From owner-p4-projects@FreeBSD.ORG Sat Mar 1 19:30:03 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A9F691065675; Sat, 1 Mar 2008 19:30:03 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6810C1065672 for ; Sat, 1 Mar 2008 19:30:03 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 537BF8FC15 for ; Sat, 1 Mar 2008 19:30:03 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m21JU3CO066160 for ; Sat, 1 Mar 2008 19:30:03 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m21JU3us066152 for perforce@freebsd.org; Sat, 1 Mar 2008 19:30:03 GMT (envelope-from csjp@freebsd.org) Date: Sat, 1 Mar 2008 19:30:03 GMT Message-Id: <200803011930.m21JU3us066152@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 136599 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Mar 2008 19:30:04 -0000 http://perforce.freebsd.org/chv.cgi?CH=136599 Change 136599 by csjp@ibm01 on 2008/03/01 19:29:27 Introduce crypto_fatal and use that. Include a "main" for now until things are a bit more stable. Affected files ... .. //depot/projects/trustedbsd/netauditd/crypto.c#4 edit Differences ... ==== //depot/projects/trustedbsd/netauditd/crypto.c#4 (text+ko) ==== @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ #include +#include #include @@ -32,6 +33,16 @@ static char *crypto_pass; static int +crypto_fatal(struct crypto_context *ct, const char *string) +{ + + assert(ct != NULL); + BIO_printf(ct->c_bioerror, "%s\n", string); + ERR_print_errors(ct->c_bioerror); + exit(1); +} + +static int crypto_password_cb(char *buf, int num, int rwflag, void *userdata) { int slen; @@ -60,22 +71,22 @@ } meth = SSLv23_method(); ct->c_ctx = SSL_CTX_new(meth); - if (!SSL_CTX_use_certificate_chain_file(ct->c_ctx, "KEYFILE")) - berr_exit("Can't read certificate file"); + if (!SSL_CTX_use_certificate_chain_file(ct->c_ctx, "server.pem")) + crypto_fatal(ct, "Can't read certificate file"); /* * XXX we will revisit this. Just want to get things working. */ crypto_pass = "SeCrET KeY"; SSL_CTX_set_default_passwd_cb(ct->c_ctx, crypto_password_cb); - if (!SSL_CTX_use_PrivateKey_file(ct->c_ctx, "KEYFILE", SSL_FILETYPE_PEM)) - berr_exit("Can't read key file"); + if (!SSL_CTX_use_PrivateKey_file(ct->c_ctx, "server.pem", SSL_FILETYPE_PEM)) + crypto_fatal(ct, "Can't read key file"); /* - * Load trusted certificate authorities from root.pem + * Load trusted certificate authorities from key.pem */ - if (!SSL_CTX_load_verify_locations(ct->c_ctx, "root.pem", 0)) - berr_exit("Can't read CA list"); + if (!SSL_CTX_load_verify_locations(ct->c_ctx, "key.pem", 0)) + crypto_fatal(ct, "Can't read CA list"); if ((bio = BIO_new_file("DHFILE", "r")) == NULL) - berr_exit("Couldn't open DH file"); + crypto_fatal(ct, "Couldn't open DH file"); /* * If we are initializing this crypto context for serving SSL clients, * make sure we initialize our Diffie Hellman parameters. @@ -84,7 +95,7 @@ ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio); if (SSL_CTX_set_tmp_dh(ct->c_ctx, ret) < 0) - berr_exit("Couldn't set DH parameters"); + crypto_fatal(ct, "Couldn't set DH parameters"); } return (0); } @@ -95,3 +106,15 @@ SSL_CTX_free(ct->c_ctx); } + +int +main(int argc, char *argv[]) +{ + struct crypto_context ct; + int error; + + error = crypto_init_context(&ct, CRYPTO_CTX_SERVER); + if (error) + err(1, "crypto_init_context failed"); + return (0); +}