aboutsummaryrefslogtreecommitdiff
path: root/src/sp
diff options
context:
space:
mode:
Diffstat (limited to 'src/sp')
-rw-r--r--src/sp/transport.h4
-rw-r--r--src/sp/transport/dtls/dtls.c49
-rw-r--r--src/sp/transport/dtls/dtls_tran_test.c81
-rw-r--r--src/sp/transport/tcp/tcp.c2
-rw-r--r--src/sp/transport/tcp/tcp_test.c6
-rw-r--r--src/sp/transport/tls/tls.c27
-rw-r--r--src/sp/transport/tls/tls_tran_test.c30
-rw-r--r--src/sp/transport/ws/websocket.c32
-rw-r--r--src/sp/transport/ws/wss_test.c76
9 files changed, 259 insertions, 48 deletions
diff --git a/src/sp/transport.h b/src/sp/transport.h
index 36ade021..11a9ac01 100644
--- a/src/sp/transport.h
+++ b/src/sp/transport.h
@@ -188,6 +188,10 @@ struct nni_sp_pipe_ops {
// p_getopt is used to obtain an option. Pipes don't implement
// option setting.
nng_err (*p_getopt)(void *, const char *, void *, size_t *, nni_type);
+
+ // p_peer_cert is used to obtain a peer cert for transports that
+ // implement TLS.
+ nng_err (*p_peer_cert)(void *, nng_tls_cert **);
};
// Transport implementation details. Transports must implement the
diff --git a/src/sp/transport/dtls/dtls.c b/src/sp/transport/dtls/dtls.c
index e95560de..400709a1 100644
--- a/src/sp/transport/dtls/dtls.c
+++ b/src/sp/transport/dtls/dtls.c
@@ -6,18 +6,18 @@
// found online at https://opensource.org/licenses/MIT.
//
-#include "core/aio.h"
-#include "core/defs.h"
-#include "core/idhash.h"
-#include "core/message.h"
-#include "core/nng_impl.h"
-#include "core/options.h"
-#include "core/pipe.h"
-#include "core/platform.h"
-#include "core/socket.h"
-#include "core/stats.h"
+#include "../../../core/aio.h"
+#include "../../../core/defs.h"
+#include "../../../core/idhash.h"
+#include "../../../core/message.h"
+#include "../../../core/nng_impl.h"
+#include "../../../core/options.h"
+#include "../../../core/pipe.h"
+#include "../../../core/platform.h"
+#include "../../../core/socket.h"
+#include "../../../core/stats.h"
+#include "../../../supplemental/tls/tls_common.h"
#include "nng/nng.h"
-#include "supplemental/tls/tls_common.h"
#include <string.h>
@@ -1070,6 +1070,14 @@ dtls_pipe_getopt(
return (nni_getopt(dtls_pipe_options, name, p, buf, szp, t));
}
+static nng_err
+dtls_pipe_peer_cert(void *arg, nng_tls_cert **certp)
+{
+ dtls_pipe *p = arg;
+
+ return (nni_tls_peer_cert(&p->tls, certp));
+}
+
static void
dtls_ep_fini(void *arg)
{
@@ -1676,15 +1684,16 @@ dtls_ep_accept(void *arg, nni_aio *aio)
}
static nni_sp_pipe_ops dtls_pipe_ops = {
- .p_size = dtls_pipe_size,
- .p_init = dtls_pipe_init,
- .p_fini = dtls_pipe_fini,
- .p_stop = dtls_pipe_stop,
- .p_send = dtls_pipe_send,
- .p_recv = dtls_pipe_recv,
- .p_close = dtls_pipe_close,
- .p_peer = dtls_pipe_peer,
- .p_getopt = dtls_pipe_getopt,
+ .p_size = dtls_pipe_size,
+ .p_init = dtls_pipe_init,
+ .p_fini = dtls_pipe_fini,
+ .p_stop = dtls_pipe_stop,
+ .p_send = dtls_pipe_send,
+ .p_recv = dtls_pipe_recv,
+ .p_close = dtls_pipe_close,
