| author | Tero Marttila <terom@fixme.fi> |
| Thu, 28 May 2009 01:17:36 +0300 | |
| branch | new-lib-errors |
| changeset 219 | cefec18b8268 |
| parent 183 | src/ssl_client.c@7bfbe9070c50 |
| permissions | -rw-r--r-- |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
1 |
#include "ssl_internal.h" |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
2 |
|
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
3 |
#include <gnutls/x509.h> |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
4 |
|
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
5 |
#include <stdlib.h> |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
6 |
#include <string.h> |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
7 |
#include <time.h> |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
8 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
9 |
// XXX: remove |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
10 |
#include "log.h" |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
11 |
#include <assert.h> |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
12 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
13 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
14 |
/** |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
15 |
* Cast a ssl_client to a sock_fd. |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
16 |
*/ |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
17 |
#define SSL_CLIENT_FD(client_ptr) (&(client_ptr)->base_tcp.base_trans.base_fd) |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
18 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
19 |
/** |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
20 |
* Cast a ssl_client to a sock_stream. |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
21 |
*/ |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
22 |
#define SSL_CLIENT_TRANSPORT(client_ptr) (&(client_ptr)->base_tcp.base_trans.base_fd.base) |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
23 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
24 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
25 |
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
26 |
/** |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
27 |
* Enable the TCP events based on the session's gnutls_record_get_direction(). |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
28 |
*/ |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
29 |
static err_t ssl_client_ev_enable (struct ssl_client *client, error_t *err) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
30 |
{
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
31 |
int ret; |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
32 |
short mask; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
33 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
34 |
// gnutls_record_get_direction tells us what I/O operation gnutls would have required for the last |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
35 |
// operation, so we can use that to determine what events to register |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
36 |
switch ((ret = gnutls_record_get_direction(client->session))) {
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
37 |
case 0: |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
38 |
// read more data |
|
156
6534a4ac957b
add transport/sock/line_proto/etc code compiles
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
39 |
mask = TRANSPORT_READ; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
40 |
break; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
41 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
42 |
case 1: |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
43 |
// write buffer full |
|
156
6534a4ac957b
add transport/sock/line_proto/etc code compiles
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
44 |
mask = TRANSPORT_WRITE; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
45 |
break; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
46 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
47 |
default: |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
48 |
// random error |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
49 |
RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_GET_DIRECTION, ret); |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
50 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
51 |
|
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
52 |
// do the enabling |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
53 |
if ((ERROR_CODE(err) = transport_fd_enable(SSL_CLIENT_FD(client), mask))) |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
54 |
return ERROR_CODE(err); |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
55 |
|
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
56 |
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
57 |
return SUCCESS; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
58 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
59 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
60 |
/** |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
61 |
* Translate a set of gnutls_certificate_status_t values to a constant error message |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
62 |
*/ |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
63 |
static const char* ssl_client_verify_error (unsigned int status) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
64 |
{
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
65 |
if (status & GNUTLS_CERT_REVOKED) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
66 |
return "certificate was revoked"; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
67 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
68 |
else if (status & GNUTLS_CERT_INVALID) {
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
69 |
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
70 |
return "certificate signer was not found"; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
71 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
72 |
else if (status & GNUTLS_CERT_SIGNER_NOT_CA) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
73 |
return "certificate signer is not a Certificate Authority"; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
74 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
75 |
else if (status & GNUTLS_CERT_INSECURE_ALGORITHM) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
76 |
return "certificate signed using an insecure algorithm"; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
77 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
78 |
else |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
79 |
return "certificate could not be verified"; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
80 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
81 |
} else |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
82 |
return "unknown error"; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
83 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
84 |
} |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
85 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
86 |
/** |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
87 |
* Perform the certificate validation procedure on the peer cert. |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
88 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
89 |
* Based on the GnuTLS examples/ex-rfc2818.c |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
90 |
*/ |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
91 |
static err_t ssl_client_verify (struct ssl_client *client, error_t *err) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
