evirc: src/sock_gnutls.c@d3e253d7281a (annotated)

2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	1
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	2	#include "sock_gnutls.h"
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	3
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	4	// XXX: remove
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	5	#include "log.h"
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	6
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	7	#include <gnutls/x509.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	8
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	9	#include <stdlib.h>
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	10	#include <string.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	11	#include <time.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	12
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	13	#include <assert.h>
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	14
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	15	/**
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	16	* Enable the TCP events based on the session's gnutls_record_get_direction().
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	17	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	18	static err_t sock_gnutls_ev_enable (struct sock_gnutls sock, error_t err)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	19	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	20	int ret;
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	21	short mask;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	22
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	23	// gnutls_record_get_direction tells us what I/O operation gnutls would have required for the last
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	24	// operation, so we can use that to determine what events to register
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	25	switch ((ret = gnutls_record_get_direction(sock->session))) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	26	case 0:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	27	// read more data
156 6534a4ac957b add transport/sock/line_proto/etc code compiles Tero Marttila <terom@fixme.fi> parents: 155 diff changeset	28	mask = TRANSPORT_READ;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	29	break;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	30
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	31	case 1:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	32	// write buffer full
156 6534a4ac957b add transport/sock/line_proto/etc code compiles Tero Marttila <terom@fixme.fi> parents: 155 diff changeset	33	mask = TRANSPORT_WRITE;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	34	break;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	35
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	36	default:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	37	// random error
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	38	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_GET_DIRECTION, ret);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	39	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	40
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	41	// do the enabling
156 6534a4ac957b add transport/sock/line_proto/etc code compiles Tero Marttila <terom@fixme.fi> parents: 155 diff changeset	42	if ((ERROR_CODE(err) = transport_fd_enable(SOCK_GNUTLS_FD(sock), mask)))
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	43	return ERROR_CODE(err);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	44
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	45
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	46	return SUCCESS;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	47	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	48
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	49	/**
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	50	* Translate a set of gnutls_certificate_status_t values to a constant error message
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	51	*/
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	52	static const char* sock_gnutls_verify_error (unsigned int status)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	53	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	54	if (status & GNUTLS_CERT_REVOKED)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	55	return "certificate was revoked";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	56
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	57	else if (status & GNUTLS_CERT_INVALID) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	58	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	59	return "certificate signer was not found";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	60
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	61	else if (status & GNUTLS_CERT_SIGNER_NOT_CA)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	62	return "certificate signer is not a Certificate Authority";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	63
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	64	else if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	65	return "certificate signed using an insecure algorithm";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	66
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	67	else
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	68	return "certificate could not be verified";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	69
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	70	} else
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	71	return "unknown error";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	72
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	73	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	74
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	75	/**
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	76	* Perform the certificate validation procedure on the socket.
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	77	*
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	78	* Based on the GnuTLS examples/ex-rfc2818.c
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	79	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	80	static err_t sock_gnutls_verify (struct sock_gnutls sock, error_t err)
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	81	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	82	unsigned int status;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	83	const gnutls_datum_t *cert_list;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	84	unsigned int cert_list_size;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	85	gnutls_x509_crt_t cert = NULL;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	86	time_t t, now;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	87
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	88	// init
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	89	RESET_ERROR(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	90	now = time(NULL);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	91
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	92	// inspect the peer's cert chain using the installed trusted CAs
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	93	if ((ERROR_EXTRA(err) = gnutls_certificate_verify_peers2(sock->session, &status)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	94	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_VERIFY_PEERS2);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	95
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	96	// verify errors?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	97	if (status)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	98	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, sock_gnutls_verify_error(status));
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	99
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	100	// import the main cert
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	101	assert(gnutls_certificate_type_get(sock->session) == GNUTLS_CRT_X509);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	102
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	103	if ((ERROR_EXTRA(err) = gnutls_x509_crt_init(&cert)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	104	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_init");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	105
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	106	if ((cert_list = gnutls_certificate_get_peers(sock->session, &cert_list_size)) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	107	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_certificate_get_peers");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	108
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	109	if (!cert_list_size)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	110	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "cert_list_size");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	111
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	112	if ((ERROR_EXTRA(err) = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	113	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_import");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	114
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	115	// check expire/activate... not sure if we need to do this
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	116	if ((t = gnutls_x509_crt_get_expiration_time(cert)) == ((time_t) -1) \|\| t < now)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	117	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_expiration_time");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	118
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	119	if ((t = gnutls_x509_crt_get_activation_time(cert)) == ((time_t) -1) \|\| t > now)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	120	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_activation_time");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	121
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	122	// check hostname
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	123	if (!gnutls_x509_crt_check_hostname(cert, sock->hostname))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	124	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_check_hostname");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	125
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	126	error:
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	127	// cleanup
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	128	if (cert)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	129	gnutls_x509_crt_deinit(cert);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	130
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	131	// should be SUCCESS
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	132	return ERROR_CODE(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	133	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	134
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	135
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	136	/**
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	137	* Our handshake driver. This will execute the next gnutls_handshake step, handling E_AGAIN.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	138	*
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	139	* This updates the sock_gnutls::handshake state internally, as used by sock_gnutls_event_handler.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	140	*
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	141	* If the sock is marked as verify, this will perform the verification, returning on any errors, and then unset the
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	142	* verify flag - this ensures that the peer cert is only verified once per connection...
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	143	*
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	144	* @return >0 for finished handshake, 0 for handshake-in-progress, -err_t for errors.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	145	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	146	static int sock_gnutls_handshake (struct sock_gnutls sock, error_t err)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	147	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	148	int ret;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	149
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	150	// perform the handshake
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	151	if ((ret = gnutls_handshake(sock->session)) < 0 && ret != GNUTLS_E_AGAIN)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	152	JUMP_SET_ERROR_EXTRA(err, ERR_GNUTLS_HANDSHAKE, ret);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	153
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	154	// complete?
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	155	if (ret == 0) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	156	// update state
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	157	sock->handshake = false;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	158
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	159	// verify?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	160	if (sock->verify) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	161	// perform the validation
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	162	if (sock_gnutls_verify(sock, err))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	163	goto error;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	164
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	165	// unmark
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	166	sock->verify = false;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	167	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	168
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	169	// handshake done
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	170	return 1;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	171
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	172	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	173	// set state, isn't really needed every time, but easier this way
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	174	sock->handshake = true;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	175
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	176	// re-enable the event for the next iteration
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	177	return sock_gnutls_ev_enable(sock, err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	178	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	179
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	180	error:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	181	return -ERROR_CODE(err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	182	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	183
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	184	/**
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	185	* Our transport_fd event handler. Drive the handshake if that's current, otherwise, invoke user callbacks.
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	186	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	187	static void sock_gnutls_on_event (struct transport_fd fd, short what, void arg)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	188	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	189	struct sock_gnutls *sock = arg;
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	190	error_t err;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	191
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	192	(void) fd;
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	193
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	194	// XXX: timeouts
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	195	(void) what;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	196
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	197	// are we in the handshake cycle?
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	198	if (sock->handshake) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	199	RESET_ERROR(&err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	200
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	201	// perform the next handshake step
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	202	if (sock_gnutls_handshake(sock, &err) == 0) {
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	203	// handshake continues
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	204
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	205	} else if (SOCK_GNUTLS_TRANSPORT(sock)->connected) {
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	206	// the async connect process has now completed, either succesfully or with an error
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	207	// invoke the user connect callback directly with appropriate error
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	208	transport_connected(SOCK_GNUTLS_TRANSPORT(sock), ERROR_CODE(&err) ? &err : NULL, true);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	209
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	210	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	211	if (ERROR_CODE(&err))
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	212	// the re-handshake failed, so this transport is dead
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	213	transport_error(SOCK_GNUTLS_TRANSPORT(sock), &err);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	214
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	215	else
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	216	// re-handshake completed, so continue with the transport_callbacks
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	217	transport_fd_invoke(SOCK_GNUTLS_FD(sock), what);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	218	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	219
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	220	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	221	// normal sock_stream operation
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	222	// gnutls might be able to proceed now, so invoke user callbacks
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	223	transport_fd_invoke(SOCK_GNUTLS_FD(sock), what);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	224	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	225	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	226
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	227	static err_t sock_gnutls_read (transport_t transport, void buf, size_t len, error_t err)
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	228	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	229	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	230	int ret;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	231
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	232	// read gnutls record
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	233	do {
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	234	ret = gnutls_record_recv(sock->session, buf, *len);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	235
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	236	} while (ret == GNUTLS_E_INTERRUPTED);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	237
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	238	// errors
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	239	// XXX: E_REHANDSHAKE?
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	240	if (ret < 0 && ret != GNUTLS_E_AGAIN)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	241	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	242
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	243	else if (ret == 0)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	244	return SET_ERROR(err, ERR_READ_EOF);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	245
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	246
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	247	// EAGAIN?
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	248	if (ret < 0) {
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	249	*len = 0;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	250
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	251	} else {
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	252	// updated length
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	253	*len = ret;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	254
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	255	}
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	256
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	257	return SUCCESS;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	258	}
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	259
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	260	static err_t sock_gnutls_write (transport_t transport, const void buf, size_t len, error_t err)
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	261	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	262	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	263	int ret;
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	264
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	265	// read gnutls record
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	266	do {
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	267	ret = gnutls_record_send(sock->session, buf, *len);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	268
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	269	} while (ret == GNUTLS_E_INTERRUPTED);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	270
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	271	// errors
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	272	if (ret < 0 && ret != GNUTLS_E_AGAIN)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	273	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	274
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	275	else if (ret == 0)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	276	return SET_ERROR(err, ERR_READ_EOF);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	277
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	278
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	279	// eagain?
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	280	if (ret < 0) {
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	281	*len = 0;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	282
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	283	} else {
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	284	// updated length
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	285	*len = ret;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	286	}
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	287
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	288	return SUCCESS;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	289	}
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	290
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	291	static void _sock_gnutls_destroy (transport_t *transport)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	292	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	293	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	294
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	295	// die
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	296	sock_gnutls_destroy(sock);
28 9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	297	}
9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	298
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	299	/**
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	300	* Our sock_tcp-invoked connect handler
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	301	*/
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	302	static void sock_gnutls__connected (transport_t transport, const error_t tcp_err)
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	303	{
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	304	struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type);
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	305	error_t err;
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	306
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	307	// trap errors to let the user handle them directly
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	308	if (tcp_err)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	309	JUMP_SET_ERROR_INFO(&err, tcp_err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	310
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	311	// bind default transport functions (recv/send) to use the TCP fd
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	312	gnutls_transport_set_ptr(sock->session, (gnutls_transport_ptr_t) (long int) SOCK_GNUTLS_FD(sock)->fd);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	313
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	314	// add ourselves as the event handler
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	315	if ((ERROR_CODE(&err) = transport_fd_setup(SOCK_GNUTLS_FD(sock), sock_gnutls_on_event, sock)))
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	316	goto error;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	317
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	318	// start handshake
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	319	if (sock_gnutls_handshake(sock, &err))
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	320	// this should complete with SUCCESS if it returns >0
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	321	goto error;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	322
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	323	// ok, so we wait...
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	324	return;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	325
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	326	error:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	327	// tell the user
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	328	transport_connected(transport, &err, true);
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	329	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	330
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	331	struct transport_type sock_gnutls_type = {
159 d3e253d7281a implement heirarchial type-checking for transport_check Tero Marttila <terom@fixme.fi> parents: 156 diff changeset	332	.parent = &sock_tcp_type,
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	333	.methods = {
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	334	.read = sock_gnutls_read,
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	335	.write = sock_gnutls_write,
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	336	.destroy = _sock_gnutls_destroy,
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	337	._connected = sock_gnutls__connected,
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	338	},
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	339	};
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	340
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	341	/*
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	342	* Global shared anonymous client credentials
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	343	*/
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	344	static struct sock_ssl_client_cred sock_gnutls_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };
4 a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	345
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	346	// XXX: GnuTLS log func
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	347	void _log (int level, const char *msg)
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	348	{
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	349	printf("gnutls: %d: %s", level, msg);
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	350	}
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	351
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	352	err_t sock_gnutls_global_init (error_t *err)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	353	{
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	354	// global init
4 a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	355	if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)
a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	356	return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	357
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	358	// initialize the anon client credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	359	if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&sock_gnutls_client_cred_anon.x509)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	360	return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
3 cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	361
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	362	// XXX: debug
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	363	// gnutls_global_set_log_function(&_log);
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	364	// gnutls_global_set_log_level(11);
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	365
3 cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	366	// done
cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	367	return SUCCESS;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	368	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	369
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	370	static void sock_ssl_client_cred_destroy (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	371	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	372	// simple
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	373	gnutls_certificate_free_credentials(cred->x509);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	374
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	375	free(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	376	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	377
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	378	err_t sock_ssl_client_cred_create (struct sock_ssl_client_cred **ctx_cred,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	379	const char *cafile_path, bool verify,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	380	const char cert_path, const char pkey_path,
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	381	error_t *err
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	382	) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	383	struct sock_ssl_client_cred *cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	384
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	385	// alloc it
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	386	if ((cred = calloc(1, sizeof(*cred))) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	387	return SET_ERROR(err, ERR_CALLOC);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	388
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	389	// create the cert
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	390	if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	391	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	392
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	393	// load the trusted ca certs?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	394	if (cafile_path) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	395	// load them
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	396	if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	397	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	398
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	399	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	400
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	401	// set the verify flags?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	402	cred->verify = verify;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	403	gnutls_certificate_set_verify_flags(cred->x509, 0);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	404
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	405	// load the client cert?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	406	if (cert_path \|\| pkey_path) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	407	// need both...
