static gboolean openssl_con_new(liConnection *con, int fd) {
liEventLoop *loop = &con->wrk->loop;
liServer *srv = con->srv;
openssl_context *ctx = con->srv_sock->data;
openssl_connection_ctx *conctx = g_slice_new0(openssl_connection_ctx);
conctx->sock_stream = li_iostream_new(con->wrk, fd, tcp_io_cb, conctx);
conctx->ssl_filter = li_openssl_filter_new(srv, con->wrk, &filter_callbacks, conctx, ctx->ssl_ctx,
&conctx->sock_stream->stream_in, &conctx->sock_stream->stream_out);
if (NULL == conctx->ssl_filter) {
ERROR(srv, "SSL_new: %s", ERR_error_string(ERR_get_error(), NULL));
fd = li_iostream_reset(conctx->sock_stream);
close(fd);
g_slice_free(openssl_connection_ctx, conctx);
return FALSE;
}
conctx->con = con;
con->con_sock.data = conctx;
con->con_sock.callbacks = &openssl_tcp_cbs;
con->con_sock.raw_out = li_stream_plug_new(loop);
con->con_sock.raw_in = li_stream_plug_new(loop);
con->info.is_ssl = TRUE;
return TRUE;
}
static void proxy_connection_new(liVRequest *vr, liBackendConnection *bcon, proxy_context *ctx) {
proxy_connection* scon = g_slice_new0(proxy_connection);
liIOStream *iostream;
liStream *outplug;
liStream *http_out;
proxy_context_acquire(ctx);
scon->ctx = ctx;
scon->bcon = bcon;
iostream = li_iostream_new(vr->wrk, li_event_io_fd(&bcon->watcher), proxy_io_cb, scon);
/* insert proxy header before actual data */
outplug = li_stream_plug_new(&vr->wrk->loop);
li_stream_connect(outplug, &iostream->stream_out);
proxy_send_headers(vr, outplug->out);
li_stream_notify_later(outplug);
http_out = li_stream_http_response_handle(&iostream->stream_in, vr, TRUE, FALSE);
li_vrequest_handle_indirect(vr, NULL);
li_vrequest_indirect_connect(vr, outplug, http_out);
li_iostream_release(iostream);
li_stream_release(outplug);
li_stream_release(http_out);
}
static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
liEventLoop *loop = &con->wrk->loop;
liServer *srv = con->srv;
mod_context *ctx = con->srv_sock->data;
mod_connection_ctx *conctx;
gnutls_session_t session;
int r;
if (GNUTLS_E_SUCCESS > (r = gnutls_init(&session, GNUTLS_SERVER))) {
ERROR(srv, "gnutls_init (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
return FALSE;
}
mod_gnutls_context_acquire(ctx);
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_set(session, ctx->server_priority))) {
ERROR(srv, "gnutls_priority_set (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
if (GNUTLS_E_SUCCESS > (r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->server_cert))) {
ERROR(srv, "gnutls_credentials_set (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
if (NULL != ctx->session_db) {
gnutls_db_set_ptr(session, ctx->session_db);
gnutls_db_set_remove_function(session, session_db_remove_cb);
gnutls_db_set_retrieve_function(session, session_db_retrieve_cb);
gnutls_db_set_store_function(session, session_db_store_cb);
}
#ifdef HAVE_SESSION_TICKET
if (GNUTLS_E_SUCCESS > (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
ERROR(srv, "gnutls_session_ticket_enable_server (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
#endif
#ifdef GNUTLS_ALPN_MAND
{
static const gnutls_datum_t proto_http1 = { (unsigned char*) CONST_STR_LEN("http/1.1") };
gnutls_alpn_set_protocols(session, &proto_http1, 1, 0);
}
#endif
conctx = g_slice_new0(mod_connection_ctx);
conctx->session = session;
conctx->sock_stream = li_iostream_new(con->wrk, fd, tcp_io_cb, conctx);
conctx->client_hello_stream = li_ssl_client_hello_stream(&con->wrk->loop, gnutls_client_hello_cb, conctx);
#ifdef USE_SNI
li_job_init(&conctx->sni_job, sni_job_cb);
conctx->sni_jobref = li_job_ref(&con->wrk->loop.jobqueue, &conctx->sni_job);
#endif
li_stream_connect(&conctx->sock_stream->stream_in, conctx->client_hello_stream);
conctx->tls_filter = li_gnutls_filter_new(srv, con->wrk, &filter_callbacks, conctx, conctx->session,
conctx->client_hello_stream, &conctx->sock_stream->stream_out);
conctx->con = con;
conctx->ctx = ctx;
con->con_sock.data = conctx;
con->con_sock.callbacks = &gnutls_tcp_cbs;
con->con_sock.raw_out = li_stream_plug_new(loop);
con->con_sock.raw_in = li_stream_plug_new(loop);
con->info.is_ssl = TRUE;
return TRUE;
fail:
gnutls_deinit(session);
mod_gnutls_context_release(ctx);
return FALSE;
}
