diff options
| author | Wilmer van der Gaast <wilmer@gaast.net> | 2012-12-24 14:28:02 +0100 |
|---|---|---|
| committer | Wilmer van der Gaast <wilmer@gaast.net> | 2012-12-24 14:28:02 +0100 |
| commit | def3650fba32bdcefd6985ef339f38c3e528b8fe (patch) | |
| tree | 6b0e91b5bfd82c923d69427f9377586c3b329127 /lib | |
| parent | 3f661849f8dd01f0b98f0b5d866b3a603c87e048 (diff) | |
In the OpenSSL module, keep only one global SSL context instead of recreating
one for every connection.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssl_openssl.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/lib/ssl_openssl.c b/lib/ssl_openssl.c index dc759f98..3486f044 100644 --- a/lib/ssl_openssl.c +++ b/lib/ssl_openssl.c @@ -1,7 +1,7 @@ /********************************************************************\ * BitlBee -- An IRC to other IM-networks gateway * * * - * Copyright 2002-2004 Wilmer van der Gaast and others * + * Copyright 2002-2012 Wilmer van der Gaast and others * \********************************************************************/ /* SSL module - OpenSSL version */ @@ -51,9 +51,10 @@ struct scd int inpa; int lasterr; /* Necessary for SSL_get_error */ SSL *ssl; - SSL_CTX *ssl_ctx; }; +static SSL_CTX *ssl_ctx; + static void ssl_conn_free( struct scd *conn ); static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ); static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond ); @@ -62,9 +63,14 @@ static gboolean ssl_handshake( gpointer data, gint source, b_input_condition con void ssl_init( void ) { - initialized = TRUE; + const SSL_METHOD *meth; + SSL_library_init(); - // SSLeay_add_ssl_algorithms(); + + meth = TLSv1_client_method(); + ssl_ctx = SSL_CTX_new( meth ); + + initialized = TRUE; } void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data ) @@ -121,7 +127,6 @@ static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond ) { struct scd *conn = data; - const SSL_METHOD *meth; if( conn->verify ) { @@ -141,12 +146,11 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con ssl_init(); } - meth = TLSv1_client_method(); - conn->ssl_ctx = SSL_CTX_new( meth ); - if( conn->ssl_ctx == NULL ) + + if( ssl_ctx == NULL ) goto ssl_connected_failure; - conn->ssl = SSL_new( conn->ssl_ctx ); + conn->ssl = SSL_new( ssl_ctx ); if( conn->ssl == NULL ) goto ssl_connected_failure; @@ -250,7 +254,6 @@ int ssl_pending( void *conn ) static void ssl_conn_free( struct scd *conn ) { SSL_free( conn->ssl ); - SSL_CTX_free( conn->ssl_ctx ); g_free( conn->hostname ); g_free( conn ); |