#include <ctype.h>
#include "ustream-ssl.h"
#include "ustream-internal.h"
+
+#if !defined(HAVE_WOLFSSL)
#include <openssl/x509v3.h>
+#endif
/* Ciphersuite preference:
* - for server, no weak ciphers are used if you use an ECDSA key.
SSL_library_init();
_init = true;
}
-# define TLS_server_method SSLv23_server_method
-# define TLS_client_method SSLv23_client_method
+# ifndef TLS_server_method
+# define TLS_server_method SSLv23_server_method
+# endif
+# ifndef TLS_client_method
+# define TLS_client_method SSLv23_client_method
+# endif
#endif
if (server) {
return 0;
}
+__hidden int __ustream_ssl_set_ciphers(struct ustream_ssl_ctx *ctx, const char *ciphers)
+{
+ int ret = SSL_CTX_set_cipher_list((void *) ctx, ciphers);
+
+ if (ret == 0)
+ return -1;
+
+ return 0;
+}
+
__hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
{
SSL_CTX_free((void *) ctx);
void *ssl = us->ssl;
int r;
+ ERR_clear_error();
+
if (us->server)
r = SSL_accept(ssl);
else
__hidden int __ustream_ssl_write(struct ustream_ssl *us, const char *buf, int len)
{
void *ssl = us->ssl;
- int ret = SSL_write(ssl, buf, len);
+ int ret;
+
+ ERR_clear_error();
+
+ ret = SSL_write(ssl, buf, len);
if (ret < 0) {
int err = SSL_get_error(ssl, ret);
__hidden int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len)
{
- int ret = SSL_read(us->ssl, buf, len);
+ int ret;
+
+ ERR_clear_error();
+
+ ret = SSL_read(us->ssl, buf, len);
if (ret < 0) {
ret = SSL_get_error(us->ssl, ret);
return ret;
}
-