From c5bf032db0c8a574bb3179d6d37dc88e7589379f Mon Sep 17 00:00:00 2001 From: jyelon Date: Sun, 9 Jan 2022 16:59:39 -0500 Subject: [PATCH] About to break everything with SSL conversion --- luprex/core/cpp/driver-linux.cpp | 62 +++++++++++++++++++++++++++----- 1 file changed, 54 insertions(+), 8 deletions(-) diff --git a/luprex/core/cpp/driver-linux.cpp b/luprex/core/cpp/driver-linux.cpp index e65239f9..d550f9fc 100644 --- a/luprex/core/cpp/driver-linux.cpp +++ b/luprex/core/cpp/driver-linux.cpp @@ -17,6 +17,12 @@ #include #include #include +#include +#include +#include +#include +#include + using SOCKET=int; const int INVALID_SOCKET = -1; using SocketVector = std::vector; @@ -140,6 +146,19 @@ SocketVector accept_on_socket(SOCKET listen_socket) { } } +SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, const std::string &require_cert) { + SSL_CTX *ctx = SSL_CTX_new(TLS_method()); + SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + // server_cert is not implemented yet. + if (root_certs) { + SSL_CTX_set_default_verify_paths(ctx); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + } + // require_cert is not implemented yet. + return ctx; +} + class MonoClock { private: struct timespec base_; @@ -177,6 +196,8 @@ public: int chid; ChanState state; SOCKET socket; + SSL_CTX *ssl_ctx; + SSL *ssl; }; DrivenEngine *driven_; @@ -186,12 +207,9 @@ public: std::map listen_sockets_; std::unique_ptr chbuf; - void init(DrivenEngine *de) { - driven_ = de; - any_inactive_ = false; - short_sleep_ = false; - chbuf.reset(new char[65536]); - } + SSL_CTX *ssl_ctx_with_root_certs_; + SSL_CTX *ssl_ctx_with_server_certs_; + SSL_CTX *ssl_ctx_with_no_certs_; void handle_listen_ports() { std::set listenports; @@ -216,11 +234,25 @@ public: void close_channel(ChanInfo &chan, const std::string &err) { assert(chan.state != CHAN_INACTIVE); + // Close the SSL channel. + if (chan.ssl != nullptr) { + SSL_free(chan.ssl); + chan.ssl = nullptr; + } + // Close the SSL_CTX + if (chan.ssl_ctx != nullptr) { + SSL_CTX_free(chan.ssl_ctx); + chan.ssl_ctx = nullptr; + } + // Close the socket. + assert(chan.socket != INVALID_SOCKET); assert(close(chan.socket) == 0); + chan.socket = INVALID_SOCKET; + // Close everything else. driven_->drv_notify_close(chan.chid, err); chan.state = CHAN_INACTIVE; - chan.socket = INVALID_SOCKET; chan.chid = -1; + // Set global variables. any_inactive_ = true; short_sleep_ = true; } @@ -397,11 +429,18 @@ public: void drive(DrivenEngine *de, int argc, char *argv[]) { enableRawMode(); - init(de); + driven_ = de; + any_inactive_ = false; + short_sleep_ = false; + chbuf.reset(new char[65536]); + ssl_ctx_with_root_certs_ = new_ssl_context(false, true, ""); + ssl_ctx_with_server_certs_ = new_ssl_context(true, false, ""); + ssl_ctx_with_no_certs_ = new_ssl_context(false, false, ""); DrivenEngine::set(de); driven_->drv_set_lua_source(util::read_lua_source("lua")); driven_->drv_invoke_event_init(argc, argv); handle_listen_ports(); + while (!de->drv_get_stop_driver()) { short_sleep_ = false; handle_lua_source(); @@ -415,6 +454,13 @@ public: driven_->drv_set_clock(monoclock.get()); de->drv_invoke_event_update(); } + + for (ChanInfo &chan : chans_) { + close_channel(chan, ""); + } + SSL_CTX_free(ssl_ctx_with_no_certs_); + SSL_CTX_free(ssl_ctx_with_root_certs_); + SSL_CTX_free(ssl_ctx_with_server_certs_); DrivenEngine::set(nullptr); } };