Used separate 'state' for TLS layer (independent of state of HTTP process)

4 files changed, 58 insertions, 31 deletions

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 21fe9aac..cd8b5b04 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -1648,6 +1648,25 @@ MHD_connection_update_event_loop_info (struct MHD_Connection *connection)
   /* Do not update states of suspended connection */
   if (connection->suspended)
     return; /* States will be updated after resume. */
+#ifdef HTTPS_SUPPORT
+  if (MHD_TLS_CONN_NO_TLS != connection->tls_state)
+    { /* HTTPS connection. */
+      switch (connection->tls_state)
+        {
+          case MHD_TLS_CONN_INIT:
+            connection->event_loop_info = MHD_EVENT_LOOP_INFO_READ;
+            return;
+          case MHD_TLS_CONN_HANDSHAKING:
+            if (0 == gnutls_record_get_direction (connection->tls_session))
+              connection->event_loop_info = MHD_EVENT_LOOP_INFO_READ;
+            else
+              connection->event_loop_info = MHD_EVENT_LOOP_INFO_WRITE;
+            return;
+          default:
+            break;
+        }
+    }
+#endif /* HTTPS_SUPPORT */
   while (1)
     {
 #if DEBUG_STATES
@@ -1658,14 +1677,6 @@ MHD_connection_update_event_loop_info (struct MHD_Connection *connection)
 #endif
       switch (connection->state)
         {
-#ifdef HTTPS_SUPPORT
-        case MHD_TLS_CONNECTION_INIT:
-          if (0 == gnutls_record_get_direction (connection->tls_session))
-            connection->event_loop_info = MHD_EVENT_LOOP_INFO_READ;
-          else
-            connection->event_loop_info = MHD_EVENT_LOOP_INFO_WRITE;
-          break;
-#endif /* HTTPS_SUPPORT */
         case MHD_CONNECTION_INIT:
         case MHD_CONNECTION_URL_RECEIVED:
         case MHD_CONNECTION_HEADER_PART_RECEIVED:
@@ -2959,9 +2970,6 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
           break;
         case MHD_CONNECTION_CLOSED:
           return MHD_YES;
-        case MHD_TLS_CONNECTION_INIT:
-          EXTRA_CHECK (0);
-          break;
         case MHD_CONNECTION_IN_CLEANUP:
           EXTRA_CHECK (0);
           break;
@@ -3072,6 +3080,14 @@ MHD_connection_handle_idle (struct MHD_Connection *connection)
   connection->in_idle = true;
   while (! connection->suspended)
     {
+#ifdef HTTPS_SUPPORT
+      if (MHD_TLS_CONN_NO_TLS != connection->tls_state)
+        { /* HTTPS connection. */
+          if ((MHD_TLS_CONN_INIT <= connection->tls_state) &&
+              (MHD_TLS_CONN_CONNECTED > connection->tls_state))
+            break;
+        }
+#endif /* HTTPS_SUPPORT */
 #if DEBUG_STATES
       MHD_DLOG (daemon,
                 _("In function %s handling connection at state: %s\n"),
@@ -3080,10 +3096,6 @@ MHD_connection_handle_idle (struct MHD_Connection *connection)
 #endif
       switch (connection->state)
         {
-#ifdef HTTPS_SUPPORT
-        case MHD_TLS_CONNECTION_INIT:
-          break;
-#endif /* HTTPS_SUPPORT */
         case MHD_CONNECTION_INIT:
           line = get_next_header_line (connection,
                                        &line_len);
diff --git a/src/microhttpd/connection_https.c b/src/microhttpd/connection_https.c
index e87aca56..08f569f0 100644
--- a/src/microhttpd/connection_https.c
+++ b/src/microhttpd/connection_https.c
@@ -147,23 +147,26 @@ run_tls_handshake (struct MHD_Connection *connection)
 {
   int ret;
 
