mirror of
https://github.com/cesanta/mongoose.git
synced 2025-08-05 13:14:11 +08:00
Restore tickets support
This commit is contained in:
cpq
parent
9055a83b4f
commit
9ec48e41f7
56
mongoose.c
56
mongoose.c
@ -3788,6 +3788,7 @@ void mg_mgr_free(struct mg_mgr *mgr) {
|
|||||||
#if MG_ENABLE_EPOLL
|
#if MG_ENABLE_EPOLL
|
||||||
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
||||||
#endif
|
#endif
|
||||||
|
mg_tls_ctx_free(mgr);
|
||||||
}
|
}
|
||||||
|
|
||||||
void mg_mgr_init(struct mg_mgr *mgr) {
|
void mg_mgr_init(struct mg_mgr *mgr) {
|
||||||
@ -3812,6 +3813,7 @@ void mg_mgr_init(struct mg_mgr *mgr) {
|
|||||||
mgr->dnstimeout = 3000;
|
mgr->dnstimeout = 3000;
|
||||||
mgr->dns4.url = "udp://8.8.8.8:53";
|
mgr->dns4.url = "udp://8.8.8.8:53";
|
||||||
mgr->dns6.url = "udp://[2001:4860:4860::8888]:53";
|
mgr->dns6.url = "udp://[2001:4860:4860::8888]:53";
|
||||||
|
mg_tls_ctx_init(mgr);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef MG_ENABLE_LINES
|
#ifdef MG_ENABLE_LINES
|
||||||
@ -6990,6 +6992,12 @@ size_t mg_tls_pending(struct mg_connection *c) {
|
|||||||
(void) c;
|
(void) c;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef MG_ENABLE_LINES
|
#ifdef MG_ENABLE_LINES
|
||||||
@ -7141,14 +7149,9 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
mbedtls_ssl_ticket_init(&tls->ticket);
|
mbedtls_ssl_conf_session_tickets_cb(
|
||||||
if ((rc = mbedtls_ssl_ticket_setup(&tls->ticket, mg_mbed_rng, NULL,
|
&tls->conf, mbedtls_ssl_ticket_write, mbedtls_ssl_ticket_parse,
|
||||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) != 0) {
|
&((struct mg_tls_ctx *) c->mgr->tls_ctx)->tickets);
|
||||||
mg_error(c, " mbedtls_ssl_ticket_setup %#x", -rc);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
mbedtls_ssl_conf_session_tickets_cb(&tls->conf, mbedtls_ssl_ticket_write,
|
|
||||||
mbedtls_ssl_ticket_parse, &tls->ticket);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
||||||
@ -7188,6 +7191,35 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
|||||||
if (n <= 0) return MG_IO_ERR;
|
if (n <= 0) return MG_IO_ERR;
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||||
|
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||||
|
if (ctx == NULL) {
|
||||||
|
MG_ERROR(("TLS context init OOM"));
|
||||||
|
} else {
|
||||||
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
int rc;
|
||||||
|
mbedtls_ssl_ticket_init(&ctx->tickets);
|
||||||
|
if ((rc = mbedtls_ssl_ticket_setup(&ctx->tickets, mg_mbed_rng, NULL,
|
||||||
|
MBEDTLS_CIPHER_AES_128_GCM, 86400)) !=
|
||||||
|
0) {
|
||||||
|
MG_ERROR((" mbedtls_ssl_ticket_setup %#x", -rc));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
mgr->tls_ctx = ctx;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||||
|
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||||
|
if (ctx != NULL) {
|
||||||
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
mbedtls_ssl_ticket_free(&ctx->tickets);
|
||||||
|
#endif
|
||||||
|
free(ctx);
|
||||||
|
mgr->tls_ctx = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef MG_ENABLE_LINES
|
#ifdef MG_ENABLE_LINES
|
||||||
@ -7384,6 +7416,14 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
|||||||
if (n <= 0) return MG_IO_ERR;
|
if (n <= 0) return MG_IO_ERR;
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef MG_ENABLE_LINES
|
#ifdef MG_ENABLE_LINES
|
||||||
|
|||||||
12
mongoose.h
12
mongoose.h
@ -1180,6 +1180,7 @@ struct mg_mgr {
|
|||||||
unsigned long nextid; // Next connection ID
|
unsigned long nextid; // Next connection ID
|
||||||
unsigned long timerid; // Next timer ID
|
unsigned long timerid; // Next timer ID
|
||||||
void *userdata; // Arbitrary user data pointer
|
void *userdata; // Arbitrary user data pointer
|
||||||
|
void *tls_ctx; // TLS context shared by all TLS sessions
|
||||||
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
||||||
void *active_dns_requests; // DNS requests in progress
|
void *active_dns_requests; // DNS requests in progress
|
||||||
struct mg_timer *timers; // Active timers
|
struct mg_timer *timers; // Active timers
|
||||||
@ -1358,6 +1359,10 @@ long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
|||||||
size_t mg_tls_pending(struct mg_connection *);
|
size_t mg_tls_pending(struct mg_connection *);
|
||||||
void mg_tls_handshake(struct mg_connection *);
|
void mg_tls_handshake(struct mg_connection *);
|
||||||
|
|
||||||
|
// Private
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *);
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -1370,6 +1375,13 @@ void mg_tls_handshake(struct mg_connection *);
|
|||||||
#include <mbedtls/ssl.h>
|
#include <mbedtls/ssl.h>
|
||||||
#include <mbedtls/ssl_ticket.h>
|
#include <mbedtls/ssl_ticket.h>
|
||||||
|
|
||||||
|
struct mg_tls_ctx {
|
||||||
|
int dummy;
|
||||||
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
mbedtls_ssl_ticket_context tickets;
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
|
||||||
struct mg_tls {
|
struct mg_tls {
|
||||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||||
mbedtls_x509_crt cert; // Parsed certificate
|
mbedtls_x509_crt cert; // Parsed certificate
|
||||||
|
|||||||
@ -228,6 +228,7 @@ void mg_mgr_free(struct mg_mgr *mgr) {
|
|||||||
#if MG_ENABLE_EPOLL
|
#if MG_ENABLE_EPOLL
|
||||||
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
||||||
#endif
|
#endif
|
||||||
|
mg_tls_ctx_free(mgr);
|
||||||
}
|
}
|
||||||
|
|
||||||
void mg_mgr_init(struct mg_mgr *mgr) {
|
void mg_mgr_init(struct mg_mgr *mgr) {
|
||||||
@ -252,4 +253,5 @@ void mg_mgr_init(struct mg_mgr *mgr) {
|
|||||||
mgr->dnstimeout = 3000;
|
mgr->dnstimeout = 3000;
|
||||||
mgr->dns4.url = "udp://8.8.8.8:53";
|
mgr->dns4.url = "udp://8.8.8.8:53";
|
||||||
mgr->dns6.url = "udp://[2001:4860:4860::8888]:53";
|
mgr->dns6.url = "udp://[2001:4860:4860::8888]:53";
|
||||||
|
mg_tls_ctx_init(mgr);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -27,6 +27,7 @@ struct mg_mgr {
|
|||||||
unsigned long nextid; // Next connection ID
|
unsigned long nextid; // Next connection ID
|
||||||
unsigned long timerid; // Next timer ID
|
unsigned long timerid; // Next timer ID
|
||||||
void *userdata; // Arbitrary user data pointer
|
void *userdata; // Arbitrary user data pointer
|
||||||
|
void *tls_ctx; // TLS context shared by all TLS sessions
|
||||||
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
||||||
void *active_dns_requests; // DNS requests in progress
|
void *active_dns_requests; // DNS requests in progress
|
||||||
struct mg_timer *timers; // Active timers
|
struct mg_timer *timers; // Active timers
|
||||||
|
|||||||
@ -27,3 +27,7 @@ long mg_tls_send(struct mg_connection *, const void *buf, size_t len);
|
|||||||
long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
||||||
size_t mg_tls_pending(struct mg_connection *);
|
size_t mg_tls_pending(struct mg_connection *);
|
||||||
void mg_tls_handshake(struct mg_connection *);
|
void mg_tls_handshake(struct mg_connection *);
|
||||||
|
|
||||||
|
// Private
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *);
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *);
|
||||||
|
|||||||
@ -21,4 +21,10 @@ size_t mg_tls_pending(struct mg_connection *c) {
|
|||||||
(void) c;
|
(void) c;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -144,14 +144,9 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
mbedtls_ssl_ticket_init(&tls->ticket);
|
mbedtls_ssl_conf_session_tickets_cb(
|
||||||
if ((rc = mbedtls_ssl_ticket_setup(&tls->ticket, mg_mbed_rng, NULL,
|
&tls->conf, mbedtls_ssl_ticket_write, mbedtls_ssl_ticket_parse,
|
||||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) != 0) {
|
&((struct mg_tls_ctx *) c->mgr->tls_ctx)->tickets);
|
||||||
mg_error(c, " mbedtls_ssl_ticket_setup %#x", -rc);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
mbedtls_ssl_conf_session_tickets_cb(&tls->conf, mbedtls_ssl_ticket_write,
|
|
||||||
mbedtls_ssl_ticket_parse, &tls->ticket);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
||||||
@ -191,4 +186,33 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
|||||||
if (n <= 0) return MG_IO_ERR;
|
if (n <= 0) return MG_IO_ERR;
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||||
|
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||||
|
if (ctx == NULL) {
|
||||||
|
MG_ERROR(("TLS context init OOM"));
|
||||||
|
} else {
|
||||||
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
int rc;
|
||||||
|
mbedtls_ssl_ticket_init(&ctx->tickets);
|
||||||
|
if ((rc = mbedtls_ssl_ticket_setup(&ctx->tickets, mg_mbed_rng, NULL,
|
||||||
|
MBEDTLS_CIPHER_AES_128_GCM, 86400)) !=
|
||||||
|
0) {
|
||||||
|
MG_ERROR((" mbedtls_ssl_ticket_setup %#x", -rc));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
mgr->tls_ctx = ctx;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||||
|
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||||
|
if (ctx != NULL) {
|
||||||
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
mbedtls_ssl_ticket_free(&ctx->tickets);
|
||||||
|
#endif
|
||||||
|
free(ctx);
|
||||||
|
mgr->tls_ctx = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -11,6 +11,13 @@
|
|||||||
#include <mbedtls/ssl.h>
|
#include <mbedtls/ssl.h>
|
||||||
#include <mbedtls/ssl_ticket.h>
|
#include <mbedtls/ssl_ticket.h>
|
||||||
|
|
||||||
|
struct mg_tls_ctx {
|
||||||
|
int dummy;
|
||||||
|
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
mbedtls_ssl_ticket_context tickets;
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
|
||||||
struct mg_tls {
|
struct mg_tls {
|
||||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||||
mbedtls_x509_crt cert; // Parsed certificate
|
mbedtls_x509_crt cert; // Parsed certificate
|
||||||
|
|||||||
@ -189,4 +189,12 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
|||||||
if (n <= 0) return MG_IO_ERR;
|
if (n <= 0) return MG_IO_ERR;
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
|
|
||||||
|
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||||
|
(void) mgr;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user