Kannel: Open Source WAP and SMS gateway  $Revision: 5037 $
conn.c
Go to the documentation of this file.
1 /* ====================================================================
2  * The Kannel Software License, Version 1.0
3  *
4  * Copyright (c) 2001-2018 Kannel Group
5  * Copyright (c) 1998-2001 WapIT Ltd.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. The end-user documentation included with the redistribution,
21  * if any, must include the following acknowledgment:
22  * "This product includes software developed by the
23  * Kannel Group (http://www.kannel.org/)."
24  * Alternately, this acknowledgment may appear in the software itself,
25  * if and wherever such third-party acknowledgments normally appear.
26  *
27  * 4. The names "Kannel" and "Kannel Group" must not be used to
28  * endorse or promote products derived from this software without
29  * prior written permission. For written permission, please
30  * contact org@kannel.org.
31  *
32  * 5. Products derived from this software may not be called "Kannel",
33  * nor may "Kannel" appear in their name, without prior written
34  * permission of the Kannel Group.
35  *
36  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
37  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
38  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
39  * DISCLAIMED. IN NO EVENT SHALL THE KANNEL GROUP OR ITS CONTRIBUTORS
40  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
41  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
42  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
43  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
44  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
45  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
46  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47  * ====================================================================
48  *
49  * This software consists of voluntary contributions made by many
50  * individuals on behalf of the Kannel Group. For more information on
51  * the Kannel Group, please see <http://www.kannel.org/>.
52  *
53  * Portions of this software are based upon software originally written at
54  * WapIT Ltd., Helsinki, Finland for the Kannel project.
55  */
56 
57 /* conn.c - implement Connection type
58  *
59  * This file implements the interface defined in conn.h.
60  *
61  * Richard Braakman
62  *
63  * SSL client implementation contributed by
64  * Jarkko Kovala <jarkko.kovala@iki.fi>
65  *
66  * SSL server implementation contributed by
67  * Stipe Tolj <stolj at kannel.org>
68  */
69 
70 /* TODO: unlocked_close() on error */
71 /* TODO: have I/O functions check if connection is open */
72 /* TODO: have conn_open_tcp do a non-blocking connect() */
73 
74 #include <signal.h>
75 #include <unistd.h>
76 #include <errno.h>
77 
78 #include <sys/types.h>
79 #include <sys/socket.h>
80 #include <string.h>
81 
82 #include "gwlib/gwlib.h"
83 
84 #ifdef HAVE_LIBSSL
85 #include <openssl/ssl.h>
86 #include <openssl/err.h>
87 #include <openssl/conf.h>
88 #include <openssl/engine.h>
89 
90 static SSL_CTX *global_ssl_context = NULL;
91 static SSL_CTX *global_server_ssl_context = NULL;
92 #endif /* HAVE_LIBSSL */
93 
94 typedef unsigned long (*CRYPTO_CALLBACK_PTR)(void);
95 
96 /*
97  * This used to be 4096. It is now 0 so that callers don't have to
98  * deal with the complexities of buffering (i.e. deciding when to
99  * flush) unless they want to.
100  * FIXME: Figure out how to combine buffering sensibly with use of
101  * conn_register.
102  */
103 #define DEFAULT_OUTPUT_BUFFERING 0
104 #define SSL_CONN_TIMEOUT 30
105 
107 {
108  /* We use separate locks for input and ouput fields, so that
109  * read and write activities don't have to get in each other's
110  * way. If you need both, then acquire the outlock first. */
113  volatile sig_atomic_t claimed;
114 #ifndef NO_GWASSERT
116 #endif
117 
118  /* fd value is read-only and is not locked */
119  int fd;
120 
121  /* socket state */
122  enum {yes,no} connected;
123 
124  /* Protected by outlock */
126  long outbufpos; /* start of unwritten data in outbuf */
127 
128  /* Try to buffer writes until there are this many octets to send.
129  * Set it to 0 to get an unbuffered connection. */
130  unsigned int output_buffering;
131 
132  /* Protected by inlock */
134  long inbufpos; /* start of unread data in inbuf */
135 
136  int read_eof; /* we encountered eof on read */
137  int io_error; /* we encountered error on IO operation */
138 
139  /* Protected by both locks when updating, so you need only one
140  * of the locks when reading. */
145  /* Protected by inlock */
147  /* Protected by outlock */
149 
150 #ifdef HAVE_LIBSSL
151  SSL *ssl;
152  X509 *peer_certificate;
153 #endif /* HAVE_LIBSSL */
154 };
155 
156 static void unlocked_register_pollin(Connection *conn, int onoff);
157 static void unlocked_register_pollout(Connection *conn, int onoff);
158 
159 /* There are a number of functions that play with POLLIN and POLLOUT flags.
160  * The general rule is that we always want to poll for POLLIN except when
161  * we have detected eof (which may be reported as eternal POLLIN), and
162  * we want to poll for POLLOUT only if there's data waiting in the
163  * output buffer. If output buffering is set, we may not want to poll for
164  * POLLOUT if there's not enough data waiting, which is why we have
165  * unlocked_try_write. */
166 
167 /* Macros to get more information for debugging purposes */
168 #define unlock_in(conn) unlock_in_real(conn, __FILE__, __LINE__, __func__)
169 #define unlock_out(conn) unlock_out_real(conn, __FILE__, __LINE__, __func__)
170 
171 /* Lock a Connection's read direction, if the Connection is unclaimed */
172 static void inline lock_in(Connection *conn)
173 {
174  gw_assert(conn != NULL);
175 
176  if (conn->claimed)
178  else
179  mutex_lock(conn->inlock);
180 }
181 
182 /* Unlock a Connection's read direction, if the Connection is unclaimed */
183 static void inline unlock_in_real(Connection *conn, char *file, int line, const char *func)
184 {
185  int ret;
186  gw_assert(conn != NULL);
187 
188  if (!conn->claimed && (ret = mutex_unlock(conn->inlock)) != 0) {
189  panic(0, "%s:%ld: %s: Mutex unlock failed. "
190  "(Called from %s:%ld:%s.)",
191  __FILE__, (long) __LINE__, __func__,
192  file, (long) line, func);
193  }
194 }
195 
196 /* Lock a Connection's write direction, if the Connection is unclaimed */
197 static void inline lock_out(Connection *conn)
198 {
199  gw_assert(conn != NULL);
200 
201  if (conn->claimed)
203  else
204  mutex_lock(conn->outlock);
205 }
206 
207 /* Unlock a Connection's write direction, if the Connection is unclaimed */
208 static void inline unlock_out_real(Connection *conn, char *file, int line, const char *func)
209 {
210  int ret;
211  gw_assert(conn != NULL);
212 
213  if (!conn->claimed && (ret = mutex_unlock(conn->outlock)) != 0) {
214  panic(0, "%s:%ld: %s: Mutex unlock failed. "
215  "(Called from %s:%ld:%s.)",
216  __FILE__, (long) __LINE__, __func__,
217  file, (long) line, func);
218  }
219 }
220 
221 /* Return the number of bytes in the Connection's output buffer */
222 static long inline unlocked_outbuf_len(Connection *conn)
223 {
224  return octstr_len(conn->outbuf) - conn->outbufpos;
225 }
226 
227 /* Return the number of bytes in the Connection's input buffer */
228 static long inline unlocked_inbuf_len(Connection *conn)
229 {
230  return octstr_len(conn->inbuf) - conn->inbufpos;
231 }
232 
233 /* Send as much data as can be sent without blocking. Return the number
234  * of bytes written, or -1 in case of error. */
235 static long unlocked_write(Connection *conn)
236 {
237  long ret = 0;
238 
239 #ifdef HAVE_LIBSSL
240  if (conn->ssl != NULL) {
241  if (octstr_len(conn->outbuf) - conn->outbufpos > 0)
242  ret = SSL_write(conn->ssl,
243  octstr_get_cstr(conn->outbuf) + conn->outbufpos,
244  octstr_len(conn->outbuf) - conn->outbufpos);
245 
246  if (ret < 0) {
247  int SSL_error = SSL_get_error(conn->ssl, ret);
248 
249  if (SSL_error == SSL_ERROR_WANT_READ || SSL_error == SSL_ERROR_WANT_WRITE) {
250  ret = 0; /* no error */
251  } else {
252  error(errno, "SSL write failed: OpenSSL error %d: %s",
253  SSL_error, ERR_error_string(SSL_error, NULL));
254  if (SSL_error == SSL_ERROR_SSL) { /* trace library errors */
255  long err;
256  while ((err = ERR_get_error()) != 0)
257  error(0, "SSL %s", ERR_error_string(err, NULL));
258  }
259  return -1;
260  }
261  }
262  } else
263 #endif /* HAVE_LIBSSL */
264  ret = octstr_write_data(conn->outbuf, conn->fd, conn->outbufpos);
265 
266  if (ret < 0) {
267  conn->io_error = 1;
268  return -1;
269  }
270 
271  conn->outbufpos += ret;
272 
273  /* Heuristic: Discard the already-written data if it's more than
274  * half of the total. This should keep the buffer size small
275  * without wasting too many cycles on moving data around. */
276  if (conn->outbufpos > octstr_len(conn->outbuf) / 2) {
277  octstr_delete(conn->outbuf, 0, conn->outbufpos);
278  conn->outbufpos = 0;
279  }
280 
281  if (conn->registered)
283 
284  return ret;
285 }
286 
287 /* Try to empty the output buffer without blocking. Return 0 for success,
288  * 1 if there is still data left in the buffer, and -1 for errors. */
290 {
291  long len;
292 
293  len = unlocked_outbuf_len(conn);
294  if (len == 0)
295  return 0;
296 
297  if (len < (long) conn->output_buffering)
298  return 1;
299 
300  if (unlocked_write(conn) < 0)
301  return -1;
302 
303  if (unlocked_outbuf_len(conn) > 0)
304  return 1;
305 
306  return 0;
307 }
308 
309 /* Read whatever data is currently available, up to an internal maximum. */
310 static void unlocked_read(Connection *conn)
311 {
312  unsigned char buf[4096];
313  long len;
314 
315  if (conn->inbufpos > 0) {
316  octstr_delete(conn->inbuf, 0, conn->inbufpos);
317  conn->inbufpos = 0;
318  }
319 
320 #ifdef HAVE_LIBSSL
321  if (conn->ssl != NULL) {
322  len = SSL_read(conn->ssl, buf, sizeof(buf));
323  } else
324 #endif /* HAVE_LIBSSL */
325  len = read(conn->fd, buf, sizeof(buf));
326 
327  if (len < 0) {
328  if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
329  return;
330 #ifdef HAVE_LIBSSL
331  if (conn->ssl) {
332  int SSL_error = SSL_get_error(conn->ssl, len);
333  if (SSL_error == SSL_ERROR_WANT_WRITE || SSL_error == SSL_ERROR_WANT_READ)
334  return; /* no error */
335  error(errno, "SSL read failed: OpenSSL error %d: %s",
336  SSL_error, ERR_error_string(SSL_error, NULL));
337  }
338  else
339 #endif /* HAVE_LIBSSL */
340  error(errno, "Error reading from fd %d:", conn->fd);
341  conn->io_error = 1;
342  if (conn->registered)
343  unlocked_register_pollin(conn, 0);
344  return;
345  } else if (len == 0) {
346  conn->read_eof = 1;
347  if (conn->registered)
348  unlocked_register_pollin(conn, 0);
349  } else {
350  octstr_append_data(conn->inbuf, buf, len);
351  }
352 }
353 
354 /* Cut "length" octets from the input buffer and return them as an Octstr */
355 static Octstr *unlocked_get(Connection *conn, long length)
356 {
357  Octstr *result = NULL;
358 
359  gw_assert(unlocked_inbuf_len(conn) >= length);
360  result = octstr_copy(conn->inbuf, conn->inbufpos, length);
361  conn->inbufpos += length;
362 
363  return result;
364 }
365 
366 /* Tell the fdset whether we are interested in POLLIN events, but only
367  * if the status changed. (Calling fdset_listen can be expensive if
368  * it requires synchronization with the polling thread.)
369  * We must already have the inlock.
370  */
371 static void unlocked_register_pollin(Connection *conn, int onoff)
372 {
373  gw_assert(conn->registered);
374 
375  if (onoff == 1 && !conn->listening_pollin) {
376  /* Turn it on */
377  conn->listening_pollin = 1;
378  fdset_listen(conn->registered, conn->fd, POLLIN, POLLIN);
379  } else if (onoff == 0 && conn->listening_pollin) {
380  /* Turn it off */
381  conn->listening_pollin = 0;
382  fdset_listen(conn->registered, conn->fd, POLLIN, 0);
383  }
384 }
385 
386 /* Tell the fdset whether we are interested in POLLOUT events, but only
387  * if the status changed. (Calling fdset_listen can be expensive if
388  * it requires synchronization with the polling thread.)
389  * We must already have the outlock.
390  */
391 static void unlocked_register_pollout(Connection *conn, int onoff)
392 {
393  gw_assert(conn->registered);
394 
395  if (onoff == 1 && !conn->listening_pollout) {
396  /* Turn it on */
397  conn->listening_pollout = 1;
398  fdset_listen(conn->registered, conn->fd, POLLOUT, POLLOUT);
399  } else if (onoff == 0 && conn->listening_pollout) {
400  /* Turn it off */
401  conn->listening_pollout = 0;
402  fdset_listen(conn->registered, conn->fd, POLLOUT, 0);
403  }
404 }
405 
406 #ifdef HAVE_LIBSSL
407 static int conn_init_client_ssl(Connection *ret, Octstr *certkeyfile)
408 {
409  ret->ssl = SSL_new(global_ssl_context);
410 
411  /*
412  * The current thread's error queue must be empty before
413  * the TLS/SSL I/O operation is attempted, or SSL_get_error()
414  * will not work reliably.
