| /* |
| * libwebsockets - small server side websockets and web server implementation |
| * |
| * Copyright (C) 2010 - 2019 Andy Green <[email protected]> |
| * |
| * Permission is hereby granted, free of charge, to any person obtaining a copy |
| * of this software and associated documentation files (the "Software"), to |
| * deal in the Software without restriction, including without limitation the |
| * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
| * sell copies of the Software, and to permit persons to whom the Software is |
| * furnished to do so, subject to the following conditions: |
| * |
| * The above copyright notice and this permission notice shall be included in |
| * all copies or substantial portions of the Software. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |
| * IN THE SOFTWARE. |
| * |
| * This is included from private-lib-core.h if LWS_WITH_TLS |
| */ |
| |
| struct lws_context_per_thread; |
| struct lws_tls_ops { |
| int (*fake_POLLIN_for_buffered)(struct lws_context_per_thread *pt); |
| }; |
| |
| struct lws_context_tls { |
| char alpn_discovered[32]; |
| const char *alpn_default; |
| time_t last_cert_check_s; |
| struct lws_dll2_owner cc_owner; |
| int count_client_contexts; |
| }; |
| |
| struct lws_pt_tls { |
| struct lws_dll2_owner dll_pending_tls_owner; |
| }; |
| |
| struct lws_tls_ss_pieces; |
| |
| struct alpn_ctx { |
| uint8_t data[23]; |
| uint8_t len; |
| }; |
| |
| struct lws_vhost_tls { |
| lws_tls_ctx *ssl_ctx; |
| lws_tls_ctx *ssl_client_ctx; |
| struct lws_tls_client_reuse *tcr; |
| const char *alpn; |
| struct lws_tls_ss_pieces *ss; /* for acme tls certs */ |
| char *alloc_cert_path; |
| char *key_path; |
| #if defined(LWS_WITH_MBEDTLS) |
| lws_tls_x509 *x509_client_CA; |
| #endif |
| char ecdh_curve[16]; |
| struct alpn_ctx alpn_ctx; |
| |
| int use_ssl; |
| int allow_non_ssl_on_ssl_port; |
| int ssl_info_event_mask; |
| |
| #if defined(LWS_WITH_MBEDTLS) |
| uint32_t tls_session_cache_ttl; |
| #endif |
| |
| unsigned int user_supplied_ssl_ctx:1; |
| unsigned int skipped_certs:1; |
| }; |
| |
| struct lws_lws_tls { |
| lws_tls_conn *ssl; |
| lws_tls_bio *client_bio; |
| #if defined(LWS_TLS_SYNTHESIZE_CB) |
| lws_sorted_usec_list_t sul_cb_synth; |
| #endif |
| #if !defined(LWS_WITH_MBEDTLS) && defined(LWS_WITH_TLS_JIT_TRUST) |
| /* mbedtls has this in the wrapper, since no wsi ptr at validation */ |
| lws_tls_kid_chain_t kid_chain; |
| #endif |
| struct lws_dll2 dll_pending_tls; |
| char err_helper[32]; |
| unsigned int use_ssl; |
| unsigned int redirect_to_https:1; |
| }; |
| |
| |
| void |
| lws_context_init_alpn(struct lws_vhost *vhost); |
| int LWS_WARN_UNUSED_RESULT |
| lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, size_t len); |
| int LWS_WARN_UNUSED_RESULT |
| lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, size_t len); |
| int LWS_WARN_UNUSED_RESULT |
| lws_ssl_pending(struct lws *wsi); |
| int LWS_WARN_UNUSED_RESULT |
| lws_server_socket_service_ssl(struct lws *new_wsi, lws_sockfd_type accept_fd, |
| char is_pollin); |
| |
| void |
| lws_sess_cache_synth_cb(lws_sorted_usec_list_t *sul); |
| |
| int |
| lws_ssl_close(struct lws *wsi); |
| void |
| lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost); |
| void |
| lws_ssl_context_destroy(struct lws_context *context); |
| void |
| __lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); |
| LWS_VISIBLE void |
| lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); |
| int |
| lws_ssl_client_bio_create(struct lws *wsi); |
| |
| int |
| lws_ssl_client_connect2(struct lws *wsi, char *errbuf, size_t len); |
| int |
| lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt); |
| int |
| lws_gate_accepts(struct lws_context *context, int on); |
| void |
| lws_ssl_bind_passphrase(lws_tls_ctx *ssl_ctx, int is_client, |
| const struct lws_context_creation_info *info); |
| void |
| lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret); |
| int |
| lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, |
| const char *cert, const char *private_key, |
| const char *mem_cert, size_t len_mem_cert, |
| const char *mem_privkey, size_t mem_privkey_len); |
| enum lws_tls_extant |
| lws_tls_generic_cert_checks(struct lws_vhost *vhost, const char *cert, |
| const char *private_key); |
| #if defined(LWS_WITH_SERVER) |
| int |
| lws_context_init_server_ssl(const struct lws_context_creation_info *info, |
| struct lws_vhost *vhost); |
| void |
| lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost); |
| #else |
| #define lws_context_init_server_ssl(_a, _b) (0) |
| #define lws_tls_acme_sni_cert_destroy(_a) |
| #endif |
| |
| void |
| lws_ssl_destroy(struct lws_vhost *vhost); |
| |
| /* |
| * lws_tls_ abstract backend implementations |
| */ |
| |
| int |
| lws_tls_server_client_cert_verify_config(struct lws_vhost *vh); |
| int |
| lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info, |
| struct lws_vhost *vhost, struct lws *wsi); |
| int |
| lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd); |
| |
| enum lws_ssl_capable_status |
| lws_tls_server_accept(struct lws *wsi); |
| |
| enum lws_ssl_capable_status |
| lws_tls_server_abort_connection(struct lws *wsi); |
| |
| enum lws_ssl_capable_status |
| __lws_tls_shutdown(struct lws *wsi); |
| |
| enum lws_ssl_capable_status |
| lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t len); |
| int |
| lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, size_t ebuf_len); |
| int |
| lws_tls_client_create_vhost_context(struct lws_vhost *vh, |
| const struct lws_context_creation_info *info, |
| const char *cipher_list, |
| const char *ca_filepath, |
| const void *ca_mem, |
| unsigned int ca_mem_len, |
| const char *cert_filepath, |
| const void *cert_mem, |
| unsigned int cert_mem_len, |
| const char *private_key_filepath, |
| const void *key_mem, |
| unsigned int key_mem_len); |
| |
| |
| lws_tls_ctx * |
| lws_tls_ctx_from_wsi(struct lws *wsi); |
| int |
| lws_ssl_get_error(struct lws *wsi, int n); |
| |
| int |
| lws_context_init_client_ssl(const struct lws_context_creation_info *info, |
| struct lws_vhost *vhost); |
| |
| void |
| lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret); |
| |
| int |
| lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt); |