client: unify post tls accept handling

2025-03-09 00:00:04 +01:00 · 2020-03-07 20:03:58 +00:00 · 2020-03-07 20:03:58 +00:00 · eaab6e28b0
commit eaab6e28b0
parent 7044434d1f
8 changed files with 119 additions and 118 deletions
--- a/lib/core-net/connect.c
+++ b/lib/core-net/connect.c
@ -328,30 +328,27 @@ lws_client_connect_via_info(const struct lws_client_connect_info *i)
 		wsi->tls.ssl = NULL;

 		if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
+			const char *cce = NULL;

-			/* we can retry this... just cook the SSL BIO the first time */
-
-			if (lws_ssl_client_bio_create(wsi) < 0) {
-				lwsl_err("%s: bio_create failed\n", __func__);
+			switch (
+#if !defined(LWS_WITH_SYS_ASYNC_DNS)
+			lws_client_create_tls(wsi, &cce, 1)
+#else
+			lws_client_create_tls(wsi, &cce, 0)
+#endif
+			) {
+			case 1:
+				return wsi;
+			case 0:
+				break;
+			default:
 				goto bail3;
 			}
-
-#if !defined(LWS_WITH_SYS_ASYNC_DNS)
-			if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
-				n = lws_ssl_client_connect1(wsi);
-				if (!n)
-					return wsi;
-				if (n < 0) {
-					lwsl_err("%s: lws_ssl_client_connect1 failed\n", __func__);
-					goto bail3;
-				}
-			}
-#endif
 		}
+#endif


 		/* fallthru */
-#endif

 		lws_http_client_connect_via_info2(wsi);
 	}
--- a/lib/roles/http/client/client-handshake.c
+++ b/lib/roles/http/client/client-handshake.c
@ -190,9 +190,9 @@ send_hs:
 		lwsl_info("%s: wsi %p: waiting to send hdrs (par state 0x%x)\n",
 			    __func__, wsi, lwsi_state(wsi_piggyback));
 	} else {
-		lwsl_info("%s: wsi %p: %s %s client created own conn (raw %d) vh %s\n",
+		lwsl_info("%s: wsi %p: %s %s client created own conn (raw %d) vh %sm st 0x%x\n",
 			    __func__, wsi, wsi->role_ops->name,
-			    wsi->protocol->name, rawish, wsi->vhost->name);
+			    wsi->protocol->name, rawish, wsi->vhost->name, lwsi_state(wsi));

 		/* we are making our own connection */

@ -203,32 +203,30 @@ send_hs:
 		if (lwsi_state(wsi) == LRS_WAITING_CONNECT &&
 		    (wsi->tls.use_ssl & LCCSCF_USE_SSL)) {

-			if (!wsi->transaction_from_pipeline_queue &&
-			    lws_tls_restrict_borrow(wsi->context)) {
-				cce = "tls restriction limit";
-				goto failed;
-			}
+

 			/* we can retry this... just cook the SSL BIO the first time */

-			if (lws_ssl_client_bio_create(wsi) < 0) {
-				lwsl_err("%s: bio_create failed\n", __func__);
+			switch (lws_client_create_tls(wsi, &cce, 1)) {
+			case 0:
+				break;
+			case 1:
+				return wsi;
+			default:
 				goto failed;
 			}

-//#if !defined(LWS_WITH_SYS_ASYNC_DNS)
-			if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
-				n = lws_ssl_client_connect1(wsi);
-				if (!n)
-					return wsi;
-				if (n < 0) {
-					lwsl_err("%s: lws_ssl_client_connect1 failed\n", __func__);
-					goto failed;
-				}
-			}
-//#endif

-			lwsi_set_state(wsi, LRS_WAITING_SSL);
+
+			lwsl_notice("%s: wsi %p: st 0x%x\n",
+				    __func__, wsi, lwsi_state(wsi));
+
+			if (lwsi_state(wsi) == LRS_WAITING_CONNECT)
+				lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE2);
+			lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND,
+					wsi->context->timeout_secs);
+
+			//if ()
 			return wsi;
 		}
 #endif
@ -239,17 +237,6 @@ send_hs:
 			/* for a method = "RAW" connection, this makes us
 			 * established */

