Mercurial > hg > freeDiameter-dtls

comparison libfdcore/sctp3436.c @ 1223:33ad82ffbdde

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make GNU TLS 3.x mandatory since we want to support DTLS. Removed the old compatibility code.
author Sebastien Decugis <sdecugis@freediameter.net>
date Wed, 19 Jun 2013 14:38:57 +0800
parents 1e8267ad057c
children
comparison
equal deleted inserted replaced
1222:5d0d300a7cd9 1223:33ad82ffbdde
161 161
162 /*************************************************************/ 162 /*************************************************************/
163 /* push / pull */ 163 /* push / pull */
164 /*************************************************************/ 164 /*************************************************************/
165 165
166 #ifdef GNUTLS_VERSION_300
167 /* Check if data is available for gnutls on a given context */ 166 /* Check if data is available for gnutls on a given context */
168 static int sctp3436_pull_timeout(gnutls_transport_ptr_t tr, unsigned int ms) 167 static int sctp3436_pull_timeout(gnutls_transport_ptr_t tr, unsigned int ms)
169 { 168 {
170 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; 169 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr;
171 struct timespec tsstore, *ts = NULL; 170 struct timespec tsstore, *ts = NULL;
190 ret = -1; 189 ret = -1;
191 } 190 }
192 191
193 return ret; 192 return ret;
194 } 193 }
195 #endif /* GNUTLS_VERSION_300 */
196 194
197 /* Send data over the connection, called by gnutls */ 195 /* Send data over the connection, called by gnutls */
198 #ifndef GNUTLS_VERSION_212
199 static ssize_t sctp3436_push(gnutls_transport_ptr_t tr, const void * data, size_t len)
200 {
201 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr;
202 struct iovec iov;
203
204 TRACE_ENTRY("%p %p %zd", tr, data, len);
205 CHECK_PARAMS_DO( tr && data, { errno = EINVAL; return -1; } );
206
207 iov.iov_base = (void *)data;
208 iov.iov_len = len;
209
210 return fd_sctp_sendstrv(ctx->parent, ctx->strid, &iov, 1);
211 }
212 #else /* GNUTLS_VERSION_212 */
213 static ssize_t sctp3436_pushv(gnutls_transport_ptr_t tr, const giovec_t * iov, int iovcnt) 196 static ssize_t sctp3436_pushv(gnutls_transport_ptr_t tr, const giovec_t * iov, int iovcnt)
214 { 197 {
215 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; 198 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr;
216 199
217 TRACE_ENTRY("%p %p %d", tr, iov, iovcnt); 200 TRACE_ENTRY("%p %p %d", tr, iov, iovcnt);
218 CHECK_PARAMS_DO( tr && iov, { errno = EINVAL; return -1; } ); 201 CHECK_PARAMS_DO( tr && iov, { errno = EINVAL; return -1; } );
219 202
220 return fd_sctp_sendstrv(ctx->parent, ctx->strid, (const struct iovec *)iov, iovcnt); 203 return fd_sctp_sendstrv(ctx->parent, ctx->strid, (const struct iovec *)iov, iovcnt);
221 } 204 }
222 #endif /* GNUTLS_VERSION_212 */
223 205
224 /* Retrieve data received on a stream and already demultiplexed */ 206 /* Retrieve data received on a stream and already demultiplexed */
225 static ssize_t sctp3436_pull(gnutls_transport_ptr_t tr, void * buf, size_t len) 207 static ssize_t sctp3436_pull(gnutls_transport_ptr_t tr, void * buf, size_t len)
226 { 208 {
227 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; 209 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr;
268 gnutls_transport_set_errno (ctx->session, errno); 250 gnutls_transport_set_errno (ctx->session, errno);
269 return -1; 251 return -1;
270 } 252 }
271 253
272 /* Set the parameters of a session to use the appropriate fifo and stream information */ 254 /* Set the parameters of a session to use the appropriate fifo and stream information */
273 #ifndef GNUTLS_VERSION_300
274 GCC_DIAG_OFF("-Wdeprecated-declarations")
275 #endif /* !GNUTLS_VERSION_300 */
276 static void set_sess_transport(gnutls_session_t session, struct sctp3436_ctx *ctx) 255 static void set_sess_transport(gnutls_session_t session, struct sctp3436_ctx *ctx)
277 { 256 {
278 /* Set the transport pointer passed to push & pull callbacks */ 257 /* Set the transport pointer passed to push & pull callbacks */
279 GNUTLS_TRACE( gnutls_transport_set_ptr( session, (gnutls_transport_ptr_t) ctx ) ); 258 GNUTLS_TRACE( gnutls_transport_set_ptr( session, (gnutls_transport_ptr_t) ctx ) );
280 259
281 /* Reset the low water value, since we don't use sockets */ 260 /* Set the push and pull callbacks */
282 #ifndef GNUTLS_VERSION_300
283 /* starting version 2.12, this call is not needed */
284 GNUTLS_TRACE( gnutls_transport_set_lowat( session, 0 ) );
285 #else /* GNUTLS_VERSION_300 */
286 /* but in 3.0 we have to provide the pull_timeout callback */
287 GNUTLS_TRACE( gnutls_transport_set_pull_timeout_function( session, sctp3436_pull_timeout ) ); 261 GNUTLS_TRACE( gnutls_transport_set_pull_timeout_function( session, sctp3436_pull_timeout ) );
288 #endif /* GNUTLS_VERSION_300 */
289
290 /* Set the push and pull callbacks */
291 GNUTLS_TRACE( gnutls_transport_set_pull_function(session, sctp3436_pull) ); 262 GNUTLS_TRACE( gnutls_transport_set_pull_function(session, sctp3436_pull) );
292 #ifndef GNUTLS_VERSION_212
293 GNUTLS_TRACE( gnutls_transport_set_push_function(session, sctp3436_push) );
294 #else /* GNUTLS_VERSION_212 */
295 GNUTLS_TRACE( gnutls_transport_set_vec_push_function(session, sctp3436_pushv) ); 263 GNUTLS_TRACE( gnutls_transport_set_vec_push_function(session, sctp3436_pushv) );
296 #endif /* GNUTLS_VERSION_212 */
297 264
298 return; 265 return;
299 } 266 }
300 #ifndef GNUTLS_VERSION_300
301 GCC_DIAG_ON("-Wdeprecated-declarations")
302 #endif /* !GNUTLS_VERSION_300 */
303 267
304 /*************************************************************/ 268 /*************************************************************/
305 /* Session resuming support */ 269 /* Session resuming support */
306 /*************************************************************/ 270 /*************************************************************/
307 271
529 TRACE_DEBUG(FULL, "Starting TLS resumed handshake on stream %hu", ctx->strid); 493 TRACE_DEBUG(FULL, "Starting TLS resumed handshake on stream %hu", ctx->strid);
530 494
531 CHECK_GNUTLS_DO( gnutls_handshake( ctx->session ), return NULL); 495 CHECK_GNUTLS_DO( gnutls_handshake( ctx->session ), return NULL);
532 496
533 GNUTLS_TRACE( resumed = gnutls_session_is_resumed(ctx->session) ); 497 GNUTLS_TRACE( resumed = gnutls_session_is_resumed(ctx->session) );
534 #ifndef GNUTLS_VERSION_300
535 if (!resumed) {
536 /* Check the credentials here also */
537 CHECK_FCT_DO( fd_tls_verify_credentials(ctx->session, ctx->parent, 0), return NULL );
538 }
539 #endif /* GNUTLS_VERSION_300 */
540 if (TRACE_BOOL(FULL)) { 498 if (TRACE_BOOL(FULL)) {
541 if (resumed) { 499 if (resumed) {
542 fd_log_debug("Session was resumed successfully on stream %hu (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent)); 500 fd_log_debug("Session was resumed successfully on stream %hu (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent));
543 } else { 501 } else {
544 fd_log_debug("Session was NOT resumed on stream %hu (full handshake) (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent)); 502 fd_log_debug("Session was NOT resumed on stream %hu (full handshake) (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent));
617 /* Initialize the session objects and start the handshake in a separate thread */ 575 /* Initialize the session objects and start the handshake in a separate thread */
618 for (i = 1; i < conn->cc_sctp_para.pairs; i++) { 576 for (i = 1; i < conn->cc_sctp_para.pairs; i++) {
619 /* Set credentials and priority */ 577 /* Set credentials and priority */
620 CHECK_FCT( fd_tls_prepare(&conn->cc_sctp3436_data.array[i].session, conn->cc_tls_para.mode, 0, priority, alt_creds) ); 578 CHECK_FCT( fd_tls_prepare(&conn->cc_sctp3436_data.array[i].session, conn->cc_tls_para.mode, 0, priority, alt_creds) );
621 579
622 /* additional initialization for gnutls 3.x */
623 #ifdef GNUTLS_VERSION_300
624 /* the verify function has already been set in the global initialization in config.c */
625
626 /* fd_tls_verify_credentials_2 uses the connection */ 580 /* fd_tls_verify_credentials_2 uses the connection */
627 gnutls_session_set_ptr (conn->cc_sctp3436_data.array[i].session, (void *) conn); 581 gnutls_session_set_ptr (conn->cc_sctp3436_data.array[i].session, (void *) conn);
628 582
629 if ((conn->cc_tls_para.cn != NULL) && (conn->cc_tls_para.mode == GNUTLS_CLIENT)) { 583 if ((conn->cc_tls_para.cn != NULL) && (conn->cc_tls_para.mode == GNUTLS_CLIENT)) {
630 /* this might allow virtual hosting on the remote peer */ 584 /* this might allow virtual hosting on the remote peer */
631 CHECK_GNUTLS_DO( gnutls_server_name_set (conn->cc_sctp3436_data.array[i].session, GNUTLS_NAME_DNS, conn->cc_tls_para.cn, strlen(conn->cc_tls_para.cn)), /* ignore failure */); 585 CHECK_GNUTLS_DO( gnutls_server_name_set (conn->cc_sctp3436_data.array[i].session, GNUTLS_NAME_DNS, conn->cc_tls_para.cn, strlen(conn->cc_tls_para.cn)), /* ignore failure */);
632 } 586 }
633
634 #endif /* GNUTLS_VERSION_300 */
635 587
636 #ifdef GNUTLS_VERSION_310 588 #ifdef GNUTLS_VERSION_310
637 GNUTLS_TRACE( gnutls_handshake_set_timeout( conn->cc_sctp3436_data.array[i].session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)); 589 GNUTLS_TRACE( gnutls_handshake_set_timeout( conn->cc_sctp3436_data.array[i].session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT));
638 #endif /* GNUTLS_VERSION_310 */ 590 #endif /* GNUTLS_VERSION_310 */
639 591
"Welcome to our mercurial repository"