static void PR_CALLBACK Servette(void *arg)
{
PRInt32 bytes, sampled;
PRIntervalTime now, interval;
PRBool do_display = PR_FALSE;
PRFileDesc *client = (PRFileDesc*)arg;
char *buffer = (char*)PR_Malloc(buffer_size);
PRIntervalTime sampling_interval = PR_SecondsToInterval(SAMPLING_INTERVAL);
if (xport_buffer != -1)
{
PRStatus rv;
PRSocketOptionData data;
data.option = PR_SockOpt_RecvBufferSize;
data.value.recv_buffer_size = (PRSize)xport_buffer;
rv = PR_SetSocketOption(client, &data);
if (PR_FAILURE == rv)
PL_FPrintError(err, "PR_SetSocketOption - ignored");
data.option = PR_SockOpt_SendBufferSize;
data.value.send_buffer_size = (PRSize)xport_buffer;
rv = PR_SetSocketOption(client, &data);
if (PR_FAILURE == rv)
PL_FPrintError(err, "PR_SetSocketOption - ignored");
}
do
{
bytes = PR_Send(
client, buffer, buffer_size, 0, PR_INTERVAL_NO_TIMEOUT);
PR_Lock(shared->ml);
now = PR_IntervalNow();
shared->sampled += bytes;
interval = now - shared->timein;
if (interval > sampling_interval)
{
sampled = shared->sampled;
shared->timein = now;
shared->sampled = 0;
do_display = PR_TRUE;
}
PR_Unlock(shared->ml);
if (do_display)
{
PRUint32 rate = sampled / PR_IntervalToMilliseconds(interval);
PR_fprintf(err, "%u streams @ %u Kbytes/sec\n", shared->threads, rate);
do_display = PR_FALSE;
}
} while (bytes > 0);
} /* Servette */
JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SSLSocket_setKeepAlive(JNIEnv *env, jobject self,
jboolean on)
{
PRSocketOptionData sockOptions;
PRStatus status;
JSSL_SocketData *sock = NULL;
if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS ) {
goto finish;
}
sockOptions.option = PR_SockOpt_Keepalive;
sockOptions.value.keep_alive = on;
status = PR_SetSocketOption(sock->fd, &sockOptions);
if( status != PR_SUCCESS ) {
JSSL_throwSSLSocketException(env, "PR_SetSocketOption failed");
goto finish;
}
finish:
EXCEPTION_CHECK(env, sock)
return;
}
JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SSLSocket_setReceiveBufferSize(
JNIEnv *env, jobject self, jint size)
{
PRSocketOptionData sockOptions;
PRStatus status;
JSSL_SocketData *sock = NULL;
if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS ) {
goto finish;
}
sockOptions.option = PR_SockOpt_RecvBufferSize;
sockOptions.value.recv_buffer_size = size;
status = PR_SetSocketOption(sock->fd, &sockOptions);
if( status != PR_SUCCESS ) {
JSSL_throwSSLSocketException(env, "PR_SetSocketOption failed");
goto finish;
}
finish:
EXCEPTION_CHECK(env, sock)
return;
}
/*
* linger
* The linger time, in seconds.
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SSLSocket_setSoLinger(JNIEnv *env, jobject self,
jboolean on, jint linger)
{
PRSocketOptionData sockOptions;
PRStatus status;
JSSL_SocketData *sock = NULL;
if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS ) {
goto finish;
}
sockOptions.option = PR_SockOpt_Linger;
sockOptions.value.linger.polarity = on;
if(on) {
sockOptions.value.linger.linger = PR_SecondsToInterval(linger);
}
status = PR_SetSocketOption(sock->fd, &sockOptions);
if( status != PR_SUCCESS ) {
JSSL_throwSSLSocketException(env, "PR_SetSocketOption failed");
goto finish;
}
finish:
EXCEPTION_CHECK(env, sock)
return;
}
/**
* Throws NSPRException upon NSPR error
*/
PRFileDesc *Connection::createSocket(const PRNetAddr& address, bool useSSL,
const std::string &certDBPasswd,
const std::string &certNickName,
bool alwaysTrustServerCert)
{
PRFileDesc *rawSocket = PR_NewTCPSocket();
if (tcp_nodelay_is_enabled) {
// set the TCP_NODELAY option to disable Nagle algorithm
PRSocketOptionData socket_opt;
socket_opt.option = PR_SockOpt_NoDelay;
socket_opt.value.no_delay = PR_TRUE;
PRStatus prStatus = PR_SetSocketOption(rawSocket, &socket_opt);
if (PR_SUCCESS != prStatus) {
throw NSPRException("Connection::Connection", "PR_SetSocketOption");
}
}
PRFileDesc *sslSocket;
if (certDBPasswd.size() > 0) {
certdbpasswd = strdup(certDBPasswd.c_str());
}
if (static_cast<PRFileDesc *>(NULL) != rawSocket) {
if (useSSL) {
sslSocket = secureSocket(certDBPasswd, certNickName, alwaysTrustServerCert, rawSocket);
} else {
sslSocket = rawSocket;
}
} else {
throw NSPRException("Connection::createSocket", "PR_NewTCPSocket");
}
return sslSocket;
}
void SslSocket::setNonblocking() const
{
PRSocketOptionData option;
option.option = PR_SockOpt_Nonblocking;
option.value.non_blocking = true;
PR_SetSocketOption(socket, &option);
}
void SslSocket::setTcpNoDelay(bool nodelay) const
{
if (nodelay) {
PRSocketOptionData option;
option.option = PR_SockOpt_NoDelay;
option.value.no_delay = true;
PR_SetSocketOption(socket, &option);
}
}
void SslSocket::setTcpNoDelay() const
{
if (!nssSocket) {
BSDSocket::setTcpNoDelay();
return;
}
PRSocketOptionData option;
option.option = PR_SockOpt_NoDelay;
option.value.no_delay = true;
PR_SetSocketOption(nssSocket, &option);
}
void SslSocket::setNonblocking() const
{
if (!nssSocket) {
BSDSocket::setNonblocking();
return;
}
PRSocketOptionData option;
option.option = PR_SockOpt_Nonblocking;
option.value.non_blocking = true;
PR_SetSocketOption(nssSocket, &option);
}
//-----------------------------------------------------------------------------
// FcgiServerChannel::setPersistent
//-----------------------------------------------------------------------------
void FcgiServerChannel::setPersistent() {
flagPersistent = PR_TRUE;
// enable socket keepalive
if (fd) {
#ifdef XP_WIN32
if (!config->udsName) {
#endif // XP_WIN32
PRSocketOptionData data;
data.option = PR_SockOpt_Keepalive;
data.value.keep_alive = flagPersistent;
PRStatus rv = PR_SetSocketOption(fd, &data);
#ifdef XP_WIN32
}
#endif // XP_WIN32
}
}
nsresult
Tickler::Init()
{
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(!mTimer);
MOZ_ASSERT(!mActive);
MOZ_ASSERT(!mThread);
MOZ_ASSERT(!mFD);
if (AndroidBridge::HasEnv()) {
GeckoAppShell::EnableNetworkNotifications();
}
mFD = PR_OpenUDPSocket(PR_AF_INET);
if (!mFD)
return NS_ERROR_FAILURE;
// make sure new socket has a ttl of 1
// failure is not fatal.
PRSocketOptionData opt;
opt.option = PR_SockOpt_IpTimeToLive;
opt.value.ip_ttl = 1;
PR_SetSocketOption(mFD, &opt);
nsresult rv = NS_NewNamedThread("wifi tickler",
getter_AddRefs(mThread));
if (NS_FAILED(rv))
return rv;
nsCOMPtr<nsITimer> tmpTimer(do_CreateInstance(NS_TIMER_CONTRACTID, &rv));
if (NS_FAILED(rv))
return rv;
rv = tmpTimer->SetTarget(mThread);
if (NS_FAILED(rv))
return rv;
mTimer.swap(tmpTimer);
mAddr.inet.family = PR_AF_INET;
mAddr.inet.port = PR_htons (4886);
mAddr.inet.ip = 0;
return NS_OK;
}
nsresult
TryConnect(PRFileDesc **result)
{
PRFileDesc *fd;
PRNetAddr addr;
PRSocketOptionData opt;
nsresult rv = NS_ERROR_FAILURE;
fd = PR_OpenTCPSocket(PR_AF_LOCAL);
if (!fd)
goto end;
addr.local.family = PR_AF_LOCAL;
IPC_GetDefaultSocketPath(addr.local.path, sizeof(addr.local.path));
// blocking connect... will fail if no one is listening.
if (PR_Connect(fd, &addr, PR_INTERVAL_NO_TIMEOUT) == PR_FAILURE)
goto end;
#ifdef VBOX
if (PR_GetEnv("TESTBOX_UUID"))
fprintf(stderr, "IPC socket path: %s\n", addr.local.path);
LogRel(("IPC socket path: %s\n", addr.local.path));
#endif
// make socket non-blocking
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_TRUE;
PR_SetSocketOption(fd, &opt);
// do some security checks on connection socket...
