Lines Matching refs:tls
85 SSL_CTX_set_session_id_context(vh->tls.ssl_ctx, (uint8_t *)vh->context,
89 SSL_CTX_set_verify(vh->tls.ssl_ctx, verify_options,
114 vh->tls.ssl_ctx == SSL_get_SSL_CTX(ssl))
142 SSL_set_SSL_CTX(ssl, vhost->tls.ssl_ctx);
213 m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
236 if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key,
265 ret = SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx,
273 ret = wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx,
293 ret = SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, vhost->tls.ssl_ctx, p,
302 vhost->tls.ssl_ctx, p,
311 ret = wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p, flen,
338 if (SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx,
342 if (wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx,
362 vhost->tls.ssl_ctx, p,
365 if (wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p,
377 m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
392 if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key,
407 if (!SSL_CTX_check_private_key(vhost->tls.ssl_ctx)) {
417 if (vhost->tls.ecdh_curve[0])
418 ecdh_curve = vhost->tls.ecdh_curve;
431 SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, ecdh);
434 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
444 x = sk_X509_value(vhost->tls.ssl_ctx->extra_certs, 0);
446 SSL_CTX_get_extra_chain_certs_only(vhost->tls.ssl_ctx, &extra_certs);
481 SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, EC_key);
488 vhost->tls.skipped_certs = 0;
517 vhost->tls.ssl_ctx = SSL_CTX_new(method); /* create context */
518 if (!vhost->tls.ssl_ctx) {
533 SSL_CTX_set_ex_data(vhost->tls.ssl_ctx,
537 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_SSLv2 |
540 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_COMPRESSION);
542 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_DH_USE);
543 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
546 SSL_CTX_set_cipher_list(vhost->tls.ssl_ctx, info->ssl_cipher_list);
550 SSL_CTX_set_ciphersuites(vhost->tls.ssl_ctx,
555 SSL_CTX_set_tlsext_servername_callback(vhost->tls.ssl_ctx,
557 SSL_CTX_set_tlsext_servername_arg(vhost->tls.ssl_ctx, vhost->context);
562 !SSL_CTX_load_verify_file(vhost->tls.ssl_ctx,
565 !SSL_CTX_load_verify_locations(vhost->tls.ssl_ctx,
602 SSL_CTX_set_options(vhost->tls.ssl_ctx, ssl_options_set_value);
630 SSL_CTX_clear_options(vhost->tls.ssl_ctx, ssl_options_clear_value);
634 (unsigned long)SSL_CTX_get_options(vhost->tls.ssl_ctx));
637 if (!vhost->tls.use_ssl ||
641 lws_ssl_bind_passphrase(vhost->tls.ssl_ctx, 0, info);
660 wsi->tls.ssl = SSL_new(wsi->a.vhost->tls.ssl_ctx);
661 if (wsi->tls.ssl == NULL) {
669 SSL_set_ex_data(wsi->tls.ssl, openssl_websocket_private_data_index, wsi);
670 SSL_set_fd(wsi->tls.ssl, (int)(lws_intptr_t)accept_fd);
674 CyaSSL_set_using_nonblock(wsi->tls.ssl, 1);
676 wolfSSL_set_using_nonblock(wsi->tls.ssl, 1);
680 SSL_set_mode(wsi->tls.ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
682 bio = SSL_get_rbio(wsi->tls.ssl);
687 bio = SSL_get_wbio(wsi->tls.ssl);
695 if (wsi->a.vhost->tls.ssl_info_event_mask)
696 SSL_set_info_callback(wsi->tls.ssl, lws_ssl_info_callback);
705 if (wsi->tls.use_ssl)
706 SSL_shutdown(wsi->tls.ssl);
707 SSL_free(wsi->tls.ssl);
721 n = SSL_accept(wsi->tls.ssl);
736 if (SSL_pending(wsi->tls.ssl) &&
737 lws_dll2_is_detached(&wsi->tls.dll_pending_tls))
738 lws_dll2_add_head(&wsi->tls.dll_pending_tls,
739 &pt->tls.dll_pending_tls_owner);
751 (m != SSL_ERROR_ZERO_RETURN && SSL_want_read(wsi->tls.ssl))) {
761 if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) {
825 vhost->tls.ss = lws_zalloc(sizeof(*vhost->tls.ss), "sni cert");
826 if (!vhost->tls.ss) {
831 vhost->tls.ss->x509 = X509_new();
832 if (!vhost->tls.ss->x509)
835 ASN1_INTEGER_set(X509_get_serialNumber(vhost->tls.ss->x509), 1);
836 X509_gmtime_adj(X509_get_notBefore(vhost->tls.ss->x509), 0);
837 X509_gmtime_adj(X509_get_notAfter(vhost->tls.ss->x509), 3600);
839 vhost->tls.ss->pkey = EVP_PKEY_new();
840 if (!vhost->tls.ss->pkey)
843 if (lws_tls_openssl_rsa_new_key(&vhost->tls.ss->rsa, 4096))
846 if (!EVP_PKEY_assign_RSA(vhost->tls.ss->pkey, vhost->tls.ss->rsa))
849 X509_set_pubkey(vhost->tls.ss->x509, vhost->tls.ss->pkey);
851 name = X509_get_subject_name(vhost->tls.ss->x509);
862 X509_set_issuer_name(vhost->tls.ss->x509, name);
876 if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name,
894 if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name,
902 if (!X509_sign(vhost->tls.ss->x509, vhost->tls.ss->pkey, EVP_sha256()))
909 i2d_X509_fp(fp, vhost->tls.ss->x509);
915 SSL_CTX_use_certificate(vhost->tls.ssl_ctx, vhost->tls.ss->x509);
917 SSL_CTX_use_PrivateKey(vhost->tls.ssl_ctx, vhost->tls.ss->pkey);
922 RSA_free(vhost->tls.ss->rsa);
924 EVP_PKEY_free(vhost->tls.ss->pkey);
926 X509_free(vhost->tls.ss->x509);
928 lws_free(vhost->tls.ss);
937 if (!vhost->tls.ss)
940 EVP_PKEY_free(vhost->tls.ss->pkey);
941 X509_free(vhost->tls.ss->x509);
942 lws_free_set_NULL(vhost->tls.ss);