tls code cleaning
This commit is contained in:
mom040267
parent
c810a2332e
commit
65dc483208
@ -349,7 +349,7 @@ int set_socket_df(evutil_socket_t fd, int family, int value)
|
||||
static int get_mtu_from_ssl(SSL* ssl)
|
||||
{
|
||||
int ret = SOSO_MTU;
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
if(ssl)
|
||||
ret = BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
|
||||
#else
|
||||
@ -395,7 +395,7 @@ int decrease_mtu(SSL* ssl, int mtu, int verbose)
|
||||
if (verbose)
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "1. mtu to use: %d\n", mtu);
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_set_mtu(ssl,mtu);
|
||||
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SET_MTU, mtu, NULL);
|
||||
#endif
|
||||
@ -416,7 +416,7 @@ int set_mtu_df(SSL* ssl, evutil_socket_t fd, int family, int mtu, int df_value,
|
||||
set_query_mtu(ssl);
|
||||
if(verbose) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"3. mtu to use: %d\n",mtu);
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
|
||||
SSL_set_mtu(ssl,mtu);
|
||||
|
||||
@ -847,25 +847,26 @@ static const char* turn_get_method(const SSL_METHOD *method, const char* mdefaul
|
||||
return "TLSv1.0";
|
||||
} else if(method == TLSv1_client_method()) {
|
||||
return "TLSv1.0";
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
} else if(method == TLSv1_1_server_method()) {
|
||||
return "TLSv1.1";
|
||||
} else if(method == TLSv1_1_client_method()) {
|
||||
return "TLSv1.1";
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
} else if(method == TLSv1_2_server_method()) {
|
||||
return "TLSv1.2";
|
||||
} else if(method == TLSv1_2_client_method()) {
|
||||
return "TLSv1.2";
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
|
||||
} else if(method == DTLSv1_server_method()) {
|
||||
return "DTLSv1.0";
|
||||
} else if(method == DTLSv1_client_method()) {
|
||||
return "DTLSv1.0";
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
} else if(method == DTLSv1_2_server_method()) {
|
||||
return "DTLSv1.2";
|
||||
} else if(method == DTLSv1_2_client_method()) {
|
||||
|
||||
@ -53,15 +53,64 @@ extern "C" {
|
||||
|
||||
extern int IS_TURN_SERVER;
|
||||
|
||||
/* ALPN */
|
||||
|
||||
#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L)
|
||||
|
||||
#define STUN_ALPN "stun.nat-discovery"
|
||||
#define TURN_ALPN "stun.turn"
|
||||
#define HTTP_ALPN "http/1.1"
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
|
||||
#define ALPN_SUPPORTED 1
|
||||
#else
|
||||
#define ALPN_SUPPORTED 0
|
||||
#endif
|
||||
|
||||
/* TLS */
|
||||
|
||||
#if defined(TURN_NO_TLS)
|
||||
#define TLS_SUPPORTED 0
|
||||
#define TLSv1_1_SUPPORTED 0
|
||||
#define TLSv1_2_SUPPORTED 0
|
||||
#else
|
||||
#define TLS_SUPPORTED 1
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#define TLSv1_1_SUPPORTED 1
|
||||
#else
|
||||
#define TLSv1_1_SUPPORTED 0
|
||||
#endif
|
||||
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#define TLSv1_2_SUPPORTED 1
|
||||
#else
|
||||
#define TLSv1_2_SUPPORTED 0
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#define OPENSSL_FIRST_DTLSv1_2_VERSION (0x10002003L)
|
||||
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#define DTLSv1_SUPPORTED 0
|
||||
#define DTLSv1_2_SUPPORTED 0
|
||||
#else
|
||||
#define DTLSv1_SUPPORTED 1
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_DTLSv1_2_VERSION
|
||||
#define DTLSv1_2_SUPPORTED 1
|
||||
#else
|
||||
#define DTLSv1_2_SUPPORTED 0
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/////////// SSL //////////////////////////
|
||||
|
