Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
mosquitto-2.0.13
/
lib
/
net_mosq.c

net_mosq.c 28 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227 
  1. /*
    2. 

  2. Copyright (c) 2009-2020 Roger Light <roger@atchoo.org>
    3. 

  3. 

  4. All rights reserved. This program and the accompanying materials
    5. 

  5. are made available under the terms of the Eclipse Public License 2.0
    6. 

  6. and Eclipse Distribution License v1.0 which accompany this distribution.
    7. 

  7. 

  8. The Eclipse Public License is available at
    9. 

  9.    https://www.eclipse.org/legal/epl-2.0/
    10. 

  10. and the Eclipse Distribution License is available at
    11. 

  11.   http://www.eclipse.org/org/documents/edl-v10.php.
    12. 

  12. 

  13. SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
    14. 

  14. 

  15. Contributors:
    16. 

  16.    Roger Light - initial implementation and documentation.
    17. 

  17. */
    18. 

  18. 

  19. #define _GNU_SOURCE
    20. 

  20. #include "config.h"
    21. 

  21. 

  22. #include <assert.h>
    23. 

  23. #include <errno.h>
    24. 

  24. #include <fcntl.h>
    25. 

  25. #include <stdio.h>
    26. 

  26. #include <string.h>
    27. 

  27. #ifndef WIN32
    28. 

  28. #define _GNU_SOURCE
    29. 

  29. #include <netdb.h>
    30. 

  30. #include <netinet/tcp.h>
    31. 

  31. #include <sys/socket.h>
    32. 

  32. #include <unistd.h>
    33. 

  33. #else
    34. 

  34. #include <winsock2.h>
    35. 

  35. #include <ws2tcpip.h>
    36. 

  36. #endif
    37. 

  37. 

  38. #ifdef __ANDROID__
    39. 

  39. #include <linux/in.h>
    40. 

  40. #include <linux/in6.h>
    41. 

  41. #include <sys/endian.h>
    42. 

  42. #endif
    43. 

  43. 

  44. #ifdef HAVE_NETINET_IN_H
    45. 

  45. #  include <netinet/in.h>
    46. 

  46. #endif
    47. 

  47. 

  48. #ifdef WITH_UNIX_SOCKETS
    49. 

  49. #  include <sys/un.h>
    50. 

  50. #endif
    51. 

  51. 

  52. #ifdef __QNX__
    53. 

  53. #include <net/netbyte.h>
    54. 

  54. #endif
    55. 

  55. 

  56. #ifdef WITH_TLS
    57. 

  57. #include <openssl/conf.h>
    58. 

  58. #include <openssl/engine.h>
    59. 

  59. #include <openssl/err.h>
    60. 

  60. #include <openssl/ui.h>
    61. 

  61. #include <tls_mosq.h>
    62. 

  62. #endif
    63. 

  63. 

  64. #ifdef WITH_BROKER
    65. 

  65. #  include "mosquitto_broker_internal.h"
    66. 

  66. #  ifdef WITH_WEBSOCKETS
    67. 

  67. #    include <libwebsockets.h>
    68. 

  68. #  endif
    69. 

  69. #else
    70. 

  70. #  include "read_handle.h"
    71. 

  71. #endif
    72. 

  72. 

  73. #include "logging_mosq.h"
    74. 

  74. #include "memory_mosq.h"
    75. 

  75. #include "mqtt_protocol.h"
    76. 

  76. #include "net_mosq.h"
    77. 

  77. #include "time_mosq.h"
    78. 

  78. #include "util_mosq.h"
    79. 

  79. 

  80. #ifdef WITH_TLS
    81. 

  81. int tls_ex_index_mosq = -1;
    82. 

  82. UI_METHOD *_ui_method = NULL;
    83. 

  83. 

  84. static bool is_tls_initialized = false;
    85. 

  85. 

  86. /* Functions taken from OpenSSL s_server/s_client */
    87. 

  87. static int ui_open(UI *ui)
    88. 

  88. {
    89. 

  89. 	return UI_method_get_opener(UI_OpenSSL())(ui);
    90. 

  90. }
    91. 

  91. 

  92. static int ui_read(UI *ui, UI_STRING *uis)
    93. 

  93. {
    94. 

  94. 	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
    95. 

  95. }
    96. 

  96. 

  97. static int ui_write(UI *ui, UI_STRING *uis)
    98. 

  98. {
    99. 

  99. 	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
    100. 

  100. }
    101. 

  101. 

  102. static int ui_close(UI *ui)
    103. 

  103. {
    104. 

  104. 	return UI_method_get_closer(UI_OpenSSL())(ui);
    105. 

  105. }
    106. 

  106. 

  107. static void setup_ui_method(void)
    108. 

  108. {
    109. 

  109. 	_ui_method = UI_create_method("OpenSSL application user interface");
    110. 

  110. 	UI_method_set_opener(_ui_method, ui_open);
    111. 

  111. 	UI_method_set_reader(_ui_method, ui_read);
    112. 

  112. 	UI_method_set_writer(_ui_method, ui_write);
    113. 

  113. 	UI_method_set_closer(_ui_method, ui_close);
    114. 

  114. }
    115. 

  115. 

  116. static void cleanup_ui_method(void)
    117. 

  117. {
    118. 

  118. 	if(_ui_method){
    119. 

  119. 		UI_destroy_method(_ui_method);
    120. 

  120. 		_ui_method = NULL;
    121. 

  121. 	}
    122. 

  122. }
    123. 

  123. 

  124. UI_METHOD *net__get_ui_method(void)
    125. 

  125. {
    126. 

  126. 	return _ui_method;
    127. 

  127. }
    128. 

  128. 

  129. #endif
    130. 

  130. 

  131. int net__init(void)
    132. 

  132. {
    133. 

  133. #ifdef WIN32
    134. 

  134. 	WSADATA wsaData;
    135. 

  135. 	if(WSAStartup(MAKEWORD(2,2), &wsaData) != 0){
    136. 

  136. 		return MOSQ_ERR_UNKNOWN;
    137. 

  137. 	}
    138. 

  138. #endif
    139. 

  139. 

  140. #ifdef WITH_SRV
    141. 

  141. 	ares_library_init(ARES_LIB_INIT_ALL);
    142. 

  142. #endif
    143. 

  143. 

  144. 	return MOSQ_ERR_SUCCESS;
    145. 

  145. }
    146. 

  146. 

  147. void net__cleanup(void)
    148. 

  148. {
    149. 

  149. #ifdef WITH_TLS
    150. 

  150. #  if OPENSSL_VERSION_NUMBER < 0x10100000L
    151. 

  151. 	CRYPTO_cleanup_all_ex_data();
    152. 

  152. 	ERR_free_strings();
    153. 

  153. 	ERR_remove_thread_state(NULL);
    154. 

  154. 	EVP_cleanup();
    155. 

  155. 

  156. #    if !defined(OPENSSL_NO_ENGINE)
    157. 

  157. 	ENGINE_cleanup();
    158. 

  158. #    endif
    159. 

  159. 	is_tls_initialized = false;
    160. 

  160. #  endif
    161. 

  161. 

  162. 	CONF_modules_unload(1);
    163. 

  163. 	cleanup_ui_method();
    164. 

  164. #endif
    165. 

  165. 

  166. #ifdef WITH_SRV
    167. 

  167. 	ares_library_cleanup();
    168. 

  168. #endif
    169. 

  169. 

  170. #ifdef WIN32
    171. 

  171. 	WSACleanup();
    172. 

  172. #endif
    173. 

  173. }
    174. 

  174. 

  175. #ifdef WITH_TLS
    176. 

  176. void net__init_tls(void)
    177. 

  177. {
    178. 

  178. 	if(is_tls_initialized) return;
    179. 

  179. 

  180. #  if OPENSSL_VERSION_NUMBER < 0x10100000L
    181. 

  181. 	SSL_load_error_strings();
    182. 

  182. 	SSL_library_init();
    183. 

  183. 	OpenSSL_add_all_algorithms();
    184. 

  184. #  else
    185. 

