AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Code Releases Activity

Fixing up some errors

Browse Source
This commit is contained in:
Evengard 2020-05-02 10:11:01 +03:00
parent 9f2a5cecf3
commit 24bd2b3198
4 changed files with 83 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
src/Cedar/Proto_PPP.c
View File

@ -236,7 +236,7 @@ void PPPThread(THREAD *thread, void *param)
PPP_LCP* lcpEap; PPP_LCP* lcpEap;
PPP_EAP* eapPacket; PPP_EAP* eapPacket;
UCHAR* welcomeMessage = "Welcome to the SoftEther VPN server!"; UCHAR* welcomeMessage = "Welcome to the SoftEther VPN server!";
UCHAR flags = 0; UCHAR flags = PPP_EAP_TLS_FLAG_NONE;
// We got to start EAP when we got no LCP packets from the client on previous iteration // We got to start EAP when we got no LCP packets from the client on previous iteration
// which means we parsed all the client requests and responses // which means we parsed all the client requests and responses
@ -244,7 +244,7 @@ void PPPThread(THREAD *thread, void *param)
{ {
case PPP_EAP_TYPE_TLS: case PPP_EAP_TYPE_TLS:
// Sending TLS Start... // Sending TLS Start...
flags |= 1 << 2; flags |= PPP_EAP_TLS_FLAG_SSLSTARTED;
lcpEap = BuildEAPTlsRequest(p->Eap_PacketId++, 0, flags); lcpEap = BuildEAPTlsRequest(p->Eap_PacketId++, 0, flags);
PPPSetStatus(p, PPP_STATUS_AUTHENTICATING); PPPSetStatus(p, PPP_STATUS_AUTHENTICATING);
if (!PPPSendAndRetransmitRequest(p, PPP_PROTOCOL_EAP, lcpEap)) if (!PPPSendAndRetransmitRequest(p, PPP_PROTOCOL_EAP, lcpEap))
@ -290,7 +290,7 @@ void PPPThread(THREAD *thread, void *param)
{ {
// EAP code // EAP code
PPP_LCP *c = NewPPPLCP(PPP_LCP_CODE_REQ, 0); PPP_LCP *c = NewPPPLCP(PPP_LCP_CODE_REQ, 0);
USHORT eap_code = PPP_LCP_AUTH_EAP; USHORT eap_code = Endian16(PPP_LCP_AUTH_EAP);
Debug("Request EAP\n"); Debug("Request EAP\n");
Add(c->OptionList, NewPPPOption(PPP_LCP_OPTION_AUTH, &eap_code, sizeof(eap_code))); Add(c->OptionList, NewPPPOption(PPP_LCP_OPTION_AUTH, &eap_code, sizeof(eap_code)));
@ -304,7 +304,7 @@ void PPPThread(THREAD *thread, void *param)
if (p->PPPStatus == PPP_STATUS_AUTHENTICATING) if (p->PPPStatus == PPP_STATUS_AUTHENTICATING)
{ {
Debug("Tick waiting for auth...\n"); //Debug("Tick waiting for auth...\n");
} }
if (p->PPPStatus == PPP_STATUS_AUTH_FAIL) if (p->PPPStatus == PPP_STATUS_AUTH_FAIL)
@ -1252,12 +1252,12 @@ bool PPPProcessLCPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp)
{ {
case PPP_LCP_OPTION_AUTH: case PPP_LCP_OPTION_AUTH:
t->IsSupported = true; t->IsSupported = true;
if (t->DataSize == sizeof(USHORT) && *((USHORT*)t->Data) == Endian16(PPP_LCP_AUTH_EAP) && p->AuthProtocol == PPP_UNSPECIFIED) if (t->DataSize == sizeof(USHORT) && *((USHORT*)t->Data) == PPP_LCP_AUTH_EAP && p->AuthProtocol == PPP_UNSPECIFIED)
{ {
t->IsAccepted = true; t->IsAccepted = true;
NegotiatedAuthProto = PPP_PROTOCOL_EAP; NegotiatedAuthProto = PPP_PROTOCOL_EAP;
} }
