int
https_connect(struct url *url, struct url *proxy)
{
static struct tls_config *tls_config = NULL;
int s;
/* One time initialization */
if (tls_config == NULL)
tls_config = https_init();
if ((ctx = tls_client()) == NULL) {
warnx("failed to create tls client");
return -1;
}
if (tls_configure(ctx, tls_config) != 0) {
warnx("%s: %s", __func__, tls_error(ctx));
return -1;
}
if (url->port[0] == '\0')
(void)strlcpy(url->port, "443", sizeof(url->port));
if ((s = http_connect(url, proxy)) == -1)
return -1;
if (tls_connect_socket(ctx, s, url->host) != 0) {
warnx("%s: %s", __func__, tls_error(ctx));
return -1;
}
return s;
}
static const char *start_worker(struct Worker *w, int fd)
{
int err;
w->socket = fd;
if (w->is_server) {
err = tls_accept_socket(w->base, &w->ctx, fd);
} else {
err = tls_connect_socket(w->ctx, fd, w->hostname);
}
if (err != 0) {
return tls_error(w->ctx ? w->ctx : w->base);
}
return do_handshake(w, fd);
}
static const char *do_handshake(struct Worker *w, int fd)
{
int err;
const char *msg;
if (w->is_server) {
err = tls_accept_socket(w->base, &w->ctx, fd);
} else {
err = tls_connect_socket(w->ctx, fd, w->hostname);
}
if (err == TLS_READ_AGAIN) {
return wait_for_event(w, EV_READ);
} else if (err == TLS_WRITE_AGAIN) {
return wait_for_event(w, EV_WRITE);
} else if (err == 0) {
w->wstate = CONNECTED;
return done_handshake(w);
}
msg = tls_error(w->ctx ? w->ctx : w->base);
return msg ? msg : "handshake failure";
}
int
tls_connect_servername(struct tls *ctx, const char *host, const char *port,
const char *servername)
{
struct addrinfo hints, *res, *res0;
const char *h = NULL, *p = NULL;
char *hs = NULL, *ps = NULL;
int rv = -1, s = -1, ret;
if ((ctx->flags & TLS_CLIENT) == 0) {
tls_set_errorx(ctx, "not a client context");
goto err;
}
if (host == NULL) {
tls_set_errorx(ctx, "host not specified");
goto err;
}
/*
* If port is NULL try to extract a port from the specified host,
* otherwise use the default.
*/
if ((p = (char *)port) == NULL) {
ret = tls_host_port(host, &hs, &ps);
if (ret == -1) {
tls_set_errorx(ctx, "memory allocation failure");
goto err;
}
if (ret != 0) {
tls_set_errorx(ctx, "no port provided");
goto err;
}
}
h = (hs != NULL) ? hs : host;
p = (ps != NULL) ? ps : port;
/*
* First check if the host is specified as a numeric IP address,
* either IPv4 or IPv6, before trying to resolve the host.
* The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6
* records if it is not configured on an interface; not considering
* loopback addresses. Checking the numeric addresses first makes
* sure that connection attempts to numeric addresses and especially
* 127.0.0.1 or ::1 loopback addresses are always possible.
*/
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
/* try as an IPv4 literal */
hints.ai_family = AF_INET;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(h, p, &hints, &res0) != 0) {
/* try again as an IPv6 literal */
hints.ai_family = AF_INET6;
if (getaddrinfo(h, p, &hints, &res0) != 0) {
/* last try, with name resolution and save the error */
hints.ai_family = AF_UNSPEC;
hints.ai_flags = AI_ADDRCONFIG;
if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) {
tls_set_error(ctx, "%s", gai_strerror(s));
goto err;
}
}
}
/* It was resolved somehow; now try connecting to what we got */
s = -1;
for (res = res0; res; res = res->ai_next) {
s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s == -1) {
tls_set_error(ctx, "socket");
continue;
}
if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
tls_set_error(ctx, "connect");
close(s);
s = -1;
continue;
}
break; /* Connected. */
}
freeaddrinfo(res0);
if (s == -1)
goto err;
if (servername == NULL)
servername = h;
if (tls_connect_socket(ctx, s, servername) != 0) {
close(s);
goto err;
}
ctx->socket = s;
rv = 0;
err:
free(hs);
free(ps);
return (rv);
}
int
tls_connect_servername(struct tls *ctx, const char *host, const char *port,
const char *servername)
{
const char *h = NULL, *p = NULL;
char *hs = NULL, *ps = NULL;
int rv = -1, s = -1, ret;
if ((ctx->flags & TLS_CLIENT) == 0) {
tls_set_errorx(ctx, "not a client context");
goto err;
}
if (host == NULL) {
tls_set_errorx(ctx, "host not specified");
goto err;
}
/*
* If port is NULL try to extract a port from the specified host,
* otherwise use the default.
*/
if ((p = (char *)port) == NULL) {
ret = tls_host_port(host, &hs, &ps);
if (ret == -1) {
tls_set_errorx(ctx, "memory allocation failure");
goto err;
}
if (ret != 0) {
tls_set_errorx(ctx, "no port provided");
goto err;
}
}
h = (hs != NULL) ? hs : host;
p = (ps != NULL) ? ps : port;
/*
* First check if the host is specified as a numeric IP address,
* either IPv4 or IPv6, before trying to resolve the host.
* The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6
* records if it is not configured on an interface; not considering
* loopback addresses. Checking the numeric addresses first makes
* sure that connection attempts to numeric addresses and especially
* 127.0.0.1 or ::1 loopback addresses are always possible.
*/
if ((s = tls_connect_host(ctx, h, p, AF_INET, AI_NUMERICHOST)) == -1 &&
(s = tls_connect_host(ctx, h, p, AF_INET6, AI_NUMERICHOST)) == -1 &&
(s = tls_connect_host(ctx, h, p, AF_UNSPEC, AI_ADDRCONFIG)) == -1)
goto err;
if (servername == NULL)
servername = h;
if (tls_connect_socket(ctx, s, servername) != 0) {
close(s);
goto err;
}
ctx->socket = s;
rv = 0;
err:
free(hs);
free(ps);
return (rv);
}
