Lines Matching refs:tls

85 	SSL_CTX_set_session_id_context(vh->tls.ssl_ctx, (uint8_t *)vh->context,  in lws_tls_server_client_cert_verify_config()
89 	SSL_CTX_set_verify(vh->tls.ssl_ctx, verify_options,  in lws_tls_server_client_cert_verify_config()
114 		    vh->tls.ssl_ctx == SSL_get_SSL_CTX(ssl))  in lws_ssl_server_name_cb()
142 	SSL_set_SSL_CTX(ssl, vhost->tls.ssl_ctx);  in lws_ssl_server_name_cb()
213 		m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
233 			if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key,
250 							 vhost->tls.ssl_ctx, NULL, 0)) {
270 	ret = SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx,
278 	ret = wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx,
298 	ret = SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, vhost->tls.ssl_ctx, p,
307 						  vhost->tls.ssl_ctx, p,
316 	ret = wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p, flen,
343 		if (SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx,
347 		if (wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx,
367 						vhost->tls.ssl_ctx, p,
370 		if (wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p,
382 	m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
394 		if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key,
406 						 vhost->tls.ssl_ctx, NULL, 0)) {
417 	if (!SSL_CTX_check_private_key(vhost->tls.ssl_ctx)) {
427 	if (vhost->tls.ecdh_curve[0])
428 		ecdh_curve = vhost->tls.ecdh_curve;
441 	SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, ecdh);
444 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
454 	x = sk_X509_value(vhost->tls.ssl_ctx->extra_certs, 0);
456 	SSL_CTX_get_extra_chain_certs_only(vhost->tls.ssl_ctx, &extra_certs);
491 	SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, EC_key);
498 	vhost->tls.skipped_certs = 0;
527 	vhost->tls.ssl_ctx = SSL_CTX_new(method);	/* create context */
528 	if (!vhost->tls.ssl_ctx) {
543 	SSL_CTX_set_ex_data(vhost->tls.ssl_ctx,
547 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_SSLv2 |
550 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_COMPRESSION);
552 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_DH_USE);
553 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
556 		SSL_CTX_set_cipher_list(vhost->tls.ssl_ctx, info->ssl_cipher_list);
560 		SSL_CTX_set_ciphersuites(vhost->tls.ssl_ctx,
565 	SSL_CTX_set_tlsext_servername_callback(vhost->tls.ssl_ctx,
567 	SSL_CTX_set_tlsext_servername_arg(vhost->tls.ssl_ctx, vhost->context);
572 	    !SSL_CTX_load_verify_file(vhost->tls.ssl_ctx,
575 	    !SSL_CTX_load_verify_locations(vhost->tls.ssl_ctx,
583 		SSL_CTX_set_options(vhost->tls.ssl_ctx,
602 		SSL_CTX_clear_options(vhost->tls.ssl_ctx,
616 			(unsigned long)SSL_CTX_get_options(vhost->tls.ssl_ctx));
617 	if (!vhost->tls.use_ssl ||
621 	lws_ssl_bind_passphrase(vhost->tls.ssl_ctx, 0, info);
640 	wsi->tls.ssl = SSL_new(wsi->a.vhost->tls.ssl_ctx);
641 	if (wsi->tls.ssl == NULL) {
649 	SSL_set_ex_data(wsi->tls.ssl, openssl_websocket_private_data_index, wsi);
650 	SSL_set_fd(wsi->tls.ssl, (int)(lws_intptr_t)accept_fd);
654 	CyaSSL_set_using_nonblock(wsi->tls.ssl, 1);
656 	wolfSSL_set_using_nonblock(wsi->tls.ssl, 1);
660 	SSL_set_mode(wsi->tls.ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
662 	bio = SSL_get_rbio(wsi->tls.ssl);
667 	bio = SSL_get_wbio(wsi->tls.ssl);
675 		if (wsi->a.vhost->tls.ssl_info_event_mask)
676 			SSL_set_info_callback(wsi->tls.ssl, lws_ssl_info_callback);
685 	if (wsi->tls.use_ssl)
686 		SSL_shutdown(wsi->tls.ssl);
687 	SSL_free(wsi->tls.ssl);
701 	n = SSL_accept(wsi->tls.ssl);
716 		if (SSL_pending(wsi->tls.ssl) &&
717 		    lws_dll2_is_detached(&wsi->tls.dll_pending_tls))
718 			lws_dll2_add_head(&wsi->tls.dll_pending_tls,
719 					  &pt->tls.dll_pending_tls_owner);
731 	    (m != SSL_ERROR_ZERO_RETURN && SSL_want_read(wsi->tls.ssl))) {
741 	if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) {
805 	vhost->tls.ss = lws_zalloc(sizeof(*vhost->tls.ss), "sni cert");
806 	if (!vhost->tls.ss) {
811 	vhost->tls.ss->x509 = X509_new();
812 	if (!vhost->tls.ss->x509)
815 	ASN1_INTEGER_set(X509_get_serialNumber(vhost->tls.ss->x509), 1);
816 	X509_gmtime_adj(X509_get_notBefore(vhost->tls.ss->x509), 0);
817 	X509_gmtime_adj(X509_get_notAfter(vhost->tls.ss->x509), 3600);
819 	vhost->tls.ss->pkey = EVP_PKEY_new();
820 	if (!vhost->tls.ss->pkey)
823 	if (lws_tls_openssl_rsa_new_key(&vhost->tls.ss->rsa, 4096))
826 	if (!EVP_PKEY_assign_RSA(vhost->tls.ss->pkey, vhost->tls.ss->rsa))
829 	X509_set_pubkey(vhost->tls.ss->x509, vhost->tls.ss->pkey);
831 	name = X509_get_subject_name(vhost->tls.ss->x509);
842 	X509_set_issuer_name(vhost->tls.ss->x509, name);
856 	if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name,
874 		if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name,
882 	if (!X509_sign(vhost->tls.ss->x509, vhost->tls.ss->pkey, EVP_sha256()))
889 		i2d_X509_fp(fp, vhost->tls.ss->x509);
895 	SSL_CTX_use_certificate(vhost->tls.ssl_ctx, vhost->tls.ss->x509);
897 	SSL_CTX_use_PrivateKey(vhost->tls.ssl_ctx, vhost->tls.ss->pkey);
902 	RSA_free(vhost->tls.ss->rsa);
904 	EVP_PKEY_free(vhost->tls.ss->pkey);
906 	X509_free(vhost->tls.ss->x509);
908 	lws_free(vhost->tls.ss);
917 	if (!vhost->tls.ss)
920 	EVP_PKEY_free(vhost->tls.ss->pkey);
921 	X509_free(vhost->tls.ss->x509);
922 	lws_free_set_NULL(vhost->tls.ss);