evirc: src/sock_gnutls.c@fd97eb3c183a (annotated)

2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	1
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	2	#include "sock_gnutls.h"
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	3
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	4	// XXX: remove
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	5	#include "log.h"
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	6
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	7	#include <gnutls/x509.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	8
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	9	#include <stdlib.h>
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	10	#include <string.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	11	#include <time.h>
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	12
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	13	#include <assert.h>
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	14
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	15	/**
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	16	* Register for events based on the session's gnutls_record_get_direction().
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	17	*/
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	18	static err_t sock_gnutls_ev_enable (struct sock_gnutls sock, struct error_info err)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	19	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	20	int ret;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	21
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	22	// gnutls_record_get_direction tells us what I/O operation gnutls would have required for the last
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	23	// operation, so we can use that to determine what events to register
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	24	switch ((ret = gnutls_record_get_direction(sock->session))) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	25	case 0:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	26	// read more data
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	27	sock_fd_enable_events(SOCK_GNUTLS_FD(sock), EV_READ);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	28	break;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	29
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	30	case 1:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	31	// write buffer full
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	32	sock_fd_enable_events(SOCK_GNUTLS_FD(sock), EV_WRITE);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	33	break;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	34
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	35	default:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	36	// random error
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	37	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_GET_DIRECTION, ret);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	38	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	39
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	40	// ok... wait
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	41	return SUCCESS;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	42	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	43
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	44	/**
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	45	* Translate a set of gnutls_certificate_status_t values to a constant error message
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	46	*/
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	47	static const char* sock_gnutls_verify_error (unsigned int status)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	48	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	49	if (status & GNUTLS_CERT_REVOKED)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	50	return "certificate was revoked";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	51
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	52	else if (status & GNUTLS_CERT_INVALID) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	53	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	54	return "certificate signer was not found";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	55
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	56	else if (status & GNUTLS_CERT_SIGNER_NOT_CA)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	57	return "certificate signer is not a Certificate Authority";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	58
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	59	else if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	60	return "certificate signed using an insecure algorithm";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	61
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	62	else
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	63	return "certificate could not be verified";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	64
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	65	} else
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	66	return "unknown error";
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	67
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	68	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	69
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	70	/**
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	71	* Perform the certificate validation procedure on the socket.
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	72	*
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	73	* Based on the GnuTLS examples/ex-rfc2818.c
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	74	*/
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	75	static err_t sock_gnutls_verify (struct sock_gnutls sock, struct error_info err)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	76	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	77	unsigned int status;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	78	const gnutls_datum_t *cert_list;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	79	unsigned int cert_list_size;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	80	gnutls_x509_crt_t cert = NULL;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	81	time_t t, now;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	82
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	83	// init
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	84	RESET_ERROR(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	85	now = time(NULL);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	86
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	87	// inspect the peer's cert chain using the installed trusted CAs
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	88	if ((ERROR_EXTRA(err) = gnutls_certificate_verify_peers2(sock->session, &status)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	89	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_VERIFY_PEERS2);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	90
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	91	// verify errors?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	92	if (status)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	93	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, sock_gnutls_verify_error(status));
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	94
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	95	// import the main cert
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	96	assert(gnutls_certificate_type_get(sock->session) == GNUTLS_CRT_X509);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	97
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	98	if ((ERROR_EXTRA(err) = gnutls_x509_crt_init(&cert)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	99	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_init");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	100
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	101	if ((cert_list = gnutls_certificate_get_peers(sock->session, &cert_list_size)) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	102	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_certificate_get_peers");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	103
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	104	if (!cert_list_size)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	105	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "cert_list_size");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	106
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	107	if ((ERROR_EXTRA(err) = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	108	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_import");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	109
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	110	// check expire/activate... not sure if we need to do this
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	111	if ((t = gnutls_x509_crt_get_expiration_time(cert)) == ((time_t) -1) \|\| t < now)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	112	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_expiration_time");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	113
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	114	if ((t = gnutls_x509_crt_get_activation_time(cert)) == ((time_t) -1) \|\| t > now)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	115	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_get_activation_time");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	116
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	117	// check hostname
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	118	if (!gnutls_x509_crt_check_hostname(cert, sock->hostname))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	119	JUMP_SET_ERROR_STR(err, ERR_GNUTLS_CERT_VERIFY, "gnutls_x509_crt_check_hostname");
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	120
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	121	error:
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	122	// cleanup
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	123	if (cert)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	124	gnutls_x509_crt_deinit(cert);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	125
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	126	// should be SUCCESS
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	127	return ERROR_CODE(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	128	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	129
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	130
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	131	/**
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	132	* Our handshake driver. This will execute the next gnutls_handshake step, handling E_AGAIN.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	133	*
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	134	* This updates the sock_gnutls::handshake state internally, as used by sock_gnutls_event_handler.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	135	*
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	136	* If the sock is marked as verify, this will perform the verification, returning on any errors, and then unset the
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	137	* verify flag - this ensures that the peer cert is only verified once per connection...
