Начало Каталог Помощ
Вход
Godot
/
godot
огледало от https://github.com/godotengine/godot.git
2
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: 4d099e901b
Клонове Маркери
godot
/
thirdparty
/
libwebsockets
/
lib
/
tls
/
tls-client.c

tls-client.c 4.2 KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. /*
    2. 

  2.  * libwebsockets - client-related ssl code independent of backend
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2010-2018 Andy Green <[email protected]>
    5. 

  5.  *
    6. 

  6.  *  This library is free software; you can redistribute it and/or
    7. 

  7.  *  modify it under the terms of the GNU Lesser General Public
    8. 

  8.  *  License as published by the Free Software Foundation:
    9. 

  9.  *  version 2.1 of the License.
    10. 

  10.  *
    11. 

  11.  *  This library is distributed in the hope that it will be useful,
    12. 

  12.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14.  *  Lesser General Public License for more details.
    15. 

  15.  *
    16. 

  16.  *  You should have received a copy of the GNU Lesser General Public
    17. 

  17.  *  License along with this library; if not, write to the Free Software
    18. 

  18.  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
    19. 

  19.  *  MA  02110-1301  USA
    20. 

  20.  */
    21. 

  21. 

  22. #include "core/private.h"
    23. 

  23. 

  24. int
    25. 

  25. lws_ssl_client_connect1(struct lws *wsi)
    26. 

  26. {
    27. 

  27. 	struct lws_context *context = wsi->context;
    28. 

  28. 	int n = 0;
    29. 

  29. 

  30. 	lws_latency_pre(context, wsi);
    31. 

  31. 	n = lws_tls_client_connect(wsi);
    32. 

  32. 	lws_latency(context, wsi, "SSL_connect hs", n, n > 0);
    33. 

  33. 

  34. 	switch (n) {
    35. 

  35. 	case LWS_SSL_CAPABLE_ERROR:
    36. 

  36. 		return -1;
    37. 

  37. 	case LWS_SSL_CAPABLE_DONE:
    38. 

  38. 		return 1; /* connected */
    39. 

  39. 	case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
    40. 

  40. 		lws_callback_on_writable(wsi);
    41. 

  41. 		/* fallthru */
    42. 

  42. 	case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
    43. 

  43. 		lwsi_set_state(wsi, LRS_WAITING_SSL);
    44. 

  44. 		break;
    45. 

  45. 	case LWS_SSL_CAPABLE_MORE_SERVICE:
    46. 

  46. 		break;
    47. 

  47. 	}
    48. 

  48. 

  49. 	return 0; /* retry */
    50. 

  50. }
    51. 

  51. 

  52. int
    53. 

  53. lws_ssl_client_connect2(struct lws *wsi, char *errbuf, int len)
    54. 

  54. {
    55. 

  55. 	int n = 0;
    56. 

  56. 

  57. 	if (lwsi_state(wsi) == LRS_WAITING_SSL) {
    58. 

  58. 		lws_latency_pre(wsi->context, wsi);
    59. 

  59. 

  60. 		n = lws_tls_client_connect(wsi);
    61. 

  61. 		lwsl_debug("%s: SSL_connect says %d\n", __func__, n);
    62. 

  62. 		lws_latency(wsi->context, wsi,
    63. 

  63. 			    "SSL_connect LRS_WAITING_SSL", n, n > 0);
    64. 

  64. 

  65. 		switch (n) {
    66. 

  66. 		case LWS_SSL_CAPABLE_ERROR:
    67. 

  67. 			lws_snprintf(errbuf, len, "client connect failed");
    68. 

  68. 			return -1;
    69. 

  69. 		case LWS_SSL_CAPABLE_DONE:
    70. 

  70. 			break; /* connected */
    71. 

  71. 		case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
    72. 

  72. 			lws_callback_on_writable(wsi);
    73. 

  73. 			/* fallthru */
    74. 

  74. 		case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
    75. 

  75. 			lwsi_set_state(wsi, LRS_WAITING_SSL);
    76. 

