code cleanup

6 files changed, 102 insertions, 243 deletions

diff --git a/src/daemon/connection.c b/src/daemon/connection.c
index e4c5df33..dd75771d 100644
--- a/src/daemon/connection.c
+++ b/src/daemon/connection.c
@@ -93,14 +93,6 @@
 #define INTERNAL_ERROR ""
 #endif
 
-#define EXTRA_CHECKS MHD_YES
-
-#if EXTRA_CHECKS
-#define EXTRA_CHECK(a) if (!(a)) abort();
-#else
-#define EXTRA_CHECK(a)
-#endif
-
 /**
  * Add extra debug messages with reasons for closing connections
  * (non-error reasons).
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
index 78797aa4..7504031b 100644
--- a/src/daemon/connection_https.c
+++ b/src/daemon/connection_https.c
@@ -225,7 +225,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
  * determined by peeking into the first message type byte of the
  * stream.
  *
- * Error message handling : all fatal level messages cause the
+ * Error message handling: all fatal level messages cause the
  * connection to be terminated.
  *
  * Application data is forwarded to the underlying daemon for
@@ -252,7 +252,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
 #endif
 
   /* discover content type */
-  if (recv (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
+  if (RECV (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
     {
 #if HAVE_MESSAGES
       MHD_DLOG (connection->daemon, "Failed to peek into TLS content type\n");
@@ -339,7 +339,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
                                         MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT);
           return MHD_NO;
         }
-      /* this should never execut */
+      /* this should never execute */
       else
         {
 #if HAVE_MESSAGES
@@ -414,3 +414,5 @@ MHD_set_https_calbacks (struct MHD_Connection *connection)
   connection->write_handler = &MHD_tls_connection_handle_write;
   connection->idle_handler = &MHD_tls_connection_handle_idle;
 }
+
+/* end of connection_https.c */
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index 6f8f6b17..7911be33 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -1,22 +1,22 @@
 /*
- This file is part of libmicrohttpd
- (C) 2007 Daniel Pittman and Christian Grothoff
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
- */
+  This file is part of libmicrohttpd
+  (C) 2007 Daniel Pittman and Christian Grothoff
+  
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+  
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+  
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+  
+*/
 
 /**
  * @file daemon.c
@@ -131,7 +131,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
   return -1;
 }
 
-/* initialize security aspects of the HTTPS daemon */
+/**
+ * initialize security aspects of the HTTPS daemon 
+ */
 static int
 MHD_TLS_init (struct MHD_Daemon *daemon)
 {
@@ -290,52 +292,60 @@ MHD_handle_connection (void *data)
   return NULL;
 }
 
-#if 0
-/* TODO rm if unused - gnutls parameter adapter , used to set gnutls pull function */
-static long
-gnutls_pull_param_adapter (void *connection, void *other, unsigned long i)
+#if HTTPS_SUPPORT
+/**
+ * Callback for receiving data from the socket (for gnutls).
+ *
+ * @param conn the MHD connection structure
+ * @param other where to write received data to
+ * @param i maximum size of other (in bytes)
+ * @return number of bytes actually received
+ */
+static ssize_t
+pull_param_adapter (gnutls_transport_ptr_t conn,
+                    void *other,
+                    size_t i)
 {
-  ssize_t bytes;
-  bytes = ((struct MHD_Connection *) connection)->read_buffer_offset;
-  MHD_handle_connection (connection);
-  bytes = ((struct MHD_Connection *) connection)->read_buffer_offset - bytes;
-  return bytes;
+  struct MHD_Connection * connection = (struct MHD_Connection*) conn;
 
+  if (connection->socket_fd == -1)
+    return -1;
+  return RECV(connection->socket_fd, other, i, MSG_NOSIGNAL);
 }
 
-static long
-gnutls_push_param_adapter (void *connection,
-                           const void *other, unsigned long i)
+/**
+ * Callback for writing data to the socket (for gnutls).
+ *
+ * @param conn the MHD connection structure
+ * @param other data to write
+ * @param i number of bytes to write
+ * @return actual number of bytes written
+ */
+static ssize_t
+push_param_adapter (void *conn,
+                    const void *other, 
+                    size_t i)
 {
-  ssize_t bytes;
-  bytes = ((struct MHD_Connection *) connection)->write_buffer_send_offset;
-  MHD_handle_connection (connection);
-  bytes = ((struct MHD_Connection *) connection)->write_buffer_send_offset
-    - bytes;
-  return bytes;
-}
-#endif
+  struct MHD_Connection * connection = (struct MHD_Connection*) conn;
 
