author | Tero Marttila <terom@fixme.fi> |
Tue, 28 Apr 2009 23:10:30 +0300 | |
branch | new-transport |
changeset 159 | d3e253d7281a |
parent 156 | 6534a4ac957b |
child 163 | 27a112d89a73 |
permissions | -rw-r--r-- |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
1 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
2 |
#include "sock_gnutls.h" |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
3 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
4 |
// XXX: remove |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
5 |
#include "log.h" |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
6 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
7 |
#include <gnutls/x509.h> |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
8 |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
9 |
#include <stdlib.h> |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
10 |
#include <string.h> |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
11 |
#include <time.h> |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
12 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
13 |
#include <assert.h> |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
14 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
15 |
/** |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
16 |
* Enable the TCP events based on the session's gnutls_record_get_direction(). |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
17 |
*/ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
18 |
static err_t sock_gnutls_ev_enable (struct sock_gnutls *sock, error_t *err) |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
19 |
{ |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
20 |
int ret; |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
21 |
short mask; |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
22 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
23 |
// gnutls_record_get_direction tells us what I/O operation gnutls would have required for the last |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
24 |
// operation, so we can use that to determine what events to register |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
25 |
switch ((ret = gnutls_record_get_direction(sock->session))) { |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
26 |
case 0: |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
27 |
// read more data |
156
6534a4ac957b
add transport/sock/line_proto/etc code compiles
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
28 |
mask = TRANSPORT_READ; |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
29 |
break; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
30 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
31 |
case 1: |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
32 |
// write buffer full |
156
6534a4ac957b
add transport/sock/line_proto/etc code compiles
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
33 |
mask = TRANSPORT_WRITE; |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
34 |
break; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
35 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
36 |
default: |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
37 |
// random error |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
38 |
RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_GET_DIRECTION, ret); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
39 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
40 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
41 |
// do the enabling |
156
6534a4ac957b
add transport/sock/line_proto/etc code compiles
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
42 |
if ((ERROR_CODE(err) = transport_fd_enable(SOCK_GNUTLS_FD(sock), mask))) |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
43 |
return ERROR_CODE(err); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
44 |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
45 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
46 |
return SUCCESS; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
47 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
48 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
49 |
/** |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
50 |
* Translate a set of gnutls_certificate_status_t values to a constant error message |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
51 |
*/ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
52 |
static const char* sock_gnutls_verify_error (unsigned int status) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
53 |
{ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
54 |
if (status & GNUTLS_CERT_REVOKED) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
55 |
return "certificate was revoked"; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
56 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
57 |
else if (status & GNUTLS_CERT_INVALID) { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
58 |
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
59 |
return "certificate signer was not found"; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
60 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
61 |
else if (status & GNUTLS_CERT_SIGNER_NOT_CA) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
62 |
return "certificate signer is not a Certificate Authority"; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
63 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
64 |
else if (status & GNUTLS_CERT_INSECURE_ALGORITHM) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
65 |
return "certificate signed using an insecure algorithm"; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
66 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
67 |
else |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
68 |
return "certificate could not be verified"; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
69 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
70 |
} else |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
71 |
return "unknown error"; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
72 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
73 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
74 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
75 |
/** |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
76 |
* Perform the certificate validation procedure on the socket. |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
77 |
* |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
78 |
* Based on the GnuTLS examples/ex-rfc2818.c |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
79 |
*/ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
80 |
static err_t sock_gnutls_verify (struct sock_gnutls *sock, error_t *err) |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
81 |
{ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
82 |
unsigned int status; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
83 |
const gnutls_datum_t *cert_list; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
84 |
unsigned int cert_list_size; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
85 |
gnutls_x509_crt_t cert = NULL; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
86 |
time_t t, now; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
87 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
88 |
// init |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
89 |
RESET_ERROR(err); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
90 |
now = time(NULL); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
91 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
92 |
// inspect the peer's cert chain using the installed trusted CAs |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
93 |
if ((ERROR_EXTRA(err) = gnutls_certificate_verify_peers2(sock->session, &status))) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
94 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_VERIFY_PEERS2); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
95 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
96 |
// verify errors? |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
97 |
if (status) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
98 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, sock_gnutls_verify_error(status)); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
99 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
100 |
// import the main cert |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
101 |
assert(gnutls_certificate_type_get(sock->session) == GNUTLS_CRT_X509); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
102 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
