1 files changed, 106 insertions, 29 deletions

diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 94e783167b3..1aab14009d3 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -38,6 +38,14 @@
 #include "yassl_int.hpp"
 #include <stdio.h>
 
+#ifdef _WIN32
+    #include <windows.h>    // FindFirstFile etc..
+#else
+    #include <sys/types.h>  // file helper
+    #include <sys/stat.h>   // stat
+    #include <dirent.h>     // opendir
+#endif
+
 
 namespace yaSSL {
 
@@ -52,25 +60,25 @@ SSL_METHOD* SSLv3_method()
 
 SSL_METHOD* SSLv3_server_method()
 {
-    return new (ys) SSL_METHOD(server_end, ProtocolVersion(3,0));
+    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,0));
 }
 
 
 SSL_METHOD* SSLv3_client_method()
 {
-    return new (ys) SSL_METHOD(client_end, ProtocolVersion(3,0));
+    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,0));
 }
 
 
 SSL_METHOD* TLSv1_server_method()
 {
-    return new (ys) SSL_METHOD(server_end, ProtocolVersion(3,1));
+    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1));
 }
 
 
 SSL_METHOD* TLSv1_client_method()
 {
-    return new (ys) SSL_METHOD(client_end, ProtocolVersion(3,1));
+    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1));
 }
 
 
@@ -83,7 +91,7 @@ SSL_METHOD* SSLv23_server_method()
 
 SSL_CTX* SSL_CTX_new(SSL_METHOD* method)
 {
-    return new (ys) SSL_CTX(method);
+    return NEW_YS SSL_CTX(method);
 }
 
 
@@ -95,7 +103,7 @@ void SSL_CTX_free(SSL_CTX* ctx)
 
 SSL* SSL_new(SSL_CTX* ctx)
 {
-    return new (ys) SSL(ctx);
+    return NEW_YS SSL(ctx);
 }
 
 
@@ -115,7 +123,12 @@ int SSL_set_fd(SSL* ssl, int fd)
 int SSL_connect(SSL* ssl)
 {
     sendClientHello(*ssl);
+    ClientState neededState = ssl->getSecurity().get_resuming() ?
+        serverFinishedComplete : serverHelloDoneComplete;
+    while (ssl->getStates().getClient() < neededState) {
+        if (ssl->GetError()) break;
     processReply(*ssl);
+    }
 
     if(ssl->getCrypto().get_certManager().sendVerify())
         sendCertificate(*ssl);
@@ -130,7 +143,10 @@ int SSL_connect(SSL* ssl)
     sendFinished(*ssl, client_end);
     ssl->flushBuffer();
     if (!ssl->getSecurity().get_resuming())
+        while (ssl->getStates().getClient() < serverFinishedComplete) {
+            if (ssl->GetError()) break;
         processReply(*ssl);
+        }
 
     ssl->verifyState(serverFinishedComplete);
     ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
@@ -171,9 +187,7 @@ int SSL_accept(SSL* ssl)
         sendServerHelloDone(*ssl);
         ssl->flushBuffer();
 
-        // Java Client sends fragmented response
-        while (ssl->getStates().getServer() <
-               clientFinishedComplete) {
+        while (ssl->getStates().getServer() < clientFinishedComplete) {
             if (ssl->GetError()) break;
             processReply(*ssl);
         }
@@ -182,10 +196,7 @@ int SSL_accept(SSL* ssl)
     sendFinished(*ssl, server_end);
     ssl->flushBuffer();
     if (ssl->getSecurity().get_resuming()) {
-
-      // Java Client sends fragmented response
-      while (ssl->getStates().getServer() <
-             clientFinishedComplete) {
+        while (ssl->getStates().getServer() < clientFinishedComplete) {
           if (ssl->GetError()) break;
           processReply(*ssl);
       }
@@ -281,9 +292,15 @@ char* SSL_get_shared_ciphers(SSL* /*ssl*/, char* buf, int len)
 }
 
 
-const char* SSL_get_cipher_list(SSL* ssl, int /*priority */)
+const char* SSL_get_cipher_list(SSL* ssl, int priority)
 {
-    return ssl->getSecurity().get_parms().cipher_list_;
+    if (priority < 0 || priority >= MAX_CIPHERS)
+        return 0;
+
+    if (ssl->getSecurity().get_parms().cipher_list_[priority][0])
+        return ssl->getSecurity().get_parms().cipher_list_[priority];
+
+    return 0;
 }
 
