--- a/src/server/daemon/httplistener.c Wed Oct 28 17:59:34 2015 +0100 +++ b/src/server/daemon/httplistener.c Sat Oct 31 15:01:07 2015 +0100 @@ -159,6 +159,34 @@ listener->port = conf->port; listener->ref = 1; listener->next = NULL; + listener->ssl = NULL; + if(conf->ssl) { + listener->ssl = malloc(sizeof(HttpSSL)); + + SSL_CTX *ctx = SSL_CTX_new( SSLv23_server_method()); + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + + sstr_t file = sstrdup(conf->certfile); + int ret = SSL_CTX_use_certificate_file(ctx, file.ptr, SSL_FILETYPE_PEM); + free(file.ptr); + if(!ret) { + // TODO: cleanup + return NULL; + } + + file = sstrdup(conf->privkeyfile); + ret = SSL_CTX_use_PrivateKey_file(ctx, file.ptr, SSL_FILETYPE_PEM); + free(file.ptr); + if(!ret) { + // TODO: cleanup + return NULL; + } + + // TODO: chain + listener->ssl->sslctx = ctx; + } + + ucx_map_sstr_put(listener_map, listener->name, listener); struct sockaddr_in servaddr; /* server address */ @@ -288,13 +316,32 @@ conn->address = ca; conn->fd = clientfd; conn->listener = ls; + if(ls->ssl) { + SSL *ssl = SSL_new(ls->ssl->sslctx); + SSL_set_fd(ssl, clientfd); + if(SSL_accept(ssl) <= 0) { + free(conn); + conn = NULL; + } else { + conn->ssl = ssl; + conn->read = connection_ssl_read; + conn->write = connection_ssl_write; + conn->close = connection_ssl_close; + } + } else { + conn->read = connection_read; + conn->write = connection_write; + conn->close = connection_close; + } - cfg_ref(ls->cfg); + if(conn) { + cfg_ref(ls->cfg); - /* enqueue the connection */ - ls->session_handler->enqueue_connection( - ls->session_handler, - conn); + /* enqueue the connection */ + ls->session_handler->enqueue_connection( + ls->session_handler, + conn); + } /* ready for new connection */