103 |
if ((ERROR_EXTRA(err) = gnutls_x509_crt_init(&cert))) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
104 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_init"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
105 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
106 |
if ((cert_list = gnutls_certificate_get_peers(sock->session, &cert_list_size)) == NULL) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
107 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_certificate_get_peers"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
108 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
109 |
if (!cert_list_size) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
110 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "cert_list_size"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
111 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
112 |
if ((ERROR_EXTRA(err) = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER))) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
113 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_import"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
114 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
115 |
// check expire/activate... not sure if we need to do this |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
116 |
if ((t = gnutls_x509_crt_get_expiration_time(cert)) == ((time_t) -1) || t < now) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
117 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_expiration_time"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
118 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
119 |
if ((t = gnutls_x509_crt_get_activation_time(cert)) == ((time_t) -1) || t > now) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
120 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_activation_time"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
121 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
122 |
// check hostname |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
123 |
if (!gnutls_x509_crt_check_hostname(cert, sock->hostname)) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
124 |
JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_check_hostname"); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
125 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
126 |
error: |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
127 |
// cleanup |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
128 |
if (cert) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
129 |
gnutls_x509_crt_deinit(cert); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
130 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
131 |
// should be SUCCESS |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
132 |
return ERROR_CODE(err); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
133 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
134 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
135 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
136 |
/** |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
137 |
* Our handshake driver. This will execute the next gnutls_handshake step, handling E_AGAIN. |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
138 |
* |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
139 |
* This updates the sock_gnutls::handshake state internally, as used by sock_gnutls_event_handler. |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
140 |
* |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
141 |
* If the sock is marked as verify, this will perform the verification, returning on any errors, and then unset the |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
142 |
* verify flag - this ensures that the peer cert is only verified once per connection... |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
143 |
* |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
144 |
* @return >0 for finished handshake, 0 for handshake-in-progress, -err_t for errors. |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
145 |
*/ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
146 |
static int sock_gnutls_handshake (struct sock_gnutls *sock, error_t *err) |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
147 |
{ |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
148 |
int ret; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
149 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
150 |
// perform the handshake |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
151 |
if ((ret = gnutls_handshake(sock->session)) < 0 && ret != GNUTLS_E_AGAIN) |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
152 |
JUMP_SET_ERROR_EXTRA(err, ERR_GNUTLS_HANDSHAKE, ret); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
153 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
154 |
// complete? |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
155 |
if (ret == 0) { |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
156 |
// update state |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
157 |
sock->handshake = false; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
158 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
159 |
// verify? |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
160 |
if (sock->verify) { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
161 |
// perform the validation |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
162 |
if (sock_gnutls_verify(sock, err)) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
163 |
goto error; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
164 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
165 |
// unmark |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
166 |
sock->verify = false; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
167 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
168 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
169 |
// handshake done |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
170 |
return 1; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
171 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
172 |
} else { |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
173 |
// set state, isn't really needed every time, but easier this way |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
174 |
sock->handshake = true; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
175 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
176 |
// re-enable the event for the next iteration |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
177 |
return sock_gnutls_ev_enable(sock, err); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
178 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
179 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
180 |
error: |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
181 |
return -ERROR_CODE(err); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
182 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
183 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
184 |
/** |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
185 |
* Our transport_fd event handler. Drive the handshake if that's current, otherwise, invoke user callbacks. |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
186 |
*/ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
187 |
static void sock_gnutls_on_event (struct transport_fd *fd, short what, void *arg) |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
188 |
{ |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
189 |
struct sock_gnutls *sock = arg; |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
190 |
error_t err; |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
191 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
192 |
(void) fd; |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
193 |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
194 |
// XXX: timeouts |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
195 |
(void) what; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
196 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
197 |
// are we in the handshake cycle? |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
198 |
if (sock->handshake) { |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
199 |
RESET_ERROR(&err); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
200 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
201 |
// perform the next handshake step |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
202 |
if (sock_gnutls_handshake(sock, &err) == 0) { |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
203 |
