diff options
| author | Garrett D'Amore <garrett@damore.org> | 2020-11-17 15:25:01 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2020-11-17 19:05:32 -0800 |
| commit | 47754eff45271d674fe6d347be82d6755195e8ce (patch) | |
| tree | 6952c9fba61900e51760cb954cab24acbfb1b454 /src/supplemental | |
| parent | 1ebbe9fd8612ed2794c06108d485819f2d1e03d5 (diff) | |
| download | nng-47754eff45271d674fe6d347be82d6755195e8ce.tar.gz nng-47754eff45271d674fe6d347be82d6755195e8ce.tar.bz2 nng-47754eff45271d674fe6d347be82d6755195e8ce.zip | |
fixes #1355 wss4 and wss6 don't work as they should
This also properly reenables the wssfile_test.
Diffstat (limited to 'src/supplemental')
| -rw-r--r-- | src/supplemental/http/http_client.c | 22 | ||||
| -rw-r--r-- | src/supplemental/http/http_server.c | 12 | ||||
| -rw-r--r-- | src/supplemental/websocket/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | src/supplemental/websocket/wssfile_test.c | 169 |
4 files changed, 67 insertions, 140 deletions
diff --git a/src/supplemental/http/http_client.c b/src/supplemental/http/http_client.c index c420e1ff..2efb97a8 100644 --- a/src/supplemental/http/http_client.c +++ b/src/supplemental/http/http_client.c @@ -99,16 +99,28 @@ nni_http_client_init(nni_http_client **cp, const nni_url *url) { int rv; nni_http_client *c; - nng_url myurl; + nng_url my_url; // Rewrite URLs to either TLS or TCP. - memcpy(&myurl, url, sizeof(myurl)); + memcpy(&my_url, url, sizeof(my_url)); if ((strcmp(url->u_scheme, "http") == 0) || (strcmp(url->u_scheme, "ws") == 0)) { - myurl.u_scheme = "tcp"; + my_url.u_scheme = "tcp"; } else if ((strcmp(url->u_scheme, "https") == 0) || (strcmp(url->u_scheme, "wss") == 0)) { - myurl.u_scheme = "tls+tcp"; + my_url.u_scheme = "tls+tcp"; + } else if ((strcmp(url->u_scheme, "ws4") == 0) || + (strcmp(url->u_scheme, "http4") == 0)) { + my_url.u_scheme = "tcp4"; + } else if ((strcmp(url->u_scheme, "ws6") == 0) || + (strcmp(url->u_scheme, "http6") == 0)) { + my_url.u_scheme = "tcp6"; + } else if ((strcmp(url->u_scheme, "wss4") == 0) || + (strcmp(url->u_scheme, "https4") == 0)) { + my_url.u_scheme = "tls+tcp4"; + } else if ((strcmp(url->u_scheme, "wss6") == 0) || + (strcmp(url->u_scheme, "https6") == 0)) { + my_url.u_scheme = "tls+tcp6"; } else { return (NNG_EADDRINVAL); } @@ -124,7 +136,7 @@ nni_http_client_init(nni_http_client **cp, const nni_url *url) nni_mtx_init(&c->mtx); nni_aio_list_init(&c->aios); - if ((rv = nng_stream_dialer_alloc_url(&c->dialer, &myurl)) != 0) { + if ((rv = nng_stream_dialer_alloc_url(&c->dialer, &my_url)) != 0) { nni_http_client_fini(c); return (rv); } diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c index 46f2ce8a..6fad99c2 100644 --- a/src/supplemental/http/http_server.c +++ b/src/supplemental/http/http_server.c @@ -936,13 +936,17 @@ http_server_init(nni_http_server **serverp, const nni_url *url) } else if ((strcmp(url->u_scheme, "https") == 0) || (strcmp(url->u_scheme, "wss") == 0)) { myurl.u_scheme = "tls+tcp"; - } else if (strcmp(url->u_scheme, "ws4") == 0) { + } else if ((strcmp(url->u_scheme, "ws4") == 0) || + (strcmp(url->u_scheme, "http4")) == 0) { myurl.u_scheme = "tcp4"; - } else if (strcmp(url->u_scheme, "ws6") == 0) { + } else if ((strcmp(url->u_scheme, "ws6") == 0) || + (strcmp(url->u_scheme, "http6") == 0)) { myurl.u_scheme = "tcp6"; - } else if (strcmp(url->u_scheme, "wss4") == 