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	408	assert(cert_path && pkey_path);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	409
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	410	// load
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	411	if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	412	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	413	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	414
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	415	// ok
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	416	cred->refcount = 1;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	417	*ctx_cred = cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	418
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	419	return SUCCESS;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	420
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	421	error:
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	422	// release
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	423	sock_ssl_client_cred_destroy(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	424
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	425	return ERROR_CODE(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	426	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	427
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	428	void sock_ssl_client_cred_get (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	429	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	430	cred->refcount++;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	431	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	432
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	433	void sock_ssl_client_cred_put (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	434	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	435	if (--cred->refcount == 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	436	sock_ssl_client_cred_destroy(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	437	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	438
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	439	err_t sock_ssl_connect (const struct transport_info info, transport_t *transport_ptr,
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	440	const char hostname, const char service,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	441	struct sock_ssl_client_cred *cred,
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	442	error_t *err
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	443	)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	444	{
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	445	struct sock_gnutls *sock = NULL;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	446
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	447	// alloc
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	448	if ((sock = calloc(1, sizeof(*sock))) == NULL)
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	449	return SET_ERROR(err, ERR_CALLOC);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	450
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	451	// initialize base
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	452	transport_init(SOCK_GNUTLS_TRANSPORT(sock), &sock_gnutls_type, info);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	453
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	454	if (!cred) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	455	// default credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	456	cred = &sock_gnutls_client_cred_anon;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	457
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	458	} else {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	459	// take a ref
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	460	sock->cred = cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	461	cred->refcount++;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	462	};
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	463
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	464	// do verify?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	465	if (cred->verify)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	466	sock->verify = true;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	467
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	468	// init
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	469	if ((sock->hostname = strdup(hostname)) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	470	JUMP_SET_ERROR(err, ERR_STRDUP);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	471
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	472	// initialize TCP
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	473	sock_tcp_init(SOCK_GNUTLS_TCP(sock));
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	474
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	475	// initialize client session
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	476	if ((ERROR_EXTRA(err) = gnutls_init(&sock->session, GNUTLS_CLIENT)) < 0)
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	477	JUMP_SET_ERROR(err, ERR_GNUTLS_INIT);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	478
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	479	// ...default priority stuff
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	480	if ((ERROR_EXTRA(err) = gnutls_set_default_priority(sock->session)))
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	481	JUMP_SET_ERROR(err, ERR_GNUTLS_SET_DEFAULT_PRIORITY);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	482
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	483	// XXX: silly hack for OpenSSL interop
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	484	gnutls_dh_set_prime_bits(sock->session, 512);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	485
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	486	// bind credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	487	if ((ERROR_EXTRA(err) = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, cred->x509)))
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	488	JUMP_SET_ERROR(err, ERR_GNUTLS_CRED_SET);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	489
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	490	// TCP connect
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	491	if (sock_tcp_connect_async(SOCK_GNUTLS_TCP(sock), hostname, service, err))
85 75bc8b164ef8 async TCP connects, Tero Marttila <terom@fixme.fi> parents: 29 diff changeset	492	goto error;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	493
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	494	// done, wait for the connect to complete
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	495	*transport_ptr = SOCK_GNUTLS_TRANSPORT(sock);
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	496
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	497	return SUCCESS;
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	498
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	499	error:
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	500	// cleanup
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	501	sock_gnutls_destroy(sock);
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	502
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	503	return ERROR_CODE(err);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	504	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	505
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	506	void sock_gnutls_destroy (struct sock_gnutls *sock)
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	507	{
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	508	// close the session rudely
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	509	gnutls_deinit(sock->session);
155 c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	510
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	511	// terminate the TCP transport
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	512	sock_tcp_destroy(SOCK_GNUTLS_TCP(sock));
c59d3eaff0fb most of the new transport/sock code compiles, but things are still missing Tero Marttila <terom@fixme.fi> parents: 140 diff changeset	513
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	514	if (sock->cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	515	// drop the cred ref
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	516	sock_ssl_client_cred_put(sock->cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	517
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	518	// free
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	519	free(sock->hostname);
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	520	}
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	521

author	Tero Marttila <terom@fixme.fi>
	Tue, 28 Apr 2009 23:10:30 +0300
branch	new-transport
changeset 159	d3e253d7281a
parent 156	6534a4ac957b
child 163	27a112d89a73
permissions	-rw-r--r--