415  */
416  ERR_clear_error();
417 
418  if (certkeyfile != NULL) {
419  SSL_use_certificate_file(ret->ssl, octstr_get_cstr(certkeyfile),
420  SSL_FILETYPE_PEM);
421  SSL_use_PrivateKey_file(ret->ssl, octstr_get_cstr(certkeyfile),
422  SSL_FILETYPE_PEM);
423  if (SSL_check_private_key(ret->ssl) != 1) {
424  error(0, "conn_open_ssl: private key isn't consistent with the "
425  "certificate from file %s (or failed reading the file)",
426  octstr_get_cstr(certkeyfile));
427  return -1;
428  }
429  }
430 
431  /* SSL_set_fd can fail, so check it */
432  if (SSL_set_fd(ret->ssl, ret->fd) == 0) {
433  /* SSL_set_fd failed, log error */
434  error(errno, "SSL: OpenSSL: %.256s", ERR_error_string(ERR_get_error(), NULL));
435  return -1;
436  }
437 
438  /*
439  * make sure the socket is non-blocking while we do SSL_connect
440  */
441  if (socket_set_blocking(ret->fd, 0) < 0) {
442  return -1;
443  }
444  BIO_set_nbio(SSL_get_rbio(ret->ssl), 1);
445  BIO_set_nbio(SSL_get_wbio(ret->ssl), 1);
446 
447  SSL_set_connect_state(ret->ssl);
448 
449  return 0;
450 }
451 
452 Connection *conn_open_ssl_nb(Octstr *host, int port, Octstr *certkeyfile,
453  Octstr *our_host)
454 {
455  Connection *ret;
456 
457  /* open the TCP connection */
458  if (!(ret = conn_open_tcp_nb(host, port, our_host))) {
459  return NULL;
460  }
461 
462  if (conn_init_client_ssl(ret, certkeyfile) == -1) {
463  conn_destroy(ret);
464  return NULL;
465  }
466 
467  return ret;
468 }
469 
470 Connection *conn_open_ssl(Octstr *host, int port, Octstr *certkeyfile,
471  Octstr *our_host)
472 {
473  Connection *ret;
474 
475  /* open the TCP connection */
476  if (!(ret = conn_open_tcp(host, port, our_host))) {
477  return NULL;
478  }
479 
480  if (conn_init_client_ssl(ret, certkeyfile) == -1) {
481  conn_destroy(ret);
482  return NULL;
483  }
484 
485  return ret;
486 }
487 
488 #endif /* HAVE_LIBSSL */
489 
490 Connection *conn_open_tcp(Octstr *host, int port, Octstr *our_host)
491 {
492  return conn_open_tcp_with_port(host, port, 0, our_host);
493 }
494 
496 {
497  return conn_open_tcp_nb_with_port(host, port, 0, our_host);
498 }
499 
501  Octstr *our_host)
502 {
503  int sockfd;
504  int done = -1;
505  Connection *c;
506 
508  our_port, our_host == NULL ?
509  NULL : octstr_get_cstr(our_host), &done);
510  if (sockfd < 0)
511  return NULL;
512  c = conn_wrap_fd(sockfd, 0);
513  if (done != 0) {
514  c->connected = no;
515  }
516  return c;
517 }
518 
520 {
521  return conn->connected == yes ? 0 : -1;
522 }
523 
525 {
526  int err;
527  socklen_t len;
528 
529  len = sizeof(err);
530  if (getsockopt(conn->fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) {
531  return -1;
532  }
533 
534  if (err) {
535  return -1;
536  }
537 
538  conn->connected = yes;
539  return 0;
540 }
541 
543  Octstr *our_host)
544 {
545  int sockfd;
546 
548  our_port, our_host == NULL ?
549  NULL : octstr_get_cstr(our_host));
550  if (sockfd < 0)
551  return NULL;
552  return conn_wrap_fd(sockfd, 0);
553 }
554 
555 
556 /*
557  * XXX bad assumption here that conn_wrap_fd for SSL can only happens
558  * for the server side!!!! FIXME !!!!
559  */
561 {
562  Connection *conn;
563 
564  if (socket_set_blocking(fd, 0) < 0)
565  return NULL;
566 
567  conn = gw_malloc(sizeof(*conn));
568  conn->inlock = mutex_create();
569  conn->outlock = mutex_create();
570  conn->claimed = 0;
571 
572  conn->outbuf = octstr_create("");
573  conn->outbufpos = 0;
574  conn->inbuf = octstr_create("");
575  conn->inbufpos = 0;
576 
577  conn->fd = fd;
578  conn->connected = yes;
579  conn->read_eof = 0;
580  conn->io_error = 0;
582 
583  conn->registered = NULL;
584  conn->callback = NULL;
585  conn->callback_data = NULL;
586  conn->callback_data_destroyer = NULL;
587  conn->listening_pollin = 0;
588  conn->listening_pollout = 0;
589 #ifdef HAVE_LIBSSL
590  /*
591  * do all the SSL magic for this connection
592  */
593  if (ssl) {
594  conn->ssl = SSL_new(global_server_ssl_context);
595  conn->peer_certificate = NULL;
596 
597  /* SSL_set_fd can fail, so check it */
598  if (SSL_set_fd(conn->ssl, conn->fd) == 0) {
599  /* SSL_set_fd failed, log error and return NULL */
600  error(errno, "SSL: OpenSSL: %.256s", ERR_error_string(ERR_get_error(), NULL));
601  conn_destroy(conn);
602  return NULL;
603  }
604  /* SSL_set_verify(conn->ssl, 0, NULL); */
605 
606  /* set read/write BIO layer to non-blocking mode */
607  BIO_set_nbio(SSL_get_rbio(conn->ssl), 1);
608  BIO_set_nbio(SSL_get_wbio(conn->ssl), 1);
609 
610  /* set accept state , SSL-Handshake will be handled transparent while SSL_[read|write] */
611  SSL_set_accept_state(conn->ssl);
612  } else {
613  conn->ssl = NULL;
614  conn->peer_certificate = NULL;
615  }
616 #endif /* HAVE_LIBSSL */
617 
618  return conn;
619 }
620 
622 {
623  int ret;
624 
625  if (conn == NULL)
626  return;
627 
628  /* No locking done here. conn_destroy should not be called
629  * if any thread might still be interested in the connection. */
630 
631  if (conn->registered) {
632  fdset_unregister(conn->registered, conn->fd);
633  /* call data destroyer if any */
634  if (conn->callback_data != NULL && conn->callback_data_destroyer != NULL)
636  }
637 
638  if (conn->fd >= 0) {
639  /* Try to flush any remaining data */
640  unlocked_try_write(conn);
641 
642 #ifdef HAVE_LIBSSL
643  if (conn->ssl != NULL) {
644  SSL_smart_shutdown(conn->ssl);
645  SSL_free(conn->ssl);
646  if (conn->peer_certificate != NULL)
647  X509_free(conn->peer_certificate);
648  }
649 #endif /* HAVE_LIBSSL */
650 
651  ret = close(conn->fd);
652  if (ret < 0)
653  error(errno, "conn_destroy: error on close");
654  conn->fd = -1;
655  }
656 
657  octstr_destroy(conn->outbuf);
658  octstr_destroy(conn->inbuf);
659  mutex_destroy(conn->inlock);
660  mutex_destroy(conn->outlock);
661 
662  gw_free(conn);
663 }
664 
666 {
667  gw_assert(conn != NULL);
668 
669  if (conn->claimed)
670  panic(0, "Connection is being claimed twice!");
671  conn->claimed = 1;
672 #ifndef NO_GWASSERT
673  conn->claiming_thread = gwthread_self();
674 #endif
675 }
676 
678 {
679  long len;
680 
681  lock_out(conn);
682  len = unlocked_outbuf_len(conn);
