diff options
| author | Garrett D'Amore <garrett@damore.org> | 2018-01-17 10:04:23 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2018-01-17 10:14:39 -0800 |
| commit | 99778897f483d6882d5104123e27e95eaac26837 (patch) | |
| tree | a1051fa299ad182a050e3287cd96aea0dad30749 /src | |
| parent | 02e6153236ae744fb614fcd14184924ec85c2993 (diff) | |
| download | nng-99778897f483d6882d5104123e27e95eaac26837.tar.gz nng-99778897f483d6882d5104123e27e95eaac26837.tar.bz2 nng-99778897f483d6882d5104123e27e95eaac26837.zip | |
fixes #209 NNG_OPT_TLS_VERIFIED is busted
fixes #210 Want NNG_OPT_TLS_* options for TLS transport
fixes #212 Eliminate a_endpt member of aio
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/aio.c | 17 | ||||
| -rw-r--r-- | src/core/aio.h | 13 | ||||
| -rw-r--r-- | src/core/endpt.c | 7 | ||||
| -rw-r--r-- | src/nng.h | 3 | ||||
| -rw-r--r-- | src/supplemental/tls/mbedtls/tls.c | 5 | ||||
| -rw-r--r-- | src/transport/inproc/inproc.c | 9 | ||||
| -rw-r--r-- | src/transport/tls/tls.c | 81 | ||||
| -rw-r--r-- | src/transport/ws/websocket.c | 65 | ||||
| -rw-r--r-- | src/transport/ws/websocket.h | 4 |
9 files changed, 122 insertions, 82 deletions
diff --git a/src/core/aio.c b/src/core/aio.c index 350bf52a..c6e0ed97 100644 --- a/src/core/aio.c +++ b/src/core/aio.c @@ -1,7 +1,6 @@ // -// Copyright 2017 Garrett D'Amore <garrett@damore.org> -// Copyright 2017 Capitar IT Group BV <info@capitar.com> -// Copyright 2017 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -148,18 +147,6 @@ nni_aio_get_pipe(nni_aio *aio) } void -nni_aio_set_ep(nni_aio *aio, void *ep) -{ - aio->a_endpt = ep; -} - -void * -nni_aio_get_ep(nni_aio *aio) -{ - return (aio->a_endpt); -} - -void nni_aio_set_data(nni_aio *aio, int index, void *data) { if ((index >= 0) && (index < NNI_NUM_ELEMENTS(aio->a_user_data))) { diff --git a/src/core/aio.h b/src/core/aio.h index c4c09421..b5db29c9 100644 --- a/src/core/aio.h +++ b/src/core/aio.h @@ -1,7 +1,6 @@ // -// Copyright 2017 Garrett D'Amore <garrett@damore.org> -// Copyright 2017 Capitar IT Group BV <info@capitar.com> -// Copyright 2017 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -47,8 +46,7 @@ struct nni_aio { nni_msg *a_msg; // Connect/accept operations. - void *a_endpt; // opaque endpoint handle - void *a_pipe; // opaque pipe handle + void *a_pipe; // opaque pipe handle // Resolver operations. nni_sockaddr *a_addr; @@ -128,14 +126,11 @@ extern void nni_aio_set_output(nni_aio *, int, void *); // nni_get_output returns an output previously stored on the AIO. extern void *nni_aio_get_output(nni_aio *, int); -// XXX: These should be refactored in terms of the generic inputs and -// outputs. +// XXX: These should be refactored in terms of generic inputs and outputs. extern void nni_aio_set_msg(nni_aio *, nni_msg *); extern nni_msg *nni_aio_get_msg(nni_aio *); extern void nni_aio_set_pipe(nni_aio *, void *); extern void * nni_aio_get_pipe(nni_aio *); -extern void nni_aio_set_ep(nni_aio *, void *); -extern void * nni_aio_get_ep(nni_aio *); // nni_aio_set_synch sets a synchronous completion flag on the AIO. // When this is set, the next time the AIO is completed, the callback diff --git a/src/core/endpt.c b/src/core/endpt.c index 3058f5c0..57e4bc62 100644 --- a/src/core/endpt.c +++ b/src/core/endpt.c @@ -1,6 +1,6 @@ // -// Copyright 2017 Garrett D'Amore <garrett@damore.org> -// Copyright 2017 Capitar IT Group BV <info@capitar.com> +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -406,7 +406,6 @@ nni_ep_con_start(nni_ep *ep) return; } - nni_aio_set_ep(aio, ep->ep_data); ep->ep_ops.ep_connect(ep->ep_data, aio); } @@ -444,7 +443,6 @@ nni_ep_dial(nni_ep *ep, int flags) // Synchronous mode: so we have to wait for it to complete. aio = ep->ep_con_syn; - nni_aio_set_ep(aio, ep->ep_data); ep->ep_ops.ep_connect(ep->ep_data, aio); ep->ep_started = 1; nni_mtx_unlock(&ep->ep_mtx); @@ -509,7 +507,6 @@ nni_ep_acc_start(nni_ep *ep) return; } nni_aio_set_pipe(aio, NULL); - nni_aio_set_ep(aio, ep->ep_data); ep->ep_ops.ep_accept(ep->ep_data, aio); } @@ -412,7 +412,8 @@ enum nng_flag_enum { // NNG_OPT_TLS_VERIFIED returns a single integer, indicating whether the peer // has been verified (1) or not (0). Typically this is read-only, and only -// available for pipes. +// available for pipes. This option may return incorrect results if peer +// authentication is disabled with `NNG_TLS_AUTH_MODE_NONE`. #define NNG_OPT_TLS_VERIFIED "tls-verified" // XXX: TBD: priorities, socket names, ipv4only diff --git a/src/supplemental/tls/mbedtls/tls.c b/src/supplemental/tls/mbedtls/tls.c index 7b959b2b..4ae842a2 100644 --- a/src/supplemental/tls/mbedtls/tls.c +++ b/src/supplemental/tls/mbedtls/tls.c @@ -754,10 +754,7 @@ nni_tls_ciphersuite_name(nni_tls *tp) bool nni_tls_verified(nni_tls *tp) { - int rv; - - rv = mbedtls_ssl_get_verify_result(&tp->ctx); - return (rv ? true : false); + return (mbedtls_ssl_get_verify_result(&tp->ctx) == 0); } int diff --git a/src/transport/inproc/inproc.c b/src/transport/inproc/inproc.c index ae64263c..5b52e80a 100644 --- a/src/transport/inproc/inproc.c +++ b/src/transport/inproc/inproc.c @@ -1,6 +1,6 @@ // -// Copyright 2017 Garrett D'Amore <garrett@damore.org> -// Copyright 2017 Capitar IT Group BV <info@capitar.com> +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -222,7 +222,7 @@ nni_inproc_ep_fini(void *arg) static void nni_inproc_conn_finish(nni_aio *aio, int rv) { - nni_inproc_ep *ep = aio->a_endpt; + nni_inproc_ep *ep = aio->a_prov_extra[0]; void * pipe; nni_aio_list_remove(aio); @@ -361,6 +361,7 @@ nni_inproc_ep_connect(void *arg, nni_aio *aio) return; } + aio->a_prov_extra[0] = ep; if ((rv = nni_inproc_pipe_init((void *) &aio->a_pipe, ep)) != 0) { nni_aio_finish_error(aio, rv); nni_mtx_unlock(&nni_inproc.mx); @@ -418,6 +419,8 @@ nni_inproc_ep_accept(void *arg, nni_aio *aio) return; } + aio->a_prov_extra[0] = ep; + // We are already on the master list of servers, thanks to bind. if ((rv = nni_inproc_pipe_init((void *) &aio->a_pipe, ep)) != 0) { diff --git a/src/transport/tls/tls.c b/src/transport/tls/tls.c index 05d477b5..9832c36c 100644 --- a/src/transport/tls/tls.c +++ b/src/transport/tls/tls.c @@ -843,13 +843,68 @@ tls_getopt_config(void *arg, void *v, size_t *szp) } static int +tls_setopt_ca_file(void *arg, const void *v, size_t sz) +{ + nni_tls_ep *ep = arg; + + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } + if (ep == NULL) { + return (0); + } + return (nng_tls_config_ca_file(ep->cfg, v)); +} + +static int +tls_setopt_auth_mode(void *arg, const void *v, size_t sz) +{ + nni_tls_ep *ep = arg; + int mode; + int rv; + + rv = nni_setopt_int( + &mode, v, sz, NNG_TLS_AUTH_MODE_NONE, NNG_TLS_AUTH_MODE_REQUIRED); + if ((rv != 0) || (ep == NULL)) { + return (rv); + } + return (nng_tls_config_auth_mode(ep->cfg, mode)); +} + +static int +tls_setopt_server_name(void *arg, const void *v, size_t sz) +{ + nni_tls_ep *ep = arg; + + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } + if (ep == NULL) { + return (0); + } + return (nng_tls_config_server_name(ep->cfg, v)); +} + +static int +tls_setopt_cert_key_file(void *arg, const void *v, size_t sz) +{ + nni_tls_ep *ep = arg; + + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } + if (ep == NULL) { + return (0); + } + return (nng_tls_config_cert_key_file(ep->cfg, v, NULL)); +} + +static int tls_getopt_verified(void *arg, void *v, size_t *szp) { nni_tls_pipe *p = arg; - int verified; - verified = nni_tls_verified(p->tls); - return (nni_getopt_int(verified, v, szp)); + return (nni_getopt_int(nni_tls_verified(p->tls) ? 