||||
enum _TURN_TLS_TYPE {
|
||||
TURN_TLS_NO=0,
|
||||
TURN_TLS_SSL23,
|
||||
TURN_TLS_v1_0,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
TURN_TLS_v1_1,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
TURN_TLS_v1_2,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -58,9 +58,11 @@ struct dtls_listener_relay_server_info {
|
||||
ioa_engine_handle e;
|
||||
turn_turnserver *ts;
|
||||
int verbose;
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX *dtls_ctx;
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
SSL_CTX *dtls_ctx_v1_2;
|
||||
#endif
|
||||
#endif
|
||||
struct event *udp_listen_ev;
|
||||
ioa_socket_handle udp_listen_s;
|
||||
@ -126,7 +128,7 @@ int get_dtls_version(const unsigned char* buf, int len) {
|
||||
|
||||
///////////// utils /////////////////////
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
|
||||
static void calculate_cookie(SSL* ssl, unsigned char *cookie_secret, unsigned int cookie_length) {
|
||||
long rv=(long)ssl;
|
||||
@ -277,7 +279,7 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty
|
||||
timeout.tv_usec = 0;
|
||||
BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
if(get_dtls_version(ioa_network_buffer_data(nbh),
|
||||
(int)ioa_network_buffer_get_size(nbh)) == 1) {
|
||||
connecting_ssl = SSL_NEW(server->dtls_ctx_v1_2);
|
||||
@ -426,7 +428,7 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server,
|
||||
|
||||
chs = NULL;
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
if (!turn_params.no_dtls &&
|
||||
is_dtls_handshake_message(ioa_network_buffer_data(sm->m.sm.nd.nbh),
|
||||
(int)ioa_network_buffer_get_size(sm->m.sm.nd.nbh))) {
|
||||
@ -535,7 +537,7 @@ static int create_new_connected_udp_socket(
|
||||
ret->current_tos = s->current_tos;
|
||||
ret->default_tos = s->default_tos;
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
if (!turn_params.no_dtls
|
||||
&& is_dtls_handshake_message(
|
||||
ioa_network_buffer_data(server->sm.m.sm.nd.nbh),
|
||||
@ -558,7 +560,7 @@ static int create_new_connected_udp_socket(
|
||||
timeout.tv_usec = 0;
|
||||
BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
if(get_dtls_version(ioa_network_buffer_data(server->sm.m.sm.nd.nbh),
|
||||
(int)ioa_network_buffer_get_size(server->sm.m.sm.nd.nbh)) == 1) {
|
||||
connecting_ssl = SSL_NEW(server->dtls_ctx_v1_2);
|
||||
@ -897,7 +899,7 @@ static int init_server(dtls_listener_relay_server_type* server,
|
||||
if(!server) return -1;
|
||||
|
||||
server->dtls_ctx = e->dtls_ctx;
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
server->dtls_ctx_v1_2 = e->dtls_ctx_v1_2;
|
||||
#endif
|
||||
server->ts = ts;
|
||||
@ -925,13 +927,13 @@ static int init_server(dtls_listener_relay_server_type* server,
|
||||
|
||||
SSL_CTX_set_read_ahead(server->dtls_ctx, 1);
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX_set_cookie_generate_cb(server->dtls_ctx, generate_cookie);
|
||||
SSL_CTX_set_cookie_verify_cb(server->dtls_ctx, verify_cookie);
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
if(server->dtls_ctx_v1_2) {
|
||||
|
||||
#if defined(REQUEST_CLIENT_CERT)
|
||||
@ -941,7 +943,7 @@ static int init_server(dtls_listener_relay_server_type* server,
|
||||
|
||||
SSL_CTX_set_read_ahead(server->dtls_ctx_v1_2, 1);
|
||||
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX_set_cookie_generate_cb(server->dtls_ctx_v1_2, generate_cookie);
|
||||
SSL_CTX_set_cookie_verify_cb(server->dtls_ctx_v1_2, verify_cookie);
|
||||
#endif
|
||||
|
||||
@ -66,27 +66,29 @@ static int anon_credentials = 0;
|
||||
|
||||
turn_params_t turn_params = {