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	138	*
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	139	* @return >0 for finished handshake, 0 for handshake-in-progress, -err_t for errors.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	140	*/
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	141	static int sock_gnutls_handshake (struct sock_gnutls sock, struct error_info err)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	142	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	143	int ret;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	144
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	145	// perform the handshake
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	146	if ((ret = gnutls_handshake(sock->session)) < 0 && ret != GNUTLS_E_AGAIN)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	147	JUMP_SET_ERROR_EXTRA(err, ERR_GNUTLS_HANDSHAKE, ret);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	148
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	149	// complete?
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	150	if (ret == 0) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	151	// update state
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	152	sock->handshake = false;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	153
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	154	// verify?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	155	if (sock->verify) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	156	// perform the validation
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	157	if (sock_gnutls_verify(sock, err))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	158	goto error;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	159
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	160	// unmark
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	161	sock->verify = false;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	162	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	163
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	164	// handshake done
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	165	return 1;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	166
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	167	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	168	// set state, isn't really needed every time, but easier this way
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	169	sock->handshake = true;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	170
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	171	// re-enable the event for the next iteration
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	172	return sock_gnutls_ev_enable(sock, err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	173	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	174
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	175	error:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	176	return -ERROR_CODE(err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	177	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	178
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	179	/**
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	180	* Our SOCK_STREAM event handler. Drive the handshake if that's current, otherwise, invoke user callbacks.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	181	*
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	182	* XXX: this is ugly. This sock_stream-level separation doesn't really work that well.
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	183	*/
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	184	static void sock_gnutls_event_handler (int fd, short what, void *arg)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	185	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	186	struct sock_gnutls *sock = arg;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	187	struct error_info err;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	188
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	189	(void) fd;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	190	(void) what;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	191
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	192	// are we in the handshake cycle?
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	193	if (sock->handshake) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	194	RESET_ERROR(&err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	195
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	196	if (sock_gnutls_handshake(sock, &err) == 0) {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	197	// wait for the next handshake step
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	198
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	199	} else if (SOCK_GNUTLS_BASE(sock)->conn_cb_func) {
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	200	// the async connect process has now completed, either succesfully or with an error
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	201	// invoke the user connect callback directly with appropriate error
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	202	sock_stream_invoke_conn_cb(SOCK_GNUTLS_BASE(sock), ERROR_CODE(&err) ? &err : NULL, true);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	203
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	204	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	205	// re-handshake completed, so continue with the sock_stream_callbacks, so the user can call sock_gnutls_read/write
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	206
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	207	if (ERROR_CODE(&err))
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	208	// XXX: bad, since we can't report this directly... we need to let the user call _read/write, and get
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	209	// the error from there
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	210	log_warn_err(&err, "sock_gnutls_handshake failed");
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	211
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	212	// continue where we left off
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	213	sock_stream_invoke_callbacks(SOCK_GNUTLS_BASE(sock), sock->ev_mask);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	214	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	215
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	216	} else {
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	217	// normal sock_stream operation
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	218	// gnutls might be able to proceed now, so ask user to try what didn't work before now, using the mask given to
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	219	// event_enable().
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	220	sock_stream_invoke_callbacks(SOCK_GNUTLS_BASE(sock), sock->ev_mask);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	221	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	222	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	223
118 05b8d5150313 implement fifo (sock_fifo.c) and test_fifo Tero Marttila <terom@fixme.fi> parents: 117 diff changeset	224	static err_t sock_gnutls_read (struct sock_stream base_sock, void buf, size_t len, struct error_info err)
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	225	{
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	226	struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls);
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	227	int ret;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	228
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	229	// read gnutls record
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	230	ret = gnutls_record_recv(sock->session, buf, *len);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	231
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	232	// errors
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	233	// XXX: E_INTERRUPTED, E_REHANDSHAKE?
