Bump liberty, enable TLS SNI

Involves some rewrites to fit the new APIs.

SNI has been implemented Mostly just because we can, I don't think it's
widely in use and kike doesn't support this feature of the protocol either.
This commit is contained in:
Přemysl Eric Janouch 2015-12-09 00:53:56 +01:00
parent 28fec6d4a6
commit aeb047260f
7 changed files with 53 additions and 54 deletions

View File

@ -21,6 +21,9 @@ set (project_VERSION "${project_VERSION}.${project_VERSION_MINOR}")
set (project_VERSION "${project_VERSION}.${project_VERSION_PATCH}") set (project_VERSION "${project_VERSION}.${project_VERSION_PATCH}")
# Dependencies # Dependencies
set (CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/liberty/cmake)
include (AddThreads)
find_package (Curses) find_package (Curses)
find_package (PkgConfig REQUIRED) find_package (PkgConfig REQUIRED)
pkg_check_modules (libssl REQUIRED libssl libcrypto) pkg_check_modules (libssl REQUIRED libssl libcrypto)
@ -52,10 +55,9 @@ if (WITH_LUA)
link_directories (${lua_LIBRARY_DIRS}) link_directories (${lua_LIBRARY_DIRS})
endif (WITH_LUA) endif (WITH_LUA)
# -lpthread is only there for debugging (gdb & errno)
# -lrt is only for glibc < 2.17 # -lrt is only for glibc < 2.17
# -liconv may or may not be a part of libc # -liconv may or may not be a part of libc
foreach (extra iconv rt pthread) foreach (extra iconv rt)
find_library (extra_lib_${extra} ${extra}) find_library (extra_lib_${extra} ${extra})
if (extra_lib_${extra}) if (extra_lib_${extra})
list (APPEND project_libraries ${extra}) list (APPEND project_libraries ${extra})
@ -114,24 +116,31 @@ set_source_files_properties (${PROJECT_BINARY_DIR}/kike-replies.c
# Build # Build
add_executable (zyklonb zyklonb.c ${common_sources} ${common_headers}) add_executable (zyklonb zyklonb.c ${common_sources} ${common_headers})
target_link_libraries (zyklonb ${project_libraries}) target_link_libraries (zyklonb ${project_libraries})
add_threads (zyklonb)
add_executable (degesch degesch.c kike-replies.c add_executable (degesch degesch.c kike-replies.c
${common_sources} ${common_headers}) ${common_sources} ${common_headers})
target_link_libraries (degesch ${project_libraries}) target_link_libraries (degesch ${project_libraries})
add_threads (degesch)
add_executable (kike kike.c kike-replies.c ${common_sources} ${common_headers}) add_executable (kike kike.c kike-replies.c ${common_sources} ${common_headers})
target_link_libraries (kike ${project_libraries}) target_link_libraries (kike ${project_libraries})
add_threads (kike)
# Tests # Tests
function (make_tests_for target_name) function (make_tests_for target_name)
get_target_property (sources ${target_name} SOURCES) get_target_property (sources ${target_name} SOURCES)
get_target_property (libraries ${target_name} LINK_LIBRARIES) get_target_property (libraries ${target_name} LINK_LIBRARIES)
get_target_property (options ${target_name} COMPILE_OPTIONS)
set (test test-${target_name}) set (test test-${target_name})
add_executable (${test} ${sources}) add_executable (${test} ${sources})
target_link_libraries (${test} ${libraries}) target_link_libraries (${test} ${libraries})
set_target_properties (${test} PROPERTIES
COMPILE_DEFINITIONS TESTING
COMPILE_OPTIONS ${options})
add_test (NAME ${test} COMMAND ${test}) add_test (NAME ${test} COMMAND ${test})
set_target_properties (${test} PROPERTIES COMPILE_DEFINITIONS TESTING)
endfunction (make_tests_for) endfunction (make_tests_for)
include (CTest) include (CTest)

9
NEWS
View File

@ -1,3 +1,12 @@
0.9.3 (2016-??-??)
* Use TLS Server Name Indication when connecting to servers
* degesch: resolve remote addresses asynchronously
* degesch: various bugfixes
0.9.2 (2015-12-31) 0.9.2 (2015-12-31)
* degesch: added rudimentary support for Lua scripting * degesch: added rudimentary support for Lua scripting