+  if (connection->socket_fd == -1)
+    return -1;
+  return SEND(connection->socket_fd, other, i, MSG_NOSIGNAL);
+}
 
 /**
- * Handle an individual TLS connection.
+ * Handle an individual TLS connection (main function
+ * of the thread handling a TLS connection).
  */
-#if HTTPS_SUPPORT
 static void *
 MHD_TLS_init_connection (void *data)
 {
   struct MHD_Connection *con = data;
 
-  if (con == NULL)
-    abort ();
-
-  /* initialize connection state */
+  EXTRA_CHECK (con->state == MHD_CONNECTION_INIT);
   con->state = MHD_TLS_CONNECTION_INIT;
   MHD_gnutls_init (&con->tls_session, GNUTLS_SERVER);
-
-  /* sets cipher priorities */
   MHD_gnutls_priority_set (con->tls_session, con->daemon->priority_cache);
-
   switch (con->daemon->cred_type)
     {
       /* set needed credentials for certificate authentication. */
@@ -351,24 +361,17 @@ MHD_TLS_init_connection (void *data)
       MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024);
       break;
     default:
-
 #if HAVE_MESSAGES
       MHD_DLOG (con->daemon,
-                "Error: couldn't init HTTPS session. no appropriate KX algorithm found. f: %s, l: %d\n",
-                __FUNCTION__, __LINE__);
+                "Failed to setup TLS credentials: unknown credential type %d\n",
+                con->daemon->cred_type);
 #endif
-      break;
+      abort();
     }
-
-  /* TODO avoid gnutls blocking recv / write calls
-     MHD_gnutls_transport_set_pull_function(tls_session, &recv);
-     MHD_gnutls_transport_set_push_function(tls_session, &send);
-   */
-
   MHD_gnutls_transport_set_ptr (con->tls_session,
-                                (gnutls_transport_ptr_t) ((void *)
-                                                          con->socket_fd));
-
+                                (gnutls_transport_ptr_t) con);
+  MHD_gnutls_transport_set_pull_function(con->tls_session, &pull_param_adapter);
+  MHD_gnutls_transport_set_push_function(con->tls_session, &push_param_adapter);  
   return MHD_handle_connection (data);
 }
 #endif
@@ -512,32 +515,25 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
   connection->addr_len = addrlen;
   connection->socket_fd = s;
   connection->daemon = daemon;
+  connection->last_activity = time (NULL);
 
   /* set default connection handlers  */
   MHD_set_http_calbacks (connection);
-
 #if HTTPS_SUPPORT
-  if (daemon->options & MHD_USE_SSL)
-    {
-      MHD_set_https_calbacks (connection);
-    }
+  if (0 != (daemon->options & MHD_USE_SSL))
+    MHD_set_https_calbacks (connection);    
 #endif
 
   /* attempt to create handler thread */
   if (0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION))
     {
+      res_thread_create = pthread_create (&connection->pid, NULL,
 #if HTTPS_SUPPORT
-      if (daemon->options & MHD_USE_SSL)
-        res_thread_create = pthread_create (&connection->pid, NULL,
-                                            &MHD_TLS_init_connection,
-                                            connection);
-      else
+                                          (0 != (daemon->options & MHD_USE_SSL)) ? 
+                                          &MHD_TLS_init_connection : 
 #endif
-        {
-          res_thread_create = pthread_create (&connection->pid, NULL,
-                                              &MHD_handle_connection,
-                                              connection);
-        }
+                                          &MHD_handle_connection,
+                                          connection);
       if (res_thread_create != 0)
         {
 #if HAVE_MESSAGES
@@ -550,11 +546,8 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
           free (connection);
           return MHD_NO;
         }
-    }
-
-  connection->last_activity = time (NULL);
+    }  
   connection->next = daemon->connections;
-
   daemon->connections = connection;
   daemon->max_connections--;
   return MHD_YES;
@@ -720,7 +713,7 @@ MHD_select (struct MHD_Daemon *daemon, int may_block)
       if (errno == EINTR)
         return MHD_YES;
 #if HAVE_MESSAGES
-      MHD_DLOG (daemon, "Select failed: %s\n", STRERROR (errno));
+      MHD_DLOG (daemon, "select failed: %s\n", STRERROR (errno));
 #endif
       return MHD_NO;
     }
@@ -876,9 +869,6 @@ MHD_start_daemon_va (unsigned int options,
     }
 #endif
 
-  /*
-   * analyze daemon options
-   */
   while (MHD_OPTION_END != (opt = va_arg (ap, enum MHD_OPTION)))
     {
       switch (opt)
@@ -981,13 +971,9 @@ MHD_start_daemon_va (unsigned int options,
 
   /* check for user supplied sockaddr */
   if ((options & MHD_USE_IPv6) != 0)
-    {
-      addrlen = sizeof (struct sockaddr_in6);
-    }
+    addrlen = sizeof (struct sockaddr_in6);
   else
-    {
-      addrlen = sizeof (struct sockaddr_in);
-    }
+    addrlen = sizeof (struct sockaddr_in);
   if (NULL == servaddr)
     {
       if ((options & MHD_USE_IPv6) != 0)
@@ -1036,7 +1022,7 @@ MHD_start_daemon_va (unsigned int options,
   if ((options & MHD_USE_SSL) && MHD_TLS_init (retVal))
     {
 #if HAVE_MESSAGES
-      MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n");
+      MHD_DLOG (retVal, "Failed to initialize TLS support\n");
 #endif
       CLOSE (socket_fd);
       free (retVal);
@@ -1079,11 +1065,8 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
 #endif
 #endif
   CLOSE (fd);
-  if ((0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION)) || (0
-                                                                   !=
-                                                                   (daemon->
-                                                                    options &
-                                                                    MHD_USE_SELECT_INTERNALLY)))
+  if ((0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION)) || 
+      (0 != (daemon->options & MHD_USE_SELECT_INTERNALLY)))
     {
       pthread_kill (daemon->pid, SIGALRM);
       pthread_join (daemon->pid, &unused);
@@ -1114,19 +1097,16 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
   if (daemon->options & MHD_USE_SSL)
     {
       MHD_gnutls_priority_deinit (daemon->priority_cache);
-
       if (daemon->x509_cred)
         MHD_gnutls_certificate_free_credentials (daemon->x509_cred);
       if (daemon->anon_cred)
         MHD_gnutls_anon_free_server_credentials (daemon->anon_cred);
-
       /* lock gnutls_global mutex since it uses reference counting */
       pthread_mutex_lock (&gnutls_init_mutex);
       MHD_gnutls_global_deinit ();
       pthread_mutex_unlock (&gnutls_init_mutex);
     }
 #endif
-
   free (daemon);
 }
 
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index 52473c27..601ce84a 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -2223,16 +2223,12 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
       gnutls_assert ();
       return ret;
     }
-#if MHD_DEBUG_TLS
   if (session->security_parameters.entity == GNUTLS_CLIENT)
     {
-      ret = mhd_gtls_handshake_client (session);
-    }
-  else
-#endif
-    {
-      ret = mhd_gtls_handshake_server (session);
+      gnutls_assert ();
+      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
     }
+  ret = mhd_gtls_handshake_server (session);
   if (ret < 0)
     {
       /* In the case of a rehandshake abort
@@ -2273,126 +2269,6 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
 
 
 
