Lines Matching defs:conn_info
621 accept_cert(const char* reason, struct tls_conn_settings *conn_info,
627 if (!conn_info->accepted)
630 " \"%s\"", conn_info->incoming ? "server" : "client",
631 conn_info->hostname, reason, cur_subjectline,
634 if (cur_fingerprint && !conn_info->fingerprint)
635 conn_info->fingerprint = cur_fingerprint;
639 if (cur_subjectline && !conn_info->subject)
640 conn_info->subject = cur_subjectline;
644 conn_info->accepted = true;
648 deny_cert(struct tls_conn_settings *conn_info,
651 if (!conn_info->accepted)
654 conn_info->incoming ? "client" : "server",
655 conn_info->hostname,
661 conn_info->incoming ? "client" : "server",
683 struct tls_conn_settings *conn_info;
692 conn_info = SSL_get_app_data(ssl);
699 "is %s, conn_info@%p%s\n", conn_info->hostname, cur_depth,
700 preverify_ok, cur_subjectline, cur_fingerprint, conn_info,
701 (conn_info->accepted ? ", cb was already called" : ""));
724 * - conn_info->x509verify
737 * - conn_info->incoming:
740 * false: otherwise we are client and conn_info has all attributes
742 * - conn_info->fingerprint (only if !conn_info->incoming)
754 if (conn_info->x509verify == X509VERIFY_NONE)
755 return accept_cert("disabled verification", conn_info,
759 * && (conn_info->x509verify != X509VERIFY_NONE) */
760 if (conn_info->incoming) {
763 conn_info, cur_fingerprint, cur_subjectline);
769 conn_info, cur_fingerprint,
777 conn_info, cur_fingerprint,
780 return deny_cert(conn_info, cur_fingerprint, cur_subjectline);
784 * && (conn_info->x509verify != X509VERIFY_NONE)
785 * && !conn_info->incoming */
786 if (!conn_info->incoming && preverify_ok) {
788 if (match_hostnames(cur_cert, conn_info->hostname,
789 conn_info->subject))
791 conn_info, cur_fingerprint, cur_subjectline);
793 return deny_cert(conn_info, cur_fingerprint,
795 } else if (!conn_info->incoming && !preverify_ok) {
797 if (match_fingerprint(cur_cert, conn_info->fingerprint))
798 return accept_cert("matching fingerprint", conn_info,
800 else if (match_certfile(cur_cert, conn_info->certfile))
801 return accept_cert("matching certfile", conn_info,
804 return deny_cert(conn_info, cur_fingerprint,
916 struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
917 SSL *ssl = conn_info->sslptr;
923 DPRINTF((D_TLS|D_CALL), "dispatch_SSL_connect(conn_info@%p, fd %d)\n",
924 conn_info, fd);
925 assert(conn_info->state == ST_TCP_EST
926 || conn_info->state == ST_CONNECTING);
928 ST_CHANGE(conn_info->state, ST_CONNECTING);
932 conn_info->sslptr, NULL, rc);
935 event_set(conn_info->retryevent, fd, EV_READ,
936 dispatch_SSL_connect, conn_info);
937 EVENT_ADD(conn_info->retryevent);
940 event_set(conn_info->retryevent, fd, EV_WRITE,
941 dispatch_SSL_connect, conn_info);
942 EVENT_ADD(conn_info->retryevent);
949 conn_info->hostname);
950 ST_CHANGE(conn_info->state, ST_NONE);
951 conn_info->reconnect = 5 * TLS_RECONNECT_SEC;
952 tv.tv_sec = conn_info->reconnect;
954 schedule_event(&conn_info->event, &tv,
955 tls_reconnect, conn_info);
962 conn_info->reconnect = TLS_RECONNECT_SEC;
963 event_set(conn_info->event, fd, EV_READ, dispatch_tls_eof, conn_info);
964 EVENT_ADD(conn_info->event);
967 ST_CHANGE(conn_info->state, ST_TLS_EST);
969 send_queue(0, 0, get_f_by_conninfo(conn_info));
977 tls_connect(struct tls_conn_settings *conn_info)
985 DPRINTF((D_TLS|D_CALL), "tls_connect(conn_info@%p)\n", conn_info);
986 assert(conn_info->state == ST_NONE);
996 error = getaddrinfo(conn_info->hostname,
997 (conn_info->port ? conn_info->port : "syslog-tls"), &hints, &res);
1022 ST_CHANGE(conn_info->state, ST_TCP_EST);
1029 ST_CHANGE(conn_info->state, ST_NONE);
1039 ST_CHANGE(conn_info->state, ST_NONE);
1043 SSL_set_app_data(ssl, conn_info);
1058 conn_info->sslptr = ssl;
1060 assert(conn_info->state == ST_TCP_EST);
1061 assert(conn_info->event);
1062 assert(conn_info->retryevent);
1065 dispatch_SSL_connect(sock, 0, conn_info);
1070 conn_info->hostname);
1073 assert(conn_info->state == ST_NONE);
1232 struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
1234 DPRINTF((D_TLS|D_CALL|D_EVENT), "tls_reconnect(conn_info@%p, "
1235 "server %s)\n", conn_info, conn_info->hostname);
1236 if (conn_info->sslptr) {
1237 conn_info->shutdown = true;
1238 free_tls_sslptr(conn_info);
1240 assert(conn_info->state == ST_NONE);
1242 if (!tls_connect(conn_info)) {
1243 if (conn_info->reconnect > TLS_RECONNECT_GIVEUP) {
1245 "giving up now", conn_info->hostname);
1246 message_queue_freeall(get_f_by_conninfo(conn_info));
1255 "try again in %d sec", conn_info->hostname,
1256 conn_info->reconnect);
1257 tv.tv_sec = conn_info->reconnect;
1259 schedule_event(&conn_info->event, &tv,
1260 tls_reconnect, conn_info);
1261 TLS_RECONNECT_BACKOFF(conn_info->reconnect);
1264 assert(conn_info->state == ST_TLS_EST
1265 || conn_info->state == ST_CONNECTING
1266 || conn_info->state == ST_NONE);
1278 struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
1284 "dispatch_tls_accept(conn_info@%p, fd %d)\n", conn_info, fd);
1285 assert(conn_info->event);
1286 assert(conn_info->retryevent);
1289 ST_CHANGE(conn_info->state, ST_ACCEPTING);
1290 rc = SSL_accept(conn_info->sslptr);
1293 conn_info->sslptr, NULL, rc);
1296 event_set(conn_info->retryevent, fd, EV_READ,
1297 dispatch_tls_accept, conn_info);
1298 EVENT_ADD(conn_info->retryevent);
1301 event_set(conn_info->retryevent, fd, EV_WRITE,
1302 dispatch_tls_accept, conn_info);
1303 EVENT_ADD(conn_info->retryevent);
1306 free_tls_conn(conn_info);
1316 tls_in->tls_conn = conn_info;
1317 tls_in->socket = SSL_get_fd(conn_info->sslptr);
1322 event_set(conn_info->event, tls_in->socket, EV_READ | EV_PERSIST,
1324 EVENT_ADD(conn_info->event);
1325 ST_CHANGE(conn_info->state, ST_TLS_EST);
1328 "%s (%s)", conn_info->hostname, conn_info->subject,
1329 conn_info->fingerprint);
1354 struct tls_conn_settings *conn_info;
1417 if (!(conn_info = calloc(1, sizeof(*conn_info)))
1418 || !(conn_info->event = allocev())
1419 || !(conn_info->retryevent = allocev())) {
1420 if (conn_info)
1421 free(conn_info->event);
1422 free(conn_info);
1430 ST_CHANGE(conn_info->state, ST_NONE);
1433 conn_info->hostname = peername;
1434 conn_info->sslptr = ssl;
1435 conn_info->x509verify = getVerifySetting(tls_opt.x509verify);
1436 conn_info->incoming = true;
1437 SSL_set_app_data(ssl, conn_info);
1440 assert(conn_info->event);
1441 assert(conn_info->retryevent);
1443 ST_CHANGE(conn_info->state, ST_TCP_EST);
1446 dispatch_tls_accept(newsock, 0, conn_info);
1462 struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
1471 assert(conn_info->state == ST_TLS_EST);
1474 ST_CHANGE(conn_info->state, ST_READING);
1475 rc = SSL_read(conn_info->sslptr, buf, sizeof(buf));
1476 ST_CHANGE(conn_info->state, ST_TLS_EST);
1477 if (rc <= 0 && tls_examine_error("SSL_read()", conn_info->sslptr,
1478 conn_info, rc) == TLS_RETRY_READ) {
1480 EVENT_ADD(conn_info->event);
1485 ST_CHANGE(conn_info->state, ST_EOF);
1486 DEL_EVENT(conn_info->event);
1488 free_tls_sslptr(conn_info);
1491 tv.tv_sec = conn_info->reconnect;
1493 schedule_event(&conn_info->event, &tv, tls_reconnect, conn_info);
1494 TLS_RECONNECT_BACKOFF(conn_info->reconnect);
1754 struct tls_conn_settings *conn_info = smsg->f->f_un.f_tls.tls_conn;
1766 conn_info->sslptr ? "" : "un");
1767 assert(conn_info->state == ST_TLS_EST
1768 || conn_info->state == ST_WRITING);
1770 retrying = (conn_info->state == ST_WRITING);
1771 ST_CHANGE(conn_info->state, ST_WRITING);
