Lines Matching refs:ssl
61 * This package is an SSL implementation written
63 * The implementation was written so as to conform with Netscapes SSL.
68 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
115 #include <openssl/ssl.h>
133 int dtls1_accept(SSL *ssl) {
135 void (*cb)(const SSL *ssl, int type, int value) = NULL;
140 assert(ssl->handshake_func == dtls1_accept);
141 assert(ssl->server);
142 assert(SSL_IS_DTLS(ssl));
147 if (ssl->info_callback != NULL) {
148 cb = ssl->info_callback;
149 } else if (ssl->ctx->info_callback != NULL) {
150 cb = ssl->ctx->info_callback;
153 ssl->in_handshake++;
156 state = ssl->state;
158 switch (ssl->state) {
161 cb(ssl, SSL_CB_HANDSHAKE_START, 1);
164 if (ssl->init_buf == NULL) {
170 ssl->init_buf = buf;
174 ssl->init_num = 0;
176 if (!ssl_init_wbio_buffer(ssl, 1)) {
181 if (!ssl3_init_handshake_buffer(ssl)) {
182 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
187 ssl->state = SSL3_ST_SR_CLNT_HELLO_A;
194 ssl->shutdown = 0;
195 ret = ssl3_get_client_hello(ssl);
199 dtls1_stop_timer(ssl);
200 ssl->state = SSL3_ST_SW_SRVR_HELLO_A;
201 ssl->init_num = 0;
206 dtls1_start_timer(ssl);
207 ret = ssl3_send_server_hello(ssl);
212 if (ssl->hit) {
213 if (ssl->tlsext_ticket_expected) {
214 ssl->state = SSL3_ST_SW_SESSION_TICKET_A;
216 ssl->state = SSL3_ST_SW_CHANGE_A;
219 ssl->state = SSL3_ST_SW_CERT_A;
221 ssl->init_num = 0;
226 if (ssl_cipher_has_server_public_key(ssl->s3->tmp.new_cipher)) {
227 dtls1_start_timer(ssl);
228 ret = ssl3_send_server_certificate(ssl);
232 if (ssl->s3->tmp.certificate_status_expected) {
233 ssl->state = SSL3_ST_SW_CERT_STATUS_A;
235 ssl->state = SSL3_ST_SW_KEY_EXCH_A;
239 ssl->state = SSL3_ST_SW_KEY_EXCH_A;
241 ssl->init_num = 0;
246 ret = ssl3_send_certificate_status(ssl);
250 ssl->state = SSL3_ST_SW_KEY_EXCH_A;
251 ssl->init_num = 0;
257 alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
267 if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher) ||
268 ((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
269 dtls1_start_timer(ssl);
270 ret = ssl3_send_server_key_exchange(ssl);
278 ssl->state = SSL3_ST_SW_CERT_REQ_A;
279 ssl->init_num = 0;
284 if (ssl->s3->tmp.cert_request) {
285 dtls1_start_timer(ssl);
286 ret = ssl3_send_certificate_request(ssl);
293 ssl->state = SSL3_ST_SW_SRVR_DONE_A;
294 ssl->init_num = 0;
299 dtls1_start_timer(ssl);
300 ret = ssl3_send_server_done(ssl);
304 ssl->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
305 ssl->state = SSL3_ST_SW_FLUSH;
306 ssl->init_num = 0;
310 ssl->rwstate = SSL_WRITING;
311 if (BIO_flush(ssl->wbio) <= 0) {
315 ssl->rwstate = SSL_NOTHING;
316 ssl->state = ssl->s3->tmp.next_state;
321 if (ssl->s3->tmp.cert_request) {
322 ret = ssl3_get_client_certificate(ssl);
327 ssl->init_num = 0;
328 ssl->state = SSL3_ST_SR_KEY_EXCH_A;
334 ret = ssl3_get_client_key_exchange(ssl);
338 ssl->state = SSL3_ST_SR_CERT_VRFY_A;
339 ssl->init_num = 0;
344 ret = ssl3_get_cert_verify(ssl);
348 ssl->state = SSL3_ST_SR_CHANGE;
349 ssl->init_num = 0;
353 ret = ssl->method->ssl_read_change_cipher_spec(ssl);
358 if (!ssl3_do_change_cipher_spec(ssl)) {
363 ssl->state = SSL3_ST_SR_FINISHED_A;
368 ret = ssl3_get_finished(ssl, SSL3_ST_SR_FINISHED_A,
373 dtls1_stop_timer(ssl);
374 if (ssl->hit) {
375 ssl->state = SSL_ST_OK;
376 } else if (ssl->tlsext_ticket_expected) {
377 ssl->state = SSL3_ST_SW_SESSION_TICKET_A;
379 ssl->state = SSL3_ST_SW_CHANGE_A;
381 ssl->init_num = 0;
386 ret = ssl3_send_new_session_ticket(ssl);
390 ssl->state = SSL3_ST_SW_CHANGE_A;
391 ssl->init_num = 0;
396 ssl->session->cipher = ssl->s3->tmp.new_cipher;
397 if (!ssl->enc_method->setup_key_block(ssl)) {
402 ret = dtls1_send_change_cipher_spec(ssl, SSL3_ST_SW_CHANGE_A,
409 ssl->state = SSL3_ST_SW_FINISHED_A;
410 ssl->init_num = 0;
412 if (!ssl->enc_method->change_cipher_state(
413 ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
421 ret = ssl3_send_finished(ssl, SSL3_ST_SW_FINISHED_A,
423 ssl->enc_method->server_finished_label,
424 ssl->enc_method->server_finished_label_len);
428 ssl->state = SSL3_ST_SW_FLUSH;
429 if (ssl->hit) {
430 ssl->s3->tmp.next_state = SSL3_ST_SR_CHANGE;
432 ssl->s3->tmp.next_state = SSL_ST_OK;
434 ssl->init_num = 0;
438 ssl3_cleanup_key_block(ssl);
441 ssl_free_wbio_buffer(ssl);
443 ssl->init_num = 0;
444 ssl->s3->initial_handshake_complete = 1;
446 ssl_update_cache(ssl, SSL_SESS_CACHE_SERVER);
449 cb(ssl, SSL_CB_HANDSHAKE_DONE, 1);
455 ssl->d1->handshake_read_seq = 0;
457 ssl->d1->handshake_write_seq = 0;
458 ssl->d1->next_handshake_write_seq = 0;
462 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_STATE);
467 if (!ssl->s3->tmp.reuse_message && !skip) {
468 if (cb != NULL && ssl->state != state) {
469 new_state = ssl->state;
470 ssl->state = state;
471 cb(ssl, SSL_CB_ACCEPT_LOOP, 1);
472 ssl->state = new_state;
479 ssl->in_handshake--;
482 cb(ssl, SSL_CB_ACCEPT_EXIT, ret);