|
||||
NULL, NULL,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
NULL,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
NULL,
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
NULL,
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
NULL,
|
||||
#endif
|
||||
|
||||
DH_1066, "", DEFAULT_EC_CURVE_NAME, "",
|
||||
"turn_server_cert.pem","turn_server_pkey.pem", "", "",
|
||||
0,0,0,0,0,
|
||||
#if defined(TURN_NO_TLS)
|
||||
#if !TLS_SUPPORTED
|
||||
1,
|
||||
#else
|
||||
0,
|
||||
#endif
|
||||
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#if !DTLSv1_SUPPORTED
|
||||
1,
|
||||
#else
|
||||
0,
|
||||
@ -1219,14 +1221,14 @@ static void set_option(int c, char *value)
|
||||
turn_params.no_tcp_relay = get_bool_value(value);
|
||||
break;
|
||||
case NO_TLS_OPT:
|
||||
#if defined(TURN_NO_TLS)
|
||||
#if !TLS_SUPPORTED
|
||||
turn_params.no_tls = 1;
|
||||
#else
|
||||
turn_params.no_tls = get_bool_value(value);
|
||||
#endif
|
||||
break;
|
||||
case NO_DTLS_OPT:
|
||||
#if !defined(TURN_NO_DTLS)
|
||||
#if DTLSv1_SUPPORTED
|
||||
turn_params.no_dtls = get_bool_value(value);
|
||||
#else
|
||||
turn_params.no_dtls = 1;
|
||||
@ -1610,13 +1612,13 @@ static void print_features(unsigned long mfn)
|
||||
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "\n\n==== Show him the instruments, Practical Frost: ====\n\n");
|
||||
|
||||
#if defined(TURN_NO_TLS)
|
||||
#if !TLS_SUPPORTED
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n");
|
||||
#else
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS supported\n");
|
||||
#endif
|
||||
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#if !DTLSv1_SUPPORTED
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n");
|
||||
#else
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n");
|
||||
@ -1796,11 +1798,11 @@ int main(int argc, char **argv)
|
||||
|
||||
optind = 0;
|
||||
|
||||
#if defined(TURN_NO_TLS)
|
||||
#if !TLS_SUPPORTED
|
||||
turn_params.no_tls = 1;
|
||||
#endif
|
||||
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#if !DTLSv1_SUPPORTED
|
||||
turn_params.no_dtls = 1;
|
||||
#endif
|
||||
|
||||
@ -2339,7 +2341,7 @@ static int pem_password_func(char *buf, int size, int rwflag, void *password)
|
||||
return (strlen(buf));
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
|
||||
#if ALPN_SUPPORTED
|
||||
|
||||
static int ServerALPNCallback(SSL *s,
|
||||
const unsigned char **out,
|
||||
@ -2388,7 +2390,7 @@ static int ServerALPNCallback(SSL *s,
|
||||
|
||||
static void set_ctx(SSL_CTX* ctx, const char *protocol)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
|
||||
#if ALPN_SUPPORTED
|
||||
SSL_CTX_set_alpn_select_cb(ctx, ServerALPNCallback, NULL);
|
||||
#endif
|
||||
|
||||
@ -2528,12 +2530,12 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol)
|
||||
op |= SSL_OP_NO_TLSv1_2;
|
||||
#endif
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1)
|
||||
#if defined(SSL_OP_NO_DTLSv1) && DTLSv1_SUPPORTED
|
||||
if(turn_params.no_tlsv1)
|
||||
op |= SSL_OP_NO_DTLSv1;
|
||||
#endif
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if defined(SSL_OP_NO_DTLSv1_2) && DTLSv1_2_SUPPORTED
|
||||
if(turn_params.no_tlsv1_2)
|
||||
op |= SSL_OP_NO_DTLSv1_2;
|
||||
#endif
|
||||
@ -2560,7 +2562,7 @@ static void openssl_setup(void)
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
#if defined(TURN_NO_TLS)
|
||||
#if !TLS_SUPPORTED
|
||||
if(!turn_params.no_tls) {
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "WARNING: TLS is not supported\n");
|
||||
turn_params.no_tls = 1;
|
||||
@ -2590,12 +2592,12 @@ static void openssl_setup(void)
|
||||
turn_params.tls_ctx_v1_0 = SSL_CTX_new(TLSv1_server_method());
|
||||
set_ctx(turn_params.tls_ctx_v1_0,"TLS1.0");
|
||||
}
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
if(!turn_params.no_tlsv1_1) {
|
||||
turn_params.tls_ctx_v1_1 = SSL_CTX_new(TLSv1_1_server_method());
|
||||
set_ctx(turn_params.tls_ctx_v1_1,"TLS1.1");
|
||||
}
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
if(!turn_params.no_tlsv1_2) {
|
||||
turn_params.tls_ctx_v1_2 = SSL_CTX_new(TLSv1_2_server_method());
|
||||
set_ctx(turn_params.tls_ctx_v1_2,"TLS1.2");
|
||||
@ -2606,7 +2608,7 @@ static void openssl_setup(void)
|
||||
}
|
||||
|
||||
if(!turn_params.no_dtls) {
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#if !DTLSv1_SUPPORTED
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: DTLS is not supported.\n");
|
||||
#else
|
||||
if(OPENSSL_VERSION_NUMBER < 0x10000000L) {
|
||||
@ -2616,7 +2618,7 @@ static void openssl_setup(void)
|
||||
set_ctx(turn_params.dtls_ctx,"DTLS");
|
||||
SSL_CTX_set_read_ahead(turn_params.dtls_ctx, 1);
|
||||
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
turn_params.dtls_ctx_v1_2 = SSL_CTX_new(DTLSv1_2_server_method());
|
||||
set_ctx(turn_params.dtls_ctx_v1_2,"DTLS1,2");
|
||||
SSL_CTX_set_read_ahead(turn_params.dtls_ctx_v1_2, 1);
|
||||
|
||||
@ -180,15 +180,17 @@ typedef struct _turn_params_ {
|
||||
|
||||
SSL_CTX *tls_ctx_v1_0;
|
||||
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_1;
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_2;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX *dtls_ctx;
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
SSL_CTX *dtls_ctx_v1_2;
|
||||
#endif
|
||||
|
||||
|
||||
@ -941,14 +941,16 @@ static ioa_engine_handle create_new_listener_engine(void)
|
||||
#endif
|
||||
);
|
||||
set_ssl_ctx(e, turn_params.tls_ctx_ssl23, turn_params.tls_ctx_v1_0,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
turn_params.tls_ctx_v1_1,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
turn_params.tls_ctx_v1_2,
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
turn_params.dtls_ctx
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
,turn_params.dtls_ctx_v1_2
|
||||
#endif
|
||||
);
|
||||
@ -995,14 +997,16 @@ static void setup_listener(void)
|
||||
exit(-1);
|
||||
|
||||
set_ssl_ctx(turn_params.listener.ioa_eng, turn_params.tls_ctx_ssl23, turn_params.tls_ctx_v1_0,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
turn_params.tls_ctx_v1_1,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
turn_params.tls_ctx_v1_2,
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
turn_params.dtls_ctx
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
,turn_params.dtls_ctx_v1_2
|
||||
#endif
|
||||
);
|
||||
@ -1567,14 +1571,16 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
|
||||
#endif
|
||||
);
|
||||
set_ssl_ctx(rs->ioa_eng, turn_params.tls_ctx_ssl23, turn_params.tls_ctx_v1_0,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
turn_params.tls_ctx_v1_1,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
turn_params.tls_ctx_v1_2,
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
turn_params.dtls_ctx
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
,turn_params.dtls_ctx_v1_2
|
||||
#endif
|
||||
);
|
||||
|
||||
@ -38,7 +38,7 @@
|
||||
|
||||
#include "ns_ioalib_impl.h"
|
||||
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
#include <event2/bufferevent_ssl.h>
|
||||
#endif
|
||||
|
||||
@ -434,28 +434,32 @@ ioa_engine_handle create_ioa_engine(super_memory_t *sm,
|
||||
void set_ssl_ctx(ioa_engine_handle e,
|
||||
SSL_CTX *tls_ctx_ssl23,
|
||||
SSL_CTX *tls_ctx_v1_0,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_1,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_2,
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX *dtls_ctx
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
,SSL_CTX *dtls_ctx_v1_2
|
||||
#endif
|
||||
)
|
||||
{
|
||||
e->tls_ctx_ssl23 = tls_ctx_ssl23;
|
||||
e->tls_ctx_v1_0 = tls_ctx_v1_0;
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
e->tls_ctx_v1_1 = tls_ctx_v1_1;
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
e->tls_ctx_v1_2 = tls_ctx_v1_2;
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
e->dtls_ctx = dtls_ctx;
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
e->dtls_ctx_v1_2 = dtls_ctx_v1_2;
|
||||
#endif
|
||||
}
|
||||
@ -2242,7 +2246,8 @@ int udp_recvfrom(evutil_socket_t fd, ioa_addr* orig_addr, const ioa_addr *like_a
|
||||
return len;
|
||||
}
|
||||
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
|
||||
static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd)
|
||||
{
|
||||
TURN_TLS_TYPE ret = TURN_TLS_NO;
|
||||
@ -2321,7 +2326,7 @@ static int socket_input_worker(ioa_socket_handle s)
|
||||
}
|
||||
|
||||
if(s->st == TLS_SOCKET) {
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
|
||||
if(!ctx || SSL_get_shutdown(ctx)) {
|
||||
s->tobeclosed = 1;
|
||||
@ -2340,7 +2345,7 @@ static int socket_input_worker(ioa_socket_handle s)
|
||||
|
||||
if(s->st == TENTATIVE_TCP_SOCKET) {
|
||||
EVENT_DEL(s->read_event);
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
TURN_TLS_TYPE tls_type = check_tentative_tls(s->fd);
|
||||
if(tls_type) {
|
||||
s->st = TLS_SOCKET;
|
||||
@ -2351,14 +2356,14 @@ static int socket_input_worker(ioa_socket_handle s)
|
||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "!!!%s on socket: 0x%lx, st=%d, sat=%d: bev already exist\n", __FUNCTION__,(long)s, s->st, s->sat);
|
||||
}
|
||||
switch(tls_type) {
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
case TURN_TLS_v1_2:
|
||||
if(s->e->tls_ctx_v1_2) {
|
||||
set_socket_ssl(s,SSL_NEW(s->e->tls_ctx_v1_2));
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
case TURN_TLS_v1_1:
|
||||
if(s->e->tls_ctx_v1_1) {
|
||||
set_socket_ssl(s,SSL_NEW(s->e->tls_ctx_v1_1));
|
||||
@ -2391,7 +2396,7 @@ static int socket_input_worker(ioa_socket_handle s)
|
||||
bufferevent_enable(s->bev, EV_READ|EV_WRITE); /* Start reading. */
|
||||
}
|
||||
} else
|
||||
#endif //TURN_NO_TLS
|
||||
#endif //TLS_SUPPORTED
|
||||
{
|
||||
s->st = TCP_SOCKET;
|
||||
if(s->bev) {
|
||||
@ -2443,7 +2448,7 @@ static int socket_input_worker(ioa_socket_handle s)
|
||||
s->broken = 1;
|
||||
log_socket_event(s, "socket read failed, to be closed",1);
|
||||
} else if(s->st == TLS_SOCKET) {
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
|
||||
if(!ctx || SSL_get_shutdown(ctx)) {
|
||||
ret = -1;
|
||||
@ -3083,7 +3088,7 @@ int send_data_from_ioa_socket_nbh(ioa_socket_handle s, ioa_addr* dest_addr,
|
||||
|
||||
if (s->connected && s->bev) {
|
||||
if (s->st == TLS_SOCKET) {
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
|
||||
if (!ctx || SSL_get_shutdown(ctx)) {
|
||||
s->tobeclosed = 1;
|
||||
@ -3240,7 +3245,7 @@ int register_callback_on_ioa_socket(ioa_engine_handle e, ioa_socket_handle s, in
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
#if !defined(TURN_NO_TLS)
|
||||
#if TLS_SUPPORTED
|
||||
if(!(s->ssl)) {
|
||||
//??? how we can get to this point ???
