kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 80383024a39a1c338a213ca1181a092694f80fba
parent a9f7bd7faf065f4d958da0527e94dd8e910c6feb
Author: Joris Vink <joris@coders.se>
Date:   Fri, 18 Feb 2022 10:47:05 +0100

For each TLS backend let us use correct types.

Diffstat:
Makefile | 2++
include/kore/kore.h | 27++++++++++++++++++++-------
src/python.c | 2+-
src/tls_openssl.c | 6+++---
src/utils.c | 4++--
5 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/Makefile b/Makefile @@ -40,6 +40,8 @@ LDFLAGS+=-rdynamic ifeq ("$(TLS_BACKEND)", "openssl") S_SRC+=src/keymgr_openssl.c + CFLAGS+=-DTLS_BACKEND_OPENSSL + FEATURES+=-DTLS_BACKEND_OPENSSL ifneq ("$(OPENSSL_PATH)", "") CFLAGS+=-I$(OPENSSL_PATH)/include diff --git a/include/kore/kore.h b/include/kore/kore.h @@ -61,6 +61,20 @@ extern int daemon(int, int); #define KORE_USE_PLATFORM_PLEDGE 1 #endif +#if defined(TLS_BACKEND_OPENSSL) +#include <openssl/x509.h> +#include <openssl/ssl.h> +typedef X509 KORE_X509; +typedef SSL KORE_TLS; +typedef SSL_CTX KORE_TLS_CTX; +typedef X509_NAME KORE_X509_NAMES; +#else +typedef void KORE_X509; +typedef void KORE_TLS; +typedef void KORE_TLS_CTX; +typedef void KORE_X509_NAMES; +#endif + #define KORE_RSAKEY_BITS 4096 #define KORE_RESULT_ERROR 0 @@ -78,7 +92,6 @@ extern int daemon(int, int); #define errno_s strerror(errno) #define ssl_errno_s ERR_error_string(ERR_get_error(), NULL) - #define KORE_DOMAINNAME_LEN 255 #define KORE_PIDFILE_DEFAULT "kore.pid" #define KORE_DHPARAM_PATH PREFIX "/share/kore/ffdhe4096.pem" @@ -214,8 +227,8 @@ struct connection { u_int8_t state; u_int8_t proto; struct listener *owner; - void *tls; - void *tls_cert; + KORE_TLS *tls; + KORE_X509 *tls_cert; char *tls_sni; int tls_reneg; @@ -338,7 +351,7 @@ struct kore_domain { char *crlfile; char *certfile; char *certkey; - void *ssl_ctx; + KORE_TLS_CTX *tls_ctx; int x509_verify_depth; #if !defined(KORE_NO_HTTP) TAILQ_HEAD(, kore_route) routes; @@ -826,9 +839,9 @@ void *kore_tls_rsakey_load(const char *); void *kore_tls_rsakey_generate(const char *); int kore_tls_x509_data(struct connection *, u_int8_t **, size_t *); -void *kore_tls_x509_issuer_name(struct connection *); -void *kore_tls_x509_subject_name(struct connection *); -int kore_tls_x509name_foreach(void *, int, void *, +KORE_X509_NAMES *kore_tls_x509_issuer_name(struct connection *); +KORE_X509_NAMES *kore_tls_x509_subject_name(struct connection *); +int kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *, int (*)(void *, int, int, const char *, const void *, size_t, int)); /* accesslog.c */ diff --git a/src/python.c b/src/python.c @@ -2935,7 +2935,7 @@ pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure) static PyObject * pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure) { - void *name; + KORE_X509_NAMES *name; PyObject *dict, *issuer, *subject, *ret; ret = NULL; diff --git a/src/tls_openssl.c b/src/tls_openssl.c @@ -651,7 +651,7 @@ kore_tls_rsakey_generate(const char *path) return (pkey); } -void * +KORE_X509_NAMES * kore_tls_x509_subject_name(struct connection *c) { X509_NAME *name; @@ -662,7 +662,7 @@ kore_tls_x509_subject_name(struct connection *c) return (name); } -void * +KORE_X509_NAMES * kore_tls_x509_issuer_name(struct connection *c) { X509_NAME *name; @@ -674,7 +674,7 @@ kore_tls_x509_issuer_name(struct connection *c) } int -kore_tls_x509name_foreach(void *name, int flags, void *udata, +kore_tls_x509name_foreach(KORE_X509_NAMES *name, int flags, void *udata, int (*cb)(void *, int, int, const char *, const void *, size_t, int)) { u_int8_t *data; diff --git a/src/utils.c b/src/utils.c @@ -495,7 +495,7 @@ int kore_x509_issuer_name(struct connection *c, char **out, int flags) { struct kore_buf buf; - void *name; + KORE_X509_NAMES *name; if ((name = kore_tls_x509_issuer_name(c)) == NULL) return (KORE_RESULT_ERROR); @@ -520,7 +520,7 @@ int kore_x509_subject_name(struct connection *c, char **out, int flags) { struct kore_buf buf; - void *name; + KORE_X509_NAMES *name; if ((name = kore_tls_x509_subject_name(c)) == NULL) return (KORE_RESULT_ERROR);