683  unlock_out(conn);
684 
685  return len;
686 }
687 
689 {
690  long len;
691 
692  lock_in(conn);
693  len = unlocked_inbuf_len(conn);
694  unlock_in(conn);
695 
696  return len;
697 }
698 
700 {
701  int eof;
702 
703  lock_in(conn);
704  eof = conn->read_eof;
705  unlock_in(conn);
706 
707  return eof;
708 }
709 
711 {
712  int err;
713 
714  lock_out(conn);
715  lock_in(conn);
716  err = conn->io_error;
717  unlock_in(conn);
718  unlock_out(conn);
719 
720  return err;
721 }
722 
723 void conn_set_output_buffering(Connection *conn, unsigned int size)
724 {
725  lock_out(conn);
726  conn->output_buffering = size;
727  /* If the buffer size is smaller, we may have to write immediately. */
728  unlocked_try_write(conn);
729  unlock_out(conn);
730 }
731 
732 static void poll_callback(int fd, int revents, void *data)
733 {
734  Connection *conn;
735  int do_callback = 0;
736 
737  conn = data;
738 
739  if (conn == NULL) {
740  error(0, "poll_callback called with NULL connection.");
741  return;
742  }
743 
744  if (conn->fd != fd) {
745  error(0, "poll_callback called on wrong connection.");
746  return;
747  }
748 
749  /* Get result of nonblocking connect, before any reads and writes
750  * we must check result (it must be handled in initial callback) */
751  if (conn->connected == no) {
752  if (conn->callback)
753  conn->callback(conn, conn->callback_data);
754  return;
755  }
756 
757  /* If got POLLERR or POLHUP, then unregister the descriptor from the
758  * fdset and set the error condition variable to let the upper layer
759  * close and destroy the connection. */
760  if (revents & (POLLERR|POLLHUP)) {
761  lock_out(conn);
762  lock_in(conn);
763  if (conn->listening_pollin)
764  unlocked_register_pollin(conn, 0);
765  if (conn->listening_pollout)
766  unlocked_register_pollout(conn, 0);
767  conn->io_error = 1;
768  unlock_in(conn);
769  unlock_out(conn);
770  do_callback = 1;
771  }
772 
773  /* If unlocked_write manages to write all pending data, it will
774  * tell the fdset to stop listening for POLLOUT. */
775  if (revents & POLLOUT) {
776  lock_out(conn);
777  unlocked_write(conn);
778  if (unlocked_outbuf_len(conn) == 0)
779  do_callback = 1;
780  unlock_out(conn);
781  }
782 
783  /* We read only in unlocked_read in we received POLLIN, cause the
784  * descriptor is already broken and of no use anymore. */
785  if (revents & POLLIN) {
786  lock_in(conn);
787  unlocked_read(conn);
788  unlock_in(conn);
789  do_callback = 1;
790  }
791 
792  if (do_callback && conn->callback)
793  conn->callback(conn, conn->callback_data);
794 }
795 
797  conn_callback_t callback, void *data, conn_callback_data_destroyer_t *data_destroyer)
798 {
799  int events;
800  int result = 0;
801 
802  gw_assert(conn != NULL);
803 
804  if (conn->fd < 0)
805  return -1;
806 
807  /* We need both locks if we want to update the registration
808  * information. */
809  lock_out(conn);
810  lock_in(conn);
811 
812  if (conn->registered == fdset) {
813  /* Re-registering. Change only the callback info. */
814  conn->callback = callback;
815  /* call data destroyer if new data supplied */
816  if (conn->callback_data != NULL && conn->callback_data != data && conn->callback_data_destroyer != NULL)
818  conn->callback_data = data;
819  conn->callback_data_destroyer = data_destroyer;
820  result = 0;
821  } else if (conn->registered) {
822  /* Already registered to a different fdset. */
823  result = -1;
824  } else {
825  events = 0;
826  /* For nonconnected socket we must lesten both directions */
827  if (conn->connected == yes) {
828  if (conn->read_eof == 0 && conn->io_error == 0)
829  events |= POLLIN;
830  if (unlocked_outbuf_len(conn) > 0)
831  events |= POLLOUT;
832  } else {
833  events |= POLLIN | POLLOUT;
834  }
835 
836  conn->registered = fdset;
837  conn->callback = callback;
838  conn->callback_data = data;
839  conn->callback_data_destroyer = data_destroyer;
840  conn->listening_pollin = (events & POLLIN) != 0;
841  conn->listening_pollout = (events & POLLOUT) != 0;
842  fdset_register(fdset, conn->fd, events, poll_callback, conn);
843  result = 0;
844  }
845 
846  unlock_in(conn);
847  unlock_out(conn);
848 
849  return result;
850 }
851 
853 {
854  FDSet *set = NULL;
855  int fd = -1;
856  void *data = NULL;
857  conn_callback_data_destroyer_t *destroyer = NULL;
858 
859  gw_assert(conn != NULL);
860 
861  if (conn == NULL || conn->fd < 0)
862  return;
863 
864  /* We need both locks to update the registration information */
865  lock_out(conn);
866  lock_in(conn);
867 
868  if (conn->registered) {
869  set = conn->registered;
870  fd = conn->fd;
871  conn->registered = NULL;
872  conn->callback = NULL;
873  /*
874  * remember and don't destroy data and data_destroyer because we
875  * may be in callback right now. So destroy only after fdset_unregister
876  * call which guarantee us we are not in callback anymore.
877  */
878  data = conn->callback_data;
879  conn->callback_data = NULL;
880  destroyer = conn->callback_data_destroyer;
881  conn->callback_data_destroyer = NULL;
882  conn->listening_pollin = 0;
883  conn->listening_pollout = 0;
884  }
885 
886  unlock_in(conn);
887  unlock_out(conn);
888 
889  /* now unregister from FDSet */
890  if (set != NULL)
891  fdset_unregister(set, fd);
892 
893  /* ok we are not in callback anymore, destroy data if any */
894  if (data != NULL && destroyer != NULL)
895  destroyer(data);
896 }
897 
898 int conn_wait(Connection *conn, double seconds)
899 {
900  int events;
901  int ret;
902  int fd;
903 
904  lock_out(conn);
905 
906  /* Try to write any data that might still be waiting to be sent */
907  ret = unlocked_write(conn);
908  if (ret < 0) {
909  unlock_out(conn);
910  return -1;
911  }
912  if (ret > 0) {
913  /* We did something useful. No need to poll or wait now. */
914  unlock_out(conn);
915  return 0;
916  }
917 
918  fd = conn->fd;
919 
920  /* Normally, we block until there is more data available. But
921  * if any data still needs to be sent, we block until we can
922  * send it (or there is more data available). We always block
923  * for reading, unless we know there is no more data coming.
924  * (Because in that case, poll will keep reporting POLLIN to
925  * signal the end of the file). If the caller explicitly wants
926  * to wait even though there is no data to write and we're at
927  * end of file, then poll for new data anyway because the caller
928  * apparently doesn't trust eof. */
929  events = 0;
930  if (unlocked_outbuf_len(conn) > 0)
931  events |= POLLOUT;
932  /* Don't keep the connection locked while we wait */
933  unlock_out(conn);
934 
935  /* We need the in lock to query read_eof */
936  lock_in(conn);
937  if ((conn->read_eof == 0 && conn->io_error == 0) || events == 0)
938  events |= POLLIN;
939  unlock_in(conn);
940 
941  ret = gwthread_pollfd(fd, events, seconds);
942  if (ret < 0) {
943  if (errno == EINTR)
944  return 0;
945  error(0, "conn_wait: poll failed on fd %d:", fd);
946  return -1;
947  }
948 
949  if (ret == 0)
950  return 1;
951 
952  if (ret & POLLNVAL) {
953  error(0, "conn_wait: fd %d not open.", fd);
954  return -1;
955  }
956 
957  if (ret & (POLLERR | POLLHUP)) {
958  /* Call unlocked_read to report the specific error,
959  * and handle the results of the error. We can't be
960  * certain that the error still exists, because we
961  * released the lock for a while. */
962  lock_in(conn);
963  unlocked_read(conn);
964  unlock_in(conn);
965  return -1;
966  }
967 
968  /* If POLLOUT is on, then we must have wanted
969  * to write something. */
970  if (ret & POLLOUT) {
971  lock_out(conn);
972  unlocked_write(conn);
973  unlock_out(conn);
974  }
975 
976  /* Since we normally select for reading, we must
977  * try to read here. Otherwise, if the caller loops
978  * around conn_wait without making conn_read* calls
979  * in between, we will keep polling this same data. */
980  if (ret & POLLIN) {
981  lock_in(conn);
982  unlocked_read(conn);
983  unlock_in(conn);
984  }
985 
986  return 0;
987 }
988 
990 {
991  int ret;
992  int revents;
993  int fd;
994 
995  lock_out(conn);
996  ret = unlocked_write(conn);
997  if (ret < 0) {
998  unlock_out(conn);
999  return -1;
1000  }
1001 
1002  while (unlocked_outbuf_len(conn) != 0) {
1003  fd = conn->fd;
1004 
1005  unlock_out(conn);
1006  revents = gwthread_pollfd(fd, POLLOUT, -1.0);
1007 
1008  /* Note: Make sure we have the "out" lock when
1009  * going through the loop again, because the
1010  * loop condition needs it. */
1011 
1012  if (revents < 0) {
1013  if (errno == EINTR)
1014  return 1;
1015  error(0, "conn_flush: poll failed on fd %d:", fd);
1016  return -1;
1017  }
1018 
1019  if (revents == 0) {
1020  /* We were woken up */
1021  return 1;
1022  }
1023 
1024  if (revents & POLLNVAL) {
1025  error(0, "conn_flush: fd %d not open.", fd);
1026  return -1;
1027  }
1028 
1029  lock_out(conn);
1030 
1031  if (revents & (POLLOUT | POLLERR | POLLHUP)) {
1032  ret = unlocked_write(conn);
1033  if (ret < 0) {
1034  unlock_out(conn);
1035  return -1;
1036  }
1037  }
1038  }
1039 
1040  unlock_out(conn);
1041 
1042  return 0;
1043 }
1044 
1045 int conn_write(Connection *conn, Octstr *data)
1046 {
1047  int ret;
1048 
1049  lock_out(conn);
1050  octstr_append(conn->outbuf, data);
1051  ret = unlocked_try_write(conn);
1052  unlock_out(conn);
1053 
1054  return ret;
1055 }
1056 
1057 int conn_write_data(Connection *conn, unsigned char *data, long length)
1058 {
1059  int ret;
1060 
1061  lock_out(conn);
1062  octstr_append_data(conn->outbuf, data, length);
1063  ret = unlocked_try_write(conn);
1064  unlock_out(conn);
1065 
1066  return ret;
1067 }
1068 
1070 {
1071  int ret;
1072  unsigned char lengthbuf[4];
1073 
1074  encode_network_long(lengthbuf, octstr_len(data));
1075  lock_out(conn);
1076  octstr_append_data(conn->outbuf, lengthbuf, 4);
1077  octstr_append(conn->outbuf, data);
1078  ret = unlocked_try_write(conn);
1079  unlock_out(conn);
1080 
1081  return ret;
1082 }
1083 
1085 {
1086  Octstr *result = NULL;
1087 
1088  lock_in(conn);
1089  if (unlocked_inbuf_len(conn) == 0) {
1090  unlocked_read(conn);
1091  if (unlocked_inbuf_len(conn) == 0) {
1092  unlock_in(conn);
1093  return NULL;
1094  }
1095  }
1096 
1097  result = unlocked_get(conn, unlocked_inbuf_len(conn));
1098  gw_claim_area(result);
1099  unlock_in(conn);
1100 
1101  return result;
1102 }
1103 
1104 Octstr *conn_read_fixed(Connection *conn, long length)
1105 {
1106  Octstr *result = NULL;
1107 
1108  if (length < 1)
1109  return NULL;
1110 
1111  /* See if the data is already available. If not, try a read(),
1112  * then see if we have enough data after that. If not, give up. */
1113  lock_in(conn);
1114  if (unlocked_inbuf_len(conn) < length) {
1115  unlocked_read(conn);
1116  if (unlocked_inbuf_len(conn) < length) {
1117  unlock_in(conn);
1118  return NULL;
1119  }
1120  }
1121  result = unlocked_get(conn, length);
1122  gw_claim_area(result);
1123  unlock_in(conn);
1124 
1125  return result;
1126 }
1127 
1129 {
1130  Octstr *result = NULL;
1131  long pos;
1132 
1133  lock_in(conn);
1134  /* 10 is the code for linefeed. We don't rely on \n because that
1135  * might be a different value on some (strange) systems, and
1136  * we are reading from a network connection. */
1137  pos = octstr_search_char(conn->inbuf, 10, conn->inbufpos);
1138  if (pos < 0) {
1139  unlocked_read(conn);
1140  pos = octstr_search_char(conn->inbuf, 10, conn->inbufpos);
1141  if (pos < 0) {
1142  unlock_in(conn);
1143  return NULL;
1144  }
1145  }
1146 
1147  result = unlocked_get(conn, pos - conn->inbufpos);
1148  gw_claim_area(result);
1149 
1150  /* Skip the LF, which we left in the buffer */
1151  conn->inbufpos++;
1152 
1153  /* If the line was terminated with CR LF, we have to remove
1154  * the CR from the result. */
1155  if (octstr_len(result) > 0 &&
1156  octstr_get_char(result, octstr_len(result) - 1) == 13)
1157  octstr_delete(result, octstr_len(result) - 1, 1);
1158 
1159  unlock_in(conn);
1160  return result;
1161 }
1162 
1164 {
1165  Octstr *result = NULL;
1166  unsigned char lengthbuf[4];
1167  long length = 0; /* for compiler please */
1168  int try, retry;
1169 
1170  lock_in(conn);
1171 
1172  for (try = 1; try <= 2; try++) {
1173  if (try > 1)
1174  unlocked_read(conn);
1175 
1176  do {
1177  retry = 0;
1178  /* First get the length. */
1179  if (unlocked_inbuf_len(conn) < 4)
1180  continue;
1181 
1182  octstr_get_many_chars(lengthbuf, conn->inbuf, conn->inbufpos, 4);
1183  length = decode_network_long(lengthbuf);
1184 
1185  if (length < 0) {
1186  warning(0, "conn_read_withlen: got negative length, skipping");
1187  conn->inbufpos += 4;
1188  retry = 1;
1189  }
1190  } while(retry == 1);
1191 
1192  /* Then get the data. */
1193  if (unlocked_inbuf_len(conn) - 4 < length)
1194  continue;
1195 
1196  conn->inbufpos += 4;
1197  result = unlocked_get(conn, length);
1198  gw_claim_area(result);
1199  break;
1200  }
1201 
1202  unlock_in(conn);
1203  return result;
1204 }
1205 
1207 {
1208  int startpos, endpos;
1209  Octstr *result = NULL;
1210  int try;
1211 
1212  lock_in(conn);
1213 
1214  for (try = 1; try <= 2; try++) {
1215  if (try > 1)
1216  unlocked_read(conn);
1217 
1218  /* Find startmark, and discard everything up to it */
1219  if (startmark >= 0) {
1220  startpos = octstr_search_char(conn->inbuf, startmark, conn->inbufpos);
1221  if (startpos < 0) {
1222  conn->inbufpos = octstr_len(conn->inbuf);
1223  continue;
1224  } else {
1225  conn->inbufpos = startpos;
1226  }
1227  } else {
1228  startpos = conn->inbufpos;
1229  }
1230 
1231  /* Find first endmark after startmark */
1232  endpos = octstr_search_char(conn->inbuf, endmark, conn->inbufpos);
1233  if (endpos < 0)
1234  continue;
1235 
1236  result = unlocked_get(conn, endpos - startpos + 1);
1237  gw_claim_area(result);
1238  break;
1239  }
1240 
1241  unlock_in(conn);
1242  return result;
1243 }
1244 
1245 #ifdef HAVE_LIBSSL
1246 X509 *conn_get_peer_certificate(Connection *conn)
1247 {
1248  /* Don't know if it needed to be locked , but better safe as crash */
1249  lock_out(conn);
1250  lock_in(conn);
1251  if (conn->peer_certificate == NULL && conn->ssl != NULL)
1252  conn->peer_certificate = SSL_get_peer_certificate(conn->ssl);
1253  unlock_in(conn);
1254  unlock_out(conn);
1255 
1256  return conn->peer_certificate;
1257 }
1258 
1259 /*
1260  * XXX Alex decalred the RSA callback routine static and now we're getting
1261  * warning messages for our automatic compilation tests. So we are commenting
1262  * the function out to avoid the warnings.
