1/*	$NetBSD$	*/
2
3/*++
4/* NAME
5/*	tls_proxy_scan
6/* SUMMARY
7/*	read TLS session state from stream
8/* SYNOPSIS
9/*	#include <tls_proxy.h>
10/*
11/*	int     tls_proxy_context_scan(scan_fn, stream, flags, ptr)
12/*	ATTR_SCAN_MASTER_FN scan_fn;
13/*	VSTREAM *stream;
14/*	int     flags;
15/*	void    *ptr;
16/* DESCRIPTION
17/*	tls_proxy_context_scan() reads a TLS_SESS_STATE structure
18/*	from the named stream using the specified attribute scan
19/*	routine.  tls_proxy_context_scan() is meant to be passed as
20/*	a call-back to attr_scan(), thusly:
21/*
22/*	... ATTR_TYPE_FUNC, tls_proxy_context_scan, (void *) tls_context, ...
23/* DIAGNOSTICS
24/*	Fatal: out of memory.
25/* LICENSE
26/* .ad
27/* .fi
28/*	The Secure Mailer license must be distributed with this software.
29/* AUTHOR(S)
30/*	Wietse Venema
31/*	IBM T.J. Watson Research
32/*	P.O. Box 704
33/*	Yorktown Heights, NY 10598, USA
34/*--*/
35
36#ifdef USE_TLS
37
38/* System library. */
39
40#include <sys_defs.h>
41
42/* Utility library */
43
44#include <attr.h>
45
46/* Global library. */
47
48#include <mail_proto.h>
49
50/* TLS library. */
51
52#include <tls.h>
53#include <tls_proxy.h>
54
55/* tls_proxy_context_scan - receive TLS session state from stream */
56
57int     tls_proxy_context_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp,
58			             int flags, void *ptr)
59{
60    TLS_SESS_STATE *tls_context = (TLS_SESS_STATE *) ptr;
61    int     ret;
62    VSTRING *peer_CN = vstring_alloc(25);
63    VSTRING *issuer_CN = vstring_alloc(25);
64    VSTRING *peer_fingerprint = vstring_alloc(25);
65    VSTRING *protocol = vstring_alloc(25);
66    VSTRING *cipher_name = vstring_alloc(25);
67
68    /*
69     * Note: memset() is not a portable way to initialize non-integer types.
70     */
71    memset(ptr, 0, sizeof(TLS_SESS_STATE));
72    ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
73		  ATTR_TYPE_STR, MAIL_ATTR_PEER_CN, peer_CN,
74		  ATTR_TYPE_STR, MAIL_ATTR_ISSUER_CN, issuer_CN,
75		  ATTR_TYPE_STR, MAIL_ATTR_PEER_FPT, peer_fingerprint,
76		  ATTR_TYPE_INT, MAIL_ATTR_PEER_STATUS,
77		  &tls_context->peer_status,
78		  ATTR_TYPE_STR, MAIL_ATTR_CIPHER_PROTOCOL, protocol,
79		  ATTR_TYPE_STR, MAIL_ATTR_CIPHER_NAME, cipher_name,
80		  ATTR_TYPE_INT, MAIL_ATTR_CIPHER_USEBITS,
81		  &tls_context->cipher_usebits,
82		  ATTR_TYPE_INT, MAIL_ATTR_CIPHER_ALGBITS,
83		  &tls_context->cipher_algbits,
84		  ATTR_TYPE_END);
85    tls_context->peer_CN = vstring_export(peer_CN);
86    tls_context->issuer_CN = vstring_export(issuer_CN);
87    tls_context->peer_fingerprint = vstring_export(peer_fingerprint);
88    tls_context->protocol = vstring_export(protocol);
89    tls_context->cipher_name = vstring_export(cipher_name);
90    return (ret == 8 ? 1 : -1);
91}
92
93#endif
94