tls_wolfssl: clang-format for coherent indentation and coding style

src/modules/tls_wolfssl/sbufq.h

@@ -33,18 +33,20 @@
 #include <string.h>
 
 
-struct sbuf_elem {
-	struct sbuf_elem* next;
+struct sbuf_elem
+{
+	struct sbuf_elem *next;
 	unsigned int b_size; /**< buf size */
-	char buf[1]; /**< variable size buffer */
+	char buf[1];		 /**< variable size buffer */
 };
 
-struct sbuffer_queue {
-	struct sbuf_elem* first;
-	struct sbuf_elem* last;
-	ticks_t last_chg; /**< last change (creation time or partial flush)*/
-	unsigned int queued; /**< total size */
-	unsigned int offset; /**< offset in the first buffer where unflushed data
+struct sbuffer_queue
+{
+	struct sbuf_elem *first;
+	struct sbuf_elem *last;
+	ticks_t last_chg;		/**< last change (creation time or partial flush)*/
+	unsigned int queued;	/**< total size */
+	unsigned int offset;	/**< offset in the first buffer where unflushed data
 							starts */
 	unsigned int last_used; /**< how much of the last buffer is used */
 };
@@ -55,9 +57,8 @@ struct sbuffer_queue {
 #define F_BUFQ_ERROR_FLUSH 2
 
 
-#define sbufq_empty(bq) ((bq)->first==0)
-#define sbufq_non_empty(bq) ((bq)->first!=0)
-
+#define sbufq_empty(bq) ((bq)->first == 0)
+#define sbufq_non_empty(bq) ((bq)->first != 0)
 
 
 /** adds/appends data to a buffer queue.
@@ -69,54 +70,54 @@ struct sbuffer_queue {
  * @param min_buf_size - min size to allocate for new buffer elements
  * @return 0 on success, -1 on error (mem. allocation)
  */
-inline static int sbufq_add(struct sbuffer_queue* q, const void* data,
-							unsigned int size, unsigned int min_buf_size)
+inline static int sbufq_add(struct sbuffer_queue *q, const void *data,
+		unsigned int size, unsigned int min_buf_size)
 {
-	struct sbuf_elem* b;
+	struct sbuf_elem *b;
 	unsigned int last_free;
 	unsigned int b_size;
 	unsigned int crt_size;
 
-	if (likely(q->last==0)) {
-		b_size=MAX_unsigned(min_buf_size, size);
-		b=shm_malloc(sizeof(*b)+b_size-sizeof(b->buf));
-		if (unlikely(b==0))
+	if(likely(q->last == 0)) {
+		b_size = MAX_unsigned(min_buf_size, size);
+		b = shm_malloc(sizeof(*b) + b_size - sizeof(b->buf));
+		if(unlikely(b == 0))
 			goto error;
-		b->b_size=b_size;
-		b->next=0;
-		q->last=b;
-		q->first=b;
-		q->last_used=0;
-		q->offset=0;
-		q->last_chg=get_ticks_raw();
-		last_free=b_size;
-		crt_size=size;
+		b->b_size = b_size;
+		b->next = 0;
+		q->last = b;
+		q->first = b;
+		q->last_used = 0;
+		q->offset = 0;
+		q->last_chg = get_ticks_raw();
+		last_free = b_size;
+		crt_size = size;
 		goto data_cpy;
-	}else{
-		b=q->last;
+	} else {
+		b = q->last;
 	}
 
-	while(size){
-		last_free=b->b_size-q->last_used;
-		if (last_free==0){
-			b_size=MAX_unsigned(min_buf_size, size);
-			b=shm_malloc(sizeof(*b)+b_size-sizeof(b->buf));
-			if (unlikely(b==0))
+	while(size) {
+		last_free = b->b_size - q->last_used;
+		if(last_free == 0) {
+			b_size = MAX_unsigned(min_buf_size, size);
+			b = shm_malloc(sizeof(*b) + b_size - sizeof(b->buf));
+			if(unlikely(b == 0))
 				goto error;
-			b->b_size=b_size;
-			b->next=0;
-			q->last->next=b;
-			q->last=b;
-			q->last_used=0;
-			last_free=b->b_size;
+			b->b_size = b_size;
+			b->next = 0;
+			q->last->next = b;
+			q->last = b;
+			q->last_used = 0;
+			last_free = b->b_size;
 		}
-		crt_size=MIN_unsigned(last_free, size);
-data_cpy:
-		memcpy(b->buf+q->last_used, data, crt_size);
-		q->last_used+=crt_size;
-		size-=crt_size;
-		data+=crt_size;
-		q->queued+=crt_size;
+		crt_size = MIN_unsigned(last_free, size);
+	data_cpy:
+		memcpy(b->buf + q->last_used, data, crt_size);
+		q->last_used += crt_size;
+		size -= crt_size;
+		data += crt_size;
+		q->queued += crt_size;
 	}
 	return 0;
 error:
@@ -124,7 +125,6 @@ error:
 }
 
 
-
 /** inserts data (at the beginning) in a buffer queue.
  * Note: should never be called after sbufq_run().
  * WARNING: it does no attempt to synchronize access/lock. If needed it should
@@ -135,37 +135,39 @@ error:
  * @param min_buf_size - min size to allocate for new buffer elements
  * @return 0 on success, -1 on error (mem. allocation)
  */
-inline static int sbufq_insert(struct sbuffer_queue* q, const void* data,
-							unsigned int size, unsigned int min_buf_size)
+inline static int sbufq_insert(struct sbuffer_queue *q, const void *data,
+		unsigned int size, unsigned int min_buf_size)
 {
-	struct sbuf_elem* b;
+	struct sbuf_elem *b;
 
-	if (likely(q->first==0)) /* if empty, use sbufq_add */
+	if(likely(q->first == 0)) /* if empty, use sbufq_add */
 		return sbufq_add(q, data, size, min_buf_size);
 
-	if (unlikely(q->offset)){
-		LOG(L_CRIT, "BUG: non-null offset %d (bad call, should"
-				"never be called after sbufq_run())\n", q->offset);
+	if(unlikely(q->offset)) {
+		LOG(L_CRIT,
+				"BUG: non-null offset %d (bad call, should"
+				"never be called after sbufq_run())\n",
+				q->offset);
 		goto error;
 	}
-	if ((q->first==q->last) && ((q->last->b_size-q->last_used)>=size)){
+	if((q->first == q->last) && ((q->last->b_size - q->last_used) >= size)) {
 		/* one block with enough space in it for size bytes */
-		memmove(q->first->buf+size, q->first->buf, size);
+		memmove(q->first->buf + size, q->first->buf, size);
 		memcpy(q->first->buf, data, size);
-		q->last_used+=size;
-	}else{
+		q->last_used += size;
+	} else {
 		/* create a size bytes block directly */
-		b=shm_malloc(sizeof(*b)+size-sizeof(b->buf));
-		if (unlikely(b==0))
+		b = shm_malloc(sizeof(*b) + size - sizeof(b->buf));
+		if(unlikely(b == 0))
 			goto error;
-		b->b_size=size;
+		b->b_size = size;
 		/* insert it */
-		b->next=q->first;
-		q->first=b;
+		b->next = q->first;
+		q->first = b;
 		memcpy(b->buf, data, size);
 	}
 
-	q->queued+=size;
+	q->queued += size;
 	return 0;
 error:
 	return -1;
@@ -180,30 +182,29 @@ error:
  * @param q - buffer queue
  * @return - number of bytes that used to be queued (>=0).
  */
-inline static unsigned int sbufq_destroy(struct  sbuffer_queue* q)
+inline static unsigned int sbufq_destroy(struct sbuffer_queue *q)
 {
-	struct sbuf_elem* b;
-	struct sbuf_elem* next_b;
+	struct sbuf_elem *b;
+	struct sbuf_elem *next_b;
 	int unqueued;
 
-	unqueued=0;
-	if (likely(q->first)){
-		b=q->first;
-		do{
-			next_b=b->next;
-			unqueued+=(b==q->last)?q->last_used:b->b_size;
-			if (b==q->first)
-				unqueued-=q->offset;
+	unqueued = 0;
+	if(likely(q->first)) {
+		b = q->first;
+		do {
+			next_b = b->next;
+			unqueued += (b == q->last) ? q->last_used : b->b_size;
+			if(b == q->first)
+				unqueued -= q->offset;
 			shm_free(b);
-			b=next_b;
-		}while(b);
+			b = next_b;
+		} while(b);
 	}
 	memset(q, 0, sizeof(*q));
 	return unqueued;
 }
 
 
-
 /** tries to flush the queue.
  * Tries to flush as much as possible from the given queue, using the
  * given callback.
@@ -227,57 +228,53 @@ inline static unsigned int sbufq_destroy(struct  sbuffer_queue* q)
  *            always set and it should be used to check for errors, since
  *            a flush_f() failure will not result in a negative return.
  */
-inline static int sbufq_flush(struct sbuffer_queue* q, int* flags,
-								int (*flush_f)(void* p1, void* p2,
-												const void* buf,
-												unsigned size),
-								void* flush_p1, void* flush_p2)
+inline static int sbufq_flush(struct sbuffer_queue *q, int *flags,
+		int (*flush_f)(void *p1, void *p2, const void *buf, unsigned size),
+		void *flush_p1, void *flush_p2)
 {
 	struct sbuf_elem *b;
 	int n;
 	int ret;
 	int block_size;
-	char* buf;
-
-	*flags=0;
-	ret=0;
-	while(q->first){
-		block_size=((q->first==q->last)?q->last_used:q->first->b_size)-
-						q->offset;
-		buf=q->first->buf+q->offset;
-		n=flush_f(flush_p1, flush_p2, buf, block_size);
-		if (likely(n>0)){
-			ret+=n;
-			if (likely(n==block_size)){
-				b=q->first;
-				q->first=q->first->next;
+	char *buf;
+
+	*flags = 0;
+	ret = 0;
+	while(q->first) {
+		block_size = ((q->first == q->last) ? q->last_used : q->first->b_size)
+					 - q->offset;
+		buf = q->first->buf + q->offset;
+		n = flush_f(flush_p1, flush_p2, buf, block_size);
+		if(likely(n > 0)) {
+			ret += n;
+			if(likely(n == block_size)) {
+				b = q->first;
+				q->first = q->first->next;
 				shm_free(b);
-				q->offset=0;
-				q->queued-=block_size;
-			}else{
-				q->offset+=n;
-				q->queued-=n;
+				q->offset = 0;
+				q->queued -= block_size;
+			} else {
+				q->offset += n;
+				q->queued -= n;
 				/* no break: if we are here n < block_size => partial write
 				   => the write should be retried */
 			}
-		}else{
-			if (unlikely(n<0))
-				*flags|=F_BUFQ_ERROR_FLUSH;
+		} else {
+			if(unlikely(n < 0))
+				*flags |= F_BUFQ_ERROR_FLUSH;
 			break;
 		}
 	}
-	if (likely(q->first==0)){
-		q->last=0;
-		q->last_used=0;
-		q->offset=0;
-		*flags|=F_BUFQ_EMPTY;
+	if(likely(q->first == 0)) {
+		q->last = 0;
+		q->last_used = 0;
+		q->offset = 0;
+		*flags |= F_BUFQ_EMPTY;
 	}
 	return ret;
 }
 
 
-
-
 #endif /*__sbufq_h*/
 
 /* vi: set ts=4 sw=4 tw=79:ai:cindent: */

src/modules/tls_wolfssl/tls_bio.c

@@ -30,50 +30,50 @@
 
 /* 0xf2 should be unused (as of openssl 1.0.0 max.
    internal defined BIO is 23) */
-#define BIO_TYPE_TLS_MBUF	0x4f2
+#define BIO_TYPE_TLS_MBUF 0x4f2
 
 /* debugging */
 #ifdef NO_TLS_BIO_DEBUG
 #undef TLS_BIO_DEBUG
 #endif
 #ifdef TLS_BIO_DEBUG
-	#ifdef __SUNPRO_C
-		#define TLS_BIO_DBG(...) \
-			LOG_FP(DEFAULT_FACILITY, cfg_get(tls, tls_cfg, debug),\
-					"tls_BIO: " LOC_INFO,  __VA_ARGS__)
-	#else
-		#define TLS_BIO_DBG(args...) \
-			LOG_FP(DEFAULT_FACILITY, cfg_get(tls, tls_cfg, debug),\
-					"tls_BIO: " LOC_INFO, ## args)
-	#endif /* __SUNPRO_c */
-#else /* TLS_BIO_DEBUG */
-	#ifdef __SUNPRO_C
-		#define TLS_BIO_DBG(...)
-	#else
-		#define TLS_BIO_DBG(fmt, args...)
-	#endif /* __SUNPRO_c */
+#ifdef __SUNPRO_C
+#define TLS_BIO_DBG(...)                                   \
+	LOG_FP(DEFAULT_FACILITY, cfg_get(tls, tls_cfg, debug), \
+			"tls_BIO: " LOC_INFO, __VA_ARGS__)
+#else
+#define TLS_BIO_DBG(args...)                               \
+	LOG_FP(DEFAULT_FACILITY, cfg_get(tls, tls_cfg, debug), \
+			"tls_BIO: " LOC_INFO, ##args)
+#endif /* __SUNPRO_c */
+#else  /* TLS_BIO_DEBUG */
+#ifdef __SUNPRO_C
+#define TLS_BIO_DBG(...)
+#else
+#define TLS_BIO_DBG(fmt, args...)
+#endif /* __SUNPRO_c */
 #endif /* TLS_BIO_DEBUG */
 
 
-static int tls_bio_mbuf_new(WOLFSSL_BIO* b);
-static int tls_bio_mbuf_free(WOLFSSL_BIO* b);
-static int tls_bio_mbuf_write(WOLFSSL_BIO* b, const char* buf, int num);
-static int tls_bio_mbuf_read(WOLFSSL_BIO* b, char* buf, int num);
-static int tls_bio_mbuf_puts(WOLFSSL_BIO* b, const char* s);
-static long tls_bio_mbuf_ctrl(WOLFSSL_BIO* b, int cmd, long arg1, void* arg2);
+static int tls_bio_mbuf_new(WOLFSSL_BIO *b);
+static int tls_bio_mbuf_free(WOLFSSL_BIO *b);
+static int tls_bio_mbuf_write(WOLFSSL_BIO *b, const char *buf, int num);
+static int tls_bio_mbuf_read(WOLFSSL_BIO *b, char *buf, int num);
+static int tls_bio_mbuf_puts(WOLFSSL_BIO *b, const char *s);
+static long tls_bio_mbuf_ctrl(WOLFSSL_BIO *b, int cmd, long arg1, void *arg2);
 
 
 static WOLFSSL_BIO_METHOD *tls_mbuf_method = NULL;
 
 
 /** returns a custom tls_mbuf BIO. */
-WOLFSSL_BIO_METHOD* tls_BIO_mbuf(void)
+WOLFSSL_BIO_METHOD *tls_BIO_mbuf(void)
 {
 	if(tls_mbuf_method != NULL) {
 		return tls_mbuf_method;
 	}
 	tls_mbuf_method = wolfSSL_BIO_meth_new(BIO_TYPE_TLS_MBUF, "sr_tls_mbuf");
-	if(tls_mbuf_method==NULL) {
+	if(tls_mbuf_method == NULL) {
 		LM_ERR("cannot get a new bio method structure\n");
 		return NULL;
 	}
@@ -88,19 +88,18 @@ WOLFSSL_BIO_METHOD* tls_BIO_mbuf(void)
 }
 
 
-
 /** create an initialize a new tls_BIO_mbuf.
  * @return new BIO on success (!=0), 0 on error.
  */
-WOLFSSL_BIO* tls_BIO_new_mbuf(struct tls_mbuf* rd, struct tls_mbuf* wr)
+WOLFSSL_BIO *tls_BIO_new_mbuf(struct tls_mbuf *rd, struct tls_mbuf *wr)
 {
-	WOLFSSL_BIO* ret;
+	WOLFSSL_BIO *ret;
 
 	TLS_BIO_DBG("tls_BIO_new_mbuf called (%p, %p)\n", rd, wr);
 	ret = wolfSSL_BIO_new(tls_BIO_mbuf());
-	if (unlikely(ret == 0))
+	if(unlikely(ret == 0))
 		return 0;
-	if (unlikely(tls_BIO_mbuf_set(ret, rd, wr) == 0)) {
+	if(unlikely(tls_BIO_mbuf_set(ret, rd, wr) == 0)) {
 		wolfSSL_BIO_free(ret);
 		return 0;
 	}
@@ -108,17 +107,16 @@ WOLFSSL_BIO* tls_BIO_new_mbuf(struct tls_mbuf* rd, struct tls_mbuf* wr)
 }
 
 
-
 /** sets the read and write mbuf for an  mbuf BIO.
  * @return 1 on success, 0 on error (openssl BIO convention).
  */
-int tls_BIO_mbuf_set(BIO* b, struct tls_mbuf* rd, struct tls_mbuf* wr)
+int tls_BIO_mbuf_set(BIO *b, struct tls_mbuf *rd, struct tls_mbuf *wr)
 {
-	struct tls_bio_mbuf_data* d;
+	struct tls_bio_mbuf_data *d;
 
 	TLS_BIO_DBG("tls_BIO_mbuf_set called (%p => %p, %p)\n", b, rd, wr);
 	d = wolfSSL_BIO_get_data(b);
-	if (unlikely(d == 0)){
+	if(unlikely(d == 0)) {
 		BUG("null BIO ptr data\n");
 		return 0;
 	}
@@ -129,41 +127,39 @@ int tls_BIO_mbuf_set(BIO* b, struct tls_mbuf* rd, struct tls_mbuf* wr)
 }
 
 
-
 /** create a new BIO.
  * (internal openssl use via the tls_mbuf method)
  * @return 1 on success, 0 on error.
  */
-static int tls_bio_mbuf_new(BIO* b)
+static int tls_bio_mbuf_new(BIO *b)
 {
-	struct tls_bio_mbuf_data* d;
+	struct tls_bio_mbuf_data *d;
 
 	TLS_BIO_DBG("tls_bio_mbuf_new called (%p)\n", b);
 	wolfSSL_BIO_set_init(b, 0);
 	wolfSSL_BIO_set_data(b, NULL);
 	d = wolfSSL_Malloc(sizeof(*d));
 	memset(d, 0, sizeof(*d));
-	if (unlikely(d == 0))
+	if(unlikely(d == 0))
 		return 0;
 	wolfSSL_BIO_set_data(b, d);
 	return 1;
 }
 
 
-
 /** destroy a tls mbuf BIO.
  * (internal openssl use via the tls_mbuf method)
  * @return 1 on success, 0 on error.
  */
-static int tls_bio_mbuf_free(BIO* b)
+static int tls_bio_mbuf_free(BIO *b)
 {
 	TLS_BIO_DBG("tls_bio_mbuf_free called (%p)\n", b);
-	if (unlikely( b == 0))
-			return 0;
+	if(unlikely(b == 0))
+		return 0;
 	do {
-		struct tls_bio_mbuf_data* d;
+		struct tls_bio_mbuf_data *d;
 		d = wolfSSL_BIO_get_data(b);
-		if (likely(d)) {
+		if(likely(d)) {
 			wolfSSL_OPENSSL_free(d);
 			wolfSSL_BIO_set_data(b, NULL);
 			wolfSSL_BIO_set_init(b, 0);
@@ -173,52 +169,51 @@ static int tls_bio_mbuf_free(BIO* b)
 }
 
 
-
 /** read from a mbuf.
  * (internal openssl use via the tls_mbuf method)
  * @return bytes read on success (0< ret <=dst_len), -1 on empty buffer & sets
  *  should_retry_read, -1 on some other errors (w/o should_retry_read set).
  */
-static int tls_bio_mbuf_read(BIO* b, char* dst, int dst_len)
+static int tls_bio_mbuf_read(BIO *b, char *dst, int dst_len)
 {
-	struct tls_bio_mbuf_data* d;
-	struct tls_mbuf* rd;
+	struct tls_bio_mbuf_data *d;
+	struct tls_mbuf *rd;
 	int ret;
 
 	ret = 0;
-	if (likely(dst)) {
+	if(likely(dst)) {
 		d = wolfSSL_BIO_get_data(b);
 		wolfSSL_BIO_clear_retry_flags(b);
-		if (unlikely(d == 0 || d->rd->buf == 0)) {
-			if (d == 0)
+		if(unlikely(d == 0 || d->rd->buf == 0)) {
+			if(d == 0)
 				BUG("tls_BIO_mbuf %p: read called with null b->ptr\n", b);
 			else {
 				/* this form of calling read with a null buffer is used
 				   as a shortcut when no data is available =>
 				   simulate EAGIAN/WANT_READ */
 				TLS_BIO_DBG("read (%p, %p, %d) called with null read buffer"
-						"(%p->%p) => simulating EAGAIN/WANT_READ\n",
+							"(%p->%p) => simulating EAGAIN/WANT_READ\n",
 						b, dst, dst_len, d, d->rd);
 				BIO_set_retry_read(b);
 			}
 			return -1;
 		}
 		rd = d->rd;
-		if (unlikely(rd->used == rd->pos && dst_len)) {
+		if(unlikely(rd->used == rd->pos && dst_len)) {
 			/* mimic non-blocking read behaviour */
 			TLS_BIO_DBG("read (%p, %p, %d) called with full rd (%d)"
 						" => simulating EAGAIN/WANT_READ\n",
-						b, dst, dst_len, rd->used);
+					b, dst, dst_len, rd->used);
 			BIO_set_retry_read(b);
 			return -1;
 		}
 		ret = MIN_int(rd->used - rd->pos, dst_len);
 		/* copy data from rd.buf into dst */
-		memcpy(dst, rd->buf+rd->pos, ret);
+		memcpy(dst, rd->buf + rd->pos, ret);
 		TLS_BIO_DBG("read(%p, %p, %d) called with rd=%p pos=%d => %d bytes\n",
-						b, dst, dst_len, rd->buf, rd->pos, ret);
+				b, dst, dst_len, rd->buf, rd->pos, ret);
 		rd->pos += ret;
-/*		if (unlikely(rd->pos < rd->used))
+		/*		if (unlikely(rd->pos < rd->used))
 			wolfSSL_BIO_set_retry_read(b);
 */
 	}
@@ -226,46 +221,47 @@ static int tls_bio_mbuf_read(BIO* b, char* dst, int dst_len)
 }
 
 
-
 /** write to a mbuf.
  * (internal openssl use via the tls_mbuf method)
  * @return bytes written on success (0<= ret <=src_len), -1 on error or buffer
  * full (in this case sets should_retry_write).
  */
-static int tls_bio_mbuf_write(BIO* b, const char* src, int src_len)
+static int tls_bio_mbuf_write(BIO *b, const char *src, int src_len)
 {
-	struct tls_bio_mbuf_data* d;
-	struct tls_mbuf* wr;
+	struct tls_bio_mbuf_data *d;
+	struct tls_mbuf *wr;
 	int ret;
 
 	ret = 0;
 	d = wolfSSL_BIO_get_data(b);
 	wolfSSL_BIO_clear_retry_flags(b);
-	if (unlikely(d == 0 || d->wr->buf == 0)) {
-		if (d == 0)
+	if(unlikely(d == 0 || d->wr->buf == 0)) {
+		if(d == 0)
 			BUG("tls_BIO_mbuf %p: write called with null b->ptr\n", b);
 		else {
 			/* this form of calling write with a null buffer is used
 			   as a shortcut when no data is available =>
 			   simulate EAGAIN/WANT_WRITE */
 			TLS_BIO_DBG("write (%p, %p, %d) called with null buffer"
-					" => simulating WANT_WRITE\n", b, src, src_len);
+						" => simulating WANT_WRITE\n",
+					b, src, src_len);
 			BIO_set_retry_write(b);
 		}
 		return -1;
 	}
 	wr = d->wr;
-	if (unlikely(wr->size == wr->used && src_len)) {
+	if(unlikely(wr->size == wr->used && src_len)) {
 		/* mimic non-blocking socket behaviour */
 		TLS_BIO_DBG("write (%p, %p, %d) called with full wr buffer (%d)"
-					" => simulating WANT_WRITE\n", b, src, src_len, wr->used);
+					" => simulating WANT_WRITE\n",
+				b, src, src_len, wr->used);
 		BIO_set_retry_write(b);
 		return -1;
 	}
 	ret = MIN_int(wr->size - wr->used, src_len);
 	memcpy(wr->buf + wr->used, src, ret);
 	wr->used += ret;
-/*	if (unlikely(ret < src_len))
+	/*	if (unlikely(ret < src_len))
 		wolfSSL_BIO_set_retry_write();
 */
 	TLS_BIO_DBG("write called (%p, %p, %d) => %d\n", b, src, src_len, ret);
@@ -273,11 +269,10 @@ static int tls_bio_mbuf_write(BIO* b, const char* src, int src_len)
 }
 
