Commit dc513a9a authored by Sergey Lyubka's avatar Sergey Lyubka

Wrapped SSL code into #ifndef NO_SSL

parent 8ce6cf61
...@@ -1455,9 +1455,12 @@ static int64_t push(FILE *fp, SOCKET sock, SSL *ssl, const char *buf, ...@@ -1455,9 +1455,12 @@ static int64_t push(FILE *fp, SOCKET sock, SSL *ssl, const char *buf,
// How many bytes we send in this iteration // How many bytes we send in this iteration
k = len - sent > INT_MAX ? INT_MAX : (int) (len - sent); k = len - sent > INT_MAX ? INT_MAX : (int) (len - sent);
#ifndef NO_SSL
if (ssl != NULL) { if (ssl != NULL) {
n = SSL_write(ssl, buf + sent, k); n = SSL_write(ssl, buf + sent, k);
} else if (fp != NULL) { } else
#endif
if (fp != NULL) {
n = (int) fwrite(buf + sent, 1, (size_t) k, fp); n = (int) fwrite(buf + sent, 1, (size_t) k, fp);
if (ferror(fp)) if (ferror(fp))
n = -1; n = -1;
...@@ -1487,9 +1490,11 @@ static int wait_until_socket_is_readable(struct mg_connection *conn) { ...@@ -1487,9 +1490,11 @@ static int wait_until_socket_is_readable(struct mg_connection *conn) {
pfd.fd = conn->client.sock; pfd.fd = conn->client.sock;
pfd.events = POLLIN; pfd.events = POLLIN;
result = poll(&pfd, 1, 200); result = poll(&pfd, 1, 200);
#ifndef NO_SSL
if (result == 0 && conn->ssl != NULL) { if (result == 0 && conn->ssl != NULL) {
result = SSL_pending(conn->ssl); result = SSL_pending(conn->ssl);
} }
#endif
} while ((result == 0 || (result < 0 && ERRNO == EINTR)) && } while ((result == 0 || (result < 0 && ERRNO == EINTR)) &&
conn->ctx->stop_flag == 0); conn->ctx->stop_flag == 0);
...@@ -1508,8 +1513,10 @@ static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len) { ...@@ -1508,8 +1513,10 @@ static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len) {
nread = read(fileno(fp), buf, (size_t) len); nread = read(fileno(fp), buf, (size_t) len);
} else if (!conn->must_close && !wait_until_socket_is_readable(conn)) { } else if (!conn->must_close && !wait_until_socket_is_readable(conn)) {
nread = -1; nread = -1;
#ifndef NO_SSL
} else if (conn->ssl != NULL) { } else if (conn->ssl != NULL) {
nread = SSL_read(conn->ssl, buf, len); nread = SSL_read(conn->ssl, buf, len);
#endif
} else { } else {
nread = recv(conn->client.sock, buf, (size_t) len, 0); nread = recv(conn->client.sock, buf, (size_t) len, 0);
} }
...@@ -1809,12 +1816,6 @@ static void convert_uri_to_file_name(struct mg_connection *conn, char *buf, ...@@ -1809,12 +1816,6 @@ static void convert_uri_to_file_name(struct mg_connection *conn, char *buf,
} }
} }
static int sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *)) {
return (conn->ssl = SSL_new(s)) != NULL &&
SSL_set_fd(conn->ssl, conn->client.sock) == 1 &&
func(conn->ssl) == 1;
}
// Check whether full request is buffered. Return: // Check whether full request is buffered. Return:
// -1 if request is malformed // -1 if request is malformed
// 0 if request is not yet fully buffered // 0 if request is not yet fully buffered
...@@ -1828,7 +1829,8 @@ static int get_request_len(const char *buf, int buflen) { ...@@ -1828,7 +1829,8 @@ static int get_request_len(const char *buf, int buflen) {
if (!isprint(* (const unsigned char *) s) && *s != '\r' && if (!isprint(* (const unsigned char *) s) && *s != '\r' &&
*s != '\n' && * (const unsigned char *) s < 128) { *s != '\n' && * (const unsigned char *) s < 128) {
len = -1; len = -1;
break; // [i_a] abort scan as soon as one malformed character is found; don't let subsequent \r\n\r\n win us over anyhow break; // [i_a] abort scan as soon as one malformed character is found;
// don't let subsequent \r\n\r\n win us over anyhow
} else if (s[0] == '\n' && s[1] == '\n') { } else if (s[0] == '\n' && s[1] == '\n') {
len = (int) (s - buf) + 2; len = (int) (s - buf) + 2;
