aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/sp/transport/tls/tls.c9
-rw-r--r--src/supplemental/tls/tls_common.c167
-rw-r--r--src/supplemental/websocket/wssfile_test.c46
3 files changed, 23 insertions, 199 deletions
diff --git a/src/sp/transport/tls/tls.c b/src/sp/transport/tls/tls.c
index f488771b..f74209a2 100644
--- a/src/sp/transport/tls/tls.c
+++ b/src/sp/transport/tls/tls.c
@@ -61,7 +61,6 @@ struct tlstran_ep {
bool closed;
bool fini;
int refcnt;
- int authmode;
nni_url *url;
nni_list pipes;
nni_reap_node reap;
@@ -911,7 +910,6 @@ tlstran_ep_init_dialer(void **dp, nni_url *url, nni_dialer *ndialer)
((rv = nni_aio_alloc(&ep->connaio, tlstran_dial_cb, ep)) != 0)) {
return (rv);
}
- ep->authmode = NNG_TLS_AUTH_MODE_REQUIRED;
if ((rv != 0) ||
((rv = nng_stream_dialer_alloc_url(&ep->dialer, &myurl)) != 0)) {
@@ -967,8 +965,6 @@ tlstran_ep_init_listener(void **lp, nni_url *url, nni_listener *nlistener)
return (rv);
}
- ep->authmode = NNG_TLS_AUTH_MODE_NONE;
-
if (strlen(host) == 0) {
host = NULL;
}
@@ -989,10 +985,7 @@ tlstran_ep_init_listener(void **lp, nni_url *url, nni_listener *nlistener)
nni_aio_free(aio);
if ((rv != 0) ||
- ((rv = nng_stream_listener_alloc_url(&ep->listener, url)) != 0) ||
- ((rv = nni_stream_listener_set(ep->listener, NNG_OPT_TLS_AUTH_MODE,
- &ep->authmode, sizeof(ep->authmode), NNI_TYPE_INT32)) !=
- 0)) {
+ ((rv = nng_stream_listener_alloc_url(&ep->listener, url)) != 0)) {
tlstran_ep_fini(ep);
return (rv);
}
diff --git a/src/supplemental/tls/tls_common.c b/src/supplemental/tls/tls_common.c
index a6b3a8d6..02ca1442 100644
--- a/src/supplemental/tls/tls_common.c
+++ b/src/supplemental/tls/tls_common.c
@@ -191,23 +191,6 @@ tls_dialer_dial(void *arg, nng_aio *aio)
}
static int
-tls_check_string(const void *v, size_t sz, nni_opt_type t)
-{
- switch (t) {
- case NNI_TYPE_OPAQUE:
- if (nni_strnlen(v, sz) >= sz) {
- return (NNG_EINVAL);
- }
- return (0);
- case NNI_TYPE_STRING:
- // Caller is assumed to pass a good string.
- return (0);
- default:
- return (NNG_EBADTYPE);
- }
-}
-
-static int
tls_dialer_set_config(void *arg, const void *buf, size_t sz, nni_type t)
{
int rv;
@@ -249,65 +232,6 @@ tls_dialer_get_config(void *arg, void *buf, size_t *szp, nni_type t)
return (rv);
}
-static int
-tls_dialer_set_server_name(void *arg, const void *buf, size_t sz, nni_type t)
-{
- tls_dialer *d = arg;
- int rv;
- if ((rv = tls_check_string(buf, sz, t)) == 0) {
- nni_mtx_lock(&d->lk);
- rv = nng_tls_config_server_name(d->cfg, buf);
- nni_mtx_unlock(&d->lk);
- }
- return (rv);
-}
-
-static int
-tls_dialer_set_auth_mode(void *arg, const void *buf, size_t sz, nni_type t)
-{
- int mode;
- int rv;
- tls_dialer *d = arg;
-
- rv = nni_copyin_int(&mode, buf, sz, NNG_TLS_AUTH_MODE_NONE,
- NNG_TLS_AUTH_MODE_REQUIRED, t);
- if (rv == 0) {
- nni_mtx_lock(&d->lk);
- rv = nng_tls_config_auth_mode(d->cfg, mode);
- nni_mtx_unlock(&d->lk);
- }
- return (rv);
-}
-
-static int
-tls_dialer_set_ca_file(void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
- tls_dialer *d = arg;
- int rv;
-