92 |
{
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
93 |
unsigned int status; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
94 |
const gnutls_datum_t *cert_list; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
95 |
unsigned int cert_list_size; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
96 |
gnutls_x509_crt_t cert = NULL; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
97 |
time_t t, now; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
98 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
99 |
// init |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
100 |
RESET_ERROR(err); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
101 |
now = time(NULL); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
102 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
103 |
// inspect the peer's cert chain using the installed trusted CAs |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
104 |
if ((ERROR_EXTRA(err) = gnutls_certificate_verify_peers2(client->session, &status))) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
105 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_VERIFY_PEERS2); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
106 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
107 |
// verify errors? |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
108 |
if (status) |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
109 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, ssl_client_verify_error(status)); |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
110 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
111 |
// import the main cert |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
112 |
assert(gnutls_certificate_type_get(client->session) == GNUTLS_CRT_X509); |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
113 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
114 |
if ((ERROR_EXTRA(err) = gnutls_x509_crt_init(&cert))) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
115 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_init"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
116 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
117 |
if ((cert_list = gnutls_certificate_get_peers(client->session, &cert_list_size)) == NULL) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
118 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_certificate_get_peers"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
119 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
120 |
if (!cert_list_size) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
121 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "cert_list_size"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
122 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
123 |
if ((ERROR_EXTRA(err) = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER))) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
124 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_import"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
125 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
126 |
// check expire/activate... not sure if we need to do this |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
127 |
if ((t = gnutls_x509_crt_get_expiration_time(cert)) == ((time_t) -1) || t < now) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
128 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_expiration_time"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
129 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
130 |
if ((t = gnutls_x509_crt_get_activation_time(cert)) == ((time_t) -1) || t > now) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
131 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_activation_time"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
132 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
133 |
// check hostname |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
134 |
if (!gnutls_x509_crt_check_hostname(cert, client->hostname)) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
135 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_check_hostname"); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
136 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
137 |
error: |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
138 |
// cleanup |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
139 |
if (cert) |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
140 |
gnutls_x509_crt_deinit(cert); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
141 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
142 |
// should be SUCCESS |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
143 |
return ERROR_CODE(err); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
144 |
} |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
145 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
146 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
147 |
/** |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
148 |
* Our handshake driver. This will execute the next gnutls_handshake step, handling E_AGAIN. |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
149 |
* |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
150 |
* This updates the ssl_client::handshake state internally, as used by ssl_client_event_handler. |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
151 |
* |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
152 |
* If the client is marked as verify, this will perform the verification, returning on any errors, and then unset the |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
153 |
* verify flag - this ensures that the peer cert is only verified once per connection... |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
154 |
* |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
155 |
* @return >0 for finished handshake, 0 for handshake-in-progress, -err_t for errors. |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
156 |
*/ |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
157 |
static int ssl_client_handshake (struct ssl_client *client, error_t *err) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
158 |
{
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
159 |
int ret; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
160 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
161 |
// perform the handshake |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
162 |
if ((ret = gnutls_handshake(client->session)) < 0 && ret != GNUTLS_E_AGAIN) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
163 |
JUMP_SET_ERROR_EXTRA(err, ERR_GNUTLS_HANDSHAKE, ret); |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
164 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
165 |
// complete? |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
166 |
if (ret == 0) {
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
167 |
// update state |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
168 |
client->handshake = false; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
169 |
|
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
170 |
// verify? |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
171 |
if (client->verify) {
|
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
172 |
// perform the validation |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
173 |
if (ssl_client_verify(client, err)) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
174 |
goto error; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
175 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
176 |
