From bbf012364d9f1482b16c97b8bfd2fd07130446ca Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Thu, 11 Jan 2018 14:58:09 -0800 Subject: fixes #201 TLS configuration should support files for certificates and keys This adds support for configuration of TLS websockets using the files for keys, certificates, and CRLs. Significant changes to the websocket, TLS, and HTTP layers were made here. We now expect TLS configuration to be tied to the HTTP layer, and the HTTP code creates default configuration objects based on the URL supplied. (HTTP dialers and listeners are now created with a URL rather than a sockaddr, giving them access to the scheme as well.) We fixed several bugs affecting TLS validation, and added a test suite that confirms that validation works as it should. We also fixed an orphaned socket during HTTP negotiation, responsible for an occasional assertion error if the http handshake does not complete successfully. Finally several use-after-free races were closed. TLS layer changes include reporting of handshake failures using newly created "standard" error codes for peer authentication and cryptographic failures. The use of the '*' wild card in URLs at bind time is no longer supported for websocket at least. Documentation updates for all this are in place as well. --- src/nng.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'src/nng.c') diff --git a/src/nng.c b/src/nng.c index 67eac2c4..509bb333 100644 --- a/src/nng.c +++ b/src/nng.c @@ -1,6 +1,6 @@ // -// Copyright 2017 Garrett D'Amore -// Copyright 2017 Capitar IT Group BV +// Copyright 2018 Staysail Systems, Inc. +// Copyright 2018 Capitar IT Group BV // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -410,6 +410,12 @@ nng_dialer_setopt_ptr(nng_dialer id, const char *name, void *val) return (nng_dialer_setopt(id, name, &val, sizeof(val))); } +int +nng_dialer_setopt_string(nng_dialer id, const char *name, const char *val) +{ + return (nng_dialer_setopt(id, name, val, strlen(val) + 1)); +} + int nng_dialer_getopt(nng_dialer id, const char *name, void *val, size_t *szp) { @@ -488,6 +494,12 @@ nng_listener_setopt_ptr(nng_listener id, const char *name, void *val) return (nng_listener_setopt(id, name, &val, sizeof(val))); } +int +nng_listener_setopt_string(nng_listener id, const char *name, const char *val) +{ + return (nng_listener_setopt(id, name, val, strlen(val) + 1)); +} + int nng_listener_getopt(nng_listener id, const char *name, void *val, size_t *szp) { @@ -619,6 +631,12 @@ nng_setopt_ptr(nng_socket sid, const char *name, void *val) return (nng_setopt(sid, name, &val, sizeof(val))); } +int +nng_setopt_string(nng_socket sid, const char *name, const char *val) +{ + return (nng_setopt(sid, name, val, strlen(val) + 1)); +} + int nng_getopt_int(nng_socket sid, const char *name, int *valp) { @@ -714,6 +732,8 @@ static const struct { { NNG_EEXIST, "Resource already exists" }, { NNG_EREADONLY, "Read only resource" }, { NNG_EWRITEONLY, "Write only resource" }, + { NNG_ECRYPTO, "Cryptographic error" }, + { NNG_EPEERAUTH, "Peer could not be authenticated" }, { NNG_EINTERNAL, "Internal error detected" }, { 0, NULL }, // clang-format on -- cgit v1.2.3-70-g09d2