MIO read/write functions to read/write on TLS encrypted sockets and handling for TLS in general (using the GNU TLS implementation) More...

#include "jabberd.h"
#include <libtasn1.h>
#include <map>
#include <set>
#include <string>
#include <sstream>
#include <gcrypt.h>
#include <vector>
#include <list>
#include <iostream>

Functions
void	mio_tls_gcrypt_init ()
bool	mio_tls_early_init ()
void	mio_ssl_init (xmlnode x)
void	_mio_ssl_cleanup (void *arg)
ssize_t	_mio_ssl_read (mio m, void *buf, size_t count)
ssize_t	_mio_ssl_write (mio m, const void *buf, size_t count)
int	_mio_tls_cont_handshake_server (mio m)
int	_mio_ssl_accepted (mio m)
int	mio_is_encrypted (mio m)
int	mio_ssl_starttls_possible (mio m, const char *identity)
int	mio_ssl_starttls (mio m, int originator, const char *identity)
int	mio_ssl_verify (mio m, const char *id_on_xmppAddr)
void	mio_tls_get_characteristics (mio m, char *buffer, size_t len)
void	mio_tls_get_certtype (mio m, char *buffer, size_t len)
void	mio_tls_get_compression (mio m, char *buffer, size_t len)
Variables
const ASN1_ARRAY_TYPE	subjectAltName_asn1_tab []
std::map< std::string, gnutls_certificate_credentials_t >	mio_tls_credentials
std::map< std::string, int const * >	mio_tls_protocols
std::map< std::string, int const * >	mio_tls_kx
std::map< std::string, int const * >	mio_tls_ciphers
std::map< std::string, int const * >	mio_tls_certtypes
std::map< std::string, int const * >	mio_tls_mac
std::map< std::string, int const * >	mio_tls_compression
pool	mio_tls_pool = NULL
ASN1_TYPE	mio_tls_asn1_tree = ASN1_TYPE_EMPTY

Detailed Description

MIO read/write functions to read/write on TLS encrypted sockets and handling for TLS in general (using the GNU TLS implementation)

Function Documentation

int _mio_ssl_accepted ( mio m )

accepted a new incoming connection, where we have to start the TLS layer without a STARTTLS command, e.g. on port 5223

Parameters:

m	the mio of the listening socket

Returns:: -1 on error, 0 if the handshake has not yet finished, 1 on success

References mio_ssl_starttls(), and mio_st::our_ip.

void _mio_ssl_cleanup ( void * arg )

References log_debug2, and LOGT_IO.

Referenced by mio_ssl_starttls().

ssize_t _mio_ssl_read	(	mio	m,
		void *	buf,
		size_t	count
	)

read data from a socket, that is TLS protected

The m->flags.recall_read_when_readable and m->flags.recall_read_when_writeable is updated by this function.

Parameters:

m	the mio where data might be available
buf	where to write the written data to
count	how many bytes should be read at most

Returns:: 0 < ret < count: ret bytes read and no more bytes to read; ret = count: ret bytes read, possibly more bytes to read; ret = 0: currently nothing to read; ret < 0: non-recoverable error or connection closed

References mio_st::fd, mio_st::flags, log_debug2, log_notice(), LOGT_IO, mio_st::recall_read_when_readable, mio_st::recall_read_when_writeable, and mio_st::ssl.

ssize_t _mio_ssl_write	(	mio	m,
		const void *	buf,
		size_t	count
	)

write data to a socket, that is TLS protected

The m->flags.recall_write_when_readable and m->flags.recall_write_when_writeable is updated by this function.

Parameters:

m	the mio where writing is possible
buf	data that should be written
count	how many bytes should be written at most

Returns:: ret > 0: ret bytes written; ret == 0: no bytes could be written; ret < 0: non-recoverable error or connection closed

References mio_st::fd, mio_st::flags, log_debug2, log_notice(), LOGT_IO, mio_st::recall_write_when_readable, mio_st::recall_write_when_writeable, and mio_st::ssl.

int _mio_tls_cont_handshake_server ( mio m )

continue a TLS handshake (as server side) when new data is available or data can be written now

Parameters:

m	the mio of the socket

Returns:: -1 on error, 0 if handshake did not complete yet, 1 on success

References mio_st::fd, mio_st::flags, mio_handlers_st::handshake, log_debug2, LOGT_IO, mio_st::mh, mio_st::recall_handshake_when_readable, mio_st::recall_handshake_when_writeable, and mio_st::ssl.

Referenced by mio_ssl_starttls().

int mio_is_encrypted ( mio m )

check if a connection is encrypted

Parameters:

m	the connection

Returns:: 0 if the connection is unprotected, 1 if the connection is integrity protected, >1 if the connection is encrypted

References mio_st::ssl.

Referenced by dialback_check_settings(), and dialback_in_read().

void mio_ssl_init ( xmlnode x )

initialize the mio SSL/TLS module using the GNU TLS library

Parameters:

x	xmlnode containing the configuration information (the io/tls element)

References j_strcmp(), log_debug2, log_error, log_warn(), LOGT_IO, mio_tls_pool, xhash_free(), xhash_new(), xhash_put(), xmlnode_get_attrib_ns(), xmlnode_get_data(), xmlnode_get_firstchild(), xmlnode_get_localname(), xmlnode_get_namespace(), and xmlnode_get_nextsibling().

