#if HAVE_GNUTLS_H
#include <gnutls/x509.h>
#include <gnutls/gnutls.h>
-#define ENABLE_SSL 1
#endif
#include <yaz/comstack.h>
void *cd);
static int tcpip_set_blocking(COMSTACK p, int blocking);
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
static int ssl_get(COMSTACK h, char **buf, int *bufsize);
static int ssl_put(COMSTACK h, char *buf, int size);
#endif
int (*complete)(const char *buf, int len); /* length/complete. */
#if HAVE_GETADDRINFO
struct addrinfo *ai;
+ struct addrinfo *ai_connect;
#else
struct sockaddr_in addr; /* returned by cs_straddr */
#endif
int connect_response_len;
} tcpip_state;
-#ifdef WIN32
static int tcpip_init(void)
{
+#ifdef WIN32
static int initialized = 0;
+#endif
+ yaz_init_globals();
+#ifdef WIN32
if (!initialized)
{
WORD requested;
return 0;
initialized = 1;
}
+#endif
return 1;
}
-#else
-static int tcpip_init(void)
-{
- return 1;
-}
-#endif
/*
* This function is always called through the cs_create() macro.
COMSTACK ssl_type(int s, int flags, int protocol, void *vp)
{
-#if !ENABLE_SSL
- return 0;
-#else
+#if HAVE_GNUTLS_H
tcpip_state *sp;
COMSTACK p;
p->type = ssl_type;
sp = (tcpip_state *) p->cprivate;
-#if HAVE_GNUTLS_H
sp->session = (gnutls_session_t) vp;
-#endif
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
+#else
+ return 0;
#endif
}
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
static int ssl_check_error(COMSTACK h, tcpip_state *sp, int res)
{
-#if HAVE_GNUTLS_H
TRC(fprintf(stderr, "ssl_check_error error=%d fatal=%d msg=%s\n",
res,
gnutls_error_is_fatal(res),
h->io_pending = dir ? CS_WANT_WRITE : CS_WANT_READ;
return 1;
}
-#endif
h->cerrno = CSERRORSSL;
return 0;
}
if (sp->ai && h->state == CS_ST_UNBND)
{
int s = -1;
- for (ai = sp->ai; ai; ai = ai->ai_next)
+ if (ipv6_only >= 0)
{
- if (ai->ai_family == AF_INET6)
+ for (ai = sp->ai; ai; ai = ai->ai_next)
{
- s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- if (s != -1)
- break;
+ if (ai->ai_family == AF_INET6)
+ {
+ s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (s != -1)
+ break;
+ }
}
}
if (s == -1)
}
if (s == -1)
return 0;
+ TRC(fprintf(stderr, "First socket fd=%d\n", s));
assert(ai);
h->iofile = s;
if (ai->ai_family == AF_INET6 && ipv6_only >= 0 &&
return sp->altlen && (*sp->complete)(sp->altbuf, sp->altlen);
}
+static int cont_connect(COMSTACK h)
+{
+#if HAVE_GETADDRINFO
+ tcpip_state *sp = (tcpip_state *)h->cprivate;
+ struct addrinfo *ai = sp->ai_connect;
+ while (ai && (ai = ai->ai_next))
+ {
+ int s;
+ s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (s != -1)
+ {
+#if HAVE_GNUTLS_H
+ if (h->type == ssl_type && sp->session)
+ {
+ gnutls_bye(sp->session, GNUTLS_SHUT_WR);
+ gnutls_deinit(sp->session);
+ sp->session = 0;
+ }
+#endif
+#ifdef WIN32
+ closesocket(h->iofile);
+#else
+ close(h->iofile);
+#endif
+ TRC(fprintf(stderr, "Other socket call fd=%d\n", s));
+ h->state = CS_ST_UNBND;
+ h->iofile = s;
+ tcpip_set_blocking(h, h->flags);
+ return tcpip_connect(h, ai);
+ }
+#endif
+ }
+ h->cerrno = CSYSERR;
+ return -1;
+}
+
+
/*
* connect(2) will block (sometimes) - nothing we can do short of doing
* weird things like spawning subprocesses or threading or some weird junk
}
#if HAVE_GETADDRINFO
r = connect(h->iofile, ai->ai_addr, ai->ai_addrlen);
- freeaddrinfo(sp->ai);
- sp->ai = 0;
+ sp->ai_connect = ai;
#else
r = connect(h->iofile, (struct sockaddr *) add, sizeof(*add));
#endif
#else
if (yaz_errno() == EINPROGRESS)
{
+ TRC(fprintf(stderr, "Pending fd=%d\n", h->iofile));
h->event = CS_CONNECT;
h->state = CS_ST_CONNECTING;
h->io_pending = CS_WANT_WRITE|CS_WANT_READ;
return 1;
}
#endif
- h->cerrno = CSYSERR;
- return -1;
+ return cont_connect(h);
}
