diff options
| -rw-r--r-- | src/include/s6-networking/sbearssl.h | 20 | ||||
| -rw-r--r-- | src/sbearssl/sbearssl-internal.h | 2 | ||||
| -rw-r--r-- | src/sbearssl/sbearssl_sni_policy_add_keypair_file.c | 6 | ||||
| -rw-r--r-- | src/sbearssl/sbearssl_sni_policy_init.c | 3 | ||||
| -rw-r--r-- | src/sbearssl/sbearssl_sni_policy_vtable.c | 2 |
5 files changed, 15 insertions, 18 deletions
diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h index f7f721d..7ed4e5b 100644 --- a/src/include/s6-networking/sbearssl.h +++ b/src/include/s6-networking/sbearssl.h @@ -270,27 +270,21 @@ extern void sbearssl_run (br_ssl_engine_context *, int *, tain_t const *, uint32 extern int sbearssl_choose_algos_rsa (br_ssl_server_context const *, br_ssl_server_choices *, unsigned int) ; extern int sbearssl_choose_algos_ec (br_ssl_server_context const *, br_ssl_server_choices *, unsigned int, int) ; -typedef struct sbearssl_sni_map_s sbearssl_sni_map, *sbearssl_sni_map_ref ; -struct sbearssl_sni_map_s -{ - char const *servername ; - sbearssl_skey skey ; - size_t chainindex ; - size_t chainlen ; -} ; - typedef struct sbearssl_sni_policy_context_s sbearssl_sni_policy_context, *sbearssl_sni_policy_context_ref ; struct sbearssl_sni_policy_context_s { + /* generic fields that any br_ssl_server_policy_class instance should have */ br_ssl_server_policy_class const *vtable ; br_skey skey ; - avltree map ; - genalloc mapga ; - genalloc certga ; - stralloc storage ; union { br_rsa_private rsa ; br_ec_impl const *ec ; } keyx ; union { br_rsa_pkcs1_sign rsa ; br_ecdsa_sign ec ; } sign ; br_multihash_context const *mhash ; + + /* specific fields to sni_policy: keypairs and servername->keypair dict */ + stralloc storage ; + genalloc certga ; + genalloc mapga ; + avltree map ; } ; extern br_ssl_server_policy_class const sbearssl_sni_policy_vtable ; diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h index 8c8839b..0677caf 100644 --- a/src/sbearssl/sbearssl-internal.h +++ b/src/sbearssl/sbearssl-internal.h @@ -78,7 +78,7 @@ extern size_t const sbearssl_suite_list_len ; typedef struct sbearssl_sni_policy_node_s sbearssl_sni_policy_node, *sbearssl_policy_node_ref ; struct sbearssl_sni_policy_node_s { - char const *servername ; + size_t servername ; sbearssl_skey skey ; size_t chainindex ; size_t chainlen ; diff --git a/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c b/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c index f77b1d8..2462645 100644 --- a/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c +++ b/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c @@ -16,9 +16,10 @@ int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *pol, char size_t sabase = pol->storage.len ; size_t gabase = genalloc_len(sbearssl_cert, &pol->certga) ; size_t mbase = genalloc_len(sbearssl_sni_policy_node, &pol->mapga) ; - sbearssl_sni_policy_node node = { .servername = servername, .chainindex = gabase } ; + sbearssl_sni_policy_node node = { .servername = sabase, .chainindex = gabase } ; - if (!sbearssl_cert_readbigpem(certfile, &pol->certga, &pol->storage)) return 0 ; ; + if (!stralloc_catb(&pol->storage, servername, strlen(servername) + 1)) return 0 ; + if (!sbearssl_cert_readbigpem(certfile, &pol->certga, &pol->storage)) goto err0 ; node.chainlen = genalloc_len(sbearssl_cert, &pol->certga) - node.chainindex ; if (!sbearssl_skey_readfile(keyfile, &node.skey, &pol->storage)) goto err1 ; if (!genalloc_catb(sbearssl_sni_policy_node, &pol->mapga, &node, 1)) goto err2 ; @@ -33,6 +34,7 @@ int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *pol, char err1: if (gabase) genalloc_setlen(sbearssl_cert, &pol->certga, gabase) ; else genalloc_free(sbearssl_sni_policy_node, &pol->mapga) ; + err0: if (sabase) pol->storage.len = sabase ; else stralloc_free(&pol->storage) ; return 0 ; diff --git a/src/sbearssl/sbearssl_sni_policy_init.c b/src/sbearssl/sbearssl_sni_policy_init.c index 150250f..3446f35 100644 --- a/src/sbearssl/sbearssl_sni_policy_init.c +++ b/src/sbearssl/sbearssl_sni_policy_init.c @@ -13,7 +13,8 @@ static void *sbearssl_sni_policy_node_dtok (uint32_t d, void *data) { - return (void *)genalloc_s(sbearssl_sni_map, &((sbearssl_sni_policy_context *)data)->mapga)[d].servername ; + sbearssl_sni_policy_context *pol = data ; + return pol->storage.s + genalloc_s(sbearssl_sni_policy_node, &pol->mapga)[d].servername ; } static int sbearssl_sni_policy_node_cmp (void const *a, void const *b, void *data) diff --git a/src/sbearssl/sbearssl_sni_policy_vtable.c b/src/sbearssl/sbearssl_sni_policy_vtable.c index dc18805..6d6bcc3 100644 --- a/src/sbearssl/sbearssl_sni_policy_vtable.c +++ b/src/sbearssl/sbearssl_sni_policy_vtable.c @@ -53,7 +53,7 @@ static int choose (br_ssl_server_policy_class const **pctx, br_ssl_server_contex sbearssl_sni_policy_node *node ; char const *servername = br_ssl_engine_get_server_name(&sc->eng) ; - /* Get the node corresponding to the ServerName sent by the client */ + /* Get the node corresponding to the ServerName sent by the client. "" for no SNI. */ { uint32_t n ; if (!avltree_search(&pol->map, servername, &n) |