diff options
author | Håvard Pettersen <havardpe@oath.com> | 2020-02-13 11:32:34 +0000 |
---|---|---|
committer | Håvard Pettersen <havardpe@oath.com> | 2020-02-13 13:58:33 +0000 |
commit | 556d6b002d93391abc2e8cf7c8b1d1d133b12d32 (patch) | |
tree | 2130148d7b1c0ef30bd049f499f21e0c0011b23d /fnet | |
parent | 762abbd7f48f3afe8257faf581c7defce160ad4f (diff) |
extend crypto engine api
send spec for client connections to enable SNI as well as server name
verification
Diffstat (limited to 'fnet')
-rw-r--r-- | fnet/src/tests/connect/connect_test.cpp | 6 | ||||
-rw-r--r-- | fnet/src/vespa/fnet/connection.cpp | 5 | ||||
-rw-r--r-- | fnet/src/vespa/fnet/transport.cpp | 10 | ||||
-rw-r--r-- | fnet/src/vespa/fnet/transport.h | 18 |
4 files changed, 29 insertions, 10 deletions
diff --git a/fnet/src/tests/connect/connect_test.cpp b/fnet/src/tests/connect/connect_test.cpp index b70b3fa8b01..d94b6759077 100644 --- a/fnet/src/tests/connect/connect_test.cpp +++ b/fnet/src/tests/connect/connect_test.cpp @@ -65,7 +65,11 @@ struct BlockingCryptoEngine : public CryptoEngine { Gate handshake_work_enter; Gate handshake_work_exit; Gate handshake_socket_deleted; - CryptoSocket::UP create_crypto_socket(SocketHandle socket, bool) override { + CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &) override { + return std::make_unique<BlockingCryptoSocket>(std::move(socket), + handshake_work_enter, handshake_work_exit, handshake_socket_deleted); + } + CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override { return std::make_unique<BlockingCryptoSocket>(std::move(socket), handshake_work_enter, handshake_work_exit, handshake_socket_deleted); } diff --git a/fnet/src/vespa/fnet/connection.cpp b/fnet/src/vespa/fnet/connection.cpp index 5f7adb32af0..c5afd627a5a 100644 --- a/fnet/src/vespa/fnet/connection.cpp +++ b/fnet/src/vespa/fnet/connection.cpp @@ -9,6 +9,7 @@ #include "config.h" #include "transport_thread.h" #include "transport.h" +#include <vespa/vespalib/net/socket_spec.h> #include <vespa/log/log.h> LOG_SETUP(".fnet"); @@ -472,7 +473,7 @@ FNET_Connection::FNET_Connection(FNET_TransportThread *owner, _streamer(streamer), _serverAdapter(serverAdapter), _adminChannel(nullptr), - _socket(owner->owner().create_crypto_socket(std::move(socket), true)), + _socket(owner->owner().create_server_crypto_socket(std::move(socket))), _resolve_handler(nullptr), _context(), _state(FNET_CONNECTING), @@ -579,7 +580,7 @@ FNET_Connection::handle_add_event() { if (_resolve_handler) { auto tweak = [this](vespalib::SocketHandle &handle) { return Owner()->tune(handle); }; - _socket = Owner()->owner().create_crypto_socket(_resolve_handler->address.connect(tweak), false); + _socket = Owner()->owner().create_client_crypto_socket(_resolve_handler->address.connect(tweak), vespalib::SocketSpec(GetSpec())); _ioc_socket_fd = _socket->get_fd(); _resolve_handler.reset(); } diff --git a/fnet/src/vespa/fnet/transport.cpp b/fnet/src/vespa/fnet/transport.cpp index 28e645d9e03..d3b52969c8c 100644 --- a/fnet/src/vespa/fnet/transport.cpp +++ b/fnet/src/vespa/fnet/transport.cpp @@ -54,9 +54,15 @@ FNET_Transport::resolve_async(const vespalib::string &spec, } vespalib::CryptoSocket::UP -FNET_Transport::create_crypto_socket(vespalib::SocketHandle socket, bool is_server) +FNET_Transport::create_client_crypto_socket(vespalib::SocketHandle socket, const vespalib::SocketSpec &spec) { - return _crypto_engine->create_crypto_socket(std::move(socket), is_server); + return _crypto_engine->create_client_crypto_socket(std::move(socket), spec); +} + +vespalib::CryptoSocket::UP +FNET_Transport::create_server_crypto_socket(vespalib::SocketHandle socket) +{ + return _crypto_engine->create_server_crypto_socket(std::move(socket)); } FNET_TransportThread * diff --git a/fnet/src/vespa/fnet/transport.h b/fnet/src/vespa/fnet/transport.h index 8d1ba48c1b0..02ef22c7fb6 100644 --- a/fnet/src/vespa/fnet/transport.h +++ b/fnet/src/vespa/fnet/transport.h @@ -79,17 +79,25 @@ public: vespalib::AsyncResolver::ResultHandler::WP result_handler); /** - * Wrap a plain socket endpoint in a CryptoSocket. The + * Wrap a plain socket endpoint (client side) in a CryptoSocket. The * implementation will be determined by the CryptoEngine used by * this Transport. * * @return socket abstraction able to perform encryption and decryption * @param socket low-level socket - * @param is_server which end of the connection the socket - * represents. This is needed to support - * asymmetrical handshaking. + * @param spec who we are connecting to **/ - vespalib::CryptoSocket::UP create_crypto_socket(vespalib::SocketHandle socket, bool is_server); + vespalib::CryptoSocket::UP create_client_crypto_socket(vespalib::SocketHandle socket, const vespalib::SocketSpec &spec); + + /** + * Wrap a plain socket endpoint (server side) in a CryptoSocket. The + * implementation will be determined by the CryptoEngine used by + * this Transport. + * + * @return socket abstraction able to perform encryption and decryption + * @param socket low-level socket + **/ + vespalib::CryptoSocket::UP create_server_crypto_socket(vespalib::SocketHandle socket); /** * Select one of the underlying transport threads. The selection |