  185. 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
    186. 

  186. 			| OPENSSL_INIT_ADD_ALL_DIGESTS \
    187. 

  187. 			| OPENSSL_INIT_LOAD_CONFIG, NULL);
    188. 

  188. #  endif
    189. 

  189. #if !defined(OPENSSL_NO_ENGINE)
    190. 

  190. 	ENGINE_load_builtin_engines();
    191. 

  191. #endif
    192. 

  192. 	setup_ui_method();
    193. 

  193. 	if(tls_ex_index_mosq == -1){
    194. 

  194. 		tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
    195. 

  195. 	}
    196. 

  196. 

  197. 	is_tls_initialized = true;
    198. 

  198. }
    199. 

  199. #endif
    200. 

  200. 

  201. /* Close a socket associated with a context and set it to -1.
    202. 

  202.  * Returns 1 on failure (context is NULL)
    203. 

  203.  * Returns 0 on success.
    204. 

  204.  */
    205. 

  205. int net__socket_close(struct mosquitto *mosq)
    206. 

  206. {
    207. 

  207. 	int rc = 0;
    208. 

  208. #ifdef WITH_BROKER
    209. 

  209. 	struct mosquitto *mosq_found;
    210. 

  210. #endif
    211. 

  211. 

  212. 	assert(mosq);
    213. 

  213. #ifdef WITH_TLS
    214. 

  214. #ifdef WITH_WEBSOCKETS
    215. 

  215. 	if(!mosq->wsi)
    216. 

  216. #endif
    217. 

  217. 	{
    218. 

  218. 		if(mosq->ssl){
    219. 

  219. 			if(!SSL_in_init(mosq->ssl)){
    220. 

  220. 				SSL_shutdown(mosq->ssl);
    221. 

  221. 			}
    222. 

  222. 			SSL_free(mosq->ssl);
    223. 

  223. 			mosq->ssl = NULL;
    224. 

  224. 		}
    225. 

  225. 	}
    226. 

  226. #endif
    227. 

  227. 

  228. #ifdef WITH_WEBSOCKETS
    229. 

  229. 	if(mosq->wsi)
    230. 

  230. 	{
    231. 

  231. 		if(mosq->state != mosq_cs_disconnecting){
    232. 

  232. 			mosquitto__set_state(mosq, mosq_cs_disconnect_ws);
    233. 

  233. 		}
    234. 

  234. 		lws_callback_on_writable(mosq->wsi);
    235. 

  235. 	}else
    236. 

  236. #endif
    237. 

  237. 	{
    238. 

  238. 		if(mosq->sock != INVALID_SOCKET){
    239. 

  239. #ifdef WITH_BROKER
    240. 

  240. 			HASH_FIND(hh_sock, db.contexts_by_sock, &mosq->sock, sizeof(mosq->sock), mosq_found);
    241. 

  241. 			if(mosq_found){
    242. 

  242. 				HASH_DELETE(hh_sock, db.contexts_by_sock, mosq_found);
    243. 

  243. 			}
    244. 

  244. #endif
    245. 

  245. 			rc = COMPAT_CLOSE(mosq->sock);
    246. 

  246. 			mosq->sock = INVALID_SOCKET;
    247. 

  247. 		}
    248. 

  248. 	}
    249. 

  249. 

  250. #ifdef WITH_BROKER
    251. 

  251. 	if(mosq->listener){
    252. 

  252. 		mosq->listener->client_count--;
    253. 

  253. 		mosq->listener = NULL;
    254. 

  254. 	}
    255. 

  255. #endif
    256. 

  256. 

  257. 	return rc;
    258. 

  258. }
    259. 

  259. 

  260. 

  261. #ifdef FINAL_WITH_TLS_PSK
    262. 

  262. static unsigned int psk_client_callback(SSL *ssl, const char *hint,
    263. 

  263. 		char *identity, unsigned int max_identity_len,
    264. 

  264. 		unsigned char *psk, unsigned int max_psk_len)
    265. 

  265. {
    266. 

  266. 	struct mosquitto *mosq;
    267. 

  267. 	int len;
    268. 

  268. 

  269. 	UNUSED(hint);
    270. 

  270. 

  271. 	mosq = SSL_get_ex_data(ssl, tls_ex_index_mosq);
    272. 

  272. 	if(!mosq) return 0;
    273. 

  273. 

  274. 	snprintf(identity, max_identity_len, "%s", mosq->tls_psk_identity);
    275. 

  275. 

  276. 	len = mosquitto__hex2bin(mosq->tls_psk, psk, (int)max_psk_len);
    277. 

  277. 	if (len < 0) return 0;
    278. 

  278. 	return (unsigned int)len;
    279. 

  279. }
    280. 

  280. #endif
    281. 

  281. 

  282. #if defined(WITH_BROKER) && defined(__GLIBC__) && defined(WITH_ADNS)
    283. 

  283. /* Async connect, part 1 (dns lookup) */
    284. 

  284. int net__try_connect_step1(struct mosquitto *mosq, const char *host)
    285. 

  285. {
    286. 

  286. 	int s;
    287. 

  287. 	void *sevp = NULL;
    288. 

  288. 	struct addrinfo *hints;
    289. 

  289. 

  290. 	if(mosq->adns){
    291. 

  291. 		gai_cancel(mosq->adns);
    292. 

  292. 		mosquitto__free((struct addrinfo *)mosq->adns->ar_request);
    293. 

  293. 		mosquitto__free(mosq->adns);
    294. 

  294. 	}
    295. 

  295. 	mosq->adns = mosquitto__calloc(1, sizeof(struct gaicb));
    296. 

  296. 	if(!mosq->adns){
    297. 

  297. 		return MOSQ_ERR_NOMEM;
    298. 

  298. 	}
    299. 

  299. 

  300. 	hints = mosquitto__calloc(1, sizeof(struct addrinfo));
    301. 

  301. 	if(!hints){
    302. 

  302. 		mosquitto__free(mosq->adns);
    303. 

  303. 		mosq->adns = NULL;
    304. 

  304. 		return MOSQ_ERR_NOMEM;
    305. 

  305. 	}
    306. 

  306. 

  307. 	hints->ai_family = AF_UNSPEC;
    308. 

  308. 	hints->ai_socktype = SOCK_STREAM;
    309. 

  309. 

  310. 	mosq->adns->ar_name = host;
    311. 

  311. 	mosq->adns->ar_request = hints;
    312. 

  312. 

  313. 	s = getaddrinfo_a(GAI_NOWAIT, &mosq->adns, 1, sevp);
    314. 

  314. 	if(s){
    315. 

  315. 		errno = s;
    316. 

  316. 		if(mosq->adns){
    317. 

  317. 			mosquitto__free((struct addrinfo *)mosq->adns->ar_request);
    318. 

  318. 			mosquitto__free(mosq->adns);
    319. 

  319. 			mosq->adns = NULL;
    320. 

  320. 		}
    321. 

  321. 		return MOSQ_ERR_EAI;
    322. 

  322. 	}
    323. 

  323. 

  324. 	return MOSQ_ERR_SUCCESS;
    325. 

  325. }
    326. 

  326. 

  327. /* Async connect part 2, the connection. */
    328. 

  328. int net__try_connect_step2(struct mosquitto *mosq, uint16_t port, mosq_sock_t *sock)
    329. 

  329. {
    330. 

  330. 	struct addrinfo *ainfo, *rp;
    331. 

  331. 	int rc;
    332. 

  332. 

  333. 	ainfo = mosq->adns->ar_result;
    334. 

  334. 

  335. 	for(rp = ainfo; rp != NULL; rp = rp->ai_next){
    336. 

  336. 		*sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
    337. 

  337. 		if(*sock == INVALID_SOCKET) continue;
    338. 

  338. 

  339. 		if(rp->ai_family == AF_INET){
    340. 

  340. 			((struct sockaddr_in *)rp->ai_addr)->sin_port = htons(port);
    341. 