// unmark |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
177 |
client->verify = false; |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
178 |
} |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
179 |
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
180 |
// handshake done |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
181 |
return 1; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
182 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
183 |
} else {
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
184 |
// set state, isn't really needed every time, but easier this way |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
185 |
client->handshake = true; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
186 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
187 |
// re-enable the event for the next iteration |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
188 |
return ssl_client_ev_enable(client, err); |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
189 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
190 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
191 |
error: |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
192 |
return -ERROR_CODE(err); |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
193 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
194 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
195 |
/** |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
196 |
* Our transport_fd event handler. Drive the handshake if that's current, otherwise, invoke user callbacks. |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
197 |
*/ |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
198 |
static void ssl_client_on_event (struct transport_fd *fd, short what, void *arg) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
199 |
{
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
200 |
struct ssl_client *client = arg; |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
201 |
error_t err; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
202 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
203 |
(void) fd; |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
204 |
|
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
205 |
// XXX: timeouts |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
206 |
(void) what; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
207 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
208 |
// are we in the handshake cycle? |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
209 |
if (client->handshake) {
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
210 |
RESET_ERROR(&err); |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
211 |
|
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
212 |
// perform the next handshake step |
|
183
7bfbe9070c50
slight tweaks to ssl_client's handshake-done logic
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
213 |
// this returns zero when the handshake is not yet done, errors/completion then trigger the else-if-else below |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
214 |
if (ssl_client_handshake(client, &err) == 0) {
|
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
215 |
// handshake continues |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
216 |
|
|
183
7bfbe9070c50
slight tweaks to ssl_client's handshake-done logic
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
217 |
} else if (!SSL_CLIENT_TRANSPORT(client)->connected) {
|
|
7bfbe9070c50
slight tweaks to ssl_client's handshake-done logic
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
218 |
// the async connect+handshake process has completed |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
219 |
// invoke the user connect callback directly with appropriate error |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
220 |
transport_connected(SSL_CLIENT_TRANSPORT(client), ERROR_CODE(&err) ? &err : NULL, true); |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
221 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
222 |
} else {
|
|
183
7bfbe9070c50
slight tweaks to ssl_client's handshake-done logic
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
223 |
// in-connection re-handshake completed |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
224 |
if (ERROR_CODE(&err)) |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
225 |
// the re-handshake failed, so this transport is dead |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
226 |
transport_error(SSL_CLIENT_TRANSPORT(client), &err); |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
227 |
|
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
228 |
else |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
229 |
// re-handshake completed, so continue with the transport_callbacks |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
230 |
transport_invoke(SSL_CLIENT_TRANSPORT(client), what); |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
231 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
232 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
233 |
} else {
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
234 |
// normal transport operation |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
235 |
// gnutls might be able to proceed now, so invoke user callbacks |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
236 |
transport_invoke(SSL_CLIENT_TRANSPORT(client), what); |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
237 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
238 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
239 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
240 |
static err_t ssl_client__read (transport_t *transport, void *buf, size_t *len, error_t *err) |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
241 |
{
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
242 |
struct ssl_client *client = transport_check(transport, &ssl_client_type); |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
243 |
int ret; |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
244 |
|
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
245 |
// read gnutls record |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
246 |
do {
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
247 |
ret = gnutls_record_recv(client->session, buf, *len); |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
248 |
|
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
249 |
} while (ret == GNUTLS_E_INTERRUPTED); |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
250 |
|
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
251 |
// errors |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
252 |
// XXX: E_REHANDSHAKE? |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
253 |
if (ret < 0 && ret != GNUTLS_E_AGAIN) |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
254 |
RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret); |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
255 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
256 |
else if (ret == 0) |
|
163
27a112d89a73
fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup
Tero Marttila <terom@fixme.fi>
parents:
159
diff
changeset
|
257 |
return SET_ERROR(err, ERR_EOF); |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
258 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
259 |
|
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
260 |
// EAGAIN? |
|
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
261 |
if (ret < 0) {
|
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
262 |
*len = 0; |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