  76. 			/* fallthru */
    77. 

  77. 		case LWS_SSL_CAPABLE_MORE_SERVICE:
    78. 

  78. 			return 0;
    79. 

  79. 		}
    80. 

  80. 	}
    81. 

  81. 

  82. 	if (lws_tls_client_confirm_peer_cert(wsi, errbuf, len))
    83. 

  83. 		return -1;
    84. 

  84. 

  85. 	return 1;
    86. 

  86. }
    87. 

  87. 

  88. 

  89. int lws_context_init_client_ssl(const struct lws_context_creation_info *info,
    90. 

  90. 				struct lws_vhost *vhost)
    91. 

  91. {
    92. 

  92. 	const char *private_key_filepath = info->ssl_private_key_filepath;
    93. 

  93. 	const char *cert_filepath = info->ssl_cert_filepath;
    94. 

  94. 	const char *ca_filepath = info->ssl_ca_filepath;
    95. 

  95. 	const char *cipher_list = info->ssl_cipher_list;
    96. 

  96. 	struct lws wsi;
    97. 

  97. 

  98. 	if (vhost->options & LWS_SERVER_OPTION_ONLY_RAW)
    99. 

  99. 		return 0;
    100. 

  100. 

  101. 	/*
    102. 

  102. 	 *  for backwards-compatibility default to using ssl_... members, but
    103. 

  103. 	 * if the newer client-specific ones are given, use those
    104. 

  104. 	 */
    105. 

  105. 	if (info->client_ssl_cipher_list)
    106. 

  106. 		cipher_list = info->client_ssl_cipher_list;
    107. 

  107. 	if (info->client_ssl_cert_filepath)
    108. 

  108. 		cert_filepath = info->client_ssl_cert_filepath;
    109. 

  109. 	if (info->client_ssl_private_key_filepath)
    110. 

  110. 		private_key_filepath = info->client_ssl_private_key_filepath;
    111. 

  111. 

  112. 	if (info->client_ssl_ca_filepath)
    113. 

  113. 		ca_filepath = info->client_ssl_ca_filepath;
    114. 

  114. 

  115. 	if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
    116. 

  116. 		return 0;
    117. 

  117. 

  118. 	if (vhost->tls.ssl_client_ctx)
    119. 

  119. 		return 0;
    120. 

  120. 

  121. 	if (info->provided_client_ssl_ctx) {
    122. 

  122. 		/* use the provided OpenSSL context if given one */
    123. 

  123. 		vhost->tls.ssl_client_ctx = info->provided_client_ssl_ctx;
    124. 

  124. 		/* nothing for lib to delete */
    125. 

  125. 		vhost->tls.user_supplied_ssl_ctx = 1;
    126. 

  126. 

  127. 		return 0;
    128. 

  128. 	}
    129. 

  129. 

  130. 	if (lws_tls_client_create_vhost_context(vhost, info, cipher_list,
    131. 

  131. 						ca_filepath,
    132. 

  132. 						info->client_ssl_ca_mem,
    133. 

  133. 						info->client_ssl_ca_mem_len,
    134. 

  134. 						cert_filepath,
    135. 

  135. 						private_key_filepath))
    136. 

  136. 		return 1;
    137. 

  137. 

  138. 	lwsl_notice("created client ssl context for %s\n", vhost->name);
    139. 

  139. 

  140. 	/*
    141. 

  141. 	 * give him a fake wsi with context set, so he can use
    142. 

  142. 	 * lws_get_context() in the callback
    143. 

  143. 	 */
    144. 

  144. 	memset(&wsi, 0, sizeof(wsi));
    145. 

  145. 	wsi.vhost = vhost; /* not a real bound wsi */
    146. 

  146. 	wsi.context = vhost->context;
    147. 

  147. 

  148. 	vhost->protocols[0].callback(&wsi,
    149. 

  149. 			LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
    150. 

  150. 				     vhost->tls.ssl_client_ctx, NULL, 0);
    151. 

  151. 

  152. 	return 0;
    153. 

  153. }
    154.