[Spice-devel] [PATCH 11/17] Make RedsStream::ssl private
Christophe Fergeau
cfergeau at redhat.com
Tue Jan 7 03:14:37 PST 2014
---
server/reds_stream.c | 35 ++++++++++++++++++-----------------
server/reds_stream.h | 1 -
2 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/server/reds_stream.c b/server/reds_stream.c
index 95c159f..f558897 100644
--- a/server/reds_stream.c
+++ b/server/reds_stream.c
@@ -34,6 +34,7 @@
extern SpiceCoreInterface *core;
struct RedsStreamPrivate {
+ SSL *ssl;
};
static ssize_t stream_write_cb(RedsStream *s, const void *buf, size_t size)
@@ -80,10 +81,10 @@ static ssize_t stream_ssl_write_cb(RedsStream *s, const void *buf, size_t size)
int return_code;
SPICE_GNUC_UNUSED int ssl_error;
- return_code = SSL_write(s->ssl, buf, size);
+ return_code = SSL_write(s->priv->ssl, buf, size);
if (return_code < 0) {
- ssl_error = SSL_get_error(s->ssl, return_code);
+ ssl_error = SSL_get_error(s->priv->ssl, return_code);
}
return return_code;
@@ -94,10 +95,10 @@ static ssize_t stream_ssl_read_cb(RedsStream *s, void *buf, size_t size)
int return_code;
SPICE_GNUC_UNUSED int ssl_error;
- return_code = SSL_read(s->ssl, buf, size);
+ return_code = SSL_read(s->priv->ssl, buf, size);
if (return_code < 0) {
- ssl_error = SSL_get_error(s->ssl, return_code);
+ ssl_error = SSL_get_error(s->priv->ssl, return_code);
}
return return_code;
@@ -203,8 +204,8 @@ void reds_stream_free(RedsStream *s)
}
#endif
- if (s->ssl) {
- SSL_free(s->ssl);
+ if (s->priv->ssl) {
+ SSL_free(s->priv->ssl);
}
reds_stream_remove_watch(s);
@@ -257,7 +258,7 @@ RedsStream *reds_stream_new(int socket)
bool reds_stream_is_ssl(RedsStream *stream)
{
- return (stream->ssl != NULL);
+ return (stream->priv->ssl != NULL);
}
void reds_stream_disable_writev(RedsStream *stream)
@@ -270,12 +271,12 @@ RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream)
int ssl_error;
int return_code;
- return_code = SSL_accept(stream->ssl);
+ return_code = SSL_accept(stream->priv->ssl);
if (return_code == 1) {
return REDS_STREAM_SSL_STATUS_OK;
}
- ssl_error = SSL_get_error(stream->ssl, return_code);
+ ssl_error = SSL_get_error(stream->priv->ssl, return_code);
if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
ssl_error == SSL_ERROR_WANT_WRITE)) {
if (ssl_error == SSL_ERROR_WANT_READ) {
@@ -287,8 +288,8 @@ RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream)
ERR_print_errors_fp(stderr);
spice_warning("SSL_accept failed, error=%d", ssl_error);
- SSL_free(stream->ssl);
- stream->ssl = NULL;
+ SSL_free(stream->priv->ssl);
+ stream->priv->ssl = NULL;
return REDS_STREAM_SSL_STATUS_ERROR;
}
@@ -303,14 +304,14 @@ int reds_stream_enable_ssl(RedsStream *stream, SSL_CTX *ctx)
return REDS_STREAM_SSL_STATUS_ERROR;
}
- stream->ssl = SSL_new(ctx);
- if (!stream->ssl) {
+ stream->priv->ssl = SSL_new(ctx);
+ if (!stream->priv->ssl) {
spice_warning("could not allocate ssl context");
BIO_free(sbio);
return REDS_STREAM_SSL_STATUS_ERROR;
}
- SSL_set_bio(stream->ssl, sbio, sbio);
+ SSL_set_bio(stream->priv->ssl, sbio, sbio);
stream->write = stream_ssl_write_cb;
stream->read = stream_ssl_read_cb;
@@ -903,10 +904,10 @@ bool reds_sasl_start_auth(RedsStream *stream, AsyncReadDone read_cb, void *opaqu
}
/* Inform SASL that we've got an external SSF layer from TLS */
- if (stream->ssl) {
+ if (stream->priv->ssl) {
sasl_ssf_t ssf;
- ssf = SSL_get_cipher_bits(stream->ssl, NULL);
+ ssf = SSL_get_cipher_bits(stream->priv->ssl, NULL);
err = sasl_setprop(sasl->conn, SASL_SSF_EXTERNAL, &ssf);
if (err != SASL_OK) {
spice_warning("cannot set SASL external SSF %d (%s)",
@@ -919,7 +920,7 @@ bool reds_sasl_start_auth(RedsStream *stream, AsyncReadDone read_cb, void *opaqu
memset(&secprops, 0, sizeof secprops);
/* Inform SASL that we've got an external SSF layer from TLS */
- if (stream->ssl) {
+ if (stream->priv->ssl) {
/* If we've got TLS (or UNIX domain sock), we don't care about SSF */
secprops.min_ssf = 0;
secprops.max_ssf = 0;
diff --git a/server/reds_stream.h b/server/reds_stream.h
index fca2a71..84eac14 100644
--- a/server/reds_stream.h
+++ b/server/reds_stream.h
@@ -83,7 +83,6 @@ struct RedsStream {
/* set it to TRUE if you shutdown the socket. shutdown read doesn't work as accepted -
receive may return data afterward. check the flag before calling receive*/
int shutdown;
- SSL *ssl;
AsyncRead async_read;
--
1.8.4.2
More information about the Spice-devel
mailing list