diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2017-06-05 20:39:26 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2017-06-05 22:09:53 +0300 |
commit | 243e8fcd6054e4c0d2964b0d4b29e0c15861498d (patch) | |
tree | 3a65f86811ce466d2e88a45cfba43bb0fd06732e /src/microhttpd | |
parent | 1b71798df8b8341b894dfc6223d01bd1cb8e83bd (diff) | |
download | libmicrohttpd-243e8fcd6054e4c0d2964b0d4b29e0c15861498d.tar.gz libmicrohttpd-243e8fcd6054e4c0d2964b0d4b29e0c15861498d.zip |
Used separate 'state' for TLS layer (independent of state of HTTP process)
Diffstat (limited to 'src/microhttpd')
-rw-r--r-- | src/microhttpd/connection.c | 42 | ||||
-rw-r--r-- | src/microhttpd/connection_https.c | 9 | ||||
-rw-r--r-- | src/microhttpd/daemon.c | 2 | ||||
-rw-r--r-- | src/microhttpd/internal.h | 36 |
4 files changed, 58 insertions, 31 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 21fe9aac..cd8b5b04 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -1648,6 +1648,25 @@ MHD_connection_update_event_loop_info (struct MHD_Connection *connection) | |||
1648 | /* Do not update states of suspended connection */ | 1648 | /* Do not update states of suspended connection */ |
1649 | if (connection->suspended) | 1649 | if (connection->suspended) |
1650 | return; /* States will be updated after resume. */ | 1650 | return; /* States will be updated after resume. */ |
1651 | #ifdef HTTPS_SUPPORT | ||
1652 | if (MHD_TLS_CONN_NO_TLS != connection->tls_state) | ||
1653 | { /* HTTPS connection. */ | ||
1654 | switch (connection->tls_state) | ||
1655 | { | ||
1656 | case MHD_TLS_CONN_INIT: | ||
1657 | connection->event_loop_info = MHD_EVENT_LOOP_INFO_READ; | ||
1658 | return; | ||
1659 | case MHD_TLS_CONN_HANDSHAKING: | ||
1660 | if (0 == gnutls_record_get_direction (connection->tls_session)) | ||
1661 | connection->event_loop_info = MHD_EVENT_LOOP_INFO_READ; | ||
1662 | else | ||
1663 | connection->event_loop_info = MHD_EVENT_LOOP_INFO_WRITE; | ||
1664 | return; | ||
1665 | default: | ||
1666 | break; | ||
1667 | } | ||
1668 | } | ||
1669 | #endif /* HTTPS_SUPPORT */ | ||
1651 | while (1) | 1670 | while (1) |
1652 | { | 1671 | { |
1653 | #if DEBUG_STATES | 1672 | #if DEBUG_STATES |
@@ -1658,14 +1677,6 @@ MHD_connection_update_event_loop_info (struct MHD_Connection *connection) | |||
1658 | #endif | 1677 | #endif |
1659 | switch (connection->state) | 1678 | switch (connection->state) |
1660 | { | 1679 | { |
1661 | #ifdef HTTPS_SUPPORT | ||
1662 | case MHD_TLS_CONNECTION_INIT: | ||
1663 | if (0 == gnutls_record_get_direction (connection->tls_session)) | ||
1664 | connection->event_loop_info = MHD_EVENT_LOOP_INFO_READ; | ||
1665 | else | ||
1666 | connection->event_loop_info = MHD_EVENT_LOOP_INFO_WRITE; | ||
1667 | break; | ||
1668 | #endif /* HTTPS_SUPPORT */ | ||
1669 | case MHD_CONNECTION_INIT: | 1680 | case MHD_CONNECTION_INIT: |
1670 | case MHD_CONNECTION_URL_RECEIVED: | 1681 | case MHD_CONNECTION_URL_RECEIVED: |
1671 | case MHD_CONNECTION_HEADER_PART_RECEIVED: | 1682 | case MHD_CONNECTION_HEADER_PART_RECEIVED: |
@@ -2959,9 +2970,6 @@ MHD_connection_handle_write (struct MHD_Connection *connection) | |||
2959 | break; | 2970 | break; |
2960 | case MHD_CONNECTION_CLOSED: | 2971 | case MHD_CONNECTION_CLOSED: |
2961 | return MHD_YES; | 2972 | return MHD_YES; |
2962 | case MHD_TLS_CONNECTION_INIT: | ||
2963 | EXTRA_CHECK (0); | ||
2964 | break; | ||
2965 | case MHD_CONNECTION_IN_CLEANUP: | 2973 | case MHD_CONNECTION_IN_CLEANUP: |
2966 | EXTRA_CHECK (0); | 2974 | EXTRA_CHECK (0); |
2967 | break; | 2975 | break; |
@@ -3072,6 +3080,14 @@ MHD_connection_handle_idle (struct MHD_Connection *connection) | |||
3072 | connection->in_idle = true; | 3080 | connection->in_idle = true; |
3073 | while (! connection->suspended) | 3081 | while (! connection->suspended) |
3074 | { | 3082 | { |
3083 | #ifdef HTTPS_SUPPORT | ||
3084 | if (MHD_TLS_CONN_NO_TLS != connection->tls_state) | ||
3085 | { /* HTTPS connection. */ | ||
3086 | if ((MHD_TLS_CONN_INIT <= connection->tls_state) && | ||
3087 | (MHD_TLS_CONN_CONNECTED > connection->tls_state)) | ||
3088 | break; | ||
3089 | } | ||
3090 | #endif /* HTTPS_SUPPORT */ | ||
3075 | #if DEBUG_STATES | 3091 | #if DEBUG_STATES |
3076 | MHD_DLOG (daemon, | 3092 | MHD_DLOG (daemon, |
3077 | _("In function %s handling connection at state: %s\n"), | 3093 | _("In function %s handling connection at state: %s\n"), |
@@ -3080,10 +3096,6 @@ MHD_connection_handle_idle (struct MHD_Connection *connection) | |||
3080 | #endif | 3096 | #endif |
3081 | switch (connection->state) | 3097 | switch (connection->state) |
3082 | { | 3098 | { |
3083 | #ifdef HTTPS_SUPPORT | ||
3084 | case MHD_TLS_CONNECTION_INIT: | ||
3085 | break; | ||
3086 | #endif /* HTTPS_SUPPORT */ | ||
3087 | case MHD_CONNECTION_INIT: | 3099 | case MHD_CONNECTION_INIT: |
3088 | line = get_next_header_line (connection, | 3100 | line = get_next_header_line (connection, |
3089 | &line_len); | 3101 | &line_len); |
diff --git a/src/microhttpd/connection_https.c b/src/microhttpd/connection_https.c index e87aca56..08f569f0 100644 --- a/src/microhttpd/connection_https.c +++ b/src/microhttpd/connection_https.c | |||
@@ -147,23 +147,26 @@ run_tls_handshake (struct MHD_Connection *connection) | |||
147 | { | 147 | { |
148 | int ret; | 148 | int ret; |
149 | 149 | ||
150 | if (MHD_TLS_CONNECTION_INIT == connection->state) | 150 | if ((MHD_TLS_CONN_INIT == connection->tls_state) || |
151 | (MHD_TLS_CONN_HANDSHAKING == connection->tls_state)) | ||
151 | { | 152 | { |
152 | ret = gnutls_handshake (connection->tls_session); | 153 | ret = gnutls_handshake (connection->tls_session); |
153 | if (ret == GNUTLS_E_SUCCESS) | 154 | if (ret == GNUTLS_E_SUCCESS) |
154 | { | 155 | { |
155 | /* set connection state to enable HTTP processing */ | 156 | /* set connection TLS state to enable HTTP processing */ |
156 | connection->state = MHD_CONNECTION_INIT; | 157 | connection->tls_state = MHD_TLS_CONN_CONNECTED; |
157 | MHD_update_last_activity_ (connection); | 158 | MHD_update_last_activity_ (connection); |
158 | return MHD_NO; | 159 | return MHD_NO; |
159 | } | 160 | } |
160 | if ( (GNUTLS_E_AGAIN == ret) || | 161 | if ( (GNUTLS_E_AGAIN == ret) || |
161 | (GNUTLS_E_INTERRUPTED == ret) ) | 162 | (GNUTLS_E_INTERRUPTED == ret) ) |
162 | { | 163 | { |
164 | connection->tls_state = MHD_TLS_CONN_HANDSHAKING; | ||
163 | /* handshake not done */ | 165 | /* handshake not done */ |
164 | return MHD_YES; | 166 | return MHD_YES; |
165 | } | 167 | } |
166 | /* handshake failed */ | 168 | /* handshake failed */ |
169 | connection->tls_state = MHD_TLS_CONN_TLS_FAILED; | ||
167 | #ifdef HAVE_MESSAGES | 170 | #ifdef HAVE_MESSAGES |
168 | MHD_DLOG (connection->daemon, | 171 | MHD_DLOG (connection->daemon, |
169 | _("Error: received handshake message out of context\n")); | 172 | _("Error: received handshake message out of context\n")); |