else if (t->DataSize == sizeof(USHORT) && *((USHORT*)t->Data) == Endian16(PPP_LCP_AUTH_PAP) && p->AuthProtocol == PPP_UNSPECIFIED) else if (t->DataSize == sizeof(USHORT) && *((USHORT*)t->Data) == PPP_LCP_AUTH_PAP && p->AuthProtocol == PPP_UNSPECIFIED)
{ {
t->IsAccepted = true; t->IsAccepted = true;
NegotiatedAuthProto = PPP_PROTOCOL_PAP; NegotiatedAuthProto = PPP_PROTOCOL_PAP;
@ -3001,26 +3001,27 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
PPP_EAP* eap; PPP_EAP* eap;
UCHAR flags; UCHAR flags;
UINT64 sizeLeft = 0; UINT64 sizeLeft = 0;
if (eapTlsSize == 0) Debug("Got EAP-TLS size=%i\n", eapTlsSize);
if (eapTlsSize == 1)
{ {
// This is an EAP-TLS message ACK // This is an EAP-TLS message ACK
if (p->Eap_TlsCtx.cachedBuffer != NULL && p->Eap_TlsCtx.cachedBufferSend == true) if (p->Eap_TlsCtx.cachedBufferSend != NULL)
{ {
// We got an ACK to transmit the next fragmented message // We got an ACK to transmit the next fragmented message
dataSize = p->Mru1 - 8 - 1 - 1; // Calculating the maximum payload size (without TlsLength) dataSize = p->Mru1 - 8 - 1 - 1; // Calculating the maximum payload size (without TlsLength)
sizeLeft = GetMemSize(p->Eap_TlsCtx.cachedBuffer); sizeLeft = GetMemSize(p->Eap_TlsCtx.cachedBufferSend);
sizeLeft -= p->Eap_TlsCtx.cachedBufferPntr - p->Eap_TlsCtx.cachedBuffer; sizeLeft -= p->Eap_TlsCtx.cachedBufferSendPntr - p->Eap_TlsCtx.cachedBufferSend;
flags = 1 << 1; // M flag flags = PPP_EAP_TLS_FLAG_FRAGMENTED; // M flag
if (dataSize > sizeLeft) if (dataSize > sizeLeft)
{ {
dataSize = sizeLeft; dataSize = sizeLeft;
flags = 0; // Clearing the M flag because it is the last packet flags = PPP_EAP_TLS_FLAG_NONE; // Clearing the M flag because it is the last packet
} }
lcp = BuildEAPTlsRequest(p->Eap_PacketId++, dataSize, flags); lcp = BuildEAPTlsRequest(p->Eap_PacketId++, dataSize, flags);
eap = lcp->Data; eap = lcp->Data;
Copy(eap->Tls.TlsDataWithoutLength, p->Eap_TlsCtx.cachedBufferPntr, dataSize); Copy(eap->Tls.TlsDataWithoutLength, p->Eap_TlsCtx.cachedBufferSendPntr, dataSize);
p->Eap_TlsCtx.cachedBufferPntr += dataSize; p->Eap_TlsCtx.cachedBufferSendPntr += dataSize;
if (!PPPSendAndRetransmitRequest(p, PPP_PROTOCOL_EAP, lcp)) if (!PPPSendAndRetransmitRequest(p, PPP_PROTOCOL_EAP, lcp))
{ {
@ -3028,14 +3029,14 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
WHERE; WHERE;
return false; return false;
} }
Debug("Sent EAP-TLS size=%i type=%i flag=%i\n", lcp->DataSize, eap->Type, eap->Tls.Flags);
if (flags == 0) if (flags == PPP_EAP_TLS_FLAG_NONE)
{ {
// As it is the latest message, we need to cleanup // As it is the latest message, we need to cleanup
Free(p->Eap_TlsCtx.cachedBuffer); Free(p->Eap_TlsCtx.cachedBufferSend);
p->Eap_TlsCtx.cachedBuffer = NULL; p->Eap_TlsCtx.cachedBufferSend = NULL;
p->Eap_TlsCtx.cachedBufferPntr = NULL; p->Eap_TlsCtx.cachedBufferSendPntr = NULL;
p->Eap_TlsCtx.cachedBufferSend = false;
} }
} }
else else
@ -3068,6 +3069,7 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
WHERE; WHERE;
return false; return false;
} }