  341. 		}else if(rp->ai_family == AF_INET6){
    342. 

  342. 			((struct sockaddr_in6 *)rp->ai_addr)->sin6_port = htons(port);
    343. 

  343. 		}else{
    344. 

  344. 			COMPAT_CLOSE(*sock);
    345. 

  345. 			*sock = INVALID_SOCKET;
    346. 

  346. 			continue;
    347. 

  347. 		}
    348. 

  348. 

  349. 		/* Set non-blocking */
    350. 

  350. 		if(net__socket_nonblock(sock)){
    351. 

  351. 			continue;
    352. 

  352. 		}
    353. 

  353. 

  354. 		rc = connect(*sock, rp->ai_addr, rp->ai_addrlen);
    355. 

  355. #ifdef WIN32
    356. 

  356. 		errno = WSAGetLastError();
    357. 

  357. #endif
    358. 

  358. 		if(rc == 0 || errno == EINPROGRESS || errno == COMPAT_EWOULDBLOCK){
    359. 

  359. 			if(rc < 0 && (errno == EINPROGRESS || errno == COMPAT_EWOULDBLOCK)){
    360. 

  360. 				rc = MOSQ_ERR_CONN_PENDING;
    361. 

  361. 			}
    362. 

  362. 

  363. 			/* Set non-blocking */
    364. 

  364. 			if(net__socket_nonblock(sock)){
    365. 

  365. 				continue;
    366. 

  366. 			}
    367. 

  367. 			break;
    368. 

  368. 		}
    369. 

  369. 

  370. 		COMPAT_CLOSE(*sock);
    371. 

  371. 		*sock = INVALID_SOCKET;
    372. 

  372. 	}
    373. 

  373. 	freeaddrinfo(mosq->adns->ar_result);
    374. 

  374. 	mosq->adns->ar_result = NULL;
    375. 

  375. 

  376. 	mosquitto__free((struct addrinfo *)mosq->adns->ar_request);
    377. 

  377. 	mosquitto__free(mosq->adns);
    378. 

  378. 	mosq->adns = NULL;
    379. 

  379. 

  380. 	if(!rp){
    381. 

  381. 		return MOSQ_ERR_ERRNO;
    382. 

  382. 	}
    383. 

  383. 

  384. 	return rc;
    385. 

  385. }
    386. 

  386. 

  387. #endif
    388. 

  388. 

  389. 

  390. static int net__try_connect_tcp(const char *host, uint16_t port, mosq_sock_t *sock, const char *bind_address, bool blocking)
    391. 

  391. {
    392. 

  392. 	struct addrinfo hints;
    393. 

  393. 	struct addrinfo *ainfo, *rp;
    394. 

  394. 	struct addrinfo *ainfo_bind, *rp_bind;
    395. 

  395. 	int s;
    396. 

  396. 	int rc = MOSQ_ERR_SUCCESS;
    397. 

  397. 

  398. 	ainfo_bind = NULL;
    399. 

  399. 

  400. 	*sock = INVALID_SOCKET;
    401. 

  401. 	memset(&hints, 0, sizeof(struct addrinfo));
    402. 

  402. 	hints.ai_family = AF_UNSPEC;
    403. 

  403. 	hints.ai_socktype = SOCK_STREAM;
    404. 

  404. 

  405. 	s = getaddrinfo(host, NULL, &hints, &ainfo);
    406. 

  406. 	if(s){
    407. 

  407. 		errno = s;
    408. 

  408. 		return MOSQ_ERR_EAI;
    409. 

  409. 	}
    410. 

  410. 

  411. 	if(bind_address){
    412. 

  412. 		s = getaddrinfo(bind_address, NULL, &hints, &ainfo_bind);
    413. 

  413. 		if(s){
    414. 

  414. 			freeaddrinfo(ainfo);
    415. 

  415. 			errno = s;
    416. 

  416. 			return MOSQ_ERR_EAI;
    417. 

  417. 		}
    418. 

  418. 	}
    419. 

  419. 

  420. 	for(rp = ainfo; rp != NULL; rp = rp->ai_next){
    421. 

  421. 		*sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
    422. 

  422. 		if(*sock == INVALID_SOCKET) continue;
    423. 

  423. 

  424. 		if(rp->ai_family == AF_INET){
    425. 

  425. 			((struct sockaddr_in *)rp->ai_addr)->sin_port = htons(port);
    426. 

  426. 		}else if(rp->ai_family == AF_INET6){
    427. 

  427. 			((struct sockaddr_in6 *)rp->ai_addr)->sin6_port = htons(port);
    428. 

  428. 		}else{
    429. 

  429. 			COMPAT_CLOSE(*sock);
    430. 

  430. 			*sock = INVALID_SOCKET;
    431. 

  431. 			continue;
    432. 

  432. 		}
    433. 

  433. 

  434. 		if(bind_address){
    435. 

  435. 			for(rp_bind = ainfo_bind; rp_bind != NULL; rp_bind = rp_bind->ai_next){
    436. 

  436. 				if(bind(*sock, rp_bind->ai_addr, rp_bind->ai_addrlen) == 0){
    437. 

  437. 					break;
    438. 

  438. 				}
    439. 

  439. 			}
    440. 

  440. 			if(!rp_bind){
    441. 

  441. 				COMPAT_CLOSE(*sock);
    442. 

  442. 				*sock = INVALID_SOCKET;
    443. 

  443. 				continue;
    444. 

  444. 			}
    445. 

  445. 		}
    446. 

  446. 

  447. 		if(!blocking){
    448. 

  448. 			/* Set non-blocking */
    449. 

  449. 			if(net__socket_nonblock(sock)){
    450. 

  450. 				continue;
    451. 

  451. 			}
    452. 

  452. 		}
    453. 

  453. 

  454. 		rc = connect(*sock, rp->ai_addr, rp->ai_addrlen);
    455. 

  455. #ifdef WIN32
    456. 

  456. 		errno = WSAGetLastError();
    457. 

  457. #endif
    458. 

  458. 		if(rc == 0 || errno == EINPROGRESS || errno == COMPAT_EWOULDBLOCK){
    459. 

  459. 			if(rc < 0 && (errno == EINPROGRESS || errno == COMPAT_EWOULDBLOCK)){
    460. 

  460. 				rc = MOSQ_ERR_CONN_PENDING;
    461. 

  461. 			}
    462. 

  462. 

  463. 			if(blocking){
    464. 

  464. 				/* Set non-blocking */
    465. 

  465. 				if(net__socket_nonblock(sock)){
    466. 

  466. 					continue;
    467. 

  467. 				}
    468. 

  468. 			}
    469. 

  469. 			break;
    470. 

  470. 		}
    471. 

  471. 

  472. 		COMPAT_CLOSE(*sock);
    473. 

  473. 		*sock = INVALID_SOCKET;
    474. 

  474. 	}
    475. 

  475. 	freeaddrinfo(ainfo);
    476. 

  476. 	if(bind_address){
    477. 

  477. 		freeaddrinfo(ainfo_bind);
    478. 

  478. 	}
    479. 

  479. 	if(!rp){
    480. 

  480. 		return MOSQ_ERR_ERRNO;
    481. 

  481. 	}
    482. 

  482. 	return rc;
    483. 

  483. }
    484. 

  484. 

  485. 

  486. #ifdef WITH_UNIX_SOCKETS
    487. 

  487. static int net__try_connect_unix(const char *host, mosq_sock_t *sock)
    488. 

  488. {
    489. 

  489. 	struct sockaddr_un addr;
    490. 

  490. 	int s;
    491. 

  491. 	int rc;
    492. 

  492. 

  493. 	if(host == NULL || strlen(host) == 0 || strlen(host) > sizeof(addr.sun_path)-1){
    494. 

  494. 		return MOSQ_ERR_INVAL;
    495. 

  495. 	}
    496. 

  496. 

  497. 	memset(&addr, 0, sizeof(struct sockaddr_un));
    498. 

  498. 	addr.sun_family = AF_UNIX;
    499. 

