diff options
Diffstat (limited to 'src/microspdy/io_openssl.c')
-rw-r--r-- | src/microspdy/io_openssl.c | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/src/microspdy/io_openssl.c b/src/microspdy/io_openssl.c index 8dea5bb7..6a8b5cad 100644 --- a/src/microspdy/io_openssl.c +++ b/src/microspdy/io_openssl.c | |||
@@ -45,7 +45,7 @@ spdyf_next_protos_advertised_cb (SSL *ssl, const unsigned char **out, unsigned i | |||
45 | (void)arg; | 45 | (void)arg; |
46 | static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3" | 46 | static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3" |
47 | 0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3 | 47 | 0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3 |
48 | 48 | ||
49 | *out = npn_spdy3; | 49 | *out = npn_spdy3; |
50 | *outlen = 7; // total length of npn_spdy3 | 50 | *outlen = 7; // total length of npn_spdy3 |
51 | return SSL_TLSEXT_ERR_OK; | 51 | return SSL_TLSEXT_ERR_OK; |
@@ -87,8 +87,8 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon) | |||
87 | //set options for tls | 87 | //set options for tls |
88 | //TODO DH is not enabled for easier debugging | 88 | //TODO DH is not enabled for easier debugging |
89 | //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); | 89 | //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); |
90 | 90 | ||
91 | //TODO here session tickets are disabled for easier debuging with | 91 | //TODO here session tickets are disabled for easier debuging with |
92 | //wireshark when using Chrome | 92 | //wireshark when using Chrome |
93 | // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack | 93 | // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack |
94 | options = SSL_OP_NO_TICKET; | 94 | options = SSL_OP_NO_TICKET; |
@@ -112,14 +112,13 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon) | |||
112 | return SPDY_NO; | 112 | return SPDY_NO; |
113 | } | 113 | } |
114 | SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL); | 114 | SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL); |
115 | //TODO only RC4-SHA is used to make it easy to debug with wireshark | 115 | if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "HIGH")) |
116 | if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "RC4-SHA")) | ||
117 | { | 116 | { |
118 | SPDYF_DEBUG("Couldn't set the desired cipher list"); | 117 | SPDYF_DEBUG("Couldn't set the desired cipher list"); |
119 | SSL_CTX_free(daemon->io_context); | 118 | SSL_CTX_free(daemon->io_context); |
120 | return SPDY_NO; | 119 | return SPDY_NO; |
121 | } | 120 | } |
122 | 121 | ||
123 | return SPDY_YES; | 122 | return SPDY_YES; |
124 | } | 123 | } |
125 | 124 | ||
@@ -135,7 +134,7 @@ int | |||
135 | SPDYF_openssl_new_session(struct SPDY_Session *session) | 134 | SPDYF_openssl_new_session(struct SPDY_Session *session) |
136 | { | 135 | { |
137 | int ret; | 136 | int ret; |
138 | 137 | ||
139 | if(NULL == (session->io_context = SSL_new(session->daemon->io_context))) | 138 | if(NULL == (session->io_context = SSL_new(session->daemon->io_context))) |
140 | { | 139 | { |
141 | SPDYF_DEBUG("Couldn't create ssl structure"); | 140 | SPDYF_DEBUG("Couldn't create ssl structure"); |
@@ -148,7 +147,7 @@ SPDYF_openssl_new_session(struct SPDY_Session *session) | |||
148 | session->io_context = NULL; | 147 | session->io_context = NULL; |
149 | return SPDY_NO; | 148 | return SPDY_NO; |
150 | } | 149 | } |
151 | 150 | ||
152 | //for non-blocking I/O SSL_accept may return -1 | 151 | //for non-blocking I/O SSL_accept may return -1 |
153 | //and this function won't work | 152 | //and this function won't work |
154 | if(1 != (ret = SSL_accept(session->io_context))) | 153 | if(1 != (ret = SSL_accept(session->io_context))) |
@@ -158,11 +157,11 @@ SPDYF_openssl_new_session(struct SPDY_Session *session) | |||
158 | session->io_context = NULL; | 157 | session->io_context = NULL; |
159 | return SPDY_NO; | 158 | return SPDY_NO; |
160 | } | 159 | } |
161 | /* alternatively | 160 | /* alternatively |