1 : 0, v, szp)); } static nni_tran_pipe_option nni_tls_pipe_options[] = { @@ -886,6 +941,26 @@ static nni_tran_ep_option nni_tls_ep_options[] = { .eo_getopt = tls_getopt_config, .eo_setopt = tls_setopt_config, }, + { + .eo_name = NNG_OPT_TLS_CERT_KEY_FILE, + .eo_getopt = NULL, + .eo_setopt = tls_setopt_cert_key_file, + }, + { + .eo_name = NNG_OPT_TLS_CA_FILE, + .eo_getopt = NULL, + .eo_setopt = tls_setopt_ca_file, + }, + { + .eo_name = NNG_OPT_TLS_AUTH_MODE, + .eo_getopt = NULL, + .eo_setopt = tls_setopt_auth_mode, + }, + { + .eo_name = NNG_OPT_TLS_SERVER_NAME, + .eo_getopt = NULL, + .eo_setopt = tls_setopt_server_name, + }, // terminate list { NULL, NULL, NULL }, }; diff --git a/src/transport/ws/websocket.c b/src/transport/ws/websocket.c index a06910d3..83155046 100644 --- a/src/transport/ws/websocket.c +++ b/src/transport/ws/websocket.c @@ -363,7 +363,6 @@ ws_ep_setopt_recvmaxsz(void *arg, const void *v, size_t sz) static int ws_ep_setopt_headers(ws_ep *ep, const void *v, size_t sz) { - // XXX: check that the string is well formed. char * dupstr; size_t duplen; char * name; @@ -373,6 +372,10 @@ ws_ep_setopt_headers(ws_ep *ep, const void *v, size_t sz) ws_hdr * h; int rv; + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } + if (ep == NULL) { return (0); } @@ -835,13 +838,11 @@ wss_ep_setopt_tlsconfig(void *arg, const void *v, size_t sz) if (ep == NULL) { return (0); } - nni_mtx_lock(&ep->mtx); if (ep->mode == NNI_EP_MODE_LISTEN) { rv = nni_ws_listener_set_tls(ep->listener, cfg); } else { rv = nni_ws_dialer_set_tls(ep->dialer, cfg); } - nni_mtx_unlock(&ep->mtx); return (rv); } @@ -852,20 +853,16 @@ wss_ep_setopt_tls_cert_key_file(void *arg, const void *v, size_t sz) int rv; nng_tls_config *tls; + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } if (ep == NULL) { - if (nni_strnlen(v, sz) >= sz) { - return (NNG_EINVAL); - } return (0); } - nni_mtx_lock(&ep->mtx); - if (((rv = wss_get_tls(ep, &tls)) != 0) || - ((rv = nng_tls_config_cert_key_file(tls, v, NULL)) != 0)) { - goto done; + if ((rv = wss_get_tls(ep, &tls)) != 0) { + return (rv); } -done: - nni_mtx_unlock(&ep->mtx); - return (rv); + return (nng_tls_config_cert_key_file(tls, v, NULL)); } static int @@ -875,20 +872,16 @@ wss_ep_setopt_tls_ca_file(void *arg, const void *v, size_t sz) int rv; nng_tls_config *tls; + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } if (ep == NULL) { - if (nni_strnlen(v, sz) >= sz) { - return (NNG_EINVAL); - } return (0); } - nni_mtx_lock(&ep->mtx); - if (((rv = wss_get_tls(ep, &tls)) != 0) || - ((rv = nng_tls_config_ca_file(tls, v)) != 0)) { - goto done; + if ((rv = wss_get_tls(ep, &tls)) != 0) { + return (rv); } -done: - nni_mtx_unlock(&ep->mtx); - return (rv); + return (nng_tls_config_ca_file(tls, v)); } static int @@ -904,14 +897,10 @@ wss_ep_setopt_tls_auth_mode(void *arg, const void *v, size_t sz) if ((rv != 0) || (ep == NULL)) { return (rv); } - nni_mtx_lock(&ep->mtx); - if (((rv = wss_get_tls(ep, &tls)) != 0) || - ((rv = nng_tls_config_auth_mode(tls, mode)) != 0)) { - goto done; + if ((rv = wss_get_tls(ep, &tls)) != 0) { + return (rv); } -done: - nni_mtx_unlock(&ep->mtx); - return (rv); + return (nng_tls_config_auth_mode(tls, mode)); } static int @@ -921,20 +910,16 @@ wss_ep_setopt_tls_server_name(void *arg, const void *v, size_t sz) int rv; nng_tls_config *tls; + if (nni_strnlen(v, sz) >= sz) { + return (NNG_EINVAL); + } if (ep == NULL) { - if (nni_strnlen(v, sz) >= sz) { - return (NNG_EINVAL); - } return (0); } - nni_mtx_lock(&ep->mtx); - if (((rv = wss_get_tls(ep, &tls)) != 0) || - ((rv = nng_tls_config_server_name(tls, v)) != 0)) { - goto done; + if ((rv = wss_get_tls(ep, &tls)) != 0) { + return (rv); } -done: - nni_mtx_unlock(&ep->mtx); - return (rv); + return (nng_tls_config_server_name(tls, v)); } static nni_tran_ep_option wss_ep_options[] = { diff --git a/src/transport/ws/websocket.h b/src/transport/ws/websocket.h index 76e94c3e..8179beab 100644 --- a/src/transport/ws/websocket.h +++ b/src/transport/ws/websocket.h @@ -1,6 +1,6 @@ // -// Copyright 2017 Staysail Systems, Inc. <info@staysail.tech> -// Copyright 2017 Capitar IT Group BV <info@capitar.com> +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this |