QDNix
Quick’n’dirty *NIX
tls.c
Go to the documentation of this file.
1 /**
2  * \file tls.c
3  * \brief All TLS related function.
4  */
5 #include <netinet/in.h>
6 #include <openssl/prov_ssl.h>
7 #include <openssl/types.h>
8 #include <stdlib.h>
9 #include <stdio.h>
10 #include <string.h>
11 #include <stdint.h>
12 #include <unistd.h>
13 #include <signal.h>
14 #include <sys/socket.h>
15 #include <arpa/inet.h>
16 #include <sys/select.h>
17 #include <openssl/ssl.h>
18 #include <openssl/err.h>
19 
20 static int
21 servername_callback(SSL *ssl, int *a, void *b)
22 {
23  return (SSL_TLSEXT_ERR_OK);
24 }
25 
26 SSL_CTX *
27 create_tls_context(const char *cert_file, const char *key_file)
28 {
29  const SSL_METHOD *method;
30  SSL_CTX *ctx;
31 
32  method = TLS_server_method();
33 
34  ctx = SSL_CTX_new(method);
35  if (ctx == NULL)
36  {
37  ERR_print_errors_fp(stderr);
38  exit(EXIT_FAILURE);
39  }
40 
41  /* from gemini spec: Servers MUST use TLS version 1.2 or higher and SHOULD
42  * use TLS version 1.3 or higher.*/
43  SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
44 
45  if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
46  {
47  ERR_print_errors_fp(stderr);
48  exit(EXIT_FAILURE);
49  }
50 
51  if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0)
52  {
53  ERR_print_errors_fp(stderr);
54  exit(EXIT_FAILURE);
55  }
56 
57  SSL_CTX_set_tlsext_servername_callback(ctx, servername_callback);
58 
59  return (ctx);
60 }
61 
62 void
63 tls_init(void)
64 {
65  SSL_load_error_strings();
66  SSL_library_init();
67 }