tls_server.c File Reference
Kamailio TLS support :: ServerModule: Kamailio TLS support. More...
#include <sys/poll.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <string.h>
#include <errno.h>
#include "../dprint.h"
#include "tls_server.h"
#include "tls_config.h"
#include "tls_init.h"
#include "tls_domain.h"
#include "../ip_addr.h"
#include "../mem/shm_mem.h"
#include "../mem/mem.h"
#include "../timer.h"
#include "../usr_avp.h"
#include "../ut.h"
Go to the source code of this file.
Functions | |
| static int | _tls_read (struct tcp_connection *c, void *buf, size_t len) |
| Wrapper around SSL_read. | |
| static int | tls_accept (struct tcp_connection *c) |
| Wrapper around SSL_accept. | |
| size_t | tls_blocking_write (struct tcp_connection *c, int fd, const char *buf, size_t len) |
| This is shamelessly stolen tsend_stream from tsend.c. | |
| void | tls_close (struct tcp_connection *c, int fd) |
| perform one-way shutdown, do not wait fro notify from the remote peer | |
| static int | tls_connect (struct tcp_connection *c) |
| wrapper around SSL_connect | |
| static void | tls_dump_cert_info (char *s, X509 *cert) |
| static void | tls_dump_verification_failure (long verification_result) |
| int | tls_fix_read_conn (struct tcp_connection *c) |
| called before tls_read, the this function should attempt tls_accept or tls_connect depending on the state of the connection, if this function does not transit a connection into S_CONN_OK then tcp layer would not call tcp_read | |
| void | tls_print_errstack (void) |
| dump ssl error stack | |
| size_t | tls_read (struct tcp_connection *c) |
| called only when a connection is in S_CONN_OK, we do not have to care about accepting or connecting here, each modification of ssl data structures has to be protected, another process might ask for the same connection and attempt write to it which would result in updating the ssl structures | |
| static int | tls_shutdown (struct tcp_connection *c) |
| wrapper around SSL_shutdown | |
| void | tls_tcpconn_clean (struct tcp_connection *c) |
| clean the extra data upon connection shut down | |
| int | tls_tcpconn_init (struct tcp_connection *c, int sock) |
| Called when new tcp connection is accepted or connected, create ssl data structures here, there is no need to acquire any lock, because the connection is being created by a new process and no other process has access to it yet, this is called before adding the tcp_connection structure into the hash. | |
| static int | tls_update_fd (struct tcp_connection *c, int fd) |
| Update ssl structure with new fd. | |
| static int | tls_write (struct tcp_connection *c, int fd, const void *buf, size_t len) |
| Wrapper around SSL_write, returns number of bytes written on success, * -1 on error, 0 when it would block. | |
Detailed Description
Kamailio TLS support :: ServerModule: Kamailio TLS support.
Definition in file tls_server.c.
Function Documentation
| static int _tls_read | ( | struct tcp_connection * | c, | |
| void * | buf, | |||
| size_t | len | |||
| ) | [static] |
Wrapper around SSL_read.
- Returns:
- returns number of bytes read, 0 on eof and transits into S_CONN_EOF, -1 on error
Definition at line 531 of file tls_server.c.
References tcp_connection::extra_data, LM_DBG, LM_ERR, S_CONN_BAD, S_CONN_EOF, tcp_connection::state, and tls_print_errstack().
Referenced by tls_read().
| static int tls_accept | ( | struct tcp_connection * | c | ) | [static] |
Wrapper around SSL_accept.
- Returns:
- returns -1 on error, 0 on success
Definition at line 233 of file tls_server.c.
References receive_info::dst_ip, receive_info::dst_port, tcp_connection::extra_data, ip_addr2a(), LM_DBG, LM_ERR, LM_INFO, LM_WARN, NULL, tcp_connection::rcv, S_CONN_ACCEPT, S_CONN_BAD, S_CONN_OK, receive_info::src_ip, receive_info::src_port, tcp_connection::state, tls_dump_cert_info(), tls_dump_verification_failure(), and tls_print_errstack().
Referenced by tls_blocking_write(), and tls_fix_read_conn().
| size_t tls_blocking_write | ( | struct tcp_connection * | c, | |
| int | fd, | |||
| const char * | buf, | |||
| size_t | len | |||
| ) |
This is shamelessly stolen tsend_stream from tsend.c.
- Todo:
- fixme: probably does not work correctly
Definition at line 761 of file tls_server.c.
References LM_ERR, S_CONN_ACCEPT, S_CONN_CONNECT, S_CONN_OK, tcp_connection::state, timeout, tls_accept(), tls_connect(), tls_handshake_timeout, tls_send_timeout, tls_update_fd(), and tls_write().
| void tls_close | ( | struct tcp_connection * | c, | |
| int | fd | |||
| ) |
perform one-way shutdown, do not wait fro notify from the remote peer
Definition at line 744 of file tls_server.c.
References LM_DBG, tls_shutdown(), and tls_update_fd().
| static int tls_connect | ( | struct tcp_connection * | c | ) | [static] |
wrapper around SSL_connect
- Returns:
- returns 0 on success, -1 on error
Definition at line 352 of file tls_server.c.
References receive_info::dst_ip, receive_info::dst_port, tcp_connection::extra_data, ip_addr2a(), LM_DBG, LM_ERR, LM_INFO, LM_WARN, tcp_connection::rcv, S_CONN_BAD, S_CONN_CONNECT, S_CONN_OK, receive_info::src_ip, receive_info::src_port, tcp_connection::state, tls_dump_cert_info(), tls_dump_verification_failure(), and tls_print_errstack().
Referenced by tls_blocking_write(), and tls_fix_read_conn().
| static void tls_dump_cert_info | ( | char * | s, | |
| X509 * | cert | |||
| ) | [static] |
Definition at line 111 of file tls_server.c.
References LM_DBG.
Referenced by tls_accept(), and tls_connect().
| static void tls_dump_verification_failure | ( | long | verification_result | ) | [static] |
Definition at line 126 of file tls_server.c.
References LM_DBG.
Referenced by tls_accept(), and tls_connect().
| int tls_fix_read_conn | ( | struct tcp_connection * | c | ) |
called before tls_read, the this function should attempt tls_accept or tls_connect depending on the state of the connection, if this function does not transit a connection into S_CONN_OK then tcp layer would not call tcp_read
Definition at line 919 of file tls_server.c.
References tcp_connection::fd, S_CONN_ACCEPT, S_CONN_CONNECT, tcp_connection::state, tls_accept(), tls_connect(), tls_update_fd(), and tcp_connection::write_lock.
| void tls_print_errstack | ( | void | ) |
dump ssl error stack
Definition at line 102 of file tls_server.c.
References LM_ERR.
Referenced by _tls_read(), tls_accept(), tls_connect(), tls_shutdown(), and tls_write().
| size_t tls_read | ( | struct tcp_connection * | c | ) |
called only when a connection is in S_CONN_OK, we do not have to care about accepting or connecting here, each modification of ssl data structures has to be protected, another process might ask for the same connection and attempt write to it which would result in updating the ssl structures
Definition at line 875 of file tls_server.c.
References _tls_read(), tcp_req::buf, tcp_req::error, tcp_connection::fd, LM_ERR, tcp_req::pos, tcp_connection::req, TCP_BUF_SIZE, TCP_REQ_OVERRUN, tls_update_fd(), and tcp_connection::write_lock.
| static int tls_shutdown | ( | struct tcp_connection * | c | ) | [static] |
wrapper around SSL_shutdown
- Returns:
- returns -1 on error, 0 on success
Definition at line 433 of file tls_server.c.
References tcp_connection::extra_data, LM_DBG, LM_ERR, S_CONN_BAD, S_CONN_EOF, tcp_connection::state, and tls_print_errstack().
Referenced by tls_close().
| void tls_tcpconn_clean | ( | struct tcp_connection * | c | ) |
clean the extra data upon connection shut down
Definition at line 726 of file tls_server.c.
References tcp_connection::extra_data, and LM_DBG.
| int tls_tcpconn_init | ( | struct tcp_connection * | c, | |
| int | sock | |||
| ) |
Called when new tcp connection is accepted or connected, create ssl data structures here, there is no need to acquire any lock, because the connection is being created by a new process and no other process has access to it yet, this is called before adding the tcp_connection structure into the hash.
Definition at line 580 of file tls_server.c.
References tls_domain::addr, tls_domain::ctx, DEFAULT_TCP_CONNECTION_LIFETIME, receive_info::dst_ip, receive_info::dst_port, tcp_connection::extra_data, tcp_connection::flags, get_ticks(), ip_addr2a(), _str::len, LM_DBG, LM_ERR, int_str::n, NULL, pkg_free, pkg_malloc, tls_domain::port, receive_info::proto, PROTO_TLS, tcp_connection::rcv, _str::s, int_str::s, S_CONN_ACCEPT, S_CONN_CONNECT, search_first_avp(), receive_info::src_ip, receive_info::src_port, tcp_connection::state, tcp_connection::timeout, tls_client_domain_avp, tls_find_client_domain(), tls_find_client_domain_name(), tls_find_server_domain(), tls_server_name_avp, tcp_connection::type, and ZSW.
| static int tls_update_fd | ( | struct tcp_connection * | c, | |
| int | fd | |||
| ) | [static] |
Update ssl structure with new fd.
Definition at line 79 of file tls_server.c.
References tcp_connection::extra_data, LM_DBG, and LM_ERR.
Referenced by tls_blocking_write(), tls_close(), tls_fix_read_conn(), and tls_read().
| static int tls_write | ( | struct tcp_connection * | c, | |
| int | fd, | |||
| const void * | buf, | |||
| size_t | len | |||
| ) | [static] |
Wrapper around SSL_write, returns number of bytes written on success, * -1 on error, 0 when it would block.
Definition at line 485 of file tls_server.c.
References tcp_connection::extra_data, LM_DBG, LM_ERR, S_CONN_BAD, S_CONN_EOF, tcp_connection::state, and tls_print_errstack().
Referenced by tls_blocking_write().