- if ((rv = tls_check_string(buf, sz, t)) == 0) {
- nni_mtx_lock(&d->lk);
- rv = nng_tls_config_ca_file(d->cfg, buf);
- nni_mtx_unlock(&d->lk);
- }
- return (rv);
-}
-
-static int
-tls_dialer_set_cert_key_file(
- void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
- tls_dialer *d = arg;
- int rv;
-
- if ((rv = tls_check_string(buf, sz, t)) == 0) {
- nni_mtx_lock(&d->lk);
- rv = nng_tls_config_cert_key_file(d->cfg, buf, NULL);
- nni_mtx_unlock(&d->lk);
- }
- return (rv);
-}
-
static const nni_option tls_dialer_opts[] = {
{
.o_name = NNG_OPT_TLS_CONFIG,
@@ -315,22 +239,6 @@ static const nni_option tls_dialer_opts[] = {
.o_set = tls_dialer_set_config,
},
{
- .o_name = NNG_OPT_TLS_SERVER_NAME,
- .o_set = tls_dialer_set_server_name,
- },
- {
- .o_name = NNG_OPT_TLS_CA_FILE,
- .o_set = tls_dialer_set_ca_file,
- },
- {
- .o_name = NNG_OPT_TLS_CERT_KEY_FILE,
- .o_set = tls_dialer_set_cert_key_file,
- },
- {
- .o_name = NNG_OPT_TLS_AUTH_MODE,
- .o_set = tls_dialer_set_auth_mode,
- },
- {
.o_name = NULL,
},
};
@@ -508,65 +416,6 @@ tls_listener_get_config(void *arg, void *buf, size_t *szp, nni_type t)
return (rv);
}
-static int
-tls_listener_set_server_name(void *arg, const void *buf, size_t sz, nni_type t)
-{
- tls_listener *l = arg;
- int rv;
- if ((rv = tls_check_string(buf, sz, t)) == 0) {
- nni_mtx_lock(&l->lk);
- rv = nng_tls_config_server_name(l->cfg, buf);
- nni_mtx_unlock(&l->lk);
- }
- return (rv);
-}
-
-static int
-tls_listener_set_auth_mode(void *arg, const void *buf, size_t sz, nni_type t)
-{
- int mode;
- int rv;
- tls_listener *l = arg;
-
- rv = nni_copyin_int(&mode, buf, sz, NNG_TLS_AUTH_MODE_NONE,
- NNG_TLS_AUTH_MODE_REQUIRED, t);
- if (rv == 0) {
- nni_mtx_lock(&l->lk);
- rv = nng_tls_config_auth_mode(l->cfg, mode);
- nni_mtx_unlock(&l->lk);
- }
- return (rv);
-}
-
-static int
-tls_listener_set_ca_file(void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
- tls_listener *l = arg;
- int rv;
-
- if ((rv = tls_check_string(buf, sz, t)) == 0) {
- nni_mtx_lock(&l->lk);
- rv = nng_tls_config_ca_file(l->cfg, buf);
- nni_mtx_unlock(&l->lk);
- }
- return (rv);
-}
-
-static int
-tls_listener_set_cert_key_file(
- void *arg, const void *buf, size_t sz, nni_opt_type t)
-{
- tls_listener *l = arg;
- int rv;
-
- if ((rv = tls_check_string(buf, sz, t)) == 0) {
- nni_mtx_lock(&l->lk);
- rv = nng_tls_config_cert_key_file(l->cfg, buf, NULL);
- nni_mtx_unlock(&l->lk);
- }
- return (rv);
-}
-
static const nni_option tls_listener_opts[] = {
{
.o_name = NNG_OPT_TLS_CONFIG,
@@ -574,22 +423,6 @@ static const nni_option tls_listener_opts[] = {
.o_set = tls_listener_set_config,
},
{
- .o_name = NNG_OPT_TLS_SERVER_NAME,
- .o_set = tls_listener_set_server_name,
- },
- {
- .o_name = NNG_OPT_TLS_CA_FILE,
- .o_set = tls_listener_set_ca_file,
- },
- {
- .o_name = NNG_OPT_TLS_CERT_KEY_FILE,
- .o_set = tls_listener_set_cert_key_file,
- },
- {
- .o_name = NNG_OPT_TLS_AUTH_MODE,
- .o_set = tls_listener_set_auth_mode,
- },
- {
.o_name = NULL,
},
};
diff --git a/src/supplemental/websocket/wssfile_test.c b/src/supplemental/websocket/wssfile_test.c