if (DoSecurityCheck(fd, addr.local.path) != PR_SUCCESS)
goto end;
*result = fd;
return NS_OK;
end:
if (fd)
PR_Close(fd);
return rv;
}
static void PR_CALLBACK Clientel(void *arg)
{
PRStatus rv;
PRFileDesc *xport;
PRInt32 bytes, sampled;
PRIntervalTime now, interval;
PRBool do_display = PR_FALSE;
Shared *shared = (Shared*)arg;
char *buffer = (char*)PR_Malloc(buffer_size);
PRNetAddr *server_address = &shared->server_address;
PRIntervalTime connect_timeout = PR_SecondsToInterval(5);
PRIntervalTime sampling_interval = PR_SecondsToInterval(SAMPLING_INTERVAL);
PR_fprintf(err, "Client connecting to ");
(void)PrintAddress(server_address);
do
{
xport = PR_Socket(domain, PR_SOCK_STREAM, protocol);
if (NULL == xport)
{
PL_FPrintError(err, "PR_Socket");
return;
}
if (xport_buffer != -1)
{
PRSocketOptionData data;
data.option = PR_SockOpt_RecvBufferSize;
data.value.recv_buffer_size = (PRSize)xport_buffer;
rv = PR_SetSocketOption(xport, &data);
if (PR_FAILURE == rv)
PL_FPrintError(err, "PR_SetSocketOption - ignored");
data.option = PR_SockOpt_SendBufferSize;
data.value.send_buffer_size = (PRSize)xport_buffer;
rv = PR_SetSocketOption(xport, &data);
if (PR_FAILURE == rv)
PL_FPrintError(err, "PR_SetSocketOption - ignored");
}
rv = PR_Connect(xport, server_address, connect_timeout);
if (PR_FAILURE == rv)
{
PL_FPrintError(err, "PR_Connect");
if (PR_IO_TIMEOUT_ERROR != PR_GetError())
PR_Sleep(connect_timeout);
PR_Close(xport); /* delete it and start over */
}
} while (PR_FAILURE == rv);
do
{
bytes = PR_Recv(
xport, buffer, buffer_size, 0, PR_INTERVAL_NO_TIMEOUT);
PR_Lock(shared->ml);
now = PR_IntervalNow();
shared->sampled += bytes;
interval = now - shared->timein;
if (interval > sampling_interval)
{
sampled = shared->sampled;
shared->timein = now;
shared->sampled = 0;
do_display = PR_TRUE;
}
PR_Unlock(shared->ml);
if (do_display)
{
PRUint32 rate = sampled / PR_IntervalToMilliseconds(interval);
PR_fprintf(err, "%u streams @ %u Kbytes/sec\n", shared->threads, rate);
do_display = PR_FALSE;
}
} while (bytes > 0);
} /* Clientel */
PRFileDesc *
getBoundListenSocket(unsigned short port)
{
PRFileDesc * listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
addr.inet.family = PR_AF_INET;
addr.inet.ip = PR_INADDR_ANY;
addr.inet.port = PR_htons(port);
listen_sock = PR_NewTCPSocket();
if (listen_sock == NULL) {
errExit("PR_NewTCPSocket");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
}
opt.option=PR_SockOpt_Reuseaddr;
opt.value.reuse_addr = PR_TRUE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
}
#ifndef WIN95
/* Set PR_SockOpt_Linger because it helps prevent a server bind issue
* after clean shutdown . See bug 331413 .
* Don't do it in the WIN95 build configuration because clean shutdown is
* not implemented, and PR_SockOpt_Linger causes a hang in ssl.sh .
* See bug 332348 */
opt.option=PR_SockOpt_Linger;
opt.value.linger.polarity = PR_TRUE;
opt.value.linger.linger = PR_SecondsToInterval(1);
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Linger)");
}
#endif
prStatus = PR_Bind(listen_sock, &addr);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_Bind");
}
prStatus = PR_Listen(listen_sock, listenQueueDepth);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_Listen");
}
return listen_sock;
}
int
handle_connection(
PRFileDesc *tcp_sock,
PRFileDesc *model_sock,
int requestCert)
{
PRFileDesc *ssl_sock = NULL;
PRFileDesc *local_file_fd = NULL;
char *pBuf; /* unused space at end of buf */
const char *errString;
PRStatus status;
int bufRem; /* unused bytes at end of buf */
int bufDat; /* characters received in buf */
int newln = 0; /* # of consecutive newlns */
int firstTime = 1;
int reqLen;
int rv;
int numIOVs;
PRSocketOptionData opt;
PRIOVec iovs[16];
char msgBuf[160];
char buf[10240];
char fileName[513];
char *getData = NULL; /* inplace conversion */
SECItem postData;
PRBool isOcspRequest = PR_FALSE;
PRBool isPost;
postData.data = NULL;
postData.len = 0;
pBuf = buf;
bufRem = sizeof buf;
VLOG(("httpserv: handle_connection: starting"));
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcp_sock, &opt);
VLOG(("httpserv: handle_connection: starting\n"));
ssl_sock = tcp_sock;
if (noDelay) {
opt.option = PR_SockOpt_NoDelay;
opt.value.no_delay = PR_TRUE;
status = PR_SetSocketOption(ssl_sock, &opt);
if (status != PR_SUCCESS) {
errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
if (ssl_sock) {
PR_Close(ssl_sock);
}
return SECFailure;
}
}
while (1) {
const char *post;
const char *foundStr = NULL;
const char *tmp = NULL;
newln = 0;
reqLen = 0;
rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
if (rv == 0 ||
(rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
if (verbose)
errWarn("HDX PR_Read hit EOF");
break;
}
if (rv < 0) {
errWarn("HDX PR_Read");
goto cleanup;
}
/* NULL termination */
pBuf[rv] = 0;
if (firstTime) {
firstTime = 0;
}
pBuf += rv;
bufRem -= rv;
bufDat = pBuf - buf;
/* Parse the input, starting at the beginning of the buffer.
* Stop when we detect two consecutive \n's (or \r\n's)
* as this signifies the end of the GET or POST portion.
* The posted data follows.
*/
while (reqLen < bufDat && newln < 2) {
int octet = buf[reqLen++];
if (octet == '\n') {
newln++;
} else if (octet != '\r') {
newln = 0;
}
}
/* came to the end of the buffer, or second newln
* If we didn't get an empty line (CRLFCRLF) then keep on reading.
*/
if (newln < 2)
continue;
/* we're at the end of the HTTP request.
* If the request is a POST, then there will be one more
* line of data.
* This parsing is a hack, but ok for SSL test purposes.
*/
post = PORT_Strstr(buf, "POST ");
if (!post || *post != 'P')
break;
postData.data = (void *)(buf + reqLen);
tmp = "content-length: ";
foundStr = PL_strcasestr(buf, tmp);
if (foundStr) {
int expectedPostLen;
int havePostLen;
expectedPostLen = atoi(foundStr + strlen(tmp));
havePostLen = bufDat - reqLen;
if (havePostLen >= expectedPostLen) {
postData.len = expectedPostLen;
break;
}
} else {
/* use legacy hack */
/* It's a post, so look for the next and final CR/LF. */
while (reqLen < bufDat && newln < 3) {
int octet = buf[reqLen++];
if (octet == '\n') {
newln++;
}
}
if (newln == 3)
break;
}
} /* read loop */
bufDat = pBuf - buf;
if (bufDat)
do { /* just close if no data */
/* Have either (a) a complete get, (b) a complete post, (c) EOF */
if (reqLen > 0) {
PRBool isGetOrPost = PR_FALSE;
unsigned skipChars = 0;
isPost = PR_FALSE;
if (!strncmp(buf, getCmd, sizeof getCmd - 1)) {
isGetOrPost = PR_TRUE;
skipChars = 4;
} else if (!strncmp(buf, "POST ", 5)) {
isGetOrPost = PR_TRUE;
isPost = PR_TRUE;
skipChars = 5;
}
if (isGetOrPost) {
char *fnBegin = buf;
char *fnEnd;
char *fnstart = NULL;
PRFileInfo info;
fnBegin += skipChars;
fnEnd = strpbrk(fnBegin, " \r\n");
if (fnEnd) {
int fnLen = fnEnd - fnBegin;
if (fnLen < sizeof fileName) {
strncpy(fileName, fnBegin, fnLen);
fileName[fnLen] = 0; /* null terminate */
fnstart = fileName;
/* strip initial / because our root is the current directory*/
while (*fnstart && *fnstart == '/')
++fnstart;
}
}
if (fnstart) {
if (!strncmp(fnstart, "ocsp", 4)) {
if (isPost) {
if (postData.data) {
isOcspRequest = PR_TRUE;
}
} else {
if (!strncmp(fnstart, "ocsp/", 5)) {
isOcspRequest = PR_TRUE;
getData = fnstart + 5;
}
}
} else {
/* try to open the file named.
* If successful, then write it to the client.
*/
status = PR_GetFileInfo(fnstart, &info);
if (status == PR_SUCCESS &&
info.type == PR_FILE_FILE &&
info.size >= 0) {
local_file_fd = PR_Open(fnstart, PR_RDONLY, 0);
}
}
}
}
}
numIOVs = 0;
iovs[numIOVs].iov_base = (char *)outHeader;
iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
numIOVs++;
if (isOcspRequest && caRevoInfos) {
CERTOCSPRequest *request = NULL;
PRBool failThisRequest = PR_FALSE;
PLArenaPool *arena = NULL;
if (ocspMethodsAllowed == ocspGetOnly && postData.len) {
failThisRequest = PR_TRUE;
} else if (ocspMethodsAllowed == ocspPostOnly && getData) {
failThisRequest = PR_TRUE;
} else if (ocspMethodsAllowed == ocspRandomGetFailure && getData) {
if (!(rand() % 2)) {
failThisRequest = PR_TRUE;
}
}
if (failThisRequest) {
PR_Write(ssl_sock, outBadRequestHeader, strlen(outBadRequestHeader));
break;
}
/* get is base64, post is binary.
* If we have base64, convert into the (empty) postData array.
