MEDIUM: ssl: add new files ssl_sock.[ch] to provide the SSL data layer
This data layer supports socket-to-buffer and buffer-to-socket operations.
No sock-to-pipe nor pipe-to-sock functions are provided, since splicing does
not provide any benefit with data transformation. At best it could save a
memcpy() and avoid keeping a buffer allocated but that does not seem very
useful.
An init function and a close function are provided because the SSL context
needs to be allocated/freed.
A data-layer shutw() function is also provided because upon successful
shutdown, we want to store the SSL context in the cache in order to reuse
it for future connections and avoid a new key generation.
The handshake function is directly called from the connection handler.
At this point it is not certain whether this will remain this way or
if a new ->handshake callback will be added to the data layer so that
the connection handler doesn't care about SSL.
The sock-to-buf and buf-to-sock functions are all capable of enabling
the SSL handshake at any time. This also implies polling in the opposite
direction to what was expected. The upper layers must take that into
account (it is OK right now with the stream interface).
diff --git a/src/connection.c b/src/connection.c
index 748e14e..90283fc 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -19,6 +19,10 @@
#include <proto/session.h>
#include <proto/stream_interface.h>
+#ifdef USE_OPENSSL
+#include <proto/ssl_sock.h>
+#endif
+
/* I/O callback for fd-based connections. It calls the read/write handlers
* provided by the connection's sock_ops, which must be valid. It returns 0.
*/
@@ -52,6 +56,11 @@
if (conn->flags & CO_FL_SI_SEND_PROXY)
if (!conn_si_send_proxy(conn, CO_FL_SI_SEND_PROXY))
goto leave;
+#ifdef USE_OPENSSL
+ if (conn->flags & CO_FL_SSL_WAIT_HS)
+ if (!ssl_sock_handshake(conn, CO_FL_SSL_WAIT_HS))
+ goto leave;
+#endif
}
/* Once we're purely in the data phase, we disable handshake polling */