-#if 0
-#if defined(LWS_WITH_SYS_ASYNC_DNS)
-			if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
-				n = lws_ssl_client_connect1(wsi);
-				if (n < 0) {
-					lwsl_err("%s: lws_ssl_client_connect1 failed\n", __func__);
-					goto failed;
-				}
-			}
-#endif
-#endif

 			/* clear his established timeout */
 			lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0);
--- a/lib/roles/http/client/client-http.c
+++ b/lib/roles/http/client/client-http.c
@ -24,6 +24,68 @@

 #include "private-lib-core.h"

+#if defined(LWS_WITH_TLS)
+int
+lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1)
+{
+	int n;
+
+	/* we can retry this... just cook the SSL BIO the first time */
+
+	if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
+
+		if (!wsi->tls.ssl) {
+			if (lws_ssl_client_bio_create(wsi) < 0) {
+				*pcce = "bio_create failed";
+				return -1;
+			}
+
+			if (!wsi->transaction_from_pipeline_queue &&
+			    lws_tls_restrict_borrow(wsi->context)) {
+				*pcce = "tls restriction limit";
+				return -1;
+			}
+		}
+
+		if (!do_c1)
+			return 0;
+
+		n = lws_ssl_client_connect1(wsi);
+		if (!n)
+			return 1; /* caller should return 0 */
+		if (n < 0) {
+			*pcce = "lws_ssl_client_connect1 failed";
+			return -1;
+		}
+	} else
+		wsi->tls.ssl = NULL;
+
+#if defined (LWS_WITH_HTTP2)
+	if (wsi->client_h2_alpn) {
+		/*
+		 * We connected to the server and set up tls, and
+		 * negotiated "h2".
+		 *
+		 * So this is it, we are an h2 master client connection
+		 * now, not an h1 client connection.
+		 */
+#if defined(LWS_WITH_TLS)
+		lws_tls_server_conn_alpn(wsi);
+#endif
+
+		/* send the H2 preface to legitimize the connection */
+		if (lws_h2_issue_preface(wsi)) {
+			*pcce = "error sending h2 preface";
+			return -1;
+		}
+	}
+#endif
+
+	return 0; /* OK */
+}
+
+#endif
+
 void
 lws_client_http_body_pending(struct lws *wsi, int something_left_to_send)
 {
@ -151,30 +213,11 @@ start_ws_handshake:
 			return -1;

 #if defined(LWS_WITH_TLS)
-		/* we can retry this... just cook the SSL BIO the first time */
-
-		if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
-
-			if (!wsi->transaction_from_pipeline_queue &&
-			    lws_tls_restrict_borrow(wsi->context)) {
-				cce = "tls restriction limit";
-				goto bail3;
-			}
-
-			if (!wsi->tls.ssl && lws_ssl_client_bio_create(wsi) < 0) {
-				cce = "bio_create failed";
-				goto bail3;
-			}
-
-			n = lws_ssl_client_connect1(wsi);
-			if (!n)
-				return 0;
-			if (n < 0) {
-				cce = "lws_ssl_client_connect1 failed";
-				goto bail3;
-			}
-		} else
-			wsi->tls.ssl = NULL;
+		n = lws_client_create_tls(wsi, &cce, 1);
+		if (n < 0)
+			goto bail3;
+		if (n == 1)
+			return 0;

 		/* fallthru */

@ -220,12 +263,13 @@ start_ws_handshake:
 				goto bail3;
 			}

+		//	lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE2);
+			lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND,
+					context->timeout_secs);
+
 			break;
 		}
 #endif
-		lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE2);
-		lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND,
-				context->timeout_secs);

