forked from lda/telodendria
Fix OpenSSL server accept call.
Apparently it can EAGAIN on non-blocking connections... I don't think LibreSSL's TLS library does this, but something to keep in mind if it doesn't work for somebody.
This commit is contained in:
parent
eef615fc9a
commit
f341fd2b6e
2 changed files with 48 additions and 12 deletions
10
TODO.txt
10
TODO.txt
|
@ -42,16 +42,18 @@ Milestone: v0.3.0
|
|||
- Each object has port, threads, maxConnections
|
||||
- If tls is given, it can be null, false, or an object with cert and key
|
||||
[x] Pass TLS certs and keys into HttpServer
|
||||
[x] Debug OpenSSL
|
||||
[ ] Replace all usages of curl with http
|
||||
[ ] Proper HTTP request router
|
||||
- Support regex matching
|
||||
[ ] Token permissions
|
||||
|
||||
[ ] Move configuration to database
|
||||
[ ] Initial configuration
|
||||
[ ] If no config, create one-time use registration token that
|
||||
grants user admin privileges.
|
||||
[ ] /_telodendria/admin/config endpoint
|
||||
[x] Refactor TelodendriaConfig to just Config
|
||||
[ ] Proper HTTP request router
|
||||
- Support regex matching
|
||||
[ ] Debug OpenSSL
|
||||
[ ] Replace all usages of curl with http
|
||||
|
||||
[ ] Documentation
|
||||
[ ] Array
|
||||
|
|
|
@ -39,6 +39,29 @@ typedef struct OpenSSLCookie
|
|||
SSL *ssl;
|
||||
} OpenSSLCookie;
|
||||
|
||||
static char *
|
||||
SSLErrorString(int err)
|
||||
{
|
||||
switch (err) {
|
||||
case SSL_ERROR_NONE:
|
||||
return "No error.";
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
return "The TLS/SSL connection has been closed.";
|
||||
case SSL_ERROR_WANT_READ:
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
case SSL_ERROR_WANT_CONNECT:
|
||||
case SSL_ERROR_WANT_ACCEPT:
|
||||
return "The operation did not complete.";
|
||||
case SSL_ERROR_WANT_X509_LOOKUP:
|
||||
return "X509 lookup failed.";
|
||||
case SSL_ERROR_SYSCALL:
|
||||
return "I/O Error.";
|
||||
case SSL_ERROR_SSL:
|
||||
return "SSL library error.";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void *
|
||||
TlsInitClient(int fd, const char *serverName)
|
||||
{
|
||||
|
@ -110,6 +133,7 @@ TlsInitServer(int fd, const char *crt, const char *key)
|
|||
{
|
||||
OpenSSLCookie *cookie;
|
||||
char errorStr[256];
|
||||
int acceptRet = 0;
|
||||
|
||||
cookie = Malloc(sizeof(OpenSSLCookie));
|
||||
if (!cookie)
|
||||
|
@ -123,44 +147,54 @@ TlsInitServer(int fd, const char *crt, const char *key)
|
|||
cookie->ctx = SSL_CTX_new(cookie->method);
|
||||
if (!cookie->ctx)
|
||||
{
|
||||
Log(LOG_ERR, "TlsServerInit(): Unable to create SSL Context.");
|
||||
Log(LOG_ERR, "TlsInitServer(): Unable to create SSL Context.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (SSL_CTX_use_certificate_file(cookie->ctx, crt, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
Log(LOG_ERR, "TlsServerInit(): Unable to set certificate file.");
|
||||
Log(LOG_ERR, "TlsInitServer(): Unable to set certificate file.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (SSL_CTX_use_PrivateKey_file(cookie->ctx, key, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
Log(LOG_ERR, "TlsServerInit(): Unable to set key file.");
|
||||
Log(LOG_ERR, "TlsInitServer(): Unable to set key file.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
cookie->ssl = SSL_new(cookie->ctx);
|
||||
if (!cookie->ssl)
|
||||
{
|
||||
Log(LOG_ERR, "TlsServerInit(): Unable to create SSL object.");
|
||||
Log(LOG_ERR, "TlsInitServer(): Unable to create SSL object.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (!SSL_set_fd(cookie->ssl, fd))
|
||||
{
|
||||
Log(LOG_ERR, "TlsServerInit(): Unable to set file descriptor.");
|
||||
Log(LOG_ERR, "TlsInitServer(): Unable to set file descriptor.");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (SSL_accept(cookie->ssl) <= 0)
|
||||
while ((acceptRet = SSL_accept(cookie->ssl)) <= 0)
|
||||
{
|
||||
Log(LOG_ERR, "TlsServerInit(): Unable to accept connection.");
|
||||
goto error;
|
||||
switch (SSL_get_error(cookie->ssl, acceptRet))
|
||||
{
|
||||
case SSL_ERROR_WANT_READ:
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
case SSL_ERROR_WANT_CONNECT:
|
||||
case SSL_ERROR_WANT_ACCEPT:
|
||||
continue;
|
||||
default:
|
||||
Log(LOG_ERR, "TlsInitServer(): Unable to accept connection.");
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
return cookie;
|
||||
|
||||
error:
|
||||
Log(LOG_ERR, "TlsServerInit(): %s", SSLErrorString(SSL_get_error(cookie->ssl, acceptRet)));
|
||||
Log(LOG_ERR, "TlsServerInit(): %s", ERR_error_string(ERR_get_error(), errorStr));
|
||||
|
||||
if (cookie->ssl)
|
||||
|
|
Loading…
Reference in a new issue