 
-
-static long tls_bio_mbuf_ctrl(WOLFSSL_BIO* b, int cmd, long arg1, void* arg2)
+static long tls_bio_mbuf_ctrl(WOLFSSL_BIO *b, int cmd, long arg1, void *arg2)
 {
 	long ret;
-	ret=0;
+	ret = 0;
 	switch(cmd) {
 		case BIO_CTRL_GET_CLOSE:
 		case BIO_CTRL_SET_CLOSE:
@@ -295,19 +290,18 @@ static long tls_bio_mbuf_ctrl(WOLFSSL_BIO* b, int cmd, long arg1, void* arg2)
 			ret = 0;
 			break;
 	}
-	TLS_BIO_DBG("ctrl called (%p, %d, %ld, %p) => %ld\n",
-				b, cmd, arg1, arg2, ret);
+	TLS_BIO_DBG(
+			"ctrl called (%p, %d, %ld, %p) => %ld\n", b, cmd, arg1, arg2, ret);
 	return ret;
 }
 
 
-
-static int tls_bio_mbuf_puts(BIO* b, const char* s)
+static int tls_bio_mbuf_puts(BIO *b, const char *s)
 {
 	int len;
 
 	TLS_BIO_DBG("puts called (%p, %s)\n", b, s);
-	len=strlen(s);
+	len = strlen(s);
 	return tls_bio_mbuf_write(b, s, len);
 }
 

src/modules/tls_wolfssl/tls_bio.h

@@ -28,23 +28,24 @@
 #include <wolfssl/ssl.h>
 
 /* memory buffer used for tls I/O */
-struct tls_mbuf {
-	unsigned char* buf;
+struct tls_mbuf
+{
+	unsigned char *buf;
 	int pos;  /**< current position in the buffer while reading or writing*/
 	int used; /**< how much it's used  (read or write)*/
 	int size; /**< total buffer size (fixed) */
 };
 
-struct tls_bio_mbuf_data {
-	struct tls_mbuf* rd;
-	struct tls_mbuf* wr;
+struct tls_bio_mbuf_data
+{
+	struct tls_mbuf *rd;
+	struct tls_mbuf *wr;
 };
 
 
-WOLFSSL_BIO_METHOD* tls_BIO_mbuf(void);
-WOLFSSL_BIO* tls_BIO_new_mbuf(struct tls_mbuf* rd, struct tls_mbuf* wr);
-int tls_BIO_mbuf_set(BIO* b, struct tls_mbuf* rd, struct tls_mbuf* wr);
-
+WOLFSSL_BIO_METHOD *tls_BIO_mbuf(void);
+WOLFSSL_BIO *tls_BIO_new_mbuf(struct tls_mbuf *rd, struct tls_mbuf *wr);
+int tls_BIO_mbuf_set(BIO *b, struct tls_mbuf *rd, struct tls_mbuf *wr);
 
 
 /** initialize an mbuf structure.
@@ -54,15 +55,14 @@ int tls_BIO_mbuf_set(BIO* b, struct tls_mbuf* rd, struct tls_mbuf* wr);
  * WARNING: the buffer will not be copied, but referenced.
  */
 #define tls_mbuf_init(mb, b, sz) \
-	do { \
-		(mb)->buf = (b); \
-		(mb)->size = (sz); \
-		(mb)->pos = 0; \
-		(mb)->used = 0; \
+	do {                         \
+		(mb)->buf = (b);         \
+		(mb)->size = (sz);       \
+		(mb)->pos = 0;           \
+		(mb)->used = 0;          \
 	} while(0)
 
 
-
 #endif /*__tls_bio_h*/
 
 /* vi: set ts=4 sw=4 tw=79:ai:cindent: */

src/modules/tls_wolfssl/tls_cfg.c

@@ -33,72 +33,72 @@
 #include "../../core/dprint.h"
 
 struct cfg_group_tls default_tls_cfg = {
-	0, /* tls_force_run */
-	STR_STATIC_INIT("TLSv1"), /* method */
-	STR_NULL, /* server name (sni) */
-	0, /* server name (sni) mode */
-	STR_NULL, /* server id */
-	0, /* verify_certificate */
-	9, /* verify_depth */
-	0, /* require_certificate */
-	STR_STATIC_INIT("off"), /* verify_client */
-	STR_NULL, /* private_key (default value set in fix_tls_cfg) */
-	STR_NULL, /* ca_list (default value set in fix_tls_cfg) */
-	STR_NULL, /* ca_path (default value set in fix_tls_cfg) */
-	STR_NULL, /* crl (default value set in fix_tls_cfg) */
-	STR_NULL, /* certificate (default value set in fix_tls_cfg) */
-	STR_NULL, /* cipher_list (default value set in fix_tls_cfg) */
-	0, /* session_cache */
-	STR_STATIC_INIT("kamailio-tls-5.x.y"), /* session_id */
-	STR_NULL, /* config_file */
-	3, /* log  (L_DBG)*/
-	3, /* debug (L_DBG) */
-	600, /* con_lifetime (s)*/
-	1, /* disable_compression */
-	1, /* ssl_release_buffers (on, avoid extra buffering) */
-	0, /* ssl_freelist_max  (immediately free) */
-	-1, /* ssl_max_send_fragment (use the default: 16k), requires openssl
+		0,						  /* tls_force_run */
+		STR_STATIC_INIT("TLSv1"), /* method */
+		STR_NULL,				  /* server name (sni) */
+		0,						  /* server name (sni) mode */
+		STR_NULL,				  /* server id */
+		0,						  /* verify_certificate */
+		9,						  /* verify_depth */
+		0,						  /* require_certificate */
+		STR_STATIC_INIT("off"),	  /* verify_client */
+		STR_NULL, /* private_key (default value set in fix_tls_cfg) */
+		STR_NULL, /* ca_list (default value set in fix_tls_cfg) */
+		STR_NULL, /* ca_path (default value set in fix_tls_cfg) */
+		STR_NULL, /* crl (default value set in fix_tls_cfg) */
+		STR_NULL, /* certificate (default value set in fix_tls_cfg) */
+		STR_NULL, /* cipher_list (default value set in fix_tls_cfg) */
+		0,		  /* session_cache */
+		STR_STATIC_INIT("kamailio-tls-5.x.y"), /* session_id */
+		STR_NULL,							   /* config_file */
+		3,									   /* log  (L_DBG)*/
+		3,									   /* debug (L_DBG) */
+		600,								   /* con_lifetime (s)*/
+		1,									   /* disable_compression */
+		1,	/* ssl_release_buffers (on, avoid extra buffering) */
+		0,	/* ssl_freelist_max  (immediately free) */
+		-1, /* ssl_max_send_fragment (use the default: 16k), requires openssl
 		   > 0.9.9 */
-	0, /* ssl_read_ahead (off, not needed, we have our own buffering BIO)*/
-	-1, /* low_mem_threshold1 */
-	-1, /* low_mem_threshold2 */
-	10*1024*1024, /* ct_wq_max: 10 Mb by default */
-	64*1024, /* con_ct_wq_max: 64Kb by default */
-	4096, /* ct_wq_blk_size */
-	0 /* send_close_notify (off by default)*/
+		0,	/* ssl_read_ahead (off, not needed, we have our own buffering BIO)*/
+		-1, /* low_mem_threshold1 */
+		-1, /* low_mem_threshold2 */
+		10 * 1024 * 1024, /* ct_wq_max: 10 Mb by default */
+		64 * 1024,		  /* con_ct_wq_max: 64Kb by default */
+		4096,			  /* ct_wq_blk_size */
+		0				  /* send_close_notify (off by default)*/
 };
 
-volatile void* tls_cfg = &default_tls_cfg;
+volatile void *tls_cfg = &default_tls_cfg;
 
 
 /* if *to<0 to=default_val, else if to>max_val to=max_val */
-static void fix_timeout(char* name, int* to, int default_val, unsigned max_val)
+static void fix_timeout(char *name, int *to, int default_val, unsigned max_val)
 {
-	if (*to < 0) *to=default_val;
-	else if ((unsigned)*to > max_val){
-		WARN("%s: timeout too big (%u), the maximum value is %u\n",
-				name, *to, max_val);
-		*to=max_val;
+	if(*to < 0)
+		*to = default_val;
+	else if((unsigned)*to > max_val) {
+		WARN("%s: timeout too big (%u), the maximum value is %u\n", name, *to,
+				max_val);
+		*to = max_val;
 	}
 }
 
 
-static int fix_con_lt(void* cfg_h, str* gname, str* name, void** val)
+static int fix_con_lt(void *cfg_h, str *gname, str *name, void **val)
 {
 	int v;
-	v=S_TO_TICKS((int)(long)*val);
-	fix_timeout("tls.connection_timeout", &v,
-					MAX_TLS_CON_LIFETIME, MAX_TLS_CON_LIFETIME);
-	*val=(void*)(long)v;
+	v = S_TO_TICKS((int)(long)*val);
+	fix_timeout("tls.connection_timeout", &v, MAX_TLS_CON_LIFETIME,
+			MAX_TLS_CON_LIFETIME);
+	*val = (void *)(long)v;
 	return 0;
 }
 
 
-
 /** cfg framework callback for fixing pathnames. */
-static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val)
+static int fix_rel_pathname(void *cfg_h, str *gname, str *name, void **val)
 {
-	str* f;
+	str *f;
 	str new_f;
 	/* the cfg framework will immediately "clone" the value so
 	   we can pass a pointer to a temporary static buffer to it
@@ -109,15 +109,15 @@ static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val)
 	f = *val;
 	/* use absolute paths, except when the path starts with
 	   '.' (in this case leave it as it is) */
-	if (f && f->s && f->len && *f->s != '.' && *f->s != '/') {
+	if(f && f->s && f->len && *f->s != '.' && *f->s != '/') {
 		new_f.s = get_abs_pathname(0, f);
-		if (new_f.s == 0)
+		if(new_f.s == 0)
 			return -1;
 		new_f.len = strlen(new_f.s);
-		if (new_f.len >= MAX_PATH_SIZE) {
-			ERR("%.*s.%.*s path too long (%d bytes): \"%.*s\"\n",
-					gname->len, gname->s, name->len, name->s,
-					new_f.len, new_f.len, new_f.s);
+		if(new_f.len >= MAX_PATH_SIZE) {
+			ERR("%.*s.%.*s path too long (%d bytes): \"%.*s\"\n", gname->len,
+					gname->s, name->len, name->s, new_f.len, new_f.len,
+					new_f.s);
 			pkg_free(new_f.s);
 			return -1;
 		}
@@ -130,97 +130,105 @@ static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val)
 }
 
 
-
-cfg_def_t	tls_cfg_def[] = {
-	{"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
-		"force loading the tls module even when initial sanity checks fail"},
-	{"method",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"TLS method used (TLSv1.3 TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
-	{"server_name",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"Server name (SNI)"},
-	{"server_name_mode", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
-		"Server name (SNI) mode" },
-	{"server_id",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"Server id (match tls profile for outgoing connections)"},
-	{"verify_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
-		"if enabled the certificates will be verified" },
-	{"verify_depth", CFG_VAR_INT | CFG_READONLY, 0, 100, 0, 0,
-		"sets how far up the certificate chain will the certificate"
-		" verification go in the search for a trusted CA" },
-	{"require_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
-		"if enabled a certificate will be required from clients" },
-	{"verify_client", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"set to off (default), on, optional, or optional_no_ca" },
-	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"name of the file containing the private key (pem format), if not"
-		" contained in the certificate file" },
-	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"name of the file containing the trusted CA list (pem format)" },
-	{"ca_path", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"name of the directory containing the trusted CA files (pem format)" },
-	{"crl", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"name of the file containing the CRL  (certificare revocation list"
-			" in pem format)" },
-	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"name of the file containing the certificate (pem format)" },
-	{"cipher_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"list of the accepted ciphers (strings separated by colons)" },
-	{"session_cache", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
-		"enables or disables the session cache" },
-	{"session_id", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"string used for the session id" },
-	{"config", CFG_VAR_STR, 0, 0, fix_rel_pathname, 0,
-		"tls config file name (used for the per domain options)" },
-	{"log", CFG_VAR_INT | CFG_ATOMIC, 0, 1000, 0, 0,
-		"tls info messages log level" },
-	{"debug", CFG_VAR_INT | CFG_ATOMIC, 0, 1000, 0, 0,
-		"tls debug messages log level" },
-	{"connection_timeout", CFG_VAR_INT | CFG_ATOMIC,
-							-1, MAX_TLS_CON_LIFETIME, fix_con_lt, 0,
-		"initial connection lifetime (in s) (obsolete)" },
-	{"disable_compression", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
-		"if set disable the built-in OpenSSL compression" },
-	{"ssl_release_buffers", CFG_VAR_INT | CFG_READONLY, -1, 1, 0, 0,
-		"quickly release internal OpenSSL read or write buffers."
-	    " Works only for OpenSSL >= 1.0."},
-	{"ssl_free_list_max", CFG_VAR_INT | CFG_READONLY, -1, 1<<30, 0, 0,
-		"maximum number of free/cached memory chunks that OpenSSL"
-		" will keep per connection. Works only for OpenSSL >= 1.0."},
-	{"ssl_max_send_fragment", CFG_VAR_INT | CFG_READONLY, -1, 65536, 0, 0,
-		"sets the maximum number of bytes (clear text) send into one TLS"
-		" record. Valid values are between 512 and 16384."
-		" Works only for OpenSSL >= 0.9.9"},
-	{"ssl_read_ahead", CFG_VAR_INT | CFG_READONLY, -1, 1, 0, 0,
-		"Enables read ahead, reducing the number of BIO read calls done"
-		" internally by the OpenSSL library. Note that in newer tls"
-	    " module versions it is better to have read ahead disabled, since"
-		" everything it is buffered in memory anyway"},
-	{"low_mem_threshold1", CFG_VAR_INT | CFG_ATOMIC, -1, 1<<30, 0, 0,
-		"sets the minimum amount of free memory for accepting new TLS"
-		" connections (KB)"},
-	{"low_mem_threshold2", CFG_VAR_INT | CFG_ATOMIC, -1, 1<<30, 0, 0,
-		"sets the minimum amount of free memory after which no more TLS"
-		" operations will be attempted (even on existing connections)" },
-	{"ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 1<<30, 0, 0,
-		"maximum bytes queued globally for write when write has to wait due"
-		" to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
-		" connection establishment (it is different from tcp.wq_max,"
-		" which works at the TCP connection level)"},
-	{"con_ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 4*1024*1024, 0, 0,
-		"maximum bytes queued for write per connection when write has to wait"
-		" due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
-		" connection establishment (it is different from tcp.conn_wq_max,"
-		" which works at the TCP connection level)"},
-	{"ct_wq_blk_size", CFG_VAR_INT | CFG_ATOMIC, 1, 65536, 0, 0,
-		"internal TLS pre-write (clear-text) queue minimum block size"
-		" (advanced tunning or debugging for now)"},
-	{"send_close_notify", CFG_VAR_INT | CFG_ATOMIC, 0, 1, 0, 0,
-		"enable/disable sending a close notify TLS shutdown alert"
-			" before closing the corresponding TCP connection."
-			"Note that having it enabled has a performance impact."},
-	{0, 0, 0, 0, 0, 0}
-};
-
+cfg_def_t tls_cfg_def[] = {{"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
+								   "force loading the tls module even when "
+								   "initial sanity checks fail"},
+		{"method", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"TLS method used (TLSv1.3 TLSv1.2, TLSv1.1, TLSv1, SSLv3, "
+				"SSLv2, SSLv23)"},
+		{"server_name", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"Server name (SNI)"},
+		{"server_name_mode", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
+				"Server name (SNI) mode"},
+		{"server_id", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"Server id (match tls profile for outgoing connections)"},
+		{"verify_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
+				"if enabled the certificates will be verified"},
+		{"verify_depth", CFG_VAR_INT | CFG_READONLY, 0, 100, 0, 0,
+				"sets how far up the certificate chain will the certificate"
+				" verification go in the search for a trusted CA"},
+		{"require_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
+				"if enabled a certificate will be required from clients"},
+		{"verify_client", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"set to off (default), on, optional, or optional_no_ca"},
+		{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"name of the file containing the private key (pem format), if "
+				"not"
+				" contained in the certificate file"},
+		{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"name of the file containing the trusted CA list (pem format)"},
+		{"ca_path", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"name of the directory containing the trusted CA files (pem "
+				"format)"},
+		{"crl", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"name of the file containing the CRL  (certificare revocation "
+				"list"
+				" in pem format)"},
+		{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"name of the file containing the certificate (pem format)"},
+		{"cipher_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"list of the accepted ciphers (strings separated by colons)"},
+		{"session_cache", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
+				"enables or disables the session cache"},
+		{"session_id", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
+				"string used for the session id"},
+		{"config", CFG_VAR_STR, 0, 0, fix_rel_pathname, 0,
+				"tls config file name (used for the per domain options)"},
+		{"log", CFG_VAR_INT | CFG_ATOMIC, 0, 1000, 0, 0,
+				"tls info messages log level"},
+		{"debug", CFG_VAR_INT | CFG_ATOMIC, 0, 1000, 0, 0,
+				"tls debug messages log level"},
+		{"connection_timeout", CFG_VAR_INT | CFG_ATOMIC, -1,
+				MAX_TLS_CON_LIFETIME, fix_con_lt, 0,
+				"initial connection lifetime (in s) (obsolete)"},
+		{"disable_compression", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
+				"if set disable the built-in OpenSSL compression"},
+		{"ssl_release_buffers", CFG_VAR_INT | CFG_READONLY, -1, 1, 0, 0,
+				"quickly release internal OpenSSL read or write buffers."
+				" Works only for OpenSSL >= 1.0."},
+		{"ssl_free_list_max", CFG_VAR_INT | CFG_READONLY, -1, 1 << 30, 0, 0,
+				"maximum number of free/cached memory chunks that OpenSSL"
+				" will keep per connection. Works only for OpenSSL >= 1.0."},
+		{"ssl_max_send_fragment", CFG_VAR_INT | CFG_READONLY, -1, 65536, 0, 0,
+				"sets the maximum number of bytes (clear text) send into one "
+				"TLS"
+				" record. Valid values are between 512 and 16384."
+				" Works only for OpenSSL >= 0.9.9"},
+		{"ssl_read_ahead", CFG_VAR_INT | CFG_READONLY, -1, 1, 0, 0,
+				"Enables read ahead, reducing the number of BIO read calls done"
+				" internally by the OpenSSL library. Note that in newer tls"
+				" module versions it is better to have read ahead disabled, "
+				"since"
+				" everything it is buffered in memory anyway"},
+		{"low_mem_threshold1", CFG_VAR_INT | CFG_ATOMIC, -1, 1 << 30, 0, 0,
+				"sets the minimum amount of free memory for accepting new TLS"
+				" connections (KB)"},
+		{"low_mem_threshold2", CFG_VAR_INT | CFG_ATOMIC, -1, 1 << 30, 0, 0,
+				"sets the minimum amount of free memory after which no more TLS"
+				" operations will be attempted (even on existing connections)"},
+		{"ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 1 << 30, 0, 0,
+				"maximum bytes queued globally for write when write has to "
+				"wait due"
+				" to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial "
+				"TLS"
+				" connection establishment (it is different from tcp.wq_max,"
+				" which works at the TCP connection level)"},
+		{"con_ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 4 * 1024 * 1024, 0, 0,
+				"maximum bytes queued for write per connection when write has "
+				"to wait"
+				" due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or "
+				"initial TLS"
+				" connection establishment (it is different from "
+				"tcp.conn_wq_max,"
+				" which works at the TCP connection level)"},
+		{"ct_wq_blk_size", CFG_VAR_INT | CFG_ATOMIC, 1, 65536, 0, 0,
+				"internal TLS pre-write (clear-text) queue minimum block size"
+				" (advanced tunning or debugging for now)"},
+		{"send_close_notify", CFG_VAR_INT | CFG_ATOMIC, 0, 1, 0, 0,
+				"enable/disable sending a close notify TLS shutdown alert"
+				" before closing the corresponding TCP connection."
+				"Note that having it enabled has a performance impact."},
+		{0, 0, 0, 0, 0, 0}};
 
 
 /** fix pathnames.
@@ -232,21 +240,23 @@ cfg_def_t	tls_cfg_def[] = {
  * @param def - default value used if path->s is empty (path->s == 0).
  * @return  0 on success, -1 on error.
  */
-static int fix_initial_pathname(str* path, char* def)
+static int fix_initial_pathname(str *path, char *def)
 {
 	str new_path;
-	if (path->s && path->len && *path->s != '.' && *path->s != '/') {
+	if(path->s && path->len && *path->s != '.' && *path->s != '/') {
 		new_path.s = get_abs_pathname(0, path);
-		if (new_path.s == 0) return -1;
+		if(new_path.s == 0)
+			return -1;
 		new_path.len = strlen(new_path.s);
 		pkg_free(path->s);
 		*path = new_path;
-	} else if (path->s == 0 && def) {
+	} else if(path->s == 0 && def) {
 		/* use defaults */
 		new_path.len = strlen(def);
 		new_path.s = def;
 		new_path.s = get_abs_pathname(0, &new_path);
-		if (new_path.s == 0) return -1;
+		if(new_path.s == 0)
+			return -1;
 		new_path.len = strlen(new_path.s);
 		*path = new_path;
 	}
@@ -254,36 +264,33 @@ static int fix_initial_pathname(str* path, char* def)
 }
 
 
-
 /** fix the tls cfg, prior to registering.
   * @return < 0 on error, 0 on success
   */
-int fix_tls_cfg(struct cfg_group_tls* cfg)
+int fix_tls_cfg(struct cfg_group_tls *cfg)
 {
 	cfg->con_lifetime = S_TO_TICKS(cfg->con_lifetime);
 	fix_timeout("tls_connection_timeout", &cfg->con_lifetime,
-						MAX_TLS_CON_LIFETIME, MAX_TLS_CON_LIFETIME);
+			MAX_TLS_CON_LIFETIME, MAX_TLS_CON_LIFETIME);
 	/* Update relative paths of files configured through modparams, relative
 	 * pathnames will be converted to absolute and the directory of the main
 	 * SER configuration file will be used as reference.
 	 */
-	if (fix_initial_pathname(&cfg->config_file, 0) < 0)
+	if(fix_initial_pathname(&cfg->config_file, 0) < 0)
 		return -1;
-	if (fix_initial_pathname(&cfg->private_key, TLS_PKEY_FILE) < 0)
+	if(fix_initial_pathname(&cfg->private_key, TLS_PKEY_FILE) < 0)
 		return -1;
-	if (fix_initial_pathname(&cfg->ca_list, TLS_CA_FILE) < 0 )
+	if(fix_initial_pathname(&cfg->ca_list, TLS_CA_FILE) < 0)
 		return -1;
-	if (fix_initial_pathname(&cfg->ca_path, TLS_CA_PATH) < 0 )
+	if(fix_initial_pathname(&cfg->ca_path, TLS_CA_PATH) < 0)
 		return -1;
-	if (fix_initial_pathname(&cfg->crl, TLS_CRL_FILE) < 0 )
+	if(fix_initial_pathname(&cfg->crl, TLS_CRL_FILE) < 0)
 		return -1;
-	if (fix_initial_pathname(&cfg->certificate, TLS_CERT_FILE) < 0)
+	if(fix_initial_pathname(&cfg->certificate, TLS_CERT_FILE) < 0)
 		return -1;
 
 	return 0;
 }
 
 
-
-
 /* vi: set ts=4 sw=4 tw=79:ai:cindent: */

src/modules/tls_wolfssl/tls_cfg.h

@@ -34,10 +34,11 @@
 /* maximum accepted lifetime (maximum possible is  ~ MAXINT/2)
  *  (it should be kept in sync w/ MAX_TCP_CON_LIFETIME from tcp_main.c:
  *   MAX_TLS_CON_LIFETIME <= MAX_TCP_CON_LIFETIME )*/
-#define MAX_TLS_CON_LIFETIME	((1U<<(sizeof(ticks_t)*8-1))-1)
+#define MAX_TLS_CON_LIFETIME ((1U << (sizeof(ticks_t) * 8 - 1)) - 1)
 
