interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tls_create_object(): Move setting client state and auto-retry into connection_new and add setting connection session.

This commit is contained in:
Jim Hague 2018-11-15 13:23:00 +00:00
parent d9fdd4c10d
commit ffd1136e94
3 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/openssl/tls.c
View File

@ -261,6 +261,11 @@ _getdns_tls_connection* _getdns_tls_connection_new(_getdns_tls_context* ctx, int
return NULL;
}
/* Connection is a client. */
SSL_set_connect_state(res->ssl);
/* If non-application data received, retry read. */
SSL_set_mode(res->ssl, SSL_MODE_AUTO_RETRY);
return res;
}
@ -309,6 +314,15 @@ getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* c
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_set_session(_getdns_tls_connection* conn, _getdns_tls_session* s)
{
if (!conn || !conn->ssl || !s || !s->ssl)
return GETDNS_RETURN_INVALID_PARAMETER;
if (!SSL_set_session(conn->ssl, s->ssl))
return GETDNS_RETURN_GENERIC_ERROR;
return GETDNS_RETURN_GOOD;
}
_getdns_tls_session* _getdns_tls_connection_get_session(_getdns_tls_connection* conn)
{
_getdns_tls_session* res;

3
src/openssl/tls.h
View File

@ -75,9 +75,10 @@ getdns_return_t _getdns_tls_connection_shutdown(_getdns_tls_connection* conn);
getdns_return_t _getdns_tls_connection_set_cipher_list(_getdns_tls_connection* conn, const char* list);
getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* conn, const char* list);
getdns_return_t _getdns_tls_connection_set_session(_getdns_tls_connection* conn, _getdns_tls_session* s);
_getdns_tls_session* _getdns_tls_connection_get_session(_getdns_tls_connection* conn);
getdns_return_t _getdns_tls_session_free(_getdns_tls_session* ctx);
getdns_return_t _getdns_tls_session_free(_getdns_tls_session* s);
getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict);

7
src/stub.c
View File

@ -925,7 +925,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
_getdns_tls_connection* tls = _getdns_tls_connection_new(context->tls_ctx, fd);
if(!tls)
return NULL;
#if defined(HAVE_DECL_SSL_SET1_CURVES_LIST) && HAVE_DECL_SSL_SET1_CURVES_LIST
#if HAVE_TLS_CONN_CURVES_LIST
if (upstream->tls_curves_list)
_getdns_tls_connection_set_curves_list(tls, upstream->tls_curves_list);
#endif
@ -1072,9 +1072,6 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, tls_verify_callback);
#endif
SSL_set_connect_state(tls->ssl);
(void) SSL_set_mode(tls->ssl, SSL_MODE_AUTO_RETRY);
/* Session resumption. There are trade-offs here. Want to do it when
possible only if we have the right type of connection. Note a change
to the upstream auth info creates a new upstream so never re-uses.*/
@ -1082,7 +1079,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
if ((upstream->tls_fallback_ok == 0 &&
upstream->last_tls_auth_state == GETDNS_AUTH_OK) ||
upstream->tls_fallback_ok == 1) {
SSL_set_session(tls->ssl, upstream->tls_session->ssl);
_getdns_tls_connection_set_session(tls, upstream->tls_session);
DEBUG_STUB("%s %-35s: Attempting session re-use\n", STUB_DEBUG_SETUP_TLS,
__FUNC__);
}