*/
if (getData) {
if (urldecode_base64chars_inplace(getData) == SECSuccess) {
/* The code below can handle a NULL arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
NSSBase64_DecodeBuffer(arena, &postData, getData, strlen(getData));
}
}
if (postData.len) {
request = CERT_DecodeOCSPRequest(&postData);
}
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if (!request || !request->tbsRequest ||
!request->tbsRequest->requestList ||
!request->tbsRequest->requestList[0]) {
PORT_Sprintf(msgBuf, "Cannot decode OCSP request.\r\n");
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else {
/* TODO: support more than one request entry */
CERTOCSPCertID *reqid = request->tbsRequest->requestList[0]->reqCert;
const caRevoInfo *revoInfo = NULL;
PRBool unknown = PR_FALSE;
PRBool revoked = PR_FALSE;
PRTime nextUpdate = 0;
PRTime revoDate = 0;
PRCList *caRevoIter;
caRevoIter = &caRevoInfos->link;
do {
CERTOCSPCertID *caid;
revoInfo = (caRevoInfo *)caRevoIter;
caid = revoInfo->id;
if (SECOID_CompareAlgorithmID(&reqid->hashAlgorithm,
&caid->hashAlgorithm) == SECEqual &&
SECITEM_CompareItem(&reqid->issuerNameHash,
&caid->issuerNameHash) == SECEqual &&
SECITEM_CompareItem(&reqid->issuerKeyHash,
&caid->issuerKeyHash) == SECEqual) {
break;
}
revoInfo = NULL;
caRevoIter = PR_NEXT_LINK(caRevoIter);
} while (caRevoIter != &caRevoInfos->link);
if (!revoInfo) {
unknown = PR_TRUE;
revoInfo = caRevoInfos;
} else {
CERTCrl *crl = &revoInfo->crl->crl;
CERTCrlEntry *entry = NULL;
DER_DecodeTimeChoice(&nextUpdate, &crl->nextUpdate);
if (crl->entries) {
int iv = 0;
/* assign, not compare */
while ((entry = crl->entries[iv++])) {
if (SECITEM_CompareItem(&reqid->serialNumber,
&entry->serialNumber) == SECEqual) {
break;
}
}
}
if (entry) {
/* revoked status response */
revoked = PR_TRUE;
DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
} else {
/* else good status response */
if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
unknown = PR_TRUE;
nextUpdate = PR_Now() + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*tomorrow*/
revoDate = PR_Now() - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*yesterday*/
}
}
}
{
PRTime now = PR_Now();
PLArenaPool *arena = NULL;
CERTOCSPSingleResponse *sr;
CERTOCSPSingleResponse **singleResponses;
SECItem *ocspResponse;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (unknown) {
sr = CERT_CreateOCSPSingleResponseUnknown(arena, reqid, now,
&nextUpdate);
} else if (revoked) {
sr = CERT_CreateOCSPSingleResponseRevoked(arena, reqid, now,
&nextUpdate, revoDate, NULL);
} else {
sr = CERT_CreateOCSPSingleResponseGood(arena, reqid, now,
&nextUpdate);
}
/* meaning of value 2: one entry + one end marker */
singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
singleResponses[0] = sr;
singleResponses[1] = NULL;
ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
revoInfo->cert, ocspResponderID_byName, now,
singleResponses, &pwdata);
if (!ocspResponse) {
PORT_Sprintf(msgBuf, "Failed to encode response\r\n");
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else {
PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
PORT_FreeArena(arena, PR_FALSE);
}
}
CERT_DestroyOCSPRequest(request);
break;
}
} else if (local_file_fd) {
PRInt32 bytes;
int errLen;
bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
sizeof outHeader - 1,
PR_TRANSMITFILE_KEEP_OPEN,
PR_INTERVAL_NO_TIMEOUT);
if (bytes >= 0) {
bytes -= sizeof outHeader - 1;
FPRINTF(stderr,
"httpserv: PR_TransmitFile wrote %d bytes from %s\n",
bytes, fileName);
break;
}
errString = errWarn("PR_TransmitFile");
errLen = PORT_Strlen(errString);
errLen = PR_MIN(errLen, sizeof msgBuf - 1);
PORT_Memcpy(msgBuf, errString, errLen);
msgBuf[errLen] = 0;
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else if (reqLen <= 0) { /* hit eof */
PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
bufDat);
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else if (reqLen < bufDat) {
PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
bufDat - reqLen);
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
}
if (reqLen > 0) {
if (verbose > 1)
fwrite(buf, 1, reqLen, stdout); /* display it */
iovs[numIOVs].iov_base = buf;
iovs[numIOVs].iov_len = reqLen;
numIOVs++;
}
rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
if (rv < 0) {
errWarn("PR_Writev");
break;
}
} while (0);
void
WorkerThreadFunc(void *_listenSock)
{
PRFileDesc *listenSock = (PRFileDesc *)_listenSock;
PRInt32 bytesRead;
PRInt32 bytesWritten;
char *dataBuf;
char *sendBuf;
if (debug_mode) DPRINTF("\tServer buffer is %d bytes; %d data, %d netaddrs\n",
_client_data+(2*sizeof(PRNetAddr))+32, _client_data, (2*sizeof(PRNetAddr))+32);
dataBuf = (char *)PR_MALLOC(_client_data + 2*sizeof(PRNetAddr) + 32);
if (!dataBuf)
if (debug_mode) printf("\tServer could not malloc space!?\n");
sendBuf = (char *)PR_MALLOC(_server_data *sizeof(char));
if (!sendBuf)
if (debug_mode) printf("\tServer could not malloc space!?\n");
if (debug_mode) DPRINTF("\tServer worker thread running\n");
while(1) {
PRInt32 bytesToRead = _client_data;
PRInt32 bytesToWrite = _server_data;
PRFileDesc *newSock;
PRNetAddr *rAddr;
PRInt32 loops = 0;
loops++;
if (debug_mode) DPRINTF("\tServer thread going into accept\n");
bytesRead = PR_AcceptRead(listenSock,
&newSock,
&rAddr,
dataBuf,
bytesToRead,
PR_INTERVAL_NO_TIMEOUT);
if (bytesRead < 0) {
if (debug_mode) printf("\tServer error in accept (%d)\n", bytesRead);
continue;
}
if (debug_mode) DPRINTF("\tServer accepted connection (%d bytes)\n", bytesRead);
PR_AtomicIncrement(&workerThreadsBusy);
#ifdef SYMBIAN
if (workerThreadsBusy == workerThreads && workerThreads<1) {
#else
if (workerThreadsBusy == workerThreads) {
#endif
PR_Lock(workerThreadsLock);
if (workerThreadsBusy == workerThreads) {
PRThread *WorkerThread;
WorkerThread = PR_CreateThread(
PR_SYSTEM_THREAD,
WorkerThreadFunc,
listenSock,
PR_PRIORITY_NORMAL,
ServerScope,
PR_UNJOINABLE_THREAD,
THREAD_STACKSIZE);
if (!WorkerThread) {
if (debug_mode) printf("Error creating client thread %d\n", workerThreads);
} else {
PR_AtomicIncrement(&workerThreads);
if (debug_mode) DPRINTF("\tServer creates worker (%d)\n", workerThreads);
}
}
PR_Unlock(workerThreadsLock);
}
bytesToRead -= bytesRead;
while (bytesToRead) {
bytesRead = PR_Recv(newSock,
dataBuf,
bytesToRead,
0,
PR_INTERVAL_NO_TIMEOUT);
if (bytesRead < 0) {
if (debug_mode) printf("\tServer error receiving data (%d)\n", bytesRead);
continue;
}
if (debug_mode) DPRINTF("\tServer received %d bytes\n", bytesRead);
}
bytesWritten = PR_Send(newSock,
sendBuf,
bytesToWrite,
0,
PR_INTERVAL_NO_TIMEOUT);
if (bytesWritten != _server_data) {
if (debug_mode) printf("\tError sending data to client (%d, %d)\n",
bytesWritten, PR_GetOSError());
} else {
if (debug_mode) DPRINTF("\tServer sent %d bytes\n", bytesWritten);
}
PR_Close(newSock);
PR_AtomicDecrement(&workerThreadsBusy);
}
}
PRFileDesc *
ServerSetup(void)
{
PRFileDesc *listenSocket;
PRSocketOptionData sockOpt;
PRNetAddr serverAddr;
PRThread *WorkerThread;
if ( (listenSocket = PR_NewTCPSocket()) == NULL) {
if (debug_mode) printf("\tServer error creating listen socket\n");
else failed_already=1;
return NULL;
}
sockOpt.option = PR_SockOpt_Reuseaddr;
sockOpt.value.reuse_addr = PR_TRUE;
if ( PR_SetSocketOption(listenSocket, &sockOpt) == PR_FAILURE) {
if (debug_mode) printf("\tServer error setting socket option: OS error %d\n",
PR_GetOSError());
else failed_already=1;
PR_Close(listenSocket);
return NULL;
}
memset(&serverAddr, 0, sizeof(PRNetAddr));
serverAddr.inet.family = PR_AF_INET;
serverAddr.inet.port = PR_htons(PORT);
serverAddr.inet.ip = PR_htonl(PR_INADDR_ANY);
if ( PR_Bind(listenSocket, &serverAddr) == PR_FAILURE) {
if (debug_mode) printf("\tServer error binding to server address: OS error %d\n",
PR_GetOSError());
else failed_already=1;
PR_Close(listenSocket);
return NULL;
}
if ( PR_Listen(listenSocket, 128) == PR_FAILURE) {
if (debug_mode) printf("\tServer error listening to server socket\n");
else failed_already=1;
PR_Close(listenSocket);
return NULL;
}
/* Create Clients */
workerThreads = 0;
workerThreadsBusy = 0;
workerThreadsLock = PR_NewLock();
WorkerThread = PR_CreateThread(
PR_SYSTEM_THREAD,
WorkerThreadFunc,
listenSocket,
PR_PRIORITY_NORMAL,
ServerScope,
PR_UNJOINABLE_THREAD,
THREAD_STACKSIZE);
if (!WorkerThread) {
if (debug_mode) printf("error creating working thread\n");
PR_Close(listenSocket);
return NULL;
}
PR_AtomicIncrement(&workerThreads);
if (debug_mode) DPRINTF("\tServer created primordial worker thread\n");
return listenSocket;
}
int
StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig,
void *sniSocketConfigArg)
{
const char *debugLevel = PR_GetEnv("MOZ_TLS_SERVER_DEBUG_LEVEL");
if (debugLevel) {
int level = atoi(debugLevel);
switch (level) {
case DEBUG_ERRORS: gDebugLevel = DEBUG_ERRORS; break;
case DEBUG_WARNINGS: gDebugLevel = DEBUG_WARNINGS; break;
case DEBUG_VERBOSE: gDebugLevel = DEBUG_VERBOSE; break;
default:
PrintPRError("invalid MOZ_TLS_SERVER_DEBUG_LEVEL");
return 1;
}
}
const char *callbackPort = PR_GetEnv("MOZ_TLS_SERVER_CALLBACK_PORT");
if (callbackPort) {
gCallbackPort = atoi(callbackPort);
}
if (InitializeNSS(nssCertDBDir) != SECSuccess) {
PR_fprintf(PR_STDERR, "InitializeNSS failed");
return 1;
}
if (NSS_SetDomesticPolicy() != SECSuccess) {
PrintPRError("NSS_SetDomesticPolicy failed");
return 1;
}
if (SSL_ConfigServerSessionIDCache(0, 0, 0, nullptr) != SECSuccess) {
PrintPRError("SSL_ConfigServerSessionIDCache failed");
return 1;
}
UniquePRFileDesc serverSocket(PR_NewTCPSocket());
if (!serverSocket) {
PrintPRError("PR_NewTCPSocket failed");
return 1;
}
PRSocketOptionData socketOption;
socketOption.option = PR_SockOpt_Reuseaddr;
socketOption.value.reuse_addr = true;
PR_SetSocketOption(serverSocket.get(), &socketOption);
PRNetAddr serverAddr;
PR_InitializeNetAddr(PR_IpAddrLoopback, LISTEN_PORT, &serverAddr);
if (PR_Bind(serverSocket.get(), &serverAddr) != PR_SUCCESS) {
PrintPRError("PR_Bind failed");
return 1;
}
if (PR_Listen(serverSocket.get(), 1) != PR_SUCCESS) {
PrintPRError("PR_Listen failed");
return 1;
}
UniquePRFileDesc rawModelSocket(PR_NewTCPSocket());
if (!rawModelSocket) {
PrintPRError("PR_NewTCPSocket failed for rawModelSocket");
return 1;
}
UniquePRFileDesc modelSocket(SSL_ImportFD(nullptr, rawModelSocket.release()));
if (!modelSocket) {
PrintPRError("SSL_ImportFD of rawModelSocket failed");
return 1;
}
if (SSL_SNISocketConfigHook(modelSocket.get(), sniSocketConfig,
sniSocketConfigArg) != SECSuccess) {
PrintPRError("SSL_SNISocketConfigHook failed");
return 1;
}
// We have to configure the server with a certificate, but it's not one
// we're actually going to end up using. In the SNI callback, we pick
// the right certificate for the connection.
