mirror of
https://github.com/matrix-construct/construct
synced 2024-06-08 04:58:58 +02:00
ircd::net::listener: Support non-SSL listening sockets.
This commit is contained in:
parent
4e16f1849b
commit
ee31b5a59f
|
@ -61,18 +61,22 @@ ircd::net::acceptor
|
|||
ip::tcp::acceptor a;
|
||||
size_t accepting {0};
|
||||
sockets handshaking;
|
||||
bool secure {false};
|
||||
bool interrupting {false};
|
||||
ctx::dock joining;
|
||||
|
||||
// Internal configuration
|
||||
void configure_dh(const json::object &);
|
||||
void configure_certs(const json::object &);
|
||||
bool configure_certs(const json::object &);
|
||||
void configure_curves(const json::object &);
|
||||
void configure_ciphers(const json::object &);
|
||||
void configure_flags(const json::object &);
|
||||
void configure_password(const json::object &);
|
||||
void configure_sni(const json::object &);
|
||||
void configure(const json::object &opts);
|
||||
bool configure(const json::object &opts);
|
||||
|
||||
// Completion stack
|
||||
void accepted(const std::shared_ptr<socket> &);
|
||||
|
||||
// Handshake stack
|
||||
bool handle_sni(socket &, int &ad);
|
||||
|
|
|
@ -326,8 +326,11 @@ try
|
|||
{
|
||||
ios::get()
|
||||
}
|
||||
,secure
|
||||
{
|
||||
configure(opts)
|
||||
}
|
||||
{
|
||||
configure(opts);
|
||||
open();
|
||||
}
|
||||
catch(const boost::system::system_error &e)
|
||||
|
@ -486,7 +489,9 @@ try
|
|||
{
|
||||
const auto &sock
|
||||
{
|
||||
std::make_shared<ircd::socket>(ssl)
|
||||
secure?
|
||||
std::make_shared<ircd::socket>(ssl):
|
||||
std::make_shared<ircd::socket>()
|
||||
};
|
||||
|
||||
auto handler
|
||||
|
@ -548,7 +553,7 @@ noexcept try
|
|||
return;
|
||||
}
|
||||
|
||||
if(unlikely(!check_handshake_limit(*sock, remote)))
|
||||
if(unlikely(secure && !check_handshake_limit(*sock, remote)))
|
||||
{
|
||||
allow(*this);
|
||||
net::close(*sock, dc::RST, close_ignore);
|
||||
|
@ -564,6 +569,12 @@ noexcept try
|
|||
return;
|
||||
}
|
||||
|
||||
if(!secure)
|
||||
{
|
||||
accepted(sock);
|
||||
return;
|
||||
}
|
||||
|
||||
static const socket::handshake_type handshake_type
|
||||
{
|
||||
socket::handshake_type::server
|
||||
|
@ -743,11 +754,7 @@ noexcept try
|
|||
openssl::set_app_data(*sock, nullptr);
|
||||
check_handshake_error(ec, *sock);
|
||||
sock->cancel_timeout();
|
||||
assert(bool(cb));
|
||||
|
||||
// Toggles the behavior of non-async functions; see func comment
|
||||
blocking(*sock, false);
|
||||
cb(*this, sock);
|
||||
accepted(sock);
|
||||
}
|
||||
catch(const ctx::interrupted &e)
|
||||
{
|
||||
|
@ -1061,6 +1068,17 @@ catch(...)
|
|||
}
|
||||
|
||||
void
|
||||
ircd::net::acceptor::accepted(const std::shared_ptr<socket> &sock)
|
||||
{
|
||||
assert(bool(cb));
|
||||
assert(bool(sock));
|
||||
|
||||
// Toggles the behavior of non-async functions; see func comment
|
||||
blocking(*sock, false);
|
||||
cb(*this, sock);
|
||||
}
|
||||
|
||||
bool
|
||||
ircd::net::acceptor::configure(const json::object &opts)
|
||||
{
|
||||
log::debug
|
||||
|
@ -1069,18 +1087,21 @@ ircd::net::acceptor::configure(const json::object &opts)
|
|||
loghead(*this)
|
||||
};
|
||||
|
||||
configure_password(opts);
|
||||
configure_flags(opts);
|
||||
if(!configure_certs(opts))
|
||||
return false;
|
||||
|
||||
configure_password(opts);
|
||||
configure_ciphers(opts);
|
||||
configure_curves(opts);
|
||||
configure_certs(opts);
|
||||
configure_sni(opts);
|
||||
|
||||
log::debug
|
||||
{
|
||||
log, "%s configured listener SSL",
|
||||
loghead(*this)
|
||||
};
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1117,7 +1138,8 @@ ircd::net::acceptor::configure_flags(const json::object &opts)
|
|||
if(opts.get<bool>("ssl_no_tlsv1_2", false))
|
||||
flags |= ssl.no_tlsv1_2;
|
||||
|
||||
ssl.set_options(flags);
|
||||
if(flags)
|
||||
ssl.set_options(flags);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1199,9 +1221,10 @@ ircd::net::acceptor::configure_curves(const json::object &opts)
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
bool
|
||||
ircd::net::acceptor::configure_certs(const json::object &opts)
|
||||
{
|
||||
uint ret(0);
|
||||
if(!empty(unquote(opts["certificate_chain_path"])))
|
||||
{
|
||||
const json::string filename
|
||||
|
@ -1218,6 +1241,7 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
|||
};
|
||||
|
||||
ssl.use_certificate_chain_file(filename);
|
||||
ret += 1;
|
||||
log::info
|
||||
{
|
||||
log, "%s using certificate chain file '%s'",
|
||||
|
@ -1242,7 +1266,6 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
|||
};
|
||||
|
||||
ssl.use_certificate_file(filename, asio::ssl::context::pem);
|
||||
|
||||
const auto *const x509
|
||||
{
|
||||
SSL_CTX_get0_certificate(ssl.native_handle())
|
||||
|
@ -1256,6 +1279,7 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
|||
string_view{};
|
||||
});
|
||||
|
||||
ret += 1;
|
||||
log::info
|
||||
{
|
||||
log, "%s using file '%s' with certificate for '%s'",
|
||||
|
@ -1281,6 +1305,8 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
|||
};
|
||||
|
||||
ssl.use_private_key_file(filename, asio::ssl::context::pem);
|
||||
|
||||
ret += 1;
|
||||
log::info
|
||||
{
|
||||
log, "%s using private key file '%s'",
|
||||
|
@ -1288,6 +1314,16 @@ ircd::net::acceptor::configure_certs(const json::object &opts)
|
|||
filename
|
||||
};
|
||||
}
|
||||
|
||||
if(ret != 0 && ret != 3)
|
||||
log::warning
|
||||
{
|
||||
"%s missing some paths to PEM files in its options."
|
||||
" SSL is probably misconfigured.",
|
||||
loghead(*this),
|
||||
};
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -6729,8 +6729,8 @@ console_cmd__net__listen(opt &out, const string_view &line)
|
|||
{
|
||||
{ "host", token.at("host", "0.0.0.0"_sv) },
|
||||
{ "port", token.at("port", 8448L) },
|
||||
{ "private_key_pem_path", token.at("private_key_pem_path") },
|
||||
{ "certificate_pem_path", token.at("certificate_pem_path") },
|
||||
{ "private_key_pem_path", token.at("private_key_pem_path", ""_sv) },
|
||||
{ "certificate_pem_path", token.at("certificate_pem_path", ""_sv) },
|
||||
{ "certificate_chain_path", token.at("certificate_chain_path", ""_sv) },
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue