Etusivu Tutki Apua
Kirjaudu sisään
cpp
/
urho3d
peilaus alkaen https://github.com/urho3d/urho3d.git
2
0
Haarauta 0
Tiedostot Esitykset 0 Wiki
Haara: websockets-implementation
Haarat Tunnisteet
urho3d
/
Source
/
ThirdParty
/
libwebsockets
/
lib
/
tls
/
tls-client.c

tls-client.c 4.6 KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. /*
    2. 

  2.  * libwebsockets - small server side websockets and web server implementation
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2010 - 2019 Andy Green <[email protected]>
    5. 

  5.  *
    6. 

  6.  * Permission is hereby granted, free of charge, to any person obtaining a copy
    7. 

  7.  * of this software and associated documentation files (the "Software"), to
    8. 

  8.  * deal in the Software without restriction, including without limitation the
    9. 

  9.  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
    10. 

  10.  * sell copies of the Software, and to permit persons to whom the Software is
    11. 

  11.  * furnished to do so, subject to the following conditions:
    12. 

  12.  *
    13. 

  13.  * The above copyright notice and this permission notice shall be included in
    14. 

  14.  * all copies or substantial portions of the Software.
    15. 

  15.  *
    16. 

  16.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    17. 

  17.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    18. 

  18.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    19. 

  19.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    20. 

  20.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    21. 

  21.  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
    22. 

  22.  * IN THE SOFTWARE.
    23. 

  23.  */
    24. 

  24. 

  25. #include "private-lib-core.h"
    26. 

  26. 

  27. int
    28. 

  28. lws_ssl_client_connect1(struct lws *wsi, char *errbuf, int len)
    29. 

  29. {
    30. 

  30. 	int n;
    31. 

  31. 

  32. 	n = lws_tls_client_connect(wsi, errbuf, len);
    33. 

  33. 	switch (n) {
    34. 

  34. 	case LWS_SSL_CAPABLE_ERROR:
    35. 

  35. 		return -1;
    36. 

  36. 	case LWS_SSL_CAPABLE_DONE:
    37. 

  37. 		return 1; /* connected */
    38. 

  38. 	case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
    39. 

  39. 		lws_callback_on_writable(wsi);
    40. 

  40. 		/* fallthru */
    41. 

  41. 	case LWS_SSL_CAPABLE_MORE_SERVICE:
    42. 

  42. 	case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
    43. 

  43. 		lwsi_set_state(wsi, LRS_WAITING_SSL);
    44. 

  44. 		break;
    45. 

  45. 	}
    46. 

  46. 

  47. 	return 0; /* retry */
    48. 

  48. }
    49. 

  49. 

  50. int
    51. 

  51. lws_ssl_client_connect2(struct lws *wsi, char *errbuf, int len)
    52. 

  52. {
    53. 

  53. 	int n;
    54. 

  54. 

  55. 	if (lwsi_state(wsi) == LRS_WAITING_SSL) {
    56. 

  56. 		n = lws_tls_client_connect(wsi, errbuf, len);
    57. 

  57. 		lwsl_debug("%s: SSL_connect says %d\n", __func__, n);
    58. 

  58. 

  59. 		switch (n) {
    60. 

  60. 		case LWS_SSL_CAPABLE_ERROR:
    61. 

  61. 			// lws_snprintf(errbuf, len, "client connect failed");
    62. 

  62. 			return -1;
    63. 

  63. 		case LWS_SSL_CAPABLE_DONE:
    64. 

  64. 			break; /* connected */
    65. 

  65. 		case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
    66. 

  66. 			lws_callback_on_writable(wsi);
    67. 

  67. 			/* fallthru */
    68. 

  68. 		case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
    69. 

  69. 			lwsi_set_state(wsi, LRS_WAITING_SSL);
    70. 

  70. 			/* fallthru */
    71. 

  71. 		case LWS_SSL_CAPABLE_MORE_SERVICE:
    72. 

  72. 			return 0;
    73. 

  73. 		}
    74. 

  74. 	}
    75. 

  75. 

  76. 	if (lws_tls_client_confirm_peer_cert(wsi, errbuf, len))
    77. 

  77. 		return -1;
    78. 

  78. 

  79. 	return 1;
    80. 

  80. }
    81. 

