mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
client: make sure all paths after connect go via tls if set
This commit is contained in:
Andy Green
parent
9695e23c00
commit
c25c37febd
2 changed files with 71 additions and 39 deletions
|
|
@ -195,36 +195,50 @@ send_hs:
|
|||
wsi->protocol->name, rawish, wsi->vhost->name);
|
||||
|
||||
/* we are making our own connection */
|
||||
|
||||
#if defined(LWS_WITH_TLS) && !defined(LWS_WITH_MBEDTLS)
|
||||
|
||||
/* we have connected if we got here */
|
||||
|
||||
if (lwsi_state(wsi) == LRS_WAITING_CONNECT &&
|
||||
(wsi->tls.use_ssl & LCCSCF_USE_SSL)) {
|
||||
|
||||
if (!wsi->transaction_from_pipeline_queue &&
|
||||
lws_tls_restrict_borrow(wsi->context)) {
|
||||
cce = "tls restriction limit";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/* we can retry this... just cook the SSL BIO the first time */
|
||||
|
||||
if (lws_ssl_client_bio_create(wsi) < 0) {
|
||||
lwsl_err("%s: bio_create failed\n", __func__);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
//#if !defined(LWS_WITH_SYS_ASYNC_DNS)
|
||||
if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
|
||||
n = lws_ssl_client_connect1(wsi);
|
||||
if (!n)
|
||||
return wsi;
|
||||
if (n < 0) {
|
||||
lwsl_err("%s: lws_ssl_client_connect1 failed\n", __func__);
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
//#endif
|
||||
|
||||
lwsi_set_state(wsi, LRS_WAITING_SSL);
|
||||
return wsi;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!rawish)
|
||||
lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE);
|
||||
else {
|
||||
/* for a method = "RAW" connection, this makes us
|
||||
* established */
|
||||
|
||||
#if defined(LWS_WITH_TLS)
|
||||
if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
|
||||
|
||||
/* we can retry this... just cook the SSL BIO the first time */
|
||||
|
||||
if (lws_ssl_client_bio_create(wsi) < 0) {
|
||||
lwsl_err("%s: bio_create failed\n", __func__);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
//#if !defined(LWS_WITH_SYS_ASYNC_DNS)
|
||||
if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
|
||||
n = lws_ssl_client_connect1(wsi);
|
||||
if (!n)
|
||||
return wsi;
|
||||
if (n < 0) {
|
||||
lwsl_err("%s: lws_ssl_client_connect1 failed\n", __func__);
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
//#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#if defined(LWS_WITH_SYS_ASYNC_DNS)
|
||||
if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
|
||||
|
|
@ -374,9 +388,12 @@ lws_client_connect_3_connect(struct lws *wsi, const char *ads,
|
|||
goto failed;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(WIN32)
|
||||
/*
|
||||
* We can check using getsockopt if our connect actually completed
|
||||
* We can check using getsockopt if our connect actually completed.
|
||||
* Posix connect() allows nonblocking to redo the connect to
|
||||
* find out if it succeeded, for win32 we have to use this path
|
||||
* and take WSAEALREADY as a successful connect.
|
||||
*/
|
||||
|
||||
if (lwsi_state(wsi) == LRS_WAITING_CONNECT &&
|
||||
|
|
@ -409,6 +426,7 @@ lws_client_connect_3_connect(struct lws *wsi, const char *ads,
|
|||
__func__, LWS_ERRNO);
|
||||
goto try_next_result_fds;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(LWS_WITH_UNIX_SOCK)
|
||||
if (ads && *ads == '+') {
|
||||
|
|
@ -667,6 +685,7 @@ ads_known:
|
|||
errno_copy != LWS_EWOULDBLOCK
|
||||
#ifdef _WIN32
|
||||
&& errno_copy != WSAEINVAL
|
||||
&& errno_copy != WSAEISCONN
|
||||
#endif
|
||||
) {
|
||||
#if defined(_DEBUG)
|
||||
|
|
@ -681,6 +700,8 @@ ads_known:
|
|||
#if defined(WIN32)
|
||||
if (lws_plat_check_connection_error(wsi))
|
||||
goto try_next_result_fds;
|
||||
if (errno_copy == WSAEISCONN)
|
||||
goto conn_good;
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -369,12 +369,34 @@ lws_tls_client_connect(struct lws *wsi)
|
|||
char a[32];
|
||||
unsigned int len;
|
||||
#endif
|
||||
int m, n;
|
||||
int m, n, en;
|
||||
|
||||
errno = 0;
|
||||
ERR_clear_error();
|
||||
n = SSL_connect(wsi->tls.ssl);
|
||||
if (n == 1) {
|
||||
en = errno;
|
||||
|
||||
m = lws_ssl_get_error(wsi, n);
|
||||
|
||||
if (m == SSL_ERROR_SYSCALL
|
||||
#if defined(WIN32)
|
||||
&& en
|
||||
#endif
|
||||
) {
|
||||
lwsl_info("%s: n %d, m %d, errno %d\n", __func__, n, m, en);
|
||||
return LWS_SSL_CAPABLE_ERROR;
|
||||
}
|
||||
|
||||
if (m == SSL_ERROR_SSL)
|
||||
return LWS_SSL_CAPABLE_ERROR;
|
||||
|
||||
if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl))
|
||||
return LWS_SSL_CAPABLE_MORE_SERVICE_READ;
|
||||
|
||||
if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl))
|
||||
return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE;
|
||||
|
||||
if (n == 1 || m == SSL_ERROR_SYSCALL) {
|
||||
#if defined(LWS_HAVE_SSL_set_alpn_protos) && \
|
||||
defined(LWS_HAVE_SSL_get0_alpn_selected)
|
||||
SSL_get0_alpn_selected(wsi->tls.ssl, &prot, &len);
|
||||
|
|
@ -391,17 +413,6 @@ lws_tls_client_connect(struct lws *wsi)
|
|||
return LWS_SSL_CAPABLE_DONE;
|
||||
}
|
||||
|
||||
m = lws_ssl_get_error(wsi, n);
|
||||
|
||||
if (m == SSL_ERROR_SYSCALL || m == SSL_ERROR_SSL)
|
||||
return LWS_SSL_CAPABLE_ERROR;
|
||||
|
||||
if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl))
|
||||
return LWS_SSL_CAPABLE_MORE_SERVICE_READ;
|
||||
|
||||
if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl))
|
||||
return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE;
|
||||
|
||||
if (!n) /* we don't know what he wants, but he says to retry */
|
||||
return LWS_SSL_CAPABLE_MORE_SERVICE;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue