190     TLS_SESS_STATE *TLScontext;  in get_server_session_cb()  local
195     if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)  in get_server_session_cb()
207     GEN_CACHE_ID(cache_id, session_id, session_id_length, TLScontext->serverid);  in get_server_session_cb()
209     if (TLScontext->log_mask & TLS_LOG_CACHE)  in get_server_session_cb()
210 	msg_info("%s: looking up session %s in %s cache", TLScontext->namaddr,  in get_server_session_cb()
211 		 STR(cache_id), TLScontext->cache_type);  in get_server_session_cb()
216     if (tls_mgr_lookup(TLScontext->cache_type, STR(cache_id),  in get_server_session_cb()
219 	if (session && (TLScontext->log_mask & TLS_LOG_CACHE))  in get_server_session_cb()
221 		     TLScontext->namaddr, STR(cache_id),  in get_server_session_cb()
222 		     TLScontext->cache_type);  in get_server_session_cb()
236 static void uncache_session(SSL_CTX *ctx, TLS_SESS_STATE *TLScontext)  in uncache_session()  argument
239     SSL_SESSION *session = SSL_get_session(TLScontext->con);  in uncache_session()
245     if (TLScontext->cache_type == 0)  in uncache_session()
249     GEN_CACHE_ID(cache_id, sid, sid_length, TLScontext->serverid);  in uncache_session()
251     if (TLScontext->log_mask & TLS_LOG_CACHE)  in uncache_session()
252 	msg_info("%s: remove session %s from %s cache", TLScontext->namaddr,  in uncache_session()
253 		 STR(cache_id), TLScontext->cache_type);  in uncache_session()
255     tls_mgr_delete(TLScontext->cache_type, STR(cache_id));  in uncache_session()
265     TLS_SESS_STATE *TLScontext;  in new_server_session_cb()  local
270     if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)  in new_server_session_cb()
274     GEN_CACHE_ID(cache_id, sid, sid_length, TLScontext->serverid);  in new_server_session_cb()
276     if (TLScontext->log_mask & TLS_LOG_CACHE)  in new_server_session_cb()
277 	msg_info("%s: save session %s to %s cache", TLScontext->namaddr,  in new_server_session_cb()
278 		 STR(cache_id), TLScontext->cache_type);  in new_server_session_cb()
285 	tls_mgr_update(TLScontext->cache_type, STR(cache_id),  in new_server_session_cb()
316     TLS_SESS_STATE *TLScontext = SSL_get_ex_data(con, TLScontext_index);  in ticket_cb()  local
335 	if (TLScontext->log_mask & TLS_LOG_CACHE)  in ticket_cb()
337 		     TLScontext->namaddr, (long) key->tout);  in ticket_cb()
340 	if (TLScontext->log_mask & TLS_LOG_CACHE)  in ticket_cb()
342 		     TLScontext->namaddr, (long) key->tout);  in ticket_cb()
344     TLScontext->ticketed = 1;  in ticket_cb()
357     TLS_SESS_STATE *TLScontext = SSL_get_ex_data(con, TLScontext_index);  in ticket_cb()  local
370 	if (TLScontext->log_mask & TLS_LOG_CACHE)  in ticket_cb()
372 		     TLScontext->namaddr, (long) key->tout);  in ticket_cb()
375 	if (TLScontext->log_mask & TLS_LOG_CACHE)  in ticket_cb()
377 		     TLScontext->namaddr, (long) key->tout);  in ticket_cb()
379     TLScontext->ticketed = 1;  in ticket_cb()
819     TLS_SESS_STATE *TLScontext;  in tls_server_start()  local
839     TLScontext = tls_alloc_sess_context(log_mask, props->namaddr);  in tls_server_start()
840     TLScontext->cache_type = app_ctx->cache_type;  in tls_server_start()
843     if ((TLScontext->con = (SSL *) SSL_new(app_ctx->ssl_ctx)) == 0) {  in tls_server_start()
846 	tls_free_context(TLScontext);  in tls_server_start()
849     cipher_list = tls_set_ciphers(TLScontext, props->cipher_grade,  in tls_server_start()
853 	tls_free_context(TLScontext);  in tls_server_start()
859     TLScontext->serverid = mystrdup(props->serverid);  in tls_server_start()
860     TLScontext->am_server = 1;  in tls_server_start()
861     TLScontext->stream = props->stream;  in tls_server_start()
862     TLScontext->mdalg = props->mdalg;  in tls_server_start()
864     if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) {  in tls_server_start()
867 	tls_free_context(TLScontext);  in tls_server_start()
873 	SSL_set_security_level(TLScontext->con, 1);  in tls_server_start()
