From 06eb88c10cb7a57ea800e0204b48277de9cb02ca Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Thu, 5 Mar 2015 17:35:17 +0100
Subject: m_ssl_openssl Specify TLS client/server role on session creation,
 switch to SSL_do_handshake()

---
 src/modules/extra/m_ssl_openssl.cpp | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'src/modules')

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 8540ab41f..debc17953 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -196,9 +196,18 @@ namespace OpenSSL
 			return SSL_CTX_clear_options(ctx, clearoptions);
 		}
 
-		SSL* CreateSession()
+		SSL* CreateServerSession()
 		{
-			return SSL_new(ctx);
+			SSL* sess = SSL_new(ctx);
+			SSL_set_accept_state(sess); // Act as server
+			return sess;
+		}
+
+		SSL* CreateClientSession()
+		{
+			SSL* sess = SSL_new(ctx);
+			SSL_set_connect_state(sess); // Act as client
+			return sess;
 		}
 	};
 
@@ -324,8 +333,8 @@ namespace OpenSSL
 		}
 
 		const std::string& GetName() const { return name; }
-		SSL* CreateServerSession() { return ctx.CreateSession(); }
-		SSL* CreateClientSession() { return clictx.CreateSession(); }
+		SSL* CreateServerSession() { return ctx.CreateServerSession(); }
+		SSL* CreateClientSession() { return clictx.CreateClientSession(); }
 		const EVP_MD* GetDigest() { return digest; }
 		bool AllowRenegotiation() const { return allowrenego; }
 	};
@@ -357,14 +366,8 @@ class OpenSSLIOHook : public SSLIOHook
 	// Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed
 	int Handshake(StreamSocket* user)
 	{
-		int ret;
-
 		ERR_clear_error();
-		if (outbound)
-			ret = SSL_connect(sess);
-		else
-			ret = SSL_accept(sess);
-
+		int ret = SSL_do_handshake(sess);
 		if (ret < 0)
 		{
 			int err = SSL_get_error(sess, ret);
-- 
cgit v1.2.3