h->event = CS_CONNECT;
h->state = CS_ST_CONNECTING;
*/
int tcpip_rcvconnect(COMSTACK h)
{
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
tcpip_state *sp = (tcpip_state *)h->cprivate;
#endif
TRC(fprintf(stderr, "tcpip_rcvconnect\n"));
#if HAVE_GNUTLS_H
if (h->type == ssl_type && !sp->session)
{
- gnutls_global_init();
tcpip_create_cred(h);
gnutls_init(&sp->session, GNUTLS_CLIENT);
gnutls_set_default_priority(sp->session);
{
if (ssl_check_error(h, sp, res))
return 1;
- return -1;
+ return cont_connect(h);
}
}
#endif
if (h->type == ssl_type && !sp->session)
{
int res;
- gnutls_global_init();
-
tcpip_create_cred(h);
-
res = gnutls_certificate_set_x509_key_file(sp->cred_ptr->xcred,
sp->cert_fname,
sp->cert_fname,
GNUTLS_X509_FMT_PEM);
if (res != GNUTLS_E_SUCCESS)
{
+ fprintf(stderr, "Error 1\n");
h->cerrno = CSERRORSSL;
return -1;
}
}
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
/*
* Return: -1 error, >1 good, len of buffer, ==1 incomplete buffer,
* 0=connection closed.
else if (*bufsize - hasread < CS_TCPIP_BUFCHUNK)
if (!(*buf =(char *)xrealloc(*buf, *bufsize *= 2)))
return -1;
-#if HAVE_GNUTLS_H
res = gnutls_record_recv(sp->session, *buf + hasread,
CS_TCPIP_BUFCHUNK);
if (res == 0)
break;
return -1;
}
-#else
- res = SSL_read(sp->ssl, *buf + hasread, CS_TCPIP_BUFCHUNK);
- TRC(fprintf(stderr, " SSL_read res=%d, hasread=%d\n", res, hasread));
- if (res <= 0)
- {
- if (ssl_check_error(h, sp, res))
- break;
- return -1;
- }
-#endif
hasread += res;
}
TRC (fprintf (stderr, " Out of read loop with hasread=%d, berlen=%d\n",
h->io_pending = CS_WANT_WRITE;
return 1;
}
- h->cerrno = CSYSERR;
- return -1;
+ return cont_connect(h);
}
state->written += res;
TRC(fprintf(stderr, " Wrote %d, written=%d, nbytes=%d\n",
}
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
/*
* Returns 1, 0 or -1
* In nonblocking mode, you must call again with same buffer while
}
while (state->towrite > state->written)
{
-#if HAVE_GNUTLS_H
res = gnutls_record_send(state->session, buf + state->written,
size - state->written);
if (res <= 0)
return 1;
return -1;
}
-#else
- res = SSL_write(state->ssl, buf + state->written,
- size - state->written);
- if (res <= 0)
- {
- if (ssl_check_error(h, state, res))
- return 1;
- return -1;
- }
-#endif
state->written += res;
TRC(fprintf(stderr, " Wrote %d, written=%d, nbytes=%d\n",
res, state->written, size));
int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
{
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
if (cs && cs->type == ssl_type)
{
/* doesn't do anything for GNUTLS */
int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname)
{
-#if ENABLE_SSL
+#if HAVE_GNUTLS_H
if (cs && cs->type == ssl_type)
{
struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
{
- /* doesn't do anything for GNUTLS */
+
+#if HAVE_GNUTLS_H
+#if USE_GNUTLS_X509_CRT_PRINT
+ struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+ if (cs->type == ssl_type && sp->session)
+ {
+ const gnutls_datum_t *cert_list;
+ unsigned cert_list_size;
+ if (gnutls_certificate_type_get(sp->session) != GNUTLS_CRT_X509)
+ return 0;
+ cert_list = gnutls_certificate_get_peers(sp->session, &cert_list_size);
+ if (cert_list_size > 0)
+ {
+ gnutls_x509_crt_t cert;
+ int ret;
+ gnutls_datum_t cinfo;
+
+ gnutls_x509_crt_init(&cert);
+ gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+
+ ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ if (ret == 0)
+ {
+ *buf = xstrdup((char *) cinfo.data);
+ *len = strlen(*buf);
+ gnutls_free(cinfo.data);
+ gnutls_x509_crt_deinit(cert);
+ return 1;
+ }
+ gnutls_x509_crt_deinit(cert);
+ }
+ }
+#endif
+#endif
return 0;
}
projects / yaz-moved-to-github.git / blobdiff