if (ConfigSecureServerWithNamedCert(modelSocket.get(), DEFAULT_CERT_NICKNAME,
nullptr, nullptr) != SECSuccess) {
return 1;
}
if (gCallbackPort != 0) {
if (DoCallback()) {
return 1;
}
}
while (true) {
PRNetAddr clientAddr;
PRFileDesc* clientSocket = PR_Accept(serverSocket.get(), &clientAddr,
PR_INTERVAL_NO_TIMEOUT);
HandleConnection(clientSocket, modelSocket);
}
return 0;
}
int main(int argc, char **argv)
{
PRStatus rv;
PRFileDesc *udp = PR_NewUDPSocket();
PRFileDesc *tcp = PR_NewTCPSocket();
const char *tag[] =
{
"PR_SockOpt_Nonblocking", /* nonblocking io */
"PR_SockOpt_Linger", /* linger on close if data present */
"PR_SockOpt_Reuseaddr", /* allow local address reuse */
"PR_SockOpt_Keepalive", /* keep connections alive */
"PR_SockOpt_RecvBufferSize", /* send buffer size */
"PR_SockOpt_SendBufferSize", /* receive buffer size */
"PR_SockOpt_IpTimeToLive", /* time to live */
"PR_SockOpt_IpTypeOfService", /* type of service and precedence */
"PR_SockOpt_AddMember", /* add an IP group membership */
"PR_SockOpt_DropMember", /* drop an IP group membership */
"PR_SockOpt_McastInterface", /* multicast interface address */
"PR_SockOpt_McastTimeToLive", /* multicast timetolive */
"PR_SockOpt_McastLoopback", /* multicast loopback */
"PR_SockOpt_NoDelay", /* don't delay send to coalesce packets */
"PR_SockOpt_MaxSegment", /* maximum segment size */
"PR_SockOpt_Broadcast", /* Enable broadcast */
"PR_SockOpt_Last"
};
err = PR_GetSpecialFD(PR_StandardError);
PR_STDIO_INIT();
if (NULL == udp) Failed("PR_NewUDPSocket()", NULL);
else if (NULL == tcp) Failed("PR_NewTCPSocket()", NULL);
else
{
PRSockOption option;
PRUint32 segment = 1024;
PRNetAddr addr;
rv = PR_InitializeNetAddr(PR_IpAddrAny, 0, &addr);
if (PR_FAILURE == rv) Failed("PR_InitializeNetAddr()", NULL);
rv = PR_Bind(udp, &addr);
if (PR_FAILURE == rv) Failed("PR_Bind()", NULL);
for(option = PR_SockOpt_Linger; option < PR_SockOpt_Last; Incr(&option))
{
PRSocketOptionData data;
PRFileDesc *fd = tcp;
data.option = option;
switch (option)
{
case PR_SockOpt_Nonblocking:
data.value.non_blocking = PR_TRUE;
break;
#ifndef SYMBIAN
case PR_SockOpt_Linger:
data.value.linger.polarity = PR_TRUE;
data.value.linger.linger = PR_SecondsToInterval(2);
break;
#endif
case PR_SockOpt_Reuseaddr:
data.value.reuse_addr = PR_TRUE;
break;
case PR_SockOpt_Keepalive:
data.value.keep_alive = PR_TRUE;
break;
case PR_SockOpt_RecvBufferSize:
data.value.recv_buffer_size = segment;
break;
case PR_SockOpt_SendBufferSize:
data.value.send_buffer_size = segment;
break;
#ifndef SYMBIAN
case PR_SockOpt_IpTimeToLive:
data.value.ip_ttl = 64;
break;
case PR_SockOpt_IpTypeOfService:
data.value.tos = 0;
break;
case PR_SockOpt_McastTimeToLive:
fd = udp;
data.value.mcast_ttl = 4;
break;
case PR_SockOpt_McastLoopback:
fd = udp;
data.value.mcast_loopback = PR_TRUE;
break;
#endif
case PR_SockOpt_NoDelay:
data.value.no_delay = PR_TRUE;
break;
#ifndef WIN32
case PR_SockOpt_MaxSegment:
data.value.max_segment = segment;
break;
#endif
#ifndef SYMBIAN
case PR_SockOpt_Broadcast:
fd = udp;
data.value.broadcast = PR_TRUE;
break;
#endif
default: continue;
}
/*
* TCP_MAXSEG can only be read, not set
*/
if (option != PR_SockOpt_MaxSegment) {
#ifdef WIN32
if (option != PR_SockOpt_McastLoopback)
#endif
{
rv = PR_SetSocketOption(fd, &data);
if (PR_FAILURE == rv)
Failed("PR_SetSocketOption()", tag[option]);
}
}
rv = PR_GetSocketOption(fd, &data);
if (PR_FAILURE == rv) Failed("PR_GetSocketOption()", tag[option]);
}
PR_Close(udp);
PR_Close(tcp);
}
PR_fprintf(err, "%s\n", (failed) ? "FAILED" : "PASSED");
return (failed) ? 1 : 0;
} /* main */
// Constructor
OsTLSServerSocket::OsTLSServerSocket(int connectionQueueSize,
int serverPort,
UtlString certNickname,
UtlString certPassword,
UtlString dbLocation,
const UtlString bindAddress)
: OsServerSocket(connectionQueueSize,serverPort, bindAddress.data(), false),
mCertNickname(certNickname),
mCertPassword(certPassword),
mDbLocation(dbLocation),
mpMozillaSSLSocket(NULL),
mpCert(NULL),
mpPrivKey(NULL),
mTlsInitCode(TLS_INIT_SUCCESS)
{
PRSocketOptionData socketOption;
PRStatus prStatus;
SECStatus secStatus;
// import the newly created socket into NSS, and set the PRFileDesc.
if (socketDescriptor > OS_INVALID_SOCKET_DESCRIPTOR)
{
/* Call the NSPR initialization routines. */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* Set the cert database password callback. */
PK11_SetPasswordFunc(OsTLS::PasswordCallback);
secStatus = NSS_Init(dbLocation.data());
if (secStatus != SECSuccess)
{
mTlsInitCode = TLS_INIT_DATABASE_FAILURE;
return ;
}
/* Set the policy for this server (REQUIRED - no default). */
secStatus = NSS_SetExportPolicy();
if (secStatus != SECSuccess)
{
mTlsInitCode = TLS_INIT_DATABASE_FAILURE;
return ;
}
/* Get own certificate and private key. */
mpCert = PK11_FindCertFromNickname((char*) certNickname.data(), (void*)certPassword.data());
if (mpCert == NULL)
{
return ;
}
unsigned char* szPwd = (unsigned char*) PR_Malloc(certPassword.length()+ 1);
strncpy((char*)szPwd, certPassword.data(), certPassword.length()+1);
mpPrivKey = PK11_FindKeyByAnyCert(mpCert, (void*)szPwd);
if (mpPrivKey == NULL)
{
mTlsInitCode = TLS_INIT_BAD_PASSWORD;
// probably a wrong password
return ;
}
/* Configure the server's cache for a multi-process application
* using default timeout values (24 hrs) and directory location (/tmp).
*/
SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
mpMozillaSSLSocket = PR_ImportTCPSocket(socketDescriptor);
if (!mpMozillaSSLSocket)
{
mTlsInitCode = TLS_INIT_TCP_IMPORT_FAILURE;
}
else
{
/* Make the socket blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(mpMozillaSSLSocket, &socketOption);
if (prStatus != PR_SUCCESS)
{
mTlsInitCode = TLS_INIT_NSS_FAILURE;
return;
}
secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
if (secStatus != SECSuccess)
{
mTlsInitCode = TLS_INIT_NSS_FAILURE;
return;
}
PRNetAddr addr;
/* Configure the network connection. */
addr.inet.family = PR_AF_INET;
addr.inet.ip = inet_addr(bindAddress.data());
addr.inet.port = PR_htons(serverPort);
/* Bind the address to the listener socket. */
prStatus = PR_Bind(mpMozillaSSLSocket, &addr);
if (prStatus != PR_SUCCESS)
{
mTlsInitCode = TLS_INIT_NSS_FAILURE;
return;
}
/* Listen for connection on the socket. The second argument is
* the maximum size of the queue for pending connections.
