summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2021-06-02 01:15:12 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2021-06-02 01:15:12 +0000
commita6c4fb25b60cbc83a4b8bdb756fcf9c69310e6ae (patch)
tree9d2eb036d62e4e4c9ee9ef8926c9bc70890ded07
parent661251d70c70a15ba4d1bc3edf8858aa200d2105 (diff)
downloads6-networking-a6c4fb25b60cbc83a4b8bdb756fcf9c69310e6ae.tar.xz
Debug session. Now works.
The environment given to the application still needs to be cleaned up of SNI variables.
-rw-r--r--package/deps.mak7
-rw-r--r--package/info2
-rw-r--r--src/include/s6-networking/sbearssl.h1
-rw-r--r--src/sbearssl/deps-lib/sbearssl1
-rw-r--r--src/sbearssl/sbearssl_sctx_set_policy_sni.c2
-rw-r--r--src/sbearssl/sbearssl_server_init_and_run.c17
-rw-r--r--src/sbearssl/sbearssl_sni_policy_add_keypair_file.c19
-rw-r--r--src/sbearssl/sbearssl_sni_policy_nkeypairs.c11
-rw-r--r--src/sbearssl/sbearssl_sni_policy_vtable.c49
9 files changed, 59 insertions, 50 deletions
diff --git a/package/deps.mak b/package/deps.mak
index 771b199..953a7cd 100644
--- a/package/deps.mak
+++ b/package/deps.mak
@@ -67,6 +67,7 @@ src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_to.lo: src/sbearssl/s
src/sbearssl/sbearssl_skey_wipe.o src/sbearssl/sbearssl_skey_wipe.lo: src/sbearssl/sbearssl_skey_wipe.c src/include/s6-networking/sbearssl.h
src/sbearssl/sbearssl_sni_policy_add_keypair_file.o src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo: src/sbearssl/sbearssl_sni_policy_add_keypair_file.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h
src/sbearssl/sbearssl_sni_policy_init.o src/sbearssl/sbearssl_sni_policy_init.lo: src/sbearssl/sbearssl_sni_policy_init.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h
+src/sbearssl/sbearssl_sni_policy_nkeypairs.o src/sbearssl/sbearssl_sni_policy_nkeypairs.lo: src/sbearssl/sbearssl_sni_policy_nkeypairs.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h
src/sbearssl/sbearssl_sni_policy_vtable.o src/sbearssl/sbearssl_sni_policy_vtable.lo: src/sbearssl/sbearssl_sni_policy_vtable.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h
src/sbearssl/sbearssl_suite_bits.o src/sbearssl/sbearssl_suite_bits.lo: src/sbearssl/sbearssl_suite_bits.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h
src/sbearssl/sbearssl_suite_list.o src/sbearssl/sbearssl_suite_list.lo: src/sbearssl/sbearssl_suite_list.c src/sbearssl/sbearssl-internal.h
@@ -143,12 +144,12 @@ libs6net.so.xyzzy: src/libs6net/s6net_ident_client.lo src/libs6net/s6net_ident_r
minidentd: EXTRA_LIBS := -lskarnet ${MAYBEPTHREAD_LIB} ${SOCKET_LIB} ${SYSCLOCK_LIB}
minidentd: src/minidentd/minidentd.o src/minidentd/mgetuid.o ${LIBNSSS}
ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),)
-libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_choose_algos_ec.o src/sbearssl/sbearssl_choose_algos_rsa.o src/sbearssl/sbearssl_choose_hash.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_get_keycert.o src/sbearssl/sbearssl_get_tas.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_sctx_init_full_generic.o src/sbearssl/sbearssl_sctx_set_policy_sni.o src/sbearssl/sbearssl_send_environment.o src/sbearssl/sbearssl_server_init_and_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_storagelen.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_wipe.o src/sbearssl/sbearssl_sni_policy_add_keypair_file.o src/sbearssl/sbearssl_sni_policy_init.o src/sbearssl/sbearssl_sni_policy_vtable.o src/sbearssl/sbearssl_suite_bits.o src/sbearssl/sbearssl_suite_list.o src/sbearssl/sbearssl_suite_name.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_small_init_full.o src/sbearssl/sbearssl_x509_small_vtable.o
+libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_choose_algos_ec.o src/sbearssl/sbearssl_choose_algos_rsa.o src/sbearssl/sbearssl_choose_hash.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_get_keycert.o src/sbearssl/sbearssl_get_tas.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_sctx_init_full_generic.o src/sbearssl/sbearssl_sctx_set_policy_sni.o src/sbearssl/sbearssl_send_environment.o src/sbearssl/sbearssl_server_init_and_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_storagelen.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_wipe.o src/sbearssl/sbearssl_sni_policy_add_keypair_file.o src/sbearssl/sbearssl_sni_policy_init.o src/sbearssl/sbearssl_sni_policy_nkeypairs.o src/sbearssl/sbearssl_sni_policy_vtable.o src/sbearssl/sbearssl_suite_bits.o src/sbearssl/sbearssl_suite_list.o src/sbearssl/sbearssl_suite_name.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_small_init_full.o src/sbearssl/sbearssl_x509_small_vtable.o
else
-libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo
+libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_nkeypairs.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo
endif
libsbearssl.so.xyzzy: EXTRA_LIBS := -lbearssl -lskarnet
-libsbearssl.so.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo
+libsbearssl.so.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_nkeypairs.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo
ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),)
libstls.a.xyzzy: src/stls/stls_drop.o src/stls/stls_handshake.o src/stls/stls_run.o src/stls/stls_client_init_and_handshake.o src/stls/stls_server_init_and_handshake.o src/stls/stls_send_environment.o
else
diff --git a/package/info b/package/info
index 342e4dd..4eaf40a 100644
--- a/package/info
+++ b/package/info
@@ -1,4 +1,4 @@
package=s6-networking
-version=2.4.2.0
+version=2.4.2.1
category=net
package_macro_name=S6_NETWORKING
diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h
index 7ed4e5b..5e7c42a 100644
--- a/src/include/s6-networking/sbearssl.h
+++ b/src/include/s6-networking/sbearssl.h
@@ -290,6 +290,7 @@ struct sbearssl_sni_policy_context_s
extern br_ssl_server_policy_class const sbearssl_sni_policy_vtable ;
extern void sbearssl_sni_policy_init (sbearssl_sni_policy_context *) ;
extern int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *, char const *, char const *, char const *) ;
+extern size_t sbearssl_sni_policy_nkeypairs (sbearssl_sni_policy_context const *) ;
extern void sbearssl_sctx_init_full_generic (br_ssl_server_context *) ;
extern void sbearssl_sctx_set_policy_sni (br_ssl_server_context *, sbearssl_sni_policy_context *) ;
diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl
index 4b6ea70..5241e56 100644
--- a/src/sbearssl/deps-lib/sbearssl
+++ b/src/sbearssl/deps-lib/sbearssl
@@ -38,6 +38,7 @@ sbearssl_skey_to.o
sbearssl_skey_wipe.o
sbearssl_sni_policy_add_keypair_file.o
sbearssl_sni_policy_init.o
+sbearssl_sni_policy_nkeypairs.o
sbearssl_sni_policy_vtable.o
sbearssl_suite_bits.o
sbearssl_suite_list.o
diff --git a/src/sbearssl/sbearssl_sctx_set_policy_sni.c b/src/sbearssl/sbearssl_sctx_set_policy_sni.c
index 166cd97..f5f3c8a 100644
--- a/src/sbearssl/sbearssl_sctx_set_policy_sni.c
+++ b/src/sbearssl/sbearssl_sctx_set_policy_sni.c
@@ -7,5 +7,5 @@
void sbearssl_sctx_set_policy_sni (br_ssl_server_context *sc, sbearssl_sni_policy_context *pol)
{
sc->chain_handler.vtable = pol->vtable ;
- sc->policy_vtable = &sc->chain_handler.vtable ;
+ sc->policy_vtable = &pol->vtable ;
}
diff --git a/src/sbearssl/sbearssl_server_init_and_run.c b/src/sbearssl/sbearssl_server_init_and_run.c
index cdd2804..f8d8b31 100644
--- a/src/sbearssl/sbearssl_server_init_and_run.c
+++ b/src/sbearssl/sbearssl_server_init_and_run.c
@@ -22,13 +22,17 @@ void sbearssl_server_init_and_run (int *fds, tain_t const *tto, uint32_t preopti
if (!(preoptions & 8)) /* snilevel < 2 : add default keypair */
{
+ int e ;
char const *keyfile ;
char const *certfile = getenv("CERTFILE") ;
if (!certfile) strerr_dienotset(100, "CERTFILE") ;
keyfile = getenv("KEYFILE") ;
if (!keyfile) strerr_dienotset(100, "KEYFILE") ;
- if (!sbearssl_sni_policy_add_keypair_file(&pol, "", certfile, keyfile))
+ e = sbearssl_sni_policy_add_keypair_file(&pol, "", certfile, keyfile) ;
+ if (e < 0)
strerr_diefu1sys(96, "add default keypair to policy context") ;
+ else if (e)
+ strerr_diefu3x(96, "add default keypair to policy context", ": ", sbearssl_error_str(e)) ;
}
if (preoptions & 4) /* snilevel > 0 : add additional keypairs */
@@ -43,6 +47,7 @@ void sbearssl_server_init_and_run (int *fds, tain_t const *tto, uint32_t preopti
if (kequal == len) strerr_dief1x(100, "invalid environment") ;
if (kequal != 8)
{
+ int e ;
char const *x ;
char certvar[len - kequal + 10] ;
memcpy(certvar, "CERTFILE:", 9) ;
@@ -51,8 +56,11 @@ void sbearssl_server_init_and_run (int *fds, tain_t const *tto, uint32_t preopti
x = getenv(certvar) ;
if (!x)
strerr_dief3x(96, "environment variable KEYFILE:", certvar + 9, " not paired with the corresponding CERTFILE") ;
- else if (!sbearssl_sni_policy_add_keypair_file(&pol, certvar + 9, x, *envp + kequal + 1))
- strerr_diefu1sys(96, "sbearssl_sni_policy_add_keypair_file") ;
+ e = sbearssl_sni_policy_add_keypair_file(&pol, certvar + 9, x, *envp + kequal + 1) ;
+ if (e < 0)
+ strerr_diefu3sys(96, "add keypair for servername ", certvar + 9, " to policy context") ;
+ else if (e)
+ strerr_diefu5x(96, "add default keypair for servername ", certvar + 9, " to policy context", ": ", sbearssl_error_str(e)) ;
}
}
}
@@ -60,6 +68,9 @@ void sbearssl_server_init_and_run (int *fds, tain_t const *tto, uint32_t preopti
sbearssl_drop() ;
+ if (!sbearssl_sni_policy_nkeypairs(&pol))
+ strerr_dief1x(96, "no suitable keypairs found in the environment") ;
+
{
br_ssl_server_context sc ;
sbearssl_x509_small_context xc ;
diff --git a/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c b/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c
index 2462645..6334f64 100644
--- a/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c
+++ b/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c
@@ -17,14 +17,19 @@ int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *pol, char
size_t gabase = genalloc_len(sbearssl_cert, &pol->certga) ;
size_t mbase = genalloc_len(sbearssl_sni_policy_node, &pol->mapga) ;
sbearssl_sni_policy_node node = { .servername = sabase, .chainindex = gabase } ;
+ int e ;
- if (!stralloc_catb(&pol->storage, servername, strlen(servername) + 1)) return 0 ;
- if (!sbearssl_cert_readbigpem(certfile, &pol->certga, &pol->storage)) goto err0 ;
+ if (!stralloc_catb(&pol->storage, servername, strlen(servername) + 1)) return -1 ;
+ e = sbearssl_cert_readbigpem(certfile, &pol->certga, &pol->storage) ;
+ if (e) goto err0 ;
node.chainlen = genalloc_len(sbearssl_cert, &pol->certga) - node.chainindex ;
- if (!sbearssl_skey_readfile(keyfile, &node.skey, &pol->storage)) goto err1 ;
- if (!genalloc_catb(sbearssl_sni_policy_node, &pol->mapga, &node, 1)) goto err2 ;
- if (!avltree_insert(&pol->map, mbase)) goto err3 ;
- return 1 ;
+ e = sbearssl_skey_readfile(keyfile, &node.skey, &pol->storage) ;
+ if (e) goto err1 ;
+ e = genalloc_catb(sbearssl_sni_policy_node, &pol->mapga, &node, 1) ? 0 : -1 ;
+ if (e) goto err2 ;
+ e = avltree_insert(&pol->map, mbase) ? 0 : -1 ;
+ if (e) goto err3 ;
+ return 0 ;
err3:
if (mbase) genalloc_setlen(sbearssl_sni_policy_node, &pol->mapga, mbase) ;
@@ -37,5 +42,5 @@ int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *pol, char
err0:
if (sabase) pol->storage.len = sabase ;
else stralloc_free(&pol->storage) ;
- return 0 ;
+ return e ;
}
diff --git a/src/sbearssl/sbearssl_sni_policy_nkeypairs.c b/src/sbearssl/sbearssl_sni_policy_nkeypairs.c
new file mode 100644
index 0000000..43a2d98
--- /dev/null
+++ b/src/sbearssl/sbearssl_sni_policy_nkeypairs.c
@@ -0,0 +1,11 @@
+/* ISC license. */
+
+#include <skalibs/genalloc.h>
