| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
| |
This avoids needless allocations, and we offer for pipes (which need
this because they might be ephemeral) the get_strdup, get_strcpy,
and get_strlen forms. (Those do the copying or allocations while holding
the pipe reference.)
|
| | |
|
| |
|
|
|
|
| |
This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN
properties, and gives a bit more access to the certificate, as well as
direct access to the raw DER form, which should allow use in other APIs.
|
| |
|
|
|
|
| |
Also, some instances nni_aio are changed to nng_aio. We think we want to harmonize
some of these types going forward as it will reduce the need to include headers
hopefully letting us get away with just "defs.h" in more places.
|
| |
|
|
|
|
|
| |
This also provides an implementation for getting ALT names, although
nothing uses that yet. We plan to provide a new certificate API to
replace these with a nicer API, as obtaining the full list of certs
may be unreasonable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* adds nng_dialer_start_aio
This change adds `nng_dialer_start_aio` (if you have a better name, I'm
happy to change it), whose docs read:
> `nng_dialer_start_aio` starts the endpoint dialing asynchronously.
> This is only possible if the dialer is not already dialing. Unlike
> `nng_dialer_start`, this accepts an AIO such that the caller can learn
> when the dialing eventually succeeds or fails. The supplied AIO must
> have been initialized, and is only triggered with the result of the
> first dial attempt.
This new function makes it possible for applications to perform a
non-blocking dial, but still later be notified of the result of that
dial. Arguably, this obviates the need for `NNG_FLAG_NONBLOCK` in
`dialer_start` altogether, but no need to break backwards compatibility.
There is technically a functional change here, which is that the
"Starting dialer for socket" message now gets printed _before_ the dial
is complete in the blocking case, rather than after. It's possible to
change this if we're willing to make the code slightly more complicated,
but given it says "Starting", not "Started", this change felt fine.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running nng tests in CI under nix on Linux, I would see
`nng_dialer_start` fail with `NNG_EAGAIN` when invoked with `flags = 0`
and a URL of `tcp://999.888.777.666:8080` (this is in a test that is
supposed to check that dialing that gives you `NNG_EINVAL` or
`NNG_EADDRINVAL`).
This can happen if `nni_resolv_ip` in `posix_resolv_gai.c` gets
`EAI_AGAIN` from `getaddrinfo`, which the man pages suggest _can_ happen
due to "a temporary failure in name resolution". In the nix case, this
is due to the nix build sandbox, but it can also arise simply due to DNS
overload or misconfiguration.
In either case, nng should not bubble up `EAI_AGAIN` `as `NNG_EAGAIN`
from `nng_dialer_start`, as `NNG_EAGAIN` has a different semantic
meaning. `NNG_EAGAIN` is more equivalent to "would block", and should
only be generated through calls with the `NONBLOCK` flag. We don't have
a perfect mapping for `EAI_AGAIN`, but the closest is probably
`NNG_ADDRINVAL` to indicate that we failed to resolve the given address
(even if it's temporary). Another option would be to introduce another
error variant like `NNG_ENAMELOOKUP`, but that felt excessive to cover
this case.
|
| | |
|
| | |
|
| |
|
|
|
| |
This was responsible for breaking DTLS, and likely other things we
never noticed, if the pointer passed in was not already a uint8_t *.
|
| |
|
|
|
|
| |
Once a DTLS client is started and has reasonably resolved things, it
will restart message connections; this way we can restart after a
failed connection attempt (e.g. if the CERT was bad or something.)
|
| |
|
|
| |
This is occurs normally on socket close and the error messages were alarming.
|
| |
|
|
| |
Warning level was just too noisy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This simplifies the code to just use a precompiled static list.
This should be lighter weight, and provably free from leaks.
|
| |
|
|
| |
The ECONNREFUSED result was causing consternation for some consumers.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
It is a bit of a mystery how we were passing CI/CD with all these problems.
Probably we were falling back to select/poll instead of using ports.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This may resolve a surprising NULL pointer dereference.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This saves some atomic lookups, and avoids possible races when the
engine is not yet initialized or being torn down.
|
| |
|
|
|
| |
We never use or test this code, and its better to not have it if
nobody is using it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work is inspired by the DTLS work, and harmonizes the UDP implementation
with DTLS somewhat.
This should make it more resilient to failures, although there is no longer any
attempt to guard against sequencing (reorders, dupes) errors. Applications that
need such protection should either add it themselves, or use a transport which
provides that guarantee (such as TCP). Note that with devices and and such in
the way, such guarantees have never been perfect with SP anyway.
The UDP transport header sizes for this are now just 8 bytes (beyond the UDP header
itself.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An explicit call to `mbedtls_ssl_set_hostname(NULL)` is now required if the hostname should not be verified in handshake. From the mbedtls changelog:
```
= Mbed TLS 3.6.3 branch released 2025-03-24
Default behavior changes
* In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
mbedtls_ssl_handshake() now fails with MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if certificate-based authentication of the server is attempted.
This is because authenticating a server without knowing what name
to expect is usually insecure. To restore the old behavior, either
call mbedtls_ssl_set_hostname() with NULL as the hostname, or
enable the new compile-time option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
```
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a new experimental transport for DTLS, that
provides encryption over UDP. It has a simpler protocol than
the current UDP SP protocol (but we intend to fix that by making
the UDP transport simpler in a follow up!)
There are a few other fixes in the TLS layer itself, and in
the build, that were needed to accomplish this work.
Also there was an endianness bug in the UDP protocol handling, which
is fixed here.
|
| |
|
|
|
| |
These are intended for new transports. Right now they are not
documented, but that will be addressed soon.
|
| | |
|
| | |
|