  81. 

  82. 

  83. int lws_context_init_client_ssl(const struct lws_context_creation_info *info,
    84. 

  84. 				struct lws_vhost *vhost)
    85. 

  85. {
    86. 

  86. 	const char *private_key_filepath = info->ssl_private_key_filepath;
    87. 

  87. 	const char *cert_filepath = info->ssl_cert_filepath;
    88. 

  88. 	const char *ca_filepath = info->ssl_ca_filepath;
    89. 

  89. 	const char *cipher_list = info->ssl_cipher_list;
    90. 

  90. 	lws_fakewsi_def_plwsa(&vhost->context->pt[0]);
    91. 

  91. 

  92. 	lws_fakewsi_prep_plwsa_ctx(vhost->context);
    93. 

  93. 

  94. 	if (vhost->options & LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG)
    95. 

  95. 		return 0;
    96. 

  96. 

  97. 	if (vhost->tls.ssl_ctx) {
    98. 

  98. 		cert_filepath = NULL;
    99. 

  99. 		private_key_filepath = NULL;
    100. 

  100. 		ca_filepath = NULL;
    101. 

  101. 	}
    102. 

  102. 

  103. 	/*
    104. 

  104. 	 *  for backwards-compatibility default to using ssl_... members, but
    105. 

  105. 	 * if the newer client-specific ones are given, use those
    106. 

  106. 	 */
    107. 

  107. 	if (info->client_ssl_cipher_list)
    108. 

  108. 		cipher_list = info->client_ssl_cipher_list;
    109. 

  109. 	if (info->client_ssl_cert_filepath)
    110. 

  110. 		cert_filepath = info->client_ssl_cert_filepath;
    111. 

  111. 	if (info->client_ssl_private_key_filepath)
    112. 

  112. 		private_key_filepath = info->client_ssl_private_key_filepath;
    113. 

  113. 

  114. 	if (info->client_ssl_ca_filepath)
    115. 

  115. 		ca_filepath = info->client_ssl_ca_filepath;
    116. 

  116. 

  117. 	if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
    118. 

  118. 		return 0;
    119. 

  119. 

  120. 	if (vhost->tls.ssl_client_ctx)
    121. 

  121. 		return 0;
    122. 

  122. 

  123. #if !defined(LWS_WITH_MBEDTLS)
    124. 

  124. 	if (info->provided_client_ssl_ctx) {
    125. 

  125. 		/* use the provided OpenSSL context if given one */
    126. 

  126. 		vhost->tls.ssl_client_ctx = info->provided_client_ssl_ctx;
    127. 

  127. 		/* nothing for lib to delete */
    128. 

  128. 		vhost->tls.user_supplied_ssl_ctx = 1;
    129. 

  129. 

  130. 		return 0;
    131. 

  131. 	}
    132. 

  132. #endif
    133. 

  133. 

  134. 	if (lws_tls_client_create_vhost_context(vhost, info, cipher_list,
    135. 

  135. 						ca_filepath,
    136. 

  136. 						info->client_ssl_ca_mem,
    137. 

  137. 						info->client_ssl_ca_mem_len,
    138. 

  138. 						cert_filepath,
    139. 

  139. 						info->client_ssl_cert_mem,
    140. 

  140. 						info->client_ssl_cert_mem_len,
    141. 

  141. 						private_key_filepath,
    142. 

  142. 						info->client_ssl_key_mem,
    143. 

  143. 						info->client_ssl_key_mem_len
    144. 

  144. 						))
    145. 

  145. 		return 1;
    146. 

  146. 

  147. 	lwsl_info("created client ssl context for %s\n", vhost->name);
    148. 

  148. 

  149. 	/*
    150. 

  150. 	 * give him a fake wsi with context set, so he can use
    151. 

  151. 	 * lws_get_context() in the callback
    152. 

  152. 	 */
    153. 

  153. 

  154. 	plwsa->vhost = vhost; /* not a real bound wsi */
    155. 

  155. 

  156. 	vhost->protocols[0].callback((struct lws *)plwsa,
    157. 

  157. 			LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
    158. 

  158. 				     vhost->tls.ssl_client_ctx, NULL, 0);
    159. 

  159. 

  160. 	return 0;
    161. 

  161. }
    162. 

  162.