB* dcb); int dcb_accept_SSL(DCB* dcb); +int dcb_connect_SSL(DCB* dcb); int gw_write_SSL(SSL* ssl, const void *buf, size_t nbytes); int dcb_write_SSL(DCB *dcb,GWBUF *queue); int dcb_read_SSL(DCB *dcb,GWBUF **head);