 		/* fallthru */

--- a/lib/roles/http/private-lib-roles-http.h
+++ b/lib/roles/http/private-lib-roles-http.h
@ -326,3 +326,6 @@ lws_sul_http_ah_lifecheck(lws_sorted_usec_list_t *sul);

 uint8_t *
 lws_http_multipart_headers(struct lws *wsi, uint8_t *p);
+
+int
+lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1);
--- a/lib/roles/mqtt/client/client-mqtt.c
+++ b/lib/roles/mqtt/client/client-mqtt.c
@ -204,23 +204,17 @@ lws_mqtt_client_socket_service(struct lws *wsi, struct lws_pollfd *pollfd,
 			if (!(wsi->tls.use_ssl & LCCSCF_USE_SSL))
 				goto start_ws_handshake;

-			/* we can retry this... just cook the SSL BIO the first time */
-
-			if (lws_ssl_client_bio_create(wsi) < 0) {
-				lwsl_err("%s: bio_create failed\n", __func__);
+			switch (lws_client_create_tls(wsi, &cce, 0)) {
+			case 0:
+				break;
+			case 1:
+				return 0;
+			default:
 				goto bail3;
 			}

-			if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
-				n = lws_ssl_client_connect1(wsi);
-				if (!n)
-					return 0;
-				if (n < 0) {
-					lwsl_err("%s: lws_ssl_client_connect1 failed\n",
-						 __func__);
-					goto bail3;
-				}
-			}
+			break;
+
 		default:
 			break;
 		}
@ -349,7 +343,7 @@ start_ws_handshake:
 			goto fail;
 		case LWS_SSL_CAPABLE_MORE_SERVICE:
 			lwsl_info("SSL Capable more service\n");
-			goto fail;
+			return 0;
 		case LWS_SSL_CAPABLE_ERROR:
 			lwsl_info("%s: LWS_SSL_CAPABLE_ERROR\n",
 					__func__);
--- a/lib/roles/raw-skt/ops-raw-skt.c
+++ b/lib/roles/raw-skt/ops-raw-skt.c
@ -105,32 +105,8 @@ rops_handle_POLLIN_raw_skt(struct lws_context_per_thread *pt, struct lws *wsi,
 				 * go down the tls path on it now if that's what
 				 * we want
 				 */
+				goto post_rx;

-//				if (!(wsi->tls.use_ssl & LCCSCF_USE_SSL)) {
-//					lwsi_set_state(wsi, LRS_ESTABLISHED);
-					goto post_rx;
-//				}
-#if 0
-				/* we can retry this... just cook the SSL BIO
-				 * the first time */
-
-				if (lws_ssl_client_bio_create(wsi) < 0) {
-					lwsl_err("%s: bio_create failed\n",
-						 __func__);
-					goto fail;
-				}
-
-				if (wsi->tls.use_ssl & LCCSCF_USE_SSL) {
-					n = lws_ssl_client_connect1(wsi);
-					if (!n)
-						return 0;
-					if (n < 0) {
-						lwsl_err("%s: connect1 failed\n",
-							 __func__);
-						goto fail;
-					}
-				}
-#endif
 			default:
 				break;
 			}
--- a/lib/secure-streams/README.md
+++ b/lib/secure-streams/README.md
@ -393,7 +393,7 @@ directly parses the policy and makes the outgoing connections itself.
 However when configured at cmake with

 ```
-DLWS_WITH_SOCKS=1 -DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1 -DLWS_WITH_MINIMAL_EXAMPLES=1
+-DLWS_WITH_SOCKS5=1 -DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1 -DLWS_WITH_MINIMAL_EXAMPLES=1
 ```

 and define `LWS_SS_USE_SSPC` when building the application, applications forward
--- a/minimal-examples/http-client/minimal-http-client-post/selftest.sh
+++ b/minimal-examples/http-client/minimal-http-client-post/selftest.sh
@ -26,7 +26,7 @@ dotest $1 $2 warmcat-m -m
 dotest $1 $2 warmcat-m-h1 -m --h1

 spawn "" $5 $1/libwebsockets-test-server -s
-dotest $1 $2 localhost -l
+dotest $1 $2 localhost -l -d1151
 spawn $SPID $5 $1/libwebsockets-test-server -s
 dotest $1 $2 localhost-h1 -l --h1
 spawn $SPID $5 $1/libwebsockets-test-server -s