/**
* This function is called once a secure connection has been marked
* for closure.
*
* NOTE: Some code duplication with connection_close_error
* in connection.c
*
* @param connection: the connection to close
* @param termination_code: the termination code with which the notify completed callback function is called.
*/
static void
MHD_tls_connection_close (struct MHD_Connection *connection,
enum MHD_RequestTerminationCode termination_code)
{
gnutls_bye (connection->tls_session, GNUTLS_SHUT_RDWR);
MHD_connection_close (connection, termination_code);
}
/**
* Give gnuTLS chance to work on the TLS handshake.
*
* @param connection connection to handshake on
* @return #MHD_YES on error or if the handshake is progressing
* #MHD_NO if the handshake has completed successfully
* and we should start to read/write data
*/
static int
run_tls_handshake (struct MHD_Connection *connection)
{
int ret;
connection->last_activity = MHD_monotonic_time();
if (connection->state == MHD_TLS_CONNECTION_INIT)
{
ret = gnutls_handshake (connection->tls_session);
if (ret == GNUTLS_E_SUCCESS)
{
/* set connection state to enable HTTP processing */
connection->state = MHD_CONNECTION_INIT;
return MHD_YES;
}
if ( (ret == GNUTLS_E_AGAIN) ||
(ret == GNUTLS_E_INTERRUPTED) )
{
/* handshake not done */
return MHD_YES;
}
/* handshake failed */
#if HAVE_MESSAGES
MHD_DLOG (connection->daemon,
"Error: received handshake message out of context\n");
#endif
MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_WITH_ERROR);
return MHD_YES;
}
return MHD_NO;
}
/**
* This function was created to handle per-connection processing that
* has to happen even if the socket cannot be read or written to. All
* implementations (multithreaded, external select, internal select)
* call this function.
*
* @param connection being handled
* @return MHD_YES if we should continue to process the
* connection (not dead yet), MHD_NO if it died
*/
static int
MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
{
unsigned int timeout;
#if DEBUG_STATES
MHD_DLOG (connection->daemon, "%s: state: %s\n",
__FUNCTION__, MHD_state_to_string (connection->state));
#endif
timeout = connection->connection_timeout;
if ( (timeout != 0) && (time (NULL) - timeout > connection->last_activity))
MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_TIMEOUT_REACHED);
switch (connection->state)
{
/* on newly created connections we might reach here before any reply has been received */
case MHD_TLS_CONNECTION_INIT:
return MHD_YES;
/* close connection if necessary */
case MHD_CONNECTION_CLOSED:
gnutls_bye (connection->tls_session, GNUTLS_SHUT_RDWR);
return MHD_connection_handle_idle (connection);
default:
if ( (0 != gnutls_record_check_pending (connection->tls_session)) &&
(MHD_YES != MHD_tls_connection_handle_read (connection)) )
return MHD_YES;
return MHD_connection_handle_idle (connection);
}
return MHD_YES;
}
/**
* This function was created to handle writes to sockets when it has
* been determined that the socket can be written to. This function
* will forward all write requests to the underlying daemon unless
* the connection has been marked for closing.
*
* @return always MHD_YES (we should continue to process the connection)
*/
static int
MHD_tls_connection_handle_write (struct MHD_Connection *connection)
{
int ret;
connection->last_activity = time (NULL);
#if DEBUG_STATES
MHD_DLOG (connection->daemon, "%s: state: %s\n",
__FUNCTION__, MHD_state_to_string (connection->state));
#endif
if (connection->state == MHD_TLS_CONNECTION_INIT)
{
ret = gnutls_handshake (connection->tls_session);
if (ret == GNUTLS_E_SUCCESS)
{
/* set connection state to enable HTTP processing */
connection->state = MHD_CONNECTION_INIT;
return MHD_YES;
}
if ( (ret == GNUTLS_E_AGAIN) ||
(ret == GNUTLS_E_INTERRUPTED) )
{
/* handshake not done */
return MHD_YES;
}
/* handshake failed */
#if HAVE_MESSAGES
MHD_DLOG (connection->daemon,
"Error: received handshake message out of context\n");
#endif
MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_WITH_ERROR);
return MHD_YES;
}
return MHD_connection_handle_write (connection);
}
