diff options
| author | Garrett D'Amore <garrett@damore.org> | 2018-01-16 12:07:45 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2018-01-16 14:29:38 -0800 |
| commit | 02e6153236ae744fb614fcd14184924ec85c2993 (patch) | |
| tree | 6b41ca972d60e758c65c1adc0621500a92003c86 /src/supplemental/http/http.c | |
| parent | bbf012364d9f1482b16c97b8bfd2fd07130446ca (diff) | |
| download | nng-02e6153236ae744fb614fcd14184924ec85c2993.tar.gz nng-02e6153236ae744fb614fcd14184924ec85c2993.tar.bz2 nng-02e6153236ae744fb614fcd14184924ec85c2993.zip | |
fixes #206 Want NNG_OPT_TLS_VERIFIED option
It is useful to have support for validating that a peer *was*
verified, especially in the presence of optional validation.
We have added a property that does this, NNG_OPT_TLS_VERIFIED.
Further, all the old NNG_OPT_WSS_TLS_* property names have also been
renamed to generic NNG_OPT_TLS property names, which have been
moved to nng.h to facilitate reuse and sharing, with the comments
moved and corrected as well.
Finally, the man pages have been updated, with substantial
improvements to the nng_ws man page in particular.
Diffstat (limited to 'src/supplemental/http/http.c')
| -rw-r--r-- | src/supplemental/http/http.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/supplemental/http/http.c b/src/supplemental/http/http.c index 229a4a99..43db1d15 100644 --- a/src/supplemental/http/http.c +++ b/src/supplemental/http/http.c @@ -40,6 +40,7 @@ typedef struct nni_http_tran { void (*h_write)(void *, nni_aio *); int (*h_sock_addr)(void *, nni_sockaddr *); int (*h_peer_addr)(void *, nni_sockaddr *); + bool (*h_verified)(void *); void (*h_close)(void *); void (*h_fini)(void *); } nni_http_tran; @@ -55,6 +56,7 @@ struct nni_http { void (*wr)(void *, nni_aio *); int (*sock_addr)(void *, nni_sockaddr *); int (*peer_addr)(void *, nni_sockaddr *); + bool (*verified)(void *); void (*close)(void *); void (*fini)(void *); @@ -610,6 +612,17 @@ nni_http_peer_addr(nni_http *http, nni_sockaddr *sa) return (rv); } +bool +nni_http_tls_verified(nni_http *http) +{ + bool rv; + + nni_mtx_lock(&http->mtx); + rv = http->closed ? false : http->verified(http->sock); + nni_mtx_unlock(&http->mtx); + return (rv); +} + void nni_http_fini(nni_http *http) { @@ -655,6 +668,7 @@ http_init(nni_http **httpp, nni_http_tran *tran, void *data) http->fini = tran->h_fini; http->sock_addr = tran->h_sock_addr; http->peer_addr = tran->h_peer_addr; + http->verified = tran->h_verified; if (((rv = nni_aio_init(&http->wr_aio, http_wr_cb, http)) != 0) || ((rv = nni_aio_init(&http->rd_aio, http_rd_cb, http)) != 0)) { @@ -667,6 +681,13 @@ http_init(nni_http **httpp, nni_http_tran *tran, void *data) return (0); } +static bool +nni_http_verified_tcp(void *arg) +{ + NNI_ARG_UNUSED(arg); + return (false); +} + static nni_http_tran http_tcp_ops = { .h_read = (void *) nni_plat_tcp_pipe_recv, .h_write = (void *) nni_plat_tcp_pipe_send, @@ -674,6 +695,7 @@ static nni_http_tran http_tcp_ops = { .h_fini = (void *) nni_plat_tcp_pipe_fini, .h_sock_addr = (void *) nni_plat_tcp_pipe_sockname, .h_peer_addr = (void *) nni_plat_tcp_pipe_peername, + .h_verified = nni_http_verified_tcp, }; int @@ -690,6 +712,7 @@ static nni_http_tran http_tls_ops = { .h_fini = (void *) nni_tls_fini, .h_sock_addr = (void *) nni_tls_sockname, .h_peer_addr = (void *) nni_tls_peername, + .h_verified = (void *) nni_tls_verified, }; int |