uSockets icon indicating copy to clipboard operation
uSockets copied to clipboard
verified publisher icon uNetworking

us_update_socket_context() and ability to specify inline key/cert

Open partyblob opened this issue 1 year ago • 4 comments

This pull request adds the ability to reload us_socket_context_options_t for a socket context via

int us_update_socket_context(int ssl, struct us_socket_context_t* ctx, struct us_socket_context_options_t* options);

rather than by workarounds like add_server_name (which rely on SNI callbacks and do not work for situations like wildcard or shared certificates)

Note 1: As the options are only use by SSL, this function only has an effect when ssl != 0.

Note 2: The options object is a pointer to avoid copying data

Note 3: This is meant for listen sockets, changed options only reflect new child sockets

As well as the ability to specify certificate, private key, CA and dh-params as raw data rather than file paths

struct us_socket_context_options_t options = {
  .key_file = "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
  .cert_file = "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
  .key_data_inline = 1, // Switch for .key_file
  .cert_data_inline = 1, // Switch for .cert_file and .ca_file
  //.dh_params_data_inline = 1 // switch for .dh_params_file
  
};
us_update_socket_context(1, ctx, &options);

which is available via the new us_socket_context_options_t interface

struct us_socket_context_options_t {
    union{ const char *key_file_name, *key_file; };
    union{ const char *cert_file_name, *cert_file; };
    const char *passphrase;
    union{ const char *dh_params_file_name, *dh_params_file; };
    union{ const char *ca_file_name, *ca_file; };
    const char *ssl_ciphers;
    char ssl_prefer_low_memory_usage;
    char key_data_inline;
    char cert_data_inline;
    char dh_params_data_inline;
};

Note 1: All formats remain PEM and \0-terminated

Note 2: key_file is an alias for key_file_name, likewise cert_file etc.... the *_data_inline flags are what specify how the string is used

Note 3: ssl_prefer_low_memory_usage as well as the new switches have been changed to char in order to keep the structure size the same (generally speaking)

partyblob avatar Oct 22 '24 23:10 partyblob

Added fixes for #211

partyblob avatar Oct 22 '24 23:10 partyblob

Added partial solution to #29 via

  1. Helper function for a thread-safe DNS lookup which can be run in a threadpool
struct addrinfo *us_get_addr(const char* host, int port);
void us_free_addr(struct addrinfo *addr);
  1. Function to connect with an addrinfo object
struct us_socket_t *us_socket_context_connect_addr(int ssl, struct us_socket_context_t *context, const struct addrinfo *host, const char *source_host, int options, int socket_ext_size);

Note that dependencies need not include headers for addrinfo: the struct is forward-declared and can be used completely opaquely thanks to the helper functions

partyblob avatar Oct 25 '24 10:10 partyblob

No way I can merge this as one MR, you need to separate it into multiple smaller Mrs with clear separation of concern. Otherwise, I'm positive 👍

uNetworkingAB avatar Oct 26 '24 18:10 uNetworkingAB

No way I can merge this as one MR, you need to separate it into multiple smaller Mrs with clear separation of concern. Otherwise, I'm positive 👍

Yeah I didn't realise making commits after a PR updates the PR, I'll separate into branches when I get home

partyblob avatar Oct 26 '24 20:10 partyblob