mirror of
https://github.com/matrix-construct/construct
synced 2024-06-08 04:58:58 +02:00
ircd::net::listener: Support non-SSL listening sockets.
This commit is contained in:
parent
4e16f1849b
commit
ee31b5a59f
|
@ -61,18 +61,22 @@ ircd::net::acceptor
|
||||||
ip::tcp::acceptor a;
|
ip::tcp::acceptor a;
|
||||||
size_t accepting {0};
|
size_t accepting {0};
|
||||||
sockets handshaking;
|
sockets handshaking;
|
||||||
|
bool secure {false};
|
||||||
bool interrupting {false};
|
bool interrupting {false};
|
||||||
ctx::dock joining;
|
ctx::dock joining;
|
||||||
|
|
||||||
// Internal configuration
|
// Internal configuration
|
||||||
void configure_dh(const json::object &);
|
void configure_dh(const json::object &);
|
||||||
void configure_certs(const json::object &);
|
bool configure_certs(const json::object &);
|
||||||
void configure_curves(const json::object &);
|
void configure_curves(const json::object &);
|
||||||
void configure_ciphers(const json::object &);
|
void configure_ciphers(const json::object &);
|
||||||
void configure_flags(const json::object &);
|
void configure_flags(const json::object &);
|
||||||
void configure_password(const json::object &);
|
void configure_password(const json::object &);
|
||||||
void configure_sni(const json::object &);
|
void configure_sni(const json::object &);
|
||||||
void configure(const json::object &opts);
|
bool configure(const json::object &opts);
|
||||||
|
|
||||||
|
// Completion stack
|
||||||
|
void accepted(const std::shared_ptr<socket> &);
|
||||||
|
|
||||||
// Handshake stack
|
// Handshake stack
|
||||||
bool handle_sni(socket &, int &ad);
|
bool handle_sni(socket &, int &ad);
|
||||||
|
|
|
@ -326,8 +326,11 @@ try
|
||||||
{
|
{
|
||||||
ios::get()
|
ios::get()
|
||||||
}
|
}
|
||||||
|
,secure
|
||||||
|
{
|
||||||
|
configure(opts)
|
||||||
|
}
|
||||||
{
|
{
|
||||||
configure(opts);
|
|
||||||
open();
|
open();
|
||||||
}
|
}
|
||||||
catch(const boost::system::system_error &e)
|
catch(const boost::system::system_error &e)
|
||||||
|
@ -486,7 +489,9 @@ try
|
||||||
{
|
{
|
||||||
const auto &sock
|
const auto &sock
|
||||||
{
|
{
|
||||||
std::make_shared<ircd::socket>(ssl)
|
secure?
|
||||||
|
std::make_shared<ircd::socket>(ssl):
|
||||||
|
std::make_shared<ircd::socket>()
|
||||||
};
|
};
|
||||||
|
|
||||||
auto handler
|
auto handler
|
||||||
|
@ -548,7 +553,7 @@ noexcept try
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(unlikely(!check_handshake_limit(*sock, remote)))
|
if(unlikely(secure && !check_handshake_limit(*sock, remote)))
|
||||||
{
|
{
|
||||||
allow(*this);
|
allow(*this);
|
||||||
net::close(*sock, dc::RST, close_ignore);
|
net::close(*sock, dc::RST, close_ignore);
|
||||||
|
@ -564,6 +569,12 @@ noexcept try
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!secure)
|
||||||
|
{
|
||||||
|
accepted(sock);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
static const socket::handshake_type handshake_type
|
static const socket::handshake_type handshake_type
|
||||||
{
|
{
|
||||||
socket::handshake_type::server
|
socket::handshake_type::server
|
||||||
|
@ -743,11 +754,7 @@ noexcept try
|
||||||
openssl::set_app_data(*sock, nullptr);
|
openssl::set_app_data(*sock, nullptr);
|
||||||
check_handshake_error(ec, *sock);
|
check_handshake_error(ec, *sock);
|
||||||
sock->cancel_timeout();
|
sock->cancel_timeout();
|
||||||
assert(bool(cb));
|
accepted(sock);
|
||||||
|
|
||||||
// Toggles the behavior of non-async functions; see func comment
|
|
||||||
blocking(*sock, false);
|
|
||||||
cb(*this, sock);
|
|
||||||
}
|
}
|
||||||
catch(const ctx::interrupted &e)
|
catch(const ctx::interrupted &e)
|
||||||
{
|
{
|
||||||
|
@ -1061,6 +1068,17 @@ catch(...)
