Rooba
/
odyssey
mirror of https://github.com/yandex/odyssey.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

odissey: rework ssl support functions

This commit is contained in:
Dmitry Simonenko 2017-04-05 16:27:34 +03:00
parent 53adab5193
commit 0a1efa93fb
6 changed files with 161 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
core/od_be.c
View File

@ -153,67 +153,6 @@ od_besetup(od_server_t *server)
return 0;
}
static int
od_beconnect_tls(od_pooler_t *pooler, od_server_t *server,
od_schemeserver_t *scheme)
{
od_debug(&pooler->od->log, server->io, "S (tls): init");
/* SSL Request */
so_stream_t *stream = &server->stream;
so_stream_reset(stream);
int rc;
rc = so_fewrite_ssl_request(stream);
if (rc == -1)
return -1;
rc = od_write(server->io, stream);
if (rc == -1) {
od_error(&pooler->od->log, server->io, "S (tls): write error: %s",
machine_error(server->io));
return -1;
}
/* read server reply */
so_stream_reset(stream);
rc = machine_read(server->io, (char*)stream->p, 1, 0);
if (rc < 0) {
od_error(&pooler->od->log, server->io,
"S (tls): read error: %s",
machine_error(server->io));
return -1;
}
switch (*stream->p) {
case 'S':
/* supported */
od_debug(&pooler->od->log, server->io,
"S (tls): supported");
rc = machine_set_tls(server->io, server->tls);
if (rc == -1) {
od_error(&pooler->od->log, server->io,
"S (tls): %s", machine_error(pooler->od));
return -1;
}
od_debug(&pooler->od->log, server->io, "S (tls): ok");
break;
case 'N':
/* not supported */
if (scheme->tls_verify == OD_TALLOW) {
od_debug(&pooler->od->log, server->io,
"S (tls): not supported, continue (allow)");
} else {
od_error(&pooler->od->log, server->io,
"S (tls): not supported, closing");
return -1;
}
break;
default:
od_error(&pooler->od->log, server->io,
"S (tls): unexpected status reply");
return -1;
}
return 0;
}
static int
od_beconnect(od_pooler_t *pooler, od_server_t *server)
{
@ -259,7 +198,10 @@ od_beconnect(od_pooler_t *pooler, od_server_t *server)
/* do tls handshake */
if (server_scheme->tls_verify != OD_TDISABLE) {
rc = od_beconnect_tls(pooler, server, server_scheme);
rc = od_tlsbe_connect(pooler->env, server->io, server->tls,
&server->stream,
&pooler->od->log, "S",
server_scheme);
if (rc == -1)
return -1;
}
@ -368,7 +310,7 @@ od_bepop(od_pooler_t *pooler, od_route_t *route, od_client_t *client)
od_schemeserver_t *server_scheme;
server_scheme = route->scheme->server;
if (server_scheme->tls_verify != OD_TDISABLE) {
server->tls = od_tls_server(pooler, server_scheme);
server->tls = od_tlsbe(pooler->env, server_scheme);
if (server->tls == NULL) {
od_serverfree(server);
return NULL;

8
core/od_cancel.c
View File

@ -76,6 +76,10 @@ int od_cancel_of(od_pooler_t *pooler,
}
assert(ai != NULL);
machine_set_nodelay(io, pooler->od->scheme.nodelay);
if (pooler->od->scheme.keepalive > 0)
machine_set_keepalive(io, 1, pooler->od->scheme.keepalive);
/* connect to server */
rc = machine_connect(io, ai->ai_addr, 0);
freeaddrinfo(ai);
@ -86,9 +90,7 @@ int od_cancel_of(od_pooler_t *pooler,
machine_close(io);
return -1;
}
machine_set_nodelay(io, pooler->od->scheme.nodelay);
if (pooler->od->scheme.keepalive > 0)
machine_set_keepalive(io, 1, pooler->od->scheme.keepalive);
/* send cancel and disconnect */
so_stream_t stream;
so_stream_init(&stream);

52
core/od_fe.c
View File

@ -35,6 +35,7 @@
#include "od_io.h"
#include "od_pooler.h"
#include "od_fe.h"
#include "od_tls.h"
void od_feclose(od_client_t *client)
{
@ -124,51 +125,16 @@ int od_festartup(od_client_t *client)
return -1;
/* client ssl request */
if (client->startup.is_ssl_request)
{
od_debug(&pooler->od->log, client->io, "C (tls): ssl request");
so_stream_reset(stream);
if (pooler->od->scheme.tls_verify == OD_TDISABLE) {
/* not supported 'N' */
so_stream_write8(stream, 'N');
rc = od_write(client->io, stream);
if (rc == -1) {
od_error(&pooler->od->log, client->io, "C (tls): write error: %s",
machine_error(client->io));
return -1;
}
od_log(&pooler->od->log, client->io,
"C (tls): disabled, closing");
return -1;
}
/* supported 'S' */
so_stream_write8(stream, 'S');
rc = od_write(client->io, stream);
if (rc == -1) {
od_error(&pooler->od->log, client->io, "C (tls): write error: %s",
machine_error(client->io));
return -1;
}
rc = machine_set_tls(client->io, pooler->tls);
if (rc == -1) {
od_error(&pooler->od->log, client->io,
"C (tls): error: %s", machine_error(client->io));
return -1;
}
od_debug(&pooler->od->log, client->io, "C (tls): ok");
rc = od_tlsfe_accept(pooler->env, client->io, pooler->tls,
&client->stream,
&pooler->od->log, "C",
&pooler->od->scheme,
&client->startup);
if (rc == -1)
return -1;
} else {
switch (pooler->od->scheme.tls_verify) {
case OD_TDISABLE:
case OD_TALLOW:
break;
default:
od_log(&pooler->od->log, client->io,
"C (tls): required, closing");
return -1;
}
if (! client->startup.is_ssl_request)
return 0;
}
/* read startup-cancel message followed after ssl
* negotiation */

