Commit 4725c6b5 authored by Ondřej Surý's avatar Ondřej Surý

Move tls_credentials to struct network

parent aede98c2
......@@ -352,13 +352,17 @@ static int net_pipeline(lua_State *L)
static int net_tls(lua_State *L)
{
struct worker_ctx *worker = wrk_luaget(L);
if (!worker) {
struct engine *engine = engine_luaget(L);
if (!engine) {
return 0;
}
struct network *net = &engine->net;
if (!net) {
return 0;
}
if (lua_gettop(L) == 0) {
lua_pushfstring(L, "(\"%s\", \"%s\")", worker->tls_credentials->tls_cert, worker->tls_credentials->tls_key);
lua_pushfstring(L, "(\"%s\", \"%s\")", net->tls_credentials->tls_cert, net->tls_credentials->tls_key);
return 1;
}
......@@ -367,7 +371,7 @@ static int net_tls(lua_State *L)
lua_error(L);
}
int r = tls_certificate_set(worker, lua_tostring(L, 1), lua_tostring(L, 2));
int r = tls_certificate_set(net, lua_tostring(L, 1), lua_tostring(L, 2));
if (r != 0) {
lua_pushstring(L, strerror(ENOMEM));
lua_error(L);
......
......@@ -19,6 +19,7 @@
#include "daemon/network.h"
#include "daemon/worker.h"
#include "daemon/io.h"
#include "daemon/tls.h"
/* libuv 1.7.0+ is able to support SO_REUSEPORT for loadbalancing */
#if defined(UV_VERSION_HEX)
......@@ -101,6 +102,8 @@ void network_deinit(struct network *net)
map_walk(&net->endpoints, close_key, 0);
map_walk(&net->endpoints, free_key, 0);
map_clear(&net->endpoints);
tls_credentials_free(net->tls_credentials);
net->tls_credentials = NULL;
}
}
......
......@@ -41,8 +41,9 @@ typedef array_t(struct endpoint*) endpoint_array_t;
/* @endcond */
struct network {
uv_loop_t *loop;
map_t endpoints;
uv_loop_t *loop;
map_t endpoints;
struct tls_credentials *tls_credentials;
};
void network_init(struct network *net, uv_loop_t *loop);
......
......@@ -42,7 +42,7 @@ struct tls_ctx_t {
ssize_t nread;
ssize_t consumed;
uint8_t recv_buf[4096];
struct tls_credentials_t *credentials;
struct tls_credentials *credentials;
};
/** @internal Debugging facility. */
......@@ -111,7 +111,8 @@ static ssize_t kres_gnutls_pull(gnutls_transport_ptr_t h, void *buf, size_t len)
struct tls_ctx_t *tls_new(struct worker_ctx *worker)
{
assert(worker != NULL);
if (!worker->tls_credentials) {
struct network *net = &worker->engine->net;
if (!net->tls_credentials) {
kr_log_error("[tls] x509 credentials are missing; no TLS\n");
return NULL;
}
......@@ -128,7 +129,7 @@ struct tls_ctx_t *tls_new(struct worker_ctx *worker)
tls_free(tls);
return NULL;
}
tls->credentials = tls_credentials_reserve(worker);
tls->credentials = tls_credentials_reserve(net->tls_credentials);
err = gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->credentials->credentials);
if (err < 0) {
kr_log_error("[tls] gnutls_credentials_set(): %s (%d)\n", gnutls_strerror_name(err), err);
......@@ -269,13 +270,13 @@ static int str_replace(char **where_ptr, const char *with)
return kr_ok();
}
int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const char *tls_key)
int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key)
{
if (!worker) {
if (!net) {
return kr_error(EINVAL);
}
struct tls_credentials_t *tls_credentials = calloc(1, sizeof(*tls_credentials));
struct tls_credentials *tls_credentials = calloc(1, sizeof(*tls_credentials));
if (tls_credentials == NULL) {
return kr_error(ENOMEM);
}
......@@ -310,10 +311,10 @@ int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const c
return kr_error(EINVAL);
}
// Exchange the x509 credentials
struct tls_credentials_t *old_credentials = worker->tls_credentials;
struct tls_credentials *old_credentials = net->tls_credentials;
// Start using the new x509_credentials
worker->tls_credentials = tls_credentials;
net->tls_credentials = tls_credentials;
if (old_credentials) {
err = tls_credentials_release(old_credentials);
......@@ -325,12 +326,15 @@ int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const c
return kr_ok();
}
struct tls_credentials_t *tls_credentials_reserve(struct worker_ctx *worker) {
worker->tls_credentials->count++;
return worker->tls_credentials;
struct tls_credentials *tls_credentials_reserve(struct tls_credentials *tls_credentials) {
if (!tls_credentials) {
return NULL;
}
tls_credentials->count++;
return tls_credentials;
}
int tls_credentials_release(struct tls_credentials_t *tls_credentials) {
int tls_credentials_release(struct tls_credentials *tls_credentials) {
if (!tls_credentials) {
return kr_error(EINVAL);
}
......@@ -342,7 +346,7 @@ int tls_credentials_release(struct tls_credentials_t *tls_credentials) {
return kr_ok();
}
void tls_credentials_free(struct tls_credentials_t *tls_credentials) {
void tls_credentials_free(struct tls_credentials *tls_credentials) {
if (!tls_credentials) {
return;
}
......
......@@ -21,8 +21,8 @@
#include <libknot/packet/pkt.h>
struct tls_ctx_t;
struct tls_credentials_t;
struct tls_credentials_t {
struct tls_credentials;
struct tls_credentials {
int count;
char *tls_cert;
char *tls_key;
......@@ -37,7 +37,7 @@ void tls_free(struct tls_ctx_t* tls);
int tls_push(struct qr_task *task, uv_handle_t* handle, knot_pkt_t * pkt);
int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *buf, ssize_t nread);
int tls_certificate_set(struct worker_ctx *worker, const char *tls_cert, const char *tls_key);
int tls_credentials_release(struct tls_credentials_t *tls_credentials);
void tls_credentials_free(struct tls_credentials_t *tls_credentials);
struct tls_credentials_t *tls_credentials_reserve(struct worker_ctx *worker);
int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key);
int tls_credentials_release(struct tls_credentials *tls_credentials);
void tls_credentials_free(struct tls_credentials *tls_credentials);
struct tls_credentials *tls_credentials_reserve(struct tls_credentials *worker);
......@@ -995,7 +995,6 @@ int worker_reserve(struct worker_ctx *worker, size_t ring_maxlen)
worker->pkt_pool.alloc = (knot_mm_alloc_t) mp_alloc;
worker->outgoing = map_make();
worker->tcp_pipeline_max = MAX_PIPELINED;
worker->tls_credentials = NULL;
return kr_ok();
}
......@@ -1015,8 +1014,6 @@ void worker_reclaim(struct worker_ctx *worker)
mp_delete(worker->pkt_pool.ctx);
worker->pkt_pool.ctx = NULL;
map_clear(&worker->outgoing);
tls_credentials_free(worker->tls_credentials);
worker->tls_credentials = NULL;
}
#undef DEBUG_MSG
......@@ -28,7 +28,7 @@
/** @cond internal Freelist of available mempools. */
typedef array_t(void *) mp_freelist_t;
struct tls_credentials_t;
struct tls_credentials;
/**
* Query resolution worker.
......@@ -59,7 +59,6 @@ struct worker_ctx {
mp_freelist_t pool_ioreq;
mp_freelist_t pool_sessions;
knot_mm_t pkt_pool;
struct tls_credentials_t *tls_credentials;
};
/* Worker callback */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment