| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
| |
Using nng_find_package as the helper fixes this, by ensuring that the
dependency gets properly added to incorporating projects.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows us to explicitly stop streams, dialers, and listeners,
before we start tearing down things. This hopefully will be useful
in resolving use-after-free bugs in http, tls, and websockets.
The new functions are not yet documented, but they are
nng_stream_stop, nng_stream_dialer_stop, and nng_stream_listener_stop.
They should be called after close, and before free. The close
functions now close without blocking, but the stop function is
allowed to block.
|
| |
|
|
|
| |
Temporarily we have removed access to the peer alt names, but
that was never used and was not tested (it also didn't work with WolfSSL.)
|
| |
|
|
|
|
|
|
| |
Also, make it clearer that TLS keys and certificates can only
be set once on a configuration. (mbedTLS makes this confusing!)
This mutual test is only fully validated on mbed, because wolfSSL
seems to not properly validate this in many configurations.
|
| |
|
|
| |
Also add a test case for mismatch verify.
|
| | |
|
| |
|
|
|
| |
Those old algorithms are not used anywhere, and are not recommended.
TLS 1.2 support has been prevalent for over a decade.
|
| |
|
|
|
|
|
|
|
| |
Applications must now call nng_init(), but they can supply
a set of parameters optionally. The code is now safe for
multiple libraries to do this concurrently, meaning nng_fini
no longer can race against another instance starting up.
The nni_init checks on all public APIs are removed now.
|
| |
|
|
| |
This also covers a few test cases that we were missing.
|
| |
|
|
| |
This is simpler, and more reliable than using socket options.
|
| |
|
|
| |
This was not really used or useful.
|
| |
|
|
|
|
|
|
| |
This is a breaking change.
TLS configuration changes are to be made using TLS configuration
objects, and then set on a listener or dialer with NNG_OPT_TLS_CONFIG.
This should be a bit less racy, and allows for simpler code.
|
| |
|
|
|
| |
This requires using a supporting version of Mbed TLS.
We have to use PSA crypto for TLS 1.3.
|
| |
|
|
| |
as NNG and add PSK
|
| |
|
|
| |
This is in preparation for the wolfSSL integration.
|
| |
|
|
|
| |
Also, while here, prepare for PSK support to be conditional -- it is not
necessarily on by default in all future engines (e.g. WolfSSL.)
|
| | |
|
| |
|
|
|
|
| |
This also adds an SP layer transport test for TLS, based on the TCP
test but with some additions; this test does not cover all the edge
cases for TLS, but it does at least show how to use it.
|
| | |
|
| |
|
|
|
| |
This isn't complete, but it should go much further in assisting
debugging TLS related errors.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the missing stub function implementation for `nng_tls_config_hold`.
Fixes an error when loading the library and expecting to have this
symbol available.
The availability of the symbol can be checked with nm:
```
nm -D cmake-build-release/libnng.so.1.7.3 | grep nng_tls_config_hold
```
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Try to use the Mbed TLS cmake configuration data if present, and
refactor our FindModule to adhere to the same basic API.
|
| |
|
|
|
|
| |
The aio for connections was meant to have an infinite sleep (no
timeout), but was getting an initial value of zero, so we were spinning
on accept.
|
| |
|
| |
Co-authored-by: Christian Fischbach <cfischbach@mac.com>
|
| |
|
|
| |
Signed-off-by: Andrey Vostrikov <andrey.vostrikov@cogentembedded.com>
Co-authored-by: Andrey Vostrikov <andrey.vostrikov@cogentembedded.com>
|
| |
|
|
|
|
| |
This eliminates some run-time initialization, moving it to compile time.
Additional follow up work will expand on this to simplify initialization
and reduce the need for certain locks.
|
| |
|
|
|
| |
This is initially used for TLS to make loading the engine pointer
faster, eliminating a much more expensive lock operation.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The comment is an artifact from an old tls_reap function and no longer
describes the following function (conn_init).
Function conn_init should be marked static.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is based on testutil/acutest, but is cleaner and fixes some
short-comings. We will be adding more support for additional
common paradigms to better facilitate transport tests.
While here we added some more test cases, and fixed a possible
symbol collision in the the stats framework (due to Linux use
of a macro definition of "si_value" in a standard OS header).
Test coverage may regress slightly as we are no longer using
some of the legacy APIs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a sweeping cleanup of the transport logic around options,
and also harmonizes the names used when setting or getting options.
Additionally, legacy methods are now moved into a separate file and
can be elided via CMake or a preprocessor define.
Fundamentally, the ability to set to transport options via the socket
is deprecated; there are numerous problems with this and my earlier
approaches to deal with this have been somewhat misguided. Further
these approaches will not work with future protocol work that is
planned (were some options need to be negotiated with peers at the
time of connection establishment.)
Documentation has been updated to reflect this. The test suites still
make rather broad use of the older APIs, and will be converted later.
|
| |
|
|
|
| |
This doesn't modularize all the tests yet, but it goes a long way
in the right direction.
|
| | |
|
| |
|
|
|
|
| |
This was first detected as a stack overrun, but in actuality the
problem could have lead to corruption of TLS messages due to
prematurely recording transmit completion.
|
| |
|
|
|
| |
This also starts the test framework NNG streams, so that we can
test those more directly.
|
| |
|
|
|
|
|
|
| |
This introduces support for an external wolfSSL plugin, and generally
creates the framework for pluggable TLS implementations.
The wolfSSL engine is provided via an external module (git submodule),
available either under a GPLv3 license or a commercial license.
|
| |
|
|
|
| |
This only does it for rep, but it also has changes that should increase
the overall test coverage for the REP protocol
|
| |
|
|
|
|
|
|
|
|
|
| |
We reap the connections when closing, to ensure that the clean up is
done outside the pollq thread. This also reduces pressure on the
pollq, we think. But more importantly it eliminates some complex
code that was meant to avoid deadlocks, but ultimately created other
use-after-free challenges. This work is an enabler for further
simplifications in the aio/task logic. While here we converted some
potentially racy locking of the dialers and reference counts to simpler
lock-free reference counting.
|
| | |
|
| | |
|
| |
|
|
|
| |
This also introduces a more efficient reference counting usage based
on atomics, rather than locks.
|
