diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/supplemental/http/http_client.c | 1 | ||||
| -rw-r--r-- | src/supplemental/http/http_server.c | 1 | ||||
| -rw-r--r-- | src/supplemental/tls/CMakeLists.txt | 8 | ||||
| -rw-r--r-- | src/supplemental/tls/mbedtls/tls.c | 6 | ||||
| -rw-r--r-- | src/supplemental/tls/tls.h | 5 | ||||
| -rw-r--r-- | src/transport/tls/tls.c | 10 | ||||
| -rw-r--r-- | src/transport/ws/websocket.c | 28 |
7 files changed, 48 insertions, 11 deletions
diff --git a/src/supplemental/http/http_client.c b/src/supplemental/http/http_client.c index a8260705..c70b7a63 100644 --- a/src/supplemental/http/http_client.c +++ b/src/supplemental/http/http_client.c @@ -223,6 +223,7 @@ nni_http_client_get_tls(nni_http_client *c, struct nng_tls_config **tlsp) nni_mtx_unlock(&c->mtx); return (NNG_EINVAL); } + nni_tls_config_hold(c->tls); *tlsp = c->tls; nni_mtx_unlock(&c->mtx); return (0); diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c index cdbfe3e6..b7ca9f7e 100644 --- a/src/supplemental/http/http_server.c +++ b/src/supplemental/http/http_server.c @@ -1799,6 +1799,7 @@ nni_http_server_get_tls(nni_http_server *s, nng_tls_config **tp) nni_mtx_unlock(&s->mtx); return (NNG_EINVAL); } + nni_tls_config_hold(s->tls); *tp = s->tls; nni_mtx_unlock(&s->mtx); return (0); diff --git a/src/supplemental/tls/CMakeLists.txt b/src/supplemental/tls/CMakeLists.txt index 3d1e6d02..111ff70f 100644 --- a/src/supplemental/tls/CMakeLists.txt +++ b/src/supplemental/tls/CMakeLists.txt @@ -19,7 +19,13 @@ set(_HDRS supplemental/tls/tls.h) # For now we only support the ARM mbedTLS library. if (NNG_SUPP_TLS_MBEDTLS) - Find_Package(mbedTLS REQUIRED) + message(WARNING " + ************************************************************ + Linking against mbedTLS changes license terms (Apache 2.0). + Consult a lawyer and the license files for details. + ************************************************************") + + find_package(mbedTLS REQUIRED) set(_LIBS ${MBEDTLS_LIBRARIES}) set(_INCS ${MBEDTLS_INCLUDE_DIR}) list(APPEND _SRCS supplemental/tls/mbedtls/tls.c) diff --git a/src/supplemental/tls/mbedtls/tls.c b/src/supplemental/tls/mbedtls/tls.c index 8f38df64..f7431ac6 100644 --- a/src/supplemental/tls/mbedtls/tls.c +++ b/src/supplemental/tls/mbedtls/tls.c @@ -1013,3 +1013,9 @@ nng_tls_config_free(nng_tls_config *cfg) { nni_tls_config_fini(cfg); } + +void +nng_tls_config_hold(nng_tls_config *cfg) +{ + nni_tls_config_hold(cfg); +} diff --git a/src/supplemental/tls/tls.h b/src/supplemental/tls/tls.h index 62da9618..5983f3b6 100644 --- a/src/supplemental/tls/tls.h +++ b/src/supplemental/tls/tls.h @@ -41,6 +41,11 @@ typedef enum nng_tls_auth_mode { // with multiple pipes or services/servers. NNG_DECL int nng_tls_config_alloc(nng_tls_config **, nng_tls_mode); +// nng_tls_config_hold increments the reference count on the TLS +// configuration object. The hold can be dropped by calling +// nng_tls_config_free later. +NNG_DECL void nng_tls_config_hold(nng_tls_config *); + // nng_tls_config_free drops the reference