#include "config.h"#include "../msg.h"#include <assert.h>#include <errno.h>#include "../../dlib/dlib.h"#include "../dialog.hh"#include "../klist.h"#include "iowatch.hh"#include "tls.h"#include "Url.h"#include <mbedtls/platform.h>#include <mbedtls/ssl.h>#include <mbedtls/ctr_drbg.h>#include <mbedtls/entropy.h>#include <mbedtls/error.h>#include <mbedtls/oid.h>#include <mbedtls/x509.h>#include <mbedtls/version.h>#include <mbedtls/net.h>
Go to the source code of this file.
Macros | |
| #define | CERT_STATUS_NONE 0 |
| #define | CERT_STATUS_RECEIVING 1 |
| #define | CERT_STATUS_CLEAN 2 |
| #define | CERT_STATUS_BAD 3 |
| #define | CERT_STATUS_USER_ACCEPTED 4 |
Functions | |
| static void | Tls_handshake_cb (int fd, void *vconnkey) |
| static int | Tls_fd_map_cmp (const void *v1, const void *v2) |
| static void | Tls_fd_map_add_entry (int fd, int connkey) |
| static void | Tls_fd_map_remove_entry (int fd) |
| void * | a_Tls_mbedtls_connection (int fd) |
| static Conn_t * | Tls_conn_new (int fd, const DilloUrl *url, mbedtls_ssl_context *ssl) |
| static int | Tls_make_conn_key (Conn_t *conn) |
| static void | Tls_load_certificates_from_file (const char *const filename) |
| static void | Tls_load_certificates_from_path (const char *const pathname) |
| static void | Tls_remove_duplicate_certificates () |
| static void | Tls_load_certificates () |
| static void | Tls_remove_psk_ciphersuites () |
| void | a_Tls_mbedtls_init (void) |
| static int | Tls_servers_cmp (const void *v1, const void *v2) |
| static int | Tls_servers_by_url_cmp (const void *v1, const void *v2) |
| int | a_Tls_mbedtls_connect_ready (const DilloUrl *url) |
| static int | Tls_cert_status (const DilloUrl *url) |
| static int | Tls_user_said_no (const DilloUrl *url) |
| int | a_Tls_mbedtls_certificate_is_clean (const DilloUrl *url) |
| static void | Tls_cert_expired (const mbedtls_x509_crt *cert, Dstr *ds) |
| static void | Tls_cert_cn_mismatch (const mbedtls_x509_crt *cert, Dstr *ds) |
| static void | Tls_cert_trust_chain_failed (const mbedtls_x509_crt *cert, Dstr *ds) |
| static void | Tls_cert_not_valid_yet (const mbedtls_x509_crt *cert, Dstr *ds) |
| static void | Tls_cert_bad_hash (const mbedtls_x509_crt *cert, Dstr *ds) |
| static void | Tls_cert_bad_pk_alg (const mbedtls_x509_crt *cert, Dstr *ds) |
| static void | Tls_cert_bad_key (const mbedtls_x509_crt *cert, Dstr *ds) |
| static char * | Tls_make_bad_cert_msg (const mbedtls_x509_crt *cert, uint32_t flags) |
| static int | Tls_cert_auth_cmp (const void *v1, const void *v2) |
| static int | Tls_cert_auth_cmp_by_name (const void *v1, const void *v2) |
| static void | Tls_update_cert_authorities_data (const mbedtls_x509_crt *cert, Server_t *srv) |
| static int | Tls_examine_certificate (mbedtls_ssl_context *ssl, Server_t *srv) |
| void | a_Tls_mbedtls_reset_server_state (const DilloUrl *url) |
| static void | Tls_close_by_key (int connkey) |
| static void | Tls_fatal_error_msg (int error_type) |
| static void | Tls_handshake (int fd, int connkey) |
| void | a_Tls_mbedtls_connect (int fd, const DilloUrl *url) |
| int | a_Tls_mbedtls_read (void *conn, void *buf, size_t len) |
| int | a_Tls_mbedtls_write (void *conn, void *buf, size_t len) |
| void | a_Tls_mbedtls_close_by_fd (int fd) |
| static void | Tls_cert_authorities_print_summary () |
| static void | Tls_cert_authorities_freeall () |
| static void | Tls_servers_freeall () |
| static void | Tls_fd_map_remove_all () |
| void | a_Tls_mbedtls_freeall (void) |
Variables | |
| static Klist_t * | conn_list = NULL |
| static bool_t | ssl_enabled = TRUE |
| static mbedtls_ssl_config | ssl_conf |
| static mbedtls_x509_crt | cacerts |
| static mbedtls_ctr_drbg_context | ctr_drbg |
| static mbedtls_entropy_context | entropy |
| static Dlist * | servers |
| static Dlist * | cert_authorities |
| static Dlist * | fd_map |
Macro Definition Documentation
◆ CERT_STATUS_BAD
| #define CERT_STATUS_BAD 3 |
Definition at line 57 of file tls_mbedtls.c.
◆ CERT_STATUS_CLEAN
| #define CERT_STATUS_CLEAN 2 |
Definition at line 56 of file tls_mbedtls.c.
◆ CERT_STATUS_NONE
| #define CERT_STATUS_NONE 0 |
Definition at line 54 of file tls_mbedtls.c.
◆ CERT_STATUS_RECEIVING
| #define CERT_STATUS_RECEIVING 1 |
Definition at line 55 of file tls_mbedtls.c.
◆ CERT_STATUS_USER_ACCEPTED
| #define CERT_STATUS_USER_ACCEPTED 4 |
Definition at line 58 of file tls_mbedtls.c.
Function Documentation
◆ a_Tls_mbedtls_certificate_is_clean()
| int a_Tls_mbedtls_certificate_is_clean | ( | const DilloUrl * | url | ) |
Definition at line 516 of file tls_mbedtls.c.
References CERT_STATUS_CLEAN, and Tls_cert_status().
Referenced by a_Tls_certificate_is_clean().
◆ a_Tls_mbedtls_close_by_fd()
| void a_Tls_mbedtls_close_by_fd | ( | int | fd | ) |
Definition at line 1140 of file tls_mbedtls.c.
References dList_find_custom(), fd_map, INT2VOIDP, Tls_close_by_key(), and Tls_fd_map_cmp().
Referenced by a_Tls_close_by_fd().
◆ a_Tls_mbedtls_connect()
| void a_Tls_mbedtls_connect | ( | int | fd, |
| const DilloUrl * | url | ||
| ) |
Definition at line 1062 of file tls_mbedtls.c.
References a_Http_connect_done(), a_Tls_mbedtls_reset_server_state(), dNew0, FALSE, MSG, ssl_conf, ssl_enabled, Tls_conn_new(), Tls_handshake(), Tls_make_conn_key(), Tls_user_said_no(), TRUE, and URL_HOST.
Referenced by a_Tls_connect().
◆ a_Tls_mbedtls_connect_ready()
| int a_Tls_mbedtls_connect_ready | ( | const DilloUrl * | url | ) |
Definition at line 470 of file tls_mbedtls.c.
References CERT_STATUS_BAD, CERT_STATUS_NONE, CERT_STATUS_RECEIVING, dList_find_sorted(), dList_insert_sorted(), dNew, dReturn_val_if_fail, dStrdup(), servers, ssl_enabled, TLS_CONNECT_NEVER, TLS_CONNECT_NOT_YET, TLS_CONNECT_READY, Tls_servers_by_url_cmp(), Tls_servers_cmp(), URL_HOST, and URL_PORT.
Referenced by a_Tls_connect_ready().
◆ a_Tls_mbedtls_connection()
| void * a_Tls_mbedtls_connection | ( | int | fd | ) |
Definition at line 153 of file tls_mbedtls.c.
References a_Klist_get_data(), conn_list, dList_find_custom(), fd_map, INT2VOIDP, and Tls_fd_map_cmp().
Referenced by a_Tls_connection().
◆ a_Tls_mbedtls_freeall()
| void a_Tls_mbedtls_freeall | ( | void | ) |
Definition at line 1244 of file tls_mbedtls.c.
