luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-03 16:03:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add initial TLS (SSL) support to gio

Browse Source 
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.

Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.

https://bugzilla.gnome.org/show_bug.cgi?id=588189
This commit is contained in:
Dan Winship
2009-12-21 20:50:32 +01:00
parent a1690339c7
commit 59d62726de
27 changed files with 3473 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
gio/tests/socket-client.c
View File

@@ -5,17 +5,15 @@
#include <stdio.h>
#include <string.h>
#include "socket-common.c"
GMainLoop *loop;
gboolean verbose = FALSE;
gboolean non_blocking = FALSE;
gboolean use_udp = FALSE;
gboolean use_source = FALSE;
int cancel_timeout = 0;
int read_timeout = 0;
gboolean unix_socket = FALSE;
gboolean tls = FALSE;
static GOptionEntry cmd_entries[] = {
{"cancel", 'c', 0, G_OPTION_ARG_INT, &cancel_timeout,
@@ -26,70 +24,39 @@ static GOptionEntry cmd_entries[] = {
"Be verbose", NULL},
{"non-blocking", 'n', 0, G_OPTION_ARG_NONE, &non_blocking,
"Enable non-blocking i/o", NULL},
{"use-source", 's', 0, G_OPTION_ARG_NONE, &use_source,
"Use GSource to wait for non-blocking i/o", NULL},
#ifdef G_OS_UNIX
{"unix", 'U', 0, G_OPTION_ARG_NONE, &unix_socket,
"Use a unix socket instead of IP", NULL},
#endif
{"timeout", 't', 0, G_OPTION_ARG_INT, &read_timeout,
"Time out reads after the specified number of seconds", NULL},
{"tls", 'T', 0, G_OPTION_ARG_NONE, &tls,
"Use TLS (SSL)", NULL},
{NULL}
};
#include "socket-common.c"
static gboolean
source_ready (gpointer data,
GIOCondition condition)
accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
GTlsCertificateFlags errors, gpointer user_data)
{
g_main_loop_quit (loop);
return FALSE;
}
g_print ("Certificate would have been rejected ( ");
if (errors & G_TLS_CERTIFICATE_UNKNOWN_CA)
g_print ("unknown-ca ");
if (errors & G_TLS_CERTIFICATE_BAD_IDENTITY)
g_print ("bad-identity ");
if (errors & G_TLS_CERTIFICATE_NOT_ACTIVATED)
g_print ("not-activated ");
if (errors & G_TLS_CERTIFICATE_EXPIRED)
g_print ("expired ");
if (errors & G_TLS_CERTIFICATE_REVOKED)
g_print ("revoked ");
if (errors & G_TLS_CERTIFICATE_INSECURE)
g_print ("insecure ");
g_print (") but accepting anyway.\n");
static void
ensure_condition (GSocket *socket,
const char *where,
GCancellable *cancellable,
GIOCondition condition)
{
GError *error = NULL;
GSource *source;
if (!non_blocking)
return;
if (use_source)
{
source = g_socket_create_source (socket,
condition,
cancellable);
g_source_set_callback (source,
(GSourceFunc) source_ready,
NULL, NULL);
g_source_attach (source, NULL);
g_source_unref (source);
g_main_loop_run (loop);
}
else
{
if (!g_socket_condition_wait (socket, condition, cancellable, &error))
{
g_printerr ("condition wait error for %s: %s\n",
where,
error->message);
exit (1);
}
}
}
static gpointer
cancel_thread (gpointer data)
{
GCancellable *cancellable = data;
g_usleep (1000*1000*cancel_timeout);
g_print ("Cancelling\n");
g_cancellable_cancel (cancellable);
return NULL;
return TRUE;
}
int
@@ -106,6 +73,9 @@ main (int argc,
GCancellable *cancellable;
GSocketAddressEnumerator *enumerator;
GSocketConnectable *connectable;
GIOStream *connection;
GInputStream *istream;
GOutputStream *ostream;
g_thread_init (NULL);
@@ -125,6 +95,12 @@ main (int argc,
return 1;
}
if (use_udp && tls)
{
g_printerr ("DTLS (TLS over UDP) is not supported");
return 1;
}
if (cancel_timeout)
{
cancellable = g_cancellable_new ();
@@ -201,15 +177,10 @@ main (int argc,
g_object_unref (address);
}
g_object_unref (enumerator);
g_object_unref (connectable);
g_print ("Connected to %s\n",
socket_address_to_string (address));
/* TODO: Test non-blocking connect */
if (non_blocking)
g_socket_set_blocking (socket, FALSE);
src_address = g_socket_get_local_address (socket, &error);
if (!src_address)
{
@@ -221,6 +192,49 @@ main (int argc,
socket_address_to_string (src_address));
g_object_unref (src_address);
if (use_udp)
connection = NULL;
else
connection = G_IO_STREAM (g_socket_connection_factory_create_connection (socket));
if (tls)
{
GTlsClientConnection *tls_conn;
tls_conn = g_tls_client_connection_new (connection, connectable, &error);
if (!tls_conn)
{
g_printerr ("Could not create TLS connection: %s\n",
error->message);
return 1;
}
g_signal_connect (tls_conn, "accept-certificate",
G_CALLBACK (accept_certificate), NULL);
if (!g_tls_connection_handshake (G_TLS_CONNECTION (tls_conn),
cancellable, &error))
{
g_printerr ("Error during TLS handshake: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
connection = G_IO_STREAM (tls_conn);
}
g_object_unref (connectable);
if (connection)
{
istream = g_io_stream_get_input_stream (connection);
ostream = g_io_stream_get_output_stream (connection);
}
/* TODO: Test non-blocking connect/handshake */
if (non_blocking)
g_socket_set_blocking (socket, FALSE);
while (TRUE)
{
gchar buffer[4096];
@@ -233,14 +247,20 @@ main (int argc,
to_send = strlen (buffer);
while (to_send > 0)
{
ensure_condition (socket, "send", cancellable, G_IO_OUT);
if (use_udp)
size = g_socket_send_to (socket, address,
buffer, to_send,
cancellable, &error);
{
ensure_socket_condition (socket, G_IO_OUT, cancellable);
size = g_socket_send_to (socket, address,
buffer, to_send,
cancellable, &error);
}
else
size = g_socket_send (socket, buffer, to_send,
cancellable, &error);
{
ensure_connection_condition (connection, G_IO_OUT, cancellable);
size = g_output_stream_write (ostream,
buffer, to_send,
cancellable, &error);
}
if (size < 0)
{
@@ -272,14 +292,20 @@ main (int argc,
to_send -= size;
}
ensure_condition (socket, "receive", cancellable, G_IO_IN);
if (use_udp)
size = g_socket_receive_from (socket, &src_address,
{
ensure_socket_condition (socket, G_IO_IN, cancellable);
size = g_socket_receive_from (socket, &src_address,
buffer, sizeof buffer,
cancellable, &error);
}
else
{
ensure_connection_condition (connection, G_IO_IN, cancellable);
size = g_input_stream_read (istream,
buffer, sizeof buffer,
cancellable, &error);
else
size = g_socket_receive (socket, buffer, sizeof buffer,
cancellable, &error);
}
if (size < 0)
{
@@ -306,15 +332,28 @@ main (int argc,
g_print ("closing socket\n");
if (!g_socket_close (socket, &error))
if (connection)
{
g_printerr ("Error closing master socket: %s\n",
error->message);
return 1;
if (!g_io_stream_close (connection, cancellable, &error))
{
g_printerr ("Error closing connection: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
}
else
{
if (!g_socket_close (socket, &error))
{
g_printerr ("Error closing master socket: %s\n",
error->message);
return 1;
}
}
g_object_unref (G_OBJECT (socket));
g_object_unref (G_OBJECT (address));
g_object_unref (socket);
g_object_unref (address);
return 0;
}