count on the TLS // configuration object, and if zero, deallocates it. NNG_DECL void nng_tls_config_free(nng_tls_config *); diff --git a/src/transport/tls/tls.c b/src/transport/tls/tls.c index 8fd59fd7..a8f196f7 100644 --- a/src/transport/tls/tls.c +++ b/src/transport/tls/tls.c @@ -1149,10 +1149,14 @@ tlstran_ep_set_config(void *arg, const void *data, size_t sz, nni_opt_type t) static int tlstran_ep_get_config(void *arg, void *v, size_t *szp, nni_opt_type t) { - tlstran_ep *ep = arg; - int rv; + tlstran_ep * ep = arg; + nng_tls_config *cfg; + int rv; nni_mtx_lock(&ep->mtx); - rv = nni_copyout_ptr(ep->cfg, v, szp, t); + if ((cfg = ep->cfg) != NULL) { + nni_tls_config_hold(cfg); + } + rv = nni_copyout_ptr(cfg, v, szp, t); nni_mtx_unlock(&ep->mtx); return (rv); } diff --git a/src/transport/ws/websocket.c b/src/transport/ws/websocket.c index baa9ea34..73dd8234 100644 --- a/src/transport/ws/websocket.c +++ b/src/transport/ws/websocket.c @@ -1060,7 +1060,9 @@ wss_dialer_set_cert_key_file( ((rv = nni_ws_dialer_get_tls(d->dialer, &tls)) != 0)) { return (rv); } - return (nng_tls_config_cert_key_file(tls, v, NULL)); + rv = nng_tls_config_cert_key_file(tls, v, NULL); + nni_tls_config_fini(tls); + return (rv); } static int @@ -1075,7 +1077,9 @@ wss_listener_set_cert_key_file( ((rv = nni_ws_listener_get_tls(l->listener, &tls)) != 0)) { return (rv); } - return (nng_tls_config_cert_key_file(tls, v, NULL)); + rv = nng_tls_config_cert_key_file(tls, v, NULL); + nni_tls_config_fini(tls); + return (rv); } static int @@ -1089,7 +1093,9 @@ wss_dialer_set_ca_file(void *arg, const void *v, size_t sz, nni_opt_type t) ((rv = nni_ws_dialer_get_tls(d->dialer, &tls)) != 0)) { return (rv); } - return (nng_tls_config_ca_file(tls, v)); + rv = nng_tls_config_ca_file(tls, v); + nni_tls_config_fini(tls); + return (rv); } static int @@ -1103,7 +1109,9 @@ wss_listener_set_ca_file(void *arg, const void *v, size_t sz, nni_opt_type t) ((rv = nni_ws_listener_get_tls(l->listener, &tls)) != 0)) { return (rv); } - return (nng_tls_config_ca_file(tls, v)); + rv = nng_tls_config_ca_file(tls, v); + nni_tls_config_fini(tls); + return (rv); } static int @@ -1128,7 +1136,9 @@ wss_dialer_set_auth_mode(void *arg, const void *v, size_t sz, nni_opt_type t) ((rv = nni_ws_dialer_get_tls(d->dialer, &tls)) != 0)) { return (rv); } - return (nng_tls_config_auth_mode(tls, mode)); + rv = nng_tls_config_auth_mode(tls, mode); + nni_tls_config_fini(tls); + return (rv); } static int @@ -1146,7 +1156,9 @@ wss_listener_set_auth_mode(void *arg, const void *v, size_t sz, nni_opt_type t) ((rv = nni_ws_listener_get_tls(l->listener, &tls)) != 0)) { return (rv); } - return (nng_tls_config_auth_mode(tls, mode)); + rv = nng_tls_config_auth_mode(tls, mode); + nni_tls_config_fini(tls); + return (rv); } static int @@ -1162,7 +1174,9 @@ wss_dialer_set_tls_server_name( return (rv); } - return (nng_tls_config_server_name(tls, v)); + rv = nng_tls_config_server_name(tls, v); + nni_tls_config_fini(tls); + return (rv); } static nni_tran_option wss_dialer_options[] = { |