 
@@ -455,7 +472,7 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
             fseek(input, 0, SEEK_END);
             long sz = ftell(input);
             rewind(input);
-            x = new (ys) x509(sz); // takes ownership
+            x = NEW_YS x509(sz); // takes ownership
             size_t bytes = fread(x->use_buffer(), sz, 1, input);
             if (bytes != 1) {
                 fclose(input);
@@ -492,16 +509,74 @@ void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback /*vc*/)
     if (mode & SSL_VERIFY_PEER)
         ctx->setVerifyPeer();
 
+    if (mode == SSL_VERIFY_NONE)
+        ctx->setVerifyNone();
+
     if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
         ctx->setFailNoCert();
 }
 
 
 int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
-                                  const char* /*path*/)
+                                  const char* path)
 {
-    // just files for now
-    return read_file(ctx, file, SSL_FILETYPE_PEM, CA);
+    int       ret = SSL_SUCCESS;
+    const int HALF_PATH = 128;
+
+    if (file) ret = read_file(ctx, file, SSL_FILETYPE_PEM, CA);
+
+    if (ret == SSL_SUCCESS && path) {
+        // call read_file for each reqular file in path
+#ifdef _WIN32
+
+        WIN32_FIND_DATA FindFileData;
+        HANDLE hFind;
+
+        char name[MAX_PATH + 1];  // directory specification
+        strncpy(name, path, MAX_PATH - 3);
+        strncat(name, "\\*", 3);
+
+        hFind = FindFirstFile(name, &FindFileData);
+        if (hFind == INVALID_HANDLE_VALUE) return SSL_BAD_PATH;
+
+        do {
+            if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
+                strncpy(name, path, MAX_PATH - 2 - HALF_PATH);
+                strncat(name, "\\", 2);
+                strncat(name, FindFileData.cFileName, HALF_PATH);
+                ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
+            }
+        } while (ret == SSL_SUCCESS && FindNextFile(hFind, &FindFileData));
+
+        FindClose(hFind);
+
+#else   // _WIN32
+
+        const int MAX_PATH = 260;
+
+        DIR* dir = opendir(path);
+        if (!dir) return SSL_BAD_PATH;
+
+        struct dirent* entry;
+        struct stat    buf;
+        char           name[MAX_PATH + 1];
+
+        while (ret == SSL_SUCCESS && (entry = readdir(dir))) {
+            strncpy(name, path, MAX_PATH - 1 - HALF_PATH);
+            strncat(name, "/", 1);
+            strncat(name, entry->d_name, HALF_PATH);
+            if (stat(name, &buf) < 0) return SSL_BAD_STAT;
+     
+            if (S_ISREG(buf.st_mode))
+                ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
+        }
+
+        closedir(dir);
+
+#endif
+    }
+
+    return ret;
 }
 
 
@@ -648,13 +723,13 @@ void OpenSSL_add_all_algorithms()  // compatibility only
 {}
 
 
-void SSL_library_init()  // compatibility only
+void SSL_library_init()  // compatiblity only
 {}
 
 
 DH* DH_new(void)
 {
-    DH* dh = new (ys) DH;
+    DH* dh = NEW_YS DH;
     if (dh)
         dh->p = dh->g = 0;
     return dh;
@@ -679,7 +754,7 @@ BIGNUM* BN_bin2bn(const unsigned char* num, int sz, BIGNUM* retVal)
 
     if (!retVal) {
         created = true;
-        bn.reset(new (ys) BIGNUM);
+        bn.reset(NEW_YS BIGNUM);
         retVal = bn.get();
     }
 
@@ -706,12 +781,14 @@ void ERR_print_errors_fp(FILE* /*fp*/)
 }
 
 
-char* ERR_error_string(unsigned long /*err*/, char* buffer)
+char* ERR_error_string(unsigned long errNumber, char* buffer)
 {
-    // TODO:
-    static char* msg = "Not Implemented";
-    if (buffer)
-        return strncpy(buffer, msg, strlen(msg));
+    static char* msg = "Please supply a buffer for error string";
+
+    if (buffer) {
+        SetErrorString(YasslError(errNumber), buffer);
+        return buffer;
+    }
 
     return msg;
 }
@@ -728,14 +805,14 @@ const char* X509_verify_cert_error_string(long /* error */)
 const EVP_MD* EVP_md5(void)
 {
     // TODO: FIX add to some list for destruction
-    return new (ys) MD5;
+    return NEW_YS MD5;
 }
 
 
 const EVP_CIPHER* EVP_des_ede3_cbc(void)
 {
     // TODO: FIX add to some list for destruction
-    return new (ys) DES_EDE;
+    return NEW_YS DES_EDE;
 }