Mercurial > hg > freeDiameter
annotate freeDiameter/cnxctx.c @ 20:277ec00d793e
Backup before typhoon... Progress on server side
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Wed, 07 Oct 2009 19:31:39 +0900 |
| parents | |
| children | bef197f6826f |
| rev | line source |
|---|---|
|
20
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
1 /********************************************************************************************************* |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
2 * Software License Agreement (BSD License) * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
3 * Author: Sebastien Decugis <sdecugis@nict.go.jp> * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
4 * * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
5 * Copyright (c) 2009, WIDE Project and NICT * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
6 * All rights reserved. * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
7 * * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
8 * Redistribution and use of this software in source and binary forms, with or without modification, are * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
9 * permitted provided that the following conditions are met: * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
10 * * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
11 * * Redistributions of source code must retain the above * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
12 * copyright notice, this list of conditions and the * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
13 * following disclaimer. * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
14 * * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
15 * * Redistributions in binary form must reproduce the above * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
16 * copyright notice, this list of conditions and the * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
17 * following disclaimer in the documentation and/or other * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
18 * materials provided with the distribution. * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
19 * * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
20 * * Neither the name of the WIDE Project or NICT nor the * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
21 * names of its contributors may be used to endorse or * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
22 * promote products derived from this software without * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
23 * specific prior written permission of WIDE Project and * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
24 * NICT. * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
25 * * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
34 *********************************************************************************************************/ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
35 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
36 #include "fD.h" |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
37 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
38 /* Initialize a connection context */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
39 struct cnxctx * fd_cnx_init(int sock, int proto) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
40 { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
41 struct cnxctx * conn = NULL; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
42 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
43 TRACE_ENTRY("%d %d", sock, proto); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
44 CHECK_PARAMS_DO( (proto == IPPROTO_TCP) || (proto == IPPROTO_SCTP), return NULL); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
45 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
46 CHECK_MALLOC_DO( conn = malloc(sizeof(struct cnxctx)), return NULL ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
47 memset(conn, 0, sizeof(struct cnxctx)); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
48 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
49 conn->cc_socket = sock; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
50 conn->cc_proto = proto; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
51 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
52 fd_list_init(&conn->cc_ep_remote, conn); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
53 fd_list_init(&conn->cc_ep_local, conn); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
54 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
55 if (proto == IPPROTO_SCTP) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
56 #ifndef DISABLE_SCTP |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
57 CHECK_FCT_DO( fd_sctp_get_str_info( sock, &conn->cc_sctp_para.str_in, &conn->cc_sctp_para.str_out ), |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
58 { free(conn); return NULL; } ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
59 conn->cc_sctp_para.pairs = (conn->cc_sctp_para.str_out < conn->cc_sctp_para.str_in) ? conn->cc_sctp_para.str_out : conn->cc_sctp_para.str_in; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
60 #else /* DISABLE_SCTP */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
61 ASSERT(0); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
62 #endif /* DISABLE_SCTP */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
63 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
64 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
65 return conn; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
66 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
67 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
68 /* TLS handshake the connection */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
69 int fd_cnx_handshake(struct cnxctx * conn, int mode) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
70 { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
71 TRACE_ENTRY( "%p %d", conn, mode); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
72 CHECK_PARAMS( conn && ( (mode == GNUTLS_CLIENT) || (mode == GNUTLS_SERVER) ) ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
73 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
74 /* Save the mode */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
75 conn->cc_tls_para.mode = mode; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
76 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
77 /* Create the master session context */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
78 CHECK_GNUTLS_DO( gnutls_init (&conn->cc_tls_para.session, mode), return ENOMEM ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
79 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
80 /* Set the algorithm suite */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
81 CHECK_GNUTLS_DO( gnutls_priority_set( conn->cc_tls_para.session, fd_g_config->cnf_sec_data.prio_cache ), return EINVAL ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
82 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
83 /* Set the credentials of this side of the connection */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
84 CHECK_GNUTLS_DO( gnutls_credentials_set (conn->cc_tls_para.session, GNUTLS_CRD_CERTIFICATE, fd_g_config->cnf_sec_data.credentials), return EINVAL ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
85 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
86 /* Request the remote credentials as well */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
87 if (mode == GNUTLS_SERVER) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
88 gnutls_certificate_server_set_request (conn->cc_tls_para.session, GNUTLS_CERT_REQUIRE); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
89 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
90 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
91 /* Set the socket info in the session */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
92 gnutls_transport_set_ptr (conn->cc_tls_para.session, (gnutls_transport_ptr_t) conn->cc_socket); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
93 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
94 /* Special case: multi-stream TLS is not natively managed in GNU TLS, we use a wrapper library */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
95 if ((conn->cc_proto == IPPROTO_SCTP) && (conn->cc_sctp_para.pairs > 0)) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
96 #ifndef DISABLE_SCTP |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
97 TODO("Initialize the SCTP TLS wrapper"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
98 TODO("Set the lowat, push and pull functions"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
99 #else /* DISABLE_SCTP */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
100 ASSERT(0); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
101 #endif /* DISABLE_SCTP */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
102 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
103 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
104 /* Handshake master session */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
105 { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
106 int ret; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
107 CHECK_GNUTLS_DO( ret = gnutls_handshake(conn->cc_tls_para.session), |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
108 { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
109 if (TRACE_BOOL(INFO)) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
110 fd_log_debug("TLS Handshake failed on socket %d : %s\n", conn->cc_socket, gnutls_strerror(ret)); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
111 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
112 return EINVAL; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
113 } ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
114 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
115 /* Now verify the remote credentials are valid -- only simple test here */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
116 CHECK_GNUTLS_DO( gnutls_certificate_verify_peers2 (conn->cc_tls_para.session, &ret), return EINVAL ); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
117 if (ret) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
118 if (TRACE_BOOL(INFO)) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
119 fd_log_debug("TLS: Remote certificate invalid on socket %d :\n", conn->cc_socket); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
120 if (ret & GNUTLS_CERT_INVALID) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
121 fd_log_debug(" - The certificate is not trusted (unknown CA?)\n"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
122 if (ret & GNUTLS_CERT_REVOKED) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
123 fd_log_debug(" - The certificate has been revoked.\n"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
124 if (ret & GNUTLS_CERT_SIGNER_NOT_FOUND) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
125 fd_log_debug(" - The certificate hasn't got a known issuer.\n"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
126 if (ret & GNUTLS_CERT_SIGNER_NOT_CA) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
127 fd_log_debug(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints.\n"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
128 if (ret & GNUTLS_CERT_INSECURE_ALGORITHM) |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
129 fd_log_debug(" - The certificate signature uses a weak algorithm.\n"); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
130 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
131 return EINVAL; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
132 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
133 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
134 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
135 /* Other sessions in case of multi-stream SCTP are resumed from the master */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
136 if ((conn->cc_proto == IPPROTO_SCTP) && (conn->cc_sctp_para.pairs > 0)) { |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
137 #ifndef DISABLE_SCTP |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
138 TODO("Init and resume all additional sessions from the master one."); |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
139 #endif /* DISABLE_SCTP */ |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
140 } |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
141 |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
142 return 0; |
|
277ec00d793e
Backup before typhoon... Progress on server side
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
143 } |