2
core/od_pooler.c
View File

@ -48,7 +48,7 @@ od_pooler(void *arg)
pooler->tls = NULL;
od_scheme_t *scheme = &pooler->od->scheme;
if (scheme->tls_verify != OD_TDISABLE) {
pooler->tls = od_tls_client(pooler, scheme);
pooler->tls = od_tlsfe(pooler->env, scheme);
if (pooler->tls == NULL)
return;
}

128
core/od_tls.c
View File

@ -37,11 +37,11 @@
#include "od_tls.h"
machine_tls_t
od_tls_client(od_pooler_t *pooler, od_scheme_t *scheme)
od_tlsfe(machine_t machine, od_scheme_t *scheme)
{
int rc;
machine_tls_t tls;
tls = machine_create_tls(pooler->env);
tls = machine_create_tls(machine);
if (tls == NULL)
return NULL;
if (scheme->tls_verify == OD_TALLOW)
@ -75,12 +75,69 @@ od_tls_client(od_pooler_t *pooler, od_scheme_t *scheme)
return tls;
}
int
od_tlsfe_accept(machine_t machine,
machine_io_t io,
machine_tls_t tls,
so_stream_t *stream,
od_log_t *log,
char *prefix,
od_scheme_t *scheme,
so_bestartup_t *startup)
{
if (startup->is_ssl_request)
{
od_debug(log, io, "%s (tls): ssl request", prefix);
so_stream_reset(stream);
int rc;
if (scheme->tls_verify == OD_TDISABLE) {
/* not supported 'N' */
so_stream_write8(stream, 'N');
rc = od_write(io, stream);
if (rc == -1) {
od_error(log, io, "%s (tls): write error: %s",
prefix, machine_error(io));
return -1;
}
od_log(log, io, "%s (tls): disabled, closing", prefix);
return -1;
}
/* supported 'S' */
so_stream_write8(stream, 'S');
rc = od_write(io, stream);
if (rc == -1) {
od_error(log, io, "%s (tls): write error: %s",
prefix, machine_error(io));
return -1;
}
rc = machine_set_tls(io, tls);
if (rc == -1) {
od_error(log, io, "%s (tls): error: %s", prefix,
machine_error(io));
return -1;
}
od_debug(log, io, "%s (tls): ok", prefix);
return 0;
}
switch (scheme->tls_verify) {
case OD_TDISABLE:
case OD_TALLOW:
break;
default:
od_log(log, io, "%s (tls): required, closing", prefix);
return -1;
}
(void)machine;
return 0;
}
machine_tls_t
od_tls_server(od_pooler_t *pooler, od_schemeserver_t *scheme)
od_tlsbe(machine_t machine, od_schemeserver_t *scheme)
{
int rc;
machine_tls_t tls;
tls = machine_create_tls(pooler->env);
tls = machine_create_tls(machine);
if (tls == NULL)
return NULL;
if (scheme->tls_verify == OD_TALLOW)
@ -113,3 +170,66 @@ od_tls_server(od_pooler_t *pooler, od_schemeserver_t *scheme)
}
return tls;
}
int
od_tlsbe_connect(machine_t machine,
machine_io_t io,
machine_tls_t tls,
so_stream_t *stream,
od_log_t *log,
char *prefix,
od_schemeserver_t *scheme)
{
od_debug(log, io, "%s (tls): init", prefix);
/* SSL Request */
so_stream_reset(stream);
int rc;
rc = so_fewrite_ssl_request(stream);
if (rc == -1)
return -1;
rc = od_write(io, stream);
if (rc == -1) {
od_error(log, io, "%s (tls): write error: %s",
prefix, machine_error(io));
return -1;
}
/* read server reply */
so_stream_reset(stream);
rc = machine_read(io, (char*)stream->p, 1, 0);
if (rc < 0) {
od_error(log, io, "%s (tls): read error: %s",
prefix, machine_error(io));
return -1;
}
switch (*stream->p) {
case 'S':
/* supported */
od_debug(log, io, "%s (tls): supported", prefix);
rc = machine_set_tls(io, tls);
if (rc == -1) {
od_error(log, io, "%s (tls): %s", prefix,
machine_error(machine));
return -1;
}
od_debug(log, io, "%s (tls): ok", prefix);
break;
case 'N':
/* not supported */
if (scheme->tls_verify == OD_TALLOW) {
od_debug(log, io, "%s (tls): not supported, continue (allow)",
prefix);
} else {
od_error(log, io, "%s (tls): not supported, closing",
prefix);
return -1;
}
break;
default:
od_error(log, io, "%s (tls): unexpected status reply",
prefix);
return -1;
}
return 0;
}

19
core/od_tls.h
View File

@ -8,9 +8,24 @@
*/
machine_tls_t
od_tls_client(od_pooler_t*, od_scheme_t*);
od_tlsfe(machine_t, od_scheme_t*);
int
od_tlsfe_accept(machine_t, machine_io_t, machine_tls_t,
so_stream_t*,
od_log_t*,
char*,
od_scheme_t*,
so_bestartup_t*);
machine_tls_t
od_tls_server(od_pooler_t*, od_schemeserver_t*);
od_tlsbe(machine_t, od_schemeserver_t*);
int
od_tlsbe_connect(machine_t, machine_io_t, machine_tls_t,
so_stream_t*,
od_log_t*,
char*,
od_schemeserver_t*);
#endif