aboutsummaryrefslogtreecommitdiff
path: root/src/microspdy/io_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microspdy/io_openssl.c')
-rw-r--r--src/microspdy/io_openssl.c45
1 files changed, 22 insertions, 23 deletions
diff --git a/src/microspdy/io_openssl.c b/src/microspdy/io_openssl.c
index 8dea5bb7..6a8b5cad 100644
--- a/src/microspdy/io_openssl.c
+++ b/src/microspdy/io_openssl.c
@@ -45,7 +45,7 @@ spdyf_next_protos_advertised_cb (SSL *ssl, const unsigned char **out, unsigned i
45 (void)arg; 45 (void)arg;
46 static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3" 46 static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3"
47 0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3 47 0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3
48 48
49 *out = npn_spdy3; 49 *out = npn_spdy3;
50 *outlen = 7; // total length of npn_spdy3 50 *outlen = 7; // total length of npn_spdy3
51 return SSL_TLSEXT_ERR_OK; 51 return SSL_TLSEXT_ERR_OK;
@@ -87,8 +87,8 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon)
87 //set options for tls 87 //set options for tls
88 //TODO DH is not enabled for easier debugging 88 //TODO DH is not enabled for easier debugging
89 //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); 89 //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE);
90 90
91 //TODO here session tickets are disabled for easier debuging with 91 //TODO here session tickets are disabled for easier debuging with
92 //wireshark when using Chrome 92 //wireshark when using Chrome
93 // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack 93 // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack
94 options = SSL_OP_NO_TICKET; 94 options = SSL_OP_NO_TICKET;
@@ -112,14 +112,13 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon)
112 return SPDY_NO; 112 return SPDY_NO;
113 } 113 }
114 SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL); 114 SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL);
115 //TODO only RC4-SHA is used to make it easy to debug with wireshark 115 if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "HIGH"))
116 if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "RC4-SHA"))
117 { 116 {
118 SPDYF_DEBUG("Couldn't set the desired cipher list"); 117 SPDYF_DEBUG("Couldn't set the desired cipher list");
119 SSL_CTX_free(daemon->io_context); 118 SSL_CTX_free(daemon->io_context);
120 return SPDY_NO; 119 return SPDY_NO;
121 } 120 }
122 121
123 return SPDY_YES; 122 return SPDY_YES;
124} 123}
125 124
@@ -135,7 +134,7 @@ int
135SPDYF_openssl_new_session(struct SPDY_Session *session) 134SPDYF_openssl_new_session(struct SPDY_Session *session)
136{ 135{
137 int ret; 136 int ret;
138 137
139 if(NULL == (session->io_context = SSL_new(session->daemon->io_context))) 138 if(NULL == (session->io_context = SSL_new(session->daemon->io_context)))
140 { 139 {
141 SPDYF_DEBUG("Couldn't create ssl structure"); 140 SPDYF_DEBUG("Couldn't create ssl structure");
@@ -148,7 +147,7 @@ SPDYF_openssl_new_session(struct SPDY_Session *session)
148 session->io_context = NULL; 147 session->io_context = NULL;
149 return SPDY_NO; 148 return SPDY_NO;
150 } 149 }
151 150
152 //for non-blocking I/O SSL_accept may return -1 151 //for non-blocking I/O SSL_accept may return -1
153 //and this function won't work 152 //and this function won't work
154 if(1 != (ret = SSL_accept(session->io_context))) 153 if(1 != (ret = SSL_accept(session->io_context)))
@@ -158,11 +157,11 @@ SPDYF_openssl_new_session(struct SPDY_Session *session)
158 session->io_context = NULL; 157 session->io_context = NULL;