index 51b78645..b449a6bf 100644
--- a/src/supplemental/websocket/wssfile_test.c
+++ b/src/supplemental/websocket/wssfile_test.c
@@ -9,6 +9,7 @@
//
#include "core/nng_impl.h"
+#include "nng/supplemental/tls/tls.h"
#include <nuts.h>
@@ -20,26 +21,30 @@
static void
init_dialer_wss_file(nng_dialer d)
{
- char *tmpdir;
- char *pth;
+ char *tmpdir;
+ char *pth;
+ nng_tls_config *c;
NUTS_ASSERT((tmpdir = nni_plat_temp_dir()) != NULL);
NUTS_ASSERT((pth = nni_file_join(tmpdir, CACERT)) != NULL);
nng_strfree(tmpdir);
NUTS_PASS(nni_file_put(pth, nuts_server_crt, strlen(nuts_server_crt)));
- NUTS_PASS(nng_dialer_set_string(d, NNG_OPT_TLS_CA_FILE, pth));
- NUTS_PASS(
- nng_dialer_set_string(d, NNG_OPT_TLS_SERVER_NAME, "localhost"));
+ NUTS_PASS(nng_tls_config_alloc(&c, NNG_TLS_MODE_CLIENT));
+ NUTS_PASS(nng_tls_config_ca_file(c, pth));
+ NUTS_PASS(nng_tls_config_server_name(c, "localhost"));
+ NUTS_PASS(nng_dialer_set_ptr(d, NNG_OPT_TLS_CONFIG, c));
nni_file_delete(pth);
nng_strfree(pth);
+ nng_tls_config_free(c);
}
static void
init_listener_wss_file(nng_listener l)
{
- char *tmpdir;
- char *pth;
- char *cert_key;
+ char *tmpdir;
+ char *pth;
+ char *cert_key;
+ nng_tls_config *c;
NUTS_ASSERT((tmpdir = nni_plat_temp_dir()) != NULL);
NUTS_ASSERT((pth = nni_file_join(tmpdir, CERT_KEY)) != NULL);
@@ -50,10 +55,13 @@ init_listener_wss_file(nng_listener l)
NUTS_PASS(nni_file_put(pth, cert_key, strlen(cert_key)));
nng_strfree(cert_key);
- NUTS_PASS(nng_listener_set_string(l, NNG_OPT_TLS_CERT_KEY_FILE, pth));
+ NUTS_PASS(nng_tls_config_alloc(&c, NNG_TLS_MODE_SERVER));
+ NUTS_PASS(nng_tls_config_cert_key_file(c, pth, pth));
+ NUTS_PASS(nng_listener_set_ptr(l, NNG_OPT_TLS_CONFIG, c));
nni_file_delete(pth);
nng_strfree(pth);
+ nng_tls_config_free(c);
}
static void
@@ -85,8 +93,6 @@ test_invalid_verify(void)
int rv;
NUTS_PASS(nng_dialer_create(&d, s2, addr));
- NUTS_PASS(nng_dialer_set_int(
- d, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_REQUIRED));
rv = nng_dialer_start(d, 0);
NUTS_TRUE(rv != 0);
@@ -126,10 +132,6 @@ test_no_verify(void)
snprintf(addr, sizeof(addr), "wss://127.0.0.1:%u/test", port);
NUTS_PASS(nng_dialer_create(&d, s2, addr));
init_dialer_wss_file(d);
- NUTS_PASS(nng_dialer_set_int(
- d, NNG_OPT_TLS_AUTH_MODE, NNG_TLS_AUTH_MODE_OPTIONAL));
- NUTS_PASS(
- nng_dialer_set_string(d, NNG_OPT_TLS_SERVER_NAME, "localhost"));
NUTS_PASS(nng_dialer_start(d, 0));
nng_msleep(100);
@@ -203,17 +205,13 @@ test_verify_works(void)
static void
test_cert_file_not_present(void)
{
- nng_socket s1;
- nng_listener l;
-
- NUTS_PASS(nng_pair_open(&s1));
- NUTS_PASS(nng_listener_create(&l, s1, "wss4://:0/test"));
+ nng_tls_config *c;
- NUTS_FAIL(nng_listener_set_string(
- l, NNG_OPT_TLS_CERT_KEY_FILE, "no-such-file.pem"),
+ NUTS_PASS(nng_tls_config_alloc(&c, NNG_TLS_MODE_SERVER));
+ NUTS_FAIL(nng_tls_config_cert_key_file(
+ c, "no-such-file.pem", "no-such-file.pem"),
NNG_ENOENT);
-
- NUTS_PASS(nng_close(s1));
+ nng_tls_config_free(c);
}
#endif
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-18 14:14:05 +0000