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
ircd::net::acceptor::accepted(const std::shared_ptr<socket> &sock)
|
||||||
|
{
|
||||||
|
assert(bool(cb));
|
||||||
|
assert(bool(sock));
|
||||||
|
|
||||||
|
// Toggles the behavior of non-async functions; see func comment
|
||||||
|
blocking(*sock, false);
|
||||||
|
cb(*this, sock);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
ircd::net::acceptor::configure(const json::object &opts)
|
ircd::net::acceptor::configure(const json::object &opts)
|
||||||
{
|
{
|
||||||
log::debug
|
log::debug
|
||||||
|
@ -1069,18 +1087,21 @@ ircd::net::acceptor::configure(const json::object &opts)
|
||||||
loghead(*this)
|
loghead(*this)
|
||||||
};
|
};
|
||||||
|
|
||||||
configure_password(opts);
|
|
||||||
configure_flags(opts);
|
configure_flags(opts);
|
||||||
|
if(!configure_certs(opts))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
configure_password(opts);
|
||||||
configure_ciphers(opts);
|
configure_ciphers(opts);
|
||||||
configure_curves(opts);
|
configure_curves(opts);
|
||||||
configure_certs(opts);
|
|
||||||
configure_sni(opts);
|
configure_sni(opts);
|
||||||
|
|
||||||
log::debug
|
log::debug
|
||||||
{
|
{
|
||||||
log, "%s configured listener SSL",
|
log, "%s configured listener SSL",
|
||||||
loghead(*this)
|
loghead(*this)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -1117,7 +1138,8 @@ ircd::net::acceptor::configure_flags(const json::object &opts)
|
||||||
if(opts.get<bool>("ssl_no_tlsv1_2", false))
|
if(opts.get<bool>("ssl_no_tlsv1_2", false))
|
||||||
flags |= ssl.no_tlsv1_2;
|
flags |= ssl.no_tlsv1_2;
|
||||||
|
|
||||||
ssl.set_options(flags);
|
if(flags)
|
||||||
|
ssl.set_options(flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -1199,9 +1221,10 @@ ircd::net::acceptor::configure_curves(const json::object &opts)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
bool
|
||||||
ircd::net::acceptor::configure_certs(const json::object &opts)
|
ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||||
{
|
{
|
||||||
|
uint ret(0);
|
||||||
if(!empty(unquote(opts["certificate_chain_path"])))
|
if(!empty(unquote(opts["certificate_chain_path"])))
|
||||||
{
|
{
|
||||||
const json::string filename
|
const json::string filename
|
||||||
|
@ -1218,6 +1241,7 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||||
};
|
};
|
||||||
|
|
||||||
ssl.use_certificate_chain_file(filename);
|
ssl.use_certificate_chain_file(filename);
|
||||||
|
ret += 1;
|
||||||
log::info
|
log::info
|
||||||
{
|
{
|
||||||
log, "%s using certificate chain file '%s'",
|
log, "%s using certificate chain file '%s'",
|
||||||
|
@ -1242,7 +1266,6 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||||
};
|
};
|
||||||
|
|
||||||
ssl.use_certificate_file(filename, asio::ssl::context::pem);
|
ssl.use_certificate_file(filename, asio::ssl::context::pem);
|
||||||
|
|
||||||
const auto *const x509
|
const auto *const x509
|
||||||
{
|
{
|
||||||
SSL_CTX_get0_certificate(ssl.native_handle())
|
SSL_CTX_get0_certificate(ssl.native_handle())
|
||||||
|
@ -1256,6 +1279,7 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||||
string_view{};
|
string_view{};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
ret += 1;
|
||||||
log::info
|
log::info
|
||||||
{
|
{
|
||||||
log, "%s using file '%s' with certificate for '%s'",
|
log, "%s using file '%s' with certificate for '%s'",
|
||||||
|
@ -1281,6 +1305,8 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||||
};
|
};
|
||||||
|
|
||||||
ssl.use_private_key_file(filename, asio::ssl::context::pem);
|
ssl.use_private_key_file(filename, asio::ssl::context::pem);
|
||||||
|
|
||||||
|
ret += 1;
|
||||||
log::info
|
log::info
|
||||||
{
|
{
|
||||||
log, "%s using private key file '%s'",
|
log, "%s using private key file '%s'",
|
||||||
|
@ -1288,6 +1314,16 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||||
filename
|
filename
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(ret != 0 && ret != 3)
|
||||||
|
log::warning
|
||||||
|
{
|
||||||
|
"%s missing some paths to PEM files in its options."
|
||||||
|
" SSL is probably misconfigured.",
|
||||||
|
loghead(*this),
|
||||||
|
};
|
||||||
|
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
|
@ -6729,8 +6729,8 @@ console_cmd__net__listen(opt &out, const string_view &line)
|
||||||
{
|
{
|
||||||
{ "host", token.at("host", "0.0.0.0"_sv) },
|
{ "host", token.at("host", "0.0.0.0"_sv) },
|
||||||
{ "port", token.at("port", 8448L) },
|
{ "port", token.at("port", 8448L) },
|
||||||
{ "private_key_pem_path", token.at("private_key_pem_path") },
|
{ "private_key_pem_path", token.at("private_key_pem_path", ""_sv) },
|
||||||
{ "certificate_pem_path", token.at("certificate_pem_path") },
|
{ "certificate_pem_path", token.at("certificate_pem_path", ""_sv) },
|
||||||
{ "certificate_chain_path", token.at("certificate_chain_path", ""_sv) },
|
{ "certificate_chain_path", token.at("certificate_chain_path", ""_sv) },
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue