diff options
| author | David Timber <mieabby@gmail.com> | 2021-07-07 21:21:17 +1000 |
|---|---|---|
| committer | David Timber <mieabby@gmail.com> | 2021-07-07 21:21:17 +1000 |
| commit | 9d963486f66a864aa67e668742b6aa6a6e72fb1f (patch) | |
| tree | eb03b72db5ec7ef14ad4f04b2dc6cc18c340442c /src | |
| parent | 9cc889d0ac25f4e9783a87f3f6cb0bcfa79c5c88 (diff) | |
Refactor: impl prne_mbedtls_verify_alp()
Diffstat (limited to 'src')
| -rw-r--r-- | src/bne.c | 11 | ||||
| -rw-r--r-- | src/htbt.c | 33 | ||||
| -rw-r--r-- | src/mbedtls.c | 23 | ||||
| -rw-r--r-- | src/mbedtls.h | 5 | ||||
| -rw-r--r-- | src/proone.c | 2 |
5 files changed, 45 insertions, 29 deletions
@@ -1061,6 +1061,9 @@ static bool bne_sh_setup ( parser.ctx = s_ctx; parser.line_f = bne_sh_availcmd_parse_f; + /* FIXME + * DO NOT assume that /dev is available + */ ret = bne_sh_runcmd_line( s_ctx, &parser, @@ -1821,10 +1824,10 @@ static bool bne_do_vec_htbt (prne_bne_t *ctx) { goto END; } - ret = - prne_nstreq( - mbedtls_ssl_get_alpn_protocol(&ssl), - PRNE_HTBT_TLS_ALP); + ret = prne_mbedtls_verify_alp( + ctx->param.htbt_ssl_conf, + &ssl, + PRNE_HTBT_TLS_ALP); if (ret) { /* here goes ... * @@ -319,28 +319,6 @@ static void htbt_main_empty_req_q (prne_htbt_t *ctx) { prne_llist_clear(&ctx->main.req_q); } -static bool htbt_verify_alp ( - const mbedtls_ssl_config *conf, - const mbedtls_ssl_context *ctx) -{ - bool has_alpn = false; - - for (const char **a = conf->alpn_list; a != NULL && *a != NULL; a += 1) { - if (strcmp(*a, PRNE_HTBT_TLS_ALP) == 0) { - has_alpn = true; - break; - } - } - - if (!has_alpn) { - // ALP verification is disabled. - return true; - } - return prne_nstreq( - mbedtls_ssl_get_alpn_protocol(ctx), - PRNE_HTBT_TLS_ALP); -} - /* htbt_relay_child() */ static prne_htbt_status_code_t htbt_relay_child ( @@ -1728,7 +1706,11 @@ static bool htbt_main_slv_setup_f (void *ioctx, pth_event_t ev) { ret = false; goto END; } - if (!htbt_verify_alp(ctx->parent->param.main_ssl_conf, &ctx->ssl)) { + if (!prne_mbedtls_verify_alp( + ctx->parent->param.main_ssl_conf, + &ctx->ssl, + PRNE_HTBT_TLS_ALP)) + { ret = false; goto END; } @@ -2421,7 +2403,10 @@ static bool htbt_lbd_slv_setup_f (void *ioctx, pth_event_t ev) { &ctx->ssl, mbedtls_ssl_handshake, ctx->fd, - ev) && htbt_verify_alp(ctx->parent->param.lbd_ssl_conf, &ctx->ssl); + ev) && prne_mbedtls_verify_alp( + ctx->parent->param.lbd_ssl_conf, + &ctx->ssl, + PRNE_HTBT_TLS_ALP); } static void htbt_lbd_slv_cleanup_f (void *ioctx, pth_event_t ev) { diff --git a/src/mbedtls.c b/src/mbedtls.c index 7af5e80..6b8b600 100644 --- a/src/mbedtls.c +++ b/src/mbedtls.c @@ -183,3 +183,26 @@ bool prne_mbedtls_pth_handle ( } while (false); } } + +bool prne_mbedtls_verify_alp ( + const mbedtls_ssl_config *conf, + const mbedtls_ssl_context *ctx, + const char *alp) +{ + bool has_alpn = false; + + for (const char **a = conf->alpn_list; a != NULL && *a != NULL; a += 1) { + if (strcmp(*a, alp) == 0) { + has_alpn = true; + break; + } + } + + if (!has_alpn) { + // ALP verification is disabled. + return true; + } + return prne_nstreq( + mbedtls_ssl_get_alpn_protocol(ctx), + alp); +} diff --git a/src/mbedtls.h b/src/mbedtls.h index 0811aa3..ea97adf 100644 --- a/src/mbedtls.h +++ b/src/mbedtls.h @@ -34,3 +34,8 @@ bool prne_mbedtls_pth_handle ( int(*mbedtls_f)(mbedtls_ssl_context*), const int fd, pth_event_t ev); + +bool prne_mbedtls_verify_alp ( + const mbedtls_ssl_config *conf, + const mbedtls_ssl_context *ctx, + const char *alp); diff --git a/src/proone.c b/src/proone.c index 7ab123e..6eacc33 100644 --- a/src/proone.c +++ b/src/proone.c @@ -429,9 +429,9 @@ static void alloc_workers (void) { for (size_t i = 0; i < sizeof(wkr_arr)/sizeof(prne_worker_t); i += 1) { prne_init_worker(wkr_arr + i); } + alloc_recon(); alloc_resolv(); alloc_htbt(); - alloc_recon(); } static void free_workers (void) { |