References prefs, DilloPrefs::show_msg, Tls_cert_authorities_freeall(), Tls_cert_authorities_print_summary(), Tls_fd_map_remove_all(), and Tls_servers_freeall().
Referenced by a_Tls_freeall().
◆ a_Tls_mbedtls_init()
| void a_Tls_mbedtls_init | ( | void | ) |
Definition at line 361 of file tls_mbedtls.c.
References cacerts, cert_authorities, ctr_drbg, dList_new(), entropy, FALSE, fd_map, MSG, MSG_ERR, servers, ssl_conf, ssl_enabled, Tls_load_certificates(), and Tls_remove_psk_ciphersuites().
Referenced by a_Tls_init().
◆ a_Tls_mbedtls_read()
| int a_Tls_mbedtls_read | ( | void * | conn, |
| void * | buf, | ||
| size_t | len | ||
| ) |
◆ a_Tls_mbedtls_reset_server_state()
| void a_Tls_mbedtls_reset_server_state | ( | const DilloUrl * | url | ) |
Definition at line 832 of file tls_mbedtls.c.
References CERT_STATUS_NONE, CERT_STATUS_RECEIVING, dList_find_sorted(), servers, and Tls_servers_by_url_cmp().
Referenced by a_Tls_mbedtls_connect(), a_Tls_reset_server_state(), and Tls_close_by_key().
◆ a_Tls_mbedtls_write()
| int a_Tls_mbedtls_write | ( | void * | conn, |
| void * | buf, | ||
| size_t | len | ||
| ) |
◆ Tls_cert_auth_cmp()
|
static |
Definition at line 721 of file tls_mbedtls.c.
Referenced by Tls_update_cert_authorities_data().
◆ Tls_cert_auth_cmp_by_name()
|
static |
Definition at line 728 of file tls_mbedtls.c.
Referenced by Tls_update_cert_authorities_data().
◆ Tls_cert_authorities_freeall()
|
static |
Definition at line 1192 of file tls_mbedtls.c.
References cacerts, cert_authorities, dFree(), dList_free(), dList_length(), and dList_nth_data().
Referenced by a_Tls_mbedtls_freeall().
◆ Tls_cert_authorities_print_summary()
|
static |
Definition at line 1150 of file tls_mbedtls.c.
References a_Url_host_type(), cert_authorities, dList_length(), dList_nth_data(), dStr_append(), dStr_append_c(), dStr_free(), dStr_new(), dStr_sprintfa(), MSG, Dstr::str, URL_HOST_IPV6, and URL_HTTPS_PORT.
Referenced by a_Tls_mbedtls_freeall().
◆ Tls_cert_bad_hash()
|
static |
Definition at line 637 of file tls_mbedtls.c.
References dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_cert_bad_key()
|
static |
Definition at line 677 of file tls_mbedtls.c.
References dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_cert_bad_pk_alg()
|
static |
Definition at line 665 of file tls_mbedtls.c.
References dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_cert_cn_mismatch()
|
static |
Definition at line 572 of file tls_mbedtls.c.
References dStr_append(), and dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_cert_expired()
|
static |
Definition at line 560 of file tls_mbedtls.c.
References dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_cert_not_valid_yet()
|
static |
Definition at line 624 of file tls_mbedtls.c.
References dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_cert_status()
|
static |
Definition at line 496 of file tls_mbedtls.c.
References CERT_STATUS_NONE, dList_find_sorted(), servers, and Tls_servers_by_url_cmp().
Referenced by a_Tls_mbedtls_certificate_is_clean(), and Tls_user_said_no().
◆ Tls_cert_trust_chain_failed()
|
static |
Definition at line 607 of file tls_mbedtls.c.
References dStr_sprintfa().
Referenced by Tls_make_bad_cert_msg().
◆ Tls_close_by_key()
|
static |
Definition at line 845 of file tls_mbedtls.c.
References a_IOwatch_remove_fd(), a_Klist_get_data(), a_Klist_remove(), a_Tls_mbedtls_reset_server_state(), a_Url_free(), conn_list, dClose(), dFree(), and Tls_fd_map_remove_entry().
Referenced by a_Tls_mbedtls_close_by_fd(), and Tls_handshake().
◆ Tls_conn_new()
|
static |
Definition at line 170 of file tls_mbedtls.c.
References a_Url_dup(), dNew0, and TRUE.
Referenced by a_Tls_mbedtls_connect().
◆ Tls_examine_certificate()
|
static |
Definition at line 767 of file tls_mbedtls.c.
References a_Dialog_choice(), CERT_STATUS_BAD, CERT_STATUS_CLEAN, CERT_STATUS_RECEIVING, CERT_STATUS_USER_ACCEPTED, dFree(), dStrconcat(), MSG_ERR, Tls_make_bad_cert_msg(), and Tls_update_cert_authorities_data().
Referenced by Tls_handshake().
◆ Tls_fatal_error_msg()
|
static |
Definition at line 873 of file tls_mbedtls.c.
References errmsg(), and MSG_WARN.
Referenced by Tls_handshake().
◆ Tls_fd_map_add_entry()
|
static |
Definition at line 118 of file tls_mbedtls.c.
References dList_append(), dList_find_custom(), dNew0, fd_map, INT2VOIDP, MSG_ERR, and Tls_fd_map_cmp().
Referenced by Tls_make_conn_key().
◆ Tls_fd_map_cmp()
|
static |
Definition at line 110 of file tls_mbedtls.c.
References VOIDP2INT.
Referenced by a_Tls_mbedtls_close_by_fd(), a_Tls_mbedtls_connection(), Tls_fd_map_add_entry(), and Tls_fd_map_remove_entry().
◆ Tls_fd_map_remove_all()
|
static |
Definition at line 1227 of file tls_mbedtls.c.
References dFree(), dList_free(), dList_length(), dList_nth_data(), and fd_map.
Referenced by a_Tls_mbedtls_freeall().
◆ Tls_fd_map_remove_entry()
|
static |
Definition at line 136 of file tls_mbedtls.c.
References dFree(), dList_find_custom(), dList_remove_fast(), fd_map, INT2VOIDP, MSG, and Tls_fd_map_cmp().
Referenced by Tls_close_by_key().
◆ Tls_handshake()
|
static |
Definition at line 952 of file tls_mbedtls.c.
References _MSG, a_Http_connect_done(), a_IOwatch_add_fd(), a_IOwatch_remove_fd(), a_Klist_get_data(), CERT_STATUS_RECEIVING, CERT_STATUS_USER_ACCEPTED, conn_list, DIO_READ, DIO_WRITE, dList_find_sorted(), failed, FALSE, INT2VOIDP, MSG, servers, Tls_close_by_key(), Tls_examine_certificate(), Tls_fatal_error_msg(), Tls_handshake_cb(), Tls_servers_by_url_cmp(), TRUE, URL_AUTHORITY, URL_HTTPS_PORT, and URL_PORT.
Referenced by a_Tls_mbedtls_connect(), and Tls_handshake_cb().
◆ Tls_handshake_cb()
|
static |
Definition at line 1054 of file tls_mbedtls.c.
References Tls_handshake(), and VOIDP2INT.
Referenced by Tls_handshake().
◆ Tls_load_certificates()
|
static |
Definition at line 260 of file tls_mbedtls.c.
References cacerts, dFree(), dGethomedir(), dStrconcat(), MSG, Tls_load_certificates_from_file(), Tls_load_certificates_from_path(), and Tls_remove_duplicate_certificates().
Referenced by a_Tls_mbedtls_init().
◆ Tls_load_certificates_from_file()
|
static |
Definition at line 193 of file tls_mbedtls.c.
Referenced by Tls_load_certificates().
◆ Tls_load_certificates_from_path()
|
static |
Definition at line 210 of file tls_mbedtls.c.
Referenced by Tls_load_certificates().
◆ Tls_make_bad_cert_msg()
|
static |
Definition at line 688 of file tls_mbedtls.c.
References dStr_free(), dStr_new(), dStr_sprintfa(), Dstr::str, Tls_cert_bad_hash(), Tls_cert_bad_key(), Tls_cert_bad_pk_alg(), Tls_cert_cn_mismatch(), Tls_cert_expired(), Tls_cert_not_valid_yet(), and Tls_cert_trust_chain_failed().
Referenced by Tls_examine_certificate().
◆ Tls_make_conn_key()
|
static |
Definition at line 181 of file tls_mbedtls.c.
References a_Klist_insert(), conn_list, and Tls_fd_map_add_entry().
Referenced by a_Tls_mbedtls_connect().
◆ Tls_remove_duplicate_certificates()
|
static |
Definition at line 227 of file tls_mbedtls.c.
References cacerts, and dFree().
Referenced by Tls_load_certificates().
◆ Tls_remove_psk_ciphersuites()
|
static |
Definition at line 324 of file tls_mbedtls.c.
References dNew, and ssl_conf.
Referenced by a_Tls_mbedtls_init().
◆ Tls_servers_by_url_cmp()
|
static |
Definition at line 451 of file tls_mbedtls.c.
References dStrAsciiCasecmp(), URL_HOST, and URL_PORT.
Referenced by a_Tls_mbedtls_connect_ready(), a_Tls_mbedtls_reset_server_state(), Tls_cert_status(), and Tls_handshake().
◆ Tls_servers_cmp()
|
static |
Definition at line 439 of file tls_mbedtls.c.
References dStrAsciiCasecmp().
Referenced by a_Tls_mbedtls_connect_ready().
◆ Tls_servers_freeall()
|
static |
Definition at line 1212 of file tls_mbedtls.c.
References dFree(), dList_free(), dList_length(), dList_nth_data(), and servers.
Referenced by a_Tls_mbedtls_freeall().
◆ Tls_update_cert_authorities_data()
|
static |
Definition at line 739 of file tls_mbedtls.c.
References cert_authorities, dList_append(), dList_find_custom(), dList_insert_sorted(), dList_new(), dNew, dStrdup(), Tls_cert_auth_cmp(), and Tls_cert_auth_cmp_by_name().
Referenced by Tls_examine_certificate().
◆ Tls_user_said_no()
|
static |
Definition at line 507 of file tls_mbedtls.c.
References CERT_STATUS_BAD, and Tls_cert_status().
Referenced by a_Tls_mbedtls_connect().
Variable Documentation
◆ cacerts
|
static |
Definition at line 91 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_init(), Tls_cert_authorities_freeall(), Tls_load_certificates(), Tls_load_certificates_from_file(), Tls_load_certificates_from_path(), and Tls_remove_duplicate_certificates().
◆ cert_authorities
|
static |
Definition at line 96 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_init(), Tls_cert_authorities_freeall(), Tls_cert_authorities_print_summary(), and Tls_update_cert_authorities_data().
◆ conn_list
|
static |
Definition at line 87 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_connection(), Tls_close_by_key(), Tls_handshake(), and Tls_make_conn_key().
◆ ctr_drbg
|
static |
Definition at line 92 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_init().
◆ entropy
|
static |
Definition at line 93 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_init().
◆ fd_map
|
static |
Definition at line 97 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_close_by_fd(), a_Tls_mbedtls_connection(), a_Tls_mbedtls_init(), Tls_fd_map_add_entry(), Tls_fd_map_remove_all(), and Tls_fd_map_remove_entry().
◆ servers
|
static |
Definition at line 95 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_connect_ready(), a_Tls_mbedtls_init(), a_Tls_mbedtls_reset_server_state(), Tls_cert_status(), Tls_handshake(), and Tls_servers_freeall().
◆ ssl_conf
|
static |
Definition at line 90 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_connect(), a_Tls_mbedtls_init(), and Tls_remove_psk_ciphersuites().
◆ ssl_enabled
Definition at line 89 of file tls_mbedtls.c.
Referenced by a_Tls_mbedtls_connect(), a_Tls_mbedtls_connect_ready(), and a_Tls_mbedtls_init().