} else if (s[0] == '\n' && &s[1] < e && } else if (s[0] == '\n' && &s[1] < e &&
...@@ -4500,6 +4502,12 @@ static int set_uid_option(struct mg_context *ctx) { ...@@ -4500,6 +4502,12 @@ static int set_uid_option(struct mg_context *ctx) {
#if !defined(NO_SSL) #if !defined(NO_SSL)
static pthread_mutex_t *ssl_mutexes; static pthread_mutex_t *ssl_mutexes;
static int sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *)) {
return (conn->ssl = SSL_new(s)) != NULL &&
SSL_set_fd(conn->ssl, conn->client.sock) == 1 &&
func(conn->ssl) == 1;
}
// Return OpenSSL error message // Return OpenSSL error message
static const char *ssl_error(void) { static const char *ssl_error(void) {
unsigned long err; unsigned long err;
...@@ -4686,16 +4694,20 @@ static void close_connection(struct mg_connection *conn) { ...@@ -4686,16 +4694,20 @@ static void close_connection(struct mg_connection *conn) {
if (conn->client.sock != INVALID_SOCKET) { if (conn->client.sock != INVALID_SOCKET) {
close_socket_gracefully(conn); close_socket_gracefully(conn);
} }
#ifndef NO_SSL
// Must be done AFTER socket is closed // Must be done AFTER socket is closed
if (conn->ssl != NULL) { if (conn->ssl != NULL) {
SSL_free(conn->ssl); SSL_free(conn->ssl);
} }
#endif
} }
void mg_close_connection(struct mg_connection *conn) { void mg_close_connection(struct mg_connection *conn) {
#ifndef NO_SSL
if (conn->client_ssl_ctx != NULL) { if (conn->client_ssl_ctx != NULL) {
SSL_CTX_free((SSL_CTX *) conn->client_ssl_ctx); SSL_CTX_free((SSL_CTX *) conn->client_ssl_ctx);
} }
#endif
close_connection(conn); close_connection(conn);
free(conn); free(conn);
} }
...@@ -4743,12 +4755,14 @@ struct mg_connection *mg_connect(const char *host, int port, int use_ssl, ...@@ -4743,12 +4755,14 @@ struct mg_connection *mg_connect(const char *host, int port, int use_ssl,
conn->client.sock = sock; conn->client.sock = sock;
conn->client.rsa.sin = sin; conn->client.rsa.sin = sin;
conn->client.is_ssl = use_ssl; conn->client.is_ssl = use_ssl;
#ifndef NO_SSL
if (use_ssl) { if (use_ssl) {
// SSL_CTX_set_verify call is needed to switch off server certificate // SSL_CTX_set_verify call is needed to switch off server certificate
// checking, which is off by default in OpenSSL and on in yaSSL. // checking, which is off by default in OpenSSL and on in yaSSL.
SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0); SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0);
sslize(conn, conn->client_ssl_ctx, SSL_connect); sslize(conn, conn->client_ssl_ctx, SSL_connect);
} }
#endif
} }
} }
...@@ -4925,9 +4939,11 @@ static void *worker_thread(void *thread_func_param) { ...@@ -4925,9 +4939,11 @@ static void *worker_thread(void *thread_func_param) {
conn->request_info.remote_ip = ntohl(conn->request_info.remote_ip); conn->request_info.remote_ip = ntohl(conn->request_info.remote_ip);
conn->request_info.is_ssl = conn->client.is_ssl; conn->request_info.is_ssl = conn->client.is_ssl;
if (!conn->client.is_ssl || if (!conn->client.is_ssl
(conn->client.is_ssl && #ifndef NO_SSL
sslize(conn, conn->ctx->ssl_ctx, SSL_accept))) { || sslize(conn, conn->ctx->ssl_ctx, SSL_accept)
#endif
) {
process_new_connection(conn); process_new_connection(conn);
} }
...@@ -5068,11 +5084,11 @@ static void free_context(struct mg_context *ctx) { ...@@ -5068,11 +5084,11 @@ static void free_context(struct mg_context *ctx) {
free(ctx->config[i]); free(ctx->config[i]);
} }
#ifndef NO_SSL
// Deallocate SSL context // Deallocate SSL context
if (ctx->ssl_ctx != NULL) { if (ctx->ssl_ctx != NULL) {
SSL_CTX_free(ctx->ssl_ctx); SSL_CTX_free(ctx->ssl_ctx);
} }
#ifndef NO_SSL
if (ssl_mutexes != NULL) { if (ssl_mutexes != NULL) {
free(ssl_mutexes); free(ssl_mutexes);
ssl_mutexes = NULL; ssl_mutexes = NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment