evirc: src/sock_gnutls.c@a58ad50911fc (annotated)

2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	1
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	2	#include "sock_gnutls.h"
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	3
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	4	// XXX: remove
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	5	#include "log.h"
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	6
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	7	#include <gnutls/x509.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	8
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	9	#include <stdlib.h>
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	10	#include <string.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	11	#include <time.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	12
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	13	#include <assert.h>
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	14
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	15	/**
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	16	* Enable the TCP events based on the session's gnutls_record_get_direction().
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	17	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	18	static err_t sock_gnutls_ev_enable (struct sock_gnutls sock, error_t err)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	19	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	20	int ret;
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	21	short mask;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	22
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	23	// gnutls_record_get_direction tells us what I/O operation gnutls would have required for the last
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	24	// operation, so we can use that to determine what events to register
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	25	switch ((ret = gnutls_record_get_direction(sock->session))) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	26	case 0:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	27	// read more data
156 6534a4ac957b add transport/sock/line_proto/etc code compiles Tero Marttila <terom@fixme.fi> parents: 155 diff changeset	28	mask = TRANSPORT_READ;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	29	break;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	30
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	31	case 1:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	32	// write buffer full
156 6534a4ac957b add transport/sock/line_proto/etc code compiles Tero Marttila <terom@fixme.fi> parents: 155 diff changeset	33	mask = TRANSPORT_WRITE;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	34	break;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	35
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	36	default:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	37	// random error
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	38	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_GET_DIRECTION, ret);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	39	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	40
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	41	// do the enabling
156 6534a4ac957b add transport/sock/line_proto/etc code compiles Tero Marttila <terom@fixme.fi> parents: 155 diff changeset	42	if ((ERROR_CODE(err) = transport_fd_enable(SOCK_GNUTLS_FD(sock), mask)))
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	43	return ERROR_CODE(err);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	44
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	45
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	46	return SUCCESS;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	47	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	48
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	49	/**
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	50	* Translate a set of gnutls_certificate_status_t values to a constant error message
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	51	*/
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	52	static const char* sock_gnutls_verify_error (unsigned int status)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	53	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	54	if (status & GNUTLS_CERT_REVOKED)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	55	return "certificate was revoked";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	56
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	57	else if (status & GNUTLS_CERT_INVALID) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	58	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	59	return "certificate signer was not found";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	60
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	61	else if (status & GNUTLS_CERT_SIGNER_NOT_CA)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	62	return "certificate signer is not a Certificate Authority";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	63
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	64	else if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	65	return "certificate signed using an insecure algorithm";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	66
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	67	else
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	68	return "certificate could not be verified";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	69
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	70	} else
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	71	return "unknown error";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	72
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	73	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	74
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	75	/**
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	76	* Perform the certificate validation procedure on the socket.
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	77	*
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	78	* Based on the GnuTLS examples/ex-rfc2818.c
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	79	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	80	static err_t sock_gnutls_verify (struct sock_gnutls sock, error_t err)
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	81	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	82	unsigned int status;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	83	const gnutls_datum_t *cert_list;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	84	unsigned int cert_list_size;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	85	gnutls_x509_crt_t cert = NULL;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	86	time_t t, now;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	87
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	88	// init
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	89	RESET_ERROR(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	90	now = time(NULL);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	91
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	92	// inspect the peer's cert chain using the installed trusted CAs
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	93	if ((ERROR_EXTRA(err) = gnutls_certificate_verify_peers2(sock->session, &status)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	94	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_VERIFY_PEERS2);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	95
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	96	// verify errors?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	97	if (status)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	98	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, sock_gnutls_verify_error(status));
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	99
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	100	// import the main cert
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	101	assert(gnutls_certificate_type_get(sock->session) == GNUTLS_CRT_X509);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	102
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	103	if ((ERROR_EXTRA(err) = gnutls_x509_crt_init(&cert)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	104	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_init");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	105
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	106	if ((cert_list = gnutls_certificate_get_peers(sock->session, &cert_list_size)) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	107	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_certificate_get_peers");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	108
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	109	if (!cert_list_size)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	110	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "cert_list_size");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	111
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	112	if ((ERROR_EXTRA(err) = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	113	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_import");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	114
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	115	// check expire/activate... not sure if we need to do this
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	116	if ((t = gnutls_x509_crt_get_expiration_time(cert)) == ((time_t) -1) \|\| t < now)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	117	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_expiration_time");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	118
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	119	if ((t = gnutls_x509_crt_get_activation_time(cert)) == ((time_t) -1) \|\| t > now)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	120	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_activation_time");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	121
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	122	// check hostname
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	123	if (!gnutls_x509_crt_check_hostname(cert, sock->hostname))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	124	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_check_hostname");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	125
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	126	error:
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	127	// cleanup
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	128	if (cert)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	129	gnutls_x509_crt_deinit(cert);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	130
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	131	// should be SUCCESS
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	132	return ERROR_CODE(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	133	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	134
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	135
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	136	/**
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	137	* Our handshake driver. This will execute the next gnutls_handshake step, handling E_AGAIN.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	138	*
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	139	* This updates the sock_gnutls::handshake state internally, as used by sock_gnutls_event_handler.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	140	*
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	141	* If the sock is marked as verify, this will perform the verification, returning on any errors, and then unset the
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	142	* verify flag - this ensures that the peer cert is only verified once per connection...