  499. 	strncpy(addr.sun_path, host, sizeof(addr.sun_path)-1);
    500. 

  500. 

  501. 	s = socket(AF_UNIX, SOCK_STREAM, 0);
    502. 

  502. 	if(s < 0){
    503. 

  503. 		return MOSQ_ERR_ERRNO;
    504. 

  504. 	}
    505. 

  505. 	rc = net__socket_nonblock(&s);
    506. 

  506. 	if(rc) return rc;
    507. 

  507. 

  508. 	rc = connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un));
    509. 

  509. 	if(rc < 0){
    510. 

  510. 		close(s);
    511. 

  511. 		return MOSQ_ERR_ERRNO;
    512. 

  512. 	}
    513. 

  513. 

  514. 	*sock = s;
    515. 

  515. 

  516. 	return 0;
    517. 

  517. }
    518. 

  518. #endif
    519. 

  519. 

  520. 

  521. int net__try_connect(const char *host, uint16_t port, mosq_sock_t *sock, const char *bind_address, bool blocking)
    522. 

  522. {
    523. 

  523. 	if(port == 0){
    524. 

  524. #ifdef WITH_UNIX_SOCKETS
    525. 

  525. 		return net__try_connect_unix(host, sock);
    526. 

  526. #else
    527. 

  527. 		return MOSQ_ERR_NOT_SUPPORTED;
    528. 

  528. #endif
    529. 

  529. 	}else{
    530. 

  530. 		return net__try_connect_tcp(host, port, sock, bind_address, blocking);
    531. 

  531. 	}
    532. 

  532. }
    533. 

  533. 

  534. 

  535. #ifdef WITH_TLS
    536. 

  536. void net__print_ssl_error(struct mosquitto *mosq)
    537. 

  537. {
    538. 

  538. 	char ebuf[256];
    539. 

  539. 	unsigned long e;
    540. 

  540. 	int num = 0;
    541. 

  541. 

  542. 	e = ERR_get_error();
    543. 

  543. 	while(e){
    544. 

  544. 		log__printf(mosq, MOSQ_LOG_ERR, "OpenSSL Error[%d]: %s", num, ERR_error_string(e, ebuf));
    545. 

  545. 		e = ERR_get_error();
    546. 

  546. 		num++;
    547. 

  547. 	}
    548. 

  548. }
    549. 

  549. 

  550. 

  551. int net__socket_connect_tls(struct mosquitto *mosq)
    552. 

  552. {
    553. 

  553. 	int ret, err;
    554. 

  554. 	long res;
    555. 

  555. 

  556. 	ERR_clear_error();
    557. 

  557. 	if (mosq->tls_ocsp_required) {
    558. 

  558. 		/* Note: OCSP is available in all currently supported OpenSSL versions. */
    559. 

  559. 		if ((res=SSL_set_tlsext_status_type(mosq->ssl, TLSEXT_STATUSTYPE_ocsp)) != 1) {
    560. 

  560. 			log__printf(mosq, MOSQ_LOG_ERR, "Could not activate OCSP (error: %ld)", res);
    561. 

  561. 			return MOSQ_ERR_OCSP;
    562. 

  562. 		}
    563. 

  563. 		if ((res=SSL_CTX_set_tlsext_status_cb(mosq->ssl_ctx, mosquitto__verify_ocsp_status_cb)) != 1) {
    564. 

  564. 			log__printf(mosq, MOSQ_LOG_ERR, "Could not activate OCSP (error: %ld)", res);
    565. 

  565. 			return MOSQ_ERR_OCSP;
    566. 

  566. 		}
    567. 

  567. 		if ((res=SSL_CTX_set_tlsext_status_arg(mosq->ssl_ctx, mosq)) != 1) {
    568. 

  568. 			log__printf(mosq, MOSQ_LOG_ERR, "Could not activate OCSP (error: %ld)", res);
    569. 

  569. 			return MOSQ_ERR_OCSP;
    570. 

  570. 		}
    571. 

  571. 	}
    572. 

  572. 

  573. 	ret = SSL_connect(mosq->ssl);
    574. 

  574. 	if(ret != 1) {
    575. 

  575. 		err = SSL_get_error(mosq->ssl, ret);
    576. 

  576. 		if (err == SSL_ERROR_SYSCALL) {
    577. 

  577. 			mosq->want_connect = true;
    578. 

  578. 			return MOSQ_ERR_SUCCESS;
    579. 

  579. 		}
    580. 

  580. 		if(err == SSL_ERROR_WANT_READ){
    581. 

  581. 			mosq->want_connect = true;
    582. 

  582. 			/* We always try to read anyway */
    583. 

  583. 		}else if(err == SSL_ERROR_WANT_WRITE){
    584. 

  584. 			mosq->want_write = true;
    585. 

  585. 			mosq->want_connect = true;
    586. 

  586. 		}else{
    587. 

  587. 			net__print_ssl_error(mosq);
    588. 

  588. 

  589. 			COMPAT_CLOSE(mosq->sock);
    590. 

  590. 			mosq->sock = INVALID_SOCKET;
    591. 

  591. 			net__print_ssl_error(mosq);
    592. 

  592. 			return MOSQ_ERR_TLS;
    593. 

  593. 		}
    594. 

  594. 	}else{
    595. 

  595. 		mosq->want_connect = false;
    596. 

  596. 	}
    597. 

  597. 	return MOSQ_ERR_SUCCESS;
    598. 

  598. }
    599. 

  599. #endif
    600. 

  600. 

  601. 

  602. #ifdef WITH_TLS
    603. 

  603. static int net__tls_load_ca(struct mosquitto *mosq)
    604. 

  604. {
    605. 

  605. 	int ret;
    606. 

  606. 

  607. 	if(mosq->tls_use_os_certs){
    608. 

  608. 		SSL_CTX_set_default_verify_paths(mosq->ssl_ctx);
    609. 

  609. 	}
    610. 

  610. #if OPENSSL_VERSION_NUMBER < 0x30000000L
    611. 

  611. 	if(mosq->tls_cafile || mosq->tls_capath){
    612. 

  612. 		ret = SSL_CTX_load_verify_locations(mosq->ssl_ctx, mosq->tls_cafile, mosq->tls_capath);
    613. 

  613. 		if(ret == 0){
    614. 

  614. #  ifdef WITH_BROKER
    615. 

  615. 			if(mosq->tls_cafile && mosq->tls_capath){
    616. 

  616. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check bridge_cafile \"%s\" and bridge_capath \"%s\".", mosq->tls_cafile, mosq->tls_capath);
    617. 

  617. 			}else if(mosq->tls_cafile){
    618. 

  618. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check bridge_cafile \"%s\".", mosq->tls_cafile);
    619. 

  619. 			}else{
    620. 

  620. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check bridge_capath \"%s\".", mosq->tls_capath);
    621. 

  621. 			}
    622. 

  622. #  else
    623. 

  623. 			if(mosq->tls_cafile && mosq->tls_capath){
    624. 

  624. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check cafile \"%s\" and capath \"%s\".", mosq->tls_cafile, mosq->tls_capath);
    625. 

  625. 			}else if(mosq->tls_cafile){
    626. 

  626. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check cafile \"%s\".", mosq->tls_cafile);
    627. 

  627. 			}else{
    628. 

  628. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath);
    629. 

  629. 			}
    630. 

  630. #  endif
    631. 

  631. 			return MOSQ_ERR_TLS;
    632. 

  632. 		}
    633. 

  633. 	}
    634. 

  634. #else
    635. 

  635. 	if(mosq->tls_cafile){
    636. 

  636. 		ret = SSL_CTX_load_verify_file(mosq->ssl_ctx, mosq->tls_cafile);
    637. 

  637. 		if(ret == 0){
    638. 

  638. #  ifdef WITH_BROKER
    639. 

  639. 			log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check bridge_cafile \"%s\".", mosq->tls_cafile);
    640. 

  640. #  else
    641. 

  641. 			log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check cafile \"%s\".", mosq->tls_cafile);
    642. 

