diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/nng.h | 13 | ||||
| -rw-r--r-- | src/supplemental/http/client.c | 4 | ||||
| -rw-r--r-- | src/supplemental/http/server.c | 4 | ||||
| -rw-r--r-- | src/supplemental/tls/mbedtls/tls.c | 22 | ||||
| -rw-r--r-- | src/supplemental/tls/tls.h | 8 |
5 files changed, 34 insertions, 17 deletions
@@ -598,12 +598,14 @@ typedef enum nng_tls_auth_mode { NNG_TLS_AUTH_MODE_REQUIRED = 2, // Verify cert, close if invalid } nng_tls_auth_mode; -// nng_tls_config init creates a TLS configuration using +// nng_tls_config_alloc creates a TLS configuration using // reasonable defaults. This configuration can be shared // with multiple pipes or services/servers. NNG_DECL int nng_tls_config_init(nng_tls_config **, nng_tls_mode); -NNG_DECL void nng_tls_config_fini(nng_tls_config *); +// nng_tls_config_free drops the reference count on the TLS +// configuration object, and if zero, deallocates it. +NNG_DECL void nng_tls_config_free(nng_tls_config *); // nng_tls_config_server_name sets the server name. This is // called by clients to set the name that the server supplied @@ -619,7 +621,7 @@ NNG_DECL int nng_tls_config_server_name(nng_tls_config *, const char *); // format. NNG_DECL int nng_tls_config_ca_cert(nng_tls_config *, const uint8_t *, size_t); -// nng_tls_config_clr loads a certificate revocation list. Again, these +// nng_tls_config_crl loads a certificate revocation list. Again, these // are in X.509 format (either PEM or DER). NNG_DECL int nng_tls_config_crl(nng_tls_config *, const uint8_t *, size_t); @@ -636,11 +638,6 @@ NNG_DECL int nng_tls_config_key(nng_tls_config *, const uint8_t *, size_t); // private keys that are encrypted. NNG_DECL int nng_tls_config_pass(nng_tls_config *, const char *); -// nng_tls_config_validate_peer is used to enable validation of the peer -// and it's certificate. If disabled, the peer's certificate will still -// be available, but may not be valid. -NNG_DECL int nng_tls_config_validate_peer(nng_tls_config *, bool); - // nng_tls_config_auth_mode is used to configure the authentication mode use. // The default is that servers have this off (i.e. no client authentication) // and clients have it on (they verify the server), which matches typical diff --git a/src/supplemental/http/client.c b/src/supplemental/http/client.c index 4bb517ce..b1794f93 100644 --- a/src/supplemental/http/client.c +++ b/src/supplemental/http/client.c @@ -89,7 +89,7 @@ nni_http_client_fini(nni_http_client *c) nni_mtx_fini(&c->mtx); #ifdef NNG_SUPP_TLS if (c->tls != NULL) { - nng_tls_config_fini(c->tls); + nni_tls_config_fini(c->tls); } #endif NNI_FREE_STRUCT(c); @@ -134,7 +134,7 @@ nni_http_client_set_tls(nni_http_client *c, nng_tls_config *tls) } nni_mtx_unlock(&c->mtx); if (old != NULL) { - nng_tls_config_fini(old); + nni_tls_config_fini(old); } return (0); } diff --git a/src/supplemental/http/server.c b/src/supplemental/http/server.c index ba74a138..0f2b1369 100644 --- a/src/supplemental/http/server.c +++ b/src/supplemental/http/server.c @@ -609,7 +609,7 @@ http_server_fini(nni_http_server *s) nni_mtx_unlock(&s->mtx); #ifdef NNG_SUPP_TLS if (s->tls != NULL) { - nng_tls_config_fini(s->tls); + nni_tls_config_fini(s->tls); } #endif nni_aio_fini(s->accaio); @@ -1108,7 +1108,7 @@ nni_http_server_set_tls(nni_http_server *s, nng_tls_config *tcfg) } nni_mtx_unlock(&s->mtx); if (old) { - nng_tls_config_fini(old); + nni_tls_config_fini(old); } return (0); } diff --git a/src/supplemental/tls/mbedtls/tls.c b/src/supplemental/tls/mbedtls/tls.c index 3bbf4a33..5c92d7d9 100644 --- a/src/supplemental/tls/mbedtls/tls.c +++ b/src/supplemental/tls/mbedtls/tls.c @@ -157,7 +157,7 @@ nni_tls_random(void *arg, unsigned char *buf, size_t sz) } void -nng_tls_config_fini(nng_tls_config *cfg) +nni_tls_config_fini(nng_tls_config *cfg) { nni_tls_certkey *ck; @@ -199,7 +199,7 @@ nng_tls_config_fini(nng_tls_config *cfg) } int -nng_tls_config_init(nng_tls_config **cpp, enum nng_tls_mode mode) +nni_tls_config_init(nng_tls_config **cpp, enum nng_tls_mode mode) { nng_tls_config *cfg; int rv; @@ -227,7 +227,7 @@ nng_tls_config_init(nng_tls_config **cpp, enum nng_tls_mode mode) rv = mbedtls_ssl_config_defaults(&cfg->cfg_ctx, sslmode, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (rv != 0) { - nng_tls_config_fini(cfg); + nni_tls_config_fini(cfg); return (rv); } @@ -242,7 +242,7 @@ nng_tls_config_init(nng_tls_config **cpp, enum nng_tls_mode mode) rv = mbedtls_ctr_drbg_seed( &cfg->rng_ctx, nni_tls_get_entropy, NULL, NULL, 0); if (rv != 0) { - nng_tls_config_fini(cfg); + nni_tls_config_fini(cfg); return (rv); } #endif @@ -284,7 +284,7 @@ nni_tls_fini(nni_tls *tp) nni_free(tp->sendbuf, NNG_TLS_MAX_RECV_SIZE); if (tp->cfg != NULL) { // release the hold we got on it - nng_tls_config_fini(tp->cfg); + nni_tls_config_fini(tp->cfg); } NNI_FREE_STRUCT(tp); } @@ -1065,3 +1065,15 @@ err: nni_free(tmp, len); return (rv); } + +int +nng_tls_config_alloc(nng_tls_config **cfgp, nng_tls_mode mode) +{ + return (nni_tls_config_init(cfgp, mode)); +} + +int +nng_tls_config_free(nng_tls_config *cfg) +{ + nni_tls_config_fini(cfg); +}
\ No newline at end of file diff --git a/src/supplemental/tls/tls.h b/src/supplemental/tls/tls.h index 0c9e791f..8175854d 100644 --- a/src/supplemental/tls/tls.h +++ b/src/supplemental/tls/tls.h @@ -14,6 +14,14 @@ // nni_tls represents the context for a single TLS stream. typedef struct nni_tls nni_tls; +// nni_tls_config_init creates a new TLS configuration object. +// The object is created with a reference count of one. +extern int nni_tls_config_init(nng_tls_config **, nng_tls_mode); + +// nni_tls_config_fini drops the reference on the configuration +// object, deallocating if this was the last reference. +extern void nni_tls_config_fini(nng_tls_config *); + // nni_tls_config_hold is used to get a hold on the config // object, preventing it from being released inadvertently. // The hold is released with a call to nng_tls_config_fini(). |