Split out SSL init from https_get

acv · acv · commit d72a64ab3022 · 2015-03-21T10:52:35.000-04:00
diff --git a/Makefile.am b/Makefile.am
@@ -9,7 +9,7 @@ doc_DATA = \
   COPYING \
   INSTALL \
   NEWS \
-  README \
+  README.md \
   ChangeLog
   
 EXTRA_DIST = \
diff --git a/src/simple_http.c b/src/simple_http.c
@@ -44,7 +44,8 @@
 #include <cyassl/ctaocrypt/error-crypt.h>
 #endif
 
-int http_get(const int sockfd, char *buf) {
+int
+http_get(const int sockfd, char *buf) {
 
 	ssize_t	numbytes;
 	size_t totalbytes;
@@ -119,8 +120,68 @@ int http_get(const int sockfd, char *buf) {
 
 #ifdef USE_CYASSL
 
+CYASSL_CTX *cyassl_ctx = NULL;
+pthread_mutex_t cyassl_ctx_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+#define LOCK_CYASSL_CTX() do { \
+	debug(LOG_DEBUG, "Locking CyaSSL Context"); \
+	pthread_mutex_lock(&cyassl_ctx_mutex); \
+	debug(LOG_DEBUG, "CyaSSL Context locked"); \
+} while (0)
+
+#define UNLOCK_CYASSL_CTX() do { \
+	debug(LOG_DEBUG, "Unlocking CyaSSL Context"); \
+	pthread_mutex_unlock(&cyassl_ctx_mutex); \
+	debug(LOG_DEBUG, "CyaSSL Context unlocked"); \
+} while (0)
+
+
+CYASSL_CTX *
+get_cyassl_ctx(void)
+{
+    CYASSL_CTX *ret;
+	s_config *config = config_get_config();
+
+    LOCK_CYASSL_CTX();
+    
+    if (NULL == cyassl_ctx) {
+        CyaSSL_Init();
+        /* Create the CYASSL_CTX */
+        /* Allow SSLv3 up to TLSv1.2 */
+        if ( (cyassl_ctx = CyaSSL_CTX_new(CyaSSLv23_client_method())) == NULL){
+            debug(LOG_ERR, "Could not create CYASSL context.");
+            return NULL;
+        }
+
+        if (config->ssl_verify) {
+            /* Use trusted certs */
+            /* Note: CyaSSL requires that the certificates are named by their hash values */
+            int err = CyaSSL_CTX_load_verify_locations(cyassl_ctx, NULL, config->ssl_certs);
+            if (err != SSL_SUCCESS) {
+                debug(LOG_ERR, "Could not load SSL certificates (error %d)", err);
+                if (err == ASN_UNKNOWN_OID_E) {
+                    debug(LOG_ERR, "Error is ASN_UNKNOWN_OID_E - try compiling cyassl/wolfssl with --enable-ecc");
+                } else {
+                    debug(LOG_ERR, "Make sure that SSLCertPath points to the correct path in the config file");
+                    debug(LOG_ERR, "Or disable certificate loading with 'SSLPeerVerification No'.");
+                }
+                return NULL;;
+            }
+            debug(LOG_INFO, "Loading SSL certificates from %s", config->ssl_certs);
+        } else {
+            CyaSSL_CTX_set_verify(cyassl_ctx, SSL_VERIFY_NONE, 0);
+            debug(LOG_INFO, "Disabling SSL certificate verification!");
+        }
+    }
+    
+    ret = cyassl_ctx;
+    UNLOCK_CYASSL_CTX();
+    return ret;
+}
+
 
-int https_get(const int sockfd, char *buf, const char* hostname) {
+int
+https_get(const int sockfd, char *buf, const char* hostname) {
 
 	ssize_t	numbytes;
 	size_t totalbytes;
@@ -134,43 +195,18 @@ int https_get(const int sockfd, char *buf, const char* hostname) {
 	s_config *config;
 	config = config_get_config();
 
-	CyaSSL_Init();
-
-	CYASSL_CTX* ctx;
-	/* Create the CYASSL_CTX */
-	/* Allow SSLv3 up to TLSv1.2 */
-	if ( (ctx = CyaSSL_CTX_new(CyaSSLv23_client_method())) == NULL){
-		debug(LOG_ERR, "Could not create CYASSL context.");
-		return -1;
-	}
-
-	if (config->ssl_verify) {
-		/* Use trusted certs */
-		/* Note: CyaSSL requires that the certificates are named by their hash values */
-		int err = CyaSSL_CTX_load_verify_locations(ctx, NULL, config->ssl_certs);
-		if (err != SSL_SUCCESS) {
-			debug(LOG_ERR, "Could not load SSL certificates (error %d)", err);
-			if (err == ASN_UNKNOWN_OID_E) {
-				debug(LOG_ERR, "Error is ASN_UNKNOWN_OID_E - try compiling cyassl/wolfssl with --enable-ecc");
-			} else {
-				debug(LOG_ERR, "Make sure that SSLCertPath points to the correct path in the config file");
-				debug(LOG_ERR, "Or disable certificate loading with 'SSLPeerVerification No'.");
-			}
-			return -1;
-		}
-		debug(LOG_INFO, "Loading SSL certificates from %s", config->ssl_certs);
-	} else {
-		CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-		debug(LOG_INFO, "Disabling SSL certificate verification!");
-	}
+	CYASSL_CTX* ctx = get_cyassl_ctx();
+    if (NULL == ctx) {
+        debug(LOG_ERR, "Could not get CyaSSL Context!");
+        return -1;
+    }
 
 	if (sockfd == -1) {
 		/* Could not connect to server */
 		debug(LOG_ERR, "Could not open socket to server!");
 		return -1;
 	}
 
-
 	/* Create CYASSL object */
 	CYASSL* ssl;
 	if( (ssl = CyaSSL_new(ctx)) == NULL) {