// handshake continues |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
204 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
205 |
} else if (SOCK_GNUTLS_TRANSPORT(sock)->connected) { |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
206 |
// the async connect process has now completed, either succesfully or with an error |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
207 |
// invoke the user connect callback directly with appropriate error |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
208 |
transport_connected(SOCK_GNUTLS_TRANSPORT(sock), ERROR_CODE(&err) ? &err : NULL, true); |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
209 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
210 |
} else { |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
211 |
if (ERROR_CODE(&err)) |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
212 |
// the re-handshake failed, so this transport is dead |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
213 |
transport_error(SOCK_GNUTLS_TRANSPORT(sock), &err); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
214 |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
215 |
else |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
216 |
// re-handshake completed, so continue with the transport_callbacks |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
217 |
transport_fd_invoke(SOCK_GNUTLS_FD(sock), what); |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
218 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
219 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
220 |
} else { |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
221 |
// normal sock_stream operation |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
222 |
// gnutls might be able to proceed now, so invoke user callbacks |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
223 |
transport_fd_invoke(SOCK_GNUTLS_FD(sock), what); |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
224 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
225 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
226 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
227 |
static err_t sock_gnutls_read (transport_t *transport, void *buf, size_t *len, error_t *err) |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
228 |
{ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
229 |
struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type); |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
230 |
int ret; |
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
231 |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
232 |
// read gnutls record |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
233 |
do { |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
234 |
ret = gnutls_record_recv(sock->session, buf, *len); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
235 |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
236 |
} while (ret == GNUTLS_E_INTERRUPTED); |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
237 |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
238 |
// errors |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
239 |
// XXX: E_REHANDSHAKE? |
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
240 |
if (ret < 0 && ret != GNUTLS_E_AGAIN) |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
241 |
RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret); |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
242 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
243 |
else if (ret == 0) |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
244 |
return SET_ERROR(err, ERR_READ_EOF); |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
245 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
246 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
247 |
// EAGAIN? |
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
248 |
if (ret < 0) { |
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
249 |
*len = 0; |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
250 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
251 |
} else { |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
252 |
// updated length |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
253 |
*len = ret; |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
254 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
255 |
} |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
256 |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
257 |
return SUCCESS; |
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
258 |
} |
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
259 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
260 |
static err_t sock_gnutls_write (transport_t *transport, const void *buf, size_t *len, error_t *err) |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
261 |
{ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
262 |
struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type); |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
263 |
int ret; |
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
264 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
265 |
// read gnutls record |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
266 |
do { |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
267 |
ret = gnutls_record_send(sock->session, buf, *len); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
268 |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
269 |
} while (ret == GNUTLS_E_INTERRUPTED); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
270 |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
271 |
// errors |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
272 |
if (ret < 0 && ret != GNUTLS_E_AGAIN) |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
273 |
RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret); |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
274 |
|
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
275 |
else if (ret == 0) |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
276 |
return SET_ERROR(err, ERR_READ_EOF); |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
277 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
278 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
279 |
// eagain? |
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
280 |
if (ret < 0) { |
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
281 |
*len = 0; |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
282 |
|
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
283 |
} else { |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
284 |
// updated length |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
285 |
*len = ret; |
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
286 |
} |
10
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
287 |
|
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
288 |
return SUCCESS; |
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
289 |
} |
9fe218576d13
fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation
Tero Marttila <terom@fixme.fi>
parents:
9
diff
changeset
|
290 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
291 |
static void _sock_gnutls_destroy (transport_t *transport) |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
292 |
{ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
293 |
struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type); |
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
10
diff
changeset
|
294 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
295 |
// die |
29
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
296 |
sock_gnutls_destroy(sock); |
28
9c1050bc8709
add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create
Tero Marttila <terom@fixme.fi>
parents:
27
diff
changeset
|
297 |
} |
9c1050bc8709
add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create
Tero Marttila <terom@fixme.fi>
parents:
27
diff
changeset
|
298 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
299 |
/** |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
300 |
* Our sock_tcp-invoked connect handler |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
301 |
*/ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
302 |
static void sock_gnutls__connected (transport_t *transport, const error_t *tcp_err) |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
303 |
{ |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
304 |
struct sock_gnutls *sock = transport_check(transport, &sock_gnutls_type); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
305 |
error_t err; |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
306 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
307 |
// trap errors to let the user handle them directly |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
308 |
if (tcp_err) |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
309 |
JUMP_SET_ERROR_INFO(&err, tcp_err); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
310 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
311 |
// bind default transport functions (recv/send) to use the TCP fd |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
312 |
gnutls_transport_set_ptr(sock->session, (gnutls_transport_ptr_t) (long int) SOCK_GNUTLS_FD(sock)->fd); |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
313 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
314 |
// add ourselves as the event handler |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
315 |
if ((ERROR_CODE(&err) = transport_fd_setup(SOCK_GNUTLS_FD(sock), sock_gnutls_on_event, sock))) |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
316 |
goto error; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
317 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
318 |
// start handshake |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
319 |
if (sock_gnutls_handshake(sock, &err)) |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
320 |
// this should complete with SUCCESS if it returns >0 |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
321 |
goto error; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
322 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
323 |
// ok, so we wait... |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
324 |
return; |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
325 |
|
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
326 |
error: |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
327 |
// tell the user |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
328 |
transport_connected(transport, &err, true); |
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
329 |
} |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
330 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
331 |
struct transport_type sock_gnutls_type = { |
159
d3e253d7281a
implement heirarchial type-checking for transport_check
Tero Marttila <terom@fixme.fi>
parents:
156
diff
changeset
|
332 |
.parent = &sock_tcp_type, |
27
e6639132bead
add irc_conn_callbacks, and delay irc_chan_join until on_registered
Tero Marttila <terom@fixme.fi>
parents:
14
diff
changeset
|
333 |
.methods = { |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
334 |
.read = sock_gnutls_read, |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
335 |
.write = sock_gnutls_write, |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
336 |
.destroy = _sock_gnutls_destroy, |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
337 |
._connected = sock_gnutls__connected, |
27
e6639132bead
add irc_conn_callbacks, and delay irc_chan_join until on_registered
Tero Marttila <terom@fixme.fi>
parents:
14
diff
changeset
|
338 |
}, |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
339 |
}; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
340 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
341 |
/* |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
342 |
* Global shared anonymous client credentials |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
343 |
*/ |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
344 |
static struct sock_ssl_client_cred sock_gnutls_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 }; |
4
a3ca0f97a075
change ERROR_* to use pointers again, and implement error_info for sock_init
Tero Marttila <terom@fixme.fi>
parents:
3
diff
changeset
|
345 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
346 |
// XXX: GnuTLS log func |
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
347 |
void _log (int level, const char *msg) |
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
348 |
{ |
27
e6639132bead
add irc_conn_callbacks, and delay irc_chan_join until on_registered
Tero Marttila <terom@fixme.fi>
parents:
14
diff
changeset
|
349 |
printf("gnutls: %d: %s", level, msg); |
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
350 |
} |
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
351 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
352 |
err_t sock_gnutls_global_init (error_t *err) |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
353 |
{ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
354 |
// global init |
4
a3ca0f97a075
change ERROR_* to use pointers again, and implement error_info for sock_init
Tero Marttila <terom@fixme.fi>
parents:
3
diff
changeset
|
355 |
if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0) |
a3ca0f97a075
change ERROR_* to use pointers again, and implement error_info for sock_init
Tero Marttila <terom@fixme.fi>
parents:
3
diff
changeset
|
356 |
return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT); |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
357 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
358 |
// initialize the anon client credentials |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
359 |
if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&sock_gnutls_client_cred_anon.x509)) < 0) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
360 |
return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED); |
3 | 361 |
|
14
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
362 |
// XXX: debug |
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
363 |
// gnutls_global_set_log_function(&_log); |
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
364 |
// gnutls_global_set_log_level(11); |
3a70e5901f17
fix sock_gnutls_read/write EAGAIN
Tero Marttila <terom@fixme.fi>
parents:
12
diff
changeset
|
365 |
|
3 | 366 |
// done |
367 |
return SUCCESS; |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
368 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
369 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
370 |
static void sock_ssl_client_cred_destroy (struct sock_ssl_client_cred *cred) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
371 |
{ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
372 |
// simple |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
373 |
gnutls_certificate_free_credentials(cred->x509); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
374 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
375 |
free(cred); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
376 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
377 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
378 |
err_t sock_ssl_client_cred_create (struct sock_ssl_client_cred **ctx_cred, |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
379 |
const char *cafile_path, bool verify, |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
380 |
const char *cert_path, const char *pkey_path, |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
381 |
error_t *err |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
382 |
) { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
383 |
struct sock_ssl_client_cred *cred; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
384 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
385 |
// alloc it |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
386 |
if ((cred = calloc(1, sizeof(*cred))) == NULL) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
387 |
return SET_ERROR(err, ERR_CALLOC); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
388 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
389 |
// create the cert |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
390 |
if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
391 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
392 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
393 |
// load the trusted ca certs? |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
394 |
if (cafile_path) { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
395 |
// load them |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
396 |
if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
397 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
398 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
399 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
400 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
401 |
// set the verify flags? |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
402 |
cred->verify = verify; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
403 |
gnutls_certificate_set_verify_flags(cred->x509, 0); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
404 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
405 |
