Mercurial > hg > freeDiameter-dtls
comparison libfdcore/sctp3436.c @ 1223:33ad82ffbdde
Make GNU TLS 3.x mandatory since we want to support DTLS. Removed the old compatibility code.
author | Sebastien Decugis <sdecugis@freediameter.net> |
---|---|
date | Wed, 19 Jun 2013 14:38:57 +0800 |
parents | 1e8267ad057c |
children |
comparison
equal
deleted
inserted
replaced
1222:5d0d300a7cd9 | 1223:33ad82ffbdde |
---|---|
161 | 161 |
162 /*************************************************************/ | 162 /*************************************************************/ |
163 /* push / pull */ | 163 /* push / pull */ |
164 /*************************************************************/ | 164 /*************************************************************/ |
165 | 165 |
166 #ifdef GNUTLS_VERSION_300 | |
167 /* Check if data is available for gnutls on a given context */ | 166 /* Check if data is available for gnutls on a given context */ |
168 static int sctp3436_pull_timeout(gnutls_transport_ptr_t tr, unsigned int ms) | 167 static int sctp3436_pull_timeout(gnutls_transport_ptr_t tr, unsigned int ms) |
169 { | 168 { |
170 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; | 169 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; |
171 struct timespec tsstore, *ts = NULL; | 170 struct timespec tsstore, *ts = NULL; |
190 ret = -1; | 189 ret = -1; |
191 } | 190 } |
192 | 191 |
193 return ret; | 192 return ret; |
194 } | 193 } |
195 #endif /* GNUTLS_VERSION_300 */ | |
196 | 194 |
197 /* Send data over the connection, called by gnutls */ | 195 /* Send data over the connection, called by gnutls */ |
198 #ifndef GNUTLS_VERSION_212 | |
199 static ssize_t sctp3436_push(gnutls_transport_ptr_t tr, const void * data, size_t len) | |
200 { | |
201 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; | |
202 struct iovec iov; | |
203 | |
204 TRACE_ENTRY("%p %p %zd", tr, data, len); | |
205 CHECK_PARAMS_DO( tr && data, { errno = EINVAL; return -1; } ); | |
206 | |
207 iov.iov_base = (void *)data; | |
208 iov.iov_len = len; | |
209 | |
210 return fd_sctp_sendstrv(ctx->parent, ctx->strid, &iov, 1); | |
211 } | |
212 #else /* GNUTLS_VERSION_212 */ | |
213 static ssize_t sctp3436_pushv(gnutls_transport_ptr_t tr, const giovec_t * iov, int iovcnt) | 196 static ssize_t sctp3436_pushv(gnutls_transport_ptr_t tr, const giovec_t * iov, int iovcnt) |
214 { | 197 { |
215 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; | 198 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; |
216 | 199 |
217 TRACE_ENTRY("%p %p %d", tr, iov, iovcnt); | 200 TRACE_ENTRY("%p %p %d", tr, iov, iovcnt); |
218 CHECK_PARAMS_DO( tr && iov, { errno = EINVAL; return -1; } ); | 201 CHECK_PARAMS_DO( tr && iov, { errno = EINVAL; return -1; } ); |
219 | 202 |
220 return fd_sctp_sendstrv(ctx->parent, ctx->strid, (const struct iovec *)iov, iovcnt); | 203 return fd_sctp_sendstrv(ctx->parent, ctx->strid, (const struct iovec *)iov, iovcnt); |
221 } | 204 } |
222 #endif /* GNUTLS_VERSION_212 */ | |
223 | 205 |
224 /* Retrieve data received on a stream and already demultiplexed */ | 206 /* Retrieve data received on a stream and already demultiplexed */ |
225 static ssize_t sctp3436_pull(gnutls_transport_ptr_t tr, void * buf, size_t len) | 207 static ssize_t sctp3436_pull(gnutls_transport_ptr_t tr, void * buf, size_t len) |
226 { | 208 { |
227 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; | 209 struct sctp3436_ctx * ctx = (struct sctp3436_ctx *) tr; |
268 gnutls_transport_set_errno (ctx->session, errno); | 250 gnutls_transport_set_errno (ctx->session, errno); |
269 return -1; | 251 return -1; |
270 } | 252 } |
271 | 253 |
272 /* Set the parameters of a session to use the appropriate fifo and stream information */ | 254 /* Set the parameters of a session to use the appropriate fifo and stream information */ |
273 #ifndef GNUTLS_VERSION_300 | |
274 GCC_DIAG_OFF("-Wdeprecated-declarations") | |
275 #endif /* !GNUTLS_VERSION_300 */ | |
276 static void set_sess_transport(gnutls_session_t session, struct sctp3436_ctx *ctx) | 255 static void set_sess_transport(gnutls_session_t session, struct sctp3436_ctx *ctx) |
277 { | 256 { |
278 /* Set the transport pointer passed to push & pull callbacks */ | 257 /* Set the transport pointer passed to push & pull callbacks */ |
279 GNUTLS_TRACE( gnutls_transport_set_ptr( session, (gnutls_transport_ptr_t) ctx ) ); | 258 GNUTLS_TRACE( gnutls_transport_set_ptr( session, (gnutls_transport_ptr_t) ctx ) ); |
280 | 259 |
281 /* Reset the low water value, since we don't use sockets */ | 260 /* Set the push and pull callbacks */ |
282 #ifndef GNUTLS_VERSION_300 | |
283 /* starting version 2.12, this call is not needed */ | |
284 GNUTLS_TRACE( gnutls_transport_set_lowat( session, 0 ) ); | |
285 #else /* GNUTLS_VERSION_300 */ | |
286 /* but in 3.0 we have to provide the pull_timeout callback */ | |
287 GNUTLS_TRACE( gnutls_transport_set_pull_timeout_function( session, sctp3436_pull_timeout ) ); | 261 GNUTLS_TRACE( gnutls_transport_set_pull_timeout_function( session, sctp3436_pull_timeout ) ); |
288 #endif /* GNUTLS_VERSION_300 */ | |
289 | |
290 /* Set the push and pull callbacks */ | |
291 GNUTLS_TRACE( gnutls_transport_set_pull_function(session, sctp3436_pull) ); | 262 GNUTLS_TRACE( gnutls_transport_set_pull_function(session, sctp3436_pull) ); |
292 #ifndef GNUTLS_VERSION_212 | |
293 GNUTLS_TRACE( gnutls_transport_set_push_function(session, sctp3436_push) ); | |
294 #else /* GNUTLS_VERSION_212 */ | |
295 GNUTLS_TRACE( gnutls_transport_set_vec_push_function(session, sctp3436_pushv) ); | 263 GNUTLS_TRACE( gnutls_transport_set_vec_push_function(session, sctp3436_pushv) ); |
296 #endif /* GNUTLS_VERSION_212 */ | |
297 | 264 |
298 return; | 265 return; |
299 } | 266 } |
300 #ifndef GNUTLS_VERSION_300 | |
301 GCC_DIAG_ON("-Wdeprecated-declarations") | |
302 #endif /* !GNUTLS_VERSION_300 */ | |
303 | 267 |
304 /*************************************************************/ | 268 /*************************************************************/ |
305 /* Session resuming support */ | 269 /* Session resuming support */ |
306 /*************************************************************/ | 270 /*************************************************************/ |
307 | 271 |
529 TRACE_DEBUG(FULL, "Starting TLS resumed handshake on stream %hu", ctx->strid); | 493 TRACE_DEBUG(FULL, "Starting TLS resumed handshake on stream %hu", ctx->strid); |
530 | 494 |
531 CHECK_GNUTLS_DO( gnutls_handshake( ctx->session ), return NULL); | 495 CHECK_GNUTLS_DO( gnutls_handshake( ctx->session ), return NULL); |
532 | 496 |