Debug("Sent EAP-TLS size=%i SUCCESS\n", lcp->DataSize);
return true; return true;
} }
else else
@ -3080,6 +3082,7 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
WHERE; WHERE;
return false; return false;
} }
Debug("Sent EAP-TLS size=%i FAILURE\n", lcp->DataSize);
return false; return false;
} }
} }
@ -3093,13 +3096,13 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
} }
dataBuffer = eap_packet->Tls.TlsDataWithoutLength; dataBuffer = eap_packet->Tls.TlsDataWithoutLength;
dataSize = eapTlsSize - 1; dataSize = eapTlsSize - 1;
if (eap_packet->Tls.Flags & 1) if (eap_packet->Tls.Flags & PPP_EAP_TLS_FLAG_TLS_LENGTH)
{ {
dataBuffer = eap_packet->Tls.TlsDataWithLength.Data; dataBuffer = eap_packet->Tls.TlsDataWithLength.Data;
dataSize -= 4; dataSize -= 4;
tlsLength = eap_packet->Tls.TlsDataWithLength.TlsLength; tlsLength = Endian32(eap_packet->Tls.TlsDataWithLength.TlsLength);
} }
if (eap_packet->Tls.Flags & 1 << 1) if (eap_packet->Tls.Flags & PPP_EAP_TLS_FLAG_FRAGMENTED)
{ {
isFragmented = true; isFragmented = true;
} }
@ -3109,22 +3112,18 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
// First we initialize the SslPipe if it is not already inited // First we initialize the SslPipe if it is not already inited
if (p->Eap_TlsCtx.SslPipe == NULL) if (p->Eap_TlsCtx.SslPipe == NULL)
{ {
p->Eap_TlsCtx.clientCert.IgnorePreverifyErr = true;
p->Eap_TlsCtx.Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT); p->Eap_TlsCtx.Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT);
p->Eap_TlsCtx.SslPipe = NewSslPipeEx(true, p->Cedar->ServerX, p->Cedar->ServerK, p->Eap_TlsCtx.Dh, true, &(p->Eap_TlsCtx.clientCert)); p->Eap_TlsCtx.SslPipe = NewSslPipeEx(true, p->Cedar->ServerX, p->Cedar->ServerK, p->Eap_TlsCtx.Dh, true, &(p->Eap_TlsCtx.clientCert));
} }
// If the current frame is fragmented, or it is a possible last of a fragmented series, bufferize it // If the current frame is fragmented, or it is a possible last of a fragmented series, bufferize it
if (isFragmented || p->Eap_TlsCtx.cachedBuffer != NULL) if (isFragmented || p->Eap_TlsCtx.cachedBufferRecv != NULL)
{ {
if (p->Eap_TlsCtx.cachedBufferSend) if (p->Eap_TlsCtx.cachedBufferRecv == NULL && tlsLength > 0)
{ {
Debug("We got a weird packet when we have a sending only caching buffer, ignoring...\n"); p->Eap_TlsCtx.cachedBufferRecv = ZeroMalloc(MAX(dataSize, tlsLength));
return false; p->Eap_TlsCtx.cachedBufferRecvPntr = p->Eap_TlsCtx.cachedBufferRecv;
}
if (p->Eap_TlsCtx.cachedBuffer == NULL && tlsLength > 0)
{
p->Eap_TlsCtx.cachedBuffer = ZeroMalloc(MAX(dataSize, tlsLength));
p->Eap_TlsCtx.cachedBufferPntr = p->Eap_TlsCtx.cachedBuffer;
} }
else else
{ {
@ -3133,19 +3132,19 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
WHERE; WHERE;
return false; return false;
} }
sizeLeft = GetMemSize(p->Eap_TlsCtx.cachedBuffer); sizeLeft = GetMemSize(p->Eap_TlsCtx.cachedBufferRecv);
sizeLeft -= p->Eap_TlsCtx.cachedBufferPntr - p->Eap_TlsCtx.cachedBuffer; sizeLeft -= p->Eap_TlsCtx.cachedBufferRecvPntr - p->Eap_TlsCtx.cachedBufferRecv;