886     if (SSL_set_fd(TLScontext->con, props->stream == 0 ? props->fd :  in tls_server_start()
890 	uncache_session(app_ctx->ssl_ctx, TLScontext);  in tls_server_start()
891 	tls_free_context(TLScontext);  in tls_server_start()
905 	tls_set_bio_callback(SSL_get_rbio(TLScontext->con), tls_bio_dump_cb);  in tls_server_start()
912 	return (TLScontext);  in tls_server_start()
928 			 TLScontext);  in tls_server_start()
939 	tls_free_context(TLScontext);  in tls_server_start()
942     return (tls_server_post_accept(TLScontext));  in tls_server_start()
947 TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext)  in tls_server_post_accept()  argument
954     if ((TLScontext->log_mask & TLS_LOG_ALLPKTS) == 0)  in tls_server_post_accept()
955 	tls_set_bio_callback(SSL_get_rbio(TLScontext->con), 0);  in tls_server_post_accept()
961     TLScontext->session_reused = SSL_session_reused(TLScontext->con);  in tls_server_post_accept()
962     if ((TLScontext->log_mask & TLS_LOG_CACHE) && TLScontext->session_reused)  in tls_server_post_accept()
963 	msg_info("%s: Reusing old session%s", TLScontext->namaddr,  in tls_server_post_accept()
964 		 TLScontext->ticketed ? " (RFC 5077 session ticket)" : "");  in tls_server_post_accept()
970     peer = TLS_PEEK_PEER_CERT(TLScontext->con);  in tls_server_post_accept()
972 	TLScontext->peer_status |= TLS_CERT_FLAG_PRESENT;  in tls_server_post_accept()
973 	if (SSL_get_verify_result(TLScontext->con) == X509_V_OK)  in tls_server_post_accept()
974 	    TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;  in tls_server_post_accept()
976 	if (TLScontext->log_mask & TLS_LOG_VERBOSE) {  in tls_server_post_accept()
984 	TLScontext->peer_CN = tls_peer_CN(peer, TLScontext);  in tls_server_post_accept()
985 	TLScontext->issuer_CN = tls_issuer_CN(peer, TLScontext);  in tls_server_post_accept()
986 	TLScontext->peer_cert_fprint = tls_cert_fprint(peer, TLScontext->mdalg);  in tls_server_post_accept()
987 	TLScontext->peer_pkey_fprint = tls_pkey_fprint(peer, TLScontext->mdalg);  in tls_server_post_accept()
989 	if (TLScontext->log_mask & (TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) {  in tls_server_post_accept()
992 		     TLScontext->namaddr,  in tls_server_post_accept()
993 		     TLScontext->peer_CN, TLScontext->issuer_CN,  in tls_server_post_accept()
994 		     TLScontext->peer_cert_fprint,  in tls_server_post_accept()
995 		     TLScontext->peer_pkey_fprint);  in tls_server_post_accept()
1005 	if (!TLS_CERT_IS_TRUSTED(TLScontext)  in tls_server_post_accept()
1006 	    && (TLScontext->log_mask & TLS_LOG_UNTRUSTED)) {  in tls_server_post_accept()
1007 	    if (TLScontext->session_reused == 0)  in tls_server_post_accept()
1008 		tls_log_verify_error(TLScontext);  in tls_server_post_accept()
1012 			 TLScontext->namaddr);  in tls_server_post_accept()
1015 	TLScontext->peer_CN = mystrdup("");  in tls_server_post_accept()
1016 	TLScontext->issuer_CN = mystrdup("");  in tls_server_post_accept()
1017 	TLScontext->peer_cert_fprint = mystrdup("");  in tls_server_post_accept()
1018 	TLScontext->peer_pkey_fprint = mystrdup("");  in tls_server_post_accept()
1024     TLScontext->protocol = SSL_get_version(TLScontext->con);  in tls_server_post_accept()
1025     cipher = SSL_get_current_cipher(TLScontext->con);  in tls_server_post_accept()
1026     TLScontext->cipher_name = SSL_CIPHER_get_name(cipher);  in tls_server_post_accept()
1027     TLScontext->cipher_usebits = SSL_CIPHER_get_bits(cipher,  in tls_server_post_accept()
1028 					     &(TLScontext->cipher_algbits));  in tls_server_post_accept()
1036     if (TLScontext->stream != 0)  in tls_server_post_accept()
1037 	tls_stream_start(TLScontext->stream, TLScontext);  in tls_server_post_accept()
1042     tls_get_signature_params(TLScontext);  in tls_server_post_accept()
1047     if (TLScontext->log_mask & TLS_LOG_SUMMARY)  in tls_server_post_accept()
1048 	tls_log_summary(TLS_ROLE_SERVER, TLS_USAGE_NEW, TLScontext);  in tls_server_post_accept()
1052     return (TLScontext);  in tls_server_post_accept()