 
-struct cfg_group_tls {
+struct cfg_group_tls
+{
 	int force_run;
 	str method;
 	str server_name;
@@ -91,8 +92,8 @@ struct cfg_group_tls {
 	int ssl_read_ahead;
 	int low_mem_threshold1;
 	int low_mem_threshold2;
-	int ct_wq_max; /* maximum overall tls write clear text queued bytes */
-	int con_ct_wq_max; /* maximum clear text write queued bytes per con */
+	int ct_wq_max;		/* maximum overall tls write clear text queued bytes */
+	int con_ct_wq_max;	/* maximum clear text write queued bytes per con */
 	int ct_wq_blk_size; /* minimum block size for the clear text write queue */
 	int send_close_notify; /* if set try to be nice and send a shutdown alert
 						    before closing the tcp connection */
@@ -100,11 +101,11 @@ struct cfg_group_tls {
 
 
 extern struct cfg_group_tls default_tls_cfg;
-extern volatile void* tls_cfg;
+extern volatile void *tls_cfg;
 extern cfg_def_t tls_cfg_def[];
 
 
-extern int fix_tls_cfg(struct cfg_group_tls* cfg);
+extern int fix_tls_cfg(struct cfg_group_tls *cfg);
 
 #endif /*__tls_cfg_h*/
 

src/modules/tls_wolfssl/tls_config.c

@@ -42,152 +42,140 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
-static tls_domains_cfg_t* _ksr_tls_cfg = NULL;
-static tls_domain_t* _ksr_tls_domain = NULL;
+static tls_domains_cfg_t *_ksr_tls_cfg = NULL;
+static tls_domain_t *_ksr_tls_domain = NULL;
 
-static int parse_ipv6(struct ip_addr* ip, cfg_token_t* token,
-		cfg_parser_t* st)
+static int parse_ipv6(struct ip_addr *ip, cfg_token_t *token, cfg_parser_t *st)
 {
 	int ret;
 	cfg_token_t t;
-	struct ip_addr* ipv6;
+	struct ip_addr *ipv6;
 	str ip6_str;
-	char ip6_buff[IP_ADDR_MAX_STR_SIZE+3];
+	char ip6_buff[IP_ADDR_MAX_STR_SIZE + 3];
 
 	ip6_buff[0] = '\0';
 	while(1) {
 		ret = cfg_get_token(&t, st, 0);
-		if (ret != 0) goto err;
-		if (t.type == ']') break;
-		if (t.type != CFG_TOKEN_ALPHA && t.type != ':') goto err;
+		if(ret != 0)
+			goto err;
+		if(t.type == ']')
+			break;
+		if(t.type != CFG_TOKEN_ALPHA && t.type != ':')
+			goto err;
 		strncat(ip6_buff, t.val.s, t.val.len);
 	}
 	ip6_str.s = ip6_buff;
 	ip6_str.len = strlen(ip6_buff);
 	LM_DBG("found IPv6 address [%.*s]\n", ip6_str.len, ip6_str.s);
 	ipv6 = str2ip6(&ip6_str);
-	if (ipv6 == 0) goto err;
+	if(ipv6 == 0)
+		goto err;
 	*ip = *ipv6;
 	return 0;
 
 err:
-	LM_ERR("%s:%d:%d: Invalid IPv6 address\n",
-			st->file, token->start.line, token->start.col);
+	LM_ERR("%s:%d:%d: Invalid IPv6 address\n", st->file, token->start.line,
+			token->start.col);
 	return -1;
 }
 
 
-static int parse_ipv4(struct ip_addr* ip, cfg_token_t* token,
-		cfg_parser_t* st)
+static int parse_ipv4(struct ip_addr *ip, cfg_token_t *token, cfg_parser_t *st)
 {
 	int ret, i;
-	cfg_token_t  t;
+	cfg_token_t t;
 	unsigned int v;
 
 	ip->af = AF_INET;
 	ip->len = 4;
 
-	if (str2int(&token->val, &v) < 0) goto err;
-	if (v > 255) goto err;
+	if(str2int(&token->val, &v) < 0)
+		goto err;
+	if(v > 255)
+		goto err;
 
 	ip->u.addr[0] = v;
 
 	for(i = 1; i < 4; i++) {
 		ret = cfg_get_token(&t, st, 0);
-		if (ret < 0) return -1;
-		if (ret > 0 || t.type != '.')  goto err;
+		if(ret < 0)
+			return -1;
+		if(ret > 0 || t.type != '.')
+			goto err;
 
 		ret = cfg_get_token(&t, st, 0);
-		if (ret < 0) return -1;
-		if (ret > 0 || t.type != CFG_TOKEN_ALPHA) goto err;
-		if (str2int(&t.val, &v) < 0)  goto err;
-		if (v > 255) goto err;
+		if(ret < 0)
+			return -1;
+		if(ret > 0 || t.type != CFG_TOKEN_ALPHA)
+			goto err;
+		if(str2int(&t.val, &v) < 0)
+			goto err;
+		if(v > 255)
+			goto err;
 		ip->u.addr[i] = v;
 	}
 
 	return 0;
 err:
-	LM_ERR("%s:%d:%d: Invalid IPv4 address\n",
-			st->file, token->start.line, token->start.col);
+	LM_ERR("%s:%d:%d: Invalid IPv4 address\n", st->file, token->start.line,
+			token->start.col);
 	return -1;
 }
 
 
-static cfg_option_t methods[] = {
-	{"SSLv2",   .val = TLS_USE_SSLv2},
-	{"SSLv3",   .val = TLS_USE_SSLv3},
-	{"SSLv23",  .val = TLS_USE_SSLv23},
-	{"TLSv1",   .val = TLS_USE_TLSv1},
-	{"TLSv1.0", .val = TLS_USE_TLSv1},
-	{"TLSv1+",  .val = TLS_USE_TLSv1_PLUS},
-	{"TLSv1.0+", .val = TLS_USE_TLSv1_PLUS},
-	{"TLSv1.1",  .val = TLS_USE_TLSv1_1},
-	{"TLSv1.1+", .val = TLS_USE_TLSv1_1_PLUS},
-	{"TLSv1.2",  .val = TLS_USE_TLSv1_2},
-	{"TLSv1.2+", .val = TLS_USE_TLSv1_2_PLUS},
-	{"TLSv1.3",  .val = TLS_USE_TLSv1_3},
-	{"TLSv1.3+", .val = TLS_USE_TLSv1_3_PLUS},
-	{0}
-};
-
-
-static cfg_option_t domain_types[] = {
-	{"server", .val = TLS_DOMAIN_SRV},
-	{"srv",    .val = TLS_DOMAIN_SRV},
-	{"s",      .val = TLS_DOMAIN_SRV},
-	{"client", .val = TLS_DOMAIN_CLI},
-	{"cli",    .val = TLS_DOMAIN_CLI},
-	{"c",      .val = TLS_DOMAIN_CLI},
-	{0}
-};
-
-
-static cfg_option_t token_default[] = {
-	{"default"},
-	{"def"},
-	{"*"},
-	{0}
-};
-
-static cfg_option_t ksr_tls_token_any[] = {
-	{"any"},
-	{"all"},
-	{0}
-};
+static cfg_option_t methods[] = {{"SSLv2", .val = TLS_USE_SSLv2},
+		{"SSLv3", .val = TLS_USE_SSLv3}, {"SSLv23", .val = TLS_USE_SSLv23},
+		{"TLSv1", .val = TLS_USE_TLSv1}, {"TLSv1.0", .val = TLS_USE_TLSv1},
+		{"TLSv1+", .val = TLS_USE_TLSv1_PLUS},
+		{"TLSv1.0+", .val = TLS_USE_TLSv1_PLUS},
+		{"TLSv1.1", .val = TLS_USE_TLSv1_1},
+		{"TLSv1.1+", .val = TLS_USE_TLSv1_1_PLUS},
+		{"TLSv1.2", .val = TLS_USE_TLSv1_2},
+		{"TLSv1.2+", .val = TLS_USE_TLSv1_2_PLUS},
+		{"TLSv1.3", .val = TLS_USE_TLSv1_3},
+		{"TLSv1.3+", .val = TLS_USE_TLSv1_3_PLUS}, {0}};
+
+
+static cfg_option_t domain_types[] = {{"server", .val = TLS_DOMAIN_SRV},
+		{"srv", .val = TLS_DOMAIN_SRV}, {"s", .val = TLS_DOMAIN_SRV},
+		{"client", .val = TLS_DOMAIN_CLI}, {"cli", .val = TLS_DOMAIN_CLI},
+		{"c", .val = TLS_DOMAIN_CLI}, {0}};
+
+
+static cfg_option_t token_default[] = {{"default"}, {"def"}, {"*"}, {0}};
+
+static cfg_option_t ksr_tls_token_any[] = {{"any"}, {"all"}, {0}};
 
 
 static cfg_option_t verify_client_params[] = {
-	{"off",            .val = TLS_VERIFY_CLIENT_OFF},
-	{"on",             .val = TLS_VERIFY_CLIENT_ON},
-	{"optional",       .val = TLS_VERIFY_CLIENT_OPTIONAL},
-	{"optional_no_ca", .val = TLS_VERIFY_CLIENT_OPTIONAL_NO_CA},
-	{0}
-};
+		{"off", .val = TLS_VERIFY_CLIENT_OFF},
+		{"on", .val = TLS_VERIFY_CLIENT_ON},
+		{"optional", .val = TLS_VERIFY_CLIENT_OPTIONAL},
+		{"optional_no_ca", .val = TLS_VERIFY_CLIENT_OPTIONAL_NO_CA}, {0}};
 
 
 static cfg_option_t options[] = {
-	{"method",              .param = methods, .f = cfg_parse_enum_opt},
-	{"tls_method",          .param = methods, .f = cfg_parse_enum_opt},
-	{"verify_certificate",  .f = cfg_parse_bool_opt},
-	{"verify_cert",         .f = cfg_parse_bool_opt},
-	{"verify_depth",        .f = cfg_parse_int_opt},
-	{"require_certificate", .f = cfg_parse_bool_opt},
-	{"require_cert",        .f = cfg_parse_bool_opt},
-	{"private_key",         .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"pkey_file",           .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"calist_file",         .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"certificate",         .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"cert_file",           .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"cipher_list",         .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"ca_list",             .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"crl",                 .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"server_name",         .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"server_name_mode",    .f = cfg_parse_int_opt},
-	{"server_id",           .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{"verify_client",       .param = verify_client_params, .f = cfg_parse_enum_opt},
-	{"ca_path",             .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
-	{0}
-};
+		{"method", .param = methods, .f = cfg_parse_enum_opt},
+		{"tls_method", .param = methods, .f = cfg_parse_enum_opt},
+		{"verify_certificate", .f = cfg_parse_bool_opt},
+		{"verify_cert", .f = cfg_parse_bool_opt},
+		{"verify_depth", .f = cfg_parse_int_opt},
+		{"require_certificate", .f = cfg_parse_bool_opt},
+		{"require_cert", .f = cfg_parse_bool_opt},
+		{"private_key", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"pkey_file", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"calist_file", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"certificate", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"cert_file", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"cipher_list", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"ca_list", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"crl", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"server_name", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"server_name_mode", .f = cfg_parse_int_opt},
+		{"server_id", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM},
+		{"verify_client", .param = verify_client_params,
+				.f = cfg_parse_enum_opt},
+		{"ca_path", .f = cfg_parse_str_opt, .flags = CFG_STR_SHMMEM}, {0}};
 
 
 static void update_opt_variables(void)
@@ -219,91 +207,97 @@ static void update_opt_variables(void)
 }
 
 
-static int ksr_tls_parse_hostport(int* type, struct ip_addr* ip, unsigned int* port,
-		cfg_token_t* token, cfg_parser_t* st)
+static int ksr_tls_parse_hostport(int *type, struct ip_addr *ip,
+		unsigned int *port, cfg_token_t *token, cfg_parser_t *st)
 {
 	int ret;
 	cfg_token_t t;
-	cfg_option_t* opt;
+	cfg_option_t *opt;
 
 	ret = cfg_get_token(&t, st, 0);
-	if (ret < 0) return -1;
-	if (ret > 0) {
-		LM_ERR("%s:%d:%d: Missing IP address\n", st->file,
-				token->start.line, token->start.col);
+	if(ret < 0)
+		return -1;
+	if(ret > 0) {
+		LM_ERR("%s:%d:%d: Missing IP address\n", st->file, token->start.line,
+				token->start.col);
 		return -1;
 	}
 
-	if (t.type == '[') {
-		if (parse_ipv6(ip, &t, st) < 0) return -1;
-	} else if (t.type == CFG_TOKEN_ALPHA) {
+	if(t.type == '[') {
+		if(parse_ipv6(ip, &t, st) < 0)
+			return -1;
+	} else if(t.type == CFG_TOKEN_ALPHA) {
 		opt = cfg_lookup_token(token_default, &t.val);
-		if (opt) {
+		if(opt) {
 			*type = TLS_DOMAIN_DEF;
 			/* Default domain */
 			return 0;
 		} else {
 			opt = cfg_lookup_token(ksr_tls_token_any, &t.val);
-			if (opt) {
+			if(opt) {
 				*type = TLS_DOMAIN_ANY;
 				/* Default domain */
 				return 0;
 			} else {
-				if (parse_ipv4(ip, &t, st) < 0) return -1;
+				if(parse_ipv4(ip, &t, st) < 0)
+					return -1;
 			}
 		}
 	} else {
-		LM_ERR("%s:%d:%d: Syntax error, IP address expected\n",
-				st->file, t.start.line, t.start.col);
+		LM_ERR("%s:%d:%d: Syntax error, IP address expected\n", st->file,
+				t.start.line, t.start.col);
 		return -1;
 	}
 	*type = 0;
 
 	/* Parse port */
 	ret = cfg_get_token(&t, st, 0);
-	if (ret < 0) return -1;
-	if (ret > 0) {
+	if(ret < 0)
+		return -1;
+	if(ret > 0) {
 		LM_ERR("%s:%d:%d: Syntax error, ':' expected\n", st->file, st->line,
 				st->col);
 		return -1;
 	}
 
-	if (t.type != ':') {
-		LM_ERR("%s:%d:%d: Syntax error, ':' expected\n",
-				st->file, t.start.line, t.start.col);
+	if(t.type != ':') {
+		LM_ERR("%s:%d:%d: Syntax error, ':' expected\n", st->file, t.start.line,
+				t.start.col);
 		return -1;
 	}
 
 	ret = cfg_get_token(&t, st, 0);
-	if (ret < 0) return -1;
-	if (ret > 0) {
+	if(ret < 0)
+		return -1;
+	if(ret > 0) {
 		LM_ERR("%s:%d:%d: Premature end of file, port number missing\n",
 				st->file, t.start.line, t.start.col);
 		return -1;
 	}
 
-	if (t.type != CFG_TOKEN_ALPHA || (str2int(&t.val, port) < 0)) {
-		LM_ERR("%s:%d:%d: Invalid port number '%.*s'\n",
-				st->file, t.start.line, t.start.col, STR_FMT(&t.val));
+	if(t.type != CFG_TOKEN_ALPHA || (str2int(&t.val, port) < 0)) {
+		LM_ERR("%s:%d:%d: Invalid port number '%.*s'\n", st->file, t.start.line,
+				t.start.col, STR_FMT(&t.val));
 		return -1;
 	}
 	return 0;
 }
 
 
-static int ksr_tls_parse_domain(void* param, cfg_parser_t* st, unsigned int flags)
+static int ksr_tls_parse_domain(
+		void *param, cfg_parser_t *st, unsigned int flags)
 {
 	cfg_token_t t;
 	int ret;
-	cfg_option_t* opt;
+	cfg_option_t *opt;
 
 	int type;
 	struct ip_addr ip;
 	unsigned int port;
 
-	if(_ksr_tls_cfg!=NULL && _ksr_tls_domain!=NULL) {
+	if(_ksr_tls_cfg != NULL && _ksr_tls_domain != NULL) {
 		/* Make sure the previous domain is not a duplicate */
-		if (ksr_tls_domain_duplicated(_ksr_tls_cfg, _ksr_tls_domain)) {
+		if(ksr_tls_domain_duplicated(_ksr_tls_cfg, _ksr_tls_domain)) {
 			return -1;
 		}
 	}
@@ -311,65 +305,71 @@ static int ksr_tls_parse_domain(void* param, cfg_parser_t* st, unsigned int flag
 	memset(&ip, 0, sizeof(struct ip_addr));
 
 	ret = cfg_get_token(&t, st, 0);
-	if (ret < 0) return -1;
-	if (ret > 0) {
-		LM_ERR("%s:%d:%d: TLS domain type missing\n",
-				st->file, st->line, st->col);
+	if(ret < 0)
+		return -1;
+	if(ret > 0) {
+		LM_ERR("%s:%d:%d: TLS domain type missing\n", st->file, st->line,
+				st->col);
 		return -1;
 	}
 
-	if (t.type != CFG_TOKEN_ALPHA ||
-			((opt = cfg_lookup_token(domain_types, &t.val)) == NULL)) {
-		LM_ERR("%s:%d:%d: Invalid TLS domain type %d:'%.*s'\n",
-				st->file, t.start.line, t.start.col, t.type, STR_FMT(&t.val));
+	if(t.type != CFG_TOKEN_ALPHA
+			|| ((opt = cfg_lookup_token(domain_types, &t.val)) == NULL)) {
+		LM_ERR("%s:%d:%d: Invalid TLS domain type %d:'%.*s'\n", st->file,
+				t.start.line, t.start.col, t.type, STR_FMT(&t.val));
 		return -1;
 	}
 
 	ret = cfg_get_token(&t, st, 0);
-	if (ret < 0) return -1;
-	if (ret > 0) {
-		LM_ERR("%s:%d:%d: TLS domain IP address missing\n",
-				st->file, st->line, st->col);
+	if(ret < 0)
+		return -1;
+	if(ret > 0) {
+		LM_ERR("%s:%d:%d: TLS domain IP address missing\n", st->file, st->line,
+				st->col);
 		return -1;
 	}
-	if (t.type != ':') {
-		LM_ERR("%s:%d:%d: Syntax error, ':' expected\n",
-				st->file, t.start.line, t.start.col);
+	if(t.type != ':') {
+		LM_ERR("%s:%d:%d: Syntax error, ':' expected\n", st->file, t.start.line,
+				t.start.col);
 		return -1;
 	}
 
 	port = 0;
-	if (ksr_tls_parse_hostport(&type, &ip, &port, &t, st) < 0) return -1;
+	if(ksr_tls_parse_hostport(&type, &ip, &port, &t, st) < 0)
+		return -1;
 
 	ret = cfg_get_token(&t, st, 0);
-	if (ret < 0) return -1;
-	if (ret > 0) {
-		LM_ERR("%s:%d:%d: Closing ']' missing\n",
-				st->file, st->line, st->col);
+	if(ret < 0)
+		return -1;
+	if(ret > 0) {
+		LM_ERR("%s:%d:%d: Closing ']' missing\n", st->file, st->line, st->col);
 		return -1;
 	}
-	if (t.type != ']') {
-		LM_ERR("%s:%d:%d: Syntax error, ']' expected\n",
-				st->file, t.start.line, t.start.col);
+	if(t.type != ']') {
+		LM_ERR("%s:%d:%d: Syntax error, ']' expected\n", st->file, t.start.line,
+				t.start.col);
 		return -1;
 	}
 
-	if (cfg_eat_eol(st, flags)) return -1;
+	if(cfg_eat_eol(st, flags))
+		return -1;
 
-	if ((_ksr_tls_domain = tls_new_domain(opt->val | type, &ip, port)) == NULL) {
-		LM_ERR("%s:%d: Cannot create TLS domain structure\n", st->file, st->line);
+	if((_ksr_tls_domain = tls_new_domain(opt->val | type, &ip, port)) == NULL) {
+		LM_ERR("%s:%d: Cannot create TLS domain structure\n", st->file,
+				st->line);
 		return -1;
 	}
 
 	ret = tls_add_domain(_ksr_tls_cfg, _ksr_tls_domain);
-	if (ret < 0) {
+	if(ret < 0) {
 		LM_ERR("%s:%d: Error while creating TLS domain structure\n", st->file,
 				st->line);
 		tls_free_domain(_ksr_tls_domain);
 		_ksr_tls_domain = NULL;
 		return -1;
-	} else if (ret == 1) {
-		LM_ERR("%s:%d: Duplicate TLS domain (appears earlier in the config file)\n",
+	} else if(ret == 1) {
+		LM_ERR("%s:%d: Duplicate TLS domain (appears earlier in the config "
+			   "file)\n",
 				st->file, st->line);
 		tls_free_domain(_ksr_tls_domain);
 		_ksr_tls_domain = NULL;
@@ -386,9 +386,9 @@ static int ksr_tls_parse_domain(void* param, cfg_parser_t* st, unsigned int flag
 /*
  * Create configuration structures from configuration file
  */
-tls_domains_cfg_t* tls_load_config(str* filename)
+tls_domains_cfg_t *tls_load_config(str *filename)
 {
-	cfg_parser_t* parser;
+	cfg_parser_t *parser;
 	str empty;
 	struct stat file_status;
 	char tmp_name[13] = "configXXXXXX";
@@ -404,53 +404,53 @@ tls_domains_cfg_t* tls_load_config(str* filename)
 	in_fd = out_fd = filename_is_directory = 0;
 	file_path = (char *)0;
 
-	if ((_ksr_tls_cfg = tls_new_cfg()) == NULL) goto error;
+	if((_ksr_tls_cfg = tls_new_cfg()) == NULL)
+		goto error;
 
-	if (stat(filename->s, &file_status) != 0) {
+	if(stat(filename->s, &file_status) != 0) {
 		LM_ERR("cannot stat config file %s\n", filename->s);
 		goto error;
 	}
-	if (S_ISDIR(file_status.st_mode)) {
+	if(S_ISDIR(file_status.st_mode)) {
 		filename_is_directory = 1;
 		dir = opendir(filename->s);
-		if (dir == NULL) {
+		if(dir == NULL) {
 			LM_ERR("cannot open directory file %s\n", filename->s);
 			goto error;
 		}
 		out_fd = mkstemp(&(tmp_name[0]));
-		if (out_fd == -1) {
+		if(out_fd == -1) {
 			LM_ERR("cannot make tmp file %s\n", &(tmp_name[0]));
 			goto error;
 		}
-		while ((ent = readdir(dir)) != NULL) {
-			if(file_path) pkg_free(file_path);
+		while((ent = readdir(dir)) != NULL) {
+			if(file_path)
+				pkg_free(file_path);
 			file_path = pkg_malloc(filename->len + 1 + 256);
 			memcpy(file_path, filename->s, filename->len);
 			file_path[filename->len] = '/';
 			strcpy(file_path + filename->len + 1, ent->d_name);
-			if (stat(file_path, &file_status) != 0) {
-				LM_ERR("cannot get status of config file %s\n",
-						file_path);
+			if(stat(file_path, &file_status) != 0) {
+				LM_ERR("cannot get status of config file %s\n", file_path);
 				goto error;
 			}
-			if (S_ISREG(file_status.st_mode)) {
+			if(S_ISREG(file_status.st_mode)) {
 				in_fd = open(file_path, O_RDONLY);
-				if (in_fd == -1) {
-					LM_ERR("cannot open config file %s\n",
-							file_path);
+				if(in_fd == -1) {
+					LM_ERR("cannot open config file %s\n", file_path);
 					goto error;
 				}
 				pkg_free(file_path);
 				file_path = NULL;
-				while (read(in_fd, &ch, 1)) {
-					if (write(out_fd, &ch, 1)<0) {
+				while(read(in_fd, &ch, 1)) {
+					if(write(out_fd, &ch, 1) < 0) {
 						LM_ERR("write error: %s\n", strerror(errno));
 					}
 				}
 				close(in_fd);
 				in_fd = 0;
 				ch = '\n';
-				if (write(out_fd, &ch, 1)<0) {
+				if(write(out_fd, &ch, 1) < 0) {
 					LM_ERR("write error: %s\n", strerror(errno));
 				}
 			}
@@ -463,37 +463,42 @@ tls_domains_cfg_t* tls_load_config(str* filename)
 
 	empty.s = 0;
 	empty.len = 0;
-	if (filename_is_directory) {
+	if(filename_is_directory) {
 		filename_str.s = &(tmp_name[0]);
 		filename_str.len = strlen(&(tmp_name[0]));
-		if ((parser = cfg_parser_init(&empty, &filename_str)) == NULL) {
+		if((parser = cfg_parser_init(&empty, &filename_str)) == NULL) {
 			LM_ERR("Error while initializing configuration file parser.\n");
 			unlink(&(tmp_name[0]));
 			goto error;
 		}
 		unlink(&(tmp_name[0]));
 	} else {
-		if ((parser = cfg_parser_init(&empty, filename)) == NULL) {
+		if((parser = cfg_parser_init(&empty, filename)) == NULL) {
 			LM_ERR("Error while initializing configuration file parser.\n");
 			goto error;
 		}
 	}
 
 	cfg_section_parser(parser, ksr_tls_parse_domain, NULL);
-	if (sr_cfg_parse(parser)) goto error;
+	if(sr_cfg_parse(parser))
+		goto error;
 	cfg_parser_close(parser);
-	if (file_path) pkg_free(file_path);
+	if(file_path)
+		pkg_free(file_path);
 	return _ksr_tls_cfg;
 
 error:
-	if (dir) closedir(dir);
-	if (out_fd > 0) {
+	if(dir)
+		closedir(dir);
+	if(out_fd > 0) {
 		close(out_fd);
 		unlink(&(tmp_name[0]));
 	}
-	if (file_path) pkg_free(file_path);
-	if (parser) cfg_parser_close(parser);
-	if (_ksr_tls_cfg) {
+	if(file_path)
+		pkg_free(file_path);
+	if(parser)
+		cfg_parser_close(parser);
+	if(_ksr_tls_cfg) {
 		tls_free_cfg(_ksr_tls_cfg);
 		_ksr_tls_cfg = NULL;
 	}
@@ -504,17 +509,18 @@ error:
 /*
  * Convert TLS method string to integer
  */
-int tls_parse_method(str* method)
+int tls_parse_method(str *method)
 {
-	cfg_option_t* opt;
+	cfg_option_t *opt;
 