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	143	*
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	144	* @return >0 for finished handshake, 0 for handshake-in-progress, -err_t for errors.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	145	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	146	static int sock_gnutls_handshake (struct sock_gnutls sock, error_t err)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	147	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	148	int ret;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	149
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	150	// perform the handshake
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	151	if ((ret = gnutls_handshake(sock->session)) < 0 && ret != GNUTLS_E_AGAIN)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	152	JUMP_SET_ERROR_EXTRA(err, ERR_GNUTLS_HANDSHAKE, ret);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	153
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	154	// complete?
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	155	if (ret == 0) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	156	// update state
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	157	sock->handshake = false;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	158
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	159	// verify?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	160	if (sock->verify) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	161	// perform the validation
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	162	if (sock_gnutls_verify(sock, err))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	163	goto error;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	164
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	165	// unmark
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	166	sock->verify = false;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	167	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	168
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	169	// handshake done
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	170	return 1;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	171
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	172	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	173	// set state, isn't really needed every time, but easier this way
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	174	sock->handshake = true;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	175
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	176	// re-enable the event for the next iteration
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	177	return sock_gnutls_ev_enable(sock, err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	178	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	179
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	180	error:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	181	return -ERROR_CODE(err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	182	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	183
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	184	/**
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	185	* Our transport_fd event handler. Drive the handshake if that's current, otherwise, invoke user callbacks.
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	186	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	187	static void sock_gnutls_on_event (struct transport_fd fd, short what, void arg)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	188	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	189	struct sock_gnutls *sock = arg;
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	190	error_t err;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	191
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	192	(void) fd;
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	193
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	194	// XXX: timeouts
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	195	(void) what;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	196
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	197	// are we in the handshake cycle?
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	198	if (sock->handshake) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	199	RESET_ERROR(&err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	200
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	201	// perform the next handshake step
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	202	if (sock_gnutls_handshake(sock, &err) == 0) {
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	203	// handshake continues
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	204
163 27a112d89a73 fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup Tero Marttila <terom@fixme.fi> parents: 159 diff changeset	205	// XXX: this state flag is completely wrong
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	206	} else if (SOCK_GNUTLS_TRANSPORT(sock)->connected) {
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	207	// the async connect process has now completed, either succesfully or with an error
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	208	// invoke the user connect callback directly with appropriate error
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	209	transport_connected(SOCK_GNUTLS_TRANSPORT(sock), ERROR_CODE(&err) ? &err : NULL, true);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	210
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	211	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	212	if (ERROR_CODE(&err))
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	213	// the re-handshake failed, so this transport is dead
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	214	transport_error(SOCK_GNUTLS_TRANSPORT(sock), &err);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	215
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	216	else
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	217	// re-handshake completed, so continue with the transport_callbacks
163 27a112d89a73 fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup Tero Marttila <terom@fixme.fi> parents: 159 diff changeset	218	transport_invoke(SOCK_GNUTLS_TRANSPORT(sock), what);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	219	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	220
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	221	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	222	// normal sock_stream operation
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	223	// gnutls might be able to proceed now, so invoke user callbacks
163 27a112d89a73 fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup Tero Marttila <terom@fixme.fi> parents: 159 diff changeset	224	transport_invoke(SOCK_GNUTLS_TRANSPORT(sock), what);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	225	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	226	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	227
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	228	static err_t sock_gnutls_read (transport_t transport, void buf, size_t len, error_t err)
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	229	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	230	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	231	int ret;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	232
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	233	// read gnutls record
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	234	do {
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	235	ret = gnutls_record_recv(sock->session, buf, *len);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	236
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	237	} while (ret == GNUTLS_E_INTERRUPTED);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	238
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	239	// errors
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	240	// XXX: E_REHANDSHAKE?
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	241	if (ret < 0 && ret != GNUTLS_E_AGAIN)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	242	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	243
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	244	else if (ret == 0)
163 27a112d89a73 fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup Tero Marttila <terom@fixme.fi> parents: 159 diff changeset	245	return SET_ERROR(err, ERR_EOF);
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	246
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	247
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	248	// EAGAIN?
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	249	if (ret < 0) {
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	250	*len = 0;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	251
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	252	} else {
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	253	// updated length
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	254	*len = ret;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	255
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	256	}
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	257
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	258	return SUCCESS;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	259	}
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	260
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	261	static err_t sock_gnutls_write (transport_t transport, const void buf, size_t len, error_t err)
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	262	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	263	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	264	int ret;
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	265
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	266	// read gnutls record
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	267	do {
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	268	ret = gnutls_record_send(sock->session, buf, *len);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	269
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	270	} while (ret == GNUTLS_E_INTERRUPTED);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	271
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	272	// errors
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	273	if (ret < 0 && ret != GNUTLS_E_AGAIN)
163 27a112d89a73 fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup Tero Marttila <terom@fixme.fi> parents: 159 diff changeset	274	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_SEND, ret);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	275
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	276	else if (ret == 0)
163 27a112d89a73 fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup Tero Marttila <terom@fixme.fi> parents: 159 diff changeset	277	return SET_ERROR(err, ERR_WRITE_EOF);
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	278
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	279
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	280	// eagain?
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	281	if (ret < 0) {
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	282	*len = 0;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	283
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	284	} else {
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	285	// updated length
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	286	*len = ret;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	287	}
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	288
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	289	return SUCCESS;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	290	}
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	291
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	292	static void _sock_gnutls_destroy (transport_t *transport)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	293	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	294	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	295
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	296	// die
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	297	sock_gnutls_destroy(sock);
28 9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	298	}
9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	299
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	300	/**
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	301	* Our sock_tcp-invoked connect handler
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	302	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	303	static void sock_gnutls__connected (transport_t transport, const error_t tcp_err)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	304	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	305	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	306	error_t err;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	307
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	308	// trap errors to let the user handle them directly
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	309	if (tcp_err)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	310	JUMP_SET_ERROR_INFO(&err, tcp_err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	311
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	312	// bind default transport functions (recv/send) to use the TCP fd
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	313	gnutls_transport_set_ptr(sock->session, (gnutls_transport_ptr_t) (long int) SOCK_GNUTLS_FD(sock)->fd);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	314
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	315	// add ourselves as the event handler
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	316	if ((ERROR_CODE(&err) = transport_fd_setup(SOCK_GNUTLS_FD(sock), sock_gnutls_on_event, sock)))
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	317	goto error;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	318
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	319	// start handshake
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	320	if (sock_gnutls_handshake(sock, &err))
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	321	// this should complete with SUCCESS if it returns >0
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	322	goto error;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	323
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	324	// ok, so we wait...
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	325	return;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	326
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	327	error:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	328	// tell the user
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	329	transport_connected(transport, &err, true);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	330	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	331
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	332	struct transport_type sock_gnutls_type = {
159 d3e253d7281a implement heirarchial type-checking for transport_check Tero Marttila <terom@fixme.fi> parents: 156 diff changeset	333	.parent = &sock_tcp_type,
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	334	.methods = {
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	335	.read = sock_gnutls_read,
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	336	.write = sock_gnutls_write,
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	337	.destroy = _sock_gnutls_destroy,
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	338	._connected = sock_gnutls__connected,
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	339	},
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	340	};
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	341
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	342	/*
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	343	* Global shared anonymous client credentials
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	344	*/
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	345	static struct sock_ssl_client_cred sock_gnutls_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };
4 a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	346
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	347	// XXX: GnuTLS log func
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	348	void _log (int level, const char *msg)
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	349	{
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	350	printf("gnutls: %d: %s", level, msg);
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	351	}
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	352
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	353	err_t sock_gnutls_global_init (error_t *err)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	354	{
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	355	// global init
4 a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	356	if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)
a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	357	return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	358
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	359	// initialize the anon client credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	360	if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&sock_gnutls_client_cred_anon.x509)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	361	return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
3 cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	362
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	363	// XXX: debug
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	364	// gnutls_global_set_log_function(&_log);
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	365	// gnutls_global_set_log_level(11);
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	366
3 cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	367	// done
cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	368	return SUCCESS;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	369	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	370
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	371	static void sock_ssl_client_cred_destroy (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	372	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	373	// simple
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	374	gnutls_certificate_free_credentials(cred->x509);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	375
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	376	free(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	377	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	378
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	379	err_t sock_ssl_client_cred_create (struct sock_ssl_client_cred **ctx_cred,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	380	const char *cafile_path, bool verify,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	381	const char cert_path, const char pkey_path,
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	382	error_t *err
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	383	) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	384	struct sock_ssl_client_cred *cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	385
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	386	// alloc it
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	387	if ((cred = calloc(1, sizeof(*cred))) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	388	return SET_ERROR(err, ERR_CALLOC);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	389
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	390	// create the cert
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	391	if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	392	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	393
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	394	// load the trusted ca certs?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	395	if (cafile_path) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	396	// load them
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	397	if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	398	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	399
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	400	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	401
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	402	// set the verify flags?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	403	cred->verify = verify;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	404	gnutls_certificate_set_verify_flags(cred->x509, 0);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	405
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	406	// load the client cert?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	407	if (cert_path \|\| pkey_path) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	408	// need both...
