1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
/*
* File: tls.c
*
* Copyright (C) 2011 Benjamin Johnson <obeythepenguin@users.sourceforge.net>
* (for the https code offered from dplus browser that formed the basis...)
* Copyright 2016 corvid
* Copyright (C) 2023 Rodrigo Arias Mallo <rodarima@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* As a special exception, permission is granted to link Dillo with the OpenSSL
* or LibreSSL library, and distribute the linked executables without
* including the source code for OpenSSL or LibreSSL in the source
* distribution. You must obey the GNU General Public License, version 3, in
* all respects for all of the code used other than OpenSSL or LibreSSL.
*/
#include "config.h"
#include "../msg.h"
#include "tls.h"
#include "tls_openssl.h"
#include "tls_mbedtls.h"
void a_Tls_init()
{
#if ! defined(ENABLE_TLS)
MSG("TLS: Disabled at compilation time.\n");
#elif defined(HAVE_OPENSSL)
a_Tls_openssl_init();
#elif defined(HAVE_MBEDTLS)
a_Tls_mbedtls_init();
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
/*
* Return TLS connection information for a given file
* descriptor, or NULL if no TLS connection was found.
*/
void *a_Tls_connection(int fd)
{
#if ! defined(ENABLE_TLS)
return NULL;
#elif defined(HAVE_OPENSSL)
return a_Tls_openssl_connection(fd);
#elif defined(HAVE_MBEDTLS)
return a_Tls_mbedtls_connection(fd);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
/*
* The purpose here is to permit a single initial connection to a server.
* Once we have the certificate, know whether we like it -- and whether the
* user accepts it -- HTTP can run through queued sockets as normal.
*
* Return: TLS_CONNECT_READY or TLS_CONNECT_NOT_YET or TLS_CONNECT_NEVER.
*/
int a_Tls_connect_ready(const DilloUrl *url)
{
#if ! defined(ENABLE_TLS)
return TLS_CONNECT_NEVER;
#elif defined(HAVE_OPENSSL)
return a_Tls_openssl_connect_ready(url);
#elif defined(HAVE_MBEDTLS)
return a_Tls_mbedtls_connect_ready(url);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
/*
* Did everything seem proper with the certificate -- no warnings to
* click through?
*/
int a_Tls_certificate_is_clean(const DilloUrl *url)
{
#if ! defined(ENABLE_TLS)
return 0;
#elif defined(HAVE_OPENSSL)
return a_Tls_openssl_certificate_is_clean(url);
#elif defined(HAVE_MBEDTLS)
return a_Tls_mbedtls_certificate_is_clean(url);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
/*
* Clean up the OpenSSL library
*/
void a_Tls_freeall(void)
{
#if ! defined(ENABLE_TLS)
return;
#elif defined(HAVE_OPENSSL)
a_Tls_openssl_freeall();
#elif defined(HAVE_MBEDTLS)
a_Tls_mbedtls_freeall();
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
void a_Tls_reset_server_state(const DilloUrl *url)
{
#if ! defined(ENABLE_TLS)
return;
#elif defined(HAVE_OPENSSL)
a_Tls_openssl_reset_server_state(url);
#elif defined(HAVE_MBEDTLS)
a_Tls_mbedtls_reset_server_state(url);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
void a_Tls_connect(int fd, const DilloUrl *url)
{
#if ! defined(ENABLE_TLS)
return;
#elif defined(HAVE_OPENSSL)
a_Tls_openssl_connect(fd, url);
#elif defined(HAVE_MBEDTLS)
a_Tls_mbedtls_connect(fd, url);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
void a_Tls_close_by_fd(int fd)
{
#if ! defined(ENABLE_TLS)
return;
#elif defined(HAVE_OPENSSL)
a_Tls_openssl_close_by_fd(fd);
#elif defined(HAVE_MBEDTLS)
a_Tls_mbedtls_close_by_fd(fd);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
int a_Tls_read(void *conn, void *buf, size_t len)
{
#if ! defined(ENABLE_TLS)
return 0;
#elif defined(HAVE_OPENSSL)
return a_Tls_openssl_read(conn, buf, len);
#elif defined(HAVE_MBEDTLS)
return a_Tls_mbedtls_read(conn, buf, len);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
int a_Tls_write(void *conn, void *buf, size_t len)
{
#if ! defined(ENABLE_TLS)
return 0;
#elif defined(HAVE_OPENSSL)
return a_Tls_openssl_write(conn, buf, len);
#elif defined(HAVE_MBEDTLS)
return a_Tls_mbedtls_write(conn, buf, len);
#else
# error "no TLS library found but ENABLE_TLS set"
#endif
}
|