  642. #  endif
    643. 

  643. 			return MOSQ_ERR_TLS;
    644. 

  644. 		}
    645. 

  645. 	}
    646. 

  646. 	if(mosq->tls_capath){
    647. 

  647. 		ret = SSL_CTX_load_verify_dir(mosq->ssl_ctx, mosq->tls_capath);
    648. 

  648. 		if(ret == 0){
    649. 

  649. #  ifdef WITH_BROKER
    650. 

  650. 			log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check bridge_capath \"%s\".", mosq->tls_capath);
    651. 

  651. #  else
    652. 

  652. 			log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath);
    653. 

  653. #  endif
    654. 

  654. 			return MOSQ_ERR_TLS;
    655. 

  655. 		}
    656. 

  656. 	}
    657. 

  657. #endif
    658. 

  658. 	return MOSQ_ERR_SUCCESS;
    659. 

  659. }
    660. 

  660. 

  661. 

  662. static int net__init_ssl_ctx(struct mosquitto *mosq)
    663. 

  663. {
    664. 

  664. 	int ret;
    665. 

  665. 	ENGINE *engine = NULL;
    666. 

  666. 	uint8_t tls_alpn_wire[256];
    667. 

  667. 	uint8_t tls_alpn_len;
    668. 

  668. #if !defined(OPENSSL_NO_ENGINE)
    669. 

  669. 	EVP_PKEY *pkey;
    670. 

  670. #endif
    671. 

  671. 

  672. #ifndef WITH_BROKER
    673. 

  673. 	if(mosq->user_ssl_ctx){
    674. 

  674. 		mosq->ssl_ctx = mosq->user_ssl_ctx;
    675. 

  675. 		if(!mosq->ssl_ctx_defaults){
    676. 

  676. 			return MOSQ_ERR_SUCCESS;
    677. 

  677. 		}else if(!mosq->tls_cafile && !mosq->tls_capath && !mosq->tls_psk){
    678. 

  678. 			log__printf(mosq, MOSQ_LOG_ERR, "Error: If you use MOSQ_OPT_SSL_CTX then MOSQ_OPT_SSL_CTX_WITH_DEFAULTS must be true, or at least one of cafile, capath or psk must be specified.");
    679. 

  679. 			return MOSQ_ERR_INVAL;
    680. 

  680. 		}
    681. 

  681. 	}
    682. 

  682. #endif
    683. 

  683. 

  684. 	/* Apply default SSL_CTX settings. This is only used if MOSQ_OPT_SSL_CTX
    685. 

  685. 	 * has not been set, or if both of MOSQ_OPT_SSL_CTX and
    686. 

  686. 	 * MOSQ_OPT_SSL_CTX_WITH_DEFAULTS are set. */
    687. 

  687. 	if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk || mosq->tls_use_os_certs){
    688. 

  688. 		if(!mosq->ssl_ctx){
    689. 

  689. 			net__init_tls();
    690. 

  690. 

  691. #if OPENSSL_VERSION_NUMBER < 0x10100000L
    692. 

  692. 			mosq->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
    693. 

  693. #else
    694. 

  694. 			mosq->ssl_ctx = SSL_CTX_new(TLS_client_method());
    695. 

  695. #endif
    696. 

  696. 

  697. 			if(!mosq->ssl_ctx){
    698. 

  698. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to create TLS context.");
    699. 

  699. 				net__print_ssl_error(mosq);
    700. 

  700. 				return MOSQ_ERR_TLS;
    701. 

  701. 			}
    702. 

  702. 		}
    703. 

  703. 

  704. #ifdef SSL_OP_NO_TLSv1_3
    705. 

  705. 		if(mosq->tls_psk){
    706. 

  706. 			SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_TLSv1_3);
    707. 

  707. 		}
    708. 

  708. #endif
    709. 

  709. 

  710. 		if(!mosq->tls_version){
    711. 

  711. 			SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
    712. 

  712. #ifdef SSL_OP_NO_TLSv1_3
    713. 

  713. 		}else if(!strcmp(mosq->tls_version, "tlsv1.3")){
    714. 

  714. 			SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2);
    715. 

  715. #endif
    716. 

  716. 		}else if(!strcmp(mosq->tls_version, "tlsv1.2")){
    717. 

  717. 			SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
    718. 

  718. 		}else if(!strcmp(mosq->tls_version, "tlsv1.1")){
    719. 

  719. 			SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
    720. 

  720. 		}else{
    721. 

  721. 			log__printf(mosq, MOSQ_LOG_ERR, "Error: Protocol %s not supported.", mosq->tls_version);
    722. 

  722. 			return MOSQ_ERR_INVAL;
    723. 

  723. 		}
    724. 

  724. 

  725. #if OPENSSL_VERSION_NUMBER >= 0x10100000L
    726. 

  726. 		/* Allow use of DHE ciphers */
    727. 

  727. 		SSL_CTX_set_dh_auto(mosq->ssl_ctx, 1);
    728. 

  728. #endif
    729. 

  729. 		/* Disable compression */
    730. 

  730. 		SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_COMPRESSION);
    731. 

  731. 

  732. 		/* Set ALPN */
    733. 

  733. 		if(mosq->tls_alpn) {
    734. 

  734. 			tls_alpn_len = (uint8_t) strnlen(mosq->tls_alpn, 254);
    735. 

  735. 			tls_alpn_wire[0] = tls_alpn_len;  /* first byte is length of string */
    736. 

  736. 			memcpy(tls_alpn_wire + 1, mosq->tls_alpn, tls_alpn_len);
    737. 

  737. 			SSL_CTX_set_alpn_protos(mosq->ssl_ctx, tls_alpn_wire, tls_alpn_len + 1U);
    738. 

  738. 		}
    739. 

  739. 

  740. #ifdef SSL_MODE_RELEASE_BUFFERS
    741. 

  741. 			/* Use even less memory per SSL connection. */
    742. 

  742. 			SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
    743. 

  743. #endif
    744. 

  744. 

  745. #if !defined(OPENSSL_NO_ENGINE)
    746. 

  746. 		if(mosq->tls_engine){
    747. 

  747. 			engine = ENGINE_by_id(mosq->tls_engine);
    748. 

  748. 			if(!engine){
    749. 

  749. 				log__printf(mosq, MOSQ_LOG_ERR, "Error loading %s engine\n", mosq->tls_engine);
    750. 

  750. 				return MOSQ_ERR_TLS;
    751. 

  751. 			}
    752. 

  752. 			if(!ENGINE_init(engine)){
    753. 

  753. 				log__printf(mosq, MOSQ_LOG_ERR, "Failed engine initialisation\n");
    754. 

  754. 				ENGINE_free(engine);
    755. 

  755. 				return MOSQ_ERR_TLS;
    756. 

  756. 			}
    757. 

  757. 			ENGINE_set_default(engine, ENGINE_METHOD_ALL);
    758. 

  758. 			ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
    759. 

  759. 		}
    760. 

  760. #endif
    761. 

  761. 

  762. 		if(mosq->tls_ciphers){
    763. 

  763. 			ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers);
    764. 

  764. 			if(ret == 0){
    765. 

  765. 				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers);
    766. 

  766. #if !defined(OPENSSL_NO_ENGINE)
    767. 

  767. 				ENGINE_FINISH(engine);
    768. 

  768. #endif
    769. 

  769. 				net__print_ssl_error(mosq);
    770. 

  770. 				return MOSQ_ERR_TLS;
    771. 

  771. 			}
    772. 

  772. 		}
    773. 

  773. 		if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_use_os_certs){
    774. 

  774. 			ret = net__tls_load_ca(mosq);
    775. 

  775. 			if(ret != MOSQ_ERR_SUCCESS){
    776. 

  776. #  if !defined(OPENSSL_NO_ENGINE)
    777. 

  777. 				ENGINE_FINISH(engine);
    778. 

  778. #  endif
    779. 

  779. 				net__print_ssl_error(mosq);
    780. 