-  if (MHD_TLS_CONNECTION_INIT == connection->state)
+  if ((MHD_TLS_CONN_INIT == connection->tls_state) ||
+      (MHD_TLS_CONN_HANDSHAKING == connection->tls_state))
     {
       ret = gnutls_handshake (connection->tls_session);
       if (ret == GNUTLS_E_SUCCESS)
         {
-          /* set connection state to enable HTTP processing */
-          connection->state = MHD_CONNECTION_INIT;
+          /* set connection TLS state to enable HTTP processing */
+          connection->tls_state = MHD_TLS_CONN_CONNECTED;
           MHD_update_last_activity_ (connection);
           return MHD_NO;
         }
       if ( (GNUTLS_E_AGAIN == ret) ||
            (GNUTLS_E_INTERRUPTED == ret) )
         {
+          connection->tls_state = MHD_TLS_CONN_HANDSHAKING;
           /* handshake not done */
           return MHD_YES;
         }
       /* handshake failed */
+      connection->tls_state = MHD_TLS_CONN_TLS_FAILED;
 #ifdef HAVE_MESSAGES
       MHD_DLOG (connection->daemon,
                 _("Error: received handshake message out of context\n"));
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 0fd478c2..48fe6856 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -2258,7 +2258,7 @@ internal_add_connection (struct MHD_Daemon *daemon,
   else
     {
 #ifdef HTTPS_SUPPORT
-      connection->state = MHD_TLS_CONNECTION_INIT;
+      connection->tls_state = MHD_TLS_CONN_INIT;
       MHD_set_https_callbacks (connection);
       gnutls_init (&connection->tls_session,
                    GNUTLS_SERVER);
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 72a8f7f9..be0eb424 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -510,27 +510,34 @@ enum MHD_CONNECTION_STATE
    */
   MHD_CONNECTION_IN_CLEANUP = MHD_CONNECTION_CLOSED + 1,
 
-  /*
-   *  SSL/TLS connection states
-   */
-
-  /**
-   * The initial connection state for all secure connectoins
-   * Handshake messages will be processed in this state & while
-   * in the #MHD_TLS_HELLO_REQUEST state
-   */
-  MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_IN_CLEANUP + 1,
-
 #ifdef UPGRADE_SUPPORT
   /**
    * Connection was "upgraded" and socket is now under the
    * control of the application.
    */
-  MHD_CONNECTION_UPGRADE = MHD_TLS_CONNECTION_INIT + 1,
+  MHD_CONNECTION_UPGRADE
 #endif /* UPGRADE_SUPPORT */
 
 };
 
+
+/**
+ * States of TLS transport layer.
+ */
+enum MHD_TLS_CONN_STATE
+{
+  MHD_TLS_CONN_NO_TLS = 0,  /**< Not a TLS connection (plain socket).   */
+  MHD_TLS_CONN_INIT,        /**< TLS connection is not established yet. */
+  MHD_TLS_CONN_HANDSHAKING, /**< TLS is in handshake process.           */
+  MHD_TLS_CONN_CONNECTED,   /**< TLS is established.                    */
+  MHD_TLS_CONN_WR_CLOSING,  /**< Closing WR side of TLS layer.          */
+  MHD_TLS_CONN_WR_CLOSED,   /**< WR side of TLS layer is closed.        */
+  MHD_TLS_CONN_TLS_CLOSING, /**< TLS session is terminating.            */
+  MHD_TLS_CONN_TLS_CLOSED,  /**< TLS session is terminated.             */
+  MHD_TLS_CONN_TLS_FAILED,  /**< TLS session failed.                    */
+  MHD_TLS_CONN_INVALID_STATE/**< Sentinel. Not a valid value.           */
+};
+
 /**
  * Should all state transitions be printed to stderr?
  */
@@ -973,6 +980,11 @@ struct MHD_Connection
   int cipher;
 
   /**
+   * State of connection's TLS layer
+   */
+  enum MHD_TLS_CONN_STATE tls_state;
+
+  /**
    * Could it be that we are ready to read due to TLS buffers
    * even though the socket is not?
    */