commit 8db5383659a9e22cdefd228dba4c1aedff0b88bf
parent cd84fba2401d9f9dcb090d0e0f43f827bd18540a
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 7 Sep 2008 07:44:32 +0000
code cleanup
Diffstat:
6 files changed, 102 insertions(+), 243 deletions(-)
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
@@ -93,14 +93,6 @@
#define INTERNAL_ERROR ""
#endif
-#define EXTRA_CHECKS MHD_YES
-
-#if EXTRA_CHECKS
-#define EXTRA_CHECK(a) if (!(a)) abort();
-#else
-#define EXTRA_CHECK(a)
-#endif
-
/**
* Add extra debug messages with reasons for closing connections
* (non-error reasons).
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
@@ -225,7 +225,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
* determined by peeking into the first message type byte of the
* stream.
*
- * Error message handling : all fatal level messages cause the
+ * Error message handling: all fatal level messages cause the
* connection to be terminated.
*
* Application data is forwarded to the underlying daemon for
@@ -252,7 +252,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
#endif
/* discover content type */
- if (recv (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
+ if (RECV (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
{
#if HAVE_MESSAGES
MHD_DLOG (connection->daemon, "Failed to peek into TLS content type\n");
@@ -339,7 +339,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT);
return MHD_NO;
}
- /* this should never execut */
+ /* this should never execute */
else
{
#if HAVE_MESSAGES
@@ -414,3 +414,5 @@ MHD_set_https_calbacks (struct MHD_Connection *connection)
connection->write_handler = &MHD_tls_connection_handle_write;
connection->idle_handler = &MHD_tls_connection_handle_idle;
}
+
+/* end of connection_https.c */
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
@@ -1,22 +1,22 @@
/*
- This file is part of libmicrohttpd
- (C) 2007 Daniel Pittman and Christian Grothoff
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
- */
+ This file is part of libmicrohttpd
+ (C) 2007 Daniel Pittman and Christian Grothoff
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+*/
/**
* @file daemon.c
@@ -131,7 +131,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
return -1;
}
-/* initialize security aspects of the HTTPS daemon */
+/**
+ * initialize security aspects of the HTTPS daemon
+ */
static int
MHD_TLS_init (struct MHD_Daemon *daemon)
{
@@ -290,52 +292,60 @@ MHD_handle_connection (void *data)
return NULL;
}
-#if 0
-/* TODO rm if unused - gnutls parameter adapter , used to set gnutls pull function */
-static long
-gnutls_pull_param_adapter (void *connection, void *other, unsigned long i)
+#if HTTPS_SUPPORT
+/**
+ * Callback for receiving data from the socket (for gnutls).
+ *
+ * @param conn the MHD connection structure
+ * @param other where to write received data to
+ * @param i maximum size of other (in bytes)
+ * @return number of bytes actually received
+ */
+static ssize_t
+pull_param_adapter (gnutls_transport_ptr_t conn,
+ void *other,
+ size_t i)
{
- ssize_t bytes;
- bytes = ((struct MHD_Connection *) connection)->read_buffer_offset;
- MHD_handle_connection (connection);
- bytes = ((struct MHD_Connection *) connection)->read_buffer_offset - bytes;
- return bytes;
+ struct MHD_Connection * connection = (struct MHD_Connection*) conn;
+ if (connection->socket_fd == -1)
+ return -1;
+ return RECV(connection->socket_fd, other, i, MSG_NOSIGNAL);
}
-static long
-gnutls_push_param_adapter (void *connection,
- const void *other, unsigned long i)
+/**
+ * Callback for writing data to the socket (for gnutls).
