liConnection* li_connection_new(liWorker *wrk) {
liServer *srv = wrk->srv;
liConnection *con = g_slice_new0(liConnection);
con->wrk = wrk;
con->srv = srv;
con->state = LI_CON_STATE_DEAD;
con->response_headers_sent = FALSE;
con->expect_100_cont = FALSE;
con->out_has_all_data = FALSE;
con->info.remote_addr_str = g_string_sized_new(INET6_ADDRSTRLEN);
con->info.local_addr_str = g_string_sized_new(INET6_ADDRSTRLEN);
con->info.is_ssl = FALSE;
con->info.keep_alive = TRUE;
con->info.req = NULL;
con->info.resp = NULL;
con->info.callbacks = &con_callbacks;
con->mainvr = li_vrequest_new(wrk, &con->info);
li_http_request_parser_init(&con->req_parser_ctx, &con->mainvr->request, NULL); /* chunkqueue is created in _start */
con->keep_alive_data.link = NULL;
con->keep_alive_data.timeout = 0;
con->keep_alive_data.max_idle = 0;
li_event_timer_init(&wrk->loop, &con->keep_alive_data.watcher, connection_keepalive_cb);
con->io_timeout_elem.data = con;
li_job_init(&con->job_reset, connection_check_reset);
return con;
}
static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
liEventLoop *loop = &con->wrk->loop;
liServer *srv = con->srv;
mod_context *ctx = con->srv_sock->data;
mod_connection_ctx *conctx;
gnutls_session_t session;
int r;
if (GNUTLS_E_SUCCESS > (r = gnutls_init(&session, GNUTLS_SERVER))) {
ERROR(srv, "gnutls_init (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
return FALSE;
}
mod_gnutls_context_acquire(ctx);
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_set(session, ctx->server_priority))) {
ERROR(srv, "gnutls_priority_set (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
if (GNUTLS_E_SUCCESS > (r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->server_cert))) {
ERROR(srv, "gnutls_credentials_set (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
if (NULL != ctx->session_db) {
gnutls_db_set_ptr(session, ctx->session_db);
gnutls_db_set_remove_function(session, session_db_remove_cb);
gnutls_db_set_retrieve_function(session, session_db_retrieve_cb);
gnutls_db_set_store_function(session, session_db_store_cb);
}
#ifdef HAVE_SESSION_TICKET
if (GNUTLS_E_SUCCESS > (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
ERROR(srv, "gnutls_session_ticket_enable_server (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
#endif
#ifdef GNUTLS_ALPN_MAND
{
static const gnutls_datum_t proto_http1 = { (unsigned char*) CONST_STR_LEN("http/1.1") };
gnutls_alpn_set_protocols(session, &proto_http1, 1, 0);
}
#endif
conctx = g_slice_new0(mod_connection_ctx);
conctx->session = session;
conctx->sock_stream = li_iostream_new(con->wrk, fd, tcp_io_cb, conctx);
conctx->client_hello_stream = li_ssl_client_hello_stream(&con->wrk->loop, gnutls_client_hello_cb, conctx);
#ifdef USE_SNI
li_job_init(&conctx->sni_job, sni_job_cb);
conctx->sni_jobref = li_job_ref(&con->wrk->loop.jobqueue, &conctx->sni_job);
#endif
li_stream_connect(&conctx->sock_stream->stream_in, conctx->client_hello_stream);
conctx->tls_filter = li_gnutls_filter_new(srv, con->wrk, &filter_callbacks, conctx, conctx->session,
conctx->client_hello_stream, &conctx->sock_stream->stream_out);
conctx->con = con;
conctx->ctx = ctx;
con->con_sock.data = conctx;
con->con_sock.callbacks = &gnutls_tcp_cbs;
con->con_sock.raw_out = li_stream_plug_new(loop);
con->con_sock.raw_in = li_stream_plug_new(loop);
con->info.is_ssl = TRUE;
return TRUE;
fail:
gnutls_deinit(session);
mod_gnutls_context_release(ctx);
return FALSE;
}