1263  *
1264 
1265 static RSA *tmp_rsa_callback(SSL *ssl, int export, int key_len)
1266 {
1267  static RSA *rsa = NULL;
1268  debug("gwlib.http", 0, "SSL: Generating new RSA key (export=%d, keylen=%d)", export, key_len);
1269  if (export) {
1270  rsa = RSA_generate_key(key_len, RSA_F4, NULL, NULL);
1271  } else {
1272  debug("gwlib.http", 0, "SSL: Export not set");
1273  }
1274  return rsa;
1275 }
1276 */
1277 
1278 #if OPENSSL_VERSION_NUMBER < 0x10100000L
1279 
1280 static Mutex **ssl_static_locks = NULL;
1281 
1282 /* the call-back function for the openssl crypto thread locking */
1283 static void openssl_locking_function(int mode, int n, const char *file, int line)
1284 {
1285  if (mode & CRYPTO_LOCK)
1286  mutex_lock(ssl_static_locks[n-1]);
1287  else
1288  mutex_unlock(ssl_static_locks[n-1]);
1289 }
1290 
1291 void openssl_init_locks(void)
1292 {
1293  int c, maxlocks = CRYPTO_num_locks();
1294 
1295  gw_assert(ssl_static_locks == NULL);
1296 
1297  ssl_static_locks = gw_malloc(sizeof(Mutex *) * maxlocks);
1298  for (c = 0; c < maxlocks; c++)
1299  ssl_static_locks[c] = mutex_create();
1300 
1301  /* after the mutexes have been created, apply the call-back to it */
1302  CRYPTO_set_locking_callback(openssl_locking_function);
1303  CRYPTO_set_id_callback((CRYPTO_CALLBACK_PTR)gwthread_self);
1304 }
1305 
1306 void openssl_shutdown_locks(void)
1307 {
1308  int c, maxlocks = CRYPTO_num_locks();
1309 
1310  gw_assert(ssl_static_locks != NULL);
1311 
1312  /* remove call-back from the locks */
1313  CRYPTO_set_locking_callback(NULL);
1314 
1315  for (c = 0; c < maxlocks; c++)
1316  mutex_destroy(ssl_static_locks[c]);
1317 
1318  gw_free(ssl_static_locks);
1319  ssl_static_locks = NULL;
1320 }
1321 
1322 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
1323 
1324 void conn_init_ssl(void)
1325 {
1326 #if OPENSSL_VERSION_NUMBER < 0x10100000L
1327  openssl_init_locks();
1328 #endif
1329 
1330  SSL_library_init();
1331  SSL_load_error_strings();
1332  global_ssl_context = SSL_CTX_new(SSLv23_client_method());
1333  SSL_CTX_set_mode(global_ssl_context,
1334  SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1335 }
1336 
1337 void server_ssl_init(void)
1338 {
1339  SSLeay_add_ssl_algorithms();
1340  SSL_load_error_strings();
1341  global_server_ssl_context = SSL_CTX_new(SSLv23_server_method());
1342  SSL_CTX_set_mode(global_server_ssl_context,
1343  SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1344  if (!SSL_CTX_set_default_verify_paths(global_server_ssl_context)) {
1345  panic(0, "can not set default path for server");
1346  }
1347 }
1348 
1349 void conn_shutdown_ssl(void)
1350 {
1351 #if OPENSSL_VERSION_NUMBER < 0x10100000L
1352  openssl_shutdown_locks();
1353 #endif
1354 
1355  if (global_ssl_context)
1356  SSL_CTX_free(global_ssl_context);
1357 
1358  CONF_modules_free();
1359  ERR_remove_state(0);
1360  ENGINE_cleanup();
1361  CONF_modules_unload(1);
1362  ERR_free_strings();
1363  EVP_cleanup();
1364  CRYPTO_cleanup_all_ex_data();
1365 }
1366 
1367 void server_shutdown_ssl(void)
1368 {
1369  if (global_server_ssl_context)
1370  SSL_CTX_free(global_server_ssl_context);
1371 
1372  CONF_modules_free();
1373  ERR_remove_state(0);
1374  ENGINE_cleanup();
1375  CONF_modules_unload(1);
1376  ERR_free_strings();
1377  EVP_cleanup();
1378  CRYPTO_cleanup_all_ex_data();
1379 }
1380 
1381 void conn_use_global_client_certkey_file(Octstr *certkeyfile)
1382 {
1383  SSL_CTX_use_certificate_chain_file(global_ssl_context,
1384  octstr_get_cstr(certkeyfile));
1385  SSL_CTX_use_PrivateKey_file(global_ssl_context,
1386  octstr_get_cstr(certkeyfile),
1387  SSL_FILETYPE_PEM);
1388  if (SSL_CTX_check_private_key(global_ssl_context) != 1)
1389  panic(0, "reading global client certificate file `%s', the certificate "
1390  "isn't consistent with the private key (or failed reading the file)",
1391  octstr_get_cstr(certkeyfile));
1392  info(0, "Using global SSL certificate and key from file `%s'",
1393  octstr_get_cstr(certkeyfile));
1394 }
1395 
1396 void conn_use_global_server_certkey_file(Octstr *certfile, Octstr *keyfile)
1397 {
1398  SSL_CTX_use_certificate_chain_file(global_server_ssl_context,
1399  octstr_get_cstr(certfile));
1400  SSL_CTX_use_PrivateKey_file(global_server_ssl_context,
1401  octstr_get_cstr(keyfile),
1402  SSL_FILETYPE_PEM);
1403  if (SSL_CTX_check_private_key(global_server_ssl_context) != 1) {
1404  error(0, "SSL: %s", ERR_error_string(ERR_get_error(), NULL));
1405  panic(0, "reading global server certificate file %s, the certificate \
1406  isn't consistent with the private key in file %s \
1407  (or failed reading the file)",
1408  octstr_get_cstr(certfile), octstr_get_cstr(keyfile));
1409  }
1410  info(0, "Using global server SSL certificate from file `%s'", octstr_get_cstr(certfile));
