mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
reorganize InitSSL. Rename forcekeep->cacheOnly. Free instead of decrement
This commit is contained in:
@ -1587,13 +1587,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
||||
/* decrement previous CTX reference count if exists.
|
||||
* This should only happen if switching ctxs!*/
|
||||
if (!newSSL) {
|
||||
if(LockMutex(&ssl->ctx->countMutex) != 0) {
|
||||
WOLFSSL_MSG("Couldn't lock on previous CTX count mutex");
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
WOLFSSL_MSG("Decrementing previous ctx reference count. Switching ctx.");
|
||||
ssl->ctx->refCount--;
|
||||
UnLockMutex(&ssl->ctx->countMutex);
|
||||
WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
|
||||
wolfSSL_CTX_free(ssl->ctx);
|
||||
}
|
||||
|
||||
/* increment CTX reference count */
|
||||
@ -1713,27 +1708,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
||||
|
||||
XMEMSET(ssl, 0, sizeof(WOLFSSL));
|
||||
|
||||
/* arrays */
|
||||
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
|
||||
DYNAMIC_TYPE_ARRAYS);
|
||||
if (ssl->arrays == NULL) {
|
||||
WOLFSSL_MSG("Arrays Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
||||
|
||||
/* suites */
|
||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
||||
DYNAMIC_TYPE_SUITES);
|
||||
if (ssl->suites == NULL) {
|
||||
WOLFSSL_MSG("Suites Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
/* Initialize SSL with the appropriate fields from it's ctx */
|
||||
if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
|
||||
return ret;
|
||||
|
||||
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
|
||||
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
||||
|
||||
@ -1777,7 +1751,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
||||
ssl->hmac = TLS_hmac;
|
||||
#endif
|
||||
|
||||
ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
ssl->buffers.dtlsCtx.fd = -1;
|
||||
@ -1802,6 +1775,29 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
||||
|
||||
/* all done with init, now can return errors, call other stuff */
|
||||
|
||||
/* arrays */
|
||||
ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
|
||||
DYNAMIC_TYPE_ARRAYS);
|
||||
if (ssl->arrays == NULL) {
|
||||
WOLFSSL_MSG("Arrays Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
||||
|
||||
/* suites */
|
||||
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
||||
DYNAMIC_TYPE_SUITES);
|
||||
if (ssl->suites == NULL) {
|
||||
WOLFSSL_MSG("Suites Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
/* Initialize SSL with the appropriate fields from it's ctx */
|
||||
if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
|
||||
return ret;
|
||||
|
||||
ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
|
||||
|
||||
/* hsHashes */
|
||||
ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
|
||||
DYNAMIC_TYPE_HASHES);
|
||||
|
15
src/tls.c
15
src/tls.c
@ -1003,7 +1003,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
word16 size = 0;
|
||||
word16 offset = 0;
|
||||
int forceKeep = 0;
|
||||
int cacheOnly = 0;
|
||||
#endif
|
||||
|
||||
TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
|
||||
@ -1015,7 +1015,10 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
|
||||
if (!extension || !extension->data) {
|
||||
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
||||
forceKeep = 1;
|
||||
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||
* Enable it so that the received sni is available to functions
|
||||
* that use a custom callback when SNI is received */
|
||||
cacheOnly = 1;
|
||||
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
||||
#else
|
||||
return isRequest ? 0 /* not using SNI. */
|
||||
@ -1052,13 +1055,13 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
if (offset + size > length)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
if (!forceKeep && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
|
||||
if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
|
||||
continue; /* not using this type of SNI. */
|
||||
|
||||
switch(type) {
|
||||
case WOLFSSL_SNI_HOST_NAME: {
|
||||
int matchStat;
|
||||
byte matched = forceKeep ||
|
||||
byte matched = cacheOnly ||
|
||||
((XSTRLEN(sni->data.host_name) == size)
|
||||
&& (XSTRNCMP(sni->data.host_name,
|
||||
(const char*)input + offset, size) == 0));
|
||||
@ -1070,7 +1073,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
if (r != SSL_SUCCESS)
|
||||
return r; /* throws error. */
|
||||
|
||||
if(forceKeep) {
|
||||
if(cacheOnly) {
|
||||
WOLFSSL_MSG("Forcing storage of SNI, Fake match");
|
||||
matchStat = WOLFSSL_SNI_FORCE_KEEP;
|
||||
} else if(matched) {
|
||||
@ -1083,7 +1086,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
|
||||
TLSX_SNI_SetStatus(ssl->extensions, type, matchStat);
|
||||
|
||||
if(!forceKeep)
|
||||
if(!cacheOnly)
|
||||
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
|
||||
|
||||
} else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
|
||||
|
Reference in New Issue
Block a user