Copy(p->Eap_TlsCtx.cachedBufferPntr, dataBuffer, MIN(dataSize, sizeLeft)); Copy(p->Eap_TlsCtx.cachedBufferRecvPntr, dataBuffer, MIN(dataSize, sizeLeft));
p->Eap_TlsCtx.cachedBufferPntr += MIN(dataSize, sizeLeft); p->Eap_TlsCtx.cachedBufferRecvPntr += MIN(dataSize, sizeLeft);
} }
// If we got a cached buffer, we should feed the FIFOs via it // If we got a cached buffer, we should feed the FIFOs via it
if (p->Eap_TlsCtx.cachedBuffer != NULL) if (p->Eap_TlsCtx.cachedBufferRecv != NULL)
{ {
dataBuffer = p->Eap_TlsCtx.cachedBuffer; dataBuffer = p->Eap_TlsCtx.cachedBufferRecv;
dataSize = GetMemSize(p->Eap_TlsCtx.cachedBuffer); dataSize = GetMemSize(p->Eap_TlsCtx.cachedBufferRecv);
} }
// Just acknoweldge that we buffered the fragmented data // Just acknoweldge that we buffered the fragmented data
@ -3158,17 +3157,18 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
WHERE; WHERE;
return false; return false;
} }
Debug("Sent EAP-TLS size=%i\n", lcp->DataSize);
} }
else else
{ {
WriteFifo(p->Eap_TlsCtx.SslPipe->RawIn->SendFifo, dataBuffer, dataSize); WriteFifo(p->Eap_TlsCtx.SslPipe->RawIn->SendFifo, dataBuffer, dataSize);
SyncSslPipe(p->Eap_TlsCtx.SslPipe); SyncSslPipe(p->Eap_TlsCtx.SslPipe);
// Delete the cached buffer after we fed it into the pipe // Delete the cached buffer after we fed it into the pipe
if (p->Eap_TlsCtx.cachedBuffer != NULL) if (p->Eap_TlsCtx.cachedBufferRecv != NULL)
{ {
Free(p->Eap_TlsCtx.cachedBuffer); Free(p->Eap_TlsCtx.cachedBufferRecv);
p->Eap_TlsCtx.cachedBuffer = NULL; p->Eap_TlsCtx.cachedBufferRecv = NULL;
p->Eap_TlsCtx.cachedBufferPntr = NULL; p->Eap_TlsCtx.cachedBufferRecvPntr = NULL;
} }
if (p->Eap_TlsCtx.SslPipe->IsDisconnected == false) if (p->Eap_TlsCtx.SslPipe->IsDisconnected == false)
@ -3177,30 +3177,30 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
// Do we need to send a fragmented packet? // Do we need to send a fragmented packet?
if (dataSize > p->Mru1 - 8 - 1 - 1) if (dataSize > p->Mru1 - 8 - 1 - 1)
{ {
if (p->Eap_TlsCtx.cachedBuffer == NULL) if (p->Eap_TlsCtx.cachedBufferSend == NULL)
{ {
p->Eap_TlsCtx.cachedBuffer = ZeroMalloc(dataSize); p->Eap_TlsCtx.cachedBufferSend = ZeroMalloc(dataSize);
p->Eap_TlsCtx.cachedBufferPntr = p->Eap_TlsCtx.cachedBuffer; p->Eap_TlsCtx.cachedBufferSendPntr = p->Eap_TlsCtx.cachedBufferSend;
} }
p->Eap_TlsCtx.cachedBufferSend = true; ReadFifo(p->Eap_TlsCtx.SslPipe->RawOut->RecvFifo, p->Eap_TlsCtx.cachedBufferSend, dataSize);
ReadFifo(p->Eap_TlsCtx.SslPipe->RawOut->RecvFifo, p->Eap_TlsCtx.cachedBuffer, dataSize);
// Now send data from the cached buffer with set fragmentation flag and also total TLS Size // Now send data from the cached buffer with set fragmentation flag and also total TLS Size
tlsLength = dataSize; tlsLength = dataSize;
dataSize = p->Mru1 - 8 - 1 - 1 - 4; // Calculating the maximum payload size (adjusting for including TlsLength) dataSize = p->Mru1 - 8 - 1 - 1 - 4; // Calculating the maximum payload size (adjusting for including TlsLength)
