• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1  /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  *
24  *  This is included from private-lib-core.h if LWS_WITH_TLS
25  */
26 
27 struct lws_context_per_thread;
28 struct lws_tls_ops {
29 	int (*fake_POLLIN_for_buffered)(struct lws_context_per_thread *pt);
30 };
31 
32 struct lws_context_tls {
33 	char alpn_discovered[32];
34 	const char *alpn_default;
35 	time_t last_cert_check_s;
36 	struct lws_dll2_owner cc_owner;
37 	int count_client_contexts;
38 };
39 
40 struct lws_pt_tls {
41 	struct lws_dll2_owner dll_pending_tls_owner;
42 };
43 
44 struct lws_tls_ss_pieces;
45 
46 struct alpn_ctx {
47 	uint8_t data[23];
48 	uint8_t len;
49 };
50 
51 struct lws_vhost_tls {
52 	lws_tls_ctx *ssl_ctx;
53 	lws_tls_ctx *ssl_client_ctx;
54 	struct lws_tls_client_reuse *tcr;
55 	const char *alpn;
56 	struct lws_tls_ss_pieces *ss; /* for acme tls certs */
57 	char *alloc_cert_path;
58 	char *key_path;
59 #if defined(LWS_WITH_MBEDTLS)
60 	lws_tls_x509 *x509_client_CA;
61 #endif
62 	char ecdh_curve[16];
63 	struct alpn_ctx alpn_ctx;
64 
65 	int use_ssl;
66 	int allow_non_ssl_on_ssl_port;
67 	int ssl_info_event_mask;
68 
69 #if defined(LWS_WITH_MBEDTLS)
70 	uint32_t tls_session_cache_ttl;
71 #endif
72 
73 	unsigned int user_supplied_ssl_ctx:1;
74 	unsigned int skipped_certs:1;
75 };
76 
77 struct lws_lws_tls {
78 	lws_tls_conn		*ssl;
79 	lws_tls_bio		*client_bio;
80 #if defined(LWS_TLS_SYNTHESIZE_CB)
81 	lws_sorted_usec_list_t	sul_cb_synth;
82 #endif
83 #if !defined(LWS_WITH_MBEDTLS) && defined(LWS_WITH_TLS_JIT_TRUST)
84 	/* mbedtls has this in the wrapper, since no wsi ptr at validation */
85 	lws_tls_kid_chain_t	kid_chain;
86 #endif
87 	struct lws_dll2		dll_pending_tls;
88 	char			err_helper[32];
89 	unsigned int		use_ssl;
90 	unsigned int		redirect_to_https:1;
91 };
92 
93 
94 void
95 lws_context_init_alpn(struct lws_vhost *vhost);
96 int LWS_WARN_UNUSED_RESULT
97 lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, size_t len);
98 int LWS_WARN_UNUSED_RESULT
99 lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, size_t len);
100 int LWS_WARN_UNUSED_RESULT
101 lws_ssl_pending(struct lws *wsi);
102 int LWS_WARN_UNUSED_RESULT
103 lws_server_socket_service_ssl(struct lws *new_wsi, lws_sockfd_type accept_fd,
104 				char is_pollin);
105 
106 void
107 lws_sess_cache_synth_cb(lws_sorted_usec_list_t *sul);
108 
109 int
110 lws_ssl_close(struct lws *wsi);
111 void
112 lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost);
113 void
114 lws_ssl_context_destroy(struct lws_context *context);
115 void
116 __lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi);
117 LWS_VISIBLE void
118 lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi);
119 int
120 lws_ssl_client_bio_create(struct lws *wsi);
121 
122 int
123 lws_ssl_client_connect2(struct lws *wsi, char *errbuf, size_t len);
124 int
125 lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt);
126 int
127 lws_gate_accepts(struct lws_context *context, int on);
128 void
129 lws_ssl_bind_passphrase(lws_tls_ctx *ssl_ctx, int is_client,
130 			const struct lws_context_creation_info *info);
131 void
132 lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret);
133 int
134 lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi,
135 			  const char *cert, const char *private_key,
136 			  const char *mem_cert, size_t len_mem_cert,
137 			  const char *mem_privkey, size_t mem_privkey_len);
138 enum lws_tls_extant
139 lws_tls_generic_cert_checks(struct lws_vhost *vhost, const char *cert,
140 			    const char *private_key);
141 #if defined(LWS_WITH_SERVER)
142  int
143  lws_context_init_server_ssl(const struct lws_context_creation_info *info,
144 			     struct lws_vhost *vhost);
145  void
146  lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost);
147 #else
148  #define lws_context_init_server_ssl(_a, _b) (0)
149  #define lws_tls_acme_sni_cert_destroy(_a)
150 #endif
151 
152 void
153 lws_ssl_destroy(struct lws_vhost *vhost);
154 
155 /*
156 * lws_tls_ abstract backend implementations
157 */
158 
159 int
160 lws_tls_server_client_cert_verify_config(struct lws_vhost *vh);
161 int
162 lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
163 			  struct lws_vhost *vhost, struct lws *wsi);
164 int
165 lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd);
166 
167 enum lws_ssl_capable_status
168 lws_tls_server_accept(struct lws *wsi);
169 
170 enum lws_ssl_capable_status
171 lws_tls_server_abort_connection(struct lws *wsi);
172 
173 enum lws_ssl_capable_status
174 __lws_tls_shutdown(struct lws *wsi);
175 
176 enum lws_ssl_capable_status
177 lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t len);
178 int
179 lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, size_t ebuf_len);
180 int
181 lws_tls_client_create_vhost_context(struct lws_vhost *vh,
182 			    const struct lws_context_creation_info *info,
183 			    const char *cipher_list,
184 			    const char *ca_filepath,
185 			    const void *ca_mem,
186 			    unsigned int ca_mem_len,
187 			    const char *cert_filepath,
188 			    const void *cert_mem,
189 			    unsigned int cert_mem_len,
190 			    const char *private_key_filepath,
191 			    const void *key_mem,
192 			    unsigned int key_mem_len);
193 
194 
195 lws_tls_ctx *
196 lws_tls_ctx_from_wsi(struct lws *wsi);
197 int
198 lws_ssl_get_error(struct lws *wsi, int n);
199 
200 int
201 lws_context_init_client_ssl(const struct lws_context_creation_info *info,
202 		    struct lws_vhost *vhost);
203 
204 void
205 lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret);
206 
207 int
208 lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt);
209