*/
prStatus = PR_Listen(mpMozillaSSLSocket, connectionQueueSize);
if (prStatus != PR_SUCCESS)
{
mTlsInitCode = TLS_INIT_NSS_FAILURE;
return;
}
}
}
}
int main(int argc, char **argv)
{
PRHostEnt he;
char buf[1024];
PRNetAddr addr;
PRFileDesc *sock;
PRPollDesc pd;
PRStatus rv;
PRSocketOptionData optData;
PRIntn n;
#ifdef XP_MAC
int index;
PRIntervalTime timeout;
SetupMacPrintfLog("nbconn.log");
for (index=0; index<4; index++) {
argv[1] = hosts[index];
timeout = PR_INTERVAL_NO_TIMEOUT;
if (index == 3)
timeout = PR_SecondsToInterval(10UL);
#endif
PR_STDIO_INIT();
#ifndef XP_MAC
if (argc != 2) {
fprintf(stderr, "Usage: nbconn <hostname>\n");
exit(1);
}
#endif
if (PR_GetHostByName(argv[1], buf, sizeof(buf), &he) == PR_FAILURE) {
printf( "Unknown host: %s\n", buf);
exit(1);
} else {
printf( "host: %s\n", buf);
}
PR_EnumerateHostEnt(0, &he, 80, &addr);
sock = PR_NewTCPSocket();
optData.option = PR_SockOpt_Nonblocking;
optData.value.non_blocking = PR_TRUE;
PR_SetSocketOption(sock, &optData);
rv = PR_Connect(sock, &addr, PR_INTERVAL_NO_TIMEOUT);
if (rv == PR_FAILURE && PR_GetError() == PR_IN_PROGRESS_ERROR) {
printf( "Connect in progress\n");
}
pd.fd = sock;
pd.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
#ifndef XP_MAC
n = PR_Poll(&pd, 1, PR_INTERVAL_NO_TIMEOUT);
#else
n = PR_Poll(&pd, 1, timeout);
#endif
if (n == -1) {
printf( "PR_Poll failed\n");
exit(1);
}
printf( "PR_Poll returns %d\n", n);
if (pd.out_flags & PR_POLL_READ) {
printf( "PR_POLL_READ\n");
}
if (pd.out_flags & PR_POLL_WRITE) {
printf( "PR_POLL_WRITE\n");
}
if (pd.out_flags & PR_POLL_EXCEPT) {
printf( "PR_POLL_EXCEPT\n");
}
if (pd.out_flags & PR_POLL_ERR) {
printf( "PR_POLL_ERR\n");
}
if (pd.out_flags & PR_POLL_NVAL) {
printf( "PR_POLL_NVAL\n");
}
if (PR_GetConnectStatus(&pd) == PR_SUCCESS) {
printf("PR_GetConnectStatus: connect succeeded\n");
/* Mac and Win16 have trouble printing to the console. */
#if !defined(XP_MAC) && !defined(WIN16)
PR_Write(sock, "GET /\r\n\r\n", 9);
PR_Shutdown(sock, PR_SHUTDOWN_SEND);
pd.in_flags = PR_POLL_READ;
while (1) {
n = PR_Poll(&pd, 1, PR_INTERVAL_NO_TIMEOUT);
printf( "poll returns %d\n", n);
n = PR_Read(sock, buf, sizeof(buf));
printf( "read returns %d\n", n);
if (n <= 0) {
break;
}
PR_Write(PR_STDOUT, buf, n);
}
#endif
} else {
if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
printf( "PR_GetConnectStatus: connect still in progress\n");
exit(1);
}
printf( "PR_GetConnectStatus: connect failed: (%ld, %ld)\n",
PR_GetError(), PR_GetOSError());
}
PR_Close(sock);
#ifdef XP_MAC
} /* end of for loop */
#endif
printf( "PASS\n");
return 0;
}
// nr_socket APIs (as member functions)
int NrSocket::create(nr_transport_addr *addr) {
int r,_status;
PRStatus status;
PRNetAddr naddr;
nsresult rv;
nsCOMPtr<nsISocketTransportService> stservice =
do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
if (!NS_SUCCEEDED(rv)) {
ABORT(R_INTERNAL);
}
if((r=nr_transport_addr_to_praddr(addr, &naddr)))
ABORT(r);
switch (addr->protocol) {
case IPPROTO_UDP:
if (!(fd_ = PR_NewUDPSocket())) {
r_log(LOG_GENERIC,LOG_CRIT,"Couldn't create socket");
ABORT(R_INTERNAL);
}
break;
case IPPROTO_TCP:
if (!(fd_ = PR_NewTCPSocket())) {
r_log(LOG_GENERIC,LOG_CRIT,"Couldn't create socket");
ABORT(R_INTERNAL);
}
break;
default:
ABORT(R_INTERNAL);
}
status = PR_Bind(fd_, &naddr);
if (status != PR_SUCCESS) {
r_log(LOG_GENERIC,LOG_CRIT,"Couldn't bind socket to address %s",
addr->as_string);
ABORT(R_INTERNAL);
}
r_log(LOG_GENERIC,LOG_DEBUG,"Creating socket %p with addr %s",
fd_, addr->as_string);
nr_transport_addr_copy(&my_addr_,addr);
/* If we have a wildcard port, patch up the addr */
if(nr_transport_addr_is_wildcard(addr)){
status = PR_GetSockName(fd_, &naddr);
if (status != PR_SUCCESS){
r_log(LOG_GENERIC, LOG_CRIT, "Couldn't get sock name for socket");
ABORT(R_INTERNAL);
}
if((r=nr_praddr_to_transport_addr(&naddr,&my_addr_,addr->protocol,1)))
ABORT(r);
}
// Set nonblocking
PRSocketOptionData option;
option.option = PR_SockOpt_Nonblocking;
option.value.non_blocking = PR_TRUE;
status = PR_SetSocketOption(fd_, &option);
if (status != PR_SUCCESS) {
r_log(LOG_GENERIC, LOG_CRIT, "Couldn't make socket nonblocking");
ABORT(R_INTERNAL);
}
// Remember our thread.
ststhread_ = do_QueryInterface(stservice, &rv);
if (!NS_SUCCEEDED(rv))
ABORT(R_INTERNAL);
// Finally, register with the STS
rv = stservice->AttachSocket(fd_, this);
if (!NS_SUCCEEDED(rv)) {
ABORT(R_INTERNAL);
}
_status = 0;
abort:
return(_status);
}
NS_IMETHODIMP
nsServerSocket::InitWithAddress(const PRNetAddr *aAddr, PRInt32 aBackLog)
{
NS_ENSURE_TRUE(mFD == nsnull, NS_ERROR_ALREADY_INITIALIZED);
if (!mLock)
{
mLock = PR_NewLock();
if (!mLock)
return NS_ERROR_OUT_OF_MEMORY;
}
//
// configure listening socket...
//
mFD = PR_OpenTCPSocket(aAddr->raw.family);
if (!mFD)
{
NS_WARNING("unable to create server socket");
return NS_ERROR_FAILURE;
}
PRSocketOptionData opt;
opt.option = PR_SockOpt_Reuseaddr;
opt.value.reuse_addr = PR_TRUE;
PR_SetSocketOption(mFD, &opt);
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_TRUE;
PR_SetSocketOption(mFD, &opt);
if (PR_Bind(mFD, aAddr) != PR_SUCCESS)
{
NS_WARNING("failed to bind socket");
goto fail;
}
if (aBackLog < 0)
aBackLog = 5; // seems like a reasonable default
if (PR_Listen(mFD, aBackLog) != PR_SUCCESS)
{
NS_WARNING("cannot listen on socket");
goto fail;
}
// get the resulting socket address, which may be different than what
// we passed to bind.
if (PR_GetSockName(mFD, &mAddr) != PR_SUCCESS)
{
NS_WARNING("cannot get socket name");
goto fail;
}
// wait until AsyncListen is called before polling the socket for
// client connections.