|
||||
set_socket_ssl(s,SSL_NEW(e->tls_ctx_ssl23));
|
||||
|
||||
@ -143,14 +143,16 @@ struct _ioa_engine
|
||||
stun_buffer_list bufs;
|
||||
SSL_CTX *tls_ctx_ssl23;
|
||||
SSL_CTX *tls_ctx_v1_0;
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_1;
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_2;
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX *dtls_ctx;
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
SSL_CTX *dtls_ctx_v1_2;
|
||||
#endif
|
||||
turn_time_t jiffie; /* bandwidth check interval */
|
||||
@ -254,14 +256,16 @@ ioa_engine_handle create_ioa_engine(super_memory_t *sm,
|
||||
void set_ssl_ctx(ioa_engine_handle e,
|
||||
SSL_CTX *tls_ctx_ssl23,
|
||||
SSL_CTX *tls_ctx_v1_0,
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_1,
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
SSL_CTX *tls_ctx_v1_2,
|
||||
#endif
|
||||
#endif
|
||||
#if DTLSv1_SUPPORTED
|
||||
SSL_CTX *dtls_ctx
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#endif
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
,SSL_CTX *dtls_ctx_v1_2
|
||||
#endif
|
||||
);
|
||||
|
||||
@ -517,18 +517,18 @@ int main(int argc, char **argv)
|
||||
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_client_method());
|
||||
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
|
||||
root_tls_ctx_num++;
|
||||
#if defined(SSL_TXT_TLSV1_1)
|
||||
#if TLSv1_1_SUPPORTED
|
||||
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_1_client_method());
|
||||
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
|
||||
root_tls_ctx_num++;
|
||||
#if defined(SSL_TXT_TLSV1_2)
|
||||
#if TLSv1_2_SUPPORTED
|
||||
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_2_client_method());
|
||||
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
|
||||
root_tls_ctx_num++;
|
||||
#endif
|
||||
#endif
|
||||
} else {
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#if !DTLSv1_SUPPORTED
|
||||
fprintf(stderr,"ERROR: DTLS is not supported.\n");
|
||||
exit(-1);
|
||||
#else
|
||||
@ -538,7 +538,7 @@ int main(int argc, char **argv)
|
||||
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_client_method());
|
||||
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
|
||||
root_tls_ctx_num++;
|
||||
#if defined(SSL_OP_NO_DTLSv1_2)
|
||||
#if DTLSv1_2_SUPPORTED
|
||||
root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_2_client_method());
|
||||
SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
|
||||
root_tls_ctx_num++;
|
||||
|
||||
@ -50,7 +50,7 @@ static uint64_t current_reservation_token = 0;
|
||||
static int allocate_rtcp = 0;
|
||||
static const int never_allocate_rtcp = 0;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
|
||||
#if ALPN_SUPPORTED
|
||||
static const unsigned char kALPNProtos[] = "\x09stun.turn\x12stun.nat-discovery";
|
||||
static const size_t kALPNProtosLen = sizeof(kALPNProtos) - 1;
|
||||
#endif
|
||||
@ -91,14 +91,14 @@ static SSL* tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, int *try_again
|
||||
|
||||
ssl = SSL_NEW(root_tls_ctx[ctxtype]);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION
|
||||
#if ALPN_SUPPORTED
|
||||
SSL_set_alpn_protos(ssl, kALPNProtos, kALPNProtosLen);
|
||||
#endif
|
||||
|
||||
if(use_tcp) {
|
||||
SSL_set_fd(ssl, fd);
|
||||
} else {
|
||||
#if defined(TURN_NO_DTLS)
|
||||
#if !DTLSv1_SUPPORTED
|
||||
UNUSED_ARG(remote_addr);
|
||||
fprintf(stderr,"ERROR: DTLS is not supported.\n");
|
||||
exit(-1);
|
||||
|
||||
@ -216,14 +216,6 @@ typedef u32bits turn_time_t;
|
||||
#define DELETE_TURN_CHANNEL_KERNEL(handler)
|
||||
#endif
|
||||
|
||||
/* ALPN */
|
||||
|
||||
#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L)
|
||||
|
||||
#define STUN_ALPN "stun.nat-discovery"
|
||||
#define TURN_ALPN "stun.turn"
|
||||
#define HTTP_ALPN "http/1.1"
|
||||
|
||||
////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
Loading…
Reference in New Issue
Block a user