+ .p_peer = dtls_pipe_peer,
+ .p_getopt = dtls_pipe_getopt,
+ .p_peer_cert = dtls_pipe_peer_cert,
};
static const nni_option dtls_ep_opts[] = {
diff --git a/src/sp/transport/dtls/dtls_tran_test.c b/src/sp/transport/dtls/dtls_tran_test.c
index 774c967a..7e604f30 100644
--- a/src/sp/transport/dtls/dtls_tran_test.c
+++ b/src/sp/transport/dtls/dtls_tran_test.c
@@ -513,6 +513,86 @@ test_dtls_psk(void)
#endif
}
+void
+test_dtls_pipe_details(void)
+{
+ nng_socket s1;
+ nng_socket s2;
+ nng_tls_config *c1, *c2;
+ nng_sockaddr sa;
+ nng_listener l;
+ nng_dialer d;
+ nng_msg *msg;
+ nng_pipe p;
+ const nng_url *url;
+
+ c1 = tls_server_config_ecdsa();
+ c2 = tls_client_config_ecdsa();
+
+ NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
+ NUTS_OPEN(s1);
+ NUTS_OPEN(s2);
+ NUTS_PASS(nng_tls_config_auth_mode(c1, NNG_TLS_AUTH_MODE_REQUIRED));
+ NUTS_PASS(nng_tls_config_ca_chain(c1, nuts_ecdsa_server_crt, NULL));
+ NUTS_PASS(nng_tls_config_ca_chain(c2, nuts_ecdsa_server_crt, NULL));
+ NUTS_PASS(nng_listener_create(&l, s1, "dtls://127.0.0.1:0"));
+ NUTS_PASS(nng_listener_set_tls(l, c1));
+ NUTS_PASS(nng_listener_start(l, 0));
+ NUTS_PASS(nng_listener_get_url(l, &url));
+ NUTS_MATCH(nng_url_scheme(url), "dtls");
+ NUTS_PASS(nng_listener_get_addr(l, NNG_OPT_LOCADDR, &sa));
+ NUTS_TRUE(sa.s_in.sa_family == NNG_AF_INET);
+ NUTS_TRUE(sa.s_in.sa_port != 0);
+ NUTS_TRUE(sa.s_in.sa_addr = nuts_be32(0x7f000001));
+ NUTS_PASS(nng_dialer_create_url(&d, s2, url));
+ NUTS_PASS(nng_dialer_set_tls(d, c2));
+ NUTS_PASS(nng_dialer_start(d, 0));
+ nng_msleep(50);
+ NUTS_SEND(s1, "text");
+ NUTS_PASS(nng_recvmsg(s2, &msg, 0));
+ p = nng_msg_get_pipe(msg);
+ NUTS_TRUE(nng_pipe_id(p) >= 0);
+#if !defined(NNG_TLS_ENGINE_WOLFSSL) || defined(NNG_WOLFSSL_HAVE_PEER_CERT)
+ // TOOD: maybe implement this -- although I think we want to move away
+ // from it.
+ //
+ // char *cn; NUTS_PASS(nng_pipe_get_string(p,
+ // NNG_OPT_TLS_PEER_CN, &cn)); NUTS_ASSERT(cn != NULL); NUTS_MATCH(cn,
+ // "127.0.0.1"); nng_strfree(cn);
+
+ nng_tls_cert *cert;
+ char *name;
+ NUTS_PASS(nng_pipe_peer_cert(p, &cert));
+ NUTS_PASS(nng_tls_cert_subject(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "SUBJECT: %s", name);
+ NUTS_PASS(nng_tls_cert_issuer(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "ISSUER: %s", name);
+ NUTS_PASS(nng_tls_cert_serial_number(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "SERIAL: %s", name);
+ NUTS_PASS(nng_tls_cert_subject_cn(cert, &name));
+ NUTS_MATCH(name, "127.0.0.1");
+ NUTS_PASS(nng_tls_cert_next_alt(cert, &name));
+ nng_log_debug(NULL, "FIRST ALT: %s", name);
+ NUTS_MATCH(name, "localhost");
+ NUTS_FAIL(nng_tls_cert_next_alt(cert, &name), NNG_ENOENT);
+ struct tm when;
+ NUTS_PASS(nng_tls_cert_not_before(cert, &when));
+ nng_log_debug(NULL, "BEGINS: %s", asctime(&when));
+ NUTS_PASS(nng_tls_cert_not_after(cert, &when));
+ nng_log_debug(NULL, "EXPIRES: %s", asctime(&when));
+
+ nng_tls_cert_free(cert);
+#endif
+ nng_msg_free(msg);
+ NUTS_CLOSE(s2);
+ NUTS_CLOSE(s1);
+ nng_tls_config_free(c1);
+ nng_tls_config_free(c2);
+}
+
NUTS_TESTS = {
{ "dtls port zero bind", test_dtls_port_zero_bind },
@@ -525,5 +605,6 @@ NUTS_TESTS = {
{ "dtls pre-shared key", test_dtls_psk },
{ "dtls bad cert mutual", test_dtls_bad_cert_mutual },
{ "dtls cert mutual", test_dtls_cert_mutual },
+ { "dtls pipe details", test_dtls_pipe_details },
{ NULL, NULL },
};
diff --git a/src/sp/transport/tcp/tcp.c b/src/sp/transport/tcp/tcp.c
index 096d2e24..c2e9093b 100644
--- a/src/sp/transport/tcp/tcp.c
+++ b/src/sp/transport/tcp/tcp.c
@@ -12,7 +12,7 @@
#include <stdlib.h>
#include <string.h>
-#include "core/nng_impl.h"
+#include "../../../core/nng_impl.h"
#include "nng/nng.h"
// TCP transport. Platform specific TCP operations must be
diff --git a/src/sp/transport/tcp/tcp_test.c b/src/sp/transport/tcp/tcp_test.c
index a7ff5e96..31379db6 100644
--- a/src/sp/transport/tcp/tcp_test.c
+++ b/src/sp/transport/tcp/tcp_test.c
@@ -11,7 +11,8 @@
//
#include "nng/nng.h"
-#include <nuts.h>
+
+#include "../../../testing/nuts.h"
// TCP tests.
@@ -231,6 +232,9 @@ check_props_v4(nng_msg *msg)
NUTS_PASS(nng_pipe_get_bool(p, NNG_OPT_TCP_NODELAY, &b));
NUTS_TRUE(b); // default
+
+ nng_tls_cert *cert;
+ NUTS_FAIL(nng_pipe_peer_cert(p, &cert), NNG_ENOTSUP);
}
void
diff --git a/src/sp/transport/tls/tls.c b/src/sp/transport/tls/tls.c
index 0bd4c284..528b05ec 100644
--- a/src/sp/transport/tls/tls.c
+++ b/src/sp/transport/tls/tls.c
@@ -952,6 +952,14 @@ tlstran_pipe_getopt(
return (rv);
}
+static nng_err
+tlstran_pipe_peer_cert(void *arg, nng_tls_cert **certp)
+{
+ tlstran_pipe *p = arg;
+
+ return (nng_stream_peer_cert(p->tls, certp));
+}
+
static size_t
tlstran_pipe_size(void)
{
@@ -959,15 +967,16 @@ tlstran_pipe_size(void)
}
static nni_sp_pipe_ops tlstran_pipe_ops = {
- .p_size = tlstran_pipe_size,
- .p_init = tlstran_pipe_init,
- .p_fini = tlstran_pipe_fini,
- .p_stop = tlstran_pipe_stop,
- .p_send = tlstran_pipe_send,
- .p_recv = tlstran_pipe_recv,
- .p_close = tlstran_pipe_close,
- .p_peer = tlstran_pipe_peer,
- .p_getopt = tlstran_pipe_getopt,
+ .p_size = tlstran_pipe_size,
+ .p_init = tlstran_pipe_init,
+ .p_fini = tlstran_pipe_fini,
+ .p_stop = tlstran_pipe_stop,
+ .p_send = tlstran_pipe_send,
+ .p_recv = tlstran_pipe_recv,
+ .p_close = tlstran_pipe_close,
+ .p_peer = tlstran_pipe_peer,
+ .p_getopt = tlstran_pipe_getopt,
+ .p_peer_cert = tlstran_pipe_peer_cert,
};
static nni_option tlstran_ep_options[] = {
diff --git a/src/sp/transport/tls/tls_tran_test.c b/src/sp/transport/tls/tls_tran_test.c
index 73c299c8..1b69c65f 100644
--- a/src/sp/transport/tls/tls_tran_test.c
+++ b/src/sp/transport/tls/tls_tran_test.c
@@ -227,11 +227,31 @@ test_tls_pipe_details(void)
p = nng_msg_get_pipe(msg);
NUTS_TRUE(nng_pipe_id(p) >= 0);
#if !defined(NNG_TLS_ENGINE_WOLFSSL) || defined(NNG_WOLFSSL_HAVE_PEER_CERT)
