Internal TLS backends API: added two new functions

src/mhd2/mhd_tls_funcs.h

@@ -186,6 +186,27 @@
         mhd_TLS_FUNC (_conn_send)((c_tls),(buf_size),(buf),(sent))
 
 
+/* ** TLS connection information ** */
+
+/**
+ * Get the TLS session used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ */
+#define mhd_tls_conn_get_tls_sess(c_tls,tls_sess_out) \
+        mhd_TLS_FUNC (_conn_get_tls_sess)((c_tls),(tls_sess_out))
+
+/**
+ * Get the TLS version used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ * @return 'true' is TLS version information set successfully,
+ *         'false' if TLS version information cannot be obtained or mapped
+ */
+#define mhd_tls_conn_get_tls_ver(c_tls,tls_ver_out)     \
+        mhd_TLS_FUNC (_conn_get_tls_ver)((c_tls),(tls_ver_out))
+
+
 /* ** General information function ** */
 
 /**

src/mhd2/tls_gnu_funcs.c

@@ -50,8 +50,6 @@
 #include "tls_gnu_funcs.h"
 
 #include "daemon_options.h"
-
-#include "mhd_public_api.h"
 #include "daemon_logger.h"
 
 #ifdef  mhd_TLS_GNU_DH_PARAMS_NEEDS_PKCS3
@@ -62,6 +60,8 @@
 #  include <stdio.h> /* For TLS debug printing */
 #endif
 
+#include "mhd_public_api.h"
+
 #ifdef mhd_USE_TLS_DEBUG_MESSAGES
 static void
 mhd_tls_gnu_debug_print (int level, const char *msg)
@@ -783,3 +783,46 @@ mhd_tls_gnu_conn_send (struct mhd_TlsGnuConnData *restrict c_tls,
   *sent = (size_t) res;
   return mhd_SOCKET_ERR_NO_ERROR;
 }
+
+
+/* ** TLS connection information ** */
+
+MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_
+MHD_FN_PAR_OUT_ (2) void
+mhd_tls_gnu_conn_get_tls_sess (
+  struct mhd_TlsGnuConnData *restrict c_tls,
+  union MHD_ConnInfoDynamicTlsSess *restrict tls_sess_out)
+{
+  tls_sess_out->v_gnutls_session = c_tls->sess;
+}
+
+
+MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_
+MHD_FN_PAR_OUT_ (2) bool
+mhd_tls_gnu_conn_get_tls_ver (struct mhd_TlsGnuConnData *restrict c_tls,
+                              enum MHD_TlsVersion *restrict tls_ver_out)
+{
+  gnutls_protocol_t gtls_tls_ver;
+
+  mhd_assert (c_tls->dbg.is_tls_handshake_completed);
+
+  gtls_tls_ver = gnutls_protocol_get_version (c_tls->sess);
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+  if (GNUTLS_TLS1_3 == gtls_tls_ver)
+    *tls_ver_out = MHD_TLS_VERSION_1_3;
+  else
+#endif
+  if (GNUTLS_TLS1_2 == gtls_tls_ver)
+    *tls_ver_out = MHD_TLS_VERSION_1_2;
+  else if (GNUTLS_TLS1_1 == gtls_tls_ver)
+    *tls_ver_out = MHD_TLS_VERSION_1_1;
+  else if (GNUTLS_TLS1_0 == gtls_tls_ver)
+    *tls_ver_out = MHD_TLS_VERSION_1_0;
+  else if (GNUTLS_VERSION_UNKNOWN == gtls_tls_ver)
+    return false;
+  else
+    /* The TLS version is know for GnuTLS, but cannot be mapped */
+    *tls_ver_out = MHD_TLS_VERSION_UNKNOWN;
+
+  return true;
+}

src/mhd2/tls_gnu_funcs.h

@@ -51,6 +51,9 @@ struct mhd_TlsGnuDaemonData;    /* Forward declaration */
  */
 struct mhd_TlsGnuConnData;      /* Forward declaration */
 
+union MHD_ConnInfoDynamicTlsSess; /* Forward declaration */
+
+enum MHD_TlsVersion;      /* Forward declaration */
 
 /* ** Global initialisation / de-initialisation ** */
 
@@ -249,4 +252,30 @@ mhd_tls_gnu_conn_send (struct mhd_TlsGnuConnData *restrict c_tls,
                        size_t *restrict sent)
 MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_IN_SIZE_ (3,2) MHD_FN_PAR_OUT_ (4);
 
+
+/* ** TLS connection information ** */
+
+/**
+ * Get the TLS session used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ */
+MHD_INTERNAL void
+mhd_tls_gnu_conn_get_tls_sess (
+  struct mhd_TlsGnuConnData *restrict c_tls,
+  union MHD_ConnInfoDynamicTlsSess *restrict tls_sess_out)
+MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_OUT_ (2);
+
+/**
+ * Get the TLS version used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ * @return 'true' is TLS version information set successfully,
+ *         'false' if TLS version information cannot be obtained or mapped
+ */
+MHD_INTERNAL bool
+mhd_tls_gnu_conn_get_tls_ver (struct mhd_TlsGnuConnData *restrict c_tls,
+                              enum MHD_TlsVersion *restrict tls_ver_out)
+MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_OUT_ (2);
+
 #endif /* ! MHD_TLS_GNU_FUNCS_H */

src/mhd2/tls_multi_funcs.c

@@ -51,14 +51,14 @@
 #endif
 
 #include "daemon_options.h"
-
-#include "mhd_public_api.h"
 #include "daemon_logger.h"
 
 #ifdef mhd_USE_TLS_DEBUG_MESSAGES
 #  include <stdio.h> /* For TLS debug printing */
 #endif
 
+#include "mhd_public_api.h"
+
 #ifdef mhd_USE_TLS_DEBUG_MESSAGES
 #  define mhd_M_DEBUG_PRINT(msg) \
         do { fprintf (stderr, "## MultiTLS: " msg "\n"); \
@@ -623,3 +623,71 @@ mhd_tls_multi_conn_send (struct mhd_TlsMultiConnData *restrict c_tls,
   }
   return mhd_SOCKET_ERR_INTERNAL;
 }
+
+
+/* ** TLS connection information ** */
+
+MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_
+MHD_FN_PAR_OUT_ (2) void
+mhd_tls_multi_conn_get_tls_sess (
+  struct mhd_TlsMultiConnData *restrict c_tls,
+  union MHD_ConnInfoDynamicTlsSess *restrict tls_sess_out)
+{
+  switch (c_tls->choice)
+  {
+#ifdef MHD_SUPPORT_GNUTLS
+  case mhd_TLS_MULTI_ROUTE_GNU:
+    mhd_tls_gnu_conn_get_tls_sess (c_tls->data.gnutls,
+                                   tls_sess_out);
+    break;
+#endif
+#ifdef MHD_SUPPORT_OPENSSL
+  case mhd_TLS_MULTI_ROUTE_OPEN:
+    mhd_tls_open_conn_get_tls_sess (c_tls->data.openssl,
+                                    tls_sess_out);
+    break;
+#endif
+#ifndef MHD_SUPPORT_GNUTLS
+  case MHD_TLS_BACKEND_GNUTLS:
+#endif /* ! MHD_SUPPORT_GNUTLS */
+#ifndef MHD_SUPPORT_OPENSSL
+  case MHD_TLS_BACKEND_OPENSSL:
+#endif /* ! MHD_SUPPORT_OPENSSL */
+  case mhd_TLS_MULTI_ROUTE_NONE:
+  default:
+    mhd_UNREACHABLE ();
+    break;
+  }
+}
+
+
+MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_
+MHD_FN_PAR_OUT_ (2) bool
+mhd_tls_multi_conn_get_tls_ver (struct mhd_TlsMultiConnData *restrict c_tls,
+                                enum MHD_TlsVersion *restrict tls_ver_out)
+{
+  switch (c_tls->choice)
+  {
+#ifdef MHD_SUPPORT_GNUTLS
+  case mhd_TLS_MULTI_ROUTE_GNU:
+    return mhd_tls_gnu_conn_get_tls_ver (c_tls->data.gnutls,
+                                         tls_ver_out);
+#endif
+#ifdef MHD_SUPPORT_OPENSSL
+  case mhd_TLS_MULTI_ROUTE_OPEN:
+    return mhd_tls_open_conn_get_tls_ver (c_tls->data.openssl,
+                                          tls_ver_out);
+#endif
+#ifndef MHD_SUPPORT_GNUTLS
+  case MHD_TLS_BACKEND_GNUTLS:
+#endif /* ! MHD_SUPPORT_GNUTLS */
+#ifndef MHD_SUPPORT_OPENSSL
+  case MHD_TLS_BACKEND_OPENSSL:
+#endif /* ! MHD_SUPPORT_OPENSSL */
+  case mhd_TLS_MULTI_ROUTE_NONE:
+  default:
+    mhd_UNREACHABLE ();
+    break;
+  }
+  return false;
+}

src/mhd2/tls_multi_funcs.h

@@ -53,6 +53,9 @@ struct mhd_TlsMultiDaemonData;  /* Forward declaration */
  */
 struct mhd_TlsMultiConnData;    /* Forward declaration */
 
+union MHD_ConnInfoDynamicTlsSess; /* Forward declaration */
+
+enum MHD_TlsVersion;      /* Forward declaration */
 
 /* ** Global initialisation / de-initialisation ** */
 
@@ -228,4 +231,30 @@ mhd_tls_multi_conn_send (struct mhd_TlsMultiConnData *restrict c_tls,
                          size_t *restrict sent)
 MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_IN_SIZE_ (3,2) MHD_FN_PAR_OUT_ (4);
 