View File

@ -18,6 +18,7 @@
*/ */
#define LIBERTY_WANT_SSL #define LIBERTY_WANT_SSL
#define LIBERTY_WANT_ASYNC
#define LIBERTY_WANT_POLLER #define LIBERTY_WANT_POLLER
#define LIBERTY_WANT_PROTO_IRC #define LIBERTY_WANT_PROTO_IRC
@ -40,9 +41,6 @@
return 0; \ return 0; \
BLOCK_END BLOCK_END
#define CONTAINER_OF(pointer, type, member) \
(type *) ((char *) pointer - offsetof (type, member))
// --- To be moved to liberty -------------------------------------------------- // --- To be moved to liberty --------------------------------------------------
static ssize_t static ssize_t
@ -223,7 +221,7 @@ struct socks_connector
// You may destroy the connector object in these two main callbacks: // You may destroy the connector object in these two main callbacks:
/// Connection has been successfully established /// Connection has been successfully established
void (*on_connected) (void *user_data, int socket); void (*on_connected) (void *user_data, int socket, const char *hostname);
/// Failed to establish a connection to either target /// Failed to establish a connection to either target
void (*on_failure) (void *user_data); void (*on_failure) (void *user_data);
@ -594,9 +592,11 @@ socks_connector_on_timeout (struct socks_connector *self)
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
static void static void
socks_connector_on_connected (void *user_data, int socket_fd) socks_connector_on_connected
(void *user_data, int socket_fd, const char *hostname)
{ {
set_blocking (socket_fd, false); set_blocking (socket_fd, false);
(void) hostname;
struct socks_connector *self = user_data; struct socks_connector *self = user_data;
self->socket_fd = socket_fd; self->socket_fd = socket_fd;
@ -658,20 +658,8 @@ socks_connector_start (struct socks_connector *self)
connector->on_error = socks_connector_on_error; connector->on_error = socks_connector_on_error;
connector->on_failure = socks_connector_on_failure; connector->on_failure = socks_connector_on_failure;
struct error *e = NULL; connector_add_target (connector, self->hostname, self->service);
if (!connector_add_target (connector, self->hostname, self->service, &e))
{
if (self->on_error)
self->on_error (self->user_data, e->message);
error_free (e);
socks_connector_destroy_connector (self);
socks_connector_fail (self);
return;
}
poller_timer_set (&self->timeout, 60 * 1000); poller_timer_set (&self->timeout, 60 * 1000);
connector_step (connector);
self->done = false; self->done = false;
self->bound_port = 0; self->bound_port = 0;
@ -762,8 +750,10 @@ socks_connector_on_ready
int fd = self->socket_fd; int fd = self->socket_fd;
self->socket_fd = -1; self->socket_fd = -1;
struct socks_target *target = self->targets_iter;
set_blocking (fd, true); set_blocking (fd, true);
self->on_connected (self->user_data, fd); self->on_connected (self->user_data, fd, target->address_str);
} }
else else
// We've failed this target, let's try to move on // We've failed this target, let's try to move on

