Commit daf085d1 authored by Pekka Pessi's avatar Pekka Pessi

Merge branch 'tport-refcount'

parents 82cea15b bc565485
......@@ -187,7 +187,7 @@ TPORT_DLL int tport_get_params(tport_t const *, tag_type_t tag, tag_value_t valu
/** Set transport parameters. */
TPORT_DLL int tport_set_params(tport_t *self, tag_type_t tag, tag_value_t value, ...);
/** Destroy transport(s). */
/** Destroy a master transport. */
TPORT_DLL void tport_destroy(tport_t *tport);
/** Shutdown a transport connection. */
......@@ -339,7 +339,7 @@ TPORT_DLL int tport_delivered_from(tport_t *tp, msg_t const *msg,
tp_name_t name[1]);
/** Return TLS Subjects provided by the source transport */
TPORT_DLL su_strlst_t const *tport_delivered_from_subjects(tport_t *tp,
TPORT_DLL su_strlst_t const *tport_delivered_from_subjects(tport_t *tp,
msg_t const *msg);
/** Check if the given subject string is found in su_strlst_t */
......
This diff is collapsed.
......@@ -134,16 +134,12 @@ typedef struct {
struct tport_s {
su_home_t tp_home[1]; /**< Memory home */
ssize_t tp_refs; /**< Number of references to tport */
unsigned tp_black:1; /**< Used by red-black-tree */
unsigned tp_accepted:1; /**< Originally server? */
unsigned tp_conn_orient:1; /**< Is connection-oriented */
unsigned tp_has_connection:1; /**< Has real connection */
unsigned tp_reusable:1; /**< Can this connection be reused */
unsigned tp_closed : 1;
/**< This transport is closed.
/**< This transport has been closed.
*
* A closed transport is inserted into pri_closed list.
*/
......@@ -157,9 +153,12 @@ struct tport_s {
unsigned tp_trunc:1;
unsigned tp_is_connected:1; /**< Connection is established */
unsigned tp_verified:1; /**< Certificate Chain was verified */
unsigned:0;
unsigned tp_error_reported:1; /**< Already reported */
tport_t *tp_left, *tp_right, *tp_dad; /**< Links in tport tree */
/* Red-black tree */
unsigned tp_black:1; /**< Black node */
unsigned:0;
tport_t *tp_left, *tp_right, *tp_dad; /**< Links in tport rbtree */
tport_master_t *tp_master; /**< Master transport */
tport_primary_t *tp_pri; /**< Primary transport */
......@@ -183,7 +182,7 @@ struct tport_s {
*
* Subject Name(s) provided by the peer
* in a TLS connection (if secondary).
* or matched against incoming
* or matched against incoming
* connections (if primary).
*/
......
......@@ -302,25 +302,25 @@ tag_typedef_t tptag_tls_passphrase = STRTAG_TYPEDEF(tls_passphrase);
*
* The verification of certificates can be controlled:
* @par Values:
* - #TPTLS_VERIFY_NONE:
* - #TPTLS_VERIFY_NONE:
* Do not verify Peer Certificates.
* - #TPTLS_VERIFY_IN:
* Drop incoming connections which fail signature verification
* against trusted certificate authorities. Peers must provide a
* - #TPTLS_VERIFY_IN:
* Drop incoming connections which fail signature verification
* against trusted certificate authorities. Peers must provide a
* certificate during the initial TLS Handshake.
* - #TPTLS_VERIFY_OUT:
* Drop outgoing connections which fail signature verification
* - #TPTLS_VERIFY_OUT:
* Drop outgoing connections which fail signature verification
* against trusted certificate authorities.
* - #TPTLS_VERIFY_ALL:
* - #TPTLS_VERIFY_ALL:
* Alias for (TPTLS_VERIFY_IN|TPTLS_VERIFY_OUT)
* - #TPTLS_VERIFY_SUBJECTS_IN:
* Match the certificate subject on incoming connections against
* a provided list. If no match is found, the connection is
* - #TPTLS_VERIFY_SUBJECTS_IN:
* Match the certificate subject on incoming connections against
* a provided list. If no match is found, the connection is
* rejected. If no list is provided, subject checking is bypassed.