0) { + } else if ((strcmp(url->u_scheme, "wss4") == 0) || + (strcmp(url->u_scheme, "https4") == 0)) { myurl.u_scheme = "tls+tcp4"; - } else if (strcmp(url->u_scheme, "wss6") == 0) { + } else if ((strcmp(url->u_scheme, "wss6") == 0) || + (strcmp(url->u_scheme, "https6") == 0)) { myurl.u_scheme = "tls+tcp6"; } else { return (NNG_EADDRINVAL); diff --git a/src/supplemental/websocket/CMakeLists.txt b/src/supplemental/websocket/CMakeLists.txt index 8effa931..200aeee4 100644 --- a/src/supplemental/websocket/CMakeLists.txt +++ b/src/supplemental/websocket/CMakeLists.txt @@ -10,10 +10,8 @@ if (NNG_SUPP_WEBSOCKET) nng_sources(websocket.c websocket.h) - if (NNG_SUPP_TLS) - nng_test(wssfile_test) - endif () else () nng_sources(stub.c) endif () +nng_test(wssfile_test) nng_test(websocket_test) diff --git a/src/supplemental/websocket/wssfile_test.c b/src/supplemental/websocket/wssfile_test.c index b678ddb0..8a0f95b2 100644 --- a/src/supplemental/websocket/wssfile_test.c +++ b/src/supplemental/websocket/wssfile_test.c @@ -1,5 +1,5 @@ // -// Copyright 2019 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech> // Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a @@ -19,6 +19,7 @@ #include "acutest.h" #include "testutil.h" +#ifdef NNG_SUPP_TLS // These keys are for demonstration purposes ONLY. DO NOT USE. // The certificate is valid for 100 years, because I don't want to // have to regenerate it ever again. The CN is 127.0.0.1, and self-signed. @@ -96,105 +97,8 @@ static const char key[] = "cL9dYcwse5FhNMjrQ/OKv6B38SIXpoKQUtjgkaMtmpK8cXX1eqEMNkM=\n" "-----END RSA PRIVATE KEY-----\n"; -#if 0 -static int -validloopback(nng_sockaddr *sa) -{ - char ipv6[16]; - memset(ipv6, 0, sizeof(ipv6)); - ipv6[15] = 1; - - switch (sa->s_family) { - case NNG_AF_INET: - if (sa->s_in.sa_port == 0) { - return (0); - } - if (sa->s_in.sa_addr != htonl(0x7f000001)) { - return (0); - } - return (1); - - case NNG_AF_INET6: - if (sa->s_in6.sa_port == 0) { - return (0); - } - if (memcmp(sa->s_in6.sa_addr, ipv6, sizeof(ipv6)) != 0) { - return (0); - } - return (1); - - default: - return (0); - } -} - -static int -check_props(nng_msg *msg) -{ - nng_pipe p; - size_t z; - nng_sockaddr la; - nng_sockaddr ra; - char * buf; - size_t len; - - p = nng_msg_get_pipe(msg); - So(nng_pipe_id(p) > 0); - - // Typed - z = sizeof(nng_sockaddr); - So(nng_pipe_getopt_sockaddr(p, NNG_OPT_LOCADDR, &la) == 0); - So(z == sizeof(la)); - So(validloopback(&la)); - - // Untyped - z = sizeof(nng_sockaddr); - So(nng_pipe_getopt(p, NNG_OPT_REMADDR, &ra, &z) == 0); - So(z == sizeof(ra)); - So(validloopback(&ra)); - - // Bad type - So(nng_pipe_getopt_size(p, NNG_OPT_LOCADDR, &z) == NNG_EBADTYPE); - - // Request header - z = 0; - buf = NULL; - So(nng_pipe_getopt(p, NNG_OPT_WS_REQUEST_HEADERS, buf, &z) == - NNG_EINVAL); - So(z > 0); - len = z; - So((buf = nng_alloc(len)) != NULL); - So(nng_pipe_getopt(p, NNG_OPT_WS_REQUEST_HEADERS, buf, &z) == 0); - So(strstr(buf, "Sec-WebSocket-Key") != NULL); - So(z == len); - nng_free(buf, len); - So(nng_pipe_getopt_string(p, NNG_OPT_WS_REQUEST_HEADERS, &buf) == 0); - So(strlen(buf) == len - 1); - nng_strfree(buf); - - // Response header - z = 0; - buf = NULL; - So(nng_pipe_getopt(p, NNG_OPT_WS_RESPONSE_HEADERS, buf, &z) == - NNG_EINVAL); - So(z > 0); - len = z; - So((buf = nng_alloc(len)) != NULL); - So(nng_pipe_getopt(p, NNG_OPT_WS_RESPONSE_HEADERS, buf, &z) == 0); - So(strstr(buf, "Sec-WebSocket-Accept") != NULL); - So(z == len); - nng_free(buf, len); - So(nng_pipe_getopt_string(p, NNG_OPT_WS_RESPONSE_HEADERS, &buf) == 0); - So(strlen(buf) == len - 1); - nng_strfree(buf); - - return (0); -} - -#endif - #define CACERT "wss_test_ca_cert.pem" -#define CERTKEY "wss_test_certkey.pem" +#define CERT_KEY "wss_test_cert_key.pem" static void init_dialer_wss_file(nng_dialer d) @@ -206,7 +110,7 @@ init_dialer_wss_file(nng_dialer d) TEST_ASSERT((pth = nni_file_join(tmpdir, CACERT)) != NULL); nni_strfree(tmpdir); TEST_NNG_PASS(nni_file_put(pth, cert, strlen(cert))); - TEST_NNG_PASS(nng_dialer_setopt_string(d, NNG_OPT_TLS_CA_FILE, pth)); + TEST_NNG_PASS(nng_dialer_set_string(d, NNG_OPT_TLS_CA_FILE, pth)); nni_file_delete(pth); nni_strfree(pth); } @@ -216,18 +120,18 @@ init_listener_wss_file(nng_listener l) { char *tmpdir; char *pth; - char *certkey; + char *cert_key; TEST_ASSERT((tmpdir = nni_plat_temp_dir()) != NULL); - TEST_ASSERT((pth = nni_file_join(tmpdir, CERTKEY)) != NULL); + TEST_ASSERT((pth = nni_file_join(tmpdir, CERT_KEY)) != NULL); nni_strfree(tmpdir); - TEST_NNG_PASS(nni_asprintf(&certkey, "%s\r\n%s\r\n", cert, key)); + TEST_NNG_PASS(nni_asprintf(&cert_key, "%s\r\n%s\r\n", cert, key)); - TEST_NNG_PASS(nni_file_put(pth, certkey, strlen(certkey))); - nni_strfree(certkey); + TEST_NNG_PASS(nni_file_put(pth, cert_key, strlen(cert_key))); + nni_strfree(cert_key); TEST_NNG_PASS( - nng_listener_setopt_string(l, NNG_OPT_TLS_CERT_KEY_FILE, pth)); + nng_listener_set_string(l, NNG_OPT_TLS_CERT_KEY_FILE, pth)); nni_file_delete(pth); nni_strfree(pth); @@ -240,9 +144,10 @@ test_invalid_verify(void) nng_socket s1; nng_socket s2; nng_listener l; - char addr[32]; + nng_dialer d; + char addr[40]; - snprintf(addr, sizeof(addr), "wss://:%u/test", port); + (void) snprintf(addr, sizeof(addr), "wss4://:%u/test", port); TEST_NNG_PASS(nng_pair_open(&s1)); TEST_NNG_PASS(nng_pair_open(&s2)); @@ -254,15 +159,18 @@ test_invalid_verify(void) snprintf(addr, sizeof(addr), "wss://127.0.0.1:%u/test", port); - TEST_NNG_PASS(nng_setopt_int( - s2, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_REQUIRED)); - // We find that sometimes this fails due to NNG_EPEERAUTH, but it // can also fail due to NNG_ECLOSED. This seems to be timing // dependent, based on receive vs. send timing most likely. // Applications shouldn't really depend that much on this. int rv; rv = nng_dial(s2, addr, NULL, 0); + + TEST_NNG_PASS(nng_dialer_create(&d, s2, addr)); + TEST_NNG_PASS(nng_dialer_set_int( + d, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_REQUIRED)); + rv = nng_dialer_start(d, 0); + TEST_CHECK(rv != 0); TEST_CHECK_((rv == NNG_EPEERAUTH) || (rv == NNG_ECLOSED) || (rv == NNG_ECRYPTO), @@ -287,10 +195,12 @@ test_no_verify(void) TEST_NNG_PASS(nng_pair_open(&s1)); TEST_NNG_PASS(nng_pair_open(&s2)); + TEST_NNG_PASS(nng_socket_set_ms(s1, NNG_OPT_SENDTIMEO, 5000)); + TEST_NNG_PASS(nng_socket_set_ms(s2, NNG_OPT_RECVTIMEO, 5000)); + port = testutil_next_port(); - (void) snprintf(addr, sizeof(addr), "wss://:%u/test", port); + (void) snprintf(addr, sizeof(addr), "wss4://:%u/test", port); TEST_NNG_PASS(nng_listener_create(&l, s1, addr)); - TEST_NNG_PASS(nng_setopt_ms(s1, NNG_OPT_SENDTIMEO, 5000)); init_listener_wss_file(l); TEST_NNG_PASS(nng_listener_start(l, 0)); @@ -298,12 +208,11 @@ test_no_verify(void) snprintf(addr, sizeof(addr), "wss://127.0.0.1:%u/test", port); TEST_NNG_PASS(nng_dialer_create(&d, s2, addr)); init_dialer_wss_file(d); - TEST_NNG_PASS(nng_dialer_setopt_int( + TEST_NNG_PASS(nng_dialer_set_int( d, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_OPTIONAL)); - TEST_NNG_PASS(nng_dialer_setopt_string( - d, NNG_OPT_TLS_SERVER_NAME, "example.com")); + TEST_NNG_PASS( + nng_dialer_set_string(d, NNG_OPT_TLS_SERVER_NAME, "example.com")); - TEST_NNG_PASS(nng_setopt_ms(s2, NNG_OPT_RECVTIMEO, 5000)); TEST_NNG_PASS(nng_dialer_start(d, 0)); nng_msleep(100); @@ -311,11 +220,11 @@ test_no_verify(void) TEST_NNG_PASS(nng_recvmsg(s2, &msg, 0)); TEST_ASSERT(msg != NULL); TEST_CHECK(nng_msg_len(msg) == 6); - TEST_CHECK(strcmp(nng_msg_body(msg), "hello") == 0); + TEST_STREQUAL(nng_msg_body(msg), "hello"); p = nng_msg_get_pipe(msg); TEST_CHECK(nng_pipe_id(p) > 0); - TEST_NNG_PASS(nng_pipe_getopt_bool(p, NNG_OPT_TLS_VERIFIED, &b)); + TEST_NNG_PASS(nng_pipe_get_bool(p, NNG_OPT_TLS_VERIFIED, &b)); TEST_CHECK(b == false); nng_msg_free(msg); @@ -338,20 +247,20 @@ test_verify_works(void) TEST_NNG_PASS(nng_pair_open(&s1)); TEST_NNG_PASS(nng_pair_open(&s2)); + TEST_NNG_PASS(nng_socket_set_ms(s1, NNG_OPT_SENDTIMEO, 5000)); + TEST_NNG_PASS(nng_socket_set_ms(s2, NNG_OPT_RECVTIMEO, 5000)); port = testutil_next_port(); - (void) snprintf(addr, sizeof(addr), "wss://:%u/test", port); + (void) snprintf(addr, sizeof(addr), "wss4://:%u/test", port); TEST_NNG_PASS(nng_listener_create(&l, s1, addr)); - TEST_NNG_PASS(nng_setopt_ms(s1, NNG_OPT_SENDTIMEO, 5000)); init_listener_wss_file(l); TEST_NNG_PASS(nng_listener_start(l, 0)); // It can take a bit for the listener to start up in clouds. nng_msleep(200); - snprintf(addr, sizeof(addr), "wss://localhost:%u/test", port); + snprintf(addr, sizeof(addr), "wss4://localhost:%u/test", port); TEST_NNG_PASS(nng_dialer_create(&d, s2, addr)); init_dialer_wss_file(d); - TEST_NNG_PASS(nng_setopt_ms(s2, NNG_OPT_RECVTIMEO, 5000)); TEST_NNG_PASS(nng_dialer_start(d, 0)); nng_msleep(100); @@ -359,11 +268,11 @@ test_verify_works(void) TEST_NNG_PASS(nng_recvmsg(s2, &msg, 0)); TEST_ASSERT(msg != NULL); TEST_CHECK(nng_msg_len(msg) == 6); - TEST_CHECK(strcmp(nng_msg_body(msg), "hello") == 0); + TEST_STREQUAL(nng_msg_body(msg), "hello"); p = nng_msg_get_pipe(msg); TEST_CHECK(nng_pipe_id(p) > 0); - TEST_NNG_PASS(nng_pipe_getopt_bool(p, NNG_OPT_TLS_VERIFIED, &b)); + TEST_NNG_PASS(nng_pipe_get_bool(p, NNG_OPT_TLS_VERIFIED, &b)); TEST_CHECK(b == true); nng_msg_free(msg); @@ -381,20 +290,24 @@ test_cert_file_not_present(void) TEST_NNG_PASS(nng_pair_open(&s1)); port = testutil_next_port(); - (void) snprintf(addr, sizeof(addr), "wss://:%u/test", port); + (void) snprintf(addr, sizeof(addr), "wss4://:%u/test", port); TEST_NNG_PASS(nng_listener_create(&l, s1, addr)); - TEST_NNG_FAIL(nng_listener_setopt_string( + TEST_NNG_FAIL(nng_listener_set_string( l, NNG_OPT_TLS_CERT_KEY_FILE, "no-such-file.pem"), NNG_ENOENT); TEST_NNG_PASS(nng_close(s1)); } +#endif + TEST_LIST = { +#ifdef NNG_SUPP_TLS { "wss file invalid verify", test_invalid_verify }, { "wss file no verify", test_no_verify }, { "wss file verify works", test_verify_works }, - { "wss file cacert missing", test_cert_file_not_present }, + { "wss file ca cert missing", test_cert_file_not_present }, +#endif { NULL, NULL }, }; |