98  *              |- 3. Append data to ssl_ctx->source
103  *                    |- read data from ssl_ctx->source
183     serf_ssl_context_t *ssl_ctx;
197 static void disable_compression(serf_ssl_context_t *ssl_ctx);
1395     serf_ssl_context_t *ssl_ctx;
1399     ssl_ctx = serf_bucket_mem_alloc(allocator, sizeof(*ssl_ctx));
1401     ssl_ctx->refcount = 0;
1402     ssl_ctx->pool = serf_bucket_allocator_get_pool(allocator);
1403     ssl_ctx->allocator = allocator;
1406     ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method());
1407     SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
1409     SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert);
1410     ssl_ctx->cached_cert = 0;
1411     ssl_ctx->cached_cert_pw = 0;
1412     ssl_ctx->pending_err = APR_SUCCESS;
1413     ssl_ctx->fatal_err = APR_SUCCESS;
1415     ssl_ctx->cert_callback = NULL;
1416     ssl_ctx->cert_pw_callback = NULL;
1417     ssl_ctx->server_cert_callback = NULL;
1418     ssl_ctx->server_cert_chain_callback = NULL;
1420     SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_PEER,
1422     SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_ALL);
1424     disable_compression(ssl_ctx);
1426     ssl_ctx->ssl = SSL_new(ssl_ctx->ctx);
1427     ssl_ctx->biom = bio_meth_bucket_new();
1428     ssl_ctx->bio = BIO_new(ssl_ctx->biom);
1429     bio_set_data(ssl_ctx->bio, ssl_ctx);
1431     SSL_set_bio(ssl_ctx->ssl, ssl_ctx->bio, ssl_ctx->bio);
1433     SSL_set_connect_state(ssl_ctx->ssl);
1435     SSL_set_app_data(ssl_ctx->ssl, ssl_ctx);
1438     SSL_CTX_set_info_callback(ssl_ctx->ctx, apps_ssl_info_callback);
1441     ssl_ctx->encrypt.stream = NULL;
1442     ssl_ctx->encrypt.stream_next = NULL;
1443     ssl_ctx->encrypt.pending = serf_bucket_aggregate_create(allocator);
1444     ssl_ctx->encrypt.status = APR_SUCCESS;
1445     serf_databuf_init(&ssl_ctx->encrypt.databuf);
1446     ssl_ctx->encrypt.databuf.read = ssl_encrypt;
1447     ssl_ctx->encrypt.databuf.read_baton = ssl_ctx;
1449     ssl_ctx->decrypt.stream = NULL;
1450     ssl_ctx->decrypt.pending = serf_bucket_aggregate_create(allocator);
1451     ssl_ctx->decrypt.status = APR_SUCCESS;
1452     serf_databuf_init(&ssl_ctx->decrypt.databuf);
1453     ssl_ctx->decrypt.databuf.read = ssl_decrypt;
1454     ssl_ctx->decrypt.databuf.read_baton = ssl_ctx;
1456     return ssl_ctx;
1460     serf_ssl_context_t *ssl_ctx)
1463     if (ssl_ctx->decrypt.pending != NULL) {
1464         serf_bucket_destroy(ssl_ctx->decrypt.pending);
1466     if (ssl_ctx->encrypt.pending != NULL) {
1467         serf_bucket_destroy(ssl_ctx->encrypt.pending);
1471     SSL_free(ssl_ctx->ssl);
1472     bio_meth_free(ssl_ctx->biom);
1473     SSL_CTX_free(ssl_ctx->ctx);
1475     serf_bucket_mem_free(ssl_ctx->allocator, ssl_ctx);
1481     serf_ssl_context_t *ssl_ctx,
1488     if (!ssl_ctx) {
1489         ctx->ssl_ctx = ssl_init_context(allocator);
1492         ctx->ssl_ctx = ssl_ctx;
1494     ctx->ssl_ctx->refcount++;
1510 apr_status_t serf_ssl_use_default_certificates(serf_ssl_context_t *ssl_ctx)
1512     X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1543     serf_ssl_context_t *ssl_ctx,
1546     X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx->ctx);
1556     serf_ssl_context_t *ssl_ctx,
1562     bkt = serf_bucket_ssl_create(ssl_ctx, allocator,
1567     ctx->databuf = &ctx->ssl_ctx->decrypt.databuf;
1568     if (ctx->ssl_ctx->decrypt.stream != NULL) {
1571     ctx->ssl_ctx->decrypt.stream = stream;
1572     ctx->our_stream = &ctx->ssl_ctx->decrypt.stream;
1582     return ctx->ssl_ctx;
1588     serf_ssl_context_t *ssl_ctx,
1594     bkt = serf_bucket_ssl_create(ssl_ctx, allocator,
1599     ctx->databuf = &ctx->ssl_ctx->encrypt.databuf;
1600     ctx->our_stream = &ctx->ssl_ctx->encrypt.stream;
1601     if (ctx->ssl_ctx->encrypt.stream == NULL) {
1604         ctx->ssl_ctx->encrypt.stream = tmp;
1609         new_list = serf_bucket_mem_alloc(ctx->ssl_ctx->allocator,
1613         if (ctx->ssl_ctx->encrypt.stream_next == NULL) {
1614             ctx->ssl_ctx->encrypt.stream_next = new_list;
1617             bucket_list_t *scan = ctx->ssl_ctx->encrypt.stream_next;
1633     return ctx->ssl_ctx;
1858 static void disable_compression(serf_ssl_context_t *ssl_ctx)
1861     SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_NO_COMPRESSION);
1865 apr_status_t serf_ssl_use_compression(serf_ssl_context_t *ssl_ctx, int enabled)
1869         SSL_clear_options(ssl_ctx->ssl, SSL_OP_NO_COMPRESSION);
1874         SSL_set_options(ssl_ctx->ssl, SSL_OP_NO_COMPRESSION);
1886     if (!--ctx->ssl_ctx->refcount) {
1887         ssl_free_context(ctx->ssl_ctx);
1905     serf_ssl_context_t *ssl_ctx = ctx->ssl_ctx;
1907     if (ssl_ctx->encrypt.stream == *ctx->our_stream) {
1909         serf_bucket_destroy(ssl_ctx->encrypt.pending);
1912         ssl_ctx->encrypt.status = APR_SUCCESS;
1913         ssl_ctx->encrypt.databuf.status = APR_SUCCESS;
1916         if (ssl_ctx->encrypt.stream_next == NULL) {
1917             ssl_ctx->encrypt.stream = NULL;
1918             ssl_ctx->encrypt.pending = NULL;
1923             cur = ssl_ctx->encrypt.stream_next;
1924             ssl_ctx->encrypt.stream = cur->bucket;
1925             ssl_ctx->encrypt.pending =
1927             ssl_ctx->encrypt.stream_next = cur->next;
1928             serf_bucket_mem_free(ssl_ctx->allocator, cur);

Indexes created Sun Jun 30 11:05:36 MDT 2024