1411  info(0, "Using global server SSL key from file `%s'", octstr_get_cstr(keyfile));
1412 }
1413 
1414 void conn_use_global_client_cipher_list(Octstr *cipher)
1415 {
1416  if (SSL_CTX_set_cipher_list(global_ssl_context, octstr_get_cstr(cipher)) != 1) {
1417  error(0, "SSL: %s", ERR_error_string(ERR_get_error(), NULL));
1418  SSL_CTX_free(global_ssl_context);
1419  panic(0, "cipher list <%s> contains no supported ciphers!",
1420  octstr_get_cstr(cipher));
1421  }
1422 }
1423 
1424 void conn_use_global_server_cipher_list(Octstr *cipher)
1425 {
1426  if (SSL_CTX_set_cipher_list(global_server_ssl_context, octstr_get_cstr(cipher)) != 1) {
1427  error(0, "SSL: %s", ERR_error_string(ERR_get_error(), NULL));
1428  SSL_CTX_free(global_server_ssl_context);
1429  panic(0, "cipher list <%s> contains no supported ciphers!",
1430  octstr_get_cstr(cipher));
1431  }
1432 }
1433 
1434 static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
1435 {
1436  char subject[256];
1437  char issuer [256];
1438  char *status;
1439  X509 *curr_cert;
1440 
1441 #if OPENSSL_VERSION_NUMBER < 0x10100000L
1442  curr_cert = ctx->current_cert;
1443  X509_NAME_oneline(X509_get_subject_name(curr_cert), subject, sizeof(subject));
1444  X509_NAME_oneline(X509_get_issuer_name(curr_cert), issuer, sizeof (issuer));
1445 #else
1446  curr_cert = X509_STORE_CTX_get_current_cert(ctx);
1447  X509_NAME_oneline(X509_get_subject_name(curr_cert), subject, sizeof(subject));
1448  X509_NAME_oneline(X509_get_issuer_name(curr_cert), issuer, sizeof (issuer));
1449 #endif
1450 
1451  status = preverify_ok ? "Accepting" : "Rejecting";
1452 
1453  info(0, "%s certificate for \"%s\" signed by \"%s\"", status, subject, issuer);
1454 
1455  return preverify_ok;
1456 }
1457 
1458 void conn_use_global_trusted_ca_file(Octstr *ssl_trusted_ca_file)
1459 {
1460  if (ssl_trusted_ca_file != NULL) {
1461  if (!SSL_CTX_load_verify_locations(global_ssl_context,
1462  octstr_get_cstr(ssl_trusted_ca_file),
1463  NULL)) {
1464  panic(0, "Failed to load SSL CA file: %s", octstr_get_cstr(ssl_trusted_ca_file));
1465  } else {
1466  info(0, "Using CA root certificates from file %s",
1467  octstr_get_cstr(ssl_trusted_ca_file));
1468  SSL_CTX_set_verify(global_ssl_context,
1469  SSL_VERIFY_PEER,
1470  verify_callback);
1471  }
1472 
1473  } else {
1474  SSL_CTX_set_verify(global_ssl_context,
1475  SSL_VERIFY_NONE,
1476  NULL);
1477  }
1478 }
1479 
1480 void conn_config_ssl (CfgGroup *grp)
1481 {
1483  Octstr *ssl_server_cert_file = NULL;
1484  Octstr *ssl_server_key_file = NULL;
1485  Octstr *ssl_trusted_ca_file = NULL;
1486  Octstr *ssl_client_cipher_list = NULL;
1487  Octstr *ssl_server_cipher_list = NULL;
1488 
1489  /*
1490  * check if SSL is desired for HTTP servers and then
1491  * load SSL client and SSL server public certificates
1492  * and private keys
1493  */
1494  ssl_client_certkey_file = cfg_get(grp, octstr_imm("ssl-client-certkey-file"));
1495  if (ssl_client_certkey_file != NULL)
1496  conn_use_global_client_certkey_file(ssl_client_certkey_file);
1497 
1498  ssl_server_cert_file = cfg_get(grp, octstr_imm("ssl-server-cert-file"));
1499  ssl_server_key_file = cfg_get(grp, octstr_imm("ssl-server-key-file"));
1500 
1501  if (ssl_server_cert_file != NULL && ssl_server_key_file != NULL) {
1502  conn_use_global_server_certkey_file(ssl_server_cert_file,
1503  ssl_server_key_file);
1504  }
1505 
1506  ssl_trusted_ca_file = cfg_get(grp, octstr_imm("ssl-trusted-ca-file"));
1507 
1508  conn_use_global_trusted_ca_file(ssl_trusted_ca_file);
1509 
1510  /*
1511  * Check if specific ciphers are selected/de-selected.
1512  */
1513  if ((ssl_client_cipher_list = cfg_get(grp, octstr_imm("ssl-client-cipher-list"))) != NULL) {
1514  conn_use_global_client_cipher_list(ssl_client_cipher_list);
1515  }
1516  if ((ssl_server_cipher_list = cfg_get(grp, octstr_imm("ssl-server-cipher-list"))) != NULL) {
1517  conn_use_global_server_cipher_list(ssl_server_cipher_list);
1518  }
1519 
1520  octstr_destroy(ssl_client_certkey_file);
1521  octstr_destroy(ssl_server_cert_file);
1522  octstr_destroy(ssl_server_key_file);
1523  octstr_destroy(ssl_trusted_ca_file);
1524  octstr_destroy(ssl_client_cipher_list);
1525  octstr_destroy(ssl_server_cipher_list);
1526 }
1527 
1528 SSL *conn_get_ssl(Connection *conn)
1529 {
1530  if (conn != NULL)
1531  return conn->ssl;
1532  else
1533  return NULL;
1534 }
1535 
1536 #else
1537 
1539 {
1540  info(0, "SSL not supported, no SSL initialization done.");
1541 }
1542 #endif /* HAVE_LIBSSL */
1543 
1545  if(conn == NULL)
1546  return 0;
1547  else
1548  return conn->fd;
1549 }
Octstr * conn_read_line(Connection *conn)
Definition: conn.c:1128
int listening_pollout
Definition: conn.c:148
void error(int err, const char *fmt,...)
Definition: log.c:648
void info(int err, const char *fmt,...)
Definition: log.c:672
static long our_port
Definition: radius_acct.c:87
int socket_set_blocking(int fd, int blocking)
Definition: socket.c:368
Definition: http.c:1999
int size
Definition: wsasm.c:84
Connection * conn_open_tcp(Octstr *host, int port, Octstr *our_host)
Definition: conn.c:490
long gwthread_self(void)
void octstr_append_data(Octstr *ostr, const char *data, long len)
Definition: octstr.c:1495
static int unlocked_try_write(Connection *conn)
Definition: conn.c:289
void fdset_listen(FDSet *set, int fd, int mask, int events)
Definition: fdset.c:470
conn_callback_t * callback
Definition: conn.c:142
gw_assert(wtls_machine->packet_to_send !=NULL)
int ssl
Mutex * outlock
Definition: conn.c:112
static void startmark(unsigned char *p, long number)
Definition: gwmem-check.c:263
#define mutex_unlock(m)
Definition: thread.h:136
void encode_network_long(unsigned char *data, unsigned long value)
Definition: utils.c:940
FDSet * registered
Definition: conn.c:141
void octstr_append(Octstr *ostr1, const Octstr *ostr2)
Definition: octstr.c:1502
unsigned int output_buffering
Definition: conn.c:130
int read_eof
Definition: conn.c:136
int conn_is_connected(Connection *conn)
Definition: conn.c:519
static void unlocked_register_pollin(Connection *conn, int onoff)
Definition: conn.c:371
#define mutex_create()
Definition: thread.h:96
static void unlocked_register_pollout(Connection *conn, int onoff)
Definition: conn.c:391
Connection * conn_open_tcp_nb(Octstr *host, int port, Octstr *our_host)
Definition: conn.c:495
int listening_pollin
Definition: conn.c:146
static void endmark(unsigned char *p, size_t size)
Definition: gwmem-check.c:255
static Octstr * host
Definition: fakesmsc.c:121
#define cfg_get(grp, varname)
Definition: cfg.h:86
static long unlocked_outbuf_len(Connection *conn)
Definition: conn.c:222
int conn_write_data(Connection *conn, unsigned char *data, long length)
Definition: conn.c:1057
#define POLLNVAL
Definition: gwpoll.h:98
long outbufpos
Definition: conn.c:126
void * callback_data
Definition: conn.c:143
long conn_inbuf_len(Connection *conn)
Definition: conn.c:688
Octstr * outbuf
Definition: conn.c:125
void fdset_unregister(FDSet *set, int fd)
Definition: fdset.c:510
int io_error
Definition: conn.c:137
long claiming_thread
Definition: conn.c:115
int conn_eof(Connection *conn)
Definition: conn.c:699
static void lock_out(Connection *conn)
Definition: conn.c:197
volatile sig_atomic_t claimed
Definition: conn.c:113
conn_callback_data_destroyer_t * callback_data_destroyer
Definition: conn.c:144
#define octstr_get_cstr(ostr)
Definition: octstr.h:233
#define octstr_copy(ostr, from, len)
Definition: octstr.h:178
long octstr_search_char(const Octstr *ostr, int ch, long pos)
Definition: octstr.c:1010
void fdset_register(FDSet *set, int fd, int events, fdset_callback_t callback, void *data)
Definition: fdset.c:425
static Octstr * unlocked_get(Connection *conn, long length)
Definition: conn.c:355
#define DEFAULT_OUTPUT_BUFFERING
Definition: conn.c:103
FILE * file
Definition: log.c:169
static Octstr * our_host
Definition: radius_acct.c:86
Connection * conn_open_tcp_nb_with_port(Octstr *host, int port, int our_port, Octstr *our_host)
Definition: conn.c:500
void conn_callback_data_destroyer_t(void *data)
Definition: conn.h:113
static Octstr * ssl_client_certkey_file
Definition: test_http.c:83
void conn_claim(Connection *conn)
Definition: conn.c:665
#define POLLIN
Definition: gwpoll.h:91
void conn_set_output_buffering(Connection *conn, unsigned int size)
Definition: conn.c:723
Octstr * octstr_imm(const char *cstr)
Definition: octstr.c:281
int conn_write(Connection *conn, Octstr *data)
Definition: conn.c:1045
int conn_get_connect_result(Connection *conn)
Definition: conn.c:524
Octstr * conn_read_packet(Connection *conn, int startmark, int endmark)
Definition: conn.c:1206
int conn_get_id(Connection *conn)
Definition: conn.c:1544
void conn_config_ssl(CfgGroup *grp)
Definition: conn.c:1538
void octstr_delete(Octstr *ostr1, long pos, long len)
Definition: octstr.c:1525
static void unlocked_read(Connection *conn)
Definition: conn.c:310
void conn_destroy(Connection *conn)
Definition: conn.c:621
#define unlock_in(conn)
Definition: conn.c:168
int conn_register_real(Connection *conn, FDSet *fdset, conn_callback_t callback, void *data, conn_callback_data_destroyer_t *data_destroyer)
Definition: conn.c:796
int fd
Definition: conn.c:119
Connection * conn_open_tcp_with_port(Octstr *host, int port, int our_port, Octstr *our_host)
Definition: conn.c:542
unsigned long(* CRYPTO_CALLBACK_PTR)(void)
Definition: conn.c:94
void warning(int err, const char *fmt,...)
Definition: log.c:660
long conn_outbuf_len(Connection *conn)
Definition: conn.c:677
int tcpip_connect_to_server_with_port(char *hostname, int port, int our_port, const char *source_addr)
Definition: socket.c:156
void octstr_destroy(Octstr *ostr)
Definition: octstr.c:322
#define POLLERR
Definition: gwpoll.h:96
void conn_callback_t(Connection *conn, void *data)
Definition: conn.h:105
#define octstr_create(cstr)
Definition: octstr.h:125
void mutex_destroy(Mutex *mutex)
Definition: thread.c:97
Octstr * conn_read_withlen(Connection *conn)
Definition: conn.c:1163
int conn_write_withlen(Connection *conn, Octstr *data)
Definition: conn.c:1069
Mutex * inlock
Definition: conn.c:111
long octstr_write_data(Octstr *ostr, int fd, long from)
Definition: octstr.c:1253
int gwthread_pollfd(int fd, int events, double timeout)
int sockfd
Definition: test_cimd2.c:145
static void poll_callback(int fd, int revents, void *data)
Definition: conn.c:732
static void unlock_in_real(Connection *conn, char *file, int line, const char *func)
Definition: conn.c:183
int tcpip_connect_nb_to_server_with_port(char *hostname, int port, int our_port, const char *source_addr, int *done)
Definition: socket.c:246
long octstr_len(const Octstr *ostr)
Definition: octstr.c:340
void conn_unregister(Connection *conn)
Definition: conn.c:852
long decode_network_long(unsigned char *data)
Definition: utils.c:935
enum Connection::@56 connected
static long unlocked_inbuf_len(Connection *conn)
Definition: conn.c:228
Definition: octstr.c:118
int conn_wait(Connection *conn, double seconds)
Definition: conn.c:898
static void unlock_out_real(Connection *conn, char *file, int line, const char *func)
Definition: conn.c:208
#define panic
Definition: log.h:87
Definition: cfg.c:73
static void lock_in(Connection *conn)
Definition: conn.c:172
static long unlocked_write(Connection *conn)
Definition: conn.c:235
int socklen_t
Definition: socket.h:73
Definition: fdset.c:70
Definition: thread.h:76
Octstr * conn_read_fixed(Connection *conn, long length)
Definition: conn.c:1104
int conn_error(Connection *conn)
Definition: conn.c:710
void octstr_get_many_chars(char *buf, Octstr *ostr, long pos, long len)
Definition: octstr.c:423
int octstr_get_char(const Octstr *ostr, long pos)
Definition: octstr.c:404
#define mutex_lock(m)
Definition: thread.h:130
#define unlock_out(conn)
Definition: conn.c:169
Octstr * inbuf
Definition: conn.c:133
#define POLLHUP
Definition: gwpoll.h:97
Octstr * conn_read_everything(Connection *conn)
Definition: conn.c:1084
#define POLLOUT
Definition: gwpoll.h:93
Connection * conn_wrap_fd(int fd, int ssl)
Definition: conn.c:560
long inbufpos
Definition: conn.c:134
int conn_flush(Connection *conn)
Definition: conn.c:989
See file LICENSE for details about the license agreement for using, modifying, copying or deriving work from this software.