* Note: Implies #TPTLS_VERIFY_IN.
* - #TPTLS_VERIFY_SUBJECTS_OUT:
* Match the certificate subject on outgoing connections against
* a provided list. If no match is found, the connection is
* - #TPTLS_VERIFY_SUBJECTS_OUT:
* Match the certificate subject on outgoing connections against
* a provided list. If no match is found, the connection is
* rejected.
* Note: Implies #TPTLS_VERIFY_OUT.
* - #TPTLS_VERIFY_SUBJECTS_ALL:
......@@ -338,12 +338,12 @@ tag_typedef_t tptag_tls_verify_policy = UINTTAG_TYPEDEF(tls_verify_policy);
/**@def TPTAG_TLS_VERIFY_DEPTH(x)
*
* Define the maximum length of a valid certificate chain.
*
*
* @par Default
* 2
*
* @par Used with
* tport_tbind(), nua_create(), nta_agent_create(), nta_agent_add_tport(),
* tport_tbind(), nua_create(), nta_agent_create(), nta_agent_add_tport(),
* nth_engine_create(), or initial nth_site_create().
*
* @par Parameter Type:
......@@ -366,7 +366,7 @@ tag_typedef_t tptag_tls_verify_depth = UINTTAG_TYPEDEF(tls_verify_depth);
* - Non-Zero - Enable date verification.
*
* @par Used with
* tport_tbind(), nua_create(), nta_agent_create(), nta_agent_add_tport(),
* tport_tbind(), nua_create(), nta_agent_create(), nta_agent_add_tport(),
* nth_engine_create(), or initial nth_site_create().
*
* @par Parameter Type:
......@@ -387,7 +387,7 @@ tag_typedef_t tptag_tls_verify_date = UINTTAG_TYPEDEF(tls_verify_date);
* the connection is automatically rejected.
*
* @par Used with
* tport_tbind(), nua_create(), nta_agent_create(), nta_agent_add_tport(),
* tport_tbind(), nua_create(), nta_agent_create(), nta_agent_add_tport(),
* nth_engine_create(), initial nth_site_create(),
* TPTLS_VERIFY_SUBJECTS_IN
*
......@@ -407,7 +407,7 @@ tag_typedef_t tptag_tls_verify_subjects = PTRTAG_TYPEDEF(tls_verify_subjects);
/**@def TPTAG_X509_SUBJECT(x)
*
* Requires that a message be sent over a TLS transport with trusted X.509
* certificate. The character string provided must match against a subject
* certificate. The character string provided must match against a subject
* from the trusted certificate.
*
* @par Used with
......
......@@ -519,13 +519,13 @@ int tls_post_connection_check(tport_t *self, tls_t *tls)
cert = SSL_get_peer_certificate(tls->con);
if (!cert) {
SU_DEBUG_7(("%s(%p): Peer did not provide X.509 Certificate.\n",
SU_DEBUG_7(("%s(%p): Peer did not provide X.509 Certificate.\n",
__func__, (void *) self));
if (self->tp_accepted && tls->verify_incoming)
return X509_V_ERR_CERT_UNTRUSTED;
else if (!self->tp_accepted && tls->verify_outgoing)
return X509_V_ERR_CERT_UNTRUSTED;
else
else
return X509_V_OK;
}
......
......@@ -201,7 +201,7 @@ static tport_t *tport_http_connect(tport_primary_t *pri, su_addrinfo_t *ai,
msg_set_next(response, thci->thci_stackmsg = tport_msg_alloc(tport, 512));
if (tport_send_msg(tport, msg, tpn, NULL) < 0) {
SU_DEBUG_9(("tport_send_msg failed in tpot_http_connect\n"));
SU_DEBUG_9(("tport_send_msg failed in tport_http_connect\n"));
msg_destroy(msg);
tport_zap_secondary(tport);
return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment