void server(int sock)
{
gnutls_session_t s = session(sock, 1);
int err;
time_t started = time(0);
write(sock, &sock, 1);
setup_killtimer();
do {
await(sock);
err = log(gnutls_handshake(s));
reset_killtimer();
} while (err != 0 && !gnutls_error_is_fatal(err));
log_error(err, started);
for (;;) {
char buffer[8192];
int len;
do {
await(sock);
len = gnutls_record_recv(s, buffer, sizeof(buffer));
reset_killtimer();
} while (len < 0 && !gnutls_error_is_fatal(len));
log_error(len, started);
gnutls_record_send(s, buffer, len);
exit(0);
}
}
static void
on_goodbye_tls(struct ev_loop *loop, ev_io *watcher, int revents)
{
ebb_connection *connection = watcher->data;
assert(watcher == &connection->goodbye_tls_watcher);
if(EV_ERROR & revents) {
error("on_goodbye() got error event, closing connection.");
goto die;
}
int r = gnutls_bye(connection->session, GNUTLS_SHUT_RDWR);
if(r < 0) {
if(gnutls_error_is_fatal(r)) goto die;
if(r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
ev_io_set( watcher
, connection->fd
, (GNUTLS_NEED_WRITE ? EV_WRITE : EV_READ)
);
return;
}
die:
ev_io_stop(loop, watcher);
if(connection->session)
gnutls_deinit(connection->session);
close_connection(connection);
}
/**
* @short Initializes a connection on a request
* @memberof onion_https_t
*
* Do the accept of the request, and the SSL handshake.
*
* @param req The request
* @returns <0 in case of error.
*/
static int onion_https_request_init(onion_request *req){
onion_listen_point_request_init_from_socket(req);
onion_https *https=(onion_https*)req->connection.listen_point->user_data;
ONION_DEBUG("Accept new request, fd %d",req->connection.fd);
gnutls_session_t session;
gnutls_init (&session, GNUTLS_SERVER);
gnutls_priority_set (session, https->priority_cache);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, https->x509_cred);
/* Set maximum compatibility mode. This is only suggested on public webservers
* that need to trade security for compatibility
*/
gnutls_session_enable_compatibility_mode (session);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)(long) req->connection.fd);
int ret;
do{
ret = gnutls_handshake (session);
}while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret<0){ // could not handshake. assume an error.
ONION_ERROR("Handshake has failed (%s)", gnutls_strerror (ret));
gnutls_bye (session, GNUTLS_SHUT_WR);
gnutls_deinit(session);
onion_listen_point_request_close_socket(req);
return -1;
}
req->connection.user_data=(void*)session;
return 0;
}
static int tls_socket_read (CONNECTION* conn, char* buf, size_t len)
{
tlssockdata *data = conn->sockdata;
int ret;
if (!data)
{
mutt_error (_("Error: no TLS socket open"));
mutt_sleep (2);
return -1;
}
do {
ret = gnutls_record_recv (data->state, buf, len);
if (ret < 0 && gnutls_error_is_fatal(ret) == 1)
{
mutt_error ("tls_socket_read (%s)", gnutls_strerror (ret));
mutt_sleep (4);
return -1;
}
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
return ret;
}
extern int xlibgnutls_tls_handshake(gnutls_session_t *session, int tcp_sd, unsigned verbose_level) {
int ret, ii;
/* Need to enable anonymous KX specifically. */
gnutls_global_init();
gnutls_anon_allocate_client_credentials(&anoncred);
gnutls_init(session, GNUTLS_CLIENT);
gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(*session, tcp_sd);
gnutls_handshake_set_timeout(*session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
do {
ret = gnutls_handshake(*session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
print_error("handshake failed");
gnutls_perror(ret);
} else {
char *desc;
desc = gnutls_session_get_desc(*session);
print_info("- Session info: %s\n", desc);
gnutls_free(desc);
}
return ret;
}
static int
do_handshake (socket_st * socket)
{
int ret;
gnutls_transport_set_ptr (socket->session,
(gnutls_transport_ptr_t)
gl_fd_to_handle (socket->fd));
do
{
gnutls_handshake_set_timeout( socket->session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
ret = gnutls_handshake (socket->session);
if (ret < 0)
{
handle_error (socket, ret);
}
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret == 0)
{
/* print some information */
print_info (socket->session, verbose, 0);
socket->secure = 1;
}
else
{
gnutls_alert_send_appropriate (socket->session, ret);
shutdown (socket->fd, SHUT_RDWR);
}
return ret;
}
static int handle_ssl_error(struct ssl_proxy *proxy, int error)
{
if (!gnutls_error_is_fatal(error)) {
if (!verbose_ssl)
return 0;
if (error == GNUTLS_E_WARNING_ALERT_RECEIVED) {
i_warning("Received SSL warning alert: %s [%s]",
get_alert_text(proxy),
net_ip2addr(&proxy->ip));
} else {
i_warning("Non-fatal SSL error: %s: %s",
get_alert_text(proxy),
net_ip2addr(&proxy->ip));
}
return 0;
}
if (verbose_ssl) {
/* fatal error occurred */
if (error == GNUTLS_E_FATAL_ALERT_RECEIVED) {
i_warning("Received SSL fatal alert: %s [%s]",
get_alert_text(proxy),
net_ip2addr(&proxy->ip));
} else {
i_warning("Error reading from SSL client: %s [%s]",
gnutls_strerror(error),
net_ip2addr(&proxy->ip));
}
}
gnutls_alert_send_appropriate(proxy->session, error);
ssl_proxy_destroy(proxy);
return -1;
}
static int
_ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr,
unsigned char *buf,
int size)
{
int num;
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
DBG("Continuing gnutls handshake");
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
return -1;
}
num = gnutls_record_send(svr->session, buf, size);
if (num > 0)
return num;
if (num == GNUTLS_E_REHANDSHAKE)
{
WRN("Rehandshake request ignored");
return 0;
/* this is only partly functional I think? */
svr->handshaking = EINA_TRUE;
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
}
else if (!gnutls_error_is_fatal(num))
return 0;
return -1;
}
static int
_ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl,
unsigned char *buf,
int size)
{
int num;
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
if (!_ecore_con_ssl_client_init_gnutls(cl))
return 0;
return -1;
}
num = gnutls_record_send(cl->session, buf, size);
if (num > 0)
return num;
if (num == GNUTLS_E_REHANDSHAKE)
{
WRN("Rehandshake request ignored");
return 0;
cl->handshaking = EINA_TRUE;
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_client_init_gnutls(cl))
return 0;
}
else if (!gnutls_error_is_fatal(num))
return 0;
return -1;
}
static int
do_handshake (socket_st * socket)
{
int ret;
gnutls_transport_set_ptr (socket->session,
(gnutls_transport_ptr_t)
gl_fd_to_handle (socket->fd));
do
{
ret = gnutls_handshake (socket->session);
if (ret < 0)
{
handle_error (socket, ret);
}
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret == 0)
{
/* print some information */
print_info (socket->session, socket->hostname, info.insecure);
socket->secure = 1;
}
else
{
gnutls_alert_send_appropriate (socket->session, ret);
shutdown (socket->fd, SHUT_RDWR);
}
return ret;
}
bool GnuTLSBase::handshake()
{
if( !m_handler )
return false;
int ret = gnutls_handshake( *m_session );
if( ret < 0 && gnutls_error_is_fatal( ret ) )
{
gnutls_perror( ret );
gnutls_db_remove_session( *m_session );
gnutls_deinit( *m_session );
m_valid = false;
m_handler->handleHandshakeResult( this, false, m_certInfo );
return false;
}
else if( ret == GNUTLS_E_AGAIN )
{
return true;
}
m_secure = true;
getCertInfo();
m_handler->handleHandshakeResult( this, true, m_certInfo );
return true;
}
static int vnc_start_vencrypt_handshake(struct VncState *vs) {
int ret;
if ((ret = gnutls_handshake(vs->tls.session)) < 0) {
if (!gnutls_error_is_fatal(ret)) {
VNC_DEBUG("Handshake interrupted (blocking)\n");
if (!gnutls_record_get_direction(vs->tls.session))
qemu_set_fd_handler(vs->csock, vnc_tls_handshake_io, NULL, vs);
else
qemu_set_fd_handler(vs->csock, NULL, vnc_tls_handshake_io, vs);
return 0;
}
VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
vnc_client_error(vs);
return -1;
}
if (vs->vd->tls.x509verify) {
if (vnc_tls_validate_certificate(vs) < 0) {
VNC_DEBUG("Client verification failed\n");
vnc_client_error(vs);
return -1;
} else {
VNC_DEBUG("Client verification passed\n");
}
}
VNC_DEBUG("Handshake done, switching to TLS data mode\n");
vs->tls.wiremode = VNC_WIREMODE_TLS;
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
start_auth_vencrypt_subauth(vs);
return 0;
}
static rfbBool
HandshakeTLS(rfbClient* client)
{
int timeout = 15;
int ret;
while (timeout > 0 && (ret = gnutls_handshake((gnutls_session_t)client->tlsSession)) < 0)
{
if (!gnutls_error_is_fatal(ret))
{
rfbClientLog("TLS handshake blocking.\n");
sleep(1);
timeout--;
continue;
}
rfbClientLog("TLS handshake failed: %s.\n", gnutls_strerror(ret));
FreeTLS(client);
return FALSE;
}
if (timeout <= 0)
{
rfbClientLog("TLS handshake timeout.\n");
FreeTLS(client);
return FALSE;
}
rfbClientLog("TLS handshake done.\n");
return TRUE;
}
static int gnutls_Error(vlc_tls_t *tls, int val)
{
switch (val)
{
case GNUTLS_E_AGAIN:
#ifdef _WIN32
WSASetLastError (WSAEWOULDBLOCK);
#endif
errno = EAGAIN;
break;
case GNUTLS_E_INTERRUPTED:
#ifdef _WIN32
WSASetLastError (WSAEINTR);
#endif
errno = EINTR;
break;
default:
msg_Err(tls->obj, "%s", gnutls_strerror (val));
#ifndef NDEBUG
if (!gnutls_error_is_fatal (val))
msg_Err(tls->obj, "Error above should be handled");
#endif
#ifdef _WIN32
WSASetLastError (WSAECONNRESET);
#endif
errno = ECONNRESET;
}
return -1;
}
static void
server (int fd, int wait)
{
int ret;
gnutls_session_t session;
gnutls_anon_server_credentials_t anoncred;
/* this must be called once in the program
*/
global_init ();
if (debug)
{
gnutls_global_set_log_function (server_log_func);
gnutls_global_set_log_level (4711);
}
gnutls_anon_allocate_server_credentials (&anoncred);
initialize_tls_session (&session);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
if (wait) sleep(25);
else do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit (session);
gnutls_anon_free_server_credentials(anoncred);
gnutls_global_deinit();
}
static void server(int fd, int packet)
{
int ret;
/* this must be called once in the program
*/
global_init();
if (debug) {
gnutls_global_set_log_function(server_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_server_credentials(&anoncred);
session = initialize_tls_session();
counter = 0;
packet_to_lose = packet;
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit(session);
gnutls_global_deinit();
if (ret < 0) {
return;
}
}
static int tls_socket_write (CONNECTION* conn, const char* buf, size_t len)
{
tlssockdata *data = conn->sockdata;
int ret;
size_t sent = 0;
if (!data)
{
mutt_error (_("Error: no TLS socket open"));
mutt_sleep (2);
return -1;
}
do
{
ret = gnutls_record_send (data->state, buf + sent, len - sent);
if (ret < 0)
{
if (gnutls_error_is_fatal(ret) == 1)
{
mutt_error ("tls_socket_write (%s)", gnutls_strerror (ret));
mutt_sleep (4);
return -1;
}
return ret;
}
sent += ret;
} while (sent < len);
return sent;
}
static int vncws_start_tls_handshake(struct VncState *vs)
{
int ret = gnutls_handshake(vs->ws_tls.session);
if (ret < 0) {
if (!gnutls_error_is_fatal(ret)) {
VNC_DEBUG("Handshake interrupted (blocking)\n");
if (!gnutls_record_get_direction(vs->ws_tls.session)) {
qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io,
NULL, vs);
} else {
qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io,
vs);
}
return 0;
}
VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
vnc_client_error(vs);
return -1;
}
VNC_DEBUG("Handshake done, switching to TLS data mode\n");
vs->ws_tls.wiremode = VNC_WIREMODE_TLS;
qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
return 0;
}
/// Initializes GNUTLS session on the given socket.
static gnutls_session_t onion_prepare_gnutls_session(onion *o, int clientfd){
gnutls_session_t session;
gnutls_init (&session, GNUTLS_SERVER);
gnutls_priority_set (session, o->priority_cache);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, o->x509_cred);
/* request client certificate if any.
*/
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
/* Set maximum compatibility mode. This is only suggested on public webservers
* that need to trade security for compatibility
*/
gnutls_session_enable_compatibility_mode (session);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)(long) clientfd);
int ret;
int n_tries=0;
do{
ret = gnutls_handshake (session);
if (n_tries++>10) // Ok, dont abuse the system. Maybe trying to DoS me?
break;
}while (ret<0 && gnutls_error_is_fatal(ret)==0);
if (ret<0){ // could not handshake. assume an error.
ONION_ERROR("Handshake has failed (%s)", gnutls_strerror (ret));
gnutls_deinit (session);
return NULL;
}
return session;
}
static int
_ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr,
unsigned char *buf,
int size)
{
int num;
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
DBG("Continuing gnutls handshake");
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
return -1;
}
num = gnutls_record_recv(svr->session, buf, size);
if (num > 0)
return num;
if (num == GNUTLS_E_REHANDSHAKE)
{
WRN("Rehandshake request ignored");
return 0;
svr->handshaking = EINA_TRUE;
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
}
else if ((!gnutls_error_is_fatal(num)) && (num != GNUTLS_E_SUCCESS))
return 0;
return -1;
}
static void
server (int fd, const char* prio)
{
int ret;
char buffer[MAX_BUF + 1];
gnutls_session_t session;
/* this must be called once in the program
*/
gnutls_global_init ();
memset(buffer, 0, sizeof(buffer));
if (debug)
{
gnutls_global_set_log_function (server_log_func);
gnutls_global_set_log_level (4711);
}
gnutls_certificate_allocate_credentials (&x509_cred);
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
gnutls_anon_allocate_server_credentials (&anoncred);
session = initialize_tls_session (prio);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0)
{
close (fd);
gnutls_deinit (session);
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
terminate();
}
if (debug)
success ("server: Handshake was completed\n");
if (debug)
success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version
(session)));
close(fd);
gnutls_deinit (session);
gnutls_anon_free_server_credentials (anoncred);
gnutls_certificate_free_credentials (x509_cred);
gnutls_global_deinit ();
if (debug)
success ("server: finished\n");
}
static void client(int fd, int packet)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
counter = 0;
packet_to_lose = packet;
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit(session);
gnutls_global_deinit();
if (ret < 0) {
if (ret == GNUTLS_E_TIMEDOUT)
return;
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
exit(1);
}
static void client(int fd)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
gnutls_handshake_set_timeout(session, 20 * 1000);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
success("client: Handshake failed as expected\n");
gnutls_perror(ret);
goto exit;
} else {
fail("client: Handshake completed unexpectedly\n");
goto exit;
}
exit:
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
void TLSTransaction::init (TLSServer& server)
{
gnutls_init (&_session, GNUTLS_SERVER);
gnutls_priority_set (_session, server._priorities);
gnutls_credentials_set (_session, GNUTLS_CRD_CERTIFICATE, server._credentials);
// Require client certificate.
gnutls_certificate_server_set_request (_session, GNUTLS_CERT_REQUIRE);
/*
// Set maximum compatibility mode. This is only suggested on public
// webservers that need to trade security for compatibility
gnutls_session_enable_compatibility_mode (_session);
*/
struct sockaddr_in sa_cli = {0};
socklen_t client_len = sizeof sa_cli;
do
{
_socket = accept (server._socket, (struct sockaddr *) &sa_cli, &client_len);
}
while (errno == EINTR);
if (_socket < 0)
throw std::string (::strerror (errno));
// Obtain client info.
char topbuf[512];
_address = inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf));
_port = ntohs (sa_cli.sin_port);
if (_debug)
std::cout << "s: INFO connection from "
<< _address
<< " port "
<< _port
<< "\n";
#if GNUTLS_VERSION_NUMBER >= 0x030109
gnutls_transport_set_int (_session, _socket);
#else
gnutls_transport_set_ptr (_session, (gnutls_transport_ptr_t) (long) _socket);
#endif
// Key exchange.
int ret;
do
{
ret = gnutls_handshake (_session);
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret < 0)
throw std::string ("Handshake has failed (") + gnutls_strerror (ret) + ")";
if (_debug)
std::cout << "s: INFO Handshake was completed\n";
}
void socket_thread_main(apr_thread_t *self, void *data)
{
int ret = 0;
socket_thread_data_t *thread_data = (socket_thread_data_t*)data;
gnutls_session_t session;
apr_os_sock_t sock;
if(tls_cert != NULL)
{
if(apr_os_sock_get(&sock, thread_data->socket) != APR_SUCCESS)
{
syslog(LOG_ERR, "Can't get raw socket for TLS use");
ret = -1;
}
else if((thread_data->tls_session=apr_pcalloc(
thread_data->pool, sizeof(gnutls_session_t)))!=NULL)
{
session = initialize_tls_session ();
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr_t) (sock));
do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret < 0)
{
syslog(LOG_ERR, "handshake has failed (%s)\n\n", gnutls_strerror (ret));
}
*(thread_data->tls_session) = session;
}
else
{
syslog(LOG_ERR, "memory allocation failure");
ret = -1;
}
}
if(ret >= 0)
{
socket_thread_handle(thread_data);
if(thread_data->tls_session != NULL)
gnutls_bye(session, GNUTLS_SHUT_WR);
}
apr_socket_close(thread_data->socket);
if(thread_data->tls_session != NULL)
gnutls_deinit (session);
apr_pool_destroy(thread_data->pool);
syslog(LOG_INFO, "client connection closed");
}
/* Internal callback
* called by connection->read_watcher
*/
static void
on_readable(struct ev_loop *loop, ev_io *watcher, int revents)
{
ebb_connection *connection = watcher->data;
char recv_buffer[4096];
ssize_t recved;
//printf("on_readable\n");
// TODO -- why is this broken?
