From 4a5993ccc219381f700b763db16229772fc3540d Mon Sep 17 00:00:00 2001
From: Jan Vidar Krey <janvidar@extatic.org>
Date: Mon, 3 Aug 2009 20:21:59 +0200
Subject: [PATCH] Added a generic SSL handshake mechanism.

---
 src/core/netevent.c      |  2 +-
 src/network/connection.c | 21 ++++++++++++++++-----
 src/network/connection.h |  6 +++++-
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/core/netevent.c b/src/core/netevent.c
index c2dac14..8857131 100644
--- a/src/core/netevent.c
+++ b/src/core/netevent.c
@@ -265,7 +265,7 @@ void net_on_accept(int server_fd, short ev, void *arg)
 		}
 
 #ifdef SSL_SUPPORT
-		net_con_ssl_accept(&user->net.connection);
+		net_con_ssl_handshake(&user->net.connection, NET_CON_SSL_MODE_SERVER);
 #endif
 	}
 }
diff --git a/src/network/connection.c b/src/network/connection.c
index c8f443b..1f9d099 100644
--- a/src/network/connection.c
+++ b/src/network/connection.c
@@ -109,11 +109,6 @@ void net_con_initialize(struct net_connection* con, int sd, struct ip_addr_encap
 #ifdef SSL_SUPPORT
 	con->ssl = NULL;
 	con->write_len = 0;
-
-	con->ssl = SSL_new(g_hub->ssl_ctx);
-        LOG_DUMP("SSL_new");
-        SSL_set_fd(con->ssl, con->sd);
-        LOG_DUMP("SSL_set_fd");
 #endif
 }
 
@@ -319,6 +314,22 @@ ssize_t net_con_ssl_connect(struct net_connection* con)
 	}
 	return ret;
 }
+
+ssize_t net_con_ssl_handshake(struct net_connection* con, int ssl_mode)
+{
+	if (ssl_mode == NET_CON_SSL_MODE_SERVER)
+	{
+		con->ssl = SSL_new(g_hub->ssl_ctx);
+		SSL_set_fd(con->ssl, con->sd);
+		return net_con_ssl_accept(con);
+	}
+	else
+	{
+		con->ssl = SSL_new(SSL_CTX_new(TLSv1_method()));
+		SSL_set_fd(con->ssl, con->sd);
+		return net_con_ssl_connect(con);
+	}
+}
 #endif /* SSL_SUPPORT */
 
 
diff --git a/src/network/connection.h b/src/network/connection.h
index ba43301..17dc318 100644
--- a/src/network/connection.h
+++ b/src/network/connection.h
@@ -33,7 +33,6 @@ struct net_connection
 	time_t               last_send; /** Timestamp for last send() */
 #ifdef SSL_SUPPORT
 	SSL*                 ssl;       /** SSL handle */
-	SSL_CTX*             ctx;       /** FIXME: Should have a global one instead */
 	size_t               write_len; /** Length of last SSL_write(), only used if flags is NET_WANT_SSL_READ. */
 #endif /*  SSL_SUPPORT */
 };
@@ -70,6 +69,11 @@ extern ssize_t net_con_ssl_accept(struct net_connection*);
  * Start SSL_connect()
  */
 extern ssize_t net_con_ssl_connect(struct net_connection*);
+
+#define NET_CON_SSL_MODE_SERVER 1
+#define NET_CON_SSL_MODE_CLIENT 2
+extern ssize_t net_con_ssl_handshake(struct net_connection* con, int ssl_mode);
+
 #endif /* SSL_SUPPORT */
 
 #endif /* HAVE_UHUB_NETWORK_CONNECTION_H */