+
+/* ** TLS connection information ** */
+
+/**
+ * Get the TLS session used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ */
+MHD_INTERNAL void
+mhd_tls_multi_conn_get_tls_sess (
+  struct mhd_TlsMultiConnData *restrict c_tls,
+  union MHD_ConnInfoDynamicTlsSess *restrict tls_sess_out)
+MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_OUT_ (2);
+
+/**
+ * Get the TLS version used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ * @return 'true' is TLS version information set successfully,
+ *         'false' if TLS version information cannot be obtained or mapped
+ */
+MHD_INTERNAL bool
+mhd_tls_multi_conn_get_tls_ver (struct mhd_TlsMultiConnData *restrict c_tls,
+                                enum MHD_TlsVersion *restrict tls_ver_out)
+MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_OUT_ (2);
+
 #endif /* ! MHD_TLS_MULTI_FUNCS_H */

src/mhd2/tls_open_funcs.c

@@ -49,12 +49,12 @@
 
 #include "daemon_logger.h"
 
-#include "mhd_public_api.h"
-
 #ifdef mhd_USE_TLS_DEBUG_MESSAGES
 #  include <stdio.h> /* For TLS debug printing */
 #endif
 
+#include "mhd_public_api.h"
+
 #ifdef mhd_USE_TLS_DEBUG_MESSAGES
 
 static MHD_FN_PAR_NONNULL_ (1) int
@@ -1186,3 +1186,49 @@ mhd_tls_open_conn_send (struct mhd_TlsOpenConnData *restrict c_tls,
 #endif /* ! NDEBUG */
   return mhd_SOCKET_ERR_TLS;
 }
+
+
+/* ** TLS connection information ** */
+
+MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_
+MHD_FN_PAR_OUT_ (2) void
+mhd_tls_open_conn_get_tls_sess (
+  struct mhd_TlsOpenConnData *restrict c_tls,
+  union MHD_ConnInfoDynamicTlsSess *restrict tls_sess_out)
+{
+  tls_sess_out->v_openssl_session = c_tls->sess;
+}
+
+
+MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_
+MHD_FN_PAR_OUT_ (2) bool
+mhd_tls_open_conn_get_tls_ver (struct mhd_TlsOpenConnData *restrict c_tls,
+                               enum MHD_TlsVersion *restrict tls_ver_out)
+{
+  int openssl_tls_ver;
+
+  mhd_assert (c_tls->dbg.is_tls_handshake_completed);
+
+  openssl_tls_ver = SSL_version (c_tls->sess);
+  switch (openssl_tls_ver)
+  {
+  case TLS1_VERSION:
+    *tls_ver_out = MHD_TLS_VERSION_1_0;
+    break;
+  case TLS1_1_VERSION:
+    *tls_ver_out = MHD_TLS_VERSION_1_1;
+    break;
+  case TLS1_2_VERSION:
+    *tls_ver_out = MHD_TLS_VERSION_1_2;
+    break;
+  case TLS1_3_VERSION:
+    *tls_ver_out = MHD_TLS_VERSION_1_3;
+    break;
+  case SSL3_VERSION:
+  default:
+    *tls_ver_out = MHD_TLS_VERSION_UNKNOWN;
+    break;
+  }
+
+  return true;
+}

src/mhd2/tls_open_funcs.h

@@ -51,6 +51,10 @@ struct mhd_TlsOpenDaemonData;    /* Forward declaration */
  */
 struct mhd_TlsOpenConnData;      /* Forward declaration */
 
+union MHD_ConnInfoDynamicTlsSess; /* Forward declaration */
+
+enum MHD_TlsVersion;      /* Forward declaration */
+
 
 /* ** Global initialisation / de-initialisation ** */
 
@@ -232,4 +236,29 @@ mhd_tls_open_conn_send (struct mhd_TlsOpenConnData *restrict c_tls,
                         size_t *restrict sent)
 MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_IN_SIZE_ (3,2) MHD_FN_PAR_OUT_ (4);
 
+
+/* ** TLS connection information ** */
+
+/**
+ * Get the TLS session used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ */
+MHD_INTERNAL void
+mhd_tls_open_conn_get_tls_sess (
+  struct mhd_TlsOpenConnData *restrict c_tls,
+  union MHD_ConnInfoDynamicTlsSess *restrict tls_sess_out)
+MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_OUT_ (2);
+
+/**
+ * Get the TLS version used in connection
+ * @param c_tls the connection TLS handle
+ * @param tls_ver_out the pointer to variable to be set to the TLS version
+ * @return always 'true'
+ */
+MHD_INTERNAL bool
+mhd_tls_open_conn_get_tls_ver (struct mhd_TlsOpenConnData *restrict c_tls,
+                               enum MHD_TlsVersion *restrict tls_ver_out)
+MHD_FN_PAR_NONNULL_ALL_ MHD_FN_PAR_OUT_ (2);
+
 #endif /* ! MHD_TLS_OPEN_FUNCS_H */