-	if (!method) {
+	if(!method) {
 		LM_BUG("Invalid parameter value\n");
 		return -1;
 	}
 
 	opt = cfg_lookup_token(methods, method);
-	if (!opt) return -1;
+	if(!opt)
+		return -1;
 
 	return opt->val;
 }
@@ -522,17 +528,18 @@ int tls_parse_method(str* method)
 /*
  * Convert TLS verify_client string to integer
  */
-int tls_parse_verify_client(str* verify_client)
+int tls_parse_verify_client(str *verify_client)
 {
-	cfg_option_t* opt;
+	cfg_option_t *opt;
 
-	if (!verify_client) {
+	if(!verify_client) {
 		LM_BUG("Invalid parameter value\n");
 		return -1;
 	}
 
 	opt = cfg_lookup_token(verify_client_params, verify_client);
-	if (!opt) return -1;
+	if(!opt)
+		return -1;
 
 	return opt->val;
 }

src/modules/tls_wolfssl/tls_config.h

@@ -32,16 +32,16 @@
 #include <wolfssl/options.h>
 #include <wolfssl/ssl.h>
 
-tls_domains_cfg_t* tls_load_config(str* filename);
+tls_domains_cfg_t *tls_load_config(str *filename);
 
 /*
  * Convert TLS method string to integer
  */
-int tls_parse_method(str* method);
+int tls_parse_method(str *method);
 
 /*
  * Convert TLS verify_client string to integer
  */
-int tls_parse_verify_client(str* verify_client);
+int tls_parse_verify_client(str *verify_client);
 
 #endif /* _TLS_CONFIG_H */

src/modules/tls_wolfssl/tls_ct_q.h

@@ -34,8 +34,8 @@
 typedef struct sbuffer_queue tls_ct_q;
 
 
-#define tls_ct_q_empty(bq) ((bq)==0 || (bq)->first==0)
-#define tls_ct_q_non_empty(bq) ((bq) && (bq)->first!=0)
+#define tls_ct_q_empty(bq) ((bq) == 0 || (bq)->first == 0)
+#define tls_ct_q_non_empty(bq) ((bq) && (bq)->first != 0)
 
 
 /**
@@ -48,15 +48,15 @@ typedef struct sbuffer_queue tls_ct_q;
  * @param min_buf_size - min size to allocate for new buffer elements
  * @return 0 on success, -1 on error (mem. allocation)
  */
-inline static int tls_ct_q_add(tls_ct_q** ct_q, const void* data,
-								unsigned int size, unsigned int min_buf_size)
+inline static int tls_ct_q_add(tls_ct_q **ct_q, const void *data,
+		unsigned int size, unsigned int min_buf_size)
 {
-	tls_ct_q* q;
+	tls_ct_q *q;
 
 	q = *ct_q;
-	if (likely(q == 0)){
-		q=shm_malloc(sizeof(tls_ct_q));
-		if (unlikely(q==0))
+	if(likely(q == 0)) {
+		q = shm_malloc(sizeof(tls_ct_q));
+		if(unlikely(q == 0))
 			goto error;
 		memset(q, 0, sizeof(tls_ct_q));
 		*ct_q = q;
@@ -67,7 +67,6 @@ error:
 }
 
 
-
 /**
  * @brief Destroy a buffer queue
  *
@@ -77,12 +76,12 @@ error:
  * @param **ct_q - double pointer to the queue
  * @return - number of bytes that used to be queued (>=0).
  */
-inline static unsigned int tls_ct_q_destroy(tls_ct_q** ct_q)
+inline static unsigned int tls_ct_q_destroy(tls_ct_q **ct_q)
 {
 	unsigned int ret;
 
 	ret = 0;
-	if (likely(ct_q && *ct_q)) {
+	if(likely(ct_q && *ct_q)) {
 		ret = sbufq_destroy(*ct_q);
 		shm_free(*ct_q);
 		*ct_q = 0;
@@ -91,7 +90,6 @@ inline static unsigned int tls_ct_q_destroy(tls_ct_q** ct_q)
 }
 
 
-
 /**
  * @brief Tries to flush the tls clear text queue
  *
@@ -117,17 +115,14 @@ inline static unsigned int tls_ct_q_destroy(tls_ct_q** ct_q)
  *            always set and it should be used to check for errors, since
  *            a flush_f() failure will not result in a negative return.
  */
-inline static int tls_ct_q_flush(tls_ct_q** tc_q, int* flags,
-								int (*flush_f)(void* p1, void* p2,
-												const void* buf,
-												unsigned size),
-								void* flush_p1, void* flush_p2)
+inline static int tls_ct_q_flush(tls_ct_q **tc_q, int *flags,
+		int (*flush_f)(void *p1, void *p2, const void *buf, unsigned size),
+		void *flush_p1, void *flush_p2)
 {
-	return *tc_q?sbufq_flush(*tc_q, flags, flush_f, flush_p1, flush_p2):0;
+	return *tc_q ? sbufq_flush(*tc_q, flags, flush_f, flush_p1, flush_p2) : 0;
 }
 
 
-
 #endif /*__tls_ct_q_h*/
 
 /* vi: set ts=4 sw=4 tw=79:ai:cindent: */

src/modules/tls_wolfssl/tls_ct_wrq.c

@@ -32,12 +32,11 @@
 #include "../../core/mem/shm_mem.h"
 
 
-atomic_t* tls_total_ct_wq; /* total clear text bytes queued for a future
+atomic_t *tls_total_ct_wq; /* total clear text bytes queued for a future
 							  SSL_write() (due to renegotiations/
 							  SSL_WRITE_WANTS_READ ).*/
 
 
-
 /**
  * @brief Init clear text write queues support
  * @return 0 on success, < 0 on error.
@@ -45,27 +44,25 @@ atomic_t* tls_total_ct_wq; /* total clear text bytes queued for a future
 int tls_ct_wq_init()
 {
 	tls_total_ct_wq = shm_malloc(sizeof(*tls_total_ct_wq));
-	if (unlikely(tls_total_ct_wq == 0))
+	if(unlikely(tls_total_ct_wq == 0))
 		return -1;
 	atomic_set(tls_total_ct_wq, 0);
 	return 0;
 }
 
 
-
 /**
  * @brief Destroy clear text write queues support
  */
 void tls_ct_wq_destroy()
 {
-	if (tls_total_ct_wq) {
+	if(tls_total_ct_wq) {
 		shm_free(tls_total_ct_wq);
 		tls_total_ct_wq = 0;
 	}
 }
 
 
-
 /**
  * @brief Total number of written queued bytes in all the SSL connections
  * @return total number of written queued bytes in all SSL connections
@@ -76,7 +73,6 @@ unsigned int tls_ct_wq_total_bytes()
 }
 
 
-
 /**
  * @brief Callback for tls_ct_q_flush()
  *
@@ -88,42 +84,41 @@ unsigned int tls_ct_wq_total_bytes()
  * handled outside)
  * @warning the SSL context must have the wbio and rbio previously set!
  */
-static int ssl_flush(void* tcp_c, void* error, const void* buf, unsigned size)
+static int ssl_flush(void *tcp_c, void *error, const void *buf, unsigned size)
 {
 	int n;
 	int ssl_error;
-	struct tls_extra_data* tls_c;
-	SSL* ssl;
+	struct tls_extra_data *tls_c;
+	SSL *ssl;
 
-	tls_c = ((struct tcp_connection*)tcp_c)->extra_data;
+	tls_c = ((struct tcp_connection *)tcp_c)->extra_data;
 	ssl = tls_c->ssl;
 	ssl_error = SSL_ERROR_NONE;
-	if (unlikely(tls_c->state == S_TLS_CONNECTING)) {
+	if(unlikely(tls_c->state == S_TLS_CONNECTING)) {
 		n = tls_connect(tcp_c, &ssl_error);
-		if (unlikely(n>=1)) {
+		if(unlikely(n >= 1)) {
 			n = wolfSSL_write(ssl, buf, size);
-			if (unlikely(n <= 0))
+			if(unlikely(n <= 0))
 				ssl_error = wolfSSL_get_error(ssl, n);
 		}
-	} else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) {
+	} else if(unlikely(tls_c->state == S_TLS_ACCEPTING)) {
 		n = tls_accept(tcp_c, &ssl_error);
-		if (unlikely(n>=1)) {
+		if(unlikely(n >= 1)) {
 			n = wolfSSL_write(ssl, buf, size);
-			if (unlikely(n <= 0))
+			if(unlikely(n <= 0))
 				ssl_error = wolfSSL_get_error(ssl, n);
 		}
 	} else {
 		n = wolfSSL_write(ssl, buf, size);
-		if (unlikely(n <= 0))
+		if(unlikely(n <= 0))
 			ssl_error = wolfSSL_get_error(ssl, n);
 	}
 
-	*(long*)error = ssl_error;
+	*(long *)error = ssl_error;
 	return n;
 }
 
 
-
 /**
  * @brief Wrapper over tls_ct_q_flush()
  *
@@ -136,22 +131,21 @@ static int ssl_flush(void* tcp_c, void* error, const void* buf, unsigned size)
  * @return -1 on internal error, or the number of bytes flushed on success
  *         (>=0).
  */
-int tls_ct_wq_flush(struct tcp_connection* c, tls_ct_q** ct_q,
-					int* flags, int* ssl_err)
+int tls_ct_wq_flush(
+		struct tcp_connection *c, tls_ct_q **ct_q, int *flags, int *ssl_err)
 {
 	int ret;
 	long error;
 
 	error = SSL_ERROR_NONE;
-	ret = tls_ct_q_flush(ct_q,  flags, ssl_flush, c, &error);
+	ret = tls_ct_q_flush(ct_q, flags, ssl_flush, c, &error);
 	*ssl_err = (int)error;
-	if (likely(ret > 0))
+	if(likely(ret > 0))
 		atomic_add(tls_total_ct_wq, -ret);
 	return ret;
 }
 
 
-
 /**
  * @brief Wrapper over tls_ct_q_add()
  *
@@ -164,25 +158,24 @@ int tls_ct_wq_flush(struct tcp_connection* c, tls_ct_q** ct_q,
  * @return 0 on success, < 0 on error (-1 memory allocation, -2 queue size
  *         too big).
  */
-int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size)
+int tls_ct_wq_add(tls_ct_q **ct_q, const void *data, unsigned int size)
 {
 	int ret;
 
-	if (unlikely( (*ct_q && (((*ct_q)->queued + size) >
-						cfg_get(tls, tls_cfg, con_ct_wq_max))) ||
-				(atomic_get(tls_total_ct_wq) + size) >
-						cfg_get(tls, tls_cfg, ct_wq_max))) {
+	if(unlikely((*ct_q
+						&& (((*ct_q)->queued + size)
+								> cfg_get(tls, tls_cfg, con_ct_wq_max)))
+				|| (atomic_get(tls_total_ct_wq) + size)
+						   > cfg_get(tls, tls_cfg, ct_wq_max))) {
 		return -2;
 	}
-	ret = tls_ct_q_add(ct_q, data, size,
-						cfg_get(tls, tls_cfg, ct_wq_blk_size));
-	if (likely(ret >= 0))
+	ret = tls_ct_q_add(ct_q, data, size, cfg_get(tls, tls_cfg, ct_wq_blk_size));
+	if(likely(ret >= 0))
 		atomic_add(tls_total_ct_wq, size);
 	return ret;
 }
 
 
-
 /**
  * @brief Wrapper over tls_ct_q_destroy()
  * Wrapper over tls_ct_q_destroy(), besides doing a tls_ct_q_destroy it
@@ -190,11 +183,11 @@ int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size)
  * @param ct_q clear text queue
  * @return number of bytes that used to be queued (>=0),
  */
-unsigned int tls_ct_wq_free(tls_ct_q** ct_q)
+unsigned int tls_ct_wq_free(tls_ct_q **ct_q)
 {
 	unsigned int ret;
 
-	if (likely((ret = tls_ct_q_destroy(ct_q)) > 0))
+	if(likely((ret = tls_ct_q_destroy(ct_q)) > 0))
 		atomic_add(tls_total_ct_wq, -ret);
 	return ret;
 }

src/modules/tls_wolfssl/tls_ct_wrq.h

@@ -33,7 +33,6 @@
 #include "../../core/tcp_conn.h"
 
 
-
 /**
  * @brief Init clear text write queues support
  * @return 0 on success, < 0 on error.
@@ -52,8 +51,8 @@ void tls_ct_wq_destroy();
  */
 unsigned int tls_ct_wq_total_bytes();
 
-#define tls_ct_wq_empty(tc_q) (*(tc_q)==0 || (*(tc_q))->first==0)
-#define tls_ct_wq_non_empty(bq) (*(tc_q) && (*(tc_q))->first!=0)
+#define tls_ct_wq_empty(tc_q) (*(tc_q) == 0 || (*(tc_q))->first == 0)
+#define tls_ct_wq_non_empty(bq) (*(tc_q) && (*(tc_q))->first != 0)
 
 /**
  * @brief Wrapper over tls_ct_q_flush()
@@ -67,8 +66,8 @@ unsigned int tls_ct_wq_total_bytes();
  * @return -1 on internal error, or the number of bytes flushed on success
  *         (>=0).
  */
-int tls_ct_wq_flush(struct tcp_connection* c, tls_ct_q** tc_q,
-					int* flags, int* ssl_err);
+int tls_ct_wq_flush(
+		struct tcp_connection *c, tls_ct_q **tc_q, int *flags, int *ssl_err);
 
 /**
  * @brief Wrapper over tls_ct_q_add()
@@ -82,7 +81,7 @@ int tls_ct_wq_flush(struct tcp_connection* c, tls_ct_q** tc_q,
  * @return 0 on success, < 0 on error (-1 memory allocation, -2 queue size
  *         too big).
  */
-int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size);
+int tls_ct_wq_add(tls_ct_q **ct_q, const void *data, unsigned int size);
 
 /**
  * @brief Wrapper over tls_ct_q_destroy()
@@ -91,7 +90,7 @@ int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size);
  * @param ct_q clear text queue
  * @return number of bytes that used to be queued (>=0),
  */
-unsigned int tls_ct_wq_free(tls_ct_q** ct_q);
+unsigned int tls_ct_wq_free(tls_ct_q **ct_q);
 
 #endif /*__tls_ct_wrq_h*/
 

src/modules/tls_wolfssl/tls_domain.h

@@ -35,12 +35,12 @@
 #include <wolfssl/ssl.h>
 
 
-#define TLS_OP_SSLv2_PLUS   0
-#define TLS_OP_SSLv3_PLUS   (TLS_OP_SSLv2_PLUS   | SSL_OP_NO_SSLv2)
-#define TLS_OP_TLSv1_PLUS   (TLS_OP_SSLv3_PLUS   | SSL_OP_NO_SSLv3)
+#define TLS_OP_SSLv2_PLUS 0
+#define TLS_OP_SSLv3_PLUS (TLS_OP_SSLv2_PLUS | SSL_OP_NO_SSLv2)
+#define TLS_OP_TLSv1_PLUS (TLS_OP_SSLv3_PLUS | SSL_OP_NO_SSLv3)
 
 #ifdef SSL_OP_NO_TLSv1
-#  define TLS_OP_TLSv1_1_PLUS (TLS_OP_TLSv1_PLUS   | SSL_OP_NO_TLSv1)
+#define TLS_OP_TLSv1_1_PLUS (TLS_OP_TLSv1_PLUS | SSL_OP_NO_TLSv1)
 
 #ifdef SSL_OP_NO_TLSv1_1
 #define TLS_OP_TLSv1_2_PLUS (TLS_OP_TLSv1_1_PLUS | SSL_OP_NO_TLSv1_1)
@@ -55,31 +55,32 @@
 /**
  * Available TLS methods
  */
-enum tls_method {
+enum tls_method
+{
 	TLS_METHOD_UNSPEC = 0,
 	TLS_USE_SSLv23_cli,
 	TLS_USE_SSLv23_srv,
-	TLS_USE_SSLv23,     /* any SSL/TLS version */
+	TLS_USE_SSLv23, /* any SSL/TLS version */
 	TLS_USE_SSLv2_cli,
 	TLS_USE_SSLv2_srv,
-	TLS_USE_SSLv2,      /* only SSLv2 (deprecated) */
+	TLS_USE_SSLv2, /* only SSLv2 (deprecated) */
 	TLS_USE_SSLv3_cli,
 	TLS_USE_SSLv3_srv,
-	TLS_USE_SSLv3,      /* only SSLv3 (insecure) */
+	TLS_USE_SSLv3, /* only SSLv3 (insecure) */
 	TLS_USE_TLSv1_cli,
 	TLS_USE_TLSv1_srv,
-	TLS_USE_TLSv1,      /* only TLSv1.0 */
+	TLS_USE_TLSv1, /* only TLSv1.0 */
 	TLS_USE_TLSv1_1_cli,
 	TLS_USE_TLSv1_1_srv,
-	TLS_USE_TLSv1_1,    /* only TLSv1.1 */
+	TLS_USE_TLSv1_1, /* only TLSv1.1 */
 	TLS_USE_TLSv1_2_cli,
 	TLS_USE_TLSv1_2_srv,
-	TLS_USE_TLSv1_2,    /* only TLSv1.2 */
+	TLS_USE_TLSv1_2, /* only TLSv1.2 */
 	TLS_USE_TLSv1_3_cli,
 	TLS_USE_TLSv1_3_srv,
-	TLS_USE_TLSv1_3,    /* only TLSv1.3 */
-	TLS_USE_TLSvRANGE,    /* placeholder - TLSvX ranges must be after it */
-	TLS_USE_TLSv1_PLUS,   /* TLSv1.0 or greater */
+	TLS_USE_TLSv1_3,	  /* only TLSv1.3 */
+	TLS_USE_TLSvRANGE,	  /* placeholder - TLSvX ranges must be after it */
+	TLS_USE_TLSv1_PLUS,	  /* TLSv1.0 or greater */
 	TLS_USE_TLSv1_1_PLUS, /* TLSv1.1 or greater */
 	TLS_USE_TLSv1_2_PLUS, /* TLSv1.2 or greater */
 	TLS_USE_TLSv1_3_PLUS, /* TLSv1.3 or greater */
@@ -90,7 +91,8 @@ enum tls_method {
 /**
  * TLS configuration domain type
  */
-enum tls_domain_type {
+enum tls_domain_type
+{
 	TLS_DOMAIN_DEF = (1 << 0), /**< Default domain */
 	TLS_DOMAIN_SRV = (1 << 1), /**< Server domain */
 	TLS_DOMAIN_CLI = (1 << 2), /**< Client domain */
@@ -105,7 +107,8 @@ enum tls_domain_type {
 /**
  * TLS "verify_client" options
  */
-enum tls_verify_client_options {
+enum tls_verify_client_options
+{
 	TLS_VERIFY_CLIENT_OFF = 0,
 	TLS_VERIFY_CLIENT_ON = 1,
 	TLS_VERIFY_CLIENT_OPTIONAL = 2,
@@ -116,11 +119,12 @@ enum tls_verify_client_options {
 /**
  * separate configuration per ip:port
  */
-typedef struct tls_domain {
+typedef struct tls_domain
+{
 	int type;
 	struct ip_addr ip;
 	unsigned short port;
-	WOLFSSL_CTX** ctx;
+	WOLFSSL_CTX **ctx;
 	str cert_file;
 	str pkey_file;
 	int verify_cert;
@@ -135,20 +139,21 @@ typedef struct tls_domain {
 	int server_name_mode;
 	str server_id;
 	int verify_client;
-	struct tls_domain* next;
+	struct tls_domain *next;
 } tls_domain_t;
 
 
 /**
  * TLS configuration structures
  */
-typedef struct tls_domains_cfg {
-	tls_domain_t* srv_default; /**< Default server domain */
-	tls_domain_t* cli_default; /**< Default client domain */
-	tls_domain_t* srv_list;    /**< Server domain list */
-	tls_domain_t* cli_list;    /**< Client domain list */
-	struct tls_domains_cfg* next; /**< Next element in the garbage list */
-	atomic_t ref_count;        /**< How many connections use this configuration */
+typedef struct tls_domains_cfg
+{
+	tls_domain_t *srv_default;	  /**< Default server domain */
+	tls_domain_t *cli_default;	  /**< Default client domain */
+	tls_domain_t *srv_list;		  /**< Server domain list */
+	tls_domain_t *cli_list;		  /**< Client domain list */
+	struct tls_domains_cfg *next; /**< Next element in the garbage list */
+	atomic_t ref_count; /**< How many connections use this configuration */
 } tls_domains_cfg_t;
 
 
@@ -161,15 +166,14 @@ typedef struct tls_domains_cfg {
  * @param port domain port
  * @return new domain
  */
-tls_domain_t *tls_new_domain(int type, struct ip_addr *ip,
-			     unsigned short port);
+tls_domain_t *tls_new_domain(int type, struct ip_addr *ip, unsigned short port);
 
 
 /**
  * @brief Free all memory used by TLS configuration domain
  * @param d freed domain
  */
-void tls_free_domain(tls_domain_t* d);
+void tls_free_domain(tls_domain_t *d);
 
 
 /**
@@ -177,8 +181,7 @@ void tls_free_domain(tls_domain_t* d);
  * @param d printed domain
  * @return printed domain, with zero termination
  */
-char* tls_domain_str(tls_domain_t* d);
-
+char *tls_domain_str(tls_domain_t *d);
 
 
 /**
@@ -187,7 +190,7 @@ char* tls_domain_str(tls_domain_t* d);
  * Create new configuration structure in new allocated shared memory.
  * @return configuration structure or zero on error
  */
-tls_domains_cfg_t* tls_new_cfg(void);
+tls_domains_cfg_t *tls_new_cfg(void);
 
 
 /**
@@ -196,7 +199,7 @@ tls_domains_cfg_t* tls_new_cfg(void);
  * @param d TLS domain
  * @return 1 if domain already exists, 0 after addition, -1 on error
  */
-int tls_add_domain(tls_domains_cfg_t* cfg, tls_domain_t* d);
+int tls_add_domain(tls_domains_cfg_t *cfg, tls_domain_t *d);
 