  780. 				return MOSQ_ERR_TLS;
    781. 

  781. 			}
    782. 

  782. 			if(mosq->tls_cert_reqs == 0){
    783. 

  783. 				SSL_CTX_set_verify(mosq->ssl_ctx, SSL_VERIFY_NONE, NULL);
    784. 

  784. 			}else{
    785. 

  785. 				SSL_CTX_set_verify(mosq->ssl_ctx, SSL_VERIFY_PEER, mosquitto__server_certificate_verify);
    786. 

  786. 			}
    787. 

  787. 

  788. 			if(mosq->tls_pw_callback){
    789. 

  789. 				SSL_CTX_set_default_passwd_cb(mosq->ssl_ctx, mosq->tls_pw_callback);
    790. 

  790. 				SSL_CTX_set_default_passwd_cb_userdata(mosq->ssl_ctx, mosq);
    791. 

  791. 			}
    792. 

  792. 

  793. 			if(mosq->tls_certfile){
    794. 

  794. 				ret = SSL_CTX_use_certificate_chain_file(mosq->ssl_ctx, mosq->tls_certfile);
    795. 

  795. 				if(ret != 1){
    796. 

  796. #ifdef WITH_BROKER
    797. 

  797. 					log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate, check bridge_certfile \"%s\".", mosq->tls_certfile);
    798. 

  798. #else
    799. 

  799. 					log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile);
    800. 

  800. #endif
    801. 

  801. #if !defined(OPENSSL_NO_ENGINE)
    802. 

  802. 					ENGINE_FINISH(engine);
    803. 

  803. #endif
    804. 

  804. 					net__print_ssl_error(mosq);
    805. 

  805. 					return MOSQ_ERR_TLS;
    806. 

  806. 				}
    807. 

  807. 			}
    808. 

  808. 			if(mosq->tls_keyfile){
    809. 

  809. 				if(mosq->tls_keyform == mosq_k_engine){
    810. 

  810. #if !defined(OPENSSL_NO_ENGINE)
    811. 

  811. 					UI_METHOD *ui_method = net__get_ui_method();
    812. 

  812. 					if(mosq->tls_engine_kpass_sha1){
    813. 

  813. 						if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
    814. 

  814. 							log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set engine secret mode sha1");
    815. 

  815. 							ENGINE_FINISH(engine);
    816. 

  816. 							net__print_ssl_error(mosq);
    817. 

  817. 							return MOSQ_ERR_TLS;
    818. 

  818. 						}
    819. 

  819. 						if(!ENGINE_ctrl_cmd(engine, ENGINE_PIN, 0, mosq->tls_engine_kpass_sha1, NULL, 0)){
    820. 

  820. 							log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set engine pin");
    821. 

  821. 							ENGINE_FINISH(engine);
    822. 

  822. 							net__print_ssl_error(mosq);
    823. 

  823. 							return MOSQ_ERR_TLS;
    824. 

  824. 						}
    825. 

  825. 						ui_method = NULL;
    826. 

  826. 					}
    827. 

  827. 					pkey = ENGINE_load_private_key(engine, mosq->tls_keyfile, ui_method, NULL);
    828. 

  828. 					if(!pkey){
    829. 

  829. 						log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load engine private key file \"%s\".", mosq->tls_keyfile);
    830. 

  830. 						ENGINE_FINISH(engine);
    831. 

  831. 						net__print_ssl_error(mosq);
    832. 

  832. 						return MOSQ_ERR_TLS;
    833. 

  833. 					}
    834. 

  834. 					if(SSL_CTX_use_PrivateKey(mosq->ssl_ctx, pkey) <= 0){
    835. 

  835. 						log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to use engine private key file \"%s\".", mosq->tls_keyfile);
    836. 

  836. 						ENGINE_FINISH(engine);
    837. 

  837. 						net__print_ssl_error(mosq);
    838. 

  838. 						return MOSQ_ERR_TLS;
    839. 

  839. 					}
    840. 

  840. #endif
    841. 

  841. 				}else{
    842. 

  842. 					ret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM);
    843. 

  843. 					if(ret != 1){
    844. 

  844. #ifdef WITH_BROKER
    845. 

  845. 						log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file, check bridge_keyfile \"%s\".", mosq->tls_keyfile);
    846. 

  846. #else
    847. 

  847. 						log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile);
    848. 

  848. #endif
    849. 

  849. #if !defined(OPENSSL_NO_ENGINE)
    850. 

  850. 						ENGINE_FINISH(engine);
    851. 

  851. #endif
    852. 

  852. 						net__print_ssl_error(mosq);
    853. 

  853. 						return MOSQ_ERR_TLS;
    854. 

  854. 					}
    855. 

  855. 				}
    856. 

  856. 				ret = SSL_CTX_check_private_key(mosq->ssl_ctx);
    857. 

  857. 				if(ret != 1){
    858. 

  858. 					log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent.");
    859. 

  859. #if !defined(OPENSSL_NO_ENGINE)
    860. 

  860. 					ENGINE_FINISH(engine);
    861. 

  861. #endif
    862. 

  862. 					net__print_ssl_error(mosq);
    863. 

  863. 					return MOSQ_ERR_TLS;
    864. 

  864. 				}
    865. 

  865. 			}
    866. 

  866. #ifdef FINAL_WITH_TLS_PSK
    867. 

  867. 		}else if(mosq->tls_psk){
    868. 

  868. 			SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback);
    869. 

  869. 			if(mosq->tls_ciphers == NULL){
    870. 

  870. 				SSL_CTX_set_cipher_list(mosq->ssl_ctx, "PSK");
    871. 

  871. 			}
    872. 

  872. #endif
    873. 

  873. 		}
    874. 

  874. 	}
    875. 

  875. 

  876. 	return MOSQ_ERR_SUCCESS;
    877. 

  877. }
    878. 

  878. #endif
    879. 

  879. 

  880. 

  881. int net__socket_connect_step3(struct mosquitto *mosq, const char *host)
    882. 

  882. {
    883. 

  883. #ifdef WITH_TLS
    884. 

  884. 	BIO *bio;
    885. 

  885. 

  886. 	int rc = net__init_ssl_ctx(mosq);
    887. 

  887. 	if(rc){
    888. 

  888. 		net__socket_close(mosq);
    889. 

  889. 		return rc;
    890. 

  890. 	}
    891. 

  891. 

  892. 	if(mosq->ssl_ctx){
    893. 

  893. 		if(mosq->ssl){
    894. 

  894. 			SSL_free(mosq->ssl);
    895. 

  895. 		}
    896. 

  896. 		mosq->ssl = SSL_new(mosq->ssl_ctx);
    897. 

  897. 		if(!mosq->ssl){
    898. 

  898. 			net__socket_close(mosq);
    899. 

  899. 			net__print_ssl_error(mosq);
    900. 

  900. 			return MOSQ_ERR_TLS;
    901. 

  901. 		}
    902. 

  902. 

  903. 		SSL_set_ex_data(mosq->ssl, tls_ex_index_mosq, mosq);
    904. 

  904. 		bio = BIO_new_socket(mosq->sock, BIO_NOCLOSE);
    905. 

  905. 		if(!bio){
    906. 

  906. 			net__socket_close(mosq);
    907. 

  907. 			net__print_ssl_error(mosq);
    908. 

  908. 			return MOSQ_ERR_TLS;
    909. 

  909. 		}
    910. 

  910. 		SSL_set_bio(mosq->ssl, bio, bio);
    911. 

  911. 

  912. 		/*
    913. 

  913. 		 * required for the SNI resolving
    914. 

  914. 		 */
    915. 

  915. 		if(SSL_set_tlsext_host_name(mosq->ssl, host) != 1) {
    916. 

  916. 			net__socket_close(mosq);
    917. 

  917. 			return MOSQ_ERR_TLS;
    918. 

  918. 		}
    919. 

  919. 

  920. 		if(net__socket_connect_tls(mosq)){
    921. 

  921. 			net__socket_close(mosq);
    922. 

