version 1.172, 2017/02/05 01:39:14 |
version 1.173, 2017/02/08 13:43:33 |
|
|
void readwrite(int, struct tls *); |
void readwrite(int, struct tls *); |
void fdpass(int nfd) __attribute__((noreturn)); |
void fdpass(int nfd) __attribute__((noreturn)); |
int remote_connect(const char *, const char *, struct addrinfo); |
int remote_connect(const char *, const char *, struct addrinfo); |
|
int timeout_handshake(int, struct tls *); |
int timeout_connect(int, const struct sockaddr *, socklen_t); |
int timeout_connect(int, const struct sockaddr *, socklen_t); |
int socks_connect(const char *, const char *, struct addrinfo, |
int socks_connect(const char *, const char *, struct addrinfo, |
const char *, const char *, struct addrinfo, int, const char *); |
const char *, const char *, struct addrinfo, int, const char *); |
|
|
return (s); |
return (s); |
} |
} |
|
|
|
int |
|
timeout_handshake(int s, struct tls *tls_ctx) |
|
{ |
|
struct pollfd pfd; |
|
int ret; |
|
|
|
while ((ret = tls_handshake(tls_ctx)) != 0) { |
|
if (ret == TLS_WANT_POLLIN) |
|
pfd.events = POLLIN; |
|
else if (ret == TLS_WANT_POLLOUT) |
|
pfd.events = POLLOUT; |
|
else |
|
break; |
|
pfd.fd = s; |
|
if ((ret = poll(&pfd, 1, timeout)) == 1) |
|
continue; |
|
else if (ret == 0) { |
|
errno = ETIMEDOUT; |
|
ret = -1; |
|
break; |
|
} else |
|
err(1, "poll failed"); |
|
} |
|
|
|
return (ret); |
|
} |
|
|
void |
void |
tls_setup_client(struct tls *tls_ctx, int s, char *host) |
tls_setup_client(struct tls *tls_ctx, int s, char *host) |
{ |
{ |
int i; |
const char *errstr; |
|
|
if (tls_connect_socket(tls_ctx, s, |
if (tls_connect_socket(tls_ctx, s, |
tls_expectname ? tls_expectname : host) == -1) { |
tls_expectname ? tls_expectname : host) == -1) { |
errx(1, "tls connection failed (%s)", |
errx(1, "tls connection failed (%s)", |
tls_error(tls_ctx)); |
tls_error(tls_ctx)); |
} |
} |
do { |
if (timeout_handshake(s, tls_ctx) == -1) { |
if ((i = tls_handshake(tls_ctx)) == -1) |
if ((errstr = tls_error(tls_ctx)) == NULL) |
errx(1, "tls handshake failed (%s)", |
errstr = strerror(errno); |
tls_error(tls_ctx)); |
errx(1, "tls handshake failed (%s)", errstr); |
} while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT); |
} |
if (vflag) |
if (vflag) |
report_tls(tls_ctx, host, tls_expectname); |
report_tls(tls_ctx, host, tls_expectname); |
if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && |
if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && |
|
|
tls_setup_server(struct tls *tls_ctx, int connfd, char *host) |
tls_setup_server(struct tls *tls_ctx, int connfd, char *host) |
{ |
{ |
struct tls *tls_cctx; |
struct tls *tls_cctx; |
|
const char *errstr; |
|
|
if (tls_accept_socket(tls_ctx, &tls_cctx, |
if (tls_accept_socket(tls_ctx, &tls_cctx, connfd) == -1) { |
connfd) == -1) { |
warnx("tls accept failed (%s)", tls_error(tls_ctx)); |
warnx("tls accept failed (%s)", |
} else if (timeout_handshake(connfd, tls_cctx) == -1) { |
tls_error(tls_ctx)); |
if ((errstr = tls_error(tls_ctx)) == NULL) |
tls_cctx = NULL; |
errstr = strerror(errno); |
|
warnx("tls handshake failed (%s)", errstr); |
} else { |
} else { |
int i; |
|
|
|
do { |
|
if ((i = tls_handshake(tls_cctx)) == -1) |
|
warnx("tls handshake failed (%s)", |
|
tls_error(tls_cctx)); |
|
} while(i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT); |
|
} |
|
if (tls_cctx) { |
|
int gotcert = tls_peer_cert_provided(tls_cctx); |
int gotcert = tls_peer_cert_provided(tls_cctx); |
|
|
if (vflag && gotcert) |
if (vflag && gotcert) |