/*
This file is part of libmicrohttpd
Copyright (C) 2007, 2008, 2010 Daniel Pittman and Christian Grothoff
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/**
* @file connection_https.c
* @brief Methods for managing SSL/TLS connections. This file is only
* compiled if ENABLE_HTTPS is set.
* @author Sagie Amir
* @author Christian Grothoff
*/
#include "internal.h"
#include "connection.h"
#include "memorypool.h"
#include "response.h"
#include "reason_phrase.h"
#include <openssl/ssl.h>
/**
* Give gnuTLS chance to work on the TLS handshake.
*
* @param connection connection to handshake on
* @return #MHD_YES on error or if the handshake is progressing
* #MHD_NO if the handshake has completed successfully
* and we should start to read/write data
*/
static int
run_tls_handshake (struct MHD_Connection *connection)
{
int ret;
connection->last_activity = MHD_monotonic_time();
if (connection->state == MHD_TLS_CONNECTION_INIT)
{
ret = SSL_accept (connection->tls_session);
if (ret == 1)
{
/* set connection state to enable HTTP processing */
connection->state = MHD_CONNECTION_INIT;
return MHD_YES;
}
int error = SSL_get_error (connection->tls_session, ret);
if ( (error == SSL_ERROR_WANT_READ) ||
(error == SSL_ERROR_WANT_WRITE) )
{
/* handshake not done */
return MHD_YES;
}
/* handshake failed */
#if HAVE_MESSAGES
MHD_DLOG (connection->daemon,
"Error: received handshake message out of context\n");
#endif
MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_WITH_ERROR);
return MHD_YES;
}
return MHD_NO;
}
/**
* This function handles a particular SSL/TLS connection when
* it has been determined that there is data to be read off a
* socket. Message processing is done by message type which is
* determined by peeking into the first message type byte of the
* stream.
*
* Error message handling: all fatal level messages cause the
* connection to be terminated.
*
* Application data is forwarded to the underlying daemon for
* processing.
*
* @param connection the source connection
* @return always #MHD_YES (we should continue to process the connection)
*/
static int
MHD_tls_connection_handle_read (struct MHD_Connection *connection)
{
if (MHD_YES == run_tls_handshake (connection))
return MHD_YES;
return MHD_connection_handle_read (connection);
}
/**
* This function was created to handle writes to sockets when it has
* been determined that the socket can be written to. This function
* will forward all write requests to the underlying daemon unless
* the connection has been marked for closing.
*
* @return always #MHD_YES (we should continue to process the connection)
*/
static int
MHD_tls_connection_handle_write (struct MHD_Connection *connection)
{
if (MHD_YES == run_tls_handshake (connection))
return MHD_YES;
return MHD_connection_handle_write (connection);
}
/**
* This function was created to handle per-connection processing that
* has to happen even if the socket cannot be read or written to. All
* implementations (multithreaded, external select, internal select)
* call this function.
*
* @param connection being handled
* @return #MHD_YES if we should continue to process the
* connection (not dead yet), #MHD_NO if it died
*/
static int
MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
{
unsigned int timeout;
#if DEBUG_STATES
MHD_DLOG (connection->daemon,
"%s: state: %s\n",
__FUNCTION__,
MHD_state_to_string (connection->state));
#endif
timeout = connection->connection_timeout;
if ( (timeout != 0) && (timeout <= (MHD_monotonic_time() - connection->last_activity)))
MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_TIMEOUT_REACHED);
switch (connection->state)
{
/* on newly created connections we might reach here before any reply has been received */
case MHD_TLS_CONNECTION_INIT:
break;
/* close connection if necessary */
case MHD_CONNECTION_CLOSED:
SSL_shutdown (connection->tls_session);
return MHD_connection_handle_idle (connection);
default:
if ( (0 != SSL_pending (connection->tls_session)) &&
(MHD_YES != MHD_tls_connection_handle_read (connection)) )
return MHD_YES;
return MHD_connection_handle_idle (connection);
}
#if EPOLL_SUPPORT
return MHD_connection_epoll_update_ (connection);
#else
return MHD_YES;
#endif
}
/**
* Set connection callback function to be used through out
* the processing of this secure connection.
*
* @param connection which callbacks should be modified
*/
void
MHD_set_https_callbacks (struct MHD_Connection *connection)
{
connection->read_handler = &MHD_tls_connection_handle_read;
connection->write_handler = &MHD_tls_connection_handle_write;
connection->idle_handler = &MHD_tls_connection_handle_idle;
}
/* end of connection_https.c */