+
+#include <s6-networking/sbearssl.h>
+#include "sbearssl-internal.h"
+
+size_t sbearssl_sni_policy_nkeypairs (sbearssl_sni_policy_context const *pol)
+{
+ return genalloc_len(sbearssl_sni_policy_node, &pol->mapga) ;
+}
diff --git a/src/sbearssl/sbearssl_sni_policy_vtable.c b/src/sbearssl/sbearssl_sni_policy_vtable.c
index 6d6bcc3..26bc9a6 100644
--- a/src/sbearssl/sbearssl_sni_policy_vtable.c
+++ b/src/sbearssl/sbearssl_sni_policy_vtable.c
@@ -6,9 +6,6 @@
#include <bearssl.h>
#include <skalibs/bytestr.h>
-#ifdef DEBUG
-# include <skalibs/strerr2.h>
-#endif
#include <skalibs/stralloc.h>
#include <skalibs/genalloc.h>
#include <skalibs/avltree.h>
@@ -18,28 +15,27 @@
#define INSTANCE(c) ((sbearssl_sni_policy_context *)(c))
-#define COPY(x) do { k.data.rsa.x = m ; memcpy(s + m, t + k.data.rsa.x, k.data.rsa.x##len) ; m += k.data.rsa.x##len ; } while (0)
+#define COPY(x) do { k->data.rsa.x##len = l->data.rsa.x##len ; k->data.rsa.x = (unsigned char *)s + m ; memcpy(s + m, t + l->data.rsa.x, l->data.rsa.x##len) ; m += l->data.rsa.x##len ; } while (0)
-static inline size_t skey_copy (br_skey *key, sbearssl_skey const *l, char *s, char const *t)
+static inline size_t skey_copy (br_skey *k, sbearssl_skey const *l, char *s, char const *t)
{
- sbearssl_skey k = *l ;
size_t m = 0 ;
- switch (k.type)
+ k->type = l->type ;
+ switch (l->type)
{
case BR_KEYTYPE_RSA :
- {
+ k->data.rsa.n_bitlen = l->data.rsa.n_bitlen ;
COPY(p) ; COPY(q) ; COPY(dp) ; COPY(dq) ; COPY(iq) ;
break ;
- }
case BR_KEYTYPE_EC :
- k.data.ec.x = m ; memcpy(s + m, t + k.data.ec.x, k.data.ec.xlen) ; m += k.data.ec.xlen ;
+ k->data.ec.curve = l->data.ec.curve ;
+ k->data.ec.xlen = l->data.ec.xlen ; k->data.ec.x = (unsigned char *)s + m ; memcpy(s + m, t + l->data.ec.x, l->data.ec.xlen) ; m += l->data.ec.xlen ;
break ;
}
- sbearssl_skey_to(&k, key, s) ;
return m ;
}
-static size_t cert_copy (br_x509_certificate *newc, sbearssl_cert const *oldc, char *s, char const *t)
+static inline size_t cert_copy (br_x509_certificate *newc, sbearssl_cert const *oldc, char *s, char const *t)
{
memcpy(s, t + oldc->data, oldc->datalen) ;
newc->data = (unsigned char *)s ;
@@ -56,9 +52,11 @@ static int choose (br_ssl_server_policy_class const **pctx, br_ssl_server_contex
/* Get the node corresponding to the ServerName sent by the client. "" for no SNI. */
{
uint32_t n ;
- if (!avltree_search(&pol->map, servername, &n)
- && (!servername[0] || !avltree_search(&pol->map, "", &n)))
- return 0 ;
+ if (!avltree_search(&pol->map, servername, &n))
+ {
+ if (!servername[0]) return 0 ;
+ if (!avltree_search(&pol->map, "", &n)) return 0 ;
+ }
avltree_free(&pol->map) ;
node = genalloc_s(sbearssl_sni_policy_node, &pol->mapga) + n ;
}
@@ -104,26 +102,7 @@ static int choose (br_ssl_server_policy_class const **pctx, br_ssl_server_contex
case BR_KEYTYPE_EC :
{
int kt ;
- int r = sbearssl_ec_issuer_keytype(&kt, &choices->chain[0]) ;
- switch (r)
- {
- case -2 :
-#ifdef DEBUG
- strerr_warnw3x("certificate issuer key type not recognized", servername[0] ? " for name " : "", servername[0] ? servername : "") ;
-#endif
- return 0 ;
- case -1 :
-#ifdef DEBUG
- strerr_warnwu3sys("get certificate issuer key type", servername[0] ? " for name " : "", servername[0] ? servername : "") ;
-#endif
- return 0 ;
- case 0 : break ;
- default :
-#ifdef DEBUG
- strerr_warnwu5x("get certificate issuer key type", servername[0] ? " for name " : "", servername[0] ? servername : "", ": ", sbearssl_error_str(r)) ;
-#endif
- return 0 ;
- }
+ if (sbearssl_ec_issuer_keytype(&kt, &choices->chain[0])) return 0 ;
if (!sbearssl_choose_algos_ec(sc, choices, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, kt)) return 0 ;
pol->keyx.ec = sc->eng.iec ; /* the br_ssl_engine_get_ec() abstraction lacks a const */
pol->sign.ec = br_ecdsa_i31_sign_asn1 ; /* have to hardcode, no access to BR_LOMUL */