[JDEV] SSL on FreeBSD

Thomas Muldowney temas at box5.net
Wed Oct 10 13:36:05 CDT 2001


Is that against CVS or 1.4.1?

--temas


On Wed, Oct 10, 2001 at 10:11:43AM -0700, Dirk-Willem van Gulik wrote:
> 
> To get jabber 1.4.1 to do SSL on FreeBSD I needed to do what is below. It
> seems that the exit code is more subtle than just ok/nok.
> 
> Dw.
> 
> 
> diff -c3 -r jabber-1.4.1/jabberd/mio_ssl.c
> jabber-1.4.1.new/jabberd/mio_ssl.c
> *** jabber-1.4.1/jabberd/mio_ssl.c      Thu Feb  1 12:46:49 2001
> --- jabber-1.4.1.new/jabberd/mio_ssl.c  Mon Oct  1 13:26:17 2001
> ***************
> *** 3,8 ****
> --- 3,9 ----
>   #ifdef HAVE_SSL
>   HASHTABLE ssl__ctxs;
> 
> + #include <openssl/err.h>
> 
>   #ifndef NO_RSA
>   /* This function will generate a temporary key for us */
> ***************
> *** 165,183 ****
>       log_debug(ZONE, "SSL accepting socket with new session %x", ssl);
>       SSL_set_fd(ssl, fd);
>       SSL_set_accept_state(ssl);
> !     if(SSL_accept(ssl) <= 0){
>           unsigned long e;
>           static char *buf;
> 
>           e = ERR_get_error();
>           buf = ERR_error_string(e, NULL);
> !         log_debug(ZONE, "Error from SSL: %s", buf);
>           log_debug(ZONE, "SSL Error in SSL_accept call");
>           SSL_free(ssl);
>           close(fd);
>           return -1;
>       }
> !
>       m->ssl = ssl;
> 
>       log_debug(ZONE, "Accepted new SSL socket %d for %s", fd, m->ip);
> --- 166,191 ----
>       log_debug(ZONE, "SSL accepting socket with new session %x", ssl);
>       SSL_set_fd(ssl, fd);
>       SSL_set_accept_state(ssl);
> ! redo:
> ! {    int ex = SSL_accept(ssl);
> !
> !      if (ex < 0) {
> !       /* not right - 0 is controlled shutdown; -1 can have more meanings
> */
>           unsigned long e;
>           static char *buf;
> 
>           e = ERR_get_error();
> +       if ((e==0) || (e == SSL_ERROR_WANT_READ) || ( e ==
> SSL_ERROR_WANT_WRITE))
> +               goto redo;
> +
>           buf = ERR_error_string(e, NULL);
> !         log_debug(ZONE, "Error %d/%d from SSL: %s", ex,e,buf);
>           log_debug(ZONE, "SSL Error in SSL_accept call");
>           SSL_free(ssl);
>           close(fd);
>           return -1;
>       }
> ! }
>       m->ssl = ssl;
> 
>       log_debug(ZONE, "Accepted new SSL socket %d for %s", fd, m->ip);
> 
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20011010/7529cf3f/attachment-0002.pgp>


More information about the JDev mailing list