263 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
264 |
} else {
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
265 |
// updated length |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
266 |
*len = ret; |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
267 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
268 |
} |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
269 |
|
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
270 |
return SUCCESS; |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
271 |
} |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
272 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
273 |
static err_t ssl_client__write (transport_t *transport, const void *buf, size_t *len, error_t *err) |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
274 |
{
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
275 |
struct ssl_client *client = transport_check(transport, &ssl_client_type); |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
276 |
int ret; |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
277 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
278 |
// read gnutls record |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
279 |
do {
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
280 |
ret = gnutls_record_send(client->session, buf, *len); |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
281 |
|
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
282 |
} while (ret == GNUTLS_E_INTERRUPTED); |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
283 |
|
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
284 |
// errors |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
285 |
if (ret < 0 && ret != GNUTLS_E_AGAIN) |
|
163
27a112d89a73
fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup
Tero Marttila <terom@fixme.fi>
parents:
159
diff
changeset
|
286 |
RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_SEND, ret); |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
287 |
|
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
288 |
else if (ret == 0) |
|
163
27a112d89a73
fix old usage of ERR_READ_EOF with ERR_EOF, and sock_gnutls typos/cleanup
Tero Marttila <terom@fixme.fi>
parents:
159
diff
changeset
|
289 |
return SET_ERROR(err, ERR_WRITE_EOF); |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
290 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
291 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
292 |
// eagain? |
|
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
293 |
if (ret < 0) {
|
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
294 |
*len = 0; |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
295 |
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
296 |
} else {
|
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
297 |
// updated length |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
298 |
*len = ret; |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
299 |
} |
|
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
300 |
|
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
301 |
return SUCCESS; |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
302 |
} |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
303 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
304 |
void ssl_client_deinit (struct ssl_client *client) |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
305 |
{
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
306 |
// close the session rudely |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
307 |
gnutls_deinit(client->session); |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
308 |
client->session = NULL; |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
309 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
310 |
// terminate the TCP transport |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
311 |
tcp_client_deinit(&client->base_tcp); |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
312 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
313 |
if (client->cred) {
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
314 |
// drop the cred ref |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
315 |
ssl_client_cred_put(client->cred); |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
316 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
317 |
client->cred = NULL; |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
318 |
} |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
319 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
320 |
// free |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
321 |
free(client->hostname); |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
322 |
client->hostname = NULL; |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
323 |
} |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
324 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
325 |
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
326 |
static void ssl_client__deinit (transport_t *transport) |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
327 |
{
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
328 |
struct ssl_client *client = transport_check(transport, &ssl_client_type); |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
329 |
|
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
330 |
// die |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
331 |
ssl_client_deinit(client); |
|
28
9c1050bc8709
add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create
Tero Marttila <terom@fixme.fi>
parents:
27
diff
changeset
|
332 |
} |
|
9c1050bc8709
add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create
Tero Marttila <terom@fixme.fi>
parents:
27
diff
changeset
|
333 |
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
334 |
/** |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
335 |
* Our tcp_client-invoked connect handler |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
336 |
*/ |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
337 |
static void ssl_client__connected (transport_t *transport, const error_t *tcp_err) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
338 |
{
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
339 |
struct ssl_client *client = transport_check(transport, &ssl_client_type); |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
340 |
error_t err; |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
341 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
342 |
// trap errors to let the user handle them directly |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
343 |
if (tcp_err) |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
344 |
JUMP_SET_ERROR_INFO(&err, tcp_err); |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
345 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
346 |
// bind default transport functions (recv/send) to use the TCP fd |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
347 |
gnutls_transport_set_ptr(client->session, (gnutls_transport_ptr_t) (long int) SSL_CLIENT_FD(client)->fd); |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
348 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
349 |
// add ourselves as the event handler |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
350 |
if ((ERROR_CODE(&err) = transport_fd_setup(SSL_CLIENT_FD(client), ssl_client_on_event, client))) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
351 |
goto error; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
352 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
353 |
// start handshake |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
354 |
