prosody
7e9ebdc75ce4
net/server_epoll.lua
Software / code / prosody
Comparison
net/server_epoll.lua @ 12480:7e9ebdc75ce4
net: isolate LuaSec-specifics
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Wed, 27 Apr 2022 17:44:14 +0200 |
| parent | 12342:cba0b93320b7 |
| child | 12481:2ee27587fec7 |
comparison
equal
deleted
inserted
replaced
| 12478:82270a6b1234 | 12480:7e9ebdc75ce4 |
|---|---|
| 16 local ipairs = ipairs; | 16 local ipairs = ipairs; |
| 17 local traceback = debug.traceback; | 17 local traceback = debug.traceback; |
| 18 local logger = require "util.logger"; | 18 local logger = require "util.logger"; |
| 19 local log = logger.init("server_epoll"); | 19 local log = logger.init("server_epoll"); |
| 20 local socket = require "socket"; | 20 local socket = require "socket"; |
| 21 local luasec = require "ssl"; | |
| 22 local realtime = require "util.time".now; | 21 local realtime = require "util.time".now; |
| 23 local monotonic = require "util.time".monotonic; | 22 local monotonic = require "util.time".monotonic; |
| 24 local indexedbheap = require "util.indexedbheap"; | 23 local indexedbheap = require "util.indexedbheap"; |
| 25 local createtable = require "util.table".create; | 24 local createtable = require "util.table".create; |
| 26 local inet = require "util.net"; | 25 local inet = require "util.net"; |
| 612 | 611 |
| 613 function interface:set_sslctx(sslctx) | 612 function interface:set_sslctx(sslctx) |
| 614 self._sslctx = sslctx; | 613 self._sslctx = sslctx; |
| 615 end | 614 end |
| 616 | 615 |
| 616 function interface:sslctx() | |
| 617 return self.tls_ctx | |
| 618 end | |
| 619 | |
| 620 function interface:ssl_info() | |
| 621 local sock = self.conn; | |
| 622 return sock.info and sock:info(); | |
| 623 end | |
| 624 | |
| 625 function interface:ssl_peercertificate() | |
| 626 local sock = self.conn; | |
| 627 return sock.getpeercertificate and sock:getpeercertificate(); | |
| 628 end | |
| 629 | |
| 630 function interface:ssl_peerverification() | |
| 631 local sock = self.conn; | |
| 632 return sock.getpeerverification and sock:getpeerverification(); | |
| 633 end | |
| 634 | |
| 635 function interface:ssl_peerfinished() | |
| 636 local sock = self.conn; | |
| 637 return sock.getpeerfinished and sock:getpeerfinished(); | |
| 638 end | |
| 639 | |
| 617 function interface:starttls(tls_ctx) | 640 function interface:starttls(tls_ctx) |
| 618 if tls_ctx then self.tls_ctx = tls_ctx; end | 641 if tls_ctx then self.tls_ctx = tls_ctx; end |
| 619 self.starttls = false; | 642 self.starttls = false; |
| 620 if self.writebuffer and (self.writebuffer[1] or type(self.writebuffer) == "string") then | 643 if self.writebuffer and (self.writebuffer[1] or type(self.writebuffer) == "string") then |
| 621 self:debug("Start TLS after write"); | 644 self:debug("Start TLS after write"); |
| 639 if tls_ctx then self.tls_ctx = tls_ctx; end | 662 if tls_ctx then self.tls_ctx = tls_ctx; end |
| 640 self._tls = true; | 663 self._tls = true; |
| 641 self.starttls = false; | 664 self.starttls = false; |
| 642 self:debug("Starting TLS now"); | 665 self:debug("Starting TLS now"); |
| 643 self:updatenames(); -- Can't getpeer/sockname after wrap() | 666 self:updatenames(); -- Can't getpeer/sockname after wrap() |
| 644 local ok, conn, err = pcall(luasec.wrap, self.conn, self.tls_ctx); | 667 local conn, err = self.tls_ctx:wrap(self.conn); |
| 645 if not ok then | |
| 646 conn, err = ok, conn; | |
| 647 self:debug("Failed to initialize TLS: %s", err); | |
| 648 end | |
| 649 if not conn then | 668 if not conn then |
| 650 self:on("disconnect", err); | 669 self:on("disconnect", err); |
| 651 self:destroy(); | 670 self:destroy(); |
| 652 return conn, err; | 671 return conn, err; |
| 653 end | 672 end |
| 654 conn:settimeout(0); | 673 conn:settimeout(0); |
| 655 self.conn = conn; | 674 self.conn = conn; |
| 656 if conn.sni then | 675 if conn.sni then |
| 657 if self.servername then | 676 if self.servername then |
| 658 conn:sni(self.servername); | 677 conn:sni(self.servername); |
| 659 elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then | 678 elseif next(self.tls_ctx._sni_contexts) ~= nil then |
| 660 conn:sni(self._server.hosts, true); | 679 conn:sni(self.tls_ctx._sni_contexts, true); |
| 661 end | 680 end |
| 662 end | 681 end |
| 663 if self.extra and self.extra.tlsa and conn.settlsa then | 682 if self.extra and self.extra.tlsa and conn.settlsa then |
| 664 -- TODO Error handling | 683 -- TODO Error handling |
| 665 if not conn:setdane(self.servername or self.extra.dane_hostname) then | 684 if not conn:setdane(self.servername or self.extra.dane_hostname) then |