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 0fd478c2..48fe6856 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
@@ -2258,7 +2258,7 @@ internal_add_connection (struct MHD_Daemon *daemon, | |||
2258 | else | 2258 | else |
2259 | { | 2259 | { |
2260 | #ifdef HTTPS_SUPPORT | 2260 | #ifdef HTTPS_SUPPORT |
2261 | connection->state = MHD_TLS_CONNECTION_INIT; | 2261 | connection->tls_state = MHD_TLS_CONN_INIT; |
2262 | MHD_set_https_callbacks (connection); | 2262 | MHD_set_https_callbacks (connection); |
2263 | gnutls_init (&connection->tls_session, | 2263 | gnutls_init (&connection->tls_session, |
2264 | GNUTLS_SERVER); | 2264 | GNUTLS_SERVER); |
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 72a8f7f9..be0eb424 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h | |||
@@ -510,27 +510,34 @@ enum MHD_CONNECTION_STATE | |||
510 | */ | 510 | */ |
511 | MHD_CONNECTION_IN_CLEANUP = MHD_CONNECTION_CLOSED + 1, | 511 | MHD_CONNECTION_IN_CLEANUP = MHD_CONNECTION_CLOSED + 1, |
512 | 512 | ||
513 | /* | ||
514 | * SSL/TLS connection states | ||
515 | */ | ||
516 | |||
517 | /** | ||
518 | * The initial connection state for all secure connectoins | ||
519 | * Handshake messages will be processed in this state & while | ||
520 | * in the #MHD_TLS_HELLO_REQUEST state | ||
521 | */ | ||
522 | MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_IN_CLEANUP + 1, | ||
523 | |||
524 | #ifdef UPGRADE_SUPPORT | 513 | #ifdef UPGRADE_SUPPORT |
525 | /** | 514 | /** |
526 | * Connection was "upgraded" and socket is now under the | 515 | * Connection was "upgraded" and socket is now under the |
527 | * control of the application. | 516 | * control of the application. |
528 | */ | 517 | */ |
529 | MHD_CONNECTION_UPGRADE = MHD_TLS_CONNECTION_INIT + 1, | 518 | MHD_CONNECTION_UPGRADE |
530 | #endif /* UPGRADE_SUPPORT */ | 519 | #endif /* UPGRADE_SUPPORT */ |
531 | 520 | ||
532 | }; | 521 | }; |
533 | 522 | ||
523 | |||
524 | /** | ||
525 | * States of TLS transport layer. | ||
526 | */ | ||
527 | enum MHD_TLS_CONN_STATE | ||
528 | { | ||
529 | MHD_TLS_CONN_NO_TLS = 0, /**< Not a TLS connection (plain socket). */ | ||
530 | MHD_TLS_CONN_INIT, /**< TLS connection is not established yet. */ | ||
531 | MHD_TLS_CONN_HANDSHAKING, /**< TLS is in handshake process. */ | ||
532 | MHD_TLS_CONN_CONNECTED, /**< TLS is established. */ | ||
533 | MHD_TLS_CONN_WR_CLOSING, /**< Closing WR side of TLS layer. */ | ||
534 | MHD_TLS_CONN_WR_CLOSED, /**< WR side of TLS layer is closed. */ | ||
535 | MHD_TLS_CONN_TLS_CLOSING, /**< TLS session is terminating. */ | ||
536 | MHD_TLS_CONN_TLS_CLOSED, /**< TLS session is terminated. */ | ||
537 | MHD_TLS_CONN_TLS_FAILED, /**< TLS session failed. */ | ||
538 | MHD_TLS_CONN_INVALID_STATE/**< Sentinel. Not a valid value. */ | ||
539 | }; | ||
540 | |||
534 | /** | 541 | /** |
535 | * Should all state transitions be printed to stderr? | 542 | * Should all state transitions be printed to stderr? |
536 | */ | 543 | */ |
@@ -973,6 +980,11 @@ struct MHD_Connection | |||
973 | int cipher; | 980 | int cipher; |
974 | 981 | ||
975 | /** | 982 | /** |
983 | * State of connection's TLS layer | ||
984 | */ | ||
985 | enum MHD_TLS_CONN_STATE tls_state; | ||
986 | |||
987 | /** | ||
976 | * Could it be that we are ready to read due to TLS buffers | 988 | * Could it be that we are ready to read due to TLS buffers |
977 | * even though the socket is not? | 989 | * even though the socket is not? |
978 | */ | 990 | */ |