evolution/camel/camel-stream-ssl.c

/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/*
 *  Authors: Jeffrey Stedfast <fejj@ximian.com>
 *
 *  Copyright 2001 Ximian, Inc. (www.ximian.com)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
 *
 */


#include <config.h>
#include "camel-stream-ssl.h"
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>

static CamelStreamClass *parent_class = NULL;

/* Returns the class for a CamelStreamSSL */
#define CSSSL_CLASS(so) CAMEL_STREAM_SSL_CLASS (CAMEL_OBJECT_GET_CLASS (so))

static SSL *open_ssl_connection (int sockfd);
static int close_ssl_connection (SSL *ssl);

static ssize_t stream_read (CamelStream *stream, char *buffer, size_t n);
static ssize_t stream_write (CamelStream *stream, const char *buffer, size_t n);
static int stream_flush  (CamelStream *stream);
static int stream_close  (CamelStream *stream);

static void
camel_stream_ssl_class_init (CamelStreamSSLClass *camel_stream_ssl_class)
{
	CamelStreamClass *camel_stream_class =
		CAMEL_STREAM_CLASS (camel_stream_ssl_class);
	
	parent_class = CAMEL_STREAM_CLASS (camel_type_get_global_classfuncs (camel_stream_get_type ()));
	
	/* virtual method overload */
	camel_stream_class->read = stream_read;
	camel_stream_class->write = stream_write;
	camel_stream_class->flush = stream_flush;
	camel_stream_class->close = stream_close;
}

static void
camel_stream_ssl_init (gpointer object, gpointer klass)
{
	CamelStreamSSL *stream = CAMEL_STREAM_SSL (object);
	
	stream->fd = -1;
	stream->ssl = NULL;
}

static void
camel_stream_ssl_finalize (CamelObject *object)
{
	CamelStreamSSL *stream = CAMEL_STREAM_SSL (object);
	
	if (stream->ssl) {
		SSL_shutdown (stream->ssl);
		
		if (stream->ssl->ctx)
			SSL_CTX_free (stream->ssl->ctx);
		
		SSL_free (stream->ssl);
	}
	
	if (stream->fd != -1)
		close (stream->fd);
}


CamelType
camel_stream_ssl_get_type (void)
{
	static CamelType type = CAMEL_INVALID_TYPE;
	
	if (type == CAMEL_INVALID_TYPE) {
		type = camel_type_register (camel_stream_get_type (),
					    "CamelStreamSSL",
					    sizeof (CamelStreamSSL),
					    sizeof (CamelStreamSSLClass),
					    (CamelObjectClassInitFunc) camel_stream_ssl_class_init,
					    NULL,
					    (CamelObjectInitFunc) camel_stream_ssl_init,
					    (CamelObjectFinalizeFunc) camel_stream_ssl_finalize);
	}
	
	return type;
}

static int
verify_callback (int ok, X509_STORE_CTX *ctx) 
{
	char *str, buf[256];
	X509 *cert;
	int err;
	
	cert = X509_STORE_CTX_get_current_cert (ctx);
	err = X509_STORE_CTX_get_error (ctx);
	
	str = X509_NAME_oneline (X509_get_subject_name (cert), buf, 256);
	if (str) {
		if (ok)
			d(fprintf (stderr, "CamelStreamSSL: depth=%d %s\n", ctx->error_depth, buf));
		else
			d(fprintf (stderr, "CamelStreamSSL: depth=%d error=%d %s\n",
				   ctx->error_depth, err, buf));
	}
	
	if (!ok) {
		switch (err) {
		case X509_V_ERR_CERT_NOT_YET_VALID:
		case X509_V_ERR_CERT_HAS_EXPIRED:
		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
			ok = 1;
		}
	}
	
	return ok;
}

static SSL *
open_ssl_connection (int sockfd)
{
	SSL_CTX *ssl_ctx = NULL;
	SSL *ssl = NULL;
	int n;
	
	/* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */
	ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
	SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &verify_cb);
	ssl = SSL_new (ssl_ctx);
	SSL_set_fd (ssl, sockfd);
	
	n = SSL_connect (ssl);
	if (n != 1) {
		SSL_shutdown (ssl);
		
		if (ssl->ctx)
			SSL_CTX_free (ssl->ctx);
		
		SSL_free (ssl);
		ssl = NULL;
	}
	
	return ssl;
}

static int
close_ssl_connection (SSL *ssl)
{
	if (ssl) {
		SSL_shutdown (ssl);
		
		if (ssl->ctx)
			SSL_CTX_free (ssl->ctx);
		
		SSL_free (ssl);
	}
	
	return 0;
}


/**
 * camel_stream_ssl_new:
 * @sockfd: a socket file descriptor
 *
 * Returns a stream associated with the given file descriptor.
 * When the stream is destroyed, the file descriptor will be closed.
 *
 * Return value: the stream
 **/
CamelStream *
camel_stream_ssl_new (int sockfd)
{
	CamelStreamSSL *stream_ssl;
	SSL *ssl;
	
	if (sockfd == -1)
		return NULL;
	
	ssl = open_ssl_connection (sockfd);
	if (!ssl)
		return NULL;
	
	stream_ssl = CAMEL_STREAM_SSL (camel_object_new (camel_stream_ssl_get_type ()));
	stream_ssl->sockfd = sockfd;
	stream_ssl->ssl = ssl;
	
	return CAMEL_STREAM (stream_ssl);
}

static ssize_t
stream_read (CamelStream *stream, char *buffer, size_t n)
{
	CamelStreamSSL *stream_ssl = CAMEL_STREAM_SSL (stream);
	ssize_t nread;
	
	do {
		nread = SSL_read (stream_ssl->ssl, buffer, n);
	} while (nread == -1 && errno == EINTR);
	
	return nread;
}

static ssize_t
stream_write (CamelStream *stream, const char *buffer, size_t n)
{
	CamelStreamSSL *stream_ssl = CAMEL_STREAM_SSL (stream);
	ssize_t v, written = 0;
	
	do {
		v = SSL_write (stream_ssl->ssl, buffer, n);
		if (v > 0)
			written += v;
	} while (v == -1 && errno == EINTR);
	
	if (v == -1)
		return -1;
	else
		return written;
}

static int
stream_flush (CamelStream *stream)
{
	return fsync (((CamelStreamSSL *)stream)->fd);
}

static int
stream_close (CamelStream *stream)
{
	close_ssl_connection (((CamelStreamSSL *)stream)->ssl);
	
	return close (((CamelStreamSSL *)stream)->fd);
}