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	409	assert(cert_path && pkey_path);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	410
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	411	// load
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	412	if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	413	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	414	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	415
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	416	// ok
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	417	cred->refcount = 1;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	418	*ctx_cred = cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	419
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	420	return SUCCESS;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	421
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	422	error:
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	423	// release
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	424	sock_ssl_client_cred_destroy(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	425
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	426	return ERROR_CODE(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	427	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	428
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	429	void sock_ssl_client_cred_get (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	430	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	431	cred->refcount++;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	432	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	433
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	434	void sock_ssl_client_cred_put (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	435	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	436	if (--cred->refcount == 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	437	sock_ssl_client_cred_destroy(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	438	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	439
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	440	err_t sock_ssl_connect (const struct transport_info info, transport_t *transport_ptr,
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	441	const char hostname, const char service,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	442	struct sock_ssl_client_cred *cred,
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	443	error_t *err
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	444	)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	445	{
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	446	struct sock_gnutls *sock = NULL;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	447
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	448	// alloc
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	449	if ((sock = calloc(1, sizeof(*sock))) == NULL)
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	450	return SET_ERROR(err, ERR_CALLOC);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	451
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	452	// initialize base
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	453	transport_init(SOCK_GNUTLS_TRANSPORT(sock), &sock_gnutls_type, info);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	454
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	455	if (!cred) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	456	// default credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	457	cred = &sock_gnutls_client_cred_anon;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	458
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	459	} else {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	460	// take a ref
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	461	sock->cred = cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	462	cred->refcount++;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	463	};
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	464
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	465	// do verify?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	466	if (cred->verify)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	467	sock->verify = true;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	468
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	469	// init
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	470	if ((sock->hostname = strdup(hostname)) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	471	JUMP_SET_ERROR(err, ERR_STRDUP);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	472
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	473	// initialize TCP
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	474	sock_tcp_init(SOCK_GNUTLS_TCP(sock));
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	475
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	476	// initialize client session
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	477	if ((ERROR_EXTRA(err) = gnutls_init(&sock->session, GNUTLS_CLIENT)) < 0)
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	478	JUMP_SET_ERROR(err, ERR_GNUTLS_INIT);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	479
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	480	// ...default priority stuff
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	481	if ((ERROR_EXTRA(err) = gnutls_set_default_priority(sock->session)))
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	482	JUMP_SET_ERROR(err, ERR_GNUTLS_SET_DEFAULT_PRIORITY);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	483
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	484	// XXX: silly hack for OpenSSL interop
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	485	gnutls_dh_set_prime_bits(sock->session, 512);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	486
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	487	// bind credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	488	if ((ERROR_EXTRA(err) = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, cred->x509)))
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	489	JUMP_SET_ERROR(err, ERR_GNUTLS_CRED_SET);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	490
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	491	// TCP connect
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	492	if (sock_tcp_connect_async(SOCK_GNUTLS_TCP(sock), hostname, service, err))
85 75bc8b164ef8 async TCP connects, Tero Marttila <terom@fixme.fi> parents: 29 diff changeset	493	goto error;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	494
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	495	// done, wait for the connect to complete
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	496	*transport_ptr = SOCK_GNUTLS_TRANSPORT(sock);
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	497
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	498	return SUCCESS;
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	499
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	500	error:
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	501	// cleanup
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	502	sock_gnutls_destroy(sock);
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	503
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	504	return ERROR_CODE(err);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	505	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	506
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	507	void sock_gnutls_destroy (struct sock_gnutls *sock)
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	508	{
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	509	// close the session rudely
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	510	gnutls_deinit(sock->session);
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	511
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	512	// terminate the TCP transport
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	513	sock_tcp_destroy(SOCK_GNUTLS_TCP(sock));
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	514
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	515	if (sock->cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	516	// drop the cred ref
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	517	sock_ssl_client_cred_put(sock->cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	518
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	519	// free
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	520	free(sock->hostname);
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	521	}
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	522

author	Tero Marttila <terom@fixme.fi>
	Mon, 04 May 2009 20:55:04 +0300
branch	new-transport
changeset 168	a58ad50911fc
parent 163	27a112d89a73
permissions	-rw-r--r--