prosody
33d500c25d76
net/server_epoll.lua
Software / code / prosody
Comparison
net/server_epoll.lua @ 9309:33d500c25d76
net.server_epoll: Refactor Direct TLS assumptions outwards
The assumption that connections are "Direct TLS" when a TLS context is
supplided should be broken. The goal is to make it easy to add a new API
that can be given a TLS context at creation even if it should do
STARTTLS.
With this commit, only the exposed server_select-compatible API assumes
Direct TLS when a TLS context is included.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 13 Sep 2018 20:37:43 +0200 |
| parent | 9306:35c128b42509 |
| child | 9310:2d2d4c293efa |
comparison
equal
deleted
inserted
replaced
| 9308:21c2f3331c59 | 9309:33d500c25d76 |
|---|---|
| 452 log("debug", "TLS handshake on %s complete", self); | 452 log("debug", "TLS handshake on %s complete", self); |
| 453 self.onwritable = nil; | 453 self.onwritable = nil; |
| 454 self.onreadable = nil; | 454 self.onreadable = nil; |
| 455 self._tls = true; | 455 self._tls = true; |
| 456 self:on("status", "ssl-handshake-complete"); | 456 self:on("status", "ssl-handshake-complete"); |
| 457 self.init = nil; -- Restore default method | |
| 458 self:init(); | 457 self:init(); |
| 459 elseif err == "wantread" then | 458 elseif err == "wantread" then |
| 460 log("debug", "TLS handshake on %s to wait until readable", self); | 459 log("debug", "TLS handshake on %s to wait until readable", self); |
| 461 self:setflags(true, false); | 460 self:setflags(true, false); |
| 462 self:setreadtimeout(cfg.handshake_timeout); | 461 self:setreadtimeout(cfg.handshake_timeout); |
| 487 conn.peername, conn.peerport = client:getpeername(); | 486 conn.peername, conn.peerport = client:getpeername(); |
| 488 end | 487 end |
| 489 if client.getsockname then | 488 if client.getsockname then |
| 490 conn.sockname, conn.sockport = client:getsockname(); | 489 conn.sockname, conn.sockport = client:getsockname(); |
| 491 end | 490 end |
| 492 if tls_ctx then | |
| 493 conn.init = interface.starttls; | |
| 494 end | |
| 495 return conn; | 491 return conn; |
| 496 end | 492 end |
| 497 | 493 |
| 498 -- A server interface has new incoming connections waiting | 494 -- A server interface has new incoming connections waiting |
| 499 -- This replaces the onreadable callback | 495 -- This replaces the onreadable callback |
| 502 if not conn then | 498 if not conn then |
| 503 log("debug", "Error accepting new client: %s, server will be paused for %ds", err, cfg.accept_retry_interval); | 499 log("debug", "Error accepting new client: %s, server will be paused for %ds", err, cfg.accept_retry_interval); |
| 504 self:pausefor(cfg.accept_retry_interval); | 500 self:pausefor(cfg.accept_retry_interval); |
| 505 return; | 501 return; |
| 506 end | 502 end |
| 507 local client = wrapsocket(conn, self, nil, self.listeners, self.tls_ctx); | 503 local client = wrapsocket(conn, self, nil, self.listeners); |
| 508 log("debug", "New connection %s", tostring(client)); | 504 log("debug", "New connection %s", tostring(client)); |
| 509 client:init(); | 505 if self.tls_direct then |
| 506 client:starttls(self.tls_ctx); | |
| 507 else | |
| 508 client:init(); | |
| 509 end | |
| 510 end | 510 end |
| 511 | 511 |
| 512 -- Initialization | 512 -- Initialization |
| 513 function interface:init() | 513 function interface:init() |
| 514 self:setwritetimeout(); | 514 self:setwritetimeout(); |
| 557 created = gettime(); | 557 created = gettime(); |
| 558 listeners = listeners; | 558 listeners = listeners; |
| 559 _pattern = pattern; | 559 _pattern = pattern; |
| 560 onreadable = interface.onacceptable; | 560 onreadable = interface.onacceptable; |
| 561 tls_ctx = tls_ctx; | 561 tls_ctx = tls_ctx; |
| 562 tls_direct = tls_ctx and true or false; | |
| 562 sockname = addr; | 563 sockname = addr; |
| 563 sockport = port; | 564 sockport = port; |
| 564 }, interface_mt); | 565 }, interface_mt); |
| 565 server:setflags(true, false); | 566 server:setflags(true, false); |
| 566 return server; | 567 return server; |
| 570 local function wrapclient(conn, addr, port, listeners, pattern, tls_ctx) | 571 local function wrapclient(conn, addr, port, listeners, pattern, tls_ctx) |
| 571 local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx); | 572 local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx); |
| 572 if not client.peername then | 573 if not client.peername then |
| 573 client.peername, client.peerport = addr, port; | 574 client.peername, client.peerport = addr, port; |
| 574 end | 575 end |
| 575 client:init(); | 576 if tls_ctx then |
| 577 client:starttls(tls_ctx); | |
| 578 else | |
| 579 client:init(); | |
| 580 end | |
| 576 return client; | 581 return client; |
| 577 end | 582 end |
| 578 | 583 |
| 579 -- New outgoing TCP connection | 584 -- New outgoing TCP connection |
| 580 local function addclient(addr, port, listeners, pattern, tls_ctx) | 585 local function addclient(addr, port, listeners, pattern, tls_ctx) |
| 581 local conn, err = socket.tcp(); | 586 local conn, err = socket.tcp(); |
| 582 if not conn then return conn, err; end | 587 if not conn then return conn, err; end |
| 583 conn:settimeout(0); | 588 conn:settimeout(0); |
| 584 conn:connect(addr, port); | 589 conn:connect(addr, port); |
| 585 local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx) | 590 local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx) |
| 586 client:init(); | 591 if tls_ctx then |
| 592 client:starttls(tls_ctx); | |
| 593 else | |
| 594 client:init(); | |
| 595 end | |
| 587 return client, conn; | 596 return client, conn; |
| 588 end | 597 end |
| 589 | 598 |
| 590 local function watchfd(fd, onreadable, onwriteable) | 599 local function watchfd(fd, onreadable, onwriteable) |
| 591 local conn = setmetatable({ | 600 local conn = setmetatable({ |
