* compiled with /MD is not tested. */
#include <openssl/applink.c>
#define SHUT_RDWR SD_BOTH
-#else
-#define closesocket close
#endif
VLOG_DEFINE_THIS_MODULE(stream_ssl);
sslv->fd = fd;
#ifdef _WIN32
sslv->wevent = CreateEvent(NULL, FALSE, FALSE, NULL);
+#else
+ sslv->wevent = 0;
#endif
sslv->ssl = ssl;
sslv->txbuf = NULL;
for (;;) {
int old_state = SSL_get_state(sslv->ssl);
- int ret = SSL_write(sslv->ssl, sslv->txbuf->data, sslv->txbuf->size);
+ int ret = SSL_write(sslv->ssl,
+ ofpbuf_data(sslv->txbuf), ofpbuf_size(sslv->txbuf));
if (old_state != SSL_get_state(sslv->ssl)) {
sslv->rx_want = SSL_NOTHING;
}
sslv->tx_want = SSL_NOTHING;
if (ret > 0) {
ofpbuf_pull(sslv->txbuf, ret);
- if (sslv->txbuf->size == 0) {
+ if (ofpbuf_size(sslv->txbuf) == 0) {
return 0;
}
} else {
pssl->fd = fd;
#ifdef _WIN32
pssl->wevent = CreateEvent(NULL, FALSE, FALSE, NULL);
+#else
+ pssl->wevent = 0;
#endif
*pstreamp = &pssl->pstream;
return 0;
RAND_seed(seed, sizeof seed);
}
- /* New OpenSSL changed TLSv1_method() to return a "const" pointer, so the
- * cast is needed to avoid a warning with those newer versions. */
- method = CONST_CAST(SSL_METHOD *, TLSv1_method());
+ /* OpenSSL has a bunch of "connection methods": SSLv2_method(),
+ * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
+ * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
+ * only, not any earlier *or later* version. The only exception is
+ * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
+ * We don't want SSLv2 or SSLv3 support, so we turn it off below with
+ * SSL_CTX_set_options().
+ *
+ * The cast is needed to avoid a warning with newer versions of OpenSSL in
+ * which SSLv23_method() returns a "const" pointer. */
+ method = CONST_CAST(SSL_METHOD *, SSLv23_method());
if (method == NULL) {
VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
return ENOPROTOOPT;
free(*certs);
*certs = NULL;
*n_certs = 0;
+ fclose(file);
return EIO;
}