//assert(ev_is_active(&connection->timeout_watcher));
assert(watcher == &connection->read_watcher);
if(EV_ERROR & revents) {
error("on_readable() got error event, closing connection.");
goto error;
}
#ifdef HAVE_GNUTLS
assert(!ev_is_active(&connection->handshake_watcher));
if(connection->server->secure) {
recved = gnutls_record_recv( connection->session
, recv_buffer
, TCP_MAXWIN
);
if(recved <= 0) {
if(gnutls_error_is_fatal(recved)) goto error;
if( (recved == GNUTLS_E_INTERRUPTED || recved == GNUTLS_E_AGAIN)
&& GNUTLS_NEED_WRITE
) ev_io_start(loop, &connection->write_watcher);
return;
}
} else {
#endif /* HAVE_GNUTLS */
recved = recv(connection->fd, recv_buffer, 4096, 0);
if(recved <= 0) goto error;
#ifdef HAVE_GNUTLS
}
#endif /* HAVE_GNUTLS */
ebb_connection_reset_timeout(connection);
ebb_request_parser_execute(&connection->parser, recv_buffer, recved);
/* parse error? just drop the client. screw the 400 response */
if(ebb_request_parser_has_error(&connection->parser)) goto error;
return;
error:
ebb_connection_schedule_close(connection);
}
int log(int code)
{
if (code < 0 && code != GNUTLS_E_AGAIN) {
fprintf(stderr, "<%s tls> %s", role_to_name(role), gnutls_strerror(code));
if (gnutls_error_is_fatal(code)) {
fprintf(stderr, " (fatal)\n");
exit(1);
} else {
fprintf(stderr, "\n");
}
}
return code;
}
static int _process_error(int loc, int code, int die)
{
if (code < 0 && (die || code != GNUTLS_E_AGAIN)) {
fprintf(stdout, "%i <%s tls> line %i: %s", run_id, role_name, loc, gnutls_strerror(code));
if (gnutls_error_is_fatal(code) || die) {
fprintf(stdout, " (fatal)\n");
exit(1);
} else {
fprintf(stdout, "\n");
}
}
return code;
}
static void client(int fd, const char *prio)
{
int ret;
gnutls_certificate_credentials_t x509_cred;
gnutls_session_t session;
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(7);
}
gnutls_certificate_allocate_credentials(&x509_cred);
assert(gnutls_init(&session, GNUTLS_CLIENT)>=0);
assert(gnutls_priority_set_direct(session, prio, NULL)>=0);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_int(session, fd);
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("client: Handshake failed: %s\n", gnutls_strerror(ret));
terminate();
} else {
if (debug)
success("client: Handshake was completed\n");
}
if (debug)
success("client: TLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
gnutls_bye(session, GNUTLS_SHUT_WR);
close(fd);
gnutls_deinit(session);
gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
}
void SocketRWCommon::readAction() {
// Ensure we have at least 0x200 bytes space free
// (Up this, maybe?)
int bufSize = inputBuf.size();
int requiredSize = bufSize + 0x200;
if (requiredSize > inputBuf.capacity())
inputBuf.setCapacity(requiredSize);
ssize_t amount;
#ifdef USE_GNUTLS
if (tlsActive) {
amount = gnutls_record_recv(tls,
&inputBuf.data()[bufSize],
0x200);
} else
#endif
{
amount = recv(sock,
&inputBuf.data()[bufSize],
0x200,
0);
}
if (amount > 0) {
// Yep, we have data
printf("[fd=%d] Read %" PRIuPTR " bytes\n", sock, amount);
inputBuf.resize(bufSize + amount);
processReadBuffer();
} else if (amount == 0) {
printf("[fd=%d] Read 0! Socket closing.\n", sock);
close();
} else if (amount < 0) {
#ifdef USE_GNUTLS
if (tlsActive) {
if (gnutls_error_is_fatal(amount)) {
printf("Error while reading [gnutls %" PRIuPTR "]!\n", amount);
close();
}
} else
#endif
{
perror("Error while reading!");
close();
}
}
}
