1 
2 /*
3  * Copyright (C) NGINX, Inc.
4  * Copyright (C) Igor Sysoev
5  */
6 
7 #include <nxt_main.h>
8 #include <polarssl/config.h>
9 #include <polarssl/ssl.h>
10 #include <polarssl/x509.h>
11 #include <polarssl/error.h>
12 
13 
14 typedef struct {
15     ssl_context  ssl;
16     x509_cert    certificate;
17     rsa_context  key;
18 } nxt_polarssl_ctx_t;
19 
20 
21 static nxt_int_t nxt_polarssl_server_init(nxt_ssltls_conf_t *conf);
22 static void nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
23     nxt_event_conn_t *c);
24 static void nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
25     const char *fmt, ...);
26 
27 
28 nxt_ssltls_lib_t  nxt_polarssl_lib = {
29     nxt_polarssl_server_init,
30     NULL,
31 };
32 
33 
34 static nxt_int_t
nxt_polarssl_server_init(nxt_ssltls_conf_t * conf)35 nxt_polarssl_server_init(nxt_ssltls_conf_t *conf)
36 {
37     int                 n;
38     nxt_thread_t        *thr;
39     nxt_polarssl_ctx_t  *ctx;
40 
41     thr = nxt_thread();
42 
43     /* TODO: mem_pool */
44 
45     ctx = nxt_zalloc(sizeof(nxt_polarssl_ctx_t));
46     if (ctx == NULL) {
47         return NXT_ERROR;
48     }
49 
50     n = ssl_init(&ctx->ssl);
51     if (n != 0) {
52         nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n, "ssl_init() failed");
53         return NXT_ERROR;
54     }
55 
56     ssl_set_endpoint(&ctx->ssl, SSL_IS_SERVER );
57 
58     conf->ctx = ctx;
59     conf->conn_init = nxt_polarssl_conn_init;
60 
61     n = x509parse_crtfile(&ctx->certificate, conf->certificate);
62     if (n != 0) {
63         nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n,
64                                "x509parse_crt(\"%V\") failed",
65                                &conf->certificate);
66         goto fail;
67     }
68 
69     rsa_init(&ctx->key, RSA_PKCS_V15, 0);
70 
71     n = x509parse_keyfile(&ctx->key, conf->certificate_key, NULL);
72     if (n != 0) {
73         nxt_polarssl_log_error(NXT_LOG_ALERT, thr->log, n,
74                                "x509parse_key(\"%V\") failed",
75                                &conf->certificate_key);
76         goto fail;
77     }
78 
79     ssl_set_own_cert(&ctx->ssl, &ctx->certificate, &ctx->key);
80 
81     /* TODO: ciphers */
82 
83     /* TODO: ca_certificate */
84 
85     return NXT_OK;
86 
87 fail:
88 
89     return NXT_ERROR;
90 }
91 
92 
93 static void
nxt_polarssl_conn_init(nxt_thread_t * thr,nxt_ssltls_conf_t * conf,nxt_event_conn_t * c)94 nxt_polarssl_conn_init(nxt_thread_t *thr, nxt_ssltls_conf_t *conf,
95     nxt_event_conn_t *c)
96 {
97 }
98 
99 
100 static void
nxt_polarssl_log_error(nxt_uint_t level,nxt_log_t * log,int err,const char * fmt,...)101 nxt_polarssl_log_error(nxt_uint_t level, nxt_log_t *log, int err,
102     const char *fmt, ...)
103 {
104     va_list  args;
105     u_char   *p, *end, msg[NXT_MAX_ERROR_STR];
106 
107     end = msg + NXT_MAX_ERROR_STR;
108 
109     va_start(args, fmt);
110     p = nxt_vsprintf(msg, end, fmt, args);
111     va_end(args);
112 
113     p = nxt_sprintf(p, end, " (%d: ", err);
114 
115     error_strerror(err, (char *) msg, p - msg);
116 
117     nxt_log_error(level, log, "%*s)", p - msg, msg);
118 }
119