View File

@ -1150,7 +1150,7 @@ enum transport_io_result
struct transport struct transport
{ {
/// Initialize the transport /// Initialize the transport
bool (*init) (struct server *s, struct error **e); bool (*init) (struct server *s, const char *hostname, struct error **e);
/// Destroy the user data pointer /// Destroy the user data pointer
void (*cleanup) (struct server *s); void (*cleanup) (struct server *s);
@ -4492,7 +4492,7 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
} }
static bool static bool
transport_tls_init (struct server *s, struct error **e) transport_tls_init (struct server *s, const char *hostname, struct error **e)
{ {
ERR_clear_error (); ERR_clear_error ();
@ -4519,6 +4519,12 @@ transport_tls_init (struct server *s, struct error **e)
if (!SSL_set_fd (ssl, s->socket)) if (!SSL_set_fd (ssl, s->socket))
goto error_ssl_3; goto error_ssl_3;
// Enable SNI, FWIW; literal IP addresses aren't allowed
struct in6_addr dummy;
if (!inet_pton (AF_INET, hostname, &dummy)
&& !inet_pton (AF_INET6, hostname, &dummy))
SSL_set_tlsext_host_name (ssl, hostname);
struct transport_tls_data *data = xcalloc (1, sizeof *data); struct transport_tls_data *data = xcalloc (1, sizeof *data);
data->ssl_ctx = ssl_ctx; data->ssl_ctx = ssl_ctx;
data->ssl = ssl; data->ssl = ssl;
@ -4749,7 +4755,7 @@ irc_register (struct server *s)
} }
static void static void
irc_finish_connection (struct server *s, int socket) irc_finish_connection (struct server *s, int socket, const char *hostname)
{ {
struct app_context *ctx = s->ctx; struct app_context *ctx = s->ctx;
@ -4766,7 +4772,7 @@ irc_finish_connection (struct server *s, int socket)
: &g_transport_plain; : &g_transport_plain;
struct error *e = NULL; struct error *e = NULL;
if (s->transport->init && !s->transport->init (s, &e)) if (s->transport->init && !s->transport->init (s, hostname, &e))
{ {
log_server_error (s, s->buffer, "Connection failed: #s", e->message); log_server_error (s, s->buffer, "Connection failed: #s", e->message);
error_free (e); error_free (e);
@ -4837,16 +4843,17 @@ irc_on_connector_failure (void *user_data)
} }
static void static void
irc_on_connector_connected (void *user_data, int socket) irc_on_connector_connected (void *user_data, int socket, const char *hostname)
{ {
struct server *s = user_data; struct server *s = user_data;
char *hostname_copy = xstrdup (hostname);
irc_destroy_connector (s); irc_destroy_connector (s);
irc_finish_connection (s, socket); irc_finish_connection (s, socket, hostname_copy);
free (hostname_copy);
} }
static bool static void
irc_setup_connector (struct server *s, irc_setup_connector (struct server *s, const struct str_vector *addresses)
const struct str_vector *addresses, struct error **e)
{ {
struct connector *connector = xmalloc (sizeof *connector); struct connector *connector = xmalloc (sizeof *connector);
connector_init (connector, &s->ctx->poller); connector_init (connector, &s->ctx->poller);
@ -4858,32 +4865,13 @@ irc_setup_connector (struct server *s,
connector->on_connected = irc_on_connector_connected; connector->on_connected = irc_on_connector_connected;
connector->on_failure = irc_on_connector_failure; connector->on_failure = irc_on_connector_failure;
bool at_least_one_address_succeeded = false;
for (size_t i = 0; i < addresses->len; i++) for (size_t i = 0; i < addresses->len; i++)
{ {
char *host, *port; char *host, *port;
irc_split_host_port (addresses->vector[i], &host, &port); irc_split_host_port (addresses->vector[i], &host, &port);
connector_add_target (connector, host, port);
struct error *error = NULL;
if (connector_add_target (connector, host, port, &error))
at_least_one_address_succeeded = true;
else
{
log_server_error (s, s->buffer,
"Address resolution failed for #&s: #s",
format_host_port_pair (host, port), error->message);
error_free (error);
} }
} }
if (!at_least_one_address_succeeded)
{
error_set (e, "No address to connect to");
return false;
}
connector_step (connector);
return true;
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@ -4963,7 +4951,7 @@ irc_initiate_connect (struct server *s)
struct error *e = NULL; struct error *e = NULL;
if (!irc_setup_connector_socks (s, &servers, &e) && !e) if (!irc_setup_connector_socks (s, &servers, &e) && !e)
irc_setup_connector (s, &servers, &e); irc_setup_connector (s, &servers);
str_vector_free (&servers); str_vector_free (&servers);

1
kike.c
View File

@ -3385,6 +3385,7 @@ irc_try_fetch_client (struct server_context *ctx, int listen_fd)
return true; return true;
} }
// FIXME: use async_getnameinfo() so that we never ever block here
char host[NI_MAXHOST] = "unknown", port[NI_MAXSERV] = "unknown"; char host[NI_MAXHOST] = "unknown", port[NI_MAXSERV] = "unknown";
int err = getnameinfo ((struct sockaddr *) &peer, peer_len, int err = getnameinfo ((struct sockaddr *) &peer, peer_len,
host, sizeof host, port, sizeof port, NI_NUMERICSERV); host, sizeof host, port, sizeof port, NI_NUMERICSERV);

@ -1 +1 @@
Subproject commit f6d74544f82ce8186e73a6ba268c2bc56b3ce5c7 Subproject commit bc7e83137ed2a14957e1b3feb5de658f8505ed57

View File

@ -1663,8 +1663,10 @@ struct irc_socks_data
}; };
static void static void
irc_on_socks_connected (void *user_data, int socket) irc_on_socks_connected (void *user_data, int socket, const char *hostname)
{ {
(void) hostname;
struct irc_socks_data *data = user_data; struct irc_socks_data *data = user_data;
data->ctx->irc_fd = socket; data->ctx->irc_fd = socket;
data->succeeded = true; data->succeeded = true;