+/**
+ * IO callback for new outgoing SSL-enabled server connections.
+ *
+ * @param sock Socket descriptor.
+ * @param unused (ignored IO specification)
+ */
+static void
+cb_connserver_login_ssl(int sock, short unused)
+{
+ CONN_ID idx = Socket2Index(sock);
+
+ assert(idx >= 0);
+ if (idx < 0) {
+ io_close(sock);
+ return;
+ }
+ (void) unused;
+ switch (ConnSSL_Connect( &My_Connections[idx])) {
+ case 1: break;
+ case 0: LogDebug("ConnSSL_Connect: not ready");
+ return;
+ case -1:
+ Log(LOG_ERR, "SSL connection on socket %d failed!", sock);
+ Conn_Close(idx, "Can't connect", NULL, false);
+ return;
+ }
+
+ Log( LOG_INFO, "SSL connection %d with \"%s:%d\" established.", idx,
+ My_Connections[idx].host, Conf_Server[Conf_GetServer( idx )].port );
+
+ server_login(idx);
+}
+
+
+/**
+ * Check if SSL library needs to read SSL-protocol related data.
+ *
+ * SSL/TLS connections require extra treatment:
+ * When either CONN_SSL_WANT_WRITE or CONN_SSL_WANT_READ is set, we
+ * need to take care of that first, before checking read/write buffers.
+ * For instance, while we might have data in our write buffer, the
+ * TLS/SSL protocol might need to read internal data first for TLS/SSL
+ * writes to succeed.
+ *
+ * If this function returns true, such a condition is met and we have
+ * to reverse the condition (check for read even if we've data to write,
+ * do not check for read but writeability even if write-buffer is empty).
+ *
+ * @param c Connection to check.
+ * @returns true if SSL-library has to read protocol data.
+ */
+static bool
+SSL_WantRead(const CONNECTION *c)
+{
+ if (Conn_OPTION_ISSET(c, CONN_SSL_WANT_READ)) {
+ io_event_add(c->sock, IO_WANTREAD);
+ return true;
+ }
+ return false;
+}
+
+/**
+ * Check if SSL library needs to write SSL-protocol related data.
+ *
+ * Please see description of SSL_WantRead() for full description!
+ *
+ * @param c Connection to check.
+ * @returns true if SSL-library has to write protocol data.
+ */
+static bool
+SSL_WantWrite(const CONNECTION *c)
+{
+ if (Conn_OPTION_ISSET(c, CONN_SSL_WANT_WRITE)) {
+ io_event_add(c->sock, IO_WANTWRITE);
+ return true;
+ }
+ return false;
+}
+
+/**
+ * Get information about used SSL cipher.
+ *
+ * @param Idx Connection index number.
+ * @param buf Buffer for returned information text.
+ * @param len Size of return buffer "buf".
+ * @returns true on success, false otherwise.
+ */
+GLOBAL bool
+Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
+{
+ if (Idx < 0)
+ return false;
+ assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
+ return ConnSSL_GetCipherInfo(&My_Connections[Idx], buf, len);
+}
+
+/**
+ * Check if a connection is SSL-enabled or not.
+ *
+ * @param Idx Connection index number.
+ * @return true if connection is SSL-enabled, false otherwise.
+ */
+GLOBAL bool
+Conn_UsesSSL(CONN_ID Idx)
+{
+ if (Idx < 0)
+ return false;
+ assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
+ return Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL);
+}
+
+GLOBAL char *
+Conn_GetCertFp(CONN_ID Idx)
+{
+ if (Idx < 0)
+ return NULL;
+ assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
+ return ConnSSL_GetCertFp(&My_Connections[Idx]);
+}
+
+GLOBAL bool
+Conn_SetCertFp(CONN_ID Idx, const char *fingerprint)
+{
+ if (Idx < 0)
+ return false;
+ assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
+ return ConnSSL_SetCertFp(&My_Connections[Idx], fingerprint);
+}
+
+#else /* SSL_SUPPORT */
+
+GLOBAL bool
+Conn_UsesSSL(UNUSED CONN_ID Idx)
+{
+ return false;
+}
+
+GLOBAL char *
+Conn_GetCertFp(UNUSED CONN_ID Idx)
+{
+ return NULL;
+}
+
+GLOBAL bool
+Conn_SetCertFp(UNUSED CONN_ID Idx, UNUSED const char *fingerprint)
+{
+ return true;
+}
+
+#endif /* SSL_SUPPORT */
+
+#ifdef DEBUG
+
+/**
+ * Dump internal state of the "connection module".
+ */
+GLOBAL void
+Conn_DebugDump(void)
+{
+ int i;
+
+ Log(LOG_DEBUG, "Connection status:");
+ for (i = 0; i < Pool_Size; i++) {
+ if (My_Connections[i].sock == NONE)
+ continue;
+ Log(LOG_DEBUG,
+ " - %d: host=%s, lastdata=%ld, lastping=%ld, delaytime=%ld, flag=%d, options=%d, bps=%d, client=%s",
+ My_Connections[i].sock, My_Connections[i].host,
+ My_Connections[i].lastdata, My_Connections[i].lastping,
+ My_Connections[i].delaytime, My_Connections[i].flag,
+ My_Connections[i].options, My_Connections[i].bps,
+ My_Connections[i].client ? Client_ID(My_Connections[i].client) : "-");
+ }
+} /* Conn_DumpClients */
+
+#endif /* DEBUG */
+