- char *cn;
- NUTS_PASS(nng_pipe_get_string(p, NNG_OPT_TLS_PEER_CN, &cn));
- NUTS_ASSERT(cn != NULL);
- NUTS_MATCH(cn, "127.0.0.1");
- nng_strfree(cn);
+ nng_tls_cert *cert;
+ char *name;
+ NUTS_PASS(nng_pipe_peer_cert(p, &cert));
+ NUTS_PASS(nng_tls_cert_subject(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "SUBJECT: %s", name);
+ NUTS_PASS(nng_tls_cert_issuer(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "ISSUER: %s", name);
+ NUTS_PASS(nng_tls_cert_serial_number(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "SERIAL: %s", name);
+ NUTS_PASS(nng_tls_cert_subject_cn(cert, &name));
+ NUTS_MATCH(name, "127.0.0.1");
+ NUTS_PASS(nng_tls_cert_next_alt(cert, &name));
+ nng_log_debug(NULL, "FIRST ALT: %s", name);
+ NUTS_MATCH(name, "localhost");
+ NUTS_FAIL(nng_tls_cert_next_alt(cert, &name), NNG_ENOENT);
+ struct tm when;
+ NUTS_PASS(nng_tls_cert_not_before(cert, &when));
+ nng_log_debug(NULL, "BEGINS: %s", asctime(&when));
+ NUTS_PASS(nng_tls_cert_not_after(cert, &when));
+ nng_log_debug(NULL, "EXPIRES: %s", asctime(&when));
+
+ nng_tls_cert_free(cert);
#endif
nng_msg_free(msg);
NUTS_CLOSE(s2);
diff --git a/src/sp/transport/ws/websocket.c b/src/sp/transport/ws/websocket.c
index 515f7b65..f9c13afe 100644
--- a/src/sp/transport/ws/websocket.c
+++ b/src/sp/transport/ws/websocket.c
@@ -13,8 +13,9 @@
#include <stdio.h>
#include <string.h>
-#include "core/nng_impl.h"
-#include "supplemental/websocket/websocket.h"
+#include "../../../core/nng_impl.h"
+#include "../../../supplemental/websocket/websocket.h"
+#include "nng/nng.h"
typedef struct ws_dialer ws_dialer;
typedef struct ws_listener ws_listener;
@@ -328,6 +329,14 @@ wstran_pipe_getopt(
return (rv);
}
+static nng_err
+wstran_pipe_peer_cert(void *arg, nng_tls_cert **certp)
+{
+ ws_pipe *p = arg;
+
+ return (nng_stream_peer_cert(p->ws, certp));
+}
+
static size_t
wstran_pipe_size(void)
{
@@ -335,15 +344,16 @@ wstran_pipe_size(void)
}
static nni_sp_pipe_ops ws_pipe_ops = {
- .p_size = wstran_pipe_size,
- .p_init = wstran_pipe_init,
- .p_fini = wstran_pipe_fini,
- .p_stop = wstran_pipe_stop,
- .p_send = wstran_pipe_send,
- .p_recv = wstran_pipe_recv,
- .p_close = wstran_pipe_close,
- .p_peer = wstran_pipe_peer,
- .p_getopt = wstran_pipe_getopt,
+ .p_size = wstran_pipe_size,
+ .p_init = wstran_pipe_init,
+ .p_fini = wstran_pipe_fini,
+ .p_stop = wstran_pipe_stop,
+ .p_send = wstran_pipe_send,
+ .p_recv = wstran_pipe_recv,
+ .p_close = wstran_pipe_close,
+ .p_peer = wstran_pipe_peer,
+ .p_getopt = wstran_pipe_getopt,
+ .p_peer_cert = wstran_pipe_peer_cert,
};
static void
diff --git a/src/sp/transport/ws/wss_test.c b/src/sp/transport/ws/wss_test.c
index 7c8ceeec..1686090b 100644
--- a/src/sp/transport/ws/wss_test.c
+++ b/src/sp/transport/ws/wss_test.c
@@ -14,7 +14,7 @@
#include <nng/nng.h>
-#include <nuts.h>
+#include "../../../testing/nuts.h"
static nng_tls_config *
wss_server_config(void)
@@ -381,6 +381,79 @@ test_wss_psk(void)
#endif
}
+void
+test_wss_pipe_details(void)
+{
+ nng_socket s1;
+ nng_socket s2;
+ nng_tls_config *c1, *c2;
+ nng_sockaddr sa;
+ nng_listener l;
+ nng_dialer d;
+ nng_msg *msg;
+ nng_pipe p;
+ const nng_url *url;
+
+ c1 = wss_server_config_ecdsa();
+ c2 = wss_client_config_ecdsa();
+
+ NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
+ NUTS_OPEN(s1);
+ NUTS_OPEN(s2);
+ NUTS_PASS(nng_tls_config_auth_mode(c1, NNG_TLS_AUTH_MODE_REQUIRED));
+ NUTS_PASS(nng_tls_config_ca_chain(c1, nuts_ecdsa_server_crt, NULL));
+ NUTS_PASS(nng_tls_config_ca_chain(c2, nuts_ecdsa_server_crt, NULL));
+ NUTS_PASS(nng_listener_create(&l, s1, "wss://127.0.0.1:0/test"));
+ NUTS_PASS(nng_listener_set_tls(l, c1));
+ NUTS_PASS(nng_listener_start(l, 0));
+ NUTS_PASS(nng_listener_get_url(l, &url));
+ NUTS_MATCH(nng_url_scheme(url), "wss");
+ NUTS_PASS(nng_listener_get_addr(l, NNG_OPT_LOCADDR, &sa));
+ NUTS_TRUE(sa.s_in.sa_family == NNG_AF_INET);
+ NUTS_TRUE(sa.s_in.sa_port != 0);
+ NUTS_TRUE(sa.s_in.sa_addr = nuts_be32(0x7f000001));
+ NUTS_PASS(nng_dialer_create_url(&d, s2, url));
+ NUTS_PASS(nng_dialer_set_tls(d, c2));
+ NUTS_PASS(nng_dialer_start(d, 0));
+ nng_msleep(50);
+ NUTS_SEND(s1, "text");
+ NUTS_PASS(nng_recvmsg(s2, &msg, 0));
+ p = nng_msg_get_pipe(msg);
+ NUTS_TRUE(nng_pipe_id(p) >= 0);
+#if !defined(NNG_TLS_ENGINE_WOLFSSL) || defined(NNG_WOLFSSL_HAVE_PEER_CERT)
+ nng_tls_cert *cert;
+ char *name;
+ NUTS_PASS(nng_pipe_peer_cert(p, &cert));
+ NUTS_PASS(nng_tls_cert_subject(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "SUBJECT: %s", name);
+ NUTS_PASS(nng_tls_cert_issuer(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "ISSUER: %s", name);
+ NUTS_PASS(nng_tls_cert_serial_number(cert, &name));
+ NUTS_ASSERT(name != NULL);
+ nng_log_debug(NULL, "SERIAL: %s", name);
+ NUTS_PASS(nng_tls_cert_subject_cn(cert, &name));
+ NUTS_MATCH(name, "127.0.0.1");
+ NUTS_PASS(nng_tls_cert_next_alt(cert, &name));
+ nng_log_debug(NULL, "FIRST ALT: %s", name);
+ NUTS_MATCH(name, "localhost");
+ NUTS_FAIL(nng_tls_cert_next_alt(cert, &name), NNG_ENOENT);
+ struct tm when;
+ NUTS_PASS(nng_tls_cert_not_before(cert, &when));
+ nng_log_debug(NULL, "BEGINS: %s", asctime(&when));
+ NUTS_PASS(nng_tls_cert_not_after(cert, &when));
+ nng_log_debug(NULL, "EXPIRES: %s", asctime(&when));
+
+ nng_tls_cert_free(cert);
+#endif
+ nng_msg_free(msg);
+ NUTS_CLOSE(s2);
+ NUTS_CLOSE(s1);
+ nng_tls_config_free(c1);
+ nng_tls_config_free(c2);
+}
+
NUTS_TESTS = {
{ "wss port zero bind", test_wss_port_zero_bind },
{ "wss malformed address", test_wss_malformed_address },
@@ -390,6 +463,7 @@ NUTS_TESTS = {
{ "wss pre-shared key", test_wss_psk },
{ "wss bad cert mutual", test_wss_bad_cert_mutual },
{ "wss cert mutual", test_wss_cert_mutual },
+ { "wss pipe details", test_wss_pipe_details },
{ NULL, NULL },
};
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-18 15:35:46 +0000