[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 162/222: gskit: use the generic Curl_socketpair
|
From: |
gnunet |
|
Subject: |
[gnurl] 162/222: gskit: use the generic Curl_socketpair |
|
Date: |
Thu, 07 Nov 2019 00:10:58 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 1b843bb5ed4f8d20eab1655957237429780dccd4
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Oct 7 08:25:53 2019 +0200
gskit: use the generic Curl_socketpair
---
lib/vtls/gskit.c | 98 ++------------------------------------------------------
1 file changed, 3 insertions(+), 95 deletions(-)
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index 296362e52..32153dd07 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -26,6 +26,8 @@
#include <gskssl.h>
#include <qsoasync.h>
+#undef HAVE_SOCKETPAIR /* because the native one isn't good enough */
+#include "socketpair.h"
/* Some symbols are undefined/unsupported on OS400 versions < V7R1. */
#ifndef GSK_SSL_EXTN_SERVERNAME_REQUEST
@@ -511,100 +513,6 @@ static void close_async_handshake(struct ssl_connect_data
*connssl)
BACKEND->iocport = -1;
}
-/* SSL over SSL
- * Problems:
- * 1) GSKit can only perform SSL on an AF_INET or AF_INET6 stream socket. To
- * pipe an SSL stream into another, it is therefore needed to have a pair
- * of such communicating sockets and handle the pipelining explicitly.
- * 2) OS/400 socketpair() is only implemented for domain AF_UNIX, thus cannot
- * be used to produce the pipeline.
- * The solution is to simulate socketpair() for AF_INET with low-level API
- * listen(), bind() and connect().
- */
-
-static int
-inetsocketpair(int sv[2])
-{
- int lfd; /* Listening socket. */
- int sfd; /* Server socket. */
- int cfd; /* Client socket. */
- int len;
- struct sockaddr_in addr1;
- struct sockaddr_in addr2;
-
- /* Create listening socket on a local dynamic port. */
- lfd = socket(AF_INET, SOCK_STREAM, 0);
- if(lfd < 0)
- return -1;
- memset((char *) &addr1, 0, sizeof(addr1));
- addr1.sin_family = AF_INET;
- addr1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- addr1.sin_port = 0;
- if(bind(lfd, (struct sockaddr *) &addr1, sizeof(addr1)) ||
- listen(lfd, 2) < 0) {
- close(lfd);
- return -1;
- }
-
- /* Get the allocated port. */
- len = sizeof(addr1);
- if(getsockname(lfd, (struct sockaddr *) &addr1, &len) < 0) {
- close(lfd);
- return -1;
- }
-
- /* Create the client socket. */
- cfd = socket(AF_INET, SOCK_STREAM, 0);
- if(cfd < 0) {
- close(lfd);
- return -1;
- }
-
- /* Request unblocking connection to the listening socket. */
- curlx_nonblock(cfd, TRUE);
- if(connect(cfd, (struct sockaddr *) &addr1, sizeof(addr1)) < 0 &&
- errno != EINPROGRESS) {
- close(lfd);
- close(cfd);
- return -1;
- }
-
- /* Get the client dynamic port for intrusion check below. */
- len = sizeof(addr2);
- if(getsockname(cfd, (struct sockaddr *) &addr2, &len) < 0) {
- close(lfd);
- close(cfd);
- return -1;
- }
-
- /* Accept the incoming connection and get the server socket. */
- curlx_nonblock(lfd, TRUE);
- for(;;) {
- len = sizeof(addr1);
- sfd = accept(lfd, (struct sockaddr *) &addr1, &len);
- if(sfd < 0) {
- close(lfd);
- close(cfd);
- return -1;
- }
-
- /* Check for possible intrusion from an external process. */
- if(addr1.sin_addr.s_addr == addr2.sin_addr.s_addr &&
- addr1.sin_port == addr2.sin_port)
- break;
-
- /* Intrusion: reject incoming connection. */
- close(sfd);
- }
-
- /* Done, return sockets and succeed. */
- close(lfd);
- curlx_nonblock(cfd, FALSE);
- sv[0] = cfd;
- sv[1] = sfd;
- return 0;
-}
-
static int pipe_ssloverssl(struct connectdata *conn, int sockindex,
int directions)
{
@@ -855,7 +763,7 @@ static CURLcode gskit_connect_step1(struct connectdata
*conn, int sockindex)
/* Establish a pipelining socket pair for SSL over SSL. */
if(conn->proxy_ssl[sockindex].use) {
- if(inetsocketpair(sockpair))
+ if(Curl_socketpair(0, 0, 0, sockpair))
return CURLE_SSL_CONNECT_ERROR;
BACKEND->localfd = sockpair[0];
BACKEND->remotefd = sockpair[1];
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 183/222: http2_recv: a closed stream trumps pause state, (continued)
- [gnurl] 183/222: http2_recv: a closed stream trumps pause state, gnunet, 2019/11/06
- [gnurl] 184/222: appveyor: Add MSVC ARM64 build, gnunet, 2019/11/06
- [gnurl] 194/222: appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017, gnunet, 2019/11/06
- [gnurl] 164/222: socketpair: fix include and define for older TCP header systems, gnunet, 2019/11/06
- [gnurl] 172/222: tests: use proxy feature, gnunet, 2019/11/06
- [gnurl] 204/222: appveyor: publish artifacts on appveyor, gnunet, 2019/11/06
- [gnurl] 156/222: tests: use port 2 instead of 60000 for a safer non-listening port, gnunet, 2019/11/06
- [gnurl] 158/222: connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT, gnunet, 2019/11/06
- [gnurl] 155/222: KNOWN_BUGS: IDN tests failing on Windows, gnunet, 2019/11/06
- [gnurl] 160/222: socketpair: an implemention for Windows and more, gnunet, 2019/11/06
- [gnurl] 162/222: gskit: use the generic Curl_socketpair,
gnunet <=
- [gnurl] 147/222: docs: added multi-event.c example, gnunet, 2019/11/06
- [gnurl] 163/222: socketpair: fix double-close in error case, gnunet, 2019/11/06
- [gnurl] 170/222: security: silence conversion warning, gnunet, 2019/11/06
- [gnurl] 178/222: test1162: disable MSYS2's POSIX path conversion, gnunet, 2019/11/06
- [gnurl] 166/222: KNOWN_BUGS: "LDAP on Windows does authentication wrong", gnunet, 2019/11/06
- [gnurl] 171/222: smbserver: fix Python 3 compatibility, gnunet, 2019/11/06
- [gnurl] 168/222: TODO: Handle growing SFTP files, gnunet, 2019/11/06
- [gnurl] 189/222: tests: add missing proxy features, gnunet, 2019/11/06
- [gnurl] 177/222: RELEASE-NOTES: synced, gnunet, 2019/11/06
- [gnurl] 181/222: travis: Add an ARM64 build, gnunet, 2019/11/06