-/*
- * mhd_gtls_handshake_client
- * This function performs the client side of the handshake of the TLS/SSL protocol.
- */
-int
-mhd_gtls_handshake_client (mhd_gtls_session_t session)
-{
-  int ret = 0;
-
-#ifdef HANDSHAKE_DEBUG
-  char buf[64];
-
-  if (session->internals.resumed_security_parameters.session_id_size > 0)
-    _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
-                           mhd_gtls_bin2hex (session->internals.
-                                             resumed_security_parameters.
-                                             session_id,
-                                             session->internals.
-                                             resumed_security_parameters.
-                                             session_id_size, buf,
-                                             sizeof (buf)));
-#endif
-
-  switch (STATE)
-    {
-    case STATE0:
-    case STATE1:
-      ret = mhd_gtls_send_hello (session, AGAIN (STATE1));
-      STATE = STATE1;
-      IMED_RET ("send hello", ret);
-
-    case STATE2:
-      /* receive the server hello */
-      ret =
-        mhd_gtls_recv_handshake (session, NULL, NULL,
-                                 GNUTLS_HANDSHAKE_SERVER_HELLO,
-                                 MANDATORY_PACKET);
-      STATE = STATE2;
-      IMED_RET ("recv hello", ret);
-
-    case STATE70:
-      if (session->security_parameters.extensions.do_recv_supplemental)
-        {
-          ret = _gnutls_recv_supplemental (session);
-          STATE = STATE70;
-          IMED_RET ("recv supplemental", ret);
-        }
-
-    case STATE3:
-      /* RECV CERTIFICATE */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = mhd_gtls_recv_server_certificate (session);
-      STATE = STATE3;
-      IMED_RET ("recv server certificate", ret);
-
-    case STATE4:
-      /* receive the server key exchange */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = mhd_gtls_recv_server_kx_message (session);
-      STATE = STATE4;
-      IMED_RET ("recv server kx message", ret);
-
-    case STATE5:
-      /* receive the server certificate request - if any
-       */
-
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = mhd_gtls_recv_server_certificate_request (session);
-      STATE = STATE5;
-      IMED_RET ("recv server certificate request message", ret);
-
-    case STATE6:
-      /* receive the server hello done */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret =
-          mhd_gtls_recv_handshake (session, NULL, NULL,
-                                   GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
-                                   MANDATORY_PACKET);
-      STATE = STATE6;
-      IMED_RET ("recv server hello done", ret);
-
-    case STATE71:
-      if (session->security_parameters.extensions.do_send_supplemental)
-        {
-          ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
-          STATE = STATE71;
-          IMED_RET ("send supplemental", ret);
-        }
-
-    case STATE7:
-      /* send our certificate - if any and if requested
-       */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = mhd_gtls_send_client_certificate (session, AGAIN (STATE7));
-      STATE = STATE7;
-      IMED_RET ("send client certificate", ret);
-
-    case STATE8:
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = mhd_gtls_send_client_kx_message (session, AGAIN (STATE8));
-      STATE = STATE8;
-      IMED_RET ("send client kx", ret);
-
-    case STATE9:
-      /* send client certificate verify */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret =
-          mhd_gtls_send_client_certificate_verify (session, AGAIN (STATE9));
-      STATE = STATE9;
-      IMED_RET ("send client certificate verify", ret);
-
-      STATE = STATE0;
-    default:
-      break;
-    }
-
-
-  return 0;
-}
-
 /* This function sends the final handshake packets and initializes connection
  */
 static int
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
index d5e95366..4bd09b96 100644
--- a/src/daemon/https/tls/gnutls_str.c
+++ b/src/daemon/https/tls/gnutls_str.c
@@ -212,7 +212,6 @@ mhd_gtls_string_append_data (mhd_gtls_string * dest,
     {
       size_t new_len =
         MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
       dest->data = dest->realloc_func (dest->data, new_len);
       if (dest->data == NULL)
         {
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 7638105a..c2d6ab0b 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -33,6 +33,7 @@
 #include "gnutls.h"
 #endif
 
+#define EXTRA_CHECKS MHD_YES
 
 #define MHD_MAX(a,b) ((a)<(b)) ? (b) : (a)
 #define MHD_MIN(a,b) ((a)<(b)) ? (a) : (b)
@@ -537,14 +538,14 @@ struct MHD_Connection
 
   int (*idle_handler) (struct MHD_Connection * connection);
 
-  /*
+  /**
    * function pointers to the appropriate send & receive funtions
    * according to whether this is a HTTPS / HTTP daemon
    */
-    ssize_t (*recv_cls) (struct MHD_Connection * connection);
-
-    ssize_t (*send_cls) (struct MHD_Connection * connection);
-
+  ssize_t (*recv_cls) (struct MHD_Connection * connection);
+  
+  ssize_t (*send_cls) (struct MHD_Connection * connection);
+  
 #if HTTPS_SUPPORT
   /* TODO rename as this might be an SSL connection */
   mhd_gtls_session_t tls_session;
@@ -649,4 +650,13 @@ struct MHD_Daemon
 #endif
 };
 
+
+#if EXTRA_CHECKS
+#define EXTRA_CHECK(a) if (!(a)) abort();
+#else
+#define EXTRA_CHECK(a)
+#endif
+
+
+
 #endif