 
 /**
@@ -209,8 +212,8 @@ int tls_add_domain(tls_domains_cfg_t* cfg, tls_domain_t* d);
  * @param cli_defaults command line interface defaults
  * @return 0 on success, -1 on error
  */
-int tls_fix_domains_cfg(tls_domains_cfg_t* cfg, tls_domain_t* srv_defaults,
-				tls_domain_t* cli_defaults);
+int tls_fix_domains_cfg(tls_domains_cfg_t *cfg, tls_domain_t *srv_defaults,
+		tls_domain_t *cli_defaults);
 
 
 /**
@@ -222,15 +225,15 @@ int tls_fix_domains_cfg(tls_domains_cfg_t* cfg, tls_domain_t* srv_defaults,
  * @param sname server name
  * @return found configuration or default, if not found
  */
-tls_domain_t* tls_lookup_cfg(tls_domains_cfg_t* cfg, int type,
-			struct ip_addr* ip, unsigned short port, str *sname, str *srvid);
+tls_domain_t *tls_lookup_cfg(tls_domains_cfg_t *cfg, int type,
+		struct ip_addr *ip, unsigned short port, str *sname, str *srvid);
 
 
 /**
  * @brief Free TLS configuration structure
  * @param cfg freed configuration
  */
-void tls_free_cfg(tls_domains_cfg_t* cfg);
+void tls_free_cfg(tls_domains_cfg_t *cfg);
 
 
 /**
@@ -241,6 +244,6 @@ void tls_destroy_cfg(void);
 /**
  * @brief Check if a TLS configuration domain exists
  */
-int ksr_tls_domain_duplicated(tls_domains_cfg_t* cfg, tls_domain_t* d);
+int ksr_tls_domain_duplicated(tls_domains_cfg_t *cfg, tls_domain_t *d);
 
 #endif /* _TLS_DOMAIN_H */

src/modules/tls_wolfssl/tls_dump_vf.c

@@ -47,102 +47,122 @@ void tls_dump_verification_failure(long verification_result)
 
 	tls_log = cfg_get(tls, tls_cfg, log);
 	switch(verification_result) {
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		LOG(tls_log, "verification failure: unable to get issuer certificate\n");
-		break;
-	case X509_V_ERR_UNABLE_TO_GET_CRL:
-		LOG(tls_log, "verification failure: unable to get certificate CRL\n");
-		break;
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-		LOG(tls_log, "verification failure: unable to decrypt certificate's signature\n");
-		break;
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-		LOG(tls_log, "verification failure: unable to decrypt CRL's signature\n");
-		break;
-	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-		LOG(tls_log, "verification failure: unable to decode issuer public key\n");
-		break;
-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-		LOG(tls_log, "verification failure: certificate signature failure\n");
-		break;
-	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-		LOG(tls_log, "verification failure: CRL signature failure\n");
-		break;
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-		LOG(tls_log, "verification failure: certificate is not yet valid\n");
-		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-		LOG(tls_log, "verification failure: certificate has expired\n");
-		break;
-	case X509_V_ERR_CRL_NOT_YET_VALID:
-		LOG(tls_log, "verification failure: CRL is not yet valid\n");
-		break;
-	case X509_V_ERR_CRL_HAS_EXPIRED:
-		LOG(tls_log, "verification failure: CRL has expired\n");
-		break;
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		LOG(tls_log, "verification failure: format error in certificate's notBefore field\n");
-		break;
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		LOG(tls_log, "verification failure: format error in certificate's notAfter field\n");
-		break;
-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-		LOG(tls_log, "verification failure: format error in CRL's lastUpdate field\n");
-		break;
-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-		LOG(tls_log, "verification failure: format error in CRL's nextUpdate field\n");
-		break;
-	case X509_V_ERR_OUT_OF_MEM:
-		LOG(tls_log, "verification failure: out of memory\n");
-		break;
-	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-		LOG(tls_log, "verification failure: self signed certificate\n");
-		break;
-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-		LOG(tls_log, "verification failure: self signed certificate in certificate chain\n");
-		break;
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-		LOG(tls_log, "verification failure: unable to get local issuer certificate\n");
-		break;
-	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-		LOG(tls_log, "verification failure: unable to verify the first certificate\n");
-		break;
-	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-		LOG(tls_log, "verification failure: certificate chain too long\n");
-		break;
-	case X509_V_ERR_CERT_REVOKED:
-		LOG(tls_log, "verification failure: certificate revoked\n");
-		break;
-	case X509_V_ERR_INVALID_CA:
-		LOG(tls_log, "verification failure: invalid CA certificate\n");
-		break;
-	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-		LOG(tls_log, "verification failure: path length constraint exceeded\n");
-		break;
-	case X509_V_ERR_INVALID_PURPOSE:
-		LOG(tls_log, "verification failure: unsupported certificate purpose\n");
-		break;
-	case X509_V_ERR_CERT_UNTRUSTED:
-		LOG(tls_log, "verification failure: certificate not trusted\n");
-		break;
-	case X509_V_ERR_CERT_REJECTED:
-		LOG(tls_log, "verification failure: certificate rejected\n");
-		break;
-	case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-		LOG(tls_log, "verification failure: subject issuer mismatch\n");
-		break;
-	case X509_V_ERR_AKID_SKID_MISMATCH:
-		LOG(tls_log, "verification failure: authority and subject key identifier mismatch\n");
-		break;
-	case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-		LOG(tls_log, "verification failure: authority and issuer serial number mismatch\n");
-		break;
-	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-		LOG(tls_log, "verification failure: key usage does not include certificate signing\n");
-		break;
-	case X509_V_ERR_APPLICATION_VERIFICATION:
-		LOG(tls_log, "verification failure: application verification failure\n");
-		break;
+		case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+			LOG(tls_log,
+					"verification failure: unable to get issuer certificate\n");
+			break;
+		case X509_V_ERR_UNABLE_TO_GET_CRL:
+			LOG(tls_log,
+					"verification failure: unable to get certificate CRL\n");
+			break;
+		case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+			LOG(tls_log, "verification failure: unable to decrypt "
+						 "certificate's signature\n");
+			break;
+		case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+			LOG(tls_log, "verification failure: unable to decrypt CRL's "
+						 "signature\n");
+			break;
+		case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+			LOG(tls_log, "verification failure: unable to decode issuer public "
+						 "key\n");
+			break;
+		case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+			LOG(tls_log,
+					"verification failure: certificate signature failure\n");
+			break;
+		case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+			LOG(tls_log, "verification failure: CRL signature failure\n");
+			break;
+		case X509_V_ERR_CERT_NOT_YET_VALID:
+			LOG(tls_log,
+					"verification failure: certificate is not yet valid\n");
+			break;
+		case X509_V_ERR_CERT_HAS_EXPIRED:
+			LOG(tls_log, "verification failure: certificate has expired\n");
+			break;
+		case X509_V_ERR_CRL_NOT_YET_VALID:
+			LOG(tls_log, "verification failure: CRL is not yet valid\n");
+			break;
+		case X509_V_ERR_CRL_HAS_EXPIRED:
+			LOG(tls_log, "verification failure: CRL has expired\n");
+			break;
+		case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+			LOG(tls_log, "verification failure: format error in certificate's "
+						 "notBefore field\n");
+			break;
+		case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+			LOG(tls_log, "verification failure: format error in certificate's "
+						 "notAfter field\n");
+			break;
+		case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+			LOG(tls_log, "verification failure: format error in CRL's "
+						 "lastUpdate field\n");
+			break;
+		case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+			LOG(tls_log, "verification failure: format error in CRL's "
+						 "nextUpdate field\n");
+			break;
+		case X509_V_ERR_OUT_OF_MEM:
+			LOG(tls_log, "verification failure: out of memory\n");
+			break;
+		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+			LOG(tls_log, "verification failure: self signed certificate\n");
+			break;
+		case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+			LOG(tls_log, "verification failure: self signed certificate in "
+						 "certificate chain\n");
+			break;
+		case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+			LOG(tls_log, "verification failure: unable to get local issuer "
+						 "certificate\n");
+			break;
+		case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+			LOG(tls_log, "verification failure: unable to verify the first "
+						 "certificate\n");
+			break;
+		case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+			LOG(tls_log, "verification failure: certificate chain too long\n");
+			break;
+		case X509_V_ERR_CERT_REVOKED:
+			LOG(tls_log, "verification failure: certificate revoked\n");
+			break;
+		case X509_V_ERR_INVALID_CA:
+			LOG(tls_log, "verification failure: invalid CA certificate\n");
+			break;
+		case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+			LOG(tls_log,
+					"verification failure: path length constraint exceeded\n");
+			break;
+		case X509_V_ERR_INVALID_PURPOSE:
+			LOG(tls_log,
+					"verification failure: unsupported certificate purpose\n");
+			break;
+		case X509_V_ERR_CERT_UNTRUSTED:
+			LOG(tls_log, "verification failure: certificate not trusted\n");
+			break;
+		case X509_V_ERR_CERT_REJECTED:
+			LOG(tls_log, "verification failure: certificate rejected\n");
+			break;
+		case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+			LOG(tls_log, "verification failure: subject issuer mismatch\n");
+			break;
+		case X509_V_ERR_AKID_SKID_MISMATCH:
+			LOG(tls_log, "verification failure: authority and subject key "
+						 "identifier mismatch\n");
+			break;
+		case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+			LOG(tls_log, "verification failure: authority and issuer serial "
+						 "number mismatch\n");
+			break;
+		case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+			LOG(tls_log, "verification failure: key usage does not include "
+						 "certificate signing\n");
+			break;
+		case X509_V_ERR_APPLICATION_VERIFICATION:
+			LOG(tls_log,
+					"verification failure: application verification failure\n");
+			break;
 	}
 }
 

src/modules/tls_wolfssl/tls_init.c

@@ -33,7 +33,6 @@
  */
 
 
-
 #include <stdio.h>
 #include <sys/types.h>
 #include <netinet/in_systm.h>
@@ -71,7 +70,7 @@ sr_tls_methods_t sr_tls_methods[TLS_METHOD_MAX];
 
 #ifdef NO_TLS_MALLOC_DBG
 #undef TLS_MALLOC_DBG /* extra malloc debug info from openssl */
-#endif /* NO_TLS_MALLOC_DBG */
+#endif				  /* NO_TLS_MALLOC_DBG */
 
 /*
  * Wrappers around SER shared memory functions
@@ -87,89 +86,96 @@ sr_tls_methods_t sr_tls_methods[TLS_METHOD_MAX];
 */
 
 
-
-inline static char* buf_append(char* buf, char* end, char* str, int str_len)
+inline static char *buf_append(char *buf, char *end, char *str, int str_len)
 {
-	if ( (buf+str_len)<end){
+	if((buf + str_len) < end) {
 		memcpy(buf, str, str_len);
-		return buf+str_len;
+		return buf + str_len;
 	}
 	return 0;
 }
 
 
-inline static int backtrace2str(char* buf, int size)
+inline static int backtrace2str(char *buf, int size)
 {
-	void* bt[32];
+	void *bt[32];
 	int bt_size, i;
-	char** bt_strs;
-	char* p;
-	char* end;
-	char* next;
-	char* s;
-	char* e;
-
-	p=buf; end=buf+size;
-	bt_size=backtrace(bt, sizeof(bt)/sizeof(bt[0]));
-	bt_strs=backtrace_symbols(bt, bt_size);
-	if (bt_strs){
-		p=buf; end=buf+size;
+	char **bt_strs;
+	char *p;
+	char *end;
+	char *next;
+	char *s;
+	char *e;
+
+	p = buf;
+	end = buf + size;
+	bt_size = backtrace(bt, sizeof(bt) / sizeof(bt[0]));
+	bt_strs = backtrace_symbols(bt, bt_size);
+	if(bt_strs) {
+		p = buf;
+		end = buf + size;
 		/*if (bt_size>16) bt_size=16;*/ /* go up only 12 entries */
-		for (i=3; i< bt_size; i++){
+		for(i = 3; i < bt_size; i++) {
 			/* try to isolate only the function name*/
-			s=strchr(bt_strs[i], '(');
-			if (s && ((e=strchr(s, ')'))!=0)){
+			s = strchr(bt_strs[i], '(');
+			if(s && ((e = strchr(s, ')')) != 0)) {
 				s++;
-			}else if ((s=strchr(bt_strs[i], '['))!=0){
-				e=s+strlen(s);
-			}else{
-				s=bt_strs[i]; e=s+strlen(s); /* add the whole string */
+			} else if((s = strchr(bt_strs[i], '[')) != 0) {
+				e = s + strlen(s);
+			} else {
+				s = bt_strs[i];
+				e = s + strlen(s); /* add the whole string */
 			}
-			next=buf_append(p, end, s, (int)(long)(e-s));
-			if (next==0) break;
-			else p=next;
-			if (p<end){
-				*p=':'; /* separator */
+			next = buf_append(p, end, s, (int)(long)(e - s));
+			if(next == 0)
+				break;
+			else
+				p = next;
+			if(p < end) {
+				*p = ':'; /* separator */
 				p++;
-			}else break;
+			} else
+				break;
 		}
-		if (p==buf){
-			*p=0;
+		if(p == buf) {
+			*p = 0;
 			p++;
-		}else
-			*(p-1)=0;
+		} else
+			*(p - 1) = 0;
 		free(bt_strs);
 	}
-	return (int)(long)(p-buf);
+	return (int)(long)(p - buf);
 }
 
-static void* ser_malloc(size_t size, const char* file, int line)
+static void *ser_malloc(size_t size, const char *file, int line)
 {
-	void  *p;
+	void *p;
 	char bt_buf[1024];
 	int s;
 #ifdef RAND_NULL_MALLOC
-	static ticks_t st=0;
+	static ticks_t st = 0;
 
 	/* start random null returns only after
 	 * NULL_GRACE_PERIOD from first call */
-	if (st==0) st=get_ticks();
-	if (((get_ticks()-st)<NULL_GRACE_PERIOD) || (random()%RAND_NULL_MALLOC)){
+	if(st == 0)
+		st = get_ticks();
+	if(((get_ticks() - st) < NULL_GRACE_PERIOD)
+			|| (random() % RAND_NULL_MALLOC)) {
 #endif
-		s=backtrace2str(bt_buf, sizeof(bt_buf));
+		s = backtrace2str(bt_buf, sizeof(bt_buf));
 		/* ugly hack: keep the bt inside the alloc'ed fragment */
-		p=_shm_malloc(size+s, file, "via ser_malloc", line);
-		if (p==0){
-			LM_CRIT("tls - ser_malloc(%d)[%s:%d]==null, bt: %s\n",
-					size, file, line, bt_buf);
-		}else{
-			memcpy(p+size, bt_buf, s);
-			((struct qm_frag*)((char*)p-sizeof(struct qm_frag)))->func=
-				p+size;
+		p = _shm_malloc(size + s, file, "via ser_malloc", line);
+		if(p == 0) {
+			LM_CRIT("tls - ser_malloc(%d)[%s:%d]==null, bt: %s\n", size, file,
+					line, bt_buf);
+		} else {
+			memcpy(p + size, bt_buf, s);
+			((struct qm_frag *)((char *)p - sizeof(struct qm_frag)))->func =
+					p + size;
 		}
 #ifdef RAND_NULL_MALLOC
-	}else{
-		p=0;
+	} else {
+		p = 0;
 		backtrace2str(bt_buf, sizeof(bt_buf));
 		LM_CRIT("tls - random ser_malloc(%d)[%s:%d] returning null - bt: %s\n",
 				size, file, line, bt_buf);
@@ -179,58 +185,58 @@ static void* ser_malloc(size_t size, const char* file, int line)
 }
 
 
-static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
+static void *ser_realloc(void *ptr, size_t size, const char *file, int line)
 {
-	void  *p;
+	void *p;
 	char bt_buf[1024];
 	int s;
 #ifdef RAND_NULL_MALLOC
-	static ticks_t st=0;
+	static ticks_t st = 0;
 
 	/* start random null returns only after
 	 * NULL_GRACE_PERIOD from first call */
-	if (st==0) st=get_ticks();
-	if (((get_ticks()-st)<NULL_GRACE_PERIOD) || (random()%RAND_NULL_MALLOC)){
+	if(st == 0)
+		st = get_ticks();
+	if(((get_ticks() - st) < NULL_GRACE_PERIOD)
+			|| (random() % RAND_NULL_MALLOC)) {
 #endif
-		s=backtrace2str(bt_buf, sizeof(bt_buf));
-		p=_shm_realloc(ptr, size+s, file, "via ser_realloc", line);
-		if (p==0){
-			LM_CRIT("tls - ser_realloc(%p, %d)[%s:%d]==null, bt: %s\n",
-					ptr, size, file, line, bt_buf);
-		}else{
-			memcpy(p+size, bt_buf, s);
-			((struct qm_frag*)((char*)p-sizeof(struct qm_frag)))->func=
-				p+size;
+		s = backtrace2str(bt_buf, sizeof(bt_buf));
+		p = _shm_realloc(ptr, size + s, file, "via ser_realloc", line);
+		if(p == 0) {
+			LM_CRIT("tls - ser_realloc(%p, %d)[%s:%d]==null, bt: %s\n", ptr,
+					size, file, line, bt_buf);
+		} else {
+			memcpy(p + size, bt_buf, s);
+			((struct qm_frag *)((char *)p - sizeof(struct qm_frag)))->func =
+					p + size;
 		}
 #ifdef RAND_NULL_MALLOC
-	}else{
-		p=0;
+	} else {
+		p = 0;
 		backtrace2str(bt_buf, sizeof(bt_buf));
 		LM_CRIT("tls - random ser_realloc(%p, %d)[%s:%d]"
-				" returning null - bt: %s\n", ptr, size, file, line,
-				bt_buf);
+				" returning null - bt: %s\n",
+				ptr, size, file, line, bt_buf);
 	}
 #endif
 	return p;
 }
 
 #else /*TLS_MALLOC_DBG */
-static void* ser_malloc(size_t size)
+static void *ser_malloc(size_t size)
 {
 	return shm_malloc(size);
-
 }
 
-static void* ser_realloc(void *ptr, size_t size)
+static void *ser_realloc(void *ptr, size_t size)
 {
 	return shm_realloc(ptr, size);
-
 }
 #endif
 
 static void ser_free(void *ptr)
 {
-	if (ptr) {
+	if(ptr) {
 		shm_free(ptr);
 	}
 }
@@ -285,7 +291,7 @@ int tls_h_init_si_f(struct socket_info *si)
 	 * reuse tcp initialization
 	 */
 	ret = tcp_init(si);
-	if (ret != 0) {
+	if(ret != 0) {
 		LM_ERR("Error while initializing TCP part of TLS socket %.*s:%d\n",
 				si->address_str.len, si->address_str.s, si->port_no);
 		goto error;
@@ -295,7 +301,7 @@ int tls_h_init_si_f(struct socket_info *si)
 	return 0;
 
 error:
-	if (si->socket != -1) {
+	if(si->socket != -1) {
 		close(si->socket);
 		si->socket = -1;
 	}
@@ -303,7 +309,6 @@ error:
 }
 
 
-
 /*
  * initialize ssl methods
  */
@@ -412,20 +417,20 @@ int tls_pre_init(void)
 	 * CRYPTO_malloc will set allow_customize in openssl to 0
 	 */
 	// CRYPTO_get_mem_functions(&mf, &rf, &ff);
-	LM_DBG("initial memory functions - malloc: %p realloc: %p free: %p\n",
-			mf, rf, ff);
+	LM_DBG("initial memory functions - malloc: %p realloc: %p free: %p\n", mf,
+			rf, ff);
 	mf = NULL;
 	rf = NULL;
 	ff = NULL;
-	if (wolfSSL_SetAllocators(ser_malloc, ser_free, ser_realloc)) {
+	if(wolfSSL_SetAllocators(ser_malloc, ser_free, ser_realloc)) {
 		LM_ERR("Unable to set the memory allocation functions\n");
 		// CRYPTO_get_mem_functions(&mf, &rf, &ff);
-		LM_ERR("libssl current mem functions - m: %p r: %p f: %p\n",
-					mf, rf, ff);
-		LM_ERR("module mem functions - m: %p r: %p f: %p\n",
-					ser_malloc, ser_realloc, ser_free);
+		LM_ERR("libssl current mem functions - m: %p r: %p f: %p\n", mf, rf,
+				ff);
+		LM_ERR("module mem functions - m: %p r: %p f: %p\n", ser_malloc,
+				ser_realloc, ser_free);
 		LM_ERR("Be sure tls module is loaded before any other module using"
-				" libssl (can be loaded first to be safe)\n");
+			   " libssl (can be loaded first to be safe)\n");
 		return -1;
 	}
 	LM_DBG("updated memory functions - malloc: %p realloc: %p free: %p\n",
@@ -441,7 +446,7 @@ int tls_pre_init(void)
  */
 int tls_h_mod_pre_init_f(void)
 {
-	if(tls_mod_preinitialized==1) {
+	if(tls_mod_preinitialized == 1) {
 		LM_DBG("already mod pre-initialized\n");
 		return 0;
 	}
@@ -450,7 +455,7 @@ int tls_h_mod_pre_init_f(void)
 	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
 	wolfSSL_OPENSSL_init_ssl(0, NULL);
 	wolfSSL_load_error_strings();
-	tls_mod_preinitialized=1;
+	tls_mod_preinitialized = 1;
 	return 0;
 }
 
@@ -475,15 +480,16 @@ int tls_h_mod_init_f(void)
  * Make sure that all server domains in the configuration have corresponding
  * listening socket in SER
  */
-int tls_check_sockets(tls_domains_cfg_t* cfg)
+int tls_check_sockets(tls_domains_cfg_t *cfg)
 {
-	tls_domain_t* d;
+	tls_domain_t *d;
 
-	if (!cfg) return 0;
+	if(!cfg)
+		return 0;
 
 	d = cfg->srv_list;
 	while(d) {
-		if (d->ip.len && !find_si(&d->ip, d->port, PROTO_TLS)) {
+		if(d->ip.len && !find_si(&d->ip, d->port, PROTO_TLS)) {
 			LM_ERR("%s: No listening socket found\n", tls_domain_str(d));
 			return -1;
 		}

src/modules/tls_wolfssl/tls_init.h

@@ -32,8 +32,9 @@
 #include "../../core/ip_addr.h"
 #include "tls_domain.h"
 
-typedef struct sr_tls_methods_s {
-	const SSL_METHOD* TLSMethod;
+typedef struct sr_tls_methods_s
+{
+	const SSL_METHOD *TLSMethod;
 	int TLSMethodMin;
 	int TLSMethodMax;
 } sr_tls_methods_t;
@@ -70,6 +71,6 @@ int tls_h_init_si_f(struct socket_info *si);
  * Make sure that all server domains in the configuration have corresponding
  * listening socket in SER
  */
-int tls_check_sockets(tls_domains_cfg_t* cfg);
+int tls_check_sockets(tls_domains_cfg_t *cfg);
 
 #endif /* _TLS_INIT_H */

src/modules/tls_wolfssl/tls_map.c

@@ -11,185 +11,203 @@
 #include "../../core/mem/mem.h"
 #include "tls_map.h"
 
-struct map_node_t {
-  unsigned hash;
-  void *value;
-  map_node_t *next;
-  /* char key[]; */
-  /* char value[]; */
+struct map_node_t
+{
+	unsigned hash;
+	void *value;
+	map_node_t *next;
+	/* char key[]; */
+	/* char value[]; */
 };
 
 
-static unsigned map_hash(const char *str) {
-  unsigned hash = 5381;
-  while (*str) {
-    hash = ((hash << 5) + hash) ^ *str++;
-  }
-  return hash;
+static unsigned map_hash(const char *str)
+{
+	unsigned hash = 5381;
+	while(*str) {
+		hash = ((hash << 5) + hash) ^ *str++;
+	}
+	return hash;
 }
 
 
-static map_node_t *map_newnode(const char *key, void *value, int vsize) {
-  map_node_t *node;
-  int ksize = strlen(key) + 1;
-  int voffset = ksize + ((sizeof(void*) - ksize) % sizeof(void*));
-  node = pkg_malloc(sizeof(*node) + voffset + vsize);
-  if (!node) return NULL;
-  memcpy(node + 1, key, ksize);
-  node->hash = map_hash(key);
-  node->value = ((char*) (node + 1)) + voffset;
-  memcpy(node->value, value, vsize);
-  return node;
+static map_node_t *map_newnode(const char *key, void *value, int vsize)
+{
+	map_node_t *node;
+	int ksize = strlen(key) + 1;
+	int voffset = ksize + ((sizeof(void *) - ksize) % sizeof(void *));
+	node = pkg_malloc(sizeof(*node) + voffset + vsize);
+	if(!node)
+		return NULL;
+	memcpy(node + 1, key, ksize);
+	node->hash = map_hash(key);
+	node->value = ((char *)(node + 1)) + voffset;
+	memcpy(node->value, value, vsize);
+	return node;
 }
 
