int https_connect(struct url *url, struct url *proxy) { static struct tls_config *tls_config = NULL; int s; /* One time initialization */ if (tls_config == NULL) tls_config = https_init(); if ((ctx = tls_client()) == NULL) { warnx("failed to create tls client"); return -1; } if (tls_configure(ctx, tls_config) != 0) { warnx("%s: %s", __func__, tls_error(ctx)); return -1; } if (url->port[0] == '\0') (void)strlcpy(url->port, "443", sizeof(url->port)); if ((s = http_connect(url, proxy)) == -1) return -1; if (tls_connect_socket(ctx, s, url->host) != 0) { warnx("%s: %s", __func__, tls_error(ctx)); return -1; } return s; }
static const char *start_worker(struct Worker *w, int fd) { int err; w->socket = fd; if (w->is_server) { err = tls_accept_socket(w->base, &w->ctx, fd); } else { err = tls_connect_socket(w->ctx, fd, w->hostname); } if (err != 0) { return tls_error(w->ctx ? w->ctx : w->base); } return do_handshake(w, fd); }
static const char *do_handshake(struct Worker *w, int fd) { int err; const char *msg; if (w->is_server) { err = tls_accept_socket(w->base, &w->ctx, fd); } else { err = tls_connect_socket(w->ctx, fd, w->hostname); } if (err == TLS_READ_AGAIN) { return wait_for_event(w, EV_READ); } else if (err == TLS_WRITE_AGAIN) { return wait_for_event(w, EV_WRITE); } else if (err == 0) { w->wstate = CONNECTED; return done_handshake(w); } msg = tls_error(w->ctx ? w->ctx : w->base); return msg ? msg : "handshake failure"; }
int tls_connect_servername(struct tls *ctx, const char *host, const char *port, const char *servername) { struct addrinfo hints, *res, *res0; const char *h = NULL, *p = NULL; char *hs = NULL, *ps = NULL; int rv = -1, s = -1, ret; if ((ctx->flags & TLS_CLIENT) == 0) { tls_set_errorx(ctx, "not a client context"); goto err; } if (host == NULL) { tls_set_errorx(ctx, "host not specified"); goto err; } /* * If port is NULL try to extract a port from the specified host, * otherwise use the default. */ if ((p = (char *)port) == NULL) { ret = tls_host_port(host, &hs, &ps); if (ret == -1) { tls_set_errorx(ctx, "memory allocation failure"); goto err; } if (ret != 0) { tls_set_errorx(ctx, "no port provided"); goto err; } } h = (hs != NULL) ? hs : host; p = (ps != NULL) ? ps : port; /* * First check if the host is specified as a numeric IP address, * either IPv4 or IPv6, before trying to resolve the host. * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6 * records if it is not configured on an interface; not considering * loopback addresses. Checking the numeric addresses first makes * sure that connection attempts to numeric addresses and especially * 127.0.0.1 or ::1 loopback addresses are always possible. */ memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; /* try as an IPv4 literal */ hints.ai_family = AF_INET; hints.ai_flags = AI_NUMERICHOST; if (getaddrinfo(h, p, &hints, &res0) != 0) { /* try again as an IPv6 literal */ hints.ai_family = AF_INET6; if (getaddrinfo(h, p, &hints, &res0) != 0) { /* last try, with name resolution and save the error */ hints.ai_family = AF_UNSPEC; hints.ai_flags = AI_ADDRCONFIG; if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) { tls_set_error(ctx, "%s", gai_strerror(s)); goto err; } } } /* It was resolved somehow; now try connecting to what we got */ s = -1; for (res = res0; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s == -1) { tls_set_error(ctx, "socket"); continue; } if (connect(s, res->ai_addr, res->ai_addrlen) == -1) { tls_set_error(ctx, "connect"); close(s); s = -1; continue; } break; /* Connected. */ } freeaddrinfo(res0); if (s == -1) goto err; if (servername == NULL) servername = h; if (tls_connect_socket(ctx, s, servername) != 0) { close(s); goto err; } ctx->socket = s; rv = 0; err: free(hs); free(ps); return (rv); }
int tls_connect_servername(struct tls *ctx, const char *host, const char *port, const char *servername) { const char *h = NULL, *p = NULL; char *hs = NULL, *ps = NULL; int rv = -1, s = -1, ret; if ((ctx->flags & TLS_CLIENT) == 0) { tls_set_errorx(ctx, "not a client context"); goto err; } if (host == NULL) { tls_set_errorx(ctx, "host not specified"); goto err; } /* * If port is NULL try to extract a port from the specified host, * otherwise use the default. */ if ((p = (char *)port) == NULL) { ret = tls_host_port(host, &hs, &ps); if (ret == -1) { tls_set_errorx(ctx, "memory allocation failure"); goto err; } if (ret != 0) { tls_set_errorx(ctx, "no port provided"); goto err; } } h = (hs != NULL) ? hs : host; p = (ps != NULL) ? ps : port; /* * First check if the host is specified as a numeric IP address, * either IPv4 or IPv6, before trying to resolve the host. * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6 * records if it is not configured on an interface; not considering * loopback addresses. Checking the numeric addresses first makes * sure that connection attempts to numeric addresses and especially * 127.0.0.1 or ::1 loopback addresses are always possible. */ if ((s = tls_connect_host(ctx, h, p, AF_INET, AI_NUMERICHOST)) == -1 && (s = tls_connect_host(ctx, h, p, AF_INET6, AI_NUMERICHOST)) == -1 && (s = tls_connect_host(ctx, h, p, AF_UNSPEC, AI_ADDRCONFIG)) == -1) goto err; if (servername == NULL) servername = h; if (tls_connect_socket(ctx, s, servername) != 0) { close(s); goto err; } ctx->socket = s; rv = 0; err: free(hs); free(ps); return (rv); }