aboutsummaryrefslogtreecommitdiff
path: root/src/supplemental/tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/supplemental/tls')
-rw-r--r--src/supplemental/tls/mbedtls/tls.c66
-rw-r--r--src/supplemental/tls/none/tls.c42
-rw-r--r--src/supplemental/tls/tls_api.h20
3 files changed, 65 insertions, 63 deletions
diff --git a/src/supplemental/tls/mbedtls/tls.c b/src/supplemental/tls/mbedtls/tls.c
index c01ff2ed..29f1873e 100644
--- a/src/supplemental/tls/mbedtls/tls.c
+++ b/src/supplemental/tls/mbedtls/tls.c
@@ -1,6 +1,7 @@
//
// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2018 Devolutions <info@devolutions.net>
//
// This software is supplied under the terms of the MIT License, a
// copy of which should be located in the distribution where this
@@ -27,10 +28,10 @@
#include "mbedtls/ssl.h"
#include "core/nng_impl.h"
-
-#include "nng/supplemental/tls/tls.h"
#include "supplemental/tls/tls_api.h"
+#include <nng/supplemental/tls/tls.h>
+
// Implementation note. This implementation buffers data between the TLS
// encryption layer (mbedTLS) and the underlying TCP socket. As a result,
// there may be some additional latency caused by buffer draining and
@@ -310,11 +311,13 @@ nni_tls_init(nni_tls **tpp, nng_tls_config *cfg, nni_tcp_conn *tcp)
{
nni_tls *tp;
int rv;
+ bool on = true;
// During the handshake, disable Nagle to shorten the
// negotiation. Once things are set up the caller can
// re-enable Nagle if so desired.
- (void) nni_tcp_conn_set_nodelay(tcp, true);
+ (void) nni_tcp_conn_setopt(
+ tcp, NNG_OPT_TCP_NODELAY, &on, sizeof(on), NNI_TYPE_BOOL);
if ((tp = NNI_ALLOC_STRUCT(tp)) == NULL) {
return (NNG_ENOMEM);
@@ -612,28 +615,49 @@ nni_tls_recv(nni_tls *tp, nni_aio *aio)
nni_mtx_unlock(&tp->lk);
}
-int
-nni_tls_peername(nni_tls *tp, nni_sockaddr *sa)
+static int
+tls_get_verified(void *arg, void *buf, size_t *szp, nni_type t)
{
- return (nni_tcp_conn_peername(tp->tcp, sa));
-}
+ nni_tls *tp = arg;
+ bool v = (mbedtls_ssl_get_verify_result(&tp->ctx) == 0);
-int
-nni_tls_sockname(nni_tls *tp, nni_sockaddr *sa)
-{
- return (nni_tcp_conn_sockname(tp->tcp, sa));
+ return (nni_copyout_bool(v, buf, szp, t));
}
+static const nni_option tls_options[] = {
+ {
+ .o_name = NNG_OPT_TLS_VERIFIED,
+ .o_get = tls_get_verified,
+ },
+ {
+ .o_name = NULL,
+ },
+};
+
int
-nni_tls_set_nodelay(nni_tls *tp, bool val)
+nni_tls_setopt(
+ nni_tls *tp, const char *name, const void *buf, size_t sz, nni_type t)
{
- return (nni_tcp_conn_set_nodelay(tp->tcp, val));
+ int rv;
+
+ if ((rv = nni_tcp_conn_setopt(tp->tcp, name, buf, sz, t)) !=
+ NNG_ENOTSUP) {
+ return (rv);
+ }
+ return (nni_setopt(tls_options, name, tp, buf, sz, t));
}
int
-nni_tls_set_keepalive(nni_tls *tp, bool val)
+nni_tls_getopt(
+ nni_tls *tp, const char *name, void *buf, size_t *szp, nni_type t)
{
- return (nni_tcp_conn_set_keepalive(tp->tcp, val));
+ int rv;
+
+ if ((rv = nni_tcp_conn_getopt(tp->tcp, name, buf, szp, t)) !=
+ NNG_ENOTSUP) {
+ return (rv);
+ }
+ return (nni_getopt(tls_options, name, tp, buf, szp, t));
}
static void
@@ -790,18 +814,6 @@ nni_tls_close(nni_tls *tp)
nni_mtx_unlock(&tp->lk);
}
-const char *
-nni_tls_ciphersuite_name(nni_tls *tp)
-{
- return (mbedtls_ssl_get_ciphersuite(&tp->ctx));
-}
-
-bool
-nni_tls_verified(nni_tls *tp)
-{
- return (mbedtls_ssl_get_verify_result(&tp->ctx) == 0);
-}
-
int
nng_tls_config_server_name(nng_tls_config *cfg, const char *name)
{
diff --git a/src/supplemental/tls/none/tls.c b/src/supplemental/tls/none/tls.c
index e9d84e19..257bb6b1 100644
--- a/src/supplemental/tls/none/tls.c
+++ b/src/supplemental/tls/none/tls.c
@@ -1,6 +1,7 @@
//
// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2018 Devolutions <info@devolutions.net>
//
// This software is supplied under the terms of the MIT License, a
// copy of which should be located in the distribution where this
@@ -17,9 +18,10 @@
// We provide stub functions only to satisfy linkage.