if (ssl_client_handshake(client, &err)) |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
355 |
// this should complete with SUCCESS if it returns >0 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
356 |
goto error; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
357 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
358 |
// ok, so we wait... |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
359 |
return; |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
360 |
|
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
361 |
error: |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
362 |
// tell the user |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
363 |
transport_connected(transport, &err, true); |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
364 |
} |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
365 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
366 |
struct transport_type ssl_client_type = {
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
367 |
.base_type = {
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
368 |
.parent = &tcp_client_type.base_type, |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
369 |
}, |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
370 |
.methods = {
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
371 |
.read = ssl_client__read, |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
372 |
.write = ssl_client__write, |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
373 |
.deinit = ssl_client__deinit, |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
374 |
._connected = ssl_client__connected, |
|
27
e6639132bead
add irc_conn_callbacks, and delay irc_chan_join until on_registered
Tero Marttila <terom@fixme.fi>
parents:
14
diff
changeset
|
375 |
}, |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
376 |
}; |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
377 |
|
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
378 |
|
|
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
379 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
380 |
static void ssl_client_destroy (struct ssl_client *client) |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
381 |
{
|
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
382 |
ssl_client_deinit(client); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
383 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
384 |
free(client); |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
385 |
} |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
386 |
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
387 |
err_t ssl_connect (const struct transport_info *info, transport_t **transport_ptr, |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
388 |
const char *hostname, const char *service, |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
389 |
struct ssl_client_cred *cred, |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
390 |
error_t *err |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
391 |
) |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
392 |
{
|
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
393 |
struct ssl_client *client = NULL; |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
394 |
|
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
395 |
// alloc |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
396 |
if ((client = calloc(1, sizeof(*client))) == NULL) |
| 5 | 397 |
return SET_ERROR(err, ERR_CALLOC); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
398 |
|
| 5 | 399 |
// initialize base |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
400 |
transport_init(SSL_CLIENT_TRANSPORT(client), &ssl_client_type, info); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
401 |
|
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
402 |
if (!cred) {
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
403 |
// default credentials |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
404 |
cred = &ssl_client_cred_anon; |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
405 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
406 |
} else {
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
407 |
// take a ref |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
408 |
client->cred = cred; |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
409 |
cred->refcount++; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
410 |
}; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
411 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
412 |
// do verify? |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
413 |
if (cred->verify) |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
414 |
client->verify = true; |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
415 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
416 |
// init |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
417 |
if ((client->hostname = strdup(hostname)) == NULL) |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
418 |
JUMP_SET_ERROR(err, ERR_STRDUP); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
419 |
|
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
420 |
// initialize TCP |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
421 |
tcp_client_init(&client->base_tcp); |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
422 |
|
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
423 |
// initialize client session |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
424 |
if ((ERROR_EXTRA(err) = gnutls_init(&client->session, GNUTLS_CLIENT)) < 0) |
| 5 | 425 |
JUMP_SET_ERROR(err, ERR_GNUTLS_INIT); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
426 |
|
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
427 |
// ...default priority stuff |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
428 |
if ((ERROR_EXTRA(err) = gnutls_set_default_priority(client->session))) |
| 5 | 429 |
JUMP_SET_ERROR(err, ERR_GNUTLS_SET_DEFAULT_PRIORITY); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
430 |
|
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
431 |
// XXX: silly hack for OpenSSL interop |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
432 |
gnutls_dh_set_prime_bits(client->session, 512); |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
433 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
434 |
// bind credentials |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
435 |
if ((ERROR_EXTRA(err) = gnutls_credentials_set(client->session, GNUTLS_CRD_CERTIFICATE, cred->x509))) |
| 5 | 436 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CRED_SET); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
437 |
|
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
438 |
// TCP connect |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
439 |
if (tcp_client_connect_async(&client->base_tcp, hostname, service, err)) |
| 85 | 440 |
goto error; |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
441 |
|
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
442 |
// done, wait for the connect to complete |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
443 |
*transport_ptr = SSL_CLIENT_TRANSPORT(client); |
| 5 | 444 |
|
445 |
return SUCCESS; |
|
446 |
||
447 |
error: |
|
|
29
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
448 |
// cleanup |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
163
diff
changeset
|
449 |
ssl_client_destroy(client); |
| 5 | 450 |
|
451 |
return ERROR_CODE(err); |
|
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
452 |
} |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
453 |
|
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
454 |