From fc3ecf82c3d0f8037e9130655128564de5d3c158 Mon Sep 17 00:00:00 2001 From: snowdrop Date: Wed, 11 Jan 2006 10:54:43 +0000 Subject: intergrating ssl. Removing global variables SSL* like SSLctx and HSOCKET_SSL_* definition. Instead we are using HSOCKET_ERROR_SSL* definitions. introduced hsocket_init_ssl() --- nanohttp/nanohttp-common.c | 17 ++++++---- nanohttp/nanohttp-common.h | 7 +++-- nanohttp/nanohttp-request.c | 4 +-- nanohttp/nanohttp-server.c | 19 ++++++----- nanohttp/nanohttp-socket.c | 77 ++++++++++++++++++++++++++++----------------- nanohttp/nanohttp-socket.h | 48 +++++++++++++++++++++------- nanohttp/nanohttp-ssl.c | 2 +- nanohttp/nanohttp-ssl.h | 12 ++++++- 8 files changed, 125 insertions(+), 61 deletions(-) (limited to 'nanohttp') diff --git a/nanohttp/nanohttp-common.c b/nanohttp/nanohttp-common.c index 3dcee6b..0b7661b 100644 --- a/nanohttp/nanohttp-common.c +++ b/nanohttp/nanohttp-common.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-common.c,v 1.22 2006/01/10 11:29:05 snowdrop Exp $ +* $Id: nanohttp-common.c,v 1.23 2006/01/11 10:54:43 snowdrop Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -42,10 +42,11 @@ static char _hoption_table[MAX_OPTION_SIZE][MAX_OPTION_VALUE_SIZE]; #ifdef HAVE_SSL -extern char *SSLCert; +/*extern char *SSLCert; extern char *SSLPass; extern char *SSLCA; extern int SSLCertLess; +*/ #endif /* option stuff */ @@ -100,7 +101,8 @@ hoption_init_args(int argc, char *argv[]) "WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled", NHTTP_ARG_CERT); #else - SSLCert = argv[i + 1]; + /* TODO (#1#) handle ssl arguments */ + /* SSLCert = argv[i + 1];*/ #endif } else if (!strcmp(argv[i], NHTTP_ARG_CERTPASS) && i < argc - 1) @@ -110,7 +112,8 @@ hoption_init_args(int argc, char *argv[]) "WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled", NHTTP_ARG_CERTPASS); #else - SSLPass = argv[i + 1]; + /* TODO (#1#) handle ssl arguments */ + /* SSLPass = argv[i + 1];*/ #endif } else if (!strcmp(argv[i], NHTTP_ARG_CA) && i < argc - 1) @@ -120,7 +123,8 @@ hoption_init_args(int argc, char *argv[]) "WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled", NHTTP_ARG_CA); #else - SSLCA = argv[i + 1]; + /* TODO (#1#) handle ssl arguments */ + /*SSLCA = argv[i + 1];*/ #endif } else if (!strcmp(argv[i], NHTTP_ARG_HTTPS)) @@ -130,7 +134,8 @@ hoption_init_args(int argc, char *argv[]) "WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled", NHTTP_ARG_HTTPS); #else - SSLCertLess = 1; + /* TODO (#1#) handle ssl arguments */ + /*SSLCertLess = 1;*/ #endif } } diff --git a/nanohttp/nanohttp-common.h b/nanohttp/nanohttp-common.h index 7a957ce..eb2c426 100644 --- a/nanohttp/nanohttp-common.h +++ b/nanohttp/nanohttp-common.h @@ -1,5 +1,5 @@ /****************************************************************** - * $Id: nanohttp-common.h,v 1.22 2006/01/10 11:29:05 snowdrop Exp $ + * $Id: nanohttp-common.h,v 1.23 2006/01/11 10:54:43 snowdrop Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003-2004 Ferhat Ayaz @@ -105,7 +105,8 @@ #define HSOCKET_ERROR_ACCEPT 1008 #define HSOCKET_ERROR_NOT_INITIALIZED 1009 #define HSOCKET_ERROR_IOCTL 1010 -#define HSOCKET_SSL_CLOSE 1011 +#define HSOCKET_ERROR_SSLCLOSE 1011 +#define HSOCKET_ERROR_SSLCTX 1011 /* URL errors */ #define URL_ERROR_UNKNOWN_PROTOCOL 1101 @@ -139,7 +140,7 @@ #define XML_ERROR_PARSE 1601 /* SSL Errors */ -#define SSL_ERROR_INIT 1700 +/*#define SSL_ERROR_INIT 1700*/ /* Set Sleep function platform depended diff --git a/nanohttp/nanohttp-request.c b/nanohttp/nanohttp-request.c index 930c609..1bd8a1d 100755 --- a/nanohttp/nanohttp-request.c +++ b/nanohttp/nanohttp-request.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-request.c,v 1.8 2006/01/10 11:29:05 snowdrop Exp $ +* $Id: nanohttp-request.c,v 1.9 2006/01/11 10:54:43 snowdrop Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -244,7 +244,7 @@ hrequest_new_from_socket(hsocket_t sock, hrequest_t ** out) status = hsocket_read(sock, &(buffer[i]), 1, 1, &readed); if (status != H_OK) { - if (herror_code(status) != HSOCKET_SSL_CLOSE) + if (herror_code(status) != HSOCKET_ERROR_SSLCLOSE) { log_error1("Socket read error"); } diff --git a/nanohttp/nanohttp-server.c b/nanohttp/nanohttp-server.c index 17dca3a..cc5517b 100644 --- a/nanohttp/nanohttp-server.c +++ b/nanohttp/nanohttp-server.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-server.c,v 1.42 2006/01/11 09:22:21 snowdrop Exp $ +* $Id: nanohttp-server.c,v 1.43 2006/01/11 10:54:43 snowdrop Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -103,7 +103,7 @@ sigset_t thrsigset; #endif #ifdef HAVE_SSL -extern SSL_CTX *SSLctx; +/*extern SSL_CTX *SSLctx;*/ #endif @@ -326,7 +326,7 @@ httpd_send_header (httpd_conn_t * res, int code, const char *text) } -int +herror_t httpd_send_internal_error (httpd_conn_t * conn, const char *errmsg) { const char *template1 = @@ -444,7 +444,7 @@ httpd_session_main (void *data) char buffer[256]; /* temp buffer for recv() */ char header[4064]; /* received header */ hrequest_t *req = NULL; /* only for test */ - httpd_conn_t *rconn; + httpd_conn_t *rconn = NULL; hservice_t *service = NULL; herror_t status; @@ -453,14 +453,14 @@ httpd_session_main (void *data) log_verbose1 ("starting httpd_session_main()"); #ifdef HAVE_SSL - if (!SSLctx) + if (!conn->sock.sslCtx) { log_verbose1 ("Using HTTP"); } else { log_verbose1 ("Using HTTPS"); - conn->sock.ssl = init_ssl (SSLctx, conn->sock.sock, SSL_SERVER); + conn->sock.ssl = init_ssl (conn->sock.sslCtx, conn->sock.sock, SSL_SERVER); hsocket_block (conn->sock, 0); if (conn->sock.ssl == NULL) { @@ -481,7 +481,7 @@ httpd_session_main (void *data) if (status != H_OK) { - if (herror_code (status) != HSOCKET_SSL_CLOSE) + if (herror_code (status) != HSOCKET_ERROR_SSLCLOSE) { httpd_send_internal_error (rconn, herror_message (status) /* "Request parse @@ -799,7 +799,10 @@ httpd_run () /* Accept a socket */ err = hsocket_accept (_httpd_socket, &(conn->sock)); - if (err != H_OK && herror_code (err) == SSL_ERROR_INIT) + if (err != H_OK + /* TODO (#1#) is this check neccessary? + && herror_code (err) == SSL_ERROR_INIT*/ + ) { hsocket_close (conn->sock); conn->sock.sock = -1; diff --git a/nanohttp/nanohttp-socket.c b/nanohttp/nanohttp-socket.c index 018f42d..3110aea 100644 --- a/nanohttp/nanohttp-socket.c +++ b/nanohttp/nanohttp-socket.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-socket.c,v 1.43 2006/01/10 11:29:05 snowdrop Exp $ +* $Id: nanohttp-socket.c,v 1.44 2006/01/11 10:54:43 snowdrop Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -78,11 +78,11 @@ typedef int ssize_t; #ifdef HAVE_SSL -SSL_CTX *SSLctx = NULL; +/*SSL_CTX *SSLctx = NULL; char *SSLCert = NULL; char *SSLPass = NULL; char *SSLCA = NULL; -int SSLCertLess = 0; +int SSLCertLess = 0;*/ #endif /*-------------------------------------------------- @@ -126,22 +126,41 @@ hsocket_init(hsocket_t * sock) log_verbose1("Starting hsocket init"); /* just set the descriptor to -1 */ sock->sock = -1; + #ifdef HAVE_SSL sock->ssl = NULL; - if (SSLCert || SSLCertLess) + sock->sslCtx = NULL; +#endif + + return H_OK; +} + +/*-------------------------------------------------- +FUNCTION: hsocket_init_ssl +----------------------------------------------------*/ +#ifdef HAVE_SSL +herror_t +hsocket_init_ssl(hsocket_t * sock, + const char* sslCert, + const char* sslPass, + const char* sslCA) +{ + hsocket_init(sock); + + log_verbose1("calling initialize_ctx()"); + sock->sslCtx = initialize_ctx(sslCert, sslPass, sslCA); + if (sock->sslCtx == NULL) { - log_verbose1("calling init ctx"); - SSLctx = initialize_ctx(SSLCert, SSLPass, SSLCA); - if (SSLctx == NULL) - { - return herror_new("hsocket_init", HSOCKET_ERROR_CONNECT, - "Unable to initialize SSL CTX"); - } + return herror_new("hsocket_init_ctx", HSOCKET_ERROR_SSLCTX, + "Unable to initialize SSL CTX"); } -#endif + return H_OK; } +#endif + + /*-------------------------------------------------- FUNCTION: hsocket_free ----------------------------------------------------*/ @@ -186,7 +205,7 @@ hsocket_open(hsocket_t * dsock, const char *hostname, int port) "Socket error: %d", errno); #ifdef HAVE_SSL - if (!SSLctx) + if (!dsock->sslCtx) { #endif log_verbose1("Using HTTP"); @@ -196,7 +215,7 @@ hsocket_open(hsocket_t * dsock, const char *hostname, int port) else { log_verbose1("Using HTTPS"); - dsock->ssl = init_ssl(SSLctx, sock.sock, SSL_CLIENT); + dsock->ssl = init_ssl(dsock->sslCtx, sock.sock, SSL_CLIENT); } #endif return H_OK; @@ -434,7 +453,7 @@ hsocket_nsend(hsocket_t sock, const byte_t * bytes, int n) return herror_new("hsocket_nsend", HSOCKET_ERROR_NOT_INITIALIZED, "Called hsocket_listen() before initializing!"); - // log_verbose2( "SENDING %s", bytes ); + /* log_verbose2( "SENDING %s", bytes );*/ /* TODO (#1#): check return value and send again until n bytes sent */ while (1) @@ -513,7 +532,7 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force, if (sock.ssl) { struct timeval timeout; - int i = 0; + /*int i = 0;*/ fd_set fds; FD_ZERO(&fds); FD_SET(sock.sock, &fds); @@ -523,14 +542,14 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force, #else fcntl(sock.sock, F_SETFL, O_NONBLOCK); #endif - // log_verbose1("START READ LOOP"); - // do{ - // log_verbose2("DEBUG A %d",i); + /* log_verbose1("START READ LOOP"); + do{ + log_verbose2("DEBUG A %d",i); */ status = SSL_read(sock.ssl, &buffer[totalRead], total - totalRead); if (status < 1) { int ret = select(sock.sock + 1, &fds, NULL, NULL, &timeout); - // log_verbose2("DEBUG %d",ret); + /* log_verbose2("DEBUG %d",ret);*/ #ifdef WIN32 if (ret == SOCKET_ERROR) { @@ -544,17 +563,17 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force, if (ret == 0) { log_verbose1("Socket timeout"); - return herror_new("hsocket_read", HSOCKET_SSL_CLOSE, "Timeout"); + return herror_new("hsocket_read", HSOCKET_ERROR_SSLCLOSE, "Timeout"); } else { - // log_verbose1("DEBUG C"); + /* log_verbose1("DEBUG C"); */ status = SSL_read(sock.ssl, &buffer[totalRead], total - totalRead); } - // log_verbose3("DEBUG D char: %d status: %d", - // buffer[totalRead], SSL_get_error(sock.ssl, status)); + /* log_verbose3("DEBUG D char: %d status: %d", + buffer[totalRead], SSL_get_error(sock.ssl, status));*/ } - // } while( SSL_get_error(sock.ssl, status) == SSL_ERROR_WANT_READ); + /* } while( SSL_get_error(sock.ssl, status) == SSL_ERROR_WANT_READ); */ #ifdef WIN32 #else fcntl(sock.sock, F_SETFL, 0); @@ -562,9 +581,9 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force, } else { -#else // HAVE_SSL +#else /* HAVE_SSL */ { -#endif // HAVE_SSL +#endif /* HAVE_SSL */ status = recv(sock.sock, &buffer[totalRead], total - totalRead, 0); #ifdef WIN32 @@ -598,12 +617,12 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force, if (sock.ssl && status < 1) { - // XXX I'm not sure this err_syscall is right here... + /* XXX I'm not sure this err_syscall is right here... */ if (SSL_get_shutdown(sock.ssl) == SSL_RECEIVED_SHUTDOWN || SSL_get_error(sock.ssl, status) == SSL_ERROR_SYSCALL) { *received = NULL;; - return herror_new("hsocket_read", HSOCKET_SSL_CLOSE, "SSL Closed"); + return herror_new("hsocket_read", HSOCKET_ERROR_SSLCLOSE, "SSL Closed"); } log_error2("Read error (%d)", status); log_ssl_error(sock.ssl, status); diff --git a/nanohttp/nanohttp-socket.h b/nanohttp/nanohttp-socket.h index b75a637..e0228e9 100644 --- a/nanohttp/nanohttp-socket.h +++ b/nanohttp/nanohttp-socket.h @@ -1,5 +1,5 @@ /****************************************************************** - * $Id: nanohttp-socket.h,v 1.20 2006/01/10 11:29:05 snowdrop Exp $ + * $Id: nanohttp-socket.h,v 1.21 2006/01/11 10:54:43 snowdrop Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -37,25 +37,30 @@ #endif -#ifdef WIN32 +/* + Socket definition +*/ typedef struct hsocket_t { + #ifdef HAVE_SSL SSL *ssl; + SSL_CTX *sslCtx; #endif + +#ifdef WIN32 SOCKET sock; -} hsocket_t; -typedef int socklen_t; #else -typedef struct hsocket_t -{ -#ifdef HAVE_SSL - SSL *ssl; -#endif int sock; -} hsocket_t; #endif +} hsocket_t; /* end of socket definition */ + +#ifdef WIN32 +typedef int socklen_t; +#endif + + /** @@ -75,16 +80,37 @@ void hsocket_module_destroy(); /** - Initializes a given socket object. This function should + Initializes a given socket object. This function (or + hsokcet_init_ssl) should be called for every socket before using it. @param sock the destination socket to initialize. + @see hsocket_init_ssl @returns This function should always return H_OK. */ herror_t hsocket_init(hsocket_t * sock); +/** + Initializes a given socket object with ssl context. + To initialize the socket without ssl, you should use + hsocket_init() + + @param sock the destination socket to initialize. + @param sslCert keyfile + @param sslPass passwort + @param sslCA calist + + @see hsocket_init + @returns HSOCKET_ERROR_SSLCTX if failed. H_OK otherwise + */ +herror_t +hsocket_init_ssl(hsocket_t * sock, + const char* sslCert, + const char* sslPass, + const char* sslCA); + /** Destroys and releases a given socket. diff --git a/nanohttp/nanohttp-ssl.c b/nanohttp/nanohttp-ssl.c index 798d623..254b718 100644 --- a/nanohttp/nanohttp-ssl.c +++ b/nanohttp/nanohttp-ssl.c @@ -167,7 +167,7 @@ user_verify (X509 * cert) #endif SSL_CTX * -initialize_ctx (char *keyfile, char *password, char *calist) +initialize_ctx (const char *keyfile, const char *password, const char *calist) { SSL_CTX *ctx = NULL; diff --git a/nanohttp/nanohttp-ssl.h b/nanohttp/nanohttp-ssl.h index f4ec7ef..5cb4cc3 100644 --- a/nanohttp/nanohttp-ssl.h +++ b/nanohttp/nanohttp-ssl.h @@ -63,7 +63,9 @@ typedef struct Con * Initialize the context */ -SSL_CTX *initialize_ctx(char *keyfile, char *password, char *calist); +SSL_CTX *initialize_ctx(const char *keyfile, + const char *password, + const char *calist); /* * Quick function for verifying a portion of the cert @@ -98,6 +100,14 @@ SSL *init_ssl(SSL_CTX * ctx, int sock, int type); void ssl_cleanup(); +/** + Log funtion to report ssl failures + @param ssl + @param ret + */ +void +log_ssl_error (SSL * ssl, int ret); + #endif #endif /* HAVE_SSL */ -- cgit v1.1-32-gdbae