// load the client cert? |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
406 |
if (cert_path || pkey_path) { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
407 |
// need both... |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
408 |
assert(cert_path && pkey_path); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
409 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
410 |
// load |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
411 |
if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM))) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
412 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
413 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
414 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
415 |
// ok |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
416 |
cred->refcount = 1; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
417 |
*ctx_cred = cred; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
418 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
419 |
return SUCCESS; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
420 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
421 |
error: |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
422 |
// release |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
423 |
sock_ssl_client_cred_destroy(cred); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
424 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
425 |
return ERROR_CODE(err); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
426 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
427 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
428 |
void sock_ssl_client_cred_get (struct sock_ssl_client_cred *cred) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
429 |
{ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
430 |
cred->refcount++; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
431 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
432 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
433 |
void sock_ssl_client_cred_put (struct sock_ssl_client_cred *cred) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
434 |
{ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
435 |
if (--cred->refcount == 0) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
436 |
sock_ssl_client_cred_destroy(cred); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
437 |
} |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
438 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
439 |
err_t sock_ssl_connect (const struct transport_info *info, transport_t **transport_ptr, |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
440 |
const char *hostname, const char *service, |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
441 |
struct sock_ssl_client_cred *cred, |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
442 |
error_t *err |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
443 |
) |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
444 |
{ |
5 | 445 |
struct sock_gnutls *sock = NULL; |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
446 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
447 |
// alloc |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
448 |
if ((sock = calloc(1, sizeof(*sock))) == NULL) |
5 | 449 |
return SET_ERROR(err, ERR_CALLOC); |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
450 |
|
5 | 451 |
// initialize base |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
452 |
transport_init(SOCK_GNUTLS_TRANSPORT(sock), &sock_gnutls_type, info); |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
453 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
454 |
if (!cred) { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
455 |
// default credentials |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
456 |
cred = &sock_gnutls_client_cred_anon; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
457 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
458 |
} else { |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
459 |
// take a ref |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
460 |
sock->cred = cred; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
461 |
cred->refcount++; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
462 |
}; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
463 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
464 |
// do verify? |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
465 |
if (cred->verify) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
466 |
sock->verify = true; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
467 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
468 |
// init |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
469 |
if ((sock->hostname = strdup(hostname)) == NULL) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
470 |
JUMP_SET_ERROR(err, ERR_STRDUP); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
471 |
|
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
472 |
// initialize TCP |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
473 |
sock_tcp_init(SOCK_GNUTLS_TCP(sock)); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
474 |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
475 |
// initialize client session |
5 | 476 |
if ((ERROR_EXTRA(err) = gnutls_init(&sock->session, GNUTLS_CLIENT)) < 0) |
477 |
JUMP_SET_ERROR(err, ERR_GNUTLS_INIT); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
478 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
479 |
// ...default priority stuff |
5 | 480 |
if ((ERROR_EXTRA(err) = gnutls_set_default_priority(sock->session))) |
481 |
JUMP_SET_ERROR(err, ERR_GNUTLS_SET_DEFAULT_PRIORITY); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
482 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
483 |
// XXX: silly hack for OpenSSL interop |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
484 |
gnutls_dh_set_prime_bits(sock->session, 512); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
485 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
486 |
// bind credentials |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
487 |
if ((ERROR_EXTRA(err) = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, cred->x509))) |
5 | 488 |
JUMP_SET_ERROR(err, ERR_GNUTLS_CRED_SET); |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
489 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
490 |
// TCP connect |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
491 |
if (sock_tcp_connect_async(SOCK_GNUTLS_TCP(sock), hostname, service, err)) |
85 | 492 |
goto error; |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
493 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
118
diff
changeset
|
494 |
// done, wait for the connect to complete |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
495 |
*transport_ptr = SOCK_GNUTLS_TRANSPORT(sock); |
5 | 496 |
|
497 |
return SUCCESS; |
|
498 |
||
499 |
error: |
|
29
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
500 |
// cleanup |
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
501 |
sock_gnutls_destroy(sock); |
5 | 502 |
|
503 |
return ERROR_CODE(err); |
|
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
504 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
505 |
|
29
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
506 |
void sock_gnutls_destroy (struct sock_gnutls *sock) |
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
507 |
{ |
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
508 |
// close the session rudely |
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
509 |
gnutls_deinit(sock->session); |
155
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
510 |
|
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
511 |
// terminate the TCP transport |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
512 |
sock_tcp_destroy(SOCK_GNUTLS_TCP(sock)); |
c59d3eaff0fb
most of the new transport/sock code compiles, but things are still missing
Tero Marttila <terom@fixme.fi>
parents:
140
diff
changeset
|
513 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
514 |
if (sock->cred) |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
515 |
// drop the cred ref |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
516 |
sock_ssl_client_cred_put(sock->cred); |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
517 |
|
29
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
518 |
// free |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
519 |
free(sock->hostname); |
29
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
520 |
} |
3f0f2898fea3
add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's
Tero Marttila <terom@fixme.fi>
parents:
28
diff
changeset
|
521 |