+ *
+ * @param conn the MHD connection structure
+ * @param other data to write
+ * @param i number of bytes to write
+ * @return actual number of bytes written
+ */
+static ssize_t
+push_param_adapter (void *conn,
+ const void *other,
+ size_t i)
{
- ssize_t bytes;
- bytes = ((struct MHD_Connection *) connection)->write_buffer_send_offset;
- MHD_handle_connection (connection);
- bytes = ((struct MHD_Connection *) connection)->write_buffer_send_offset
- - bytes;
- return bytes;
-}
-#endif
+ struct MHD_Connection * connection = (struct MHD_Connection*) conn;
+ if (connection->socket_fd == -1)
+ return -1;
+ return SEND(connection->socket_fd, other, i, MSG_NOSIGNAL);
+}
/**
- * Handle an individual TLS connection.
+ * Handle an individual TLS connection (main function
+ * of the thread handling a TLS connection).
*/
-#if HTTPS_SUPPORT
static void *
MHD_TLS_init_connection (void *data)
{
struct MHD_Connection *con = data;
- if (con == NULL)
- abort ();
-
- /* initialize connection state */
+ EXTRA_CHECK (con->state == MHD_CONNECTION_INIT);
con->state = MHD_TLS_CONNECTION_INIT;
MHD_gnutls_init (&con->tls_session, GNUTLS_SERVER);
-
- /* sets cipher priorities */
MHD_gnutls_priority_set (con->tls_session, con->daemon->priority_cache);
-
switch (con->daemon->cred_type)
{
/* set needed credentials for certificate authentication. */
@@ -351,24 +361,17 @@ MHD_TLS_init_connection (void *data)
MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024);
break;
default:
-
#if HAVE_MESSAGES
MHD_DLOG (con->daemon,
- "Error: couldn't init HTTPS session. no appropriate KX algorithm found. f: %s, l: %d\n",
- __FUNCTION__, __LINE__);
+ "Failed to setup TLS credentials: unknown credential type %d\n",
+ con->daemon->cred_type);
#endif
- break;
+ abort();
}
-
- /* TODO avoid gnutls blocking recv / write calls
- MHD_gnutls_transport_set_pull_function(tls_session, &recv);
- MHD_gnutls_transport_set_push_function(tls_session, &send);
- */
-
MHD_gnutls_transport_set_ptr (con->tls_session,
- (gnutls_transport_ptr_t) ((void *)
- con->socket_fd));
-
+ (gnutls_transport_ptr_t) con);
+ MHD_gnutls_transport_set_pull_function(con->tls_session, &pull_param_adapter);
+ MHD_gnutls_transport_set_push_function(con->tls_session, &push_param_adapter);
return MHD_handle_connection (data);
}
#endif
@@ -512,32 +515,25 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
connection->addr_len = addrlen;
connection->socket_fd = s;
connection->daemon = daemon;
+ connection->last_activity = time (NULL);
/* set default connection handlers */
MHD_set_http_calbacks (connection);
-
#if HTTPS_SUPPORT
- if (daemon->options & MHD_USE_SSL)
- {
- MHD_set_https_calbacks (connection);
- }
+ if (0 != (daemon->options & MHD_USE_SSL))
+ MHD_set_https_calbacks (connection);
#endif
/* attempt to create handler thread */
if (0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION))
{
+ res_thread_create = pthread_create (&connection->pid, NULL,
#if HTTPS_SUPPORT
- if (daemon->options & MHD_USE_SSL)
- res_thread_create = pthread_create (&connection->pid, NULL,
- &MHD_TLS_init_connection,
- connection);
- else
+ (0 != (daemon->options & MHD_USE_SSL)) ?
+ &MHD_TLS_init_connection :
#endif
- {
- res_thread_create = pthread_create (&connection->pid, NULL,
- &MHD_handle_connection,
- connection);
- }
+ &MHD_handle_connection,
+ connection);
if (res_thread_create != 0)
{
#if HAVE_MESSAGES
@@ -550,11 +546,8 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
free (connection);
return MHD_NO;
}
- }
-
- connection->last_activity = time (NULL);
+ }
connection->next = daemon->connections;
-
daemon->connections = connection;
daemon->max_connections--;
return MHD_YES;
@@ -720,7 +713,7 @@ MHD_select (struct MHD_Daemon *daemon, int may_block)
if (errno == EINTR)
return MHD_YES;
#if HAVE_MESSAGES
- MHD_DLOG (daemon, "Select failed: %s\n", STRERROR (errno));
+ MHD_DLOG (daemon, "select failed: %s\n", STRERROR (errno));
#endif
return MHD_NO;
}
@@ -876,9 +869,6 @@ MHD_start_daemon_va (unsigned int options,
}
#endif
- /*
- * analyze daemon options
- */
while (MHD_OPTION_END != (opt = va_arg (ap, enum MHD_OPTION)))
{
switch (opt)
@@ -981,13 +971,9 @@ MHD_start_daemon_va (unsigned int options,
/* check for user supplied sockaddr */
if ((options & MHD_USE_IPv6) != 0)
- {
- addrlen = sizeof (struct sockaddr_in6);
- }
+ addrlen = sizeof (struct sockaddr_in6);
else
- {
- addrlen = sizeof (struct sockaddr_in);
- }
+ addrlen = sizeof (struct sockaddr_in);
if (NULL == servaddr)
{
if ((options & MHD_USE_IPv6) != 0)
@@ -1036,7 +1022,7 @@ MHD_start_daemon_va (unsigned int options,
if ((options & MHD_USE_SSL) && MHD_TLS_init (retVal))
{
#if HAVE_MESSAGES
- MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n");
+ MHD_DLOG (retVal, "Failed to initialize TLS support\n");
#endif
CLOSE (socket_fd);
free (retVal);
@@ -1079,11 +1065,8 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
#endif
#endif
CLOSE (fd);
- if ((0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION)) || (0
- !=
- (daemon->
- options &
- MHD_USE_SELECT_INTERNALLY)))
+ if ((0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION)) ||
+ (0 != (daemon->options & MHD_USE_SELECT_INTERNALLY)))
{
pthread_kill (daemon->pid, SIGALRM);
pthread_join (daemon->pid, &unused);
@@ -1114,19 +1097,16 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
if (daemon->options & MHD_USE_SSL)
{
MHD_gnutls_priority_deinit (daemon->priority_cache);
-
if (daemon->x509_cred)
MHD_gnutls_certificate_free_credentials (daemon->x509_cred);
if (daemon->anon_cred)
MHD_gnutls_anon_free_server_credentials (daemon->anon_cred);
-
/* lock gnutls_global mutex since it uses reference counting */
pthread_mutex_lock (&gnutls_init_mutex);
MHD_gnutls_global_deinit ();
pthread_mutex_unlock (&gnutls_init_mutex);
}
#endif
-
free (daemon);
}
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -2223,16 +2223,12 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
gnutls_assert ();
return ret;
}
-#if MHD_DEBUG_TLS
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
- ret = mhd_gtls_handshake_client (session);
- }
- else
-#endif
- {
- ret = mhd_gtls_handshake_server (session);
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
+ ret = mhd_gtls_handshake_server (session);
if (ret < 0)
{
/* In the case of a rehandshake abort
@@ -2273,126 +2269,6 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
-/*
- * mhd_gtls_handshake_client
- * This function performs the client side of the handshake of the TLS/SSL protocol.
- */
-int
-mhd_gtls_handshake_client (mhd_gtls_session_t session)
-{
- int ret = 0;
-
-#ifdef HANDSHAKE_DEBUG
- char buf[64];
-
- if (session->internals.resumed_security_parameters.session_id_size > 0)
- _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
- mhd_gtls_bin2hex (session->internals.
- resumed_security_parameters.
- session_id,
- session->internals.
- resumed_security_parameters.
