Index: socket.c =================================================================== RCS file: /sources/monit/monit/socket.c,v retrieving revision 1.59 diff -u -r1.59 socket.c --- socket.c 25 Jul 2007 12:54:29 -0000 1.59 +++ socket.c 31 Jul 2007 23:17:06 -0000 @@ -141,16 +141,9 @@ } if(p->SSL.use_ssl) { - if(! (S->ssl= new_ssl_connection(NULL, p->SSL.version))) { - goto ssl_error; - } - if(! embed_ssl_socket(S->ssl, S->socket)) { - goto ssl_error; - } - if(p->SSL.certmd5) { - if(! check_ssl_md5sum(S->ssl, p->SSL.certmd5)) { - goto ssl_error; - } + if(! switch_to_ssl(S, p->SSL)) { + socket_free(&S); + return NULL; } } @@ -158,10 +151,6 @@ return S; -ssl_error: - socket_free(&S); - return NULL; - } return NULL; @@ -176,7 +165,7 @@ * may be a hostname found in the DNS or an IP address string. * @param port The port number to connect to * @param type The socket type to use (SOCKET_TCP or SOCKET_UPD) - * @param use_ssl if TRUE the socket is created supporting SSL + * @param ssl Options for SSL * @param timeout The timeout value in seconds * @return The connected Socket or NULL if an error occurred */ @@ -208,25 +197,13 @@ S->connection_type= TYPE_LOCAL; if(ssl.use_ssl) { - if(! (S->ssl= new_ssl_connection(NULL, ssl.version))) { - goto ssl_error; - } - if(! embed_ssl_socket(S->ssl, S->socket)) { - goto ssl_error; - } - if(ssl.certmd5) { - if(! check_ssl_md5sum(S->ssl, ssl.certmd5)) { - goto ssl_error; - } + if(! switch_to_ssl(S, ssl)) { + socket_free(&S); + return NULL; } } return S; - -ssl_error: - socket_free(&S); - return NULL; - } return NULL; @@ -235,6 +212,35 @@ /** + * Switches a connected socket to ssl. + * @param S The already connected socket + * @param ssl Options for ssl + * @return TRUE if ssl is ready otherwiese FALSE + */ +int switch_to_ssl(Socket_T S, Ssl_T ssl) +{ + + if(! (S->ssl= new_ssl_connection(NULL, ssl.version))) { + goto ssl_error; + } + if(! embed_ssl_socket(S->ssl, S->socket)) { + goto ssl_error; + } + if(ssl.certmd5) { + if(! check_ssl_md5sum(S->ssl, ssl.certmd5)) { + LogError("md5sum of certificate does not match!"); + goto ssl_error; + } + } + return TRUE; + +ssl_error: + return FALSE; + +} + + +/** * Factory method for creating a Socket object from an accepted * socket. The given socket must be a socket created from accept(2). * If the sslserver context is non-null the socket will support Index: socket.h =================================================================== RCS file: /sources/monit/monit/socket.h,v retrieving revision 1.24 diff -u -r1.24 socket.h --- socket.h 25 Jul 2007 12:54:29 -0000 1.24 +++ socket.h 31 Jul 2007 23:17:06 -0000 @@ -70,7 +70,7 @@ * may be a hostname found in the DNS or an IP address string. * @param port The port number to connect to * @param type The socket type to use (SOCKET_TCP or SOCKET_UPD) - * @param ssl If defined the socket is created supporting SSL + * @param ssl Options for SSL * @param timeout The timeout value in seconds * @return The connected Socket or NULL if an error occurred */ @@ -79,6 +79,15 @@ /** + * Switches a connected socket to ssl. + * @param S The already connected socket + * @param ssl Options for ssl + * @return TRUE if ssl is ready otherwiese FALSE + */ +int switch_to_ssl(Socket_T S, Ssl_T ssl); + + +/** * Factory method for creating a Socket object from an accepted * socket. The given socket must be a socket created from accept(2). * If the sslserver context is non-null the socket will support