flags = 1; // L flag flags = PPP_EAP_TLS_FLAG_TLS_LENGTH; // L flag
flags |= 1 << 1; // M flag flags |= PPP_EAP_TLS_FLAG_FRAGMENTED; // M flag
lcp = BuildEAPTlsRequest(p->Eap_PacketId++, dataSize, flags); lcp = BuildEAPTlsRequest(p->Eap_PacketId++, dataSize, flags);
eap = lcp->Data; eap = lcp->Data;
eap->Tls.TlsDataWithLength.TlsLength = tlsLength; eap->Tls.TlsDataWithLength.TlsLength = Endian32(tlsLength);
Copy(eap->Tls.TlsDataWithLength.Data, p->Eap_TlsCtx.cachedBuffer, dataSize); Copy(eap->Tls.TlsDataWithLength.Data, p->Eap_TlsCtx.cachedBufferSend, dataSize);
p->Eap_TlsCtx.cachedBufferPntr = p->Eap_TlsCtx.cachedBuffer + dataSize; p->Eap_TlsCtx.cachedBufferSendPntr += dataSize;
if (!PPPSendAndRetransmitRequest(p, PPP_PROTOCOL_EAP, lcp)) if (!PPPSendAndRetransmitRequest(p, PPP_PROTOCOL_EAP, lcp))
{ {
PPPSetStatus(p, PPP_STATUS_FAIL); PPPSetStatus(p, PPP_STATUS_FAIL);
WHERE; WHERE;
return false; return false;
} }
Debug("Sent EAP-TLS size=%i type=%i flag=%i\n", lcp->DataSize, eap->Type, eap->Tls.Flags);
} }
else else
{ {
@ -3213,6 +3213,7 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
WHERE; WHERE;
return false; return false;
} }
Debug("Sent EAP-TLS size=%i type=%i flag=%i\n", lcp->DataSize, eap->Type, eap->Tls.Flags);
} }
} }
} }
@ -3243,7 +3244,7 @@ PPP_LCP *BuildEAPTlsPacketEx(UCHAR code, UCHAR id, UCHAR type, UINT datasize, UC
PPP_LCP* lcp_packet; PPP_LCP* lcp_packet;
PPP_EAP* eap_packet; PPP_EAP* eap_packet;
UINT tls_datasize = datasize + sizeof(UCHAR); UINT tls_datasize = datasize + sizeof(UCHAR);
if (flags & 1) if (flags & PPP_EAP_TLS_FLAG_TLS_LENGTH)
{ {
tls_datasize += sizeof(UINT32); tls_datasize += sizeof(UINT32);
} }
@ -3370,9 +3371,13 @@ void FreePPPSession(PPP_SESSION *p)
} }
// Freeing EAP-TLS context // Freeing EAP-TLS context
if (p->Eap_TlsCtx.cachedBuffer != NULL) if (p->Eap_TlsCtx.cachedBufferRecv != NULL)
{ {
Free(p->Eap_TlsCtx.cachedBuffer); Free(p->Eap_TlsCtx.cachedBufferRecv);
}
if (p->Eap_TlsCtx.cachedBufferSend != NULL)
{
Free(p->Eap_TlsCtx.cachedBufferRecv);
} }
if (p->Eap_TlsCtx.SslPipe != NULL) if (p->Eap_TlsCtx.SslPipe != NULL)
{ {

24
src/Cedar/Proto_PPP.h
View File

@ -109,6 +109,12 @@
#define PPP_EAP_TYPE_NAK 3 #define PPP_EAP_TYPE_NAK 3
#define PPP_EAP_TYPE_TLS 13 #define PPP_EAP_TYPE_TLS 13
// EAP-TLS Flags
#define PPP_EAP_TLS_FLAG_NONE 0
#define PPP_EAP_TLS_FLAG_TLS_LENGTH 1 << 7
#define PPP_EAP_TLS_FLAG_FRAGMENTED 1 << 6
#define PPP_EAP_TLS_FLAG_SSLSTARTED 1 << 5
// Authentication protocol // Authentication protocol
#define PPP_LCP_AUTH_PAP PPP_PROTOCOL_PAP #define PPP_LCP_AUTH_PAP PPP_PROTOCOL_PAP
#define PPP_LCP_AUTH_CHAP PPP_PROTOCOL_CHAP #define PPP_LCP_AUTH_CHAP PPP_PROTOCOL_CHAP
@ -181,6 +187,11 @@ struct PPP_OPTION
UINT AltDataSize; // Alternate data size UINT AltDataSize; // Alternate data size
}; };
#ifdef OS_WIN32
#pragma pack(push, 1)
