Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1758136854, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"f8d35929dc17881e6a93983a77496d03", "commit": {"type":"commit", "time": 1508145228, "time_ofs": 480, "oid_tree": { "oid": "804627d2b1f3fe1e4a439b645a1a499c87d4b423", "alias": []}, "oid":{ "oid": "796a5edb6ca817e61beba8a73f6e06aece2bfca8", "alias": []}, "msg": "openssl-wrapper: add APLN accessors", "sig_commit": { "git_time": { "time": 1508145228, "offset": 480 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1506578116, "offset": 480 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "openssl-wrapper: add APLN accessors\n\nThis adds the necessary OpenSSL Apis to the mbedTLS openssl wrapper\nto allow ALPN negotiation OpenSSL-style.\n\nThe OpenSSL upgrade list format is supported and converted to mbedtls\nformat at runtime." , "diff": "diff --git a/lib/mbedtls_wrapper/include/internal/ssl_lib.h b/lib/mbedtls_wrapper/include/internal/ssl_lib.h\nindex bf7de22..42b2de7 100644\n--- a/lib/mbedtls_wrapper/include/internal/ssl_lib.h\n+++ b/lib/mbedtls_wrapper/include/internal/ssl_lib.h\n@@ -21,6 +21,8 @@\n \n #include \u0022ssl_types.h\u0022\n \n+ void _ssl_set_alpn_list(const SSL *ssl);\n+\n #ifdef __cplusplus\n }\n #endif\ndiff --git a/lib/mbedtls_wrapper/include/internal/ssl_types.h b/lib/mbedtls_wrapper/include/internal/ssl_types.h\nindex 5aaee94..5d7d938 100644\n--- a/lib/mbedtls_wrapper/include/internal/ssl_types.h\n+++ b/lib/mbedtls_wrapper/include/internal/ssl_types.h\n@@ -144,6 +144,10 @@ struct X509_VERIFY_PARAM_st {\n \n };\n \n+typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,\n+ unsigned char *outlen, const unsigned char *in,\n+ unsigned int inlen, void *arg);\n+\n struct ssl_ctx_st\n {\n int version;\n@@ -152,16 +156,16 @@ struct ssl_ctx_st\n \n unsigned long options;\n \n- #if 0\n- struct alpn_protocols alpn_protocol;\n- #endif\n-\n const SSL_METHOD *method;\n \n CERT *cert;\n \n X509 *client_CA;\n \n+ const char **alpn_protos;\n+\n+ next_proto_cb alpn_cb;\n+\n int verify_mode;\n \n int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);\n@@ -277,9 +281,7 @@ struct pkey_method_st {\n int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);\n };\n \n-typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,\n- unsigned char *outlen, const unsigned char *in,\n- unsigned int inlen, void *arg);\n+#define OPENSSL_NPN_NEGOTIATED 1\n \n #ifdef __cplusplus\n }\ndiff --git a/lib/mbedtls_wrapper/include/internal/tls1.h b/lib/mbedtls_wrapper/include/internal/tls1.h\nindex a9da53e..7af1b01 100644\n--- a/lib/mbedtls_wrapper/include/internal/tls1.h\n+++ b/lib/mbedtls_wrapper/include/internal/tls1.h\n@@ -48,6 +48,9 @@\n #define TLS1_1_VERSION 0x0302\n #define TLS1_2_VERSION 0x0303\n \n+#define SSL_TLSEXT_ERR_OK 0\n+#define SSL_TLSEXT_ERR_NOACK 3\n+\n #ifdef __cplusplus\n }\n #endif\ndiff --git a/lib/mbedtls_wrapper/include/openssl/ssl.h b/lib/mbedtls_wrapper/include/openssl/ssl.h\nindex dfda0cf..bea50b7 100755\n--- a/lib/mbedtls_wrapper/include/openssl/ssl.h\n+++ b/lib/mbedtls_wrapper/include/openssl/ssl.h\n@@ -337,6 +337,11 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,\n void *arg),\r\n void *arg);\r\n \r\n+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,\r\n+ unsigned int *len);\r\n+\r\n+void _ssl_set_alpn_list(const SSL *ssl);\r\n+\r\n /**\r\n * @brief get SSL error code\r\n *\r\ndiff --git a/lib/mbedtls_wrapper/library/ssl_lib.c b/lib/mbedtls_wrapper/library/ssl_lib.c\nindex d94b4fa..ae6f02f 100644\n--- a/lib/mbedtls_wrapper/library/ssl_lib.c\n+++ b/lib/mbedtls_wrapper/library/ssl_lib.c\n@@ -224,6 +224,9 @@ void SSL_CTX_free(SSL_CTX* ctx)\n \n X509_free(ctx-\u003eclient_CA);\n \n+ if (ctx-\u003ealpn_protos)\n+\t ssl_mem_free(ctx-\u003ealpn_protos);\n+\n ssl_mem_free(ctx);\n }\n \n@@ -303,6 +306,8 @@ SSL *SSL_new(SSL_CTX *ctx)\n goto failed5;\n }\n \n+ _ssl_set_alpn_list(ssl);\n+\n ssl-\u003erwstate \u003d SSL_NOTHING;\n \n return ssl;\n@@ -1577,3 +1582,78 @@ void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx)\n {\n \treturn NULL;\n }\n+\n+/*\n+ * Openssl wants the valid protocol names supplied like this:\n+ *\n+ * (unsigned char *)\u0022\u005cx02h2\u005cx08http/1.1\u0022, 6 + 9\n+ *\n+ * Mbedtls wants this:\n+ *\n+ * Pointer to a NULL-terminated list of supported protocols, in decreasing\n+ * preference order. The pointer to the list is recorded by the library for\n+ * later reference as required, so the lifetime of the table must be at least\n+ * as long as the lifetime of the SSL configuration structure.\n+ *\n+ * So accept the OpenSSL style and convert to mbedtls style\n+ */\n+\n+struct alpn_ctx {\n+\tunsigned char *data;\n+\tunsigned short len;\n+};\n+\n+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, next_proto_cb cb, void *arg)\n+{\n+\tstruct alpn_ctx *ac \u003d arg;\n+\tunsigned char *p \u003d ac-\u003edata, *q;\n+\tunsigned char len;\n+\tint count \u003d 0;\n+\n+\t/* find out how many entries he gave us */\n+\n+\tlen \u003d *p++;\n+\twhile (p - ac-\u003edata \u003c ac-\u003elen) {\n+\t\tif (len--) {\n+\t\t\tp++;\n+\t\t\tcontinue;\n+\t\t}\n+\t\tcount++;\n+\t\tlen \u003d *p++;\n+\t\tif (!len)\n+\t\t\tbreak;\n+\t}\n+\n+\tif (!count)\n+\t\treturn;\n+\n+\t/* allocate space for count + 1 pointers and the data afterwards */\n+\n+\tctx-\u003ealpn_protos \u003d ssl_mem_zalloc((count + 1) * sizeof(char *) + ac-\u003elen + 1);\n+\tif (!ctx-\u003ealpn_protos)\n+\t\treturn;\n+\n+\t/* convert to mbedtls format */\n+\n+\tq \u003d (unsigned char *)ctx-\u003ealpn_protos + (count + 1) * sizeof(char *);\n+\tp \u003d ac-\u003edata;\n+\tcount \u003d 0;\n+\n+\tlen \u003d *p++;\n+\tctx-\u003ealpn_protos[count] \u003d (char *)q;\n+\twhile (p - ac-\u003edata \u003c ac-\u003elen) {\n+\t\tif (len--) {\n+\t\t\t*q++ \u003d *p++;\n+\t\t\tcontinue;\n+\t\t}\n+\t\t*q++ \u003d '\u005c0';\n+\t\tcount++;\n+\t\tlen \u003d *p++;\n+\t\tctx-\u003ealpn_protos[count] \u003d (char *)q;\n+\t\tif (!len)\n+\t\t\tbreak;\n+\t}\n+\tctx-\u003ealpn_protos[count] \u003d NULL; /* last pointer ends list with NULL */\n+\n+\tctx-\u003ealpn_cb \u003d cb;\n+}\ndiff --git a/lib/mbedtls_wrapper/platform/ssl_pm.c b/lib/mbedtls_wrapper/platform/ssl_pm.c\nindex 939f35d..0fef188 100755\n--- a/lib/mbedtls_wrapper/platform/ssl_pm.c\n+++ b/lib/mbedtls_wrapper/platform/ssl_pm.c\n@@ -687,3 +687,21 @@ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,\n \n \treturn 1;\n }\n+\n+void _ssl_set_alpn_list(const SSL *ssl)\n+{\n+\tif (!ssl-\u003ectx-\u003ealpn_protos)\n+\t\treturn;\n+\tif (mbedtls_ssl_conf_alpn_protocols(\u0026((struct ssl_pm *)(ssl-\u003essl_pm))-\u003econf, ssl-\u003ectx-\u003ealpn_protos))\n+\t\tfprintf(stderr, \u0022mbedtls_ssl_conf_alpn_protocols failed\u005cn\u0022);\n+}\n+\n+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,\n+ unsigned int *len)\n+{\n+\tconst char *alp \u003d mbedtls_ssl_get_alpn_protocol(\u0026((struct ssl_pm *)(ssl-\u003essl_pm))-\u003essl);\n+\n+\t*data \u003d (const unsigned char *)alp;\n+\t*len \u003d strlen(alp);\n+}\n+\n","s":{"c":1758136854,"u": 3143}} ],"g": 4636,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}