  922. 			return MOSQ_ERR_TLS;
    923. 

  923. 		}
    924. 

  924. 

  925. 	}
    926. 

  926. #else
    927. 

  927. 	UNUSED(mosq);
    928. 

  928. 	UNUSED(host);
    929. 

  929. #endif
    930. 

  930. 	return MOSQ_ERR_SUCCESS;
    931. 

  931. }
    932. 

  932. 

  933. /* Create a socket and connect it to 'ip' on port 'port'.  */
    934. 

  934. int net__socket_connect(struct mosquitto *mosq, const char *host, uint16_t port, const char *bind_address, bool blocking)
    935. 

  935. {
    936. 

  936. 	int rc, rc2;
    937. 

  937. 

  938. 	if(!mosq || !host) return MOSQ_ERR_INVAL;
    939. 

  939. 

  940. 	rc = net__try_connect(host, port, &mosq->sock, bind_address, blocking);
    941. 

  941. 	if(rc > 0) return rc;
    942. 

  942. 

  943. 	if(mosq->tcp_nodelay){
    944. 

  944. 		int flag = 1;
    945. 

  945. 		if(setsockopt(mosq->sock, IPPROTO_TCP, TCP_NODELAY, (const void*)&flag, sizeof(int)) != 0){
    946. 

  946. 			log__printf(mosq, MOSQ_LOG_WARNING, "Warning: Unable to set TCP_NODELAY.");
    947. 

  947. 		}
    948. 

  948. 	}
    949. 

  949. 

  950. #if defined(WITH_SOCKS) && !defined(WITH_BROKER)
    951. 

  951. 	if(!mosq->socks5_host)
    952. 

  952. #endif
    953. 

  953. 	{
    954. 

  954. 		rc2 = net__socket_connect_step3(mosq, host);
    955. 

  955. 		if(rc2) return rc2;
    956. 

  956. 	}
    957. 

  957. 

  958. 	return rc;
    959. 

  959. }
    960. 

  960. 

  961. 

  962. #ifdef WITH_TLS
    963. 

  963. static int net__handle_ssl(struct mosquitto* mosq, int ret)
    964. 

  964. {
    965. 

  965. 	int err;
    966. 

  966. 

  967. 	err = SSL_get_error(mosq->ssl, ret);
    968. 

  968. 	if (err == SSL_ERROR_WANT_READ) {
    969. 

  969. 		ret = -1;
    970. 

  970. 		errno = EAGAIN;
    971. 

  971. 	}
    972. 

  972. 	else if (err == SSL_ERROR_WANT_WRITE) {
    973. 

  973. 		ret = -1;
    974. 

  974. #ifdef WITH_BROKER
    975. 

  975. 		mux__add_out(mosq);
    976. 

  976. #else
    977. 

  977. 		mosq->want_write = true;
    978. 

  978. #endif
    979. 

  979. 		errno = EAGAIN;
    980. 

  980. 	}
    981. 

  981. 	else {
    982. 

  982. 		net__print_ssl_error(mosq);
    983. 

  983. 		errno = EPROTO;
    984. 

  984. 	}
    985. 

  985. 	ERR_clear_error();
    986. 

  986. #ifdef WIN32
    987. 

  987. 	WSASetLastError(errno);
    988. 

  988. #endif
    989. 

  989. 

  990. 	return ret;
    991. 

  991. }
    992. 

  992. #endif
    993. 

  993. 

  994. ssize_t net__read(struct mosquitto *mosq, void *buf, size_t count)
    995. 

  995. {
    996. 

  996. #ifdef WITH_TLS
    997. 

  997. 	int ret;
    998. 

  998. #endif
    999. 

  999. 	assert(mosq);
    1000. 

  1000. 	errno = 0;
    1001. 

  1001. #ifdef WITH_TLS
    1002. 

  1002. 	if(mosq->ssl){
    1003. 

  1003. 		ret = SSL_read(mosq->ssl, buf, (int)count);
    1004. 

  1004. 		if(ret <= 0){
    1005. 

  1005. 			ret = net__handle_ssl(mosq, ret);
    1006. 

  1006. 		}
    1007. 

  1007. 		return (ssize_t )ret;
    1008. 

  1008. 	}else{
    1009. 

  1009. 		/* Call normal read/recv */
    1010. 

  1010. 

  1011. #endif
    1012. 

  1012. 

  1013. #ifndef WIN32
    1014. 

  1014. 	return read(mosq->sock, buf, count);
    1015. 

  1015. #else
    1016. 

  1016. 	return recv(mosq->sock, buf, count, 0);
    1017. 

  1017. #endif
    1018. 

  1018. 

  1019. #ifdef WITH_TLS
    1020. 

  1020. 	}
    1021. 

  1021. #endif
    1022. 

  1022. }
    1023. 

  1023. 

  1024. ssize_t net__write(struct mosquitto *mosq, const void *buf, size_t count)
    1025. 

  1025. {
    1026. 

  1026. #ifdef WITH_TLS
    1027. 

  1027. 	int ret;
    1028. 

  1028. #endif
    1029. 

  1029. 	assert(mosq);
    1030. 

  1030. 

  1031. 	errno = 0;
    1032. 

  1032. #ifdef WITH_TLS
    1033. 

  1033. 	if(mosq->ssl){
    1034. 

  1034. 		mosq->want_write = false;
    1035. 

  1035. 		ret = SSL_write(mosq->ssl, buf, (int)count);
    1036. 

  1036. 		if(ret < 0){
    1037. 

  1037. 			ret = net__handle_ssl(mosq, ret);
    1038. 

  1038. 		}
    1039. 

  1039. 		return (ssize_t )ret;
    1040. 

  1040. 	}else{
    1041. 

  1041. 		/* Call normal write/send */
    1042. 

  1042. #endif
    1043. 

  1043. 

  1044. #ifndef WIN32
    1045. 

  1045. 	return write(mosq->sock, buf, count);
    1046. 

  1046. #else
    1047. 

  1047. 	return send(mosq->sock, buf, count, 0);
    1048. 

  1048. #endif
    1049. 

  1049. 

  1050. #ifdef WITH_TLS
    1051. 

  1051. 	}
    1052. 

  1052. #endif
    1053. 

  1053. }
    1054. 

  1054. 

  1055. 

  1056. int net__socket_nonblock(mosq_sock_t *sock)
    1057. 

  1057. {
    1058. 

  1058. #ifndef WIN32
    1059. 

  1059. 	int opt;
    1060. 

  1060. 	/* Set non-blocking */
    1061. 

  1061. 	opt = fcntl(*sock, F_GETFL, 0);
    1062. 

  1062. 	if(opt == -1){
    1063. 

  1063. 		COMPAT_CLOSE(*sock);
    1064. 

  1064. 		*sock = INVALID_SOCKET;
    1065. 

  1065. 		return MOSQ_ERR_ERRNO;
    1066. 

  1066. 	}
    1067. 

  1067. 	if(fcntl(*sock, F_SETFL, opt | O_NONBLOCK) == -1){
    1068. 

  1068. 		/* If either fcntl fails, don't want to allow this client to connect. */
    1069. 

  1069. 		COMPAT_CLOSE(*sock);
    1070. 

  1070. 		*sock = INVALID_SOCKET;
    1071. 

  1071. 		return MOSQ_ERR_ERRNO;
    1072. 

  1072. 	}
    1073. 

  1073. #else
    1074. 

  1074. 	unsigned long opt = 1;
    1075. 

  1075. 	if(ioctlsocket(*sock, FIONBIO, &opt)){
    1076. 

  1076. 		COMPAT_CLOSE(*sock);
    1077. 

  1077. 		*sock = INVALID_SOCKET;
    1078. 

  1078. 		return MOSQ_ERR_ERRNO;
    1079. 

  1079. 	}
    1080. 

  1080. #endif
    1081. 

  1081. 	return MOSQ_ERR_SUCCESS;
    1082. 

  1082. }
    1083. 

  1083. 

  1084. 