 
-static int map_bucketidx(map_base_t *m, unsigned hash) {
-  /* If the implementation is changed to allow a non-power-of-2 bucket count,
+static int map_bucketidx(map_base_t *m, unsigned hash)
+{
+	/* If the implementation is changed to allow a non-power-of-2 bucket count,
    * the line below should be changed to use mod instead of AND */
-  return hash & (m->nbuckets - 1);
+	return hash & (m->nbuckets - 1);
 }
 
 
-static void map_addnode(map_base_t *m, map_node_t *node) {
-  int n = map_bucketidx(m, node->hash);
-  node->next = m->buckets[n];
-  m->buckets[n] = node;
+static void map_addnode(map_base_t *m, map_node_t *node)
+{
+	int n = map_bucketidx(m, node->hash);
+	node->next = m->buckets[n];
+	m->buckets[n] = node;
 }
 
 
-static int map_resize(map_base_t *m, int nbuckets) {
-  map_node_t *nodes, *node, *next;
-  map_node_t **buckets;
-  int i;
-  /* Chain all nodes together */
-  nodes = NULL;
-  i = m->nbuckets;
-  while (i--) {
-    node = (m->buckets)[i];
-    while (node) {
-      next = node->next;
-      node->next = nodes;
-      nodes = node;
-      node = next;
-    }
-  }
-  /* Reset buckets */
-  buckets = realloc(m->buckets, sizeof(*m->buckets) * nbuckets);
-  if (buckets != NULL) {
-    m->buckets = buckets;
-    m->nbuckets = nbuckets;
-  }
-  if (m->buckets) {
-    memset(m->buckets, 0, sizeof(*m->buckets) * m->nbuckets);
-    /* Re-add nodes to buckets */
-    node = nodes;
-    while (node) {
-      next = node->next;
-      map_addnode(m, node);
-      node = next;
-    }
-  }
-  /* Return error code if realloc() failed */
-  return (buckets == NULL) ? -1 : 0;
+static int map_resize(map_base_t *m, int nbuckets)
+{
+	map_node_t *nodes, *node, *next;
+	map_node_t **buckets;
+	int i;
+	/* Chain all nodes together */
+	nodes = NULL;
+	i = m->nbuckets;
+	while(i--) {
+		node = (m->buckets)[i];
+		while(node) {
+			next = node->next;
+			node->next = nodes;
+			nodes = node;
+			node = next;
+		}
+	}
+	/* Reset buckets */
+	buckets = realloc(m->buckets, sizeof(*m->buckets) * nbuckets);
+	if(buckets != NULL) {
+		m->buckets = buckets;
+		m->nbuckets = nbuckets;
+	}
+	if(m->buckets) {
+		memset(m->buckets, 0, sizeof(*m->buckets) * m->nbuckets);
+		/* Re-add nodes to buckets */
+		node = nodes;
+		while(node) {
+			next = node->next;
+			map_addnode(m, node);
+			node = next;
+		}
+	}
+	/* Return error code if realloc() failed */
+	return (buckets == NULL) ? -1 : 0;
 }
 
 
-static map_node_t **map_getref(map_base_t *m, const char *key) {
-  unsigned hash = map_hash(key);
-  map_node_t **next;
-  if (m->nbuckets > 0) {
-    next = &m->buckets[map_bucketidx(m, hash)];
-    while (*next) {
-      if ((*next)->hash == hash && !strcmp((char*) (*next + 1), key)) {
-        return next;
-      }
-      next = &(*next)->next;
-    }
-  }
-  return NULL;
+static map_node_t **map_getref(map_base_t *m, const char *key)
+{
+	unsigned hash = map_hash(key);
+	map_node_t **next;
+	if(m->nbuckets > 0) {
+		next = &m->buckets[map_bucketidx(m, hash)];
+		while(*next) {
+			if((*next)->hash == hash && !strcmp((char *)(*next + 1), key)) {
+				return next;
+			}
+			next = &(*next)->next;
+		}
+	}
+	return NULL;
 }
 
 
-void map_deinit_(map_base_t *m) {
-  map_node_t *next, *node;
-  int i;
-  i = m->nbuckets;
-  while (i--) {
-    node = m->buckets[i];
-    while (node) {
-      next = node->next;
-      pkg_free(node);
-      node = next;
-    }
-  }
-  pkg_free(m->buckets);
+void map_deinit_(map_base_t *m)
+{
+	map_node_t *next, *node;
+	int i;
+	i = m->nbuckets;
+	while(i--) {
+		node = m->buckets[i];
+		while(node) {
+			next = node->next;
+			pkg_free(node);
+			node = next;
+		}
+	}
+	pkg_free(m->buckets);
 }
 
 
-void *map_get_(map_base_t *m, const char *key) {
-  map_node_t **next = map_getref(m, key);
-  return next ? (*next)->value : NULL;
+void *map_get_(map_base_t *m, const char *key)
+{
+	map_node_t **next = map_getref(m, key);
+	return next ? (*next)->value : NULL;
 }
 
 
-int map_set_(map_base_t *m, const char *key, void *value, int vsize) {
-  int n, err;
-  map_node_t **next, *node;
-  /* Find & replace existing node */
-  next = map_getref(m, key);
-  if (next) {
-    memcpy((*next)->value, value, vsize);
-    return 0;
-  }
-  /* Add new node */
-  node = map_newnode(key, value, vsize);
-  if (node == NULL) goto fail;
-  if (m->nnodes >= m->nbuckets) {
-    n = (m->nbuckets > 0) ? (m->nbuckets << 1) : 1;
-    err = map_resize(m, n);
-    if (err) goto fail;
-  }
-  map_addnode(m, node);
-  m->nnodes++;
-  return 0;
-  fail:
-  if (node) pkg_free(node);
-  return -1;
+int map_set_(map_base_t *m, const char *key, void *value, int vsize)
+{
+	int n, err;
+	map_node_t **next, *node;
+	/* Find & replace existing node */
+	next = map_getref(m, key);
+	if(next) {
+		memcpy((*next)->value, value, vsize);
+		return 0;
+	}
+	/* Add new node */
+	node = map_newnode(key, value, vsize);
+	if(node == NULL)
+		goto fail;
+	if(m->nnodes >= m->nbuckets) {
+		n = (m->nbuckets > 0) ? (m->nbuckets << 1) : 1;
+		err = map_resize(m, n);
+		if(err)
+			goto fail;
+	}
+	map_addnode(m, node);
+	m->nnodes++;
+	return 0;
+fail:
+	if(node)
+		pkg_free(node);
+	return -1;
 }
 
 
-void map_remove_(map_base_t *m, const char *key) {
-  map_node_t *node;
-  map_node_t **next = map_getref(m, key);
-  if (next) {
-    node = *next;
-    *next = (*next)->next;
-    pkg_free(node);
-    m->nnodes--;
-  }
+void map_remove_(map_base_t *m, const char *key)
+{
+	map_node_t *node;
+	map_node_t **next = map_getref(m, key);
+	if(next) {
+		node = *next;
+		*next = (*next)->next;
+		pkg_free(node);
+		m->nnodes--;
+	}
 }
 
 
-map_iter_t map_iter_(void) {
-  map_iter_t iter;
-  iter.bucketidx = -1;
-  iter.node = NULL;
-  return iter;
+map_iter_t map_iter_(void)
+{
+	map_iter_t iter;
+	iter.bucketidx = -1;
+	iter.node = NULL;
+	return iter;
 }
 
 
-const char *map_next_(map_base_t *m, map_iter_t *iter) {
-  if (iter->node) {
-    iter->node = iter->node->next;
-    if (iter->node == NULL) goto nextBucket;
-  } else {
-    nextBucket:
-    do {
-      if (++iter->bucketidx >= m->nbuckets) {
-        return NULL;
-      }
-      iter->node = m->buckets[iter->bucketidx];
-    } while (iter->node == NULL);
-  }
-  return (char*) (iter->node + 1);
+const char *map_next_(map_base_t *m, map_iter_t *iter)
+{
+	if(iter->node) {
+		iter->node = iter->node->next;
+		if(iter->node == NULL)
+			goto nextBucket;
+	} else {
+	nextBucket:
+		do {
+			if(++iter->bucketidx >= m->nbuckets) {
+				return NULL;
+			}
+			iter->node = m->buckets[iter->bucketidx];
+		} while(iter->node == NULL);
+	}
+	return (char *)(iter->node + 1);
 }

src/modules/tls_wolfssl/tls_map.h

@@ -15,48 +15,48 @@
 struct map_node_t;
 typedef struct map_node_t map_node_t;
 
-typedef struct {
-  map_node_t **buckets;
-  unsigned nbuckets, nnodes;
+typedef struct
+{
+	map_node_t **buckets;
+	unsigned nbuckets, nnodes;
 } map_base_t;
 
-typedef struct {
-  unsigned bucketidx;
-  map_node_t *node;
+typedef struct
+{
+	unsigned bucketidx;
+	map_node_t *node;
 } map_iter_t;
 
 
-#define map_t(T)\
-  struct { map_base_t base; T *ref; T tmp; }
+#define map_t(T)         \
+	struct               \
+	{                    \
+		map_base_t base; \
+		T *ref;          \
+		T tmp;           \
+	}
 
 
-#define map_init(m)\
-  memset(m, 0, sizeof(*(m)))
+#define map_init(m) memset(m, 0, sizeof(*(m)))
 
 
-#define map_deinit(m)\
-  map_deinit_(&(m)->base)
+#define map_deinit(m) map_deinit_(&(m)->base)
 
 
-#define map_get(m, key)\
-  ( (m)->ref = map_get_(&(m)->base, key) )
+#define map_get(m, key) ((m)->ref = map_get_(&(m)->base, key))
 
 
-#define map_set(m, key, value)\
-  ( (m)->tmp = (value),\
-    map_set_(&(m)->base, key, &(m)->tmp, sizeof((m)->tmp)) )
+#define map_set(m, key, value) \
+	((m)->tmp = (value), map_set_(&(m)->base, key, &(m)->tmp, sizeof((m)->tmp)))
 
 
-#define map_remove(m, key)\
-  map_remove_(&(m)->base, key)
+#define map_remove(m, key) map_remove_(&(m)->base, key)
 
 
-#define map_iter(m)\
-  map_iter_()
+#define map_iter(m) map_iter_()
 
 
-#define map_next(m, iter)\
-  map_next_(&(m)->base, iter)
+#define map_next(m, iter) map_next_(&(m)->base, iter)
 
 
 void map_deinit_(map_base_t *m);
@@ -67,8 +67,8 @@ map_iter_t map_iter_(void);
 const char *map_next_(map_base_t *m, map_iter_t *iter);
 
 
-typedef map_t(void*) map_void_t;
-typedef map_t(char*) map_str_t;
+typedef map_t(void *) map_void_t;
+typedef map_t(char *) map_str_t;
 typedef map_t(int) map_int_t;
 typedef map_t(char) map_char_t;
 typedef map_t(float) map_float_t;

src/modules/tls_wolfssl/tls_rand.c

@@ -45,9 +45,9 @@ static int ksr_krand_bytes(unsigned char *outdata, int size)
 {
 	int r;
 
-	if (size < 0) {
+	if(size < 0) {
 		return 0;
-	} else if (size == 0) {
+	} else if(size == 0) {
 		return 1;
 	}
 
@@ -57,7 +57,7 @@ static int ksr_krand_bytes(unsigned char *outdata, int size)
 		size -= sizeof(int);
 		outdata += sizeof(int);
 	}
-	if(size>0) {
+	if(size > 0) {
 		r = kam_rand();
 		memcpy(outdata, &r, size);
 	}
@@ -66,26 +66,20 @@ static int ksr_krand_bytes(unsigned char *outdata, int size)
 
 static int ksr_krand_pseudorand(unsigned char *outdata, int size)
 {
-    return ksr_krand_bytes(outdata, size);
+	return ksr_krand_bytes(outdata, size);
 }
 
 static int ksr_krand_status(void)
 {
-    return 1;
+	return 1;
 }
 
-const WOLFSSL_RAND_METHOD _ksr_krand_method = {
-    NULL,
-    ksr_krand_bytes,
-    NULL,
-    NULL,
-    ksr_krand_pseudorand,
-    ksr_krand_status
-};
+const WOLFSSL_RAND_METHOD _ksr_krand_method = {NULL, ksr_krand_bytes, NULL,
+		NULL, ksr_krand_pseudorand, ksr_krand_status};
 
 const WOLFSSL_RAND_METHOD *RAND_ksr_krand_method(void)
 {
-    return &_ksr_krand_method;
+	return &_ksr_krand_method;
 }
 
 /*
@@ -97,9 +91,9 @@ static int ksr_fastrand_bytes(unsigned char *outdata, int size)
 {
 	int r;
 
-	if (size < 0) {
+	if(size < 0) {
 		return 0;
-	} else if (size == 0) {
+	} else if(size == 0) {
 		return 1;
 	}
 
@@ -109,7 +103,7 @@ static int ksr_fastrand_bytes(unsigned char *outdata, int size)
 		size -= sizeof(int);
 		outdata += sizeof(int);
 	}
-	if(size>0) {
+	if(size > 0) {
 		r = fastrand();
 		memcpy(outdata, &r, size);
 	}
@@ -118,26 +112,20 @@ static int ksr_fastrand_bytes(unsigned char *outdata, int size)
 
 static int ksr_fastrand_pseudorand(unsigned char *outdata, int size)
 {
-    return ksr_fastrand_bytes(outdata, size);
+	return ksr_fastrand_bytes(outdata, size);
 }
 
 static int ksr_fastrand_status(void)
 {
-    return 1;
+	return 1;
 }
 
-const WOLFSSL_RAND_METHOD _ksr_fastrand_method = {
-    NULL,
-    ksr_fastrand_bytes,
-    NULL,
-    NULL,
-    ksr_fastrand_pseudorand,
-    ksr_fastrand_status
-};
+const WOLFSSL_RAND_METHOD _ksr_fastrand_method = {NULL, ksr_fastrand_bytes,
+		NULL, NULL, ksr_fastrand_pseudorand, ksr_fastrand_status};
 
 const WOLFSSL_RAND_METHOD *RAND_ksr_fastrand_method(void)
 {
-    return &_ksr_fastrand_method;
+	return &_ksr_fastrand_method;
 }
 
 /*
@@ -148,9 +136,9 @@ const WOLFSSL_RAND_METHOD *RAND_ksr_fastrand_method(void)
  */
 static int ksr_cryptorand_bytes(unsigned char *outdata, int size)
 {
-	if (size < 0) {
+	if(size < 0) {
 		return 0;
-	} else if (size == 0) {
+	} else if(size == 0) {
 		return 1;
 	}
 
@@ -160,25 +148,19 @@ static int ksr_cryptorand_bytes(unsigned char *outdata, int size)
 
 static int ksr_cryptorand_status(void)
 {
-    return 1;
+	return 1;
 }
 
 /*
  * We don't have a dedicated function for pseudo-random
  * bytes, just use the secure version as well for it.
  */
-const WOLFSSL_RAND_METHOD _ksr_cryptorand_method = {
-    NULL,
-    ksr_cryptorand_bytes,
-    NULL,
-    NULL,
-    ksr_cryptorand_bytes,
-    ksr_cryptorand_status
-};
+const WOLFSSL_RAND_METHOD _ksr_cryptorand_method = {NULL, ksr_cryptorand_bytes,
+		NULL, NULL, ksr_cryptorand_bytes, ksr_cryptorand_status};
 
 const WOLFSSL_RAND_METHOD *RAND_ksr_cryptorand_method(void)
 {
-    return &_ksr_cryptorand_method;
+	return &_ksr_cryptorand_method;
 }
 
 /**

src/modules/tls_wolfssl/tls_rpc.c

@@ -41,18 +41,15 @@
 #include "tls_rpc.h"
 #include "tls_cfg.h"
 
-static const char* tls_reload_doc[2] = {
-	"Reload TLS configuration file",
-	0
-};
+static const char *tls_reload_doc[2] = {"Reload TLS configuration file", 0};
 
-static void tls_reload(rpc_t* rpc, void* ctx)
+static void tls_reload(rpc_t *rpc, void *ctx)
 {
-	tls_domains_cfg_t* cfg;
+	tls_domains_cfg_t *cfg;
 	str tls_domains_cfg_file;
 
 	tls_domains_cfg_file = cfg_get(tls, tls_cfg, config_file);
-	if (!tls_domains_cfg_file.s) {
+	if(!tls_domains_cfg_file.s) {
 		rpc->fault(ctx, 500, "No TLS configuration file configured");
 		return;
 	}
@@ -62,20 +59,23 @@ static void tls_reload(rpc_t* rpc, void* ctx)
 
 	cfg = tls_load_config(&tls_domains_cfg_file);
 
-	if (!cfg) {
-		rpc->fault(ctx, 500, "Error while loading TLS configuration file"
-							" (consult server log)");
+	if(!cfg) {
+		rpc->fault(ctx, 500,
+				"Error while loading TLS configuration file"
+				" (consult server log)");
 		return;
 	}
 
-	if (tls_fix_domains_cfg(cfg, &srv_defaults, &cli_defaults) < 0) {
-		rpc->fault(ctx, 500, "Error while fixing TLS configuration"
-								" (consult server log)");
+	if(tls_fix_domains_cfg(cfg, &srv_defaults, &cli_defaults) < 0) {
+		rpc->fault(ctx, 500,
+				"Error while fixing TLS configuration"
+				" (consult server log)");
 		goto error;
 	}
-	if (tls_check_sockets(cfg) < 0) {
-		rpc->fault(ctx, 500, "No server listening socket found for one of"
-							" TLS domains (consult server log)");
+	if(tls_check_sockets(cfg) < 0) {
+		rpc->fault(ctx, 500,
+				"No server listening socket found for one of"
+				" TLS domains (consult server log)");
 		goto error;
 	}
 
@@ -90,124 +90,112 @@ static void tls_reload(rpc_t* rpc, void* ctx)
 	rpc->rpl_printf(ctx, "Ok. TLS configuration reloaded.");
 	return;
 
- error:
+error:
 	tls_free_cfg(cfg);
-
 }
 
 
-static const char* tls_list_doc[2] = {
-	"List currently open TLS connections",
-	0
-};
+static const char *tls_list_doc[2] = {"List currently open TLS connections", 0};
 
-extern gen_lock_t* tcpconn_lock;
-extern struct tcp_connection** tcpconn_id_hash;
+extern gen_lock_t *tcpconn_lock;
+extern struct tcp_connection **tcpconn_id_hash;
 
-static void tls_list(rpc_t* rpc, void* c)
+static void tls_list(rpc_t *rpc, void *c)
 {
 	char buf[128];
 	char src_ip[IP_ADDR_MAX_STR_SIZE];
 	char dst_ip[IP_ADDR_MAX_STR_SIZE];
-	void* handle;
-	char* tls_info;
-	char* state;
-	struct tls_extra_data* tls_d;
-	struct tcp_connection* con;
+	void *handle;
+	char *tls_info;
+	char *state;
+	struct tls_extra_data *tls_d;
+	struct tcp_connection *con;
 	int i, len, timeout;
 	struct tm timestamp;
 	char timestamp_s[128];
-	const char* sni;
+	const char *sni;
 
 	TCPCONN_LOCK;
 	for(i = 0; i < TCP_ID_HASH_SIZE; i++) {
-		for (con = tcpconn_id_hash[i]; con; con = con->id_next) {
-			if (con->rcv.proto != PROTO_TLS) continue;
+		for(con = tcpconn_id_hash[i]; con; con = con->id_next) {
+			if(con->rcv.proto != PROTO_TLS)
+				continue;
 			tls_d = con->extra_data;
 			rpc->add(c, "{", &handle);
 			/* tcp data */
-			if ((len = ip_addr2sbuf(&con->rcv.src_ip, src_ip, sizeof(src_ip)))
+			if((len = ip_addr2sbuf(&con->rcv.src_ip, src_ip, sizeof(src_ip)))
 					== 0)
 				BUG("failed to convert source ip");
 			src_ip[len] = 0;
-			if ((len = ip_addr2sbuf(&con->rcv.dst_ip, dst_ip, sizeof(dst_ip)))
+			if((len = ip_addr2sbuf(&con->rcv.dst_ip, dst_ip, sizeof(dst_ip)))
 					== 0)
 				BUG("failed to convert destination ip");
 			dst_ip[len] = 0;
 			timeout = TICKS_TO_S(con->timeout - get_ticks_raw());
 			timestamp = *localtime(&con->timestamp);
-			if (snprintf(timestamp_s, 128, "%d-%02d-%02d %02d:%02d:%02d", timestamp.tm_year + 1900,
-					timestamp.tm_mon + 1, timestamp.tm_mday, timestamp.tm_hour,
-					timestamp.tm_min, timestamp.tm_sec) < 0) {
+			if(snprintf(timestamp_s, 128, "%d-%02d-%02d %02d:%02d:%02d",
+					   timestamp.tm_year + 1900, timestamp.tm_mon + 1,
+					   timestamp.tm_mday, timestamp.tm_hour, timestamp.tm_min,
+					   timestamp.tm_sec)
+					< 0) {
 				timestamp_s[0] = 'N';
 				timestamp_s[1] = '/';
 				timestamp_s[2] = 'A';
 				timestamp_s[3] = '\0';
 			}
 
-			if (tls_d) {
-				sni = wolfSSL_get_servername(tls_d->ssl, TLSEXT_NAMETYPE_host_name);
-				if (sni == NULL) {
+			if(tls_d) {
+				sni = wolfSSL_get_servername(
+						tls_d->ssl, TLSEXT_NAMETYPE_host_name);
+				if(sni == NULL) {
 					sni = "N/A";
 				}
 			} else {
 				sni = "N/A";
 			}
 
-			rpc->struct_add(handle, "dssdsdsd",
-					"id", con->id,
-					"sni", sni,
-					"timestamp", timestamp_s,
-					"timeout", timeout,
-					"src_ip", src_ip,
-					"src_port", con->rcv.src_port,
-					"dst_ip", dst_ip,
+			rpc->struct_add(handle, "dssdsdsd", "id", con->id, "sni", sni,
+					"timestamp", timestamp_s, "timeout", timeout, "src_ip",
+					src_ip, "src_port", con->rcv.src_port, "dst_ip", dst_ip,
 					"dst_port", con->rcv.dst_port);
-			if (tls_d) {
+			if(tls_d) {
 				if(wolfSSL_get_current_cipher(tls_d->ssl)) {
 					tls_info = wolfSSL_CIPHER_description(
-									wolfSSL_get_current_cipher(tls_d->ssl),
-									buf, sizeof(buf));
+							wolfSSL_get_current_cipher(tls_d->ssl), buf,
+							sizeof(buf));
 					len = strlen(buf);
-					if (len && buf[len - 1] == '\n') buf[len - 1] = '\0';
+					if(len && buf[len - 1] == '\n')
+						buf[len - 1] = '\0';
 				} else {
 					tls_info = "unknown";
 				}
 				/* tls data */
 				state = "unknown/error";
 				lock_get(&con->write_lock);
-					switch(tls_d->state) {
-						case S_TLS_NONE:
-							state = "none/init";
-							break;
-						case S_TLS_ACCEPTING:
-							state = "tls_accept";
-							break;
-						case S_TLS_CONNECTING:
-							state = "tls_connect";
-							break;
-						case S_TLS_ESTABLISHED:
-							state = "established";
-							break;
-					}
-					rpc->struct_add(handle, "sddds",
-							"cipher", tls_info,
-							"ct_wq_size", tls_d->ct_wq?
-											tls_d->ct_wq->queued:0,
-							"enc_rd_buf", tls_d->enc_rd_buf?
-											tls_d->enc_rd_buf->size:0,
-							"flags", tls_d->flags,
-							"state", state
-							);
+				switch(tls_d->state) {
+					case S_TLS_NONE:
+						state = "none/init";
+						break;
+					case S_TLS_ACCEPTING:
+						state = "tls_accept";
+						break;
+					case S_TLS_CONNECTING:
+						state = "tls_connect";
+						break;
+					case S_TLS_ESTABLISHED:
+						state = "established";
+						break;
+				}
+				rpc->struct_add(handle, "sddds", "cipher", tls_info,
+						"ct_wq_size", tls_d->ct_wq ? tls_d->ct_wq->queued : 0,
+						"enc_rd_buf",
+						tls_d->enc_rd_buf ? tls_d->enc_rd_buf->size : 0,
+						"flags", tls_d->flags, "state", state);
 				lock_release(&con->write_lock);
 			} else {
-				rpc->struct_add(handle, "sddds",
-						"cipher", "unknown",
-						"ct_wq_size", 0,
-						"enc_rd_buf", 0,
-						"flags", 0,
-						"state", "pre-init"
-						);
+				rpc->struct_add(handle, "sddds", "cipher", "unknown",
+						"ct_wq_size", 0, "enc_rd_buf", 0, "flags", 0, "state",
+						"pre-init");
 			}
 		}
 	}
@@ -215,73 +203,62 @@ static void tls_list(rpc_t* rpc, void* c)
 }
 