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	234	if (ret < 0 && ret != GNUTLS_E_AGAIN)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	235	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	236
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	237	else if (ret == 0)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	238	return SET_ERROR(err, ERR_READ_EOF);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	239
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	240
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	241	// eagain?
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	242	if (ret < 0) {
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	243	*len = 0;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	244
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	245	} else {
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	246	// updated length
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	247	*len = ret;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	248
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	249	}
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	250
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	251	return SUCCESS;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	252	}
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	253
118 05b8d5150313 implement fifo (sock_fifo.c) and test_fifo Tero Marttila <terom@fixme.fi> parents: 117 diff changeset	254	static err_t sock_gnutls_write (struct sock_stream base_sock, const void buf, size_t len, struct error_info err)
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	255	{
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	256	struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls);
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	257	int ret;
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	258
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	259	// read gnutls record
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	260	ret = gnutls_record_send(sock->session, buf, *len);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	261
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	262	// errors
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	263	if (ret < 0 && ret != GNUTLS_E_AGAIN)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	264	RETURN_SET_ERROR_EXTRA(err, ERR_GNUTLS_RECORD_RECV, ret);
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	265
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	266	else if (ret == 0)
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	267	return SET_ERROR(err, ERR_READ_EOF);
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	268
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	269
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	270	// eagain?
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	271	if (ret < 0) {
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	272	*len = 0;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	273
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	274	} else {
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	275	// updated length
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	276	*len = ret;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	277	}
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	278
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	279	return SUCCESS;
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	280	}
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	281
9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	282	static err_t sock_gnutls_event_init (struct sock_stream *base_sock)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	283	{
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	284	struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls);
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	285
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	286	(void) sock;
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	287
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	288	// already setup, ok
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	289	return SUCCESS;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	290	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	291
10 9fe218576d13 fix sock_stream read/write return value, move line buffer inside of line_proto, add some initial code for event-based non-blocking operation Tero Marttila <terom@fixme.fi> parents: 9 diff changeset	292	static err_t sock_gnutls_event_enable (struct sock_stream *base_sock, short mask)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	293	{
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	294	struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls);
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	295
12 4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	296	// store the ev_mask. We don't care about it here, because we assume that event_enable is only called once read or
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	297	// write, respectively, return zero. This is really the only case we can handle with gnutls.
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	298	sock->ev_mask = mask;
4147fae232d9 update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code Tero Marttila <terom@fixme.fi> parents: 10 diff changeset	299
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	300	// then wait for the event
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	301	return sock_gnutls_ev_enable(sock, SOCK_GNUTLS_ERR(sock));
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	302	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	303
28 9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	304	static void sock_gnutls_release (struct sock_stream *base_sock)
9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	305	{
9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	306	struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls);
9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	307
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	308	// DIEEEE
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	309	sock_gnutls_destroy(sock);
28 9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	310	}
9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	311
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	312	/**
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	313	* Our sock_tcp-invoked connect handler
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	314	*/
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	315	static void sock_gnutls_on_connect (struct sock_stream base_sock, struct error_info tcp_err)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	316	{
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	317	struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	318	struct error_info err;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	319
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	320	// trap errors to let the user handle them directly
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	321	if (tcp_err)
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	322	JUMP_SET_ERROR_INFO(&err, tcp_err);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	323
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	324	// bind default transport functions (recv/send) to use the TCP fd
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	325	gnutls_transport_set_ptr(sock->session, (gnutls_transport_ptr_t) (long int) SOCK_GNUTLS_FD(sock)->fd);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	326
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	327	// add ourselves as the event handler
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	328	if ((ERROR_CODE(&err) = sock_fd_init_ev(SOCK_GNUTLS_FD(sock), &sock_gnutls_event_handler, sock)))
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	329	goto error;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	330
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	331	// start handshake
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	332	if (sock_gnutls_handshake(sock, &err))
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	333	// this should complete with SUCCESS if it returns >0
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	334	goto error;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	335
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	336	// ok, so we wait...