- session_id_size, buf,
- sizeof (buf)));
-#endif
-
- switch (STATE)
- {
- case STATE0:
- case STATE1:
- ret = mhd_gtls_send_hello (session, AGAIN (STATE1));
- STATE = STATE1;
- IMED_RET ("send hello", ret);
-
- case STATE2:
- /* receive the server hello */
- ret =
- mhd_gtls_recv_handshake (session, NULL, NULL,
- GNUTLS_HANDSHAKE_SERVER_HELLO,
- MANDATORY_PACKET);
- STATE = STATE2;
- IMED_RET ("recv hello", ret);
-
- case STATE70:
- if (session->security_parameters.extensions.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE70;
- IMED_RET ("recv supplemental", ret);
- }
-
- case STATE3:
- /* RECV CERTIFICATE */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = mhd_gtls_recv_server_certificate (session);
- STATE = STATE3;
- IMED_RET ("recv server certificate", ret);
-
- case STATE4:
- /* receive the server key exchange */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = mhd_gtls_recv_server_kx_message (session);
- STATE = STATE4;
- IMED_RET ("recv server kx message", ret);
-
- case STATE5:
- /* receive the server certificate request - if any
- */
-
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = mhd_gtls_recv_server_certificate_request (session);
- STATE = STATE5;
- IMED_RET ("recv server certificate request message", ret);
-
- case STATE6:
- /* receive the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- mhd_gtls_recv_handshake (session, NULL, NULL,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- MANDATORY_PACKET);
- STATE = STATE6;
- IMED_RET ("recv server hello done", ret);
-
- case STATE71:
- if (session->security_parameters.extensions.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
- STATE = STATE71;
- IMED_RET ("send supplemental", ret);
- }
-
- case STATE7:
- /* send our certificate - if any and if requested
- */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = mhd_gtls_send_client_certificate (session, AGAIN (STATE7));
- STATE = STATE7;
- IMED_RET ("send client certificate", ret);
-
- case STATE8:
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = mhd_gtls_send_client_kx_message (session, AGAIN (STATE8));
- STATE = STATE8;
- IMED_RET ("send client kx", ret);
-
- case STATE9:
- /* send client certificate verify */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- mhd_gtls_send_client_certificate_verify (session, AGAIN (STATE9));
- STATE = STATE9;
- IMED_RET ("send client certificate verify", ret);
-
- STATE = STATE0;
- default:
- break;
- }
-
-
- return 0;
-}
-
/* This function sends the final handshake packets and initializes connection
*/
static int
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
@@ -212,7 +212,6 @@ mhd_gtls_string_append_data (mhd_gtls_string * dest,
{
size_t new_len =
MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
dest->data = dest->realloc_func (dest->data, new_len);
if (dest->data == NULL)
{
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
@@ -33,6 +33,7 @@
#include "gnutls.h"
#endif
+#define EXTRA_CHECKS MHD_YES
#define MHD_MAX(a,b) ((a)<(b)) ? (b) : (a)
#define MHD_MIN(a,b) ((a)<(b)) ? (a) : (b)
@@ -537,14 +538,14 @@ struct MHD_Connection
int (*idle_handler) (struct MHD_Connection * connection);
- /*
+ /**
* function pointers to the appropriate send & receive funtions
* according to whether this is a HTTPS / HTTP daemon
*/
- ssize_t (*recv_cls) (struct MHD_Connection * connection);
-
- ssize_t (*send_cls) (struct MHD_Connection * connection);
-
+ ssize_t (*recv_cls) (struct MHD_Connection * connection);
+
+ ssize_t (*send_cls) (struct MHD_Connection * connection);
+
#if HTTPS_SUPPORT
/* TODO rename as this might be an SSL connection */
mhd_gtls_session_t tls_session;
@@ -649,4 +650,13 @@ struct MHD_Daemon
#endif
};
+
+#if EXTRA_CHECKS
+#define EXTRA_CHECK(a) if (!(a)) abort();
+#else
+#define EXTRA_CHECK(a)
+#endif
+
+
+
#endif