 
+static const char *tls_info_doc[2] = {"Returns internal tls related info.", 0};
 
-static const char* tls_info_doc[2] = {
-	"Returns internal tls related info.",
-	0 };
-
-static void tls_info(rpc_t* rpc, void* c)
+static void tls_info(rpc_t *rpc, void *c)
 {
 	struct tcp_gen_info ti;
-	void* handle;
+	void *handle;
 
 	tcp_get_info(&ti);
 	rpc->add(c, "{", &handle);
-	rpc->struct_add(handle, "ddd",
-			"max_connections", ti.tls_max_connections,
+	rpc->struct_add(handle, "ddd", "max_connections", ti.tls_max_connections,
 			"opened_connections", ti.tls_connections_no,
 			"clear_text_write_queued_bytes", tls_ct_wq_total_bytes());
 }
 
 
+static const char *tls_options_doc[2] = {
+		"Dumps all the tls config options.", 0};
 
-static const char* tls_options_doc[2] = {
-	"Dumps all the tls config options.",
-	0 };
-
-static void tls_options(rpc_t* rpc, void* c)
+static void tls_options(rpc_t *rpc, void *c)
 {
-	void* handle;
+	void *handle;
 	rpc->add(c, "{", &handle);
-	rpc->struct_add(handle, "dSdddSSSSSdSSdddddddddddddd",
-		"force_run",	cfg_get(tls, tls_cfg, force_run),
-		"method",		&cfg_get(tls, tls_cfg, method),
-		"verify_certificate", cfg_get(tls, tls_cfg, verify_cert),
-
-		"verify_depth",		cfg_get(tls, tls_cfg, verify_depth),
-		"require_certificate",	cfg_get(tls, tls_cfg, require_cert),
-		"verify_client",	&cfg_get(tls, tls_cfg, verify_client),
-		"private_key",		&cfg_get(tls, tls_cfg, private_key),
-		"ca_list",			&cfg_get(tls, tls_cfg, ca_list),
-		"certificate",		&cfg_get(tls, tls_cfg, certificate),
-		"cipher_list",		&cfg_get(tls, tls_cfg, cipher_list),
-		"session_cache",	cfg_get(tls, tls_cfg, session_cache),
-		"session_id",		&cfg_get(tls, tls_cfg, session_id),
-		"config",			&cfg_get(tls, tls_cfg, config_file),
-		"log",				cfg_get(tls, tls_cfg, log),
-		"debug",			cfg_get(tls, tls_cfg, debug),
-		"connection_timeout", TICKS_TO_S(cfg_get(tls, tls_cfg, con_lifetime)),
-		"disable_compression",	cfg_get(tls, tls_cfg, disable_compression),
-		"ssl_release_buffers",	cfg_get(tls, tls_cfg, ssl_release_buffers),
-		"ssl_freelist_max",		cfg_get(tls, tls_cfg, ssl_freelist_max),
-		"ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment),
-		"ssl_read_ahead",		cfg_get(tls, tls_cfg, ssl_read_ahead),
-		"send_close_notify",	cfg_get(tls, tls_cfg, send_close_notify),
-		"low_mem_threshold1",	cfg_get(tls, tls_cfg, low_mem_threshold1),
-		"low_mem_threshold2",	cfg_get(tls, tls_cfg, low_mem_threshold2),
-		"ct_wq_max",			cfg_get(tls, tls_cfg, ct_wq_max),
-		"con_ct_wq_max",		cfg_get(tls, tls_cfg, con_ct_wq_max),
-		"ct_wq_blk_size",		cfg_get(tls, tls_cfg, ct_wq_blk_size)
-		);
+	rpc->struct_add(handle, "dSdddSSSSSdSSdddddddddddddd", "force_run",
+			cfg_get(tls, tls_cfg, force_run), "method",
+			&cfg_get(tls, tls_cfg, method), "verify_certificate",
+			cfg_get(tls, tls_cfg, verify_cert),
+
+			"verify_depth", cfg_get(tls, tls_cfg, verify_depth),
+			"require_certificate", cfg_get(tls, tls_cfg, require_cert),
+			"verify_client", &cfg_get(tls, tls_cfg, verify_client),
+			"private_key", &cfg_get(tls, tls_cfg, private_key), "ca_list",
+			&cfg_get(tls, tls_cfg, ca_list), "certificate",
+			&cfg_get(tls, tls_cfg, certificate), "cipher_list",
+			&cfg_get(tls, tls_cfg, cipher_list), "session_cache",
+			cfg_get(tls, tls_cfg, session_cache), "session_id",
+			&cfg_get(tls, tls_cfg, session_id), "config",
+			&cfg_get(tls, tls_cfg, config_file), "log",
+			cfg_get(tls, tls_cfg, log), "debug", cfg_get(tls, tls_cfg, debug),
+			"connection_timeout",
+			TICKS_TO_S(cfg_get(tls, tls_cfg, con_lifetime)),
+			"disable_compression", cfg_get(tls, tls_cfg, disable_compression),
+			"ssl_release_buffers", cfg_get(tls, tls_cfg, ssl_release_buffers),
+			"ssl_freelist_max", cfg_get(tls, tls_cfg, ssl_freelist_max),
+			"ssl_max_send_fragment",
+			cfg_get(tls, tls_cfg, ssl_max_send_fragment), "ssl_read_ahead",
+			cfg_get(tls, tls_cfg, ssl_read_ahead), "send_close_notify",
+			cfg_get(tls, tls_cfg, send_close_notify), "low_mem_threshold1",
+			cfg_get(tls, tls_cfg, low_mem_threshold1), "low_mem_threshold2",
+			cfg_get(tls, tls_cfg, low_mem_threshold2), "ct_wq_max",
+			cfg_get(tls, tls_cfg, ct_wq_max), "con_ct_wq_max",
+			cfg_get(tls, tls_cfg, con_ct_wq_max), "ct_wq_blk_size",
+			cfg_get(tls, tls_cfg, ct_wq_blk_size));
 }
 
 
-
-
-rpc_export_t tls_rpc[] = {
-	{"tls.reload", tls_reload, tls_reload_doc, 0},
-	{"tls.list",   tls_list,   tls_list_doc,   RET_ARRAY},
-	{"tls.info",   tls_info,   tls_info_doc, 0},
-	{"tls.options",tls_options, tls_options_doc, 0},
-	{0, 0, 0, 0}
-};
+rpc_export_t tls_rpc[] = {{"tls.reload", tls_reload, tls_reload_doc, 0},
+		{"tls.list", tls_list, tls_list_doc, RET_ARRAY},
+		{"tls.info", tls_info, tls_info_doc, 0},
+		{"tls.options", tls_options, tls_options_doc, 0}, {0, 0, 0, 0}};

src/modules/tls_wolfssl/tls_select.h

@@ -47,6 +47,6 @@ extern pv_export_t tls_pv[];
 
 void tls_set_pv_con(struct tcp_connection *c);
 
-sr_kemi_xval_t* ki_tls_cget_attr(sip_msg_t* msg, str *aname);
+sr_kemi_xval_t *ki_tls_cget_attr(sip_msg_t *msg, str *aname);
 
 #endif /* _TLS_SELECT_H */

src/modules/tls_wolfssl/tls_server.h

@@ -34,34 +34,37 @@
 #include "tls_domain.h"
 #include "tls_ct_wrq.h"
 
-typedef enum tls_conn_states {
-						S_TLS_NONE = 0,
-						S_TLS_ACCEPTING,
-						S_TLS_CONNECTING,
-						S_TLS_ESTABLISHED
-					} tls_conn_states_t;
-
-typedef struct tls_rd_buf {
-	unsigned int pos; /* current position */
+typedef enum tls_conn_states
+{
+	S_TLS_NONE = 0,
+	S_TLS_ACCEPTING,
+	S_TLS_CONNECTING,
+	S_TLS_ESTABLISHED
+} tls_conn_states_t;
+
+typedef struct tls_rd_buf
+{
+	unsigned int pos;  /* current position */
 	unsigned int size; /* total size (buf) */
 	unsigned char buf[1];
 } tls_rd_buf_t;
 
 /* tls conn flags */
-#define F_TLS_CON_WR_WANTS_RD    1 /* write wants read */
-#define F_TLS_CON_HANDSHAKED     2 /* connection is handshaked */
-#define F_TLS_CON_RENEGOTIATION  4 /* renegotiation by clinet */
-
-typedef struct tls_extra_data {
-	tls_domains_cfg_t* cfg; /* Configuration used for this connection */
-	SSL* ssl;               /* SSL context used for the connection */
-	BIO* rwbio;             /* bio used for read/write
+#define F_TLS_CON_WR_WANTS_RD 1	  /* write wants read */
+#define F_TLS_CON_HANDSHAKED 2	  /* connection is handshaked */
+#define F_TLS_CON_RENEGOTIATION 4 /* renegotiation by clinet */
+
+typedef struct tls_extra_data
+{
+	tls_domains_cfg_t *cfg; /* Configuration used for this connection */
+	SSL *ssl;				/* SSL context used for the connection */
+	BIO *rwbio;				/* bio used for read/write
 							 * (openssl code might add buffering BIOs so
 							 * it's better to remember our original BIO) */
-	tls_ct_q* ct_wq;
-	struct tls_rd_buf* enc_rd_buf;
+	tls_ct_q *ct_wq;
+	struct tls_rd_buf *enc_rd_buf;
 	unsigned int flags;
-	enum  tls_conn_states state;
+	enum tls_conn_states state;
 } tls_extra_data_t;
 
 
@@ -84,16 +87,16 @@ void tls_h_tcpconn_clean_f(struct tcp_connection *c);
  */
 void tls_h_tcpconn_close_f(struct tcp_connection *c, int fd);
 
-int tls_h_encode_f(struct tcp_connection *c, const char ** pbuf,
-		unsigned int* plen, const char** rest_buf, unsigned int* rest_len,
-		snd_flags_t* send_flags) ;
+int tls_h_encode_f(struct tcp_connection *c, const char **pbuf,
+		unsigned int *plen, const char **rest_buf, unsigned int *rest_len,
+		snd_flags_t *send_flags);
 
-int tls_h_read_f(struct tcp_connection *c, rd_conn_flags_t* flags);
+int tls_h_read_f(struct tcp_connection *c, rd_conn_flags_t *flags);
 
 int tls_h_fix_read_conn(struct tcp_connection *c);
 
-int tls_connect(struct tcp_connection *c, int* error);
-int tls_accept(struct tcp_connection *c, int* error);
+int tls_connect(struct tcp_connection *c, int *error);
+int tls_accept(struct tcp_connection *c, int *error);
 
 void tls_lookup_event_routes(void);
 int ksr_tls_set_connect_server_id(str *srvid);

src/modules/tls_wolfssl/tls_util.c

@@ -41,25 +41,25 @@
  * Return value: -1 on error
  *                0 on success
  */
-int shm_asciiz_dup(char** dest, char* val)
+int shm_asciiz_dup(char **dest, char *val)
 {
-	char* ret;
+	char *ret;
 	int len;
 
-	if (!val) {
+	if(!val) {
 		*dest = NULL;
 		return 0;
 	}
 
 	len = strlen(val);
 	ret = shm_malloc(len + 1);
-	if (!ret) {
+	if(!ret) {
 		ERR("No memory left\n");
 		return -1;
 	}
 	memcpy(ret, val, len + 1);
 	*dest = ret;
-        return 0;
+	return 0;
 }
 
 
@@ -70,12 +70,12 @@ void collect_garbage(void)
 {
 	tls_domains_cfg_t *prev, *cur, *next;
 
-	     /* Make sure we do not run two garbage collectors
+	/* Make sure we do not run two garbage collectors
 	      * at the same time
 	      */
 	lock_get(tls_domains_cfg_lock);
 
-	     /* Skip the current configuration, garbage starts
+	/* Skip the current configuration, garbage starts
 	      * with the 2nd element on the list
 	      */
 	prev = *tls_domains_cfg;
@@ -83,7 +83,7 @@ void collect_garbage(void)
 
 	while(cur) {
 		next = cur->next;
-		if (atomic_get(&cur->ref_count) == 0) {
+		if(atomic_get(&cur->ref_count) == 0) {
 			/* Not referenced by any existing connection */
 			prev->next = cur->next;
 			tls_free_cfg(cur);
@@ -96,4 +96,3 @@ void collect_garbage(void)
 
 	lock_release(tls_domains_cfg_lock);
 }
-

src/modules/tls_wolfssl/tls_util.h

@@ -33,16 +33,15 @@
 #include "../../core/str.h"
 #include "tls_domain.h"
 
-static inline int tls_err_ret(char *s, SSL* ssl,
-		tls_domains_cfg_t **tls_domains_cfg)
+static inline int tls_err_ret(
+		char *s, SSL *ssl, tls_domains_cfg_t **tls_domains_cfg)
 {
 	long err;
 	int ret = 0;
 	const char *sn = NULL;
 
-	if ((*tls_domains_cfg)->srv_default->ctx &&
-		(*tls_domains_cfg)->srv_default->ctx[0])
-	{
+	if((*tls_domains_cfg)->srv_default->ctx
+			&& (*tls_domains_cfg)->srv_default->ctx[0]) {
 		if(ssl) {
 			sn = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
 		}
@@ -55,28 +54,28 @@ static inline int tls_err_ret(char *s, SSL* ssl,
 	return ret;
 }
 
-#define TLS_ERR_RET(r, s) \
-do { \
-	(r) = tls_err_ret((s), NULL, tls_domains_cfg); \
-} while(0)
+#define TLS_ERR_RET(r, s)                              \
+	do {                                               \
+		(r) = tls_err_ret((s), NULL, tls_domains_cfg); \
+	} while(0)
 
 
-#define TLS_ERR(s) \
-do { \
-	tls_err_ret((s), NULL, tls_domains_cfg); \
-} while(0)
+#define TLS_ERR(s)                               \
+	do {                                         \
+		tls_err_ret((s), NULL, tls_domains_cfg); \
+	} while(0)
 
-#define TLS_ERR_SSL(s, ssl) \
-do { \
-	tls_err_ret((s), (ssl), tls_domains_cfg); \
-} while(0)
+#define TLS_ERR_SSL(s, ssl)                       \
+	do {                                          \
+		tls_err_ret((s), (ssl), tls_domains_cfg); \
+	} while(0)
 
 /*
  * Make a shared memory copy of ASCII zero terminated string
  * Return value: -1 on error
  *                0 on success
  */
-int shm_asciiz_dup(char** dest, char* val);
+int shm_asciiz_dup(char **dest, char *val);
 
 
 /*

src/modules/tls_wolfssl/tls_verify.c

@@ -33,19 +33,20 @@
 /* This callback is called during each verification process,
    at each step during the chain of certificates (this function
    is not the certificate_verification one!). */
-int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) {
+int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx)
+{
 	char buf[256];
 	X509 *err_cert;
 	int err, depth;
 
 	depth = X509_STORE_CTX_get_error_depth(ctx);
-	LM_DBG("tls init - depth = %d\n",depth);
-	if ( depth > VERIFY_DEPTH_S ) {
+	LM_DBG("tls init - depth = %d\n", depth);
+	if(depth > VERIFY_DEPTH_S) {
 		LM_NOTICE("tls init - cert chain too long ( depth > VERIFY_DEPTH_S)\n");
-		pre_verify_ok=0;
+		pre_verify_ok = 0;
 	}
 
-	if( pre_verify_ok ) {
+	if(pre_verify_ok) {
 		LM_NOTICE("tls init - preverify is good: verify return: %d\n",
 				pre_verify_ok);
 		return pre_verify_ok;
@@ -53,21 +54,20 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) {
 
 	err_cert = X509_STORE_CTX_get_current_cert(ctx);
 	err = X509_STORE_CTX_get_error(ctx);
-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
+	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
 
 	LM_NOTICE("tls init - subject = %s\n", buf);
 	LM_NOTICE("tls init - verify error - num=%d:%s\n", err,
 			X509_verify_cert_error_string(err));
-	LM_NOTICE("tls init - error code is %d (depth: %d)\n",
-			err, depth);
+	LM_NOTICE("tls init - error code is %d (depth: %d)\n", err, depth);
 
-	switch (err) {
+	switch(err) {
 		case X509_V_OK:
 			LM_NOTICE("tls init - all ok\n");
 			break;
 		case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-			X509_NAME_oneline(X509_get_issuer_name(err_cert),buf,sizeof buf);
-			LM_NOTICE("tls init - issuer= %s\n",buf);
+			X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf);
+			LM_NOTICE("tls init - issuer= %s\n", buf);
 			break;
 
 		case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
@@ -119,17 +119,19 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) {
 
 		default:
 			LM_NOTICE("tls init - something wrong with the"
-					" cert ... error code is %d (check x509_vfy.h)\n",
+					  " cert ... error code is %d (check x509_vfy.h)\n",
 					err);
 			break;
 	}
 
 	LM_NOTICE("tls init - verify return: %d\n", pre_verify_ok);
-	return(pre_verify_ok);
+	return (pre_verify_ok);
 }
 
 
-int verify_callback_unconditional_success(int pre_verify_ok, X509_STORE_CTX *ctx) {
+int verify_callback_unconditional_success(
+		int pre_verify_ok, X509_STORE_CTX *ctx)
+{
 	LM_NOTICE("Post-verification callback: unconditional success\n");
 	return 1;
 }

src/modules/tls_wolfssl/tls_verify.h

@@ -37,6 +37,7 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx);
 /* Post-verification callback handler which unconditionally returns 1 (success)
    Note that actual verification result can be retrieved through TLS PVs after-the-fact
  */
-int verify_callback_unconditional_success(int pre_verify_ok, X509_STORE_CTX *ctx);
+int verify_callback_unconditional_success(
+		int pre_verify_ok, X509_STORE_CTX *ctx);
 
 #endif /* _TLS_VERIFY_H */

src/modules/tls_wolfssl/tls_wolfssl_mod.c

@@ -56,10 +56,10 @@
 #include "tls_rand.h"
 
 #ifndef TLS_HOOKS
-	#error "TLS_HOOKS must be defined, or the tls module won't work"
+#error "TLS_HOOKS must be defined, or the tls module won't work"
 #endif
 #ifdef CORE_TLS
-	#error "conflict: CORE_TLS must _not_ be defined"
+#error "conflict: CORE_TLS must _not_ be defined"
 #endif
 
 /*
@@ -82,10 +82,10 @@ static int mod_init(void);
 static int mod_child(int rank);
 static void destroy(void);
 
-static int w_is_peer_verified(struct sip_msg* msg, char* p1, char* p2);
-static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2);
+static int w_is_peer_verified(struct sip_msg *msg, char *p1, char *p2);
+static int w_tls_set_connect_server_id(sip_msg_t *msg, char *psrvid, char *p2);
 
-int ksr_rand_engine_param(modparam_t type, void* val);
+int ksr_rand_engine_param(modparam_t type, void *val);
 
 MODULE_VERSION
 
@@ -96,25 +96,25 @@ str sr_tls_xavp_cfg = {0, 0};
  * Default settings when modparams are used
  */
 static tls_domain_t mod_params = {
-	TLS_DOMAIN_DEF | TLS_DOMAIN_SRV,   /* Domain Type */
-	{},               /* IP address */
-	0,                /* Port number */
-	0,                /* SSL ctx */
-	STR_STATIC_INIT(TLS_CERT_FILE),    /* Certificate file */
-	STR_STATIC_INIT(TLS_PKEY_FILE),    /* Private key file */
-	0,                /* Verify certificate */
-	9,                /* Verify depth */
-	STR_STATIC_INIT(TLS_CA_FILE),      /* CA file */
-	STR_STATIC_INIT(TLS_CA_PATH),      /* CA path */
-	0,                /* Require certificate */
-	{0, 0},                /* Cipher list */
-	TLS_USE_TLSv1_PLUS,   /* TLS method */
-	STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
-	{0, 0},           /* Server name (SNI) */
-	0,                /* Server name (SNI) mode */
-	{0, 0},           /* Server id */
-	TLS_VERIFY_CLIENT_OFF,             /* Verify client */
-	0                 /* next */
+		TLS_DOMAIN_DEF | TLS_DOMAIN_SRV, /* Domain Type */
+		{},								 /* IP address */
+		0,								 /* Port number */
+		0,								 /* SSL ctx */
+		STR_STATIC_INIT(TLS_CERT_FILE),	 /* Certificate file */
+		STR_STATIC_INIT(TLS_PKEY_FILE),	 /* Private key file */
+		0,								 /* Verify certificate */
+		9,								 /* Verify depth */
+		STR_STATIC_INIT(TLS_CA_FILE),	 /* CA file */
+		STR_STATIC_INIT(TLS_CA_PATH),	 /* CA path */
+		0,								 /* Require certificate */
+		{0, 0},							 /* Cipher list */
+		TLS_USE_TLSv1_PLUS,				 /* TLS method */
+		STR_STATIC_INIT(TLS_CRL_FILE),	 /* Certificate revocation list */
+		{0, 0},							 /* Server name (SNI) */
+		0,								 /* Server name (SNI) mode */
+		{0, 0},							 /* Server id */
+		TLS_VERIFY_CLIENT_OFF,			 /* Verify client */
+		0								 /* next */
 };
 
 
@@ -122,25 +122,25 @@ static tls_domain_t mod_params = {
  * Default settings for server domains when using external config file
  */
 tls_domain_t srv_defaults = {
-	TLS_DOMAIN_DEF | TLS_DOMAIN_SRV,   /* Domain Type */
-	{},               /* IP address */
-	0,                /* Port number */
-	0,                /* SSL ctx */
-	STR_STATIC_INIT(TLS_CERT_FILE),    /* Certificate file */
-	STR_STATIC_INIT(TLS_PKEY_FILE),    /* Private key file */
-	0,                /* Verify certificate */
-	9,                /* Verify depth */
-	STR_STATIC_INIT(TLS_CA_FILE),      /* CA file */
-	STR_STATIC_INIT(TLS_CA_PATH),      /* CA path */
-	0,                /* Require certificate */
-	{0, 0},                /* Cipher list */
-	TLS_USE_TLSv1_PLUS,    /* TLS method */
-	STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
-	{0, 0},           /* Server name (SNI) */
-	0,                /* Server name (SNI) mode */
-	{0, 0},           /* Server id */
-	TLS_VERIFY_CLIENT_OFF,             /* Verify client */
-	0                 /* next */
+		TLS_DOMAIN_DEF | TLS_DOMAIN_SRV, /* Domain Type */
+		{},								 /* IP address */
+		0,								 /* Port number */
+		0,								 /* SSL ctx */
+		STR_STATIC_INIT(TLS_CERT_FILE),	 /* Certificate file */
+		STR_STATIC_INIT(TLS_PKEY_FILE),	 /* Private key file */
+		0,								 /* Verify certificate */
+		9,								 /* Verify depth */
+		STR_STATIC_INIT(TLS_CA_FILE),	 /* CA file */
+		STR_STATIC_INIT(TLS_CA_PATH),	 /* CA path */
+		0,								 /* Require certificate */
+		{0, 0},							 /* Cipher list */
+		TLS_USE_TLSv1_PLUS,				 /* TLS method */
+		STR_STATIC_INIT(TLS_CRL_FILE),	 /* Certificate revocation list */
+		{0, 0},							 /* Server name (SNI) */
+		0,								 /* Server name (SNI) mode */
+		{0, 0},							 /* Server id */
+		TLS_VERIFY_CLIENT_OFF,			 /* Verify client */
+		0								 /* next */
 };
 
