| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
There are only a few possible reasonable values, and we can intern
them to avoid any allocations for it. (We will probably do the same
for the HTTP method shortly as well.)
|
| |
|
|
| |
This should simplify debugging in some circumstances.
|
| |
|
|
| |
Fewer failure paths, fewer allocations.
|
| |
|
|
| |
Also properly stop it when doing http_server_stop.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows us to explicitly stop streams, dialers, and listeners,
before we start tearing down things. This hopefully will be useful
in resolving use-after-free bugs in http, tls, and websockets.
The new functions are not yet documented, but they are
nng_stream_stop, nng_stream_dialer_stop, and nng_stream_listener_stop.
They should be called after close, and before free. The close
functions now close without blocking, but the stop function is
allowed to block.
|
| |
|
|
| |
This covers both the ttransport and the supplemental layers.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Because it is typically associated with insecure code, use of sprintf
is discouraged. Note that our usage was actually quite careful and
not insecure, but its mere presence raises concern especially by parties
who are unwilling or unable to assess the actual code for correctness.
A better choice here would be strlcat, but strlcat is not universally
available.
|
| | |
|
| |
|
|
|
| |
Temporarily we have removed access to the peer alt names, but
that was never used and was not tested (it also didn't work with WolfSSL.)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Also, make it clearer that TLS keys and certificates can only
be set once on a configuration. (mbedTLS makes this confusing!)
This mutual test is only fully validated on mbed, because wolfSSL
seems to not properly validate this in many configurations.
|
| |
|
|
| |
Also add a test case for mismatch verify.
|
| | |
|
| |
|
|
|
| |
While TCP and UDP port numbers are 16-bits, ZT uses a larger (24-bit)
port number.
|
| |
|
|
| |
the separation of nni_url and nng_url.
|
| |
|
|
|
|
|
| |
This eliminates most (but not all) of the dynamic allocations
associated with URL objects. A number of convenience fields
on the URL are removed, but we are able to use common buffer
for most of the details.
|
| |
|
|
|
|
|
|
|
|
|
| |
The idea here is to reduce the dynamic allocations used for
URLs, and also the back and forth with parsing begin strings
and port numbers. We always resolve to a port number, and
this is easier for everyone.
The real goal in the long term is to eliminate dynamic allocation
of the URL fields altogether, but that requires a little more
work. This is a step in the right direction.
|
| | |
|
| |
|
|
|
| |
Those old algorithms are not used anywhere, and are not recommended.
TLS 1.2 support has been prevalent for over a decade.
|
| |
|
|
|
|
|
|
|
| |
Applications must now call nng_init(), but they can supply
a set of parameters optionally. The code is now safe for
multiple libraries to do this concurrently, meaning nng_fini
no longer can race against another instance starting up.
The nni_init checks on all public APIs are removed now.
|
| |
|
|
| |
This also covers a few test cases that we were missing.
|
| |
|
|
| |
This is simpler, and more reliable than using socket options.
|
| |
|
|
| |
This was a crasher bug (found by test suite).
|
| |
|
|
|
|
|
|
| |
This also fixes a couple of minor bugs -- changing the socket name
could be incorrect as the termination was not applied properly,
and the ZeroTier code got a change -- note that it is only possible
in this revised version to pass a single moon ID for ZT orbit.
The ZT code is a bit stale, and untested anyway.
|
| |
|
|
|
| |
The underlying stream APIs have no need for untyped accessors.
Another step on the road to removal of NNI_TYPE_OPAQUE.
|
| |
|
|
| |
This is a step on the path to removing unsafe untyped option accesses.
|
| |
|
|
| |
This was not really used or useful.
|
| |
|
|
|
|
|
|
| |
This is a breaking change.
TLS configuration changes are to be made using TLS configuration
objects, and then set on a listener or dialer with NNG_OPT_TLS_CONFIG.
This should be a bit less racy, and allows for simpler code.
|
| |
|
|
|
|
| |
This also allows to remove most of the transport headers.
Only zerotier.h sticks around, and only for now. (We expect to
eject it into a separate module.)
|
| |
|
|
|
| |
This requires using a supporting version of Mbed TLS.
We have to use PSA crypto for TLS 1.3.
|
| |
|
|
|
|
| |
This allows an efficient way to iterate over the entries
stored in an ID hash. The iteration is fast, and requires no
additional storage. The order of iteration is not guaranteed.
|
| |
|
|
| |
as NNG and add PSK
|
| |
|
|
| |
This is in preparation for the wolfSSL integration.
|
| |
|
|
|
| |
Also, while here, prepare for PSK support to be conditional -- it is not
necessarily on by default in all future engines (e.g. WolfSSL.)
|
| | |
|
| |
|
|
|
|
| |
This also adds an SP layer transport test for TLS, based on the TCP
test but with some additions; this test does not cover all the edge
cases for TLS, but it does at least show how to use it.
|
| |
|
|
| |
This also deprecates supplemental/util/platform.h.
|
| | |
|
| |
|
|
|
| |
This isn't complete, but it should go much further in assisting
debugging TLS related errors.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the missing stub function implementation for `nng_tls_config_hold`.
Fixes an error when loading the library and expecting to have this
symbol available.
The availability of the symbol can be checked with nm:
```
nm -D cmake-build-release/libnng.so.1.7.3 | grep nng_tls_config_hold
```
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Try to use the Mbed TLS cmake configuration data if present, and
refactor our FindModule to adhere to the same basic API.
|