61
gio/tests/socket-common.c
View File

@@ -58,3 +58,64 @@ socket_address_from_string (const char *name)
#endif
return NULL;
}
static gboolean
source_ready (GPollableInputStream *stream,
gpointer data)
{
g_main_loop_quit (loop);
return FALSE;
}
static void
ensure_socket_condition (GSocket *socket,
GIOCondition condition,
GCancellable *cancellable)
{
GSource *source;
if (!non_blocking)
return;
source = g_socket_create_source (socket, condition, cancellable);
g_source_set_callback (source,
(GSourceFunc) source_ready,
NULL, NULL);
g_source_attach (source, NULL);
g_source_unref (source);
g_main_loop_run (loop);
}
static void
ensure_connection_condition (GIOStream *stream,
GIOCondition condition,
GCancellable *cancellable)
{
GSource *source;
if (!non_blocking)
return;
if (condition & G_IO_IN)
source = g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (g_io_stream_get_input_stream (stream)), cancellable);
else
source = g_pollable_output_stream_create_source (G_POLLABLE_OUTPUT_STREAM (g_io_stream_get_output_stream (stream)), cancellable);
g_source_set_callback (source,
(GSourceFunc) source_ready,
NULL, NULL);
g_source_attach (source, NULL);
g_source_unref (source);
g_main_loop_run (loop);
}
static gpointer
cancel_thread (gpointer data)
{
GCancellable *cancellable = data;
g_usleep (1000*1000*cancel_timeout);
g_print ("Cancelling\n");
g_cancellable_cancel (cancellable);
return NULL;
}

