bool SSLSocket::waitConnected(uint64_t millis) {
if(!ssl) {
if(!Socket::waitConnected(millis)) {
return false;
}
ssl.reset(SSL_new(ctx));
if(!ssl)
checkSSL(-1);
if(!verifyData) {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
} else SSL_set_ex_data(ssl, CryptoManager::idxVerifyData, verifyData.get());
checkSSL(SSL_set_fd(ssl, static_cast<int>(getSock())));
}
if(SSL_is_init_finished(ssl)) {
return true;
}
while(true) {
int ret = SSL_is_server(ssl) ? SSL_accept(ssl) : SSL_connect(ssl);
if(ret == 1) {
dcdebug("Connected to SSL server using %s as %s\n", SSL_get_cipher(ssl), SSL_is_server(ssl) ? "server" : "client");
return true;
}
if(!waitWant(ret, millis)) {
return false;
}
}
}
static int parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
size_t inlen, int *al, void *parse_arg)
{
int *server = (int *)parse_arg;
if (SSL_is_server(s))
srvparsecb++;
else
clntparsecb++;
if (*server != SSL_is_server(s)
|| inlen != sizeof(char)
|| *in != 1)
return -1;
return 1;
}
static int add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
size_t *outlen, int *al, void *add_arg)
{
int *server = (int *)add_arg;
unsigned char *data;
if (SSL_is_server(s))
srvaddcb++;
else
clntaddcb++;
if (*server != SSL_is_server(s)
|| (data = OPENSSL_malloc(sizeof(*data))) == NULL)
return -1;
*data = 1;
*out = data;
*outlen = sizeof(char);
return 1;
}
static void destroy_ssl(struct st_h2o_socket_ssl_t *ssl)
{
if (!SSL_is_server(ssl->ssl)) {
free(ssl->handshake.client.server_name);
free(ssl->handshake.client.session_cache_key.base);
}
SSL_free(ssl->ssl);
ssl->ssl = NULL;
h2o_buffer_dispose(&ssl->input.encrypted);
clear_output_buffer(ssl);
free(ssl);
}
static void proceed_handshake(h2o_socket_t *sock, const char *err)
{
h2o_iovec_t first_input = {NULL};
int ret;
sock->_cb.write = NULL;
if (err != NULL) {
goto Complete;
}
if (sock->ssl->handshake.server.async_resumption.state == ASYNC_RESUMPTION_STATE_RECORD) {
if (sock->ssl->input.encrypted->size <= 1024) {
/* retain a copy of input if performing async resumption */
first_input = h2o_iovec_init(alloca(sock->ssl->input.encrypted->size), sock->ssl->input.encrypted->size);
memcpy(first_input.base, sock->ssl->input.encrypted->bytes, first_input.len);
} else {
sock->ssl->handshake.server.async_resumption.state = ASYNC_RESUMPTION_STATE_COMPLETE;
}
}
Redo:
if (SSL_is_server(sock->ssl->ssl)) {
ret = SSL_accept(sock->ssl->ssl);
} else {
ret = SSL_connect(sock->ssl->ssl);
}
switch (sock->ssl->handshake.server.async_resumption.state) {
case ASYNC_RESUMPTION_STATE_RECORD:
/* async resumption has not been triggered; proceed the state to complete */
sock->ssl->handshake.server.async_resumption.state = ASYNC_RESUMPTION_STATE_COMPLETE;
break;
case ASYNC_RESUMPTION_STATE_REQUEST_SENT: {
/* sent async request, reset the ssl state, and wait for async response */
assert(ret < 0);
SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(sock->ssl->ssl);
SSL_free(sock->ssl->ssl);
create_ssl(sock, ssl_ctx);
clear_output_buffer(sock->ssl);
h2o_buffer_consume(&sock->ssl->input.encrypted, sock->ssl->input.encrypted->size);
h2o_buffer_reserve(&sock->ssl->input.encrypted, first_input.len);
memcpy(sock->ssl->input.encrypted->bytes, first_input.base, first_input.len);
sock->ssl->input.encrypted->size = first_input.len;
h2o_socket_read_stop(sock);
return;
}
default:
break;
}
if (ret == 0 || (ret < 0 && SSL_get_error(sock->ssl->ssl, ret) != SSL_ERROR_WANT_READ)) {
/* failed */
long verify_result = SSL_get_verify_result(sock->ssl->ssl);
if (verify_result != X509_V_OK) {
err = X509_verify_cert_error_string(verify_result);
} else {
err = "ssl handshake failure";
}
goto Complete;
}
if (sock->ssl->output.bufs.size != 0) {
h2o_socket_read_stop(sock);
flush_pending_ssl(sock, ret == 1 ? on_handshake_complete : proceed_handshake);
} else {
if (ret == 1) {
if (!SSL_is_server(sock->ssl->ssl)) {
X509 *cert = SSL_get_peer_certificate(sock->ssl->ssl);
if (cert != NULL) {
switch (validate_hostname(sock->ssl->handshake.client.server_name, cert)) {
case MatchFound:
/* ok */
break;
case MatchNotFound:
err = h2o_socket_error_ssl_cert_name_mismatch;
break;
default:
err = h2o_socket_error_ssl_cert_invalid;
break;
}
X509_free(cert);
} else {
err = h2o_socket_error_ssl_no_cert;
}
}
goto Complete;
}
if (sock->ssl->input.encrypted->size != 0)
goto Redo;
h2o_socket_read_start(sock, proceed_handshake);
}
return;
Complete:
h2o_socket_read_stop(sock);
on_handshake_complete(sock, err);
}
static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
{
int ret;
char buf;
TEST_check(peer->status == PEER_RETRY);
TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
|| test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT);
/* Check if we are the peer that is going to initiate */
if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
&& SSL_is_server(peer->ssl))
|| (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT
&& !SSL_is_server(peer->ssl))) {
/*
* If we already asked for a renegotiation then fall through to the
* SSL_read() below.
*/
if (!SSL_renegotiate_pending(peer->ssl)) {
/*
* If we are the client we will always attempt to resume the
* session. The server may or may not resume dependant on the
* setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
*/
if (SSL_is_server(peer->ssl))
ret = SSL_renegotiate(peer->ssl);
else
ret = SSL_renegotiate_abbreviated(peer->ssl);
if (!ret) {
peer->status = PEER_ERROR;
return;
}
do_handshake_step(peer);
/*
* If status is PEER_RETRY it means we're waiting on the peer to
* continue the handshake. As far as setting up the renegotiation is
* concerned that is a success. The next step will continue the
* handshake to its conclusion.
*
* If status is PEER_SUCCESS then we are the server and we have
* successfully sent the HelloRequest. We need to continue to wait
* until the handshake arrives from the client.
*/
if (peer->status == PEER_RETRY)
peer->status = PEER_SUCCESS;
else if (peer->status == PEER_SUCCESS)
peer->status = PEER_RETRY;
return;
}
}
/*
* The SSL object is still expecting app data, even though it's going to
* get a handshake message. We try to read, and it should fail - after which
* we should be in a handshake
*/
ret = SSL_read(peer->ssl, &buf, sizeof(buf));
if (ret >= 0) {
/*
* We're not actually expecting data - we're expecting a reneg to
* start
*/
peer->status = PEER_ERROR;
return;
} else {
int error = SSL_get_error(peer->ssl, ret);
if (error != SSL_ERROR_WANT_READ) {
peer->status = PEER_ERROR;
return;
}
/* If we're no in init yet then we're not done with setup yet */
if (!SSL_in_init(peer->ssl))
return;
}
peer->status = PEER_SUCCESS;
}
