1 files changed, 153 insertions, 0 deletions

diff --git a/thirdparty/libwebsockets/lib/tls/tls-client.c b/thirdparty/libwebsockets/lib/tls/tls-client.c
new file mode 100644
index 0000000000..f69c685fa7
--- /dev/null
+++ b/thirdparty/libwebsockets/lib/tls/tls-client.c
@@ -0,0 +1,153 @@
+/*
+ * libwebsockets - client-related ssl code independent of backend
+ *
+ * Copyright (C) 2010-2018 Andy Green <andy@warmcat.com>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation:
+ *  version 2.1 of the License.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ *  MA  02110-1301  USA
+ */
+
+#include "core/private.h"
+
+int
+lws_ssl_client_connect1(struct lws *wsi)
+{
+	struct lws_context *context = wsi->context;
+	int n = 0;
+
+	lws_latency_pre(context, wsi);
+	n = lws_tls_client_connect(wsi);
+	lws_latency(context, wsi, "SSL_connect hs", n, n > 0);
+
+	switch (n) {
+	case LWS_SSL_CAPABLE_ERROR:
+		return -1;
+	case LWS_SSL_CAPABLE_DONE:
+		return 1; /* connected */
+	case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
+		lws_callback_on_writable(wsi);
+		/* fallthru */
+	case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
+		lwsi_set_state(wsi, LRS_WAITING_SSL);
+		break;
+	case LWS_SSL_CAPABLE_MORE_SERVICE:
+		break;
+	}
+
+	return 0; /* retry */
+}
+
+int
+lws_ssl_client_connect2(struct lws *wsi, char *errbuf, int len)
+{
+	int n = 0;
+
+	if (lwsi_state(wsi) == LRS_WAITING_SSL) {
+		lws_latency_pre(wsi->context, wsi);
+
+		n = lws_tls_client_connect(wsi);
+		lwsl_debug("%s: SSL_connect says %d\n", __func__, n);
+		lws_latency(wsi->context, wsi,
+			    "SSL_connect LRS_WAITING_SSL", n, n > 0);
+
+		switch (n) {
+		case LWS_SSL_CAPABLE_ERROR:
+			lws_snprintf(errbuf, len, "client connect failed");
+			return -1;
+		case LWS_SSL_CAPABLE_DONE:
+			break; /* connected */
+		case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
+			lws_callback_on_writable(wsi);
+			/* fallthru */
+		case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
+			lwsi_set_state(wsi, LRS_WAITING_SSL);
+			/* fallthru */
+		case LWS_SSL_CAPABLE_MORE_SERVICE:
+			return 0;
+		}
+	}
+
+	if (lws_tls_client_confirm_peer_cert(wsi, errbuf, len))
+		return -1;
+
+	return 1;
+}
+
+
+int lws_context_init_client_ssl(const struct lws_context_creation_info *info,
+				struct lws_vhost *vhost)
+{
+	const char *private_key_filepath = info->ssl_private_key_filepath;
+	const char *cert_filepath = info->ssl_cert_filepath;
+	const char *ca_filepath = info->ssl_ca_filepath;
+	const char *cipher_list = info->ssl_cipher_list;
+	struct lws wsi;
+
+	if (vhost->options & LWS_SERVER_OPTION_ONLY_RAW)
+		return 0;
+
+	/*
+	 *  for backwards-compatibility default to using ssl_... members, but
+	 * if the newer client-specific ones are given, use those
+	 */
+	if (info->client_ssl_cipher_list)
+		cipher_list = info->client_ssl_cipher_list;
+	if (info->client_ssl_cert_filepath)
+		cert_filepath = info->client_ssl_cert_filepath;
+	if (info->client_ssl_private_key_filepath)
+		private_key_filepath = info->client_ssl_private_key_filepath;
+
+	if (info->client_ssl_ca_filepath)
+		ca_filepath = info->client_ssl_ca_filepath;
+
+	if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
+		return 0;
+
+	if (vhost->tls.ssl_client_ctx)
+		return 0;
+
+	if (info->provided_client_ssl_ctx) {
+		/* use the provided OpenSSL context if given one */
+		vhost->tls.ssl_client_ctx = info->provided_client_ssl_ctx;
+		/* nothing for lib to delete */
+		vhost->tls.user_supplied_ssl_ctx = 1;
+
+		return 0;
+	}
+
+	if (lws_tls_client_create_vhost_context(vhost, info, cipher_list,
+						ca_filepath,
+						info->client_ssl_ca_mem,
+						info->client_ssl_ca_mem_len,
+						cert_filepath,
+						private_key_filepath))
+		return 1;
+
+	lwsl_notice("created client ssl context for %s\n", vhost->name);
+
+	/*
+	 * give him a fake wsi with context set, so he can use
+	 * lws_get_context() in the callback
+	 */
+	memset(&wsi, 0, sizeof(wsi));
+	wsi.vhost = vhost; /* not a real bound wsi */
+	wsi.context = vhost->context;
+
+	vhost->protocols[0].callback(&wsi,
+			LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
+				     vhost->tls.ssl_client_ctx, NULL, 0);
+
+	return 0;
+}