#endif // OS_WIN32
// PPP EAP packet // PPP EAP packet
// EAP is a subset of LCP, sharing Code and Id. The Data field is then mapped to this structure // EAP is a subset of LCP, sharing Code and Id. The Data field is then mapped to this structure
// We got 8 bytes of size before this structure // We got 8 bytes of size before this structure
@ -202,16 +213,21 @@ struct PPP_EAP
}; };
} Tls; } Tls;
}; };
}; } GCC_PACKED;
#ifdef OS_WIN32
#pragma pack(pop)
#endif // OS_WIN32
struct PPP_EAP_TLS_CONTEXT struct PPP_EAP_TLS_CONTEXT
{ {
SSL_PIPE* SslPipe; SSL_PIPE* SslPipe;
DH_CTX* Dh; DH_CTX* Dh;
struct SslClientCertInfo clientCert; struct SslClientCertInfo clientCert;
UCHAR* cachedBuffer; UCHAR* cachedBufferRecv;
UCHAR* cachedBufferPntr; UCHAR* cachedBufferRecvPntr;
bool cachedBufferSend; UCHAR* cachedBufferSend;
UCHAR* cachedBufferSendPntr;
}; };
// PPP request resend // PPP request resend

2
src/Mayaqua/Network.c
View File

@ -5689,7 +5689,7 @@ int SslCertVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx)
{ {
clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx); clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
clientcert->PreverifyErrMessage[0] = '\0'; clientcert->PreverifyErrMessage[0] = '\0';
if (!preverify_ok) if (!preverify_ok && !clientcert->IgnorePreverifyErr)
{ {
const char *msg = X509_verify_cert_error_string(clientcert->PreverifyErr); const char *msg = X509_verify_cert_error_string(clientcert->PreverifyErr);
StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, (char *)msg); StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, (char *)msg);

3
src/Mayaqua/Network.h
View File

@ -1135,7 +1135,7 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size);
bool StartSSL(SOCK *sock, X *x, K *priv); bool StartSSL(SOCK *sock, X *x, K *priv);
bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname); bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname);
bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x); bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x);
void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx); void AddChainSslCertOnDirectory(struct ssl_st *ctx);
bool SendAll(SOCK *sock, void *data, UINT size, bool secure); bool SendAll(SOCK *sock, void *data, UINT size, bool secure);
void SendAdd(SOCK *sock, void *data, UINT size); void SendAdd(SOCK *sock, void *data, UINT size);
bool SendNow(SOCK *sock, int secure); bool SendNow(SOCK *sock, int secure);
@ -1403,6 +1403,7 @@ void UnixWaitForTubes(TUBE **tubes, UINT num, UINT timeout);
#define PREVERIFY_ERR_MESSAGE_SIZE 100 #define PREVERIFY_ERR_MESSAGE_SIZE 100
// Info on client certificate collected during TLS handshake // Info on client certificate collected during TLS handshake
struct SslClientCertInfo { struct SslClientCertInfo {
bool IgnorePreverifyErr;
int PreverifyErr; int PreverifyErr;
char PreverifyErrMessage[PREVERIFY_ERR_MESSAGE_SIZE]; char PreverifyErrMessage[PREVERIFY_ERR_MESSAGE_SIZE];
X *X; X *X;