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	337	return;
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	338
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	339	error:
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	340	// tell the user
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	341	SOCK_GNUTLS_BASE(sock)->conn_cb_func(SOCK_GNUTLS_BASE(sock), &err, SOCK_GNUTLS_BASE(sock)->conn_cb_arg);
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	342	}
55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	343
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	344	/*
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	345	* Our sock_stream_Type
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	346	*/
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	347	struct sock_stream_type sock_gnutls_type = {
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	348	.methods = {
e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	349	.read = &sock_gnutls_read,
e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	350	.write = &sock_gnutls_write,
e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	351	.event_init = &sock_gnutls_event_init,
e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	352	.event_enable = &sock_gnutls_event_enable,
28 9c1050bc8709 add sock_stream_release/line_proto_release/irc_conn_release functions, and add proper cleanup to irc_net_create Tero Marttila <terom@fixme.fi> parents: 27 diff changeset	353	.release = &sock_gnutls_release,
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	354	._conn_cb = &sock_gnutls_on_connect,
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	355	},
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	356	};
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	357
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	358	/*
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	359	* Global shared anonymous client credentials
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	360	*/
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	361	static struct sock_ssl_client_cred sock_gnutls_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };
4 a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	362
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	363	// XXX: GnuTLS log func
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	364	void _log (int level, const char *msg)
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	365	{
27 e6639132bead add irc_conn_callbacks, and delay irc_chan_join until on_registered Tero Marttila <terom@fixme.fi> parents: 14 diff changeset	366	printf("gnutls: %d: %s", level, msg);
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	367	}
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	368
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	369	err_t sock_gnutls_global_init (struct error_info *err)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	370	{
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	371	// global init
4 a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	372	if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)
a3ca0f97a075 change ERROR_* to use pointers again, and implement error_info for sock_init Tero Marttila <terom@fixme.fi> parents: 3 diff changeset	373	return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	374
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	375	// initialize the anon client credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	376	if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&sock_gnutls_client_cred_anon.x509)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	377	return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
3 cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	378
14 3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	379	// XXX: debug
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	380	// gnutls_global_set_log_function(&_log);
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	381	// gnutls_global_set_log_level(11);
3a70e5901f17 fix sock_gnutls_read/write EAGAIN Tero Marttila <terom@fixme.fi> parents: 12 diff changeset	382
3 cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	383	// done
cc94ae754e2a error handling magic Tero Marttila <terom@fixme.fi> parents: 2 diff changeset	384	return SUCCESS;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	385	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	386
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	387	static void sock_ssl_client_cred_destroy (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	388	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	389	// simple
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	390	gnutls_certificate_free_credentials(cred->x509);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	391
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	392	free(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	393	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	394
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	395	err_t sock_ssl_client_cred_create (struct sock_ssl_client_cred **ctx_cred,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	396	const char *cafile_path, bool verify,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	397	const char cert_path, const char pkey_path,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	398	struct error_info *err
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	399	) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	400	struct sock_ssl_client_cred *cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	401
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	402	// alloc it
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	403	if ((cred = calloc(1, sizeof(*cred))) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	404	return SET_ERROR(err, ERR_CALLOC);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	405
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	406	// create the cert
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	407	if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	408	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	409
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	410	// load the trusted ca certs?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	411	if (cafile_path) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	412	// load them
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	413	if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	414	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	415
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	416	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	417
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	418	// set the verify flags?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	419	cred->verify = verify;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	420	gnutls_certificate_set_verify_flags(cred->x509, 0);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	421
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	422	// load the client cert?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	423	if (cert_path \|\| pkey_path) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	424	// need both...
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	425	assert(cert_path && pkey_path);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	426
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	427	// load
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	428	if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	429	JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	430	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	431
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	432	// ok
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	433	cred->refcount = 1;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	434	*ctx_cred = cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	435
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	436	return SUCCESS;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	437
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	438	error:
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	439	// release
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	440	sock_ssl_client_cred_destroy(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	441
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	442	return ERROR_CODE(err);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	443	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	444
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	445	void sock_ssl_client_cred_get (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	446	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	447	cred->refcount++;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	448	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	449
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	450	void sock_ssl_client_cred_put (struct sock_ssl_client_cred *cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	451	{
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	452	if (--cred->refcount == 0)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	453	sock_ssl_client_cred_destroy(cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	454	}
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	455
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	456	err_t sock_ssl_connect_async (struct sock_stream **sock_ptr,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	457	const char hostname, const char service,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	458	struct sock_ssl_client_cred *cred,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	459	sock_stream_connect_cb cb_func, void *cb_arg,
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	460	struct error_info *err
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	461	)
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	462	{
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	463	struct sock_gnutls *sock = NULL;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	464
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	465	// alloc
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	466	if ((sock = calloc(1, sizeof(*sock))) == NULL)
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	467	return SET_ERROR(err, ERR_CALLOC);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	468
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	469	// initialize base
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	470	sock_stream_init(SOCK_GNUTLS_BASE(sock), &sock_gnutls_type, cb_func, cb_arg);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	471
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	472	if (!cred) {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	473	// default credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	474	cred = &sock_gnutls_client_cred_anon;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	475
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	476	} else {
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	477	// take a ref
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	478	sock->cred = cred;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	479	cred->refcount++;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	480	};
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	481
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	482	// do verify?