Referenced by mio_init().

int mio_ssl_starttls	(	mio	m,
		int	originator,
		const char *	identity
	)

start a TLS layer on a connection and set the appropriate mio handlers for SSL/TLS

Parameters:

m	the connection on which the TLS layer should be established
originator	1 if this side is the originating side, 0 else
identity	our own identity (selector for the used certificate)

Returns:: 0 on success, non-zero on failure

References _mio_ssl_cleanup(), _mio_tls_cont_handshake_server(), mio_handlers_st::close, mio_st::fd, mio_st::flags, mio_handlers_st::handshake, mio_st::k, log_debug2, log_error, log_notice(), LOGT_EXECFLOW, LOGT_IO, mio_st::mh, mio_close(), MIO_SSL_READ, MIO_SSL_WRITE, mio_tls_certtypes, mio_tls_ciphers, mio_tls_compression, mio_tls_credentials, mio_tls_kx, mio_tls_mac, mio_tls_protocols, mio_st::our_ip, mio_st::p, mio_st::peer_ip, pool_cleanup(), mio_handlers_st::read, mio_st::recall_handshake_when_readable, mio_st::recall_handshake_when_writeable, mio_st::ssl, and mio_handlers_st::write.

Referenced by _mio_ssl_accepted(), and mio_xml_starttls().

int mio_ssl_starttls_possible	(	mio	m,
		const char *	identity
	)

check if it would be possible to start TLS on a connection

Parameters:

m	the connection
identity	our own identity (check if certificate is present)

Returns:: 0 if it is impossible, 1 if it is possible

References mio_tls_credentials, and mio_st::ssl.

Referenced by dialback_in_read(), dialback_in_read_db(), and dialback_out_read().

int mio_ssl_verify	(	mio	m,
		const char *	id_on_xmppAddr
	)

verify the SSL/TLS certificate of the peer for the given MIO connection

Parameters:

m	the connection for which the peer should be verified
id_on_xmppAddr	the JabberID, that the certificate should be checked for, if NULL it is only checked if the certificate is valid and trusted

Returns:: 0 the certificate is invalid, 1 the certificate is valid

References log_notice(), and mio_st::ssl.

Referenced by dialback_check_settings(), dialback_in_read(), and dialback_in_read_db().

bool mio_tls_early_init ( )

early initiatizations for GnuTLS

This has to be called as soon as possible after application startup

Returns:: true on success, false on failure

References mio_tls_asn1_tree, mio_tls_gcrypt_init(), and subjectAltName_asn1_tab.

Referenced by main().

void mio_tls_gcrypt_init ( )

Tell gcrypt we are using libpth

Referenced by mio_tls_early_init().

void mio_tls_get_certtype	(	mio	m,
		char *	buffer,
		size_t	len
	)

References mio_st::ssl.

Referenced by dialback_check_settings().

void mio_tls_get_characteristics	(	mio	m,
		char *	buffer,
		size_t	len
	)

get some information on what protocols are used inside the TLS layer

Parameters:

m	the mio object to request the information for
buffer	where to write the result
len	size of the buffer to place the information in

References mio_st::ssl.

Referenced by dialback_check_settings().

void mio_tls_get_compression	(	mio	m,
		char *	buffer,
		size_t	len
	)

References mio_st::ssl.

Referenced by dialback_check_settings().

Variable Documentation

ASN1_TYPE mio_tls_asn1_tree = ASN1_TYPE_EMPTY

tree of ASN1 structures

Referenced by mio_tls_early_init().

std::map<std::string, int const*> mio_tls_certtypes

certificate types to use for a domain

key is the virtual domain the ciphers are used for ("*" for the default) value the certificate types to use

Referenced by mio_ssl_starttls().

std::map<std::string, int const*> mio_tls_ciphers

the ciphers to use for a domain

key is the virtual domain the ciphers are used for ("*" for the default) value the ciphers to use

Referenced by mio_ssl_starttls().

std::map<std::string, int const*> mio_tls_compression

compression algorithms to use for a domain

key is the virtual domain the compression algorithms are used for ("*" for the default) value the compression algorithms to use

Referenced by mio_ssl_starttls().

std::map<std::string, gnutls_certificate_credentials_t> mio_tls_credentials

the credentials used by the server

key is the virtual domain the credentials are used for ("*" for the default) value the credentials to use

Referenced by mio_ssl_starttls(), and mio_ssl_starttls_possible().

std::map<std::string, int const*> mio_tls_kx

the key exchange protocols to use for a domain

key is the virtual domain the kx protocols are used for ("*" for the default) value the kx protocols to use

Referenced by mio_ssl_starttls().

std::map<std::string, int const*> mio_tls_mac

mac algorithms to use for a domain

key is the virtual domain the mac algorithms are used for ("*" for the default) value the mac algorithms to use

Referenced by mio_ssl_starttls().

pool mio_tls_pool = NULL

memory pool for allocation of priority arrays

Referenced by mio_ssl_init().

std::map<std::string, int const*> mio_tls_protocols

the protocols to use for a domain

key is the virtual domain the credentials are used for ("*" for the default) value the protocols to use

Referenced by mio_ssl_starttls().

const ASN1_ARRAY_TYPE subjectAltName_asn1_tab[]

Referenced by mio_tls_early_init().

Functions

Variables

Detailed Description

Function Documentation

Variable Documentation