#include "core/nng_impl.h"
-#include "nng/supplemental/tls/tls.h"
#include "supplemental/tls/tls_api.h"
+#include <nng/supplemental/tls/tls.h>
+
void
nni_tls_config_fini(nng_tls_config *cfg)
{
@@ -72,40 +74,34 @@ nni_tls_recv(nni_tls *tp, nni_aio *aio)
nni_aio_finish_error(aio, NNG_ENOTSUP);
}
-int
-nni_tls_peername(nni_tls *tp, nni_sockaddr *sa)
-{
- NNI_ARG_UNUSED(tp);
- NNI_ARG_UNUSED(sa);
- return (NNG_ENOTSUP);
-}
-
-int
-nni_tls_sockname(nni_tls *tp, nni_sockaddr *sa)
-{
- NNI_ARG_UNUSED(tp);
- NNI_ARG_UNUSED(sa);
- return (NNG_ENOTSUP);
-}
-
void
nni_tls_close(nni_tls *tp)
{
NNI_ARG_UNUSED(tp);
}
-const char *
-nni_tls_ciphersuite_name(nni_tls *tp)
+int
+nni_tls_getopt(
+ nni_tls *tp, const char *name, void *buf, size_t *szp, nni_type t)
{
NNI_ARG_UNUSED(tp);
- return (NULL);
+ NNI_ARG_UNUSED(name);
+ NNI_ARG_UNUSED(buf);
+ NNI_ARG_UNUSED(szp);
+ NNI_ARG_UNUSED(t);
+ return (NNG_ENOTSUP);
}
-bool
-nni_tls_verified(nni_tls *tp)
+int
+nni_tls_setopt(
+ nni_tls *tp, const char *name, const void *buf, size_t sz, nni_type t)
{
NNI_ARG_UNUSED(tp);
- return (false);
+ NNI_ARG_UNUSED(name);
+ NNI_ARG_UNUSED(buf);
+ NNI_ARG_UNUSED(sz);
+ NNI_ARG_UNUSED(t);
+ return (NNG_ENOTSUP);
}
int
diff --git a/src/supplemental/tls/tls_api.h b/src/supplemental/tls/tls_api.h
index 53dba7fe..63424d5e 100644
--- a/src/supplemental/tls/tls_api.h
+++ b/src/supplemental/tls/tls_api.h
@@ -1,6 +1,7 @@
//
// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
// Copyright 2018 Capitar IT Group BV <info@capitar.com>
+// Copyright 2018 Devolutions <info@devolutions.net>
//
// This software is supplied under the terms of the MIT License, a
// copy of which should be located in the distribution where this
@@ -13,6 +14,8 @@
#include <stdbool.h>
+#include <nng/supplemental/tls/tls.h>
+
// nni_tls represents the context for a single TLS stream.
typedef struct nni_tls nni_tls;
@@ -36,19 +39,10 @@ extern void nni_tls_close(nni_tls *);
extern void nni_tls_fini(nni_tls *);
extern void nni_tls_send(nni_tls *, nng_aio *);
extern void nni_tls_recv(nni_tls *, nng_aio *);
-extern int nni_tls_sockname(nni_tls *, nni_sockaddr *);
-extern int nni_tls_peername(nni_tls *, nni_sockaddr *);
-extern int nni_tls_set_nodelay(nni_tls *, bool);
-extern int nni_tls_set_keepalive(nni_tls *, bool);
-
-// nni_tls_verified returns true if the peer, or false if the peer did not
-// verify. (During the handshake phase, the peer is not verified, so this
-// might return false if executed too soon. The verification status will
-// be accurate once the handshake is finished, however.
-extern bool nni_tls_verified(nni_tls *);
-
-// nni_tls_ciphersuite_name returns the name of the ciphersuite in use.
-extern const char *nni_tls_ciphersuite_name(nni_tls *);
+
+extern int nni_tls_setopt(
+ nni_tls *, const char *, const void *, size_t, nni_type);
+extern int nni_tls_getopt(nni_tls *, const char *, void *, size_t *, nni_type);
// TBD: getting additional peer certificate information...
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-21 22:14:06 +0000