aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/sp/transport/ws/ws_test.c20
-rw-r--r--src/supplemental/tls/tls_common.c19
-rw-r--r--src/supplemental/websocket/wssfile_test.c58
3 files changed, 97 insertions, 0 deletions
diff --git a/src/sp/transport/ws/ws_test.c b/src/sp/transport/ws/ws_test.c
index 9115338f..0f514cfe 100644
--- a/src/sp/transport/ws/ws_test.c
+++ b/src/sp/transport/ws/ws_test.c
@@ -170,11 +170,31 @@ test_ws_recv_max(void)
NUTS_CLOSE(s1);
}
+void
+test_ws_no_tls(void)
+{
+ nng_socket s0;
+ nng_listener l;
+ nng_dialer d;
+ char *addr;
+ nng_tls_config *tls;
+
+ NUTS_ADDR(addr, "ws");
+ NUTS_OPEN(s0);
+ NUTS_PASS(nng_listener_create(&l, s0, addr));
+ NUTS_FAIL(nng_listener_get_tls(l, &tls), NNG_ENOTSUP);
+
+ NUTS_PASS(nng_dialer_create(&d, s0, addr));
+ NUTS_FAIL(nng_dialer_get_tls(d, &tls), NNG_ENOTSUP);
+ NUTS_CLOSE(s0);
+}
+
TEST_LIST = {
{ "ws url path filters", test_ws_url_path_filters },
{ "ws wild card port", test_wild_card_port },
{ "ws wild card host", test_wild_card_host },
{ "ws empty host", test_empty_host },
{ "ws recv max", test_ws_recv_max },
+ { "ws no tls", test_ws_no_tls },
{ NULL, NULL },
};
diff --git a/src/supplemental/tls/tls_common.c b/src/supplemental/tls/tls_common.c
index 49d1a292..b197af91 100644
--- a/src/supplemental/tls/tls_common.c
+++ b/src/supplemental/tls/tls_common.c
@@ -102,6 +102,7 @@ typedef struct {
nng_stream_dialer ops;
nng_stream_dialer *d; // underlying TCP dialer
nng_tls_config *cfg;
+ bool started;
nni_mtx lk; // protects the config
} tls_dialer;
@@ -186,6 +187,9 @@ tls_dialer_dial(void *arg, nng_aio *aio)
tls_free(conn);
return;
}
+ nni_mtx_lock(&d->lk);
+ d->started = true;
+ nni_mtx_unlock(&d->lk);
nng_stream_dialer_dial(d->d, &conn->conn_aio);
}
@@ -198,9 +202,15 @@ tls_dialer_set_tls(void *arg, nng_tls_config *cfg)
if (cfg == NULL) {
return (NNG_EINVAL);
}
+
nng_tls_config_hold(cfg);
nni_mtx_lock(&d->lk);
+ if (d->started) {
+ nni_mtx_unlock(&d->lk);
+ nng_tls_config_free(cfg);
+ return (NNG_EBUSY);
+ }
old = d->cfg;
d->cfg = cfg;
nni_mtx_unlock(&d->lk);
@@ -287,6 +297,7 @@ typedef struct {
nng_stream_listener ops;
nng_stream_listener *l;
nng_tls_config *cfg;
+ bool started;
nni_mtx lk;
} tls_listener;
@@ -314,6 +325,9 @@ static int
tls_listener_listen(void *arg)
{
tls_listener *l = arg;
+ nni_mtx_lock(&l->lk);
+ l->started = true;
+ nni_mtx_unlock(&l->lk);
return (nng_stream_listener_listen(l->l));
}
@@ -352,6 +366,11 @@ tls_listener_set_tls(void *arg, nng_tls_config *cfg)
nng_tls_config_hold(cfg);
nni_mtx_lock(&l->lk);
+ if (l->started) {
+ nni_mtx_unlock(&l->lk);
+ nng_tls_config_free(cfg);
+ return (NNG_EBUSY);
+ }
old = l->cfg;
l->cfg = cfg;
nni_mtx_unlock(&l->lk);
diff --git a/src/supplemental/websocket/wssfile_test.c b/src/supplemental/websocket/wssfile_test.c
index 584f8481..972f040f 100644
--- a/src/supplemental/websocket/wssfile_test.c
+++ b/src/supplemental/websocket/wssfile_test.c
@@ -9,6 +9,7 @@
//
#include "core/nng_impl.h"
+#include "nng/nng.h"
#include "nng/supplemental/tls/tls.h"
#include <nuts.h>
@@ -214,6 +215,62 @@ test_cert_file_not_present(void)
nng_tls_config_free(c);
}
+static void
+test_tls_config(void)
+{
+ uint16_t port = nuts_next_port();
+ nng_socket s1;
+ nng_socket s2;
+ nng_listener l;
+ nng_dialer d;
+ char addr[40];
+ nng_tls_config *cfg;
+
+ (void) snprintf(addr, sizeof(addr), "wss4://:%u/test", port);
+
+ NUTS_PASS(nng_pair_open(&s1));
+ NUTS_PASS(nng_pair_open(&s2));
+ NUTS_PASS(nng_listener_create(&l, s1, addr));
+ NUTS_PASS(nng_listener_get_tls(l, &cfg));
+ nng_tls_config_hold(cfg);
+ NUTS_TRUE(cfg != NULL);
+
+ init_listener_wss_file(l);
+ NUTS_PASS(nng_listener_start(l, 0));
+
+ // make sure we cannot change the auth mode while running
+
+ NUTS_FAIL(nng_listener_set_tls(l, cfg), NNG_EBUSY);
+ nng_tls_config_free(cfg);
+
+ NUTS_PASS(nng_listener_get_tls(l, &cfg));
+
+ NUTS_FAIL(
+ nng_tls_config_auth_mode(cfg, NNG_TLS_AUTH_MODE_NONE), NNG_EBUSY);
+
+ nng_msleep(100);
+
+ snprintf(addr, sizeof(addr), "wss://127.0.0.1:%u/test", port);
+
+ // We find that sometimes this fails due to NNG_EPEERAUTH, but it
+ // can also fail due to NNG_ECLOSED. This seems to be timing
+ // dependent, based on receive vs. send timing most likely.
+ // Applications shouldn't really depend that much on this.
+ int rv;
+
+ NUTS_PASS(nng_dialer_create(&d, s2, addr));
+ rv = nng_dialer_start(d, 0);
+ NUTS_PASS(nng_dialer_get_tls(d, &cfg));
+ NUTS_FAIL(nng_dialer_set_tls(d, cfg), NNG_EBUSY);
+
+ NUTS_TRUE(rv != 0);
+ NUTS_TRUE((rv == NNG_EPEERAUTH) || (rv == NNG_ECLOSED) ||
+ (rv == NNG_ECRYPTO));
+
+ NUTS_PASS(nng_close(s1));
+ NUTS_PASS(nng_close(s2));
+}
+
#endif
NUTS_TESTS = {
@@ -222,6 +279,7 @@ NUTS_TESTS = {
{ "wss file no verify", test_no_verify },
{ "wss file verify works", test_verify_works },
{ "wss file ca cert missing", test_cert_file_not_present },
+ { "wss tls config", test_tls_config },
#endif
{ NULL, NULL },
};
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-01-18 15:18:22 +0000