return NS_OK;
fail:
Close();
return NS_ERROR_FAILURE;
}
/* Non-blocking I/O */
static void ClientNB(void *arg)
{
PRFileDesc *sock;
PRSocketOptionData opt;
PRUint16 port = (PRUint16) arg;
PRNetAddr addr;
char buf[BUFFER_SIZE];
PRPollDesc pd;
PRInt32 npds;
PRInt32 nbytes;
int i;
int j;
sock = PR_OpenTCPSocket(PR_AF_INET6);
if (NULL == sock) {
fprintf(stderr, "PR_OpenTCPSocket failed\n");
exit(1);
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_TRUE;
if (PR_SetSocketOption(sock, &opt) == PR_FAILURE) {
fprintf(stderr, "PR_SetSocketOption failed\n");
exit(1);
}
memset(&addr, 0, sizeof(addr));
if (PR_SetNetAddr(PR_IpAddrLoopback, PR_AF_INET6, port, &addr)
== PR_FAILURE) {
fprintf(stderr, "PR_SetNetAddr failed\n");
exit(1);
}
if (PR_Connect(sock, &addr, PR_INTERVAL_NO_TIMEOUT) == PR_FAILURE) {
if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
fprintf(stderr, "PR_Connect failed\n");
exit(1);
}
pd.fd = sock;
pd.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
npds = PR_Poll(&pd, 1, PR_INTERVAL_NO_TIMEOUT);
if (-1 == npds) {
fprintf(stderr, "PR_Poll failed\n");
exit(1);
}
if (1 != npds) {
fprintf(stderr, "PR_Poll returned %d, absurd!\n", npds);
exit(1);
}
if (PR_GetConnectStatus(&pd) == PR_FAILURE) {
fprintf(stderr, "PR_GetConnectStatus failed\n");
exit(1);
}
}
for (i = 0; i < iterations; i++) {
PR_Sleep(PR_SecondsToInterval(1));
memset(buf, 2*i, send_amount[i]);
while ((nbytes = PR_Send(sock, buf, send_amount[i],
0, PR_INTERVAL_NO_TIMEOUT)) == -1) {
if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
fprintf(stderr, "PR_Send failed\n");
exit(1);
}
pd.fd = sock;
pd.in_flags = PR_POLL_WRITE;
npds = PR_Poll(&pd, 1, PR_INTERVAL_NO_TIMEOUT);
if (-1 == npds) {
fprintf(stderr, "PR_Poll failed\n");
exit(1);
}
if (1 != npds) {
fprintf(stderr, "PR_Poll returned %d, absurd!\n", npds);
exit(1);
}
}
if (send_amount[i] != nbytes) {
fprintf(stderr, "PR_Send returned %d, absurd!\n", nbytes);
exit(1);
}
memset(buf, 0, sizeof(buf));
while ((nbytes = PR_Recv(sock, buf, recv_amount[i],
PR_MSG_PEEK, PR_INTERVAL_NO_TIMEOUT)) == -1) {
if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
fprintf(stderr, "PR_Recv failed\n");
exit(1);
}
pd.fd = sock;
pd.in_flags = PR_POLL_READ;
npds = PR_Poll(&pd, 1, PR_INTERVAL_NO_TIMEOUT);
if (-1 == npds) {
fprintf(stderr, "PR_Poll failed\n");
exit(1);
}
if (1 != npds) {
fprintf(stderr, "PR_Poll returned %d, absurd!\n", npds);
exit(1);
}
}
if (send_amount[i] != nbytes) {
fprintf(stderr, "PR_Recv returned %d, absurd!\n", nbytes);
exit(1);
}
for (j = 0; j < nbytes; j++) {
if (buf[j] != 2*i+1) {
fprintf(stderr, "byte %d should be %d but is %d\n",
j, 2*i+1, buf[j]);
exit(1);
}
}
fprintf(stderr, "client: peeked expected data\n");
memset(buf, 0, sizeof(buf));
nbytes = PR_Recv(sock, buf, recv_amount[i],
PR_MSG_PEEK, PR_INTERVAL_NO_TIMEOUT);
if (-1 == nbytes) {
fprintf(stderr, "PR_Recv failed\n");
exit(1);
}
if (send_amount[i] != nbytes) {
fprintf(stderr, "PR_Recv returned %d, absurd!\n", nbytes);
exit(1);
}
for (j = 0; j < nbytes; j++) {
if (buf[j] != 2*i+1) {
fprintf(stderr, "byte %d should be %d but is %d\n",
j, 2*i+1, buf[j]);
exit(1);
}
}
fprintf(stderr, "client: peeked expected data\n");
memset(buf, 0, sizeof(buf));
nbytes = PR_Recv(sock, buf, recv_amount[i],
0, PR_INTERVAL_NO_TIMEOUT);
if (-1 == nbytes) {
fprintf(stderr, "PR_Recv failed\n");
exit(1);
}
if (send_amount[i] != nbytes) {
fprintf(stderr, "PR_Recv returned %d, absurd!\n", nbytes);
exit(1);
}
for (j = 0; j < nbytes; j++) {
if (buf[j] != 2*i+1) {
fprintf(stderr, "byte %d should be %d but is %d\n",
j, 2*i+1, buf[j]);
exit(1);
}
}
fprintf(stderr, "client: received expected data\n");
}
if (PR_Close(sock) == PR_FAILURE) {
fprintf(stderr, "PR_Close failed\n");
exit(1);
}
}
static void AcceptingThread(void *arg)
{
PRStatus rv;
PRInt32 bytes;
PRSize buf_size = BUF_SIZE;
PRUint8 buf[BUF_SIZE + (2 * sizeof(PRNetAddr)) + 32];
PRNetAddr *accept_addr, *listen_addr = (PRNetAddr*)arg;
PRFileDesc *accept_sock, *listen_sock = PR_NewTCPSocket();
PRFileDesc *layer;
PRSocketOptionData sock_opt;
if (NULL == listen_sock)
{
PL_FPrintError(err_out, "PR_NewTCPSocket (server) failed");
PR_ProcessExit(1);
}
layer = PR_CreateIOLayerStub(emu_layer_ident, &emu_layer_methods);
if (NULL == layer)
{
PL_FPrintError(err_out, "PR_CreateIOLayerStub (server) failed");
PR_ProcessExit(1);
}
if (PR_PushIOLayer(listen_sock, PR_TOP_IO_LAYER, layer) == PR_FAILURE)
{
PL_FPrintError(err_out, "PR_PushIOLayer (server) failed");
PR_ProcessExit(1);
}
sock_opt.option = PR_SockOpt_Reuseaddr;
sock_opt.value.reuse_addr = PR_TRUE;
rv = PR_SetSocketOption(listen_sock, &sock_opt);
if (PR_FAILURE == rv)
{
PL_FPrintError(err_out, "PR_SetSocketOption (server) failed");
PR_ProcessExit(1);
}
rv = PR_Bind(listen_sock, listen_addr);
if (PR_FAILURE == rv)
{
PL_FPrintError(err_out, "PR_Bind (server) failed");
PR_ProcessExit(1);
}
rv = PR_Listen(listen_sock, 10);
if (PR_FAILURE == rv)
{
PL_FPrintError(err_out, "PR_Listen (server) failed");
PR_ProcessExit(1);
}
bytes = PR_AcceptRead(
listen_sock, &accept_sock, &accept_addr, buf, buf_size, accept_timeout);
if (-1 == bytes) PL_FPrintError(err_out, "PR_AcceptRead (server) failed");
else
{
PrintAddress(accept_addr);
PR_fprintf(
std_out, "(Server) read [0x%p..0x%p) %s\n",
buf, &buf[BUF_SIZE], buf);
bytes = PR_Write(accept_sock, buf, bytes);
rv = PR_Shutdown(accept_sock, PR_SHUTDOWN_BOTH);
if (PR_FAILURE == rv)
PL_FPrintError(err_out, "PR_Shutdown (server) failed");
}
if (-1 != bytes)
{
rv = PR_Close(accept_sock);
if (PR_FAILURE == rv)
PL_FPrintError(err_out, "PR_Close (server) failed");
}
rv = PR_Close(listen_sock);
if (PR_FAILURE == rv)
PL_FPrintError(err_out, "PR_Close (server) failed");
} /* AcceptingThread */
PRFileDesc *
setupSSLSocket(PRNetAddr *addr)
{
PRFileDesc *tcpSocket;
PRFileDesc *sslSocket;
PRSocketOptionData socketOption;
PRStatus prStatus;
SECStatus secStatus;
tcpSocket = PR_NewTCPSocket();
if (tcpSocket == NULL) {
errWarn("PR_NewTCPSocket");
}
/* Make the socket blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
if (prStatus != PR_SUCCESS) {
errWarn("PR_SetSocketOption");
goto loser;
}
/* Import the socket into the SSL layer. */
sslSocket = SSL_ImportFD(NULL, tcpSocket);
if (!sslSocket) {
errWarn("SSL_ImportFD");
goto loser;
}
/* Set configuration options. */
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_SECURITY");
goto loser;
}
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
goto loser;
}
/* Set SSL callback routines. */
secStatus = SSL_GetClientAuthDataHook(sslSocket,
(SSLGetClientAuthData)myGetClientAuthData,
(void *)certNickname);
if (secStatus != SECSuccess) {
errWarn("SSL_GetClientAuthDataHook");
goto loser;
}
secStatus = SSL_AuthCertificateHook(sslSocket,
(SSLAuthCertificate)myAuthCertificate,
(void *)CERT_GetDefaultCertDB());
if (secStatus != SECSuccess) {
errWarn("SSL_AuthCertificateHook");
goto loser;
}
secStatus = SSL_BadCertHook(sslSocket,
(SSLBadCertHandler)myBadCertHandler, NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_BadCertHook");
goto loser;
}
secStatus = SSL_HandshakeCallback(sslSocket,
myHandshakeCallback,
NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
return sslSocket;
loser:
PR_Close(tcpSocket);
return NULL;
}
static void PR_CALLBACK Server(void *arg)
{
PRStatus rv;
PRNetAddr serverAddress;
PRThread *me = PR_GetCurrentThread();
CSServer_t *server = (CSServer_t*)arg;
PRSocketOptionData sockOpt;
server->listener = PR_Socket(domain, SOCK_STREAM, protocol);
sockOpt.option = PR_SockOpt_Reuseaddr;
sockOpt.value.reuse_addr = PR_TRUE;
rv = PR_SetSocketOption(server->listener, &sockOpt);
TEST_ASSERT(PR_SUCCESS == rv);
memset(&serverAddress, 0, sizeof(serverAddress));
if (PR_AF_INET6 != domain)
rv = PR_InitializeNetAddr(PR_IpAddrAny, DEFAULT_PORT, &serverAddress);
else
rv = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, DEFAULT_PORT,
&serverAddress);
rv = PR_Bind(server->listener, &serverAddress);
TEST_ASSERT(PR_SUCCESS == rv);
rv = PR_Listen(server->listener, server->backlog);
TEST_ASSERT(PR_SUCCESS == rv);
server->started = PR_IntervalNow();
TimeOfDayMessage("Server started at", me);
PR_Lock(server->ml);
server->state = cs_run;
PR_NotifyCondVar(server->stateChange);
PR_Unlock(server->ml);
/*
** Create the first worker (actually, a thread that accepts
** connections and then processes the work load as needed).
** From this point on, additional worker threads are created
** as they are needed by existing worker threads.
*/
rv = CreateWorker(server, &server->pool);
TEST_ASSERT(PR_SUCCESS == rv);