159 return SPDY_NO; 158 return SPDY_NO;
160 } 159 }
161 /* alternatively 160 /* alternatively
162 SSL_set_accept_state(session->io_context); 161 SSL_set_accept_state(session->io_context);
163 * may be called and then the negotiation will be done on reading 162 * may be called and then the negotiation will be done on reading
164 */ 163 */
165 164
166 return SPDY_YES; 165 return SPDY_YES;
167} 166}
168 167
@@ -176,7 +175,7 @@ SPDYF_openssl_close_session(struct SPDY_Session *session)
176 //after that because the browsers don't seem to care much about 175 //after that because the browsers don't seem to care much about
177 //"close notify" 176 //"close notify"
178 SSL_shutdown(session->io_context); 177 SSL_shutdown(session->io_context);
179 178
180 SSL_free(session->io_context); 179 SSL_free(session->io_context);
181} 180}
182 181
@@ -187,7 +186,7 @@ SPDYF_openssl_recv(struct SPDY_Session *session,
187 size_t size) 186 size_t size)
188{ 187{
189 int ret; 188 int ret;
190 int n = SSL_read(session->io_context, 189 int n = SSL_read(session->io_context,
191 buffer, 190 buffer,
192 size); 191 size);
193 //if(n > 0) SPDYF_DEBUG("recvd: %i",n); 192 //if(n > 0) SPDYF_DEBUG("recvd: %i",n);
@@ -198,15 +197,15 @@ SPDYF_openssl_recv(struct SPDY_Session *session,
198 { 197 {
199 case SSL_ERROR_ZERO_RETURN: 198 case SSL_ERROR_ZERO_RETURN:
200 return 0; 199 return 0;
201 200
202 case SSL_ERROR_WANT_READ: 201 case SSL_ERROR_WANT_READ:
203 case SSL_ERROR_WANT_WRITE: 202 case SSL_ERROR_WANT_WRITE:
204 return SPDY_IO_ERROR_AGAIN; 203 return SPDY_IO_ERROR_AGAIN;
205 204
206 case SSL_ERROR_SYSCALL: 205 case SSL_ERROR_SYSCALL:
207 if(EINTR == errno) 206 if(EINTR == errno)
208 return SPDY_IO_ERROR_AGAIN; 207 return SPDY_IO_ERROR_AGAIN;
209 208
210 default: 209 default:
211 return SPDY_IO_ERROR_ERROR; 210 return SPDY_IO_ERROR_ERROR;
212 } 211 }
@@ -222,8 +221,8 @@ SPDYF_openssl_send(struct SPDY_Session *session,
222 size_t size) 221 size_t size)
223{ 222{
224 int ret; 223 int ret;
225 224
226 int n = SSL_write(session->io_context, 225 int n = SSL_write(session->io_context,
227 buffer, 226 buffer,
228 size); 227 size);
229 //if(n > 0) SPDYF_DEBUG("sent: %i",n); 228 //if(n > 0) SPDYF_DEBUG("sent: %i",n);
@@ -234,20 +233,20 @@ SPDYF_openssl_send(struct SPDY_Session *session,
234 { 233 {
235 case SSL_ERROR_ZERO_RETURN: 234 case SSL_ERROR_ZERO_RETURN:
236 return 0; 235 return 0;
237 236
238 case SSL_ERROR_WANT_READ: 237 case SSL_ERROR_WANT_READ:
239 case SSL_ERROR_WANT_WRITE: 238 case SSL_ERROR_WANT_WRITE:
240 return SPDY_IO_ERROR_AGAIN; 239 return SPDY_IO_ERROR_AGAIN;
241 240
242 case SSL_ERROR_SYSCALL: 241 case SSL_ERROR_SYSCALL:
243 if(EINTR == errno) 242 if(EINTR == errno)
244 return SPDY_IO_ERROR_AGAIN; 243 return SPDY_IO_ERROR_AGAIN;
245 244
246 default: 245 default:
247 return SPDY_IO_ERROR_ERROR; 246 return SPDY_IO_ERROR_ERROR;
248 } 247 }
249 } 248 }
250 249
251 return n; 250 return n;
252} 251}
253 252
@@ -267,7 +266,7 @@ int
267SPDYF_openssl_before_write(struct SPDY_Session *session) 266SPDYF_openssl_before_write(struct SPDY_Session *session)
268{ 267{
269 (void)session; 268 (void)session;
270 269
271 return SPDY_YES; 270 return SPDY_YES;
272} 271}
273 272
@@ -276,6 +275,6 @@ int
276SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written) 275SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written)
277{ 276{
278 (void)session; 277 (void)session;
279 278
280 return was_written; 279 return was_written;
281} 280}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-30 11:33:37 +0000