*** ssl.c.orig Sat Dec 16 14:57:52 2000 --- ssl.c Tue Jan 16 14:04:26 2001 *************** *** 485,493 **** goto cleanup_local; /* Failed to connect remote server */ log(LOG_DEBUG, "Remote host connected"); } else { /* local service */ ! if((remote=connect_local(ip))<0) ! goto cleanup_local; /* Failed to spawn local service */ ! log(LOG_DEBUG, "Local service connected"); } /* negotiate protocol */ --- 485,498 ---- goto cleanup_local; /* Failed to connect remote server */ log(LOG_DEBUG, "Remote host connected"); } else { /* local service */ ! if(options.protocol) { ! /* must negotiate a protocol -> spawn local service now */ ! if((remote=connect_local(ip))<0) ! goto cleanup_local; /* Failed to spawn local service */ ! log(LOG_DEBUG, "Local service connected (before ssl)"); ! } else { ! remote=-1; /* connect later */ ! } } /* negotiate protocol */ *************** *** 515,535 **** if(SSL_connect(ssl)<=0) { sslerror("SSL_connect"); goto cleanup_ssl; ! } ! print_cipher(ssl); ! if(transfer(ssl, local)<0) ! goto cleanup_ssl; } else { SSL_set_fd(ssl, local); ! SSL_set_accept_state(ssl); if(SSL_accept(ssl)<=0) { sslerror("SSL_accept"); goto cleanup_ssl; ! } ! print_cipher(ssl); ! if(transfer(ssl, remote)<0) goto cleanup_ssl; } /* No error - normal shutdown */ SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_free(ssl); --- 520,549 ---- if(SSL_connect(ssl)<=0) { sslerror("SSL_connect"); goto cleanup_ssl; ! } } else { SSL_set_fd(ssl, local); ! SSL_set_accept_state(ssl); if(SSL_accept(ssl)<=0) { sslerror("SSL_accept"); goto cleanup_ssl; ! } ! } ! print_cipher(ssl); ! if(remote == -1) { ! /* delayed connection to local service until now */ ! if((remote=connect_local(ip))<0) ! goto cleanup_ssl; /* Failed to spawn local service */ ! log(LOG_DEBUG, "Local service connected (after ssl)"); ! } ! if(options.option&OPT_CLIENT) { ! if(transfer(ssl, local)<0) goto cleanup_ssl; + } else { + if(transfer(ssl, remote)<0) + goto cleanup_ssl; } + /* No error - normal shutdown */ SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_free(ssl); *************** *** 542,548 **** SSL_free(ssl); ERR_remove_state(0); cleanup_remote: /* reset remote and local socket */ ! if ((options.option & OPT_REMOTE) && setsockopt(remote, SOL_SOCKET, SO_LINGER, (char *)&l, sizeof(l)) < 0 && errno != ENOTSOCK) sockerror("linger (remote)"); --- 556,562 ---- SSL_free(ssl); ERR_remove_state(0); cleanup_remote: /* reset remote and local socket */ ! if ((remote>=0) && (options.option & OPT_REMOTE) && setsockopt(remote, SOL_SOCKET, SO_LINGER, (char *)&l, sizeof(l)) < 0 && errno != ENOTSOCK) sockerror("linger (remote)"); *************** *** 863,868 **** --- 877,888 ---- return 0; /* Reject connection */ } log(LOG_NOTICE, "VERIFY OK: depth=%d: %s", ctx->error_depth, txt); + if (ctx->error_depth == 0) { + setenv("SSL_CLIENT_DN", txt, 1); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), + txt, sizeof(txt)); + setenv("SSL_CLIENT_I_DN", txt, 1); + } return 1; /* Accept connection */ } *************** *** 904,909 **** --- 924,930 ---- SSL_CIPHER *c; char *ver; int bits; + char txt[256]; #endif #if SSLEAY_VERSION_NUMBER <= 0x0800 *************** *** 924,929 **** --- 945,955 ---- SSL_CIPHER_get_bits(c, &bits); log(LOG_INFO, "%s opened with %s, cipher %s (%u bits)", options.servname, ver, SSL_CIPHER_get_name(c), bits); + setenv("SSL", "on", 1); + setenv("SSL_CIPHER", SSL_CIPHER_get_name(c), 1); + setenv("SSL_PROTOCOL_VERSION", ver, 1); + snprintf(txt, sizeof(txt), "%u", bits); + setenv("SSL_KEYSIZE", txt, 1); #endif }