/*
** From here on this thread is merely hanging around as the contact
** point for the main test driver. It's just waiting for the driver
** to declare the test complete.
*/
TEST_LOG(
cltsrv_log_file, TEST_LOG_VERBOSE,
("\tServer(0x%p): waiting for state change\n", me));
PR_Lock(server->ml);
while ((cs_run == server->state) && !Aborted(rv))
{
rv = PR_WaitCondVar(server->stateChange, PR_INTERVAL_NO_TIMEOUT);
}
PR_Unlock(server->ml);
PR_ClearInterrupt();
TEST_LOG(
cltsrv_log_file, TEST_LOG_INFO,
("\tServer(0x%p): shutting down workers\n", me));
/*
** Get all the worker threads to exit. They know how to
** clean up after themselves, so this is just a matter of
** waiting for clorine in the pool to take effect. During
** this stage we're ignoring interrupts.
*/
server->workers.minimum = server->workers.maximum = 0;
PR_Lock(server->ml);
while (!PR_CLIST_IS_EMPTY(&server->list))
{
PRCList *head = PR_LIST_HEAD(&server->list);
CSWorker_t *worker = (CSWorker_t*)head;
TEST_LOG(
cltsrv_log_file, TEST_LOG_VERBOSE,
("\tServer(0x%p): interrupting worker(0x%p)\n", me, worker));
rv = PR_Interrupt(worker->thread);
TEST_ASSERT(PR_SUCCESS == rv);
PR_REMOVE_AND_INIT_LINK(head);
}
while (server->pool.workers > 0)
{
TEST_LOG(
cltsrv_log_file, TEST_LOG_NOTICE,
("\tServer(0x%p): waiting for %u workers to exit\n",
me, server->pool.workers));
(void)PR_WaitCondVar(server->pool.exiting, PR_INTERVAL_NO_TIMEOUT);
}
server->state = cs_exit;
PR_NotifyCondVar(server->stateChange);
PR_Unlock(server->ml);
TEST_LOG(
cltsrv_log_file, TEST_LOG_ALWAYS,
("\tServer(0x%p): stopped after %u operations and %u bytes\n",
me, server->operations, server->bytesTransferred));
if (NULL != server->listener) PR_Close(server->listener);
server->stopped = PR_IntervalNow();
} /* Server */
static bool NewTCPSocketPair(PRFileDesc *fd[])
{
// this is a replacement for PR_NewTCPSocketPair that manually
// sets the recv buffer to 64K. A windows bug (1248358)
// can result in using an incompatible rwin and window
// scale option on localhost pipes if not set before connect.
PRFileDesc *listener = nullptr;
PRFileDesc *writer = nullptr;
PRFileDesc *reader = nullptr;
PRSocketOptionData recvBufferOpt;
recvBufferOpt.option = PR_SockOpt_RecvBufferSize;
recvBufferOpt.value.recv_buffer_size = 65535;
PRSocketOptionData nodelayOpt;
nodelayOpt.option = PR_SockOpt_NoDelay;
nodelayOpt.value.no_delay = true;
PRSocketOptionData noblockOpt;
noblockOpt.option = PR_SockOpt_Nonblocking;
noblockOpt.value.non_blocking = true;
listener = PR_OpenTCPSocket(PR_AF_INET);
if (!listener) {
goto failed;
}
PR_SetSocketOption(listener, &recvBufferOpt);
PR_SetSocketOption(listener, &nodelayOpt);
PRNetAddr listenAddr;
memset(&listenAddr, 0, sizeof(listenAddr));
if ((PR_InitializeNetAddr(PR_IpAddrLoopback, 0, &listenAddr) == PR_FAILURE) ||
(PR_Bind(listener, &listenAddr) == PR_FAILURE) ||
(PR_GetSockName(listener, &listenAddr) == PR_FAILURE) || // learn the dynamic port
(PR_Listen(listener, 5) == PR_FAILURE)) {
goto failed;
}
writer = PR_OpenTCPSocket(PR_AF_INET);
if (!writer) {
goto failed;
}
PR_SetSocketOption(writer, &recvBufferOpt);
PR_SetSocketOption(writer, &nodelayOpt);
PR_SetSocketOption(writer, &noblockOpt);
PRNetAddr writerAddr;
if (PR_InitializeNetAddr(PR_IpAddrLoopback, ntohs(listenAddr.inet.port), &writerAddr) == PR_FAILURE) {
goto failed;
}
if (PR_Connect(writer, &writerAddr, PR_INTERVAL_NO_TIMEOUT) == PR_FAILURE) {
if ((PR_GetError() != PR_IN_PROGRESS_ERROR) ||
(PR_ConnectContinue(writer, PR_POLL_WRITE) == PR_FAILURE)) {
goto failed;
}
}
reader = PR_Accept(listener, &listenAddr, PR_INTERVAL_NO_TIMEOUT);
if (!reader) {
goto failed;
}
PR_SetSocketOption(reader, &recvBufferOpt);
PR_SetSocketOption(reader, &nodelayOpt);
PR_SetSocketOption(reader, &noblockOpt);
PR_Close(listener);
fd[0] = reader;
fd[1] = writer;
return true;
failed:
if (listener) {
PR_Close(listener);
}
if (reader) {
PR_Close(reader);
}
if (writer) {
PR_Close(writer);
}
return false;
}
int main(int argc, char **argv)
{
PRStatus rv;
PLOptStatus os;
PRFileDesc *client, *service;
PRNetAddr any_address;
const char *server_name = NULL;
const PRIOMethods *stubMethods;
PRThread *client_thread, *server_thread;
PRThreadScope thread_scope = PR_LOCAL_THREAD;
PRSocketOptionData socket_noblock, socket_nodelay;
PLOptState *opt = PL_CreateOptState(argc, argv, "dqGC:c:p:");
while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
{
if (PL_OPT_BAD == os) continue;
switch (opt->option)
{
case 0:
server_name = opt->value;
break;
case 'd': /* debug mode */
if (verbosity < noisy)
verbosity = ChangeVerbosity(verbosity, 1);
break;
case 'q': /* debug mode */
if (verbosity > silent)
verbosity = ChangeVerbosity(verbosity, -1);
break;
case 'G': /* use global threads */
thread_scope = PR_GLOBAL_THREAD;
break;
case 'C': /* number of threads waiting */
major_iterations = atoi(opt->value);
break;
case 'c': /* number of client threads */
minor_iterations = atoi(opt->value);
break;
case 'p': /* default port */
default_port = atoi(opt->value);
break;
default:
break;
}
}
PL_DestroyOptState(opt);
PR_STDIO_INIT();
logFile = PR_GetSpecialFD(PR_StandardError);
identity = PR_GetUniqueIdentity("Dummy");
stubMethods = PR_GetDefaultIOMethods();
/*
** The protocol we're going to implement is one where in order to initiate
** a send, the sender must first solicit permission. Therefore, every
** send is really a send - receive - send sequence.
*/
myMethods = *stubMethods; /* first get the entire batch */
myMethods.accept = MyAccept; /* then override the ones we care about */
myMethods.recv = MyRecv; /* then override the ones we care about */
myMethods.send = MySend; /* then override the ones we care about */
myMethods.close = MyClose; /* then override the ones we care about */
myMethods.poll = MyPoll; /* then override the ones we care about */
if (NULL == server_name)
rv = PR_InitializeNetAddr(
PR_IpAddrLoopback, default_port, &server_address);
else
{
rv = PR_StringToNetAddr(server_name, &server_address);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_InitializeNetAddr(
PR_IpAddrNull, default_port, &server_address);
}
PR_ASSERT(PR_SUCCESS == rv);
socket_noblock.value.non_blocking = PR_TRUE;
socket_noblock.option = PR_SockOpt_Nonblocking;
socket_nodelay.value.no_delay = PR_TRUE;
socket_nodelay.option = PR_SockOpt_NoDelay;
/* one type w/o layering */
while (major_iterations-- > 0)
{
if (verbosity > silent)
PR_fprintf(logFile, "Beginning non-layered test\n");
client = PR_NewTCPSocket(); PR_ASSERT(NULL != client);
service = PR_NewTCPSocket(); PR_ASSERT(NULL != service);
rv = PR_SetSocketOption(client, &socket_noblock);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_SetSocketOption(service, &socket_noblock);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_SetSocketOption(client, &socket_nodelay);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_SetSocketOption(service, &socket_nodelay);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_InitializeNetAddr(PR_IpAddrAny, default_port, &any_address);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Bind(service, &any_address); PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Listen(service, 10); PR_ASSERT(PR_SUCCESS == rv);
server_thread = PR_CreateThread(
PR_USER_THREAD, Server, service,
PR_PRIORITY_HIGH, thread_scope,
PR_JOINABLE_THREAD, 16 * 1024);
PR_ASSERT(NULL != server_thread);
client_thread = PR_CreateThread(
PR_USER_THREAD, Client, client,
PR_PRIORITY_NORMAL, thread_scope,
PR_JOINABLE_THREAD, 16 * 1024);
PR_ASSERT(NULL != client_thread);
rv = PR_JoinThread(client_thread);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_JoinThread(server_thread);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Close(client); PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Close(service); PR_ASSERT(PR_SUCCESS == rv);
if (verbosity > silent)
PR_fprintf(logFile, "Ending non-layered test\n");
/* with layering */
if (verbosity > silent)
PR_fprintf(logFile, "Beginning layered test\n");
client = PR_NewTCPSocket(); PR_ASSERT(NULL != client);
service = PR_NewTCPSocket(); PR_ASSERT(NULL != service);
rv = PR_SetSocketOption(client, &socket_noblock);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_SetSocketOption(service, &socket_noblock);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_SetSocketOption(client, &socket_nodelay);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_SetSocketOption(service, &socket_nodelay);
PR_ASSERT(PR_SUCCESS == rv);
PushLayer(client);
PushLayer(service);
rv = PR_InitializeNetAddr(PR_IpAddrAny, default_port, &any_address);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Bind(service, &any_address); PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Listen(service, 10); PR_ASSERT(PR_SUCCESS == rv);
server_thread = PR_CreateThread(
PR_USER_THREAD, Server, service,
PR_PRIORITY_HIGH, thread_scope,
PR_JOINABLE_THREAD, 16 * 1024);
PR_ASSERT(NULL != server_thread);
client_thread = PR_CreateThread(
PR_USER_THREAD, Client, client,
PR_PRIORITY_NORMAL, thread_scope,
PR_JOINABLE_THREAD, 16 * 1024);
PR_ASSERT(NULL != client_thread);
rv = PR_JoinThread(client_thread);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_JoinThread(server_thread);
PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Close(PopLayer(client)); PR_ASSERT(PR_SUCCESS == rv);
rv = PR_Close(PopLayer(service)); PR_ASSERT(PR_SUCCESS == rv);
if (verbosity > silent)
PR_fprintf(logFile, "Ending layered test\n");
}
return 0;
} /* main */
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{
PRErrorCode err = 0;
PRFileDesc *model = NULL;
PRBool ssl2 = PR_FALSE;
PRBool ssl3 = PR_FALSE;
PRBool tlsv1 = PR_FALSE;
PRBool ssl_no_cache;
PRBool ssl_cbc_random_iv;
struct SessionHandle *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CURLcode curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
long time_left;
PRUint32 timeout;
if(connssl->state == ssl_connection_complete)
return CURLE_OK;
connssl->data = data;
/* list of all NSS objects we need to destroy in Curl_nss_close() */
connssl->obj_list = Curl_llist_alloc(nss_destroy_object);
if(!connssl->obj_list)
return CURLE_OUT_OF_MEMORY;
/* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
curlerr = nss_init(conn->data);
if(CURLE_OK != curlerr) {
PR_Unlock(nss_initlock);
goto error;
}
curlerr = CURLE_SSL_CONNECT_ERROR;
if(!mod) {
char *configstring = aprintf("library=%s name=PEM", pem_library);
if(!configstring) {
PR_Unlock(nss_initlock);
goto error;
}
mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
free(configstring);
if(!mod || !mod->loaded) {
if(mod) {
SECMOD_DestroyModule(mod);
mod = NULL;
}
infof(data, "WARNING: failed to load NSS PEM library %s. Using "
"OpenSSL PEM certificates will not work.\n", pem_library);
}
}
PK11_SetPasswordFunc(nss_get_password);
PR_Unlock(nss_initlock);
model = PR_NewTCPSocket();
if(!model)
goto error;
model = SSL_ImportFD(NULL, model);
/* make the socket nonblocking */
sock_opt.option = PR_SockOpt_Nonblocking;
sock_opt.value.non_blocking = PR_TRUE;
if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
goto error;
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
goto error;
/* do not use SSL cache if we are not going to verify peer */
ssl_no_cache = (data->set.ssl.verifypeer) ? PR_FALSE : PR_TRUE;
if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
goto error;
switch (data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
ssl3 = PR_TRUE;
if(data->state.ssl_connect_retry)
infof(data, "TLS disabled due to previous handshake failure\n");
else
tlsv1 = PR_TRUE;
break;
case CURL_SSLVERSION_TLSv1:
tlsv1 = PR_TRUE;
break;
case CURL_SSLVERSION_SSLv2:
ssl2 = PR_TRUE;
break;
case CURL_SSLVERSION_SSLv3:
ssl3 = PR_TRUE;
break;
}
if(SSL_OptionSet(model, SSL_ENABLE_SSL2, ssl2) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_ENABLE_SSL3, ssl3) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
goto error;
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
goto error;
ssl_cbc_random_iv = !data->set.ssl_enable_beast;
#ifdef SSL_CBC_RANDOM_IV
/* unless the user explicitly asks to allow the protocol vulnerability, we
use the work-around */
if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
ssl_cbc_random_iv);
#else
if(ssl_cbc_random_iv)
infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
#endif
/* reset the flag to avoid an infinite loop */
data->state.ssl_connect_retry = FALSE;
/* enable all ciphers from enable_ciphers_by_default */
cipher_to_enable = enable_ciphers_by_default;
while(SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
if(SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;
goto error;
}
cipher_to_enable++;
}
if(data->set.ssl.cipher_list) {
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;
goto error;
}
}
if(!data->set.ssl.verifypeer && data->set.ssl.verifyhost)
infof(data, "warning: ignoring value of ssl.verifyhost\n");
/* bypass the default SSL_AuthCertificate() hook in case we do not want to
* verify peer */
if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess)
goto error;
data->set.ssl.certverifyresult=0; /* not checked yet */
if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
goto error;
if(SSL_HandshakeCallback(model, HandshakeCallback, NULL) != SECSuccess)
goto error;
if(data->set.ssl.verifypeer) {
const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
if(CURLE_OK != rv) {
curlerr = rv;
goto error;
}
}
if(data->set.ssl.CRLfile) {
if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
curlerr = CURLE_SSL_CRL_BADFILE;
goto error;
}
infof(data,
" CRLfile: %s\n",
data->set.ssl.CRLfile ? data->set.ssl.CRLfile : "none");
}
if(data->set.str[STRING_CERT]) {
char *nickname = dup_nickname(data, STRING_CERT);
if(nickname) {
/* we are not going to use libnsspem.so to read the client cert */
connssl->obj_clicert = NULL;
}
else {
CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
data->set.str[STRING_KEY]);
if(CURLE_OK != rv) {
/* failf() is already done in cert_stuff() */
curlerr = rv;
goto error;
}
}
/* store the nickname for SelectClientCert() called during handshake */
connssl->client_nickname = nickname;
}
else
connssl->client_nickname = NULL;
if(SSL_GetClientAuthDataHook(model, SelectClientCert,
(void *)connssl) != SECSuccess) {
curlerr = CURLE_SSL_CERTPROBLEM;
goto error;
}
/* Import our model socket onto the existing file descriptor */
connssl->handle = PR_ImportTCPSocket(sockfd);
connssl->handle = SSL_ImportFD(model, connssl->handle);
if(!connssl->handle)
goto error;
PR_Close(model); /* We don't need this any more */
model = NULL;
/* This is the password associated with the cert that we're using */
if(data->set.str[STRING_KEY_PASSWD]) {
SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
}
/* Force handshake on next I/O */
SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
SSL_SetURL(connssl->handle, conn->host.name);
/* check timeout situation */
time_left = Curl_timeleft(data, NULL, TRUE);
if(time_left < 0L) {
failf(data, "timed out before SSL handshake");
curlerr = CURLE_OPERATION_TIMEDOUT;
goto error;
}
timeout = PR_MillisecondsToInterval((PRUint32) time_left);
/* Force the handshake now */
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
curlerr = CURLE_PEER_FAILED_VERIFICATION;
else if(conn->data->set.ssl.certverifyresult!=0)
curlerr = CURLE_SSL_CACERT;
goto error;
}
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = nss_recv;
conn->send[sockindex] = nss_send;
display_conn_info(conn, connssl->handle);
if(data->set.str[STRING_SSL_ISSUERCERT]) {
SECStatus ret = SECFailure;
char *nickname = dup_nickname(data, STRING_SSL_ISSUERCERT);
if(nickname) {
/* we support only nicknames in case of STRING_SSL_ISSUERCERT for now */
ret = check_issuer_cert(connssl->handle, nickname);
free(nickname);
}
if(SECFailure == ret) {
infof(data,"SSL certificate issuer check failed\n");
curlerr = CURLE_SSL_ISSUER_ERROR;
goto error;
}
else {
infof(data, "SSL certificate issuer check ok\n");
}
}
return CURLE_OK;
error:
/* reset the flag to avoid an infinite loop */
data->state.ssl_connect_retry = FALSE;
if(is_nss_error(curlerr)) {
/* read NSPR error code */
err = PR_GetError();
if(is_cc_error(err))
curlerr = CURLE_SSL_CERTPROBLEM;
/* print the error number and error string */
infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
/* print a human-readable message describing the error if available */
nss_print_error_message(data, err);
}
if(model)
PR_Close(model);
/* cleanup on connection failure */
Curl_llist_destroy(connssl->obj_list, NULL);
connssl->obj_list = NULL;
if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
/* schedule reconnect through Curl_retry_request() */
data->state.ssl_connect_retry = TRUE;
infof(data, "Error in TLS handshake, trying SSLv3...\n");
return CURLE_OK;
}
return curlerr;
}
NS_IMETHODIMP
nsServerSocket::InitWithAddress(const PRNetAddr *aAddr, int32_t aBackLog)
{
NS_ENSURE_TRUE(mFD == nullptr, NS_ERROR_ALREADY_INITIALIZED);
nsresult rv;
//
// configure listening socket...
//
mFD = PR_OpenTCPSocket(aAddr->raw.family);
if (!mFD)
{
NS_WARNING("unable to create server socket");
return ErrorAccordingToNSPR(PR_GetError());
}
PRSocketOptionData opt;
opt.option = PR_SockOpt_Reuseaddr;
opt.value.reuse_addr = true;
PR_SetSocketOption(mFD, &opt);
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = true;
PR_SetSocketOption(mFD, &opt);
if (PR_Bind(mFD, aAddr) != PR_SUCCESS)
{
NS_WARNING("failed to bind socket");
goto fail;
}
if (aBackLog < 0)
aBackLog = 5; // seems like a reasonable default
if (PR_Listen(mFD, aBackLog) != PR_SUCCESS)
{
NS_WARNING("cannot listen on socket");
goto fail;
}
// get the resulting socket address, which may be different than what
// we passed to bind.
if (PR_GetSockName(mFD, &mAddr) != PR_SUCCESS)
{
NS_WARNING("cannot get socket name");
goto fail;
}
// Set any additional socket defaults needed by child classes
rv = SetSocketDefaults();
if (NS_WARN_IF(NS_FAILED(rv))) {
goto fail;
}
// wait until AsyncListen is called before polling the socket for
// client connections.
return NS_OK;
fail:
rv = ErrorAccordingToNSPR(PR_GetError());
Close();
return rv;
}