533 GNUTLS_TRACE( resumed = gnutls_session_is_resumed(ctx->session) ); | 497 GNUTLS_TRACE( resumed = gnutls_session_is_resumed(ctx->session) ); |
534 #ifndef GNUTLS_VERSION_300 | |
535 if (!resumed) { | |
536 /* Check the credentials here also */ | |
537 CHECK_FCT_DO( fd_tls_verify_credentials(ctx->session, ctx->parent, 0), return NULL ); | |
538 } | |
539 #endif /* GNUTLS_VERSION_300 */ | |
540 if (TRACE_BOOL(FULL)) { | 498 if (TRACE_BOOL(FULL)) { |
541 if (resumed) { | 499 if (resumed) { |
542 fd_log_debug("Session was resumed successfully on stream %hu (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent)); | 500 fd_log_debug("Session was resumed successfully on stream %hu (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent)); |
543 } else { | 501 } else { |
544 fd_log_debug("Session was NOT resumed on stream %hu (full handshake) (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent)); | 502 fd_log_debug("Session was NOT resumed on stream %hu (full handshake) (conn: '%s')", ctx->strid, fd_cnx_getid(ctx->parent)); |
617 /* Initialize the session objects and start the handshake in a separate thread */ | 575 /* Initialize the session objects and start the handshake in a separate thread */ |
618 for (i = 1; i < conn->cc_sctp_para.pairs; i++) { | 576 for (i = 1; i < conn->cc_sctp_para.pairs; i++) { |
619 /* Set credentials and priority */ | 577 /* Set credentials and priority */ |
620 CHECK_FCT( fd_tls_prepare(&conn->cc_sctp3436_data.array[i].session, conn->cc_tls_para.mode, 0, priority, alt_creds) ); | 578 CHECK_FCT( fd_tls_prepare(&conn->cc_sctp3436_data.array[i].session, conn->cc_tls_para.mode, 0, priority, alt_creds) ); |
621 | 579 |
622 /* additional initialization for gnutls 3.x */ | |
623 #ifdef GNUTLS_VERSION_300 | |
624 /* the verify function has already been set in the global initialization in config.c */ | |
625 | |
626 /* fd_tls_verify_credentials_2 uses the connection */ | 580 /* fd_tls_verify_credentials_2 uses the connection */ |
627 gnutls_session_set_ptr (conn->cc_sctp3436_data.array[i].session, (void *) conn); | 581 gnutls_session_set_ptr (conn->cc_sctp3436_data.array[i].session, (void *) conn); |
628 | 582 |
629 if ((conn->cc_tls_para.cn != NULL) && (conn->cc_tls_para.mode == GNUTLS_CLIENT)) { | 583 if ((conn->cc_tls_para.cn != NULL) && (conn->cc_tls_para.mode == GNUTLS_CLIENT)) { |
630 /* this might allow virtual hosting on the remote peer */ | 584 /* this might allow virtual hosting on the remote peer */ |
631 CHECK_GNUTLS_DO( gnutls_server_name_set (conn->cc_sctp3436_data.array[i].session, GNUTLS_NAME_DNS, conn->cc_tls_para.cn, strlen(conn->cc_tls_para.cn)), /* ignore failure */); | 585 CHECK_GNUTLS_DO( gnutls_server_name_set (conn->cc_sctp3436_data.array[i].session, GNUTLS_NAME_DNS, conn->cc_tls_para.cn, strlen(conn->cc_tls_para.cn)), /* ignore failure */); |
632 } | 586 } |
633 | |
634 #endif /* GNUTLS_VERSION_300 */ | |
635 | 587 |
636 #ifdef GNUTLS_VERSION_310 | 588 #ifdef GNUTLS_VERSION_310 |
637 GNUTLS_TRACE( gnutls_handshake_set_timeout( conn->cc_sctp3436_data.array[i].session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)); | 589 GNUTLS_TRACE( gnutls_handshake_set_timeout( conn->cc_sctp3436_data.array[i].session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)); |
638 #endif /* GNUTLS_VERSION_310 */ | 590 #endif /* GNUTLS_VERSION_310 */ |
639 | 591 |