162 | SSL_set_accept_state(session->io_context); | 161 | SSL_set_accept_state(session->io_context); |
163 | * may be called and then the negotiation will be done on reading | 162 | * may be called and then the negotiation will be done on reading |
164 | */ | 163 | */ |
165 | 164 | ||
166 | return SPDY_YES; | 165 | return SPDY_YES; |
167 | } | 166 | } |
168 | 167 | ||
@@ -176,7 +175,7 @@ SPDYF_openssl_close_session(struct SPDY_Session *session) | |||
176 | //after that because the browsers don't seem to care much about | 175 | //after that because the browsers don't seem to care much about |
177 | //"close notify" | 176 | //"close notify" |
178 | SSL_shutdown(session->io_context); | 177 | SSL_shutdown(session->io_context); |
179 | 178 | ||
180 | SSL_free(session->io_context); | 179 | SSL_free(session->io_context); |
181 | } | 180 | } |
182 | 181 | ||
@@ -187,7 +186,7 @@ SPDYF_openssl_recv(struct SPDY_Session *session, | |||
187 | size_t size) | 186 | size_t size) |
188 | { | 187 | { |
189 | int ret; | 188 | int ret; |
190 | int n = SSL_read(session->io_context, | 189 | int n = SSL_read(session->io_context, |
191 | buffer, | 190 | buffer, |
192 | size); | 191 | size); |
193 | //if(n > 0) SPDYF_DEBUG("recvd: %i",n); | 192 | //if(n > 0) SPDYF_DEBUG("recvd: %i",n); |
@@ -198,15 +197,15 @@ SPDYF_openssl_recv(struct SPDY_Session *session, | |||
198 | { | 197 | { |
199 | case SSL_ERROR_ZERO_RETURN: | 198 | case SSL_ERROR_ZERO_RETURN: |
200 | return 0; | 199 | return 0; |
201 | 200 | ||
202 | case SSL_ERROR_WANT_READ: | 201 | case SSL_ERROR_WANT_READ: |
203 | case SSL_ERROR_WANT_WRITE: | 202 | case SSL_ERROR_WANT_WRITE: |
204 | return SPDY_IO_ERROR_AGAIN; | 203 | return SPDY_IO_ERROR_AGAIN; |
205 | 204 | ||
206 | case SSL_ERROR_SYSCALL: | 205 | case SSL_ERROR_SYSCALL: |
207 | if(EINTR == errno) | 206 | if(EINTR == errno) |
208 | return SPDY_IO_ERROR_AGAIN; | 207 | return SPDY_IO_ERROR_AGAIN; |
209 | 208 | ||
210 | default: | 209 | default: |
211 | return SPDY_IO_ERROR_ERROR; | 210 | return SPDY_IO_ERROR_ERROR; |
212 | } | 211 | } |
@@ -222,8 +221,8 @@ SPDYF_openssl_send(struct SPDY_Session *session, | |||
222 | size_t size) | 221 | size_t size) |
223 | { | 222 | { |
224 | int ret; | 223 | int ret; |
225 | 224 | ||
226 | int n = SSL_write(session->io_context, | 225 | int n = SSL_write(session->io_context, |
227 | buffer, | 226 | buffer, |
228 | size); | 227 | size); |
229 | //if(n > 0) SPDYF_DEBUG("sent: %i",n); | 228 | //if(n > 0) SPDYF_DEBUG("sent: %i",n); |
@@ -234,20 +233,20 @@ SPDYF_openssl_send(struct SPDY_Session *session, | |||
234 | { | 233 | { |
235 | case SSL_ERROR_ZERO_RETURN: | 234 | case SSL_ERROR_ZERO_RETURN: |
236 | return 0; | 235 | return 0; |
237 | 236 | ||
238 | case SSL_ERROR_WANT_READ: | 237 | case SSL_ERROR_WANT_READ: |
239 | case SSL_ERROR_WANT_WRITE: | 238 | case SSL_ERROR_WANT_WRITE: |
240 | return SPDY_IO_ERROR_AGAIN; | 239 | return SPDY_IO_ERROR_AGAIN; |
241 | 240 | ||
242 | case SSL_ERROR_SYSCALL: | 241 | case SSL_ERROR_SYSCALL: |
243 | if(EINTR == errno) | 242 | if(EINTR == errno) |
244 | return SPDY_IO_ERROR_AGAIN; | 243 | return SPDY_IO_ERROR_AGAIN; |
245 | 244 | ||
246 | default: | 245 | default: |
247 | return SPDY_IO_ERROR_ERROR; | 246 | return SPDY_IO_ERROR_ERROR; |
248 | } | 247 | } |
249 | } | 248 | } |
250 | 249 | ||
251 | return n; | 250 | return n; |
252 | } | 251 | } |
253 | 252 | ||
@@ -267,7 +266,7 @@ int | |||
267 | SPDYF_openssl_before_write(struct SPDY_Session *session) | 266 | SPDYF_openssl_before_write(struct SPDY_Session *session) |
268 | { | 267 | { |
269 | (void)session; | 268 | (void)session; |
270 | 269 | ||
271 | return SPDY_YES; | 270 | return SPDY_YES; |
272 | } | 271 | } |
273 | 272 | ||
@@ -276,6 +275,6 @@ int | |||
276 | SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written) | 275 | SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written) |
277 | { | 276 | { |
278 | (void)session; | 277 | (void)session; |
279 | 278 | ||
280 | return was_written; | 279 | return was_written; |
281 | } | 280 | } |