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	483	if (cred->verify)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	484	sock->verify = true;
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	485
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	486	// init
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	487	if ((sock->hostname = strdup(hostname)) == NULL)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	488	JUMP_SET_ERROR(err, ERR_STRDUP);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	489
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	490	// initialize client session
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	491	if ((ERROR_EXTRA(err) = gnutls_init(&sock->session, GNUTLS_CLIENT)) < 0)
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	492	JUMP_SET_ERROR(err, ERR_GNUTLS_INIT);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	493
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	494	// ...default priority stuff
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	495	if ((ERROR_EXTRA(err) = gnutls_set_default_priority(sock->session)))
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	496	JUMP_SET_ERROR(err, ERR_GNUTLS_SET_DEFAULT_PRIORITY);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	497
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	498	// XXX: silly hack for OpenSSL interop
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	499	gnutls_dh_set_prime_bits(sock->session, 512);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	500
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	501	// bind credentials
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	502	if ((ERROR_EXTRA(err) = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, cred->x509)))
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	503	JUMP_SET_ERROR(err, ERR_GNUTLS_CRED_SET);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	504
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	505	// TCP connect
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	506	if (sock_tcp_connect_async_begin(SOCK_GNUTLS_TCP(sock), hostname, service, err))
85 75bc8b164ef8 async TCP connects, Tero Marttila <terom@fixme.fi> parents: 29 diff changeset	507	goto error;
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	508
139 55b9dcc2b73a implement sock_ssl_connect_async (the old sock_ssl_connect exists no more) Tero Marttila <terom@fixme.fi> parents: 118 diff changeset	509	// done, wait for the connect to complete
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	510	*sock_ptr = SOCK_GNUTLS_BASE(sock);
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	511
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	512	return SUCCESS;
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	513
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	514	error:
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	515	// cleanup
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	516	sock_gnutls_destroy(sock);
5 a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	517
a09a0797f6f0 ERROR-ify sock_gnutls Tero Marttila <terom@fixme.fi> parents: 4 diff changeset	518	return ERROR_CODE(err);
2 a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	519	}
a834f0559939 working SSL using gnutls - a bit of a painful process Tero Marttila <terom@fixme.fi> parents: diff changeset	520
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	521	void sock_gnutls_destroy (struct sock_gnutls *sock)
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	522	{
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	523	// terminate the TCP transport
117 9cb405164250 move irc_log.c to modules/irc_log.c, and restructure sock_* to split the basic fd-level stuff out of sock_tcp and into sock_fd Tero Marttila <terom@fixme.fi> parents: 85 diff changeset	524	sock_fd_close(SOCK_GNUTLS_FD(sock));
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	525
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	526	// close the session rudely
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	527	gnutls_deinit(sock->session);
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	528
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	529	if (sock->cred)
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	530	// drop the cred ref
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	531	sock_ssl_client_cred_put(sock->cred);
aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	532
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	533	// free
140 aa390e52eda8 implement ssl_cafile/verify/cert/pkey for x509 credentials Tero Marttila <terom@fixme.fi> parents: 139 diff changeset	534	free(sock->hostname);
29 3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	535	free(sock);
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	536	}
3f0f2898fea3 add sock_gnutls_destroy, and error cleanup for sock_ssl_connect. Fix various XXX's Tero Marttila <terom@fixme.fi> parents: 28 diff changeset	537

author	Tero Marttila <terom@fixme.fi>
	Thu, 23 Apr 2009 17:17:33 +0300
changeset 147	fd97eb3c183a
parent 140	aa390e52eda8
child 155	c59d3eaff0fb
permissions	-rw-r--r--