164
gio/tests/socket-server.c
View File

@@ -4,8 +4,6 @@
#include <stdlib.h>
#include <string.h>
#include "socket-common.c"
GMainLoop *loop;
int port = 7777;
@@ -13,11 +11,11 @@ gboolean verbose = FALSE;
gboolean dont_reuse_address = FALSE;
gboolean non_blocking = FALSE;
gboolean use_udp = FALSE;
gboolean use_source = FALSE;
int cancel_timeout = 0;
int read_timeout = 0;
int delay = 0;
gboolean unix_socket = FALSE;
const char *tls_cert_file = NULL;
static GOptionEntry cmd_entries[] = {
{"port", 'p', 0, G_OPTION_ARG_INT, &port,
@@ -32,8 +30,6 @@ static GOptionEntry cmd_entries[] = {
"Don't SOADDRREUSE", NULL},
{"non-blocking", 'n', 0, G_OPTION_ARG_NONE, &non_blocking,
"Enable non-blocking i/o", NULL},
{"use-source", 's', 0, G_OPTION_ARG_NONE, &use_source,
"Use GSource to wait for non-blocking i/o", NULL},
#ifdef G_OS_UNIX
{"unix", 'U', 0, G_OPTION_ARG_NONE, &unix_socket,
"Use a unix socket instead of IP", NULL},
@@ -42,63 +38,12 @@ static GOptionEntry cmd_entries[] = {
"Delay responses by the specified number of seconds", NULL},
{"timeout", 't', 0, G_OPTION_ARG_INT, &read_timeout,
"Time out reads after the specified number of seconds", NULL},
{"tls", 'T', 0, G_OPTION_ARG_STRING, &tls_cert_file,
"Use TLS (SSL) with indicated server certificate", "CERTFILE"},
{NULL}
};
static gboolean
source_ready (gpointer data,
GIOCondition condition)
{
g_main_loop_quit (loop);
return FALSE;
}
static void
ensure_condition (GSocket *socket,
const char *where,
GCancellable *cancellable,
GIOCondition condition)
{
GError *error = NULL;
GSource *source;
if (!non_blocking)
return;
if (use_source)
{
source = g_socket_create_source (socket,
condition,
cancellable);
g_source_set_callback (source,
(GSourceFunc) source_ready,
NULL, NULL);
g_source_attach (source, NULL);
g_source_unref (source);
g_main_loop_run (loop);
}
else
{
if (!g_socket_condition_wait (socket, condition, cancellable, &error))
{
g_printerr ("condition wait error for %s: %s\n",
where,
error->message);
exit (1);
}
}
}
static gpointer
cancel_thread (gpointer data)
{
GCancellable *cancellable = data;
g_usleep (1000*1000*cancel_timeout);
g_print ("Cancelling\n");
g_cancellable_cancel (cancellable);
return NULL;
}
#include "socket-common.c"
int
main (int argc,
@@ -113,6 +58,10 @@ main (int argc,
GOptionContext *context;
GCancellable *cancellable;
char *display_addr;
GTlsCertificate *tlscert = NULL;
GIOStream *connection;
GInputStream *istream;
GOutputStream *ostream;
g_thread_init (NULL);
@@ -142,6 +91,23 @@ main (int argc,
cancellable = NULL;
}
if (tls_cert_file)
{
if (use_udp)
{
g_printerr ("DTLS (TLS over UDP) is not supported");
return 1;
}
tlscert = g_tls_certificate_new_from_file (tls_cert_file, &error);
if (!tlscert)
{
g_printerr ("Could not read server certificate '%s': %s\n",
tls_cert_file, error->message);
return 1;
}
}
loop = g_main_loop_new (NULL, FALSE);
if (use_udp)
@@ -205,7 +171,7 @@ main (int argc,
g_print ("listening on %s...\n", display_addr);
g_free (display_addr);
ensure_condition (socket, "accept", cancellable, G_IO_IN);
ensure_socket_condition (socket, G_IO_IN, cancellable);
new_socket = g_socket_accept (socket, cancellable, &error);
if (!new_socket)
{
@@ -233,13 +199,45 @@ main (int argc,
g_object_unref (address);
recv_socket = new_socket;
connection = G_IO_STREAM (g_socket_connection_factory_create_connection (recv_socket));
g_object_unref (new_socket);
}
else
{
recv_socket = socket;
new_socket = NULL;
connection = NULL;
}
if (tlscert)
{
GTlsServerConnection *tls_conn;
tls_conn = g_tls_server_connection_new (connection, tlscert, &error);
if (!tls_conn)
{
g_printerr ("Could not create TLS connection: %s\n",
error->message);
return 1;
}
if (!g_tls_connection_handshake (G_TLS_CONNECTION (tls_conn),
cancellable, &error))
{
g_printerr ("Error during TLS handshake: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
connection = G_IO_STREAM (tls_conn);
}
if (connection)
{
istream = g_io_stream_get_input_stream (connection);
ostream = g_io_stream_get_output_stream (connection);
}
while (TRUE)
{
@@ -247,14 +245,20 @@ main (int argc,
gssize size;
gsize to_send;
ensure_condition (recv_socket, "receive", cancellable, G_IO_IN);
if (use_udp)
size = g_socket_receive_from (recv_socket, &address,
{
ensure_socket_condition (recv_socket, G_IO_IN, cancellable);
size = g_socket_receive_from (recv_socket, &address,
buffer, sizeof buffer,
cancellable, &error);
}
else
{
ensure_connection_condition (connection, G_IO_IN, cancellable);
size = g_input_stream_read (istream,
buffer, sizeof buffer,
cancellable, &error);
else
size = g_socket_receive (recv_socket, buffer, sizeof buffer,
cancellable, &error);
}
if (size < 0)
{
@@ -288,13 +292,19 @@ main (int argc,
while (to_send > 0)
{
ensure_condition (recv_socket, "send", cancellable, G_IO_OUT);
if (use_udp)
size = g_socket_send_to (recv_socket, address,
buffer, to_send, cancellable, &error);
{
ensure_socket_condition (recv_socket, G_IO_OUT, cancellable);
size = g_socket_send_to (recv_socket, address,
buffer, to_send, cancellable, &error);
}
else
size = g_socket_send (recv_socket, buffer, to_send,
cancellable, &error);
{
ensure_connection_condition (connection, G_IO_OUT, cancellable);
size = g_output_stream_write (ostream,
buffer, to_send,
cancellable, &error);
}
if (size < 0)
{
@@ -329,16 +339,15 @@ main (int argc,
g_print ("connection closed\n");
if (new_socket)
if (connection)
{
if (!g_socket_close (new_socket, &error))
if (!g_io_stream_close (connection, NULL, &error))
{
g_printerr ("Error closing connection socket: %s\n",
g_printerr ("Error closing connection stream: %s\n",
error->message);
return 1;
}
g_object_unref (G_OBJECT (new_socket));
g_object_unref (connection);
}
if (!g_socket_close (socket, &error))
@@ -347,8 +356,7 @@ main (int argc,
error->message);
return 1;
}
g_object_unref (G_OBJECT (socket));
g_object_unref (socket);
return 0;
}