1772 rc = SSL_write(conn_info->sslptr,
1777 conn_info->sslptr,
1778 conn_info, rc);
1783 event_del(conn_info->event);
1784 event_set(conn_info->retryevent, fd, EV_READ,
1786 RETRYEVENT_ADD(conn_info->retryevent);
1789 event_set(conn_info->retryevent, fd, EV_WRITE,
1791 RETRYEVENT_ADD(conn_info->retryevent);
1796 free_tls_sslptr(conn_info);
1797 tv.tv_sec = conn_info->reconnect;
1799 schedule_event(&conn_info->event, &tv,
1800 tls_reconnect, conn_info);
1801 TLS_RECONNECT_BACKOFF(conn_info->reconnect);
1814 EVENT_ADD(conn_info->event);
1819 ST_CHANGE(conn_info->state, ST_TLS_EST);
1828 ST_CHANGE(conn_info->state, ST_TLS_EST);
1832 if (retrying && conn_info->event->ev_events)
1833 EVENT_ADD(conn_info->event);
1841 free_tls_conn(struct tls_conn_settings *conn_info)
1843 DPRINTF(D_MEM, "free_tls_conn(conn_info@%p) with sslptr@%p\n",
1844 conn_info, conn_info->sslptr);
1846 if (conn_info->sslptr) {
1847 conn_info->shutdown = true;
1848 free_tls_sslptr(conn_info);
1850 assert(conn_info->state == ST_NONE);
1852 FREEPTR(conn_info->port);
1853 FREEPTR(conn_info->subject);
1854 FREEPTR(conn_info->hostname);
1855 FREEPTR(conn_info->certfile);
1856 FREEPTR(conn_info->fingerprint);
1857 DEL_EVENT(conn_info->event);
1858 DEL_EVENT(conn_info->retryevent);
1859 FREEPTR(conn_info->event);
1860 FREEPTR(conn_info->retryevent);
1861 FREEPTR(conn_info);
1862 DPRINTF(D_MEM2, "free_tls_conn(conn_info@%p) returns\n", conn_info);
1872 struct tls_conn_settings *conn_info = (struct tls_conn_settings *) arg;
1879 "dispatch_SSL_shutdown(conn_info@%p, fd %d)\n", conn_info, fd);
1880 retrying = ((conn_info->state == ST_CLOSING0)
1881 || (conn_info->state == ST_CLOSING1)
1882 || (conn_info->state == ST_CLOSING2));
1884 ST_CHANGE(conn_info->state, ST_CLOSING0);
1886 rc = SSL_shutdown(conn_info->sslptr);
1889 conn_info->hostname);
1890 ST_CHANGE(conn_info->state, ST_TCP_EST); /* check this */
1891 conn_info->accepted = false;
1902 if (conn_info->state == ST_CLOSING0) {
1903 ST_CHANGE(conn_info->state, ST_CLOSING1);
1904 dispatch_SSL_shutdown(fd, 0, conn_info);
1905 } else if (conn_info->state == ST_CLOSING1) {
1906 ST_CHANGE(conn_info->state, ST_CLOSING2);
1907 dispatch_SSL_shutdown(fd, 0, conn_info);
1908 } else if (conn_info->state == ST_CLOSING2) {
1912 conn_info->state);
1914 } else if (rc == -1 && conn_info->shutdown ) {
1916 conn_info->sslptr, NULL, rc);
1919 ST_CHANGE(conn_info->state, ST_TCP_EST);
1920 conn_info->accepted = false;
1921 } else if (rc == -1 && !conn_info->shutdown ) {
1923 conn_info->sslptr, NULL, rc);
1927 event_del(conn_info->event);
1928 event_set(conn_info->retryevent, fd, EV_READ,
1929 dispatch_SSL_shutdown, conn_info);
1930 EVENT_ADD(conn_info->retryevent);
1935 event_del(conn_info->event);
1936 event_set(conn_info->retryevent, fd, EV_WRITE,
1937 dispatch_SSL_shutdown, conn_info);
1938 EVENT_ADD(conn_info->retryevent);
1943 ST_CHANGE(conn_info->state, ST_TCP_EST);
1944 conn_info->accepted = false;
1948 if ((conn_info->state != ST_TLS_EST)
1949 && (conn_info->state != ST_NONE)
1950 && (conn_info->state != ST_CLOSING0)
1951 && (conn_info->state != ST_CLOSING1)) {
1952 int sock = SSL_get_fd(conn_info->sslptr);
1956 DEL_EVENT(conn_info->retryevent);
1957 DEL_EVENT(conn_info->event);
1962 conn_info->hostname);
1963 ST_CHANGE(conn_info->state, ST_NONE);
1964 FREE_SSL(conn_info->sslptr);
1973 free_tls_sslptr(struct tls_conn_settings *conn_info)
1976 DPRINTF(D_MEM, "free_tls_sslptr(conn_info@%p)\n", conn_info);
1978 if (!conn_info->sslptr) {
1979 assert(conn_info->incoming == 1
1980 || conn_info->state == ST_NONE);
1983 sock = SSL_get_fd(conn_info->sslptr);
1984 dispatch_SSL_shutdown(sock, 0, conn_info);
Indexes created Wed Oct 01 12:09:54 GMT 2025