tls: Remove the individual TLS configuration options

This is a breaking change.

TLS configuration changes are to be made using TLS configuration
objects, and then set on a listener or dialer with NNG_OPT_TLS_CONFIG.
This should be a bit less racy, and allows for simpler code.

2 files changed, 22 insertions, 191 deletions

diff --git a/src/supplemental/tls/tls_common.c b/src/supplemental/tls/tls_common.c
index a6b3a8d6..02ca1442 100644
--- a/src/supplemental/tls/tls_common.c
+++ b/src/supplemental/tls/tls_common.c
@@ -191,23 +191,6 @@ tls_dialer_dial(void *arg, nng_aio *aio)
 }
 
 static int
-tls_check_string(const void *v, size_t sz, nni_opt_type t)
-{
-	switch (t) {
-	case NNI_TYPE_OPAQUE:
-		if (nni_strnlen(v, sz) >= sz) {
-			return (NNG_EINVAL);
-		}
-		return (0);
-	case NNI_TYPE_STRING:
-		// Caller is assumed to pass a good string.
-		return (0);
-	default:
-		return (NNG_EBADTYPE);
-	}
-}
-
-static int
 tls_dialer_set_config(void *arg, const void *buf, size_t sz, nni_type t)
 {
 	int             rv;
@@ -249,65 +232,6 @@ tls_dialer_get_config(void *arg, void *buf, size_t *szp, nni_type t)
 	return (rv);
 }
 
-static int
-tls_dialer_set_server_name(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	tls_dialer *d = arg;
-	int         rv;
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_server_name(d->cfg, buf);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_dialer_set_auth_mode(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	int         mode;
-	int         rv;
-	tls_dialer *d = arg;
-
-	rv = nni_copyin_int(&mode, buf, sz, NNG_TLS_AUTH_MODE_NONE,
-	    NNG_TLS_AUTH_MODE_REQUIRED, t);
-	if (rv == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_auth_mode(d->cfg, mode);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_dialer_set_ca_file(void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_dialer *d = arg;
-	int         rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_ca_file(d->cfg, buf);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_dialer_set_cert_key_file(
-    void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_dialer *d = arg;
-	int         rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&d->lk);
-		rv = nng_tls_config_cert_key_file(d->cfg, buf, NULL);
-		nni_mtx_unlock(&d->lk);
-	}
-	return (rv);
-}
-
 static const nni_option tls_dialer_opts[] = {
 	{
 	    .o_name = NNG_OPT_TLS_CONFIG,
@@ -315,22 +239,6 @@ static const nni_option tls_dialer_opts[] = {
 	    .o_set  = tls_dialer_set_config,
 	},
 	{
-	    .o_name = NNG_OPT_TLS_SERVER_NAME,
-	    .o_set  = tls_dialer_set_server_name,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CA_FILE,
-	    .o_set  = tls_dialer_set_ca_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CERT_KEY_FILE,
-	    .o_set  = tls_dialer_set_cert_key_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_AUTH_MODE,
-	    .o_set  = tls_dialer_set_auth_mode,
-	},
-	{
 	    .o_name = NULL,
 	},
 };
@@ -508,65 +416,6 @@ tls_listener_get_config(void *arg, void *buf, size_t *szp, nni_type t)
 	return (rv);
 }
 
-static int
-tls_listener_set_server_name(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	tls_listener *l = arg;
-	int           rv;
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_server_name(l->cfg, buf);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_listener_set_auth_mode(void *arg, const void *buf, size_t sz, nni_type t)
-{
-	int           mode;
-	int           rv;
-	tls_listener *l = arg;
-
-	rv = nni_copyin_int(&mode, buf, sz, NNG_TLS_AUTH_MODE_NONE,
-	    NNG_TLS_AUTH_MODE_REQUIRED, t);
-	if (rv == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_auth_mode(l->cfg, mode);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_listener_set_ca_file(void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_listener *l = arg;
-	int           rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_ca_file(l->cfg, buf);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
-static int
-tls_listener_set_cert_key_file(
-    void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
-	tls_listener *l = arg;
-	int           rv;
-
-	if ((rv = tls_check_string(buf, sz, t)) == 0) {
-		nni_mtx_lock(&l->lk);
-		rv = nng_tls_config_cert_key_file(l->cfg, buf, NULL);
-		nni_mtx_unlock(&l->lk);
-	}
-	return (rv);
-}
-
 static const nni_option tls_listener_opts[] = {
 	{
 	    .o_name = NNG_OPT_TLS_CONFIG,
@@ -574,22 +423,6 @@ static const nni_option tls_listener_opts[] = {
 	    .o_set  = tls_listener_set_config,
 	},
 	{
-	    .o_name = NNG_OPT_TLS_SERVER_NAME,
-	    .o_set  = tls_listener_set_server_name,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CA_FILE,
-	    .o_set  = tls_listener_set_ca_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_CERT_KEY_FILE,
-	    .o_set  = tls_listener_set_cert_key_file,
-	},
-	{
-	    .o_name = NNG_OPT_TLS_AUTH_MODE,
-	    .o_set  = tls_listener_set_auth_mode,
-	},
-	{
 	    .o_name = NULL,
 	},
 };
diff --git a/src/supplemental/websocket/wssfile_test.c b/src/supplemental/websocket/wssfile_test.c
index 51b78645..b449a6bf 100644
--- a/src/supplemental/websocket/wssfile_test.c
+++ b/src/supplemental/websocket/wssfile_test.c
@@ -9,6 +9,7 @@
 //
 
 #include "core/nng_impl.h"
+#include "nng/supplemental/tls/tls.h"
 
 #include <nuts.h>
 
@@ -20,26 +21,30 @@
 static void
 init_dialer_wss_file(nng_dialer d)
 {
-	char *tmpdir;
-	char *pth;
+	char           *tmpdir;
+	char           *pth;
+	nng_tls_config *c;
 
 	NUTS_ASSERT((tmpdir = nni_plat_temp_dir()) != NULL);
 	NUTS_ASSERT((pth = nni_file_join(tmpdir, CACERT)) != NULL);
 	nng_strfree(tmpdir);
 	NUTS_PASS(nni_file_put(pth, nuts_server_crt, strlen(nuts_server_crt)));
-	NUTS_PASS(nng_dialer_set_string(d, NNG_OPT_TLS_CA_FILE, pth));
-	NUTS_PASS(
-	    nng_dialer_set_string(d, NNG_OPT_TLS_SERVER_NAME, "localhost"));
+	NUTS_PASS(nng_tls_config_alloc(&c, NNG_TLS_MODE_CLIENT));
+	NUTS_PASS(nng_tls_config_ca_file(c, pth));
+	NUTS_PASS(nng_tls_config_server_name(c, "localhost"));
+	NUTS_PASS(nng_dialer_set_ptr(d, NNG_OPT_TLS_CONFIG, c));
 	nni_file_delete(pth);
 	nng_strfree(pth);
+	nng_tls_config_free(c);
 }
 
 static void
 init_listener_wss_file(nng_listener l)
 {
-	char *tmpdir;
-	char *pth;
-	char *cert_key;
+	char           *tmpdir;
+	char           *pth;
+	char           *cert_key;
+	nng_tls_config *c;
 
 	NUTS_ASSERT((tmpdir = nni_plat_temp_dir()) != NULL);
 	NUTS_ASSERT((pth = nni_file_join(tmpdir, CERT_KEY)) != NULL);
@@ -50,10 +55,13 @@ init_listener_wss_file(nng_listener l)
 
 	NUTS_PASS(nni_file_put(pth, cert_key, strlen(cert_key)));
 	nng_strfree(cert_key);
-	NUTS_PASS(nng_listener_set_string(l, NNG_OPT_TLS_CERT_KEY_FILE, pth));
+	NUTS_PASS(nng_tls_config_alloc(&c, NNG_TLS_MODE_SERVER));
+	NUTS_PASS(nng_tls_config_cert_key_file(c, pth, pth));
+	NUTS_PASS(nng_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c));
 
 	nni_file_delete(pth);
 	nng_strfree(pth);
+	nng_tls_config_free(c);
 }
 
 static void
@@ -85,8 +93,6 @@ test_invalid_verify(void)
 	int rv;
 
 	NUTS_PASS(nng_dialer_create(&d, s2, addr));
-	NUTS_PASS(nng_dialer_set_int(
-	    d, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_REQUIRED));
 	rv = nng_dialer_start(d, 0);
 
 	NUTS_TRUE(rv != 0);
@@ -126,10 +132,6 @@ test_no_verify(void)
 	snprintf(addr, sizeof(addr), "wss://127.0.0.1:%u/test", port);
 	NUTS_PASS(nng_dialer_create(&d, s2, addr));
 	init_dialer_wss_file(d);
-	NUTS_PASS(nng_dialer_set_int(
-	    d, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_OPTIONAL));
-	NUTS_PASS(
-	    nng_dialer_set_string(d, NNG_OPT_TLS_SERVER_NAME, "localhost"));
 
 	NUTS_PASS(nng_dialer_start(d, 0));
 	nng_msleep(100);
@@ -203,17 +205,13 @@ test_verify_works(void)
 static void
 test_cert_file_not_present(void)
 {
-	nng_socket   s1;
-	nng_listener l;
-
-	NUTS_PASS(nng_pair_open(&s1));
-	NUTS_PASS(nng_listener_create(&l, s1, "wss4://:0/test"));
+	nng_tls_config *c;
 
-	NUTS_FAIL(nng_listener_set_string(
-	              l, NNG_OPT_TLS_CERT_KEY_FILE, "no-such-file.pem"),
+	NUTS_PASS(nng_tls_config_alloc(&c, NNG_TLS_MODE_SERVER));
+	NUTS_FAIL(nng_tls_config_cert_key_file(
+	              c, "no-such-file.pem", "no-such-file.pem"),
 	    NNG_ENOENT);
-
-	NUTS_PASS(nng_close(s1));
+	nng_tls_config_free(c);
 }
 
 #endif