  1085. #ifndef WITH_BROKER
    1086. 

  1086. int net__socketpair(mosq_sock_t *pairR, mosq_sock_t *pairW)
    1087. 

  1087. {
    1088. 

  1088. #ifdef WIN32
    1089. 

  1089. 	int family[2] = {AF_INET, AF_INET6};
    1090. 

  1090. 	int i;
    1091. 

  1091. 	struct sockaddr_storage ss;
    1092. 

  1092. 	struct sockaddr_in *sa = (struct sockaddr_in *)&ss;
    1093. 

  1093. 	struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)&ss;
    1094. 

  1094. 	socklen_t ss_len;
    1095. 

  1095. 	mosq_sock_t spR, spW;
    1096. 

  1096. 

  1097. 	mosq_sock_t listensock;
    1098. 

  1098. 

  1099. 	*pairR = INVALID_SOCKET;
    1100. 

  1100. 	*pairW = INVALID_SOCKET;
    1101. 

  1101. 

  1102. 	for(i=0; i<2; i++){
    1103. 

  1103. 		memset(&ss, 0, sizeof(ss));
    1104. 

  1104. 		if(family[i] == AF_INET){
    1105. 

  1105. 			sa->sin_family = family[i];
    1106. 

  1106. 			sa->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
    1107. 

  1107. 			sa->sin_port = 0;
    1108. 

  1108. 			ss_len = sizeof(struct sockaddr_in);
    1109. 

  1109. 		}else if(family[i] == AF_INET6){
    1110. 

  1110. 			sa6->sin6_family = family[i];
    1111. 

  1111. 			sa6->sin6_addr = in6addr_loopback;
    1112. 

  1112. 			sa6->sin6_port = 0;
    1113. 

  1113. 			ss_len = sizeof(struct sockaddr_in6);
    1114. 

  1114. 		}else{
    1115. 

  1115. 			return MOSQ_ERR_INVAL;
    1116. 

  1116. 		}
    1117. 

  1117. 

  1118. 		listensock = socket(family[i], SOCK_STREAM, IPPROTO_TCP);
    1119. 

  1119. 		if(listensock == -1){
    1120. 

  1120. 			continue;
    1121. 

  1121. 		}
    1122. 

  1122. 

  1123. 		if(bind(listensock, (struct sockaddr *)&ss, ss_len) == -1){
    1124. 

  1124. 			COMPAT_CLOSE(listensock);
    1125. 

  1125. 			continue;
    1126. 

  1126. 		}
    1127. 

  1127. 

  1128. 		if(listen(listensock, 1) == -1){
    1129. 

  1129. 			COMPAT_CLOSE(listensock);
    1130. 

  1130. 			continue;
    1131. 

  1131. 		}
    1132. 

  1132. 		memset(&ss, 0, sizeof(ss));
    1133. 

  1133. 		ss_len = sizeof(ss);
    1134. 

  1134. 		if(getsockname(listensock, (struct sockaddr *)&ss, &ss_len) < 0){
    1135. 

  1135. 			COMPAT_CLOSE(listensock);
    1136. 

  1136. 			continue;
    1137. 

  1137. 		}
    1138. 

  1138. 

  1139. 		if(family[i] == AF_INET){
    1140. 

  1140. 			sa->sin_family = family[i];
    1141. 

  1141. 			sa->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
    1142. 

  1142. 			ss_len = sizeof(struct sockaddr_in);
    1143. 

  1143. 		}else if(family[i] == AF_INET6){
    1144. 

  1144. 			sa6->sin6_family = family[i];
    1145. 

  1145. 			sa6->sin6_addr = in6addr_loopback;
    1146. 

  1146. 			ss_len = sizeof(struct sockaddr_in6);
    1147. 

  1147. 		}
    1148. 

  1148. 

  1149. 		spR = socket(family[i], SOCK_STREAM, IPPROTO_TCP);
    1150. 

  1150. 		if(spR == -1){
    1151. 

  1151. 			COMPAT_CLOSE(listensock);
    1152. 

  1152. 			continue;
    1153. 

  1153. 		}
    1154. 

  1154. 		if(net__socket_nonblock(&spR)){
    1155. 

  1155. 			COMPAT_CLOSE(listensock);
    1156. 

  1156. 			continue;
    1157. 

  1157. 		}
    1158. 

  1158. 		if(connect(spR, (struct sockaddr *)&ss, ss_len) < 0){
    1159. 

  1159. #ifdef WIN32
    1160. 

  1160. 			errno = WSAGetLastError();
    1161. 

  1161. #endif
    1162. 

  1162. 			if(errno != EINPROGRESS && errno != COMPAT_EWOULDBLOCK){
    1163. 

  1163. 				COMPAT_CLOSE(spR);
    1164. 

  1164. 				COMPAT_CLOSE(listensock);
    1165. 

  1165. 				continue;
    1166. 

  1166. 			}
    1167. 

  1167. 		}
    1168. 

  1168. 		spW = accept(listensock, NULL, 0);
    1169. 

  1169. 		if(spW == -1){
    1170. 

  1170. #ifdef WIN32
    1171. 

  1171. 			errno = WSAGetLastError();
    1172. 

  1172. #endif
    1173. 

  1173. 			if(errno != EINPROGRESS && errno != COMPAT_EWOULDBLOCK){
    1174. 

  1174. 				COMPAT_CLOSE(spR);
    1175. 

  1175. 				COMPAT_CLOSE(listensock);
    1176. 

  1176. 				continue;
    1177. 

  1177. 			}
    1178. 

  1178. 		}
    1179. 

  1179. 

  1180. 		if(net__socket_nonblock(&spW)){
    1181. 

  1181. 			COMPAT_CLOSE(spR);
    1182. 

  1182. 			COMPAT_CLOSE(listensock);
    1183. 

  1183. 			continue;
    1184. 

  1184. 		}
    1185. 

  1185. 		COMPAT_CLOSE(listensock);
    1186. 

  1186. 

  1187. 		*pairR = spR;
    1188. 

  1188. 		*pairW = spW;
    1189. 

  1189. 		return MOSQ_ERR_SUCCESS;
    1190. 

  1190. 	}
    1191. 

  1191. 	return MOSQ_ERR_UNKNOWN;
    1192. 

  1192. #else
    1193. 

  1193. 	int sv[2];
    1194. 

  1194. 

  1195. 	*pairR = INVALID_SOCKET;
    1196. 

  1196. 	*pairW = INVALID_SOCKET;
    1197. 

  1197. 

  1198. 	if(socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1){
    1199. 

  1199. 		return MOSQ_ERR_ERRNO;
    1200. 

  1200. 	}
    1201. 

  1201. 	if(net__socket_nonblock(&sv[0])){
    1202. 

  1202. 		COMPAT_CLOSE(sv[1]);
    1203. 

  1203. 		return MOSQ_ERR_ERRNO;
    1204. 

  1204. 	}
    1205. 

  1205. 	if(net__socket_nonblock(&sv[1])){
    1206. 

  1206. 		COMPAT_CLOSE(sv[0]);
    1207. 

  1207. 		return MOSQ_ERR_ERRNO;
    1208. 

  1208. 	}
    1209. 

  1209. 	*pairR = sv[0];
    1210. 

  1210. 	*pairW = sv[1];
    1211. 

  1211. 	return MOSQ_ERR_SUCCESS;
    1212. 

  1212. #endif
    1213. 

  1213. }
    1214. 

  1214. #endif
    1215. 

  1215. 

  1216. #ifndef WITH_BROKER
    1217. 

  1217. void *mosquitto_ssl_get(struct mosquitto *mosq)
    1218. 

  1218. {
    1219. 

  1219. #ifdef WITH_TLS
    1220. 

  1220. 	return mosq->ssl;
    1221. 

  1221. #else
    1222. 

  1222. 	UNUSED(mosq);
    1223. 

  1223. 

  1224. 	return NULL;
    1225. 

  1225. #endif
    1226. 

  1226. }
    1227. 

  1227. #endif
    1228.