 
@@ -148,34 +148,33 @@ tls_domain_t srv_defaults = {
  * Default settings for client domains when using external config file
  */
 tls_domain_t cli_defaults = {
-	TLS_DOMAIN_DEF | TLS_DOMAIN_CLI,   /* Domain Type */
-	{},               /* IP address */
-	0,                /* Port number */
-	0,                /* SSL ctx */
-	{0, 0},                /* Certificate file */
-	{0, 0},                /* Private key file */
-	0,                /* Verify certificate */
-	9,                /* Verify depth */
-	STR_STATIC_INIT(TLS_CA_FILE),      /* CA file */
-	STR_STATIC_INIT(TLS_CA_PATH),      /* CA path */
-	0,                /* Require certificate */
-	{0, 0},                /* Cipher list */
-	TLS_USE_TLSv1_PLUS,    /* TLS method */
-	{0, 0}, /* Certificate revocation list */
-	{0, 0},           /* Server name (SNI) */
-	0,                /* Server name (SNI) mode */
-	{0, 0},           /* Server id */
-	TLS_VERIFY_CLIENT_OFF,             /* Verify client */
-	0                 /* next */
+		TLS_DOMAIN_DEF | TLS_DOMAIN_CLI, /* Domain Type */
+		{},								 /* IP address */
+		0,								 /* Port number */
+		0,								 /* SSL ctx */
+		{0, 0},							 /* Certificate file */
+		{0, 0},							 /* Private key file */
+		0,								 /* Verify certificate */
+		9,								 /* Verify depth */
+		STR_STATIC_INIT(TLS_CA_FILE),	 /* CA file */
+		STR_STATIC_INIT(TLS_CA_PATH),	 /* CA path */
+		0,								 /* Require certificate */
+		{0, 0},							 /* Cipher list */
+		TLS_USE_TLSv1_PLUS,				 /* TLS method */
+		{0, 0},							 /* Certificate revocation list */
+		{0, 0},							 /* Server name (SNI) */
+		0,								 /* Server name (SNI) mode */
+		{0, 0},							 /* Server id */
+		TLS_VERIFY_CLIENT_OFF,			 /* Verify client */
+		0								 /* next */
 };
 
 
-
 /* Current TLS configuration */
-tls_domains_cfg_t** tls_domains_cfg = NULL;
+tls_domains_cfg_t **tls_domains_cfg = NULL;
 
 /* List lock, used by garbage collector */
-gen_lock_t* tls_domains_cfg_lock = NULL;
+gen_lock_t *tls_domains_cfg_lock = NULL;
 
 
 int sr_tls_renegotiation = 0;
@@ -184,57 +183,57 @@ int sr_tls_renegotiation = 0;
  * Exported functions
  */
 static cmd_export_t cmds[] = {
-	{"is_peer_verified", (cmd_function)w_is_peer_verified,   0, 0, 0,
-			REQUEST_ROUTE},
-	{"tls_set_connect_server_id", (cmd_function)w_tls_set_connect_server_id,
-		1, fixup_spve_null, fixup_free_spve_null, ANY_ROUTE},
-	{0,0,0,0,0,0}
-};
+		{"is_peer_verified", (cmd_function)w_is_peer_verified, 0, 0, 0,
+				REQUEST_ROUTE},
+		{"tls_set_connect_server_id", (cmd_function)w_tls_set_connect_server_id,
+				1, fixup_spve_null, fixup_free_spve_null, ANY_ROUTE},
+		{0, 0, 0, 0, 0, 0}};
 
 
 /*
  * Exported parameters
  */
 static param_export_t params[] = {
-	{"tls_method",          PARAM_STR,    &default_tls_cfg.method       },
-	{"server_name",         PARAM_STR,    &default_tls_cfg.server_name  },
-	{"verify_certificate",  PARAM_INT,    &default_tls_cfg.verify_cert  },
-	{"verify_depth",        PARAM_INT,    &default_tls_cfg.verify_depth },
-	{"require_certificate", PARAM_INT,    &default_tls_cfg.require_cert },
-	{"verify_client",       PARAM_STR,    &default_tls_cfg.verify_client},
-	{"private_key",         PARAM_STR,    &default_tls_cfg.private_key  },
-	{"ca_list",             PARAM_STR,    &default_tls_cfg.ca_list      },
-	{"ca_path",             PARAM_STR,    &default_tls_cfg.ca_path      },
-	{"certificate",         PARAM_STR,    &default_tls_cfg.certificate  },
-	{"crl",                 PARAM_STR,    &default_tls_cfg.crl          },
-	{"cipher_list",         PARAM_STR,    &default_tls_cfg.cipher_list  },
-	{"connection_timeout",  PARAM_INT,    &default_tls_cfg.con_lifetime },
-	{"tls_log",             PARAM_INT,    &default_tls_cfg.log          },
-	{"tls_debug",           PARAM_INT,    &default_tls_cfg.debug        },
-	{"session_cache",       PARAM_INT,    &default_tls_cfg.session_cache},
-	{"session_id",          PARAM_STR,    &default_tls_cfg.session_id   },
-	{"config",              PARAM_STR,    &default_tls_cfg.config_file  },
-	{"tls_disable_compression", PARAM_INT,
-										&default_tls_cfg.disable_compression},
-	{"ssl_release_buffers",   PARAM_INT, &default_tls_cfg.ssl_release_buffers},
-	{"ssl_freelist_max_len",  PARAM_INT,  &default_tls_cfg.ssl_freelist_max},
-	{"ssl_max_send_fragment", PARAM_INT,
-										&default_tls_cfg.ssl_max_send_fragment},
-	{"ssl_read_ahead",        PARAM_INT,    &default_tls_cfg.ssl_read_ahead},
-	{"send_close_notify",   PARAM_INT,    &default_tls_cfg.send_close_notify},
-	{"con_ct_wq_max",      PARAM_INT,    &default_tls_cfg.con_ct_wq_max},
-	{"ct_wq_max",          PARAM_INT,    &default_tls_cfg.ct_wq_max},
-	{"ct_wq_blk_size",     PARAM_INT,    &default_tls_cfg.ct_wq_blk_size},
-	{"tls_force_run",       PARAM_INT,    &default_tls_cfg.force_run},
-	{"low_mem_threshold1",  PARAM_INT,    &default_tls_cfg.low_mem_threshold1},
-	{"low_mem_threshold2",  PARAM_INT,    &default_tls_cfg.low_mem_threshold2},
-	{"renegotiation",       PARAM_INT,    &sr_tls_renegotiation},
-	{"xavp_cfg",            PARAM_STR,    &sr_tls_xavp_cfg},
-	{"event_callback",      PARAM_STR,    &sr_tls_event_callback},
-	{"rand_engine",         PARAM_STR|USE_FUNC_PARAM, (void*)ksr_rand_engine_param},
-
-	{0, 0, 0}
-};
+		{"tls_method", PARAM_STR, &default_tls_cfg.method},
+		{"server_name", PARAM_STR, &default_tls_cfg.server_name},
+		{"verify_certificate", PARAM_INT, &default_tls_cfg.verify_cert},
+		{"verify_depth", PARAM_INT, &default_tls_cfg.verify_depth},
+		{"require_certificate", PARAM_INT, &default_tls_cfg.require_cert},
+		{"verify_client", PARAM_STR, &default_tls_cfg.verify_client},
+		{"private_key", PARAM_STR, &default_tls_cfg.private_key},
+		{"ca_list", PARAM_STR, &default_tls_cfg.ca_list},
+		{"ca_path", PARAM_STR, &default_tls_cfg.ca_path},
+		{"certificate", PARAM_STR, &default_tls_cfg.certificate},
+		{"crl", PARAM_STR, &default_tls_cfg.crl},
+		{"cipher_list", PARAM_STR, &default_tls_cfg.cipher_list},
+		{"connection_timeout", PARAM_INT, &default_tls_cfg.con_lifetime},
+		{"tls_log", PARAM_INT, &default_tls_cfg.log},
+		{"tls_debug", PARAM_INT, &default_tls_cfg.debug},
+		{"session_cache", PARAM_INT, &default_tls_cfg.session_cache},
+		{"session_id", PARAM_STR, &default_tls_cfg.session_id},
+		{"config", PARAM_STR, &default_tls_cfg.config_file},
+		{"tls_disable_compression", PARAM_INT,
+				&default_tls_cfg.disable_compression},
+		{"ssl_release_buffers", PARAM_INT,
+				&default_tls_cfg.ssl_release_buffers},
+		{"ssl_freelist_max_len", PARAM_INT, &default_tls_cfg.ssl_freelist_max},
+		{"ssl_max_send_fragment", PARAM_INT,
+				&default_tls_cfg.ssl_max_send_fragment},
+		{"ssl_read_ahead", PARAM_INT, &default_tls_cfg.ssl_read_ahead},
+		{"send_close_notify", PARAM_INT, &default_tls_cfg.send_close_notify},
+		{"con_ct_wq_max", PARAM_INT, &default_tls_cfg.con_ct_wq_max},
+		{"ct_wq_max", PARAM_INT, &default_tls_cfg.ct_wq_max},
+		{"ct_wq_blk_size", PARAM_INT, &default_tls_cfg.ct_wq_blk_size},
+		{"tls_force_run", PARAM_INT, &default_tls_cfg.force_run},
+		{"low_mem_threshold1", PARAM_INT, &default_tls_cfg.low_mem_threshold1},
+		{"low_mem_threshold2", PARAM_INT, &default_tls_cfg.low_mem_threshold2},
+		{"renegotiation", PARAM_INT, &sr_tls_renegotiation},
+		{"xavp_cfg", PARAM_STR, &sr_tls_xavp_cfg},
+		{"event_callback", PARAM_STR, &sr_tls_event_callback},
+		{"rand_engine", PARAM_STR | USE_FUNC_PARAM,
+				(void *)ksr_rand_engine_param},
+
+		{0, 0, 0}};
 
 #ifndef MOD_NAME
 #define MOD_NAME "tls_wolfssl"
@@ -244,34 +243,32 @@ static param_export_t params[] = {
  * Module interface
  */
 struct module_exports exports = {
-	MOD_NAME,        /* module name */
-	DEFAULT_DLFLAGS, /* dlopen flags */
-	cmds,            /* exported functions */
-	params,          /* exported parameters */
-	0,               /* exported rpc command */
-	tls_pv,          /* exported pseudo-variables */
-	0,               /* response handling function */
-	mod_init,        /* module init function */
-	mod_child,       /* child initi function */
-	destroy          /* destroy function */
+		MOD_NAME,		 /* module name */
+		DEFAULT_DLFLAGS, /* dlopen flags */
+		cmds,			 /* exported functions */
+		params,			 /* exported parameters */
+		0,				 /* exported rpc command */
+		tls_pv,			 /* exported pseudo-variables */
+		0,				 /* response handling function */
+		mod_init,		 /* module init function */
+		mod_child,		 /* child initi function */
+		destroy			 /* destroy function */
 };
 
 
-
 static struct tls_hooks tls_h = {
-	tls_h_read_f,
-	tls_h_encode_f,
-	tls_h_tcpconn_init_f,
-	tls_h_tcpconn_clean_f,
-	tls_h_tcpconn_close_f,
-	tls_h_init_si_f,
-	tls_h_mod_init_f,
-	tls_h_mod_destroy_f,
-	tls_h_mod_pre_init_f,
+		tls_h_read_f,
+		tls_h_encode_f,
+		tls_h_tcpconn_init_f,
+		tls_h_tcpconn_clean_f,
+		tls_h_tcpconn_close_f,
+		tls_h_init_si_f,
+		tls_h_mod_init_f,
+		tls_h_mod_destroy_f,
+		tls_h_mod_pre_init_f,
 };
 
 
-
 #if 0
 /*
  * Create TLS configuration from modparams
@@ -293,24 +290,24 @@ static int mod_init(void)
 	int method;
 	int verify_client;
 
-	if (tls_disable){
+	if(tls_disable) {
 		LM_WARN("tls support is disabled "
 				"(set enable_tls=1 in the config to enable it)\n");
 		return 0;
 	}
-	if (fix_tls_cfg(&default_tls_cfg) < 0 ) {
+	if(fix_tls_cfg(&default_tls_cfg) < 0) {
 		LM_ERR("initial tls configuration fixup failed\n");
 		return -1;
 	}
 	/* declare configuration */
-	if (cfg_declare("tls", tls_cfg_def, &default_tls_cfg,
-							cfg_sizeof(tls), (void **)&tls_cfg)) {
+	if(cfg_declare("tls", tls_cfg_def, &default_tls_cfg, cfg_sizeof(tls),
+			   (void **)&tls_cfg)) {
 		LM_ERR("failed to register the configuration\n");
 		return -1;
 	}
 	/* Convert tls_method parameter to integer */
 	method = tls_parse_method(&cfg_get(tls, tls_cfg, method));
-	if (method < 0) {
+	if(method < 0) {
 		LM_ERR("Invalid tls_method parameter value\n");
 		return -1;
 	}
@@ -326,16 +323,17 @@ static int mod_init(void)
 	mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list);
 	mod_params.server_name = cfg_get(tls, tls_cfg, server_name);
 	/* Convert verify_client parameter to integer */
-	verify_client = tls_parse_verify_client(&cfg_get(tls, tls_cfg, verify_client));
-	if (verify_client < 0) {
+	verify_client =
+			tls_parse_verify_client(&cfg_get(tls, tls_cfg, verify_client));
+	if(verify_client < 0) {
 		LM_ERR("Invalid tls_method parameter value\n");
 		return -1;
 	}
 	mod_params.verify_client = verify_client;
 
 	tls_domains_cfg =
-			(tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));
-	if (!tls_domains_cfg) {
+			(tls_domains_cfg_t **)shm_malloc(sizeof(tls_domains_cfg_t *));
+	if(!tls_domains_cfg) {
 		LM_ERR("Not enough shared memory left\n");
 		goto error;
 	}
@@ -343,7 +341,7 @@ static int mod_init(void)
 
 	register_select_table(tls_sel);
 	/* register the rpc interface */
-	if (rpc_register_array(tls_rpc)!=0) {
+	if(rpc_register_array(tls_rpc) != 0) {
 		LM_ERR("failed to register RPC commands\n");
 		goto error;
 	}
@@ -351,29 +349,30 @@ static int mod_init(void)
 	/* if (init_tls() < 0) return -1; */
 
 	tls_domains_cfg_lock = lock_alloc();
-	if (tls_domains_cfg_lock == 0) {
+	if(tls_domains_cfg_lock == 0) {
 		LM_ERR("Unable to create TLS configuration lock\n");
 		goto error;
 	}
-	if (lock_init(tls_domains_cfg_lock) == 0) {
+	if(lock_init(tls_domains_cfg_lock) == 0) {
 		lock_dealloc(tls_domains_cfg_lock);
 		ERR("Unable to initialize TLS configuration lock\n");
 		goto error;
 	}
-	if (tls_ct_wq_init() < 0) {
+	if(tls_ct_wq_init() < 0) {
 		LM_ERR("Unable to initialize TLS buffering\n");
 		goto error;
 	}
-	if (cfg_get(tls, tls_cfg, config_file).s) {
-		*tls_domains_cfg =
-			tls_load_config(&cfg_get(tls, tls_cfg, config_file));
-		if (!(*tls_domains_cfg)) goto error;
+	if(cfg_get(tls, tls_cfg, config_file).s) {
+		*tls_domains_cfg = tls_load_config(&cfg_get(tls, tls_cfg, config_file));
+		if(!(*tls_domains_cfg))
+			goto error;
 	} else {
 		*tls_domains_cfg = tls_new_cfg();
-		if (!(*tls_domains_cfg)) goto error;
+		if(!(*tls_domains_cfg))
+			goto error;
 	}
 
-	if (tls_check_sockets(*tls_domains_cfg) < 0)
+	if(tls_check_sockets(*tls_domains_cfg) < 0)
 		goto error;
 
 	LM_INFO("use wolfSSL version: %08x\n", (uint32_t)(LIBWOLFSSL_VERSION_HEX));
@@ -383,7 +382,7 @@ static int mod_init(void)
 #ifndef OPENSSL_NO_DH
 	LM_INFO("With Diffie Hellman\n");
 #endif
-	if(sr_tls_event_callback.s==NULL || sr_tls_event_callback.len<=0) {
+	if(sr_tls_event_callback.s == NULL || sr_tls_event_callback.len <= 0) {
 		tls_lookup_event_routes();
 	}
 	return 0;
@@ -395,19 +394,20 @@ error:
 
 static int mod_child(int rank)
 {
-	if (tls_disable || (tls_domains_cfg==0))
+	if(tls_disable || (tls_domains_cfg == 0))
 		return 0;
 
 	/* fix tls config only from the main proc/PROC_INIT., when we know
 	 * the exact process number and before any other process starts*/
-	if (rank == PROC_INIT){
-		if (cfg_get(tls, tls_cfg, config_file).s){
-			if (tls_fix_domains_cfg(*tls_domains_cfg,
-									&srv_defaults, &cli_defaults) < 0)
+	if(rank == PROC_INIT) {
+		if(cfg_get(tls, tls_cfg, config_file).s) {
+			if(tls_fix_domains_cfg(
+					   *tls_domains_cfg, &srv_defaults, &cli_defaults)
+					< 0)
 				return -1;
-		}else{
-			if (tls_fix_domains_cfg(*tls_domains_cfg,
-									&mod_params, &mod_params) < 0)
+		} else {
+			if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params)
+					< 0)
 				return -1;
 		}
 	}
@@ -422,14 +422,14 @@ static void destroy(void)
 }
 
 
-int ksr_rand_engine_param(modparam_t type, void* val)
+int ksr_rand_engine_param(modparam_t type, void *val)
 {
 	str *reng;
 
-	if(val==NULL) {
+	if(val == NULL) {
 		return -1;
 	}
-	reng = (str*)val;
+	reng = (str *)val;
 	LM_DBG("random engine: %.*s\n", reng->len, reng->s);
 	if(reng->len == 5 && strncasecmp(reng->s, "krand", 5) == 0) {
 		LM_DBG("setting krand random engine\n");
@@ -437,7 +437,7 @@ int ksr_rand_engine_param(modparam_t type, void* val)
 	} else if(reng->len == 8 && strncasecmp(reng->s, "fastrand", 8) == 0) {
 		LM_DBG("setting fastrand random engine\n");
 		wolfSSL_RAND_set_rand_method(RAND_ksr_fastrand_method());
-	} else if (reng->len == 10 && strncasecmp(reng->s, "cryptorand", 10) == 0) {
+	} else if(reng->len == 10 && strncasecmp(reng->s, "cryptorand", 10) == 0) {
 		LM_DBG("setting cryptorand random engine\n");
 		wolfSSL_RAND_set_rand_method(RAND_ksr_cryptorand_method());
 	}
@@ -450,7 +450,7 @@ int ksr_rand_engine_param(modparam_t type, void* val)
 	return 0;
 }
 
-static int ki_is_peer_verified(sip_msg_t* msg)
+static int ki_is_peer_verified(sip_msg_t *msg)
 {
 	struct tcp_connection *c;
 	SSL *ssl;
@@ -458,7 +458,7 @@ static int ki_is_peer_verified(sip_msg_t* msg)
 	X509 *x509_cert;
 
 	LM_DBG("started...\n");
-	if (msg->rcv.proto != PROTO_TLS) {
+	if(msg->rcv.proto != PROTO_TLS) {
 		LM_ERR("proto != TLS --> peer can't be verified, return -1\n");
 		return -1;
 	}
@@ -466,8 +466,8 @@ static int ki_is_peer_verified(sip_msg_t* msg)
 	LM_DBG("trying to find TCP connection of received message...\n");
 
 	c = tcpconn_get(msg->rcv.proto_reserved1, 0, 0, 0,
-					cfg_get(tls, tls_cfg, con_lifetime));
-	if (!c) {
+			cfg_get(tls, tls_cfg, con_lifetime));
+	if(!c) {
 		LM_ERR("connection no longer exists\n");
 		return -1;
 	}
@@ -478,17 +478,17 @@ static int ki_is_peer_verified(sip_msg_t* msg)
 		return -1;
 	}
 
-	if (!c->extra_data) {
+	if(!c->extra_data) {
 		LM_ERR("no extra_data specified in TLS/TCP connection found."
-				" This should not happen... return -1\n");
+			   " This should not happen... return -1\n");
 		tcpconn_put(c);
 		return -1;
 	}
 
-	ssl = ((struct tls_extra_data*)c->extra_data)->ssl;
+	ssl = ((struct tls_extra_data *)c->extra_data)->ssl;
 
 	ssl_verify = wolfSSL_get_verify_result(ssl);
-	if ( ssl_verify != X509_V_OK ) {
+	if(ssl_verify != X509_V_OK) {
 		LM_WARN("verification of presented certificate failed... return -1\n");
 		tcpconn_put(c);
 		return -1;
@@ -498,9 +498,9 @@ static int ki_is_peer_verified(sip_msg_t* msg)
 	 * Thus we have to check for the existence of a peer certificate
 	 */
 	x509_cert = wolfSSL_get_peer_certificate(ssl);
-	if ( x509_cert == NULL ) {
+	if(x509_cert == NULL) {
 		LM_INFO("tlsops:is_peer_verified: WARNING: peer did not present "
-			"a certificate. Thus it could not be verified... return -1\n");
+				"a certificate. Thus it could not be verified... return -1\n");
 		tcpconn_put(c);
 		return -1;
 	}
@@ -510,29 +510,29 @@ static int ki_is_peer_verified(sip_msg_t* msg)
 	tcpconn_put(c);
 
 	LM_DBG("tlsops:is_peer_verified: peer is successfully verified"
-		"...done\n");
+		   "...done\n");
 	return 1;
 }
 
-static int w_is_peer_verified(struct sip_msg* msg, char* foo, char* foo2)
+static int w_is_peer_verified(struct sip_msg *msg, char *foo, char *foo2)
 {
 	return ki_is_peer_verified(msg);
 }
 
-static int ki_tls_set_connect_server_id(sip_msg_t* msg, str* srvid)
+static int ki_tls_set_connect_server_id(sip_msg_t *msg, str *srvid)
 {
-	if(ksr_tls_set_connect_server_id(srvid)<0) {
+	if(ksr_tls_set_connect_server_id(srvid) < 0) {
 		return -1;
 	}
 
 	return 1;
 }
 
-static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2)
+static int w_tls_set_connect_server_id(sip_msg_t *msg, char *psrvid, char *p2)
 {
 	str ssrvid = STR_NULL;
 
-	if(fixup_get_svalue(msg, (gparam_t*)psrvid, &ssrvid)<0) {
+	if(fixup_get_svalue(msg, (gparam_t *)psrvid, &ssrvid) < 0) {
 		LM_ERR("failed to get server id parameter\n");
 		return -1;
 	}
@@ -543,7 +543,7 @@ static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2)
 /**
  *
  */
-static sr_kemi_xval_t* ki_tls_cget(sip_msg_t *msg, str *aname)
+static sr_kemi_xval_t *ki_tls_cget(sip_msg_t *msg, str *aname)
 {
 	return ki_tls_cget_attr(msg, aname);
 }
@@ -578,17 +578,17 @@ static sr_kemi_t sr_kemi_tls_exports[] = {
  */
 int mod_register(char *path, int *dlflags, void *p1, void *p2)
 {
-	if (tls_disable) {
+	if(tls_disable) {
 		LM_WARN("tls support is disabled "
 				"(set enable_tls=1 in the config to enable it)\n");
 		return 0;
 	}
 
 	/* shm is used, be sure it is initialized */
-	if(!shm_initialized() && init_shm()<0)
+	if(!shm_initialized() && init_shm() < 0)
 		return -1;
 
-	if(tls_pre_init()<0)
+	if(tls_pre_init() < 0)
 		return -1;
 
 	register_tls_hooks(&tls_h);

src/modules/tls_wolfssl/tls_wolfssl_mod.h

@@ -22,7 +22,6 @@
  */
 
 
-
 #ifndef _TLS_WOLFSSL_MOD_H
 #define _TLS_WOLFSSL_MOD_H
 
@@ -32,8 +31,8 @@
 
 
 /* Current TLS configuration */
-extern tls_domains_cfg_t** tls_domains_cfg;
-extern gen_lock_t* tls_domains_cfg_lock;
+extern tls_domains_cfg_t **tls_domains_cfg;
+extern gen_lock_t *tls_domains_cfg_lock;
 
 extern tls_domain_t cli_defaults;
 extern tls_domain_t srv_defaults;