diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0648f6f5..46db4865 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -48,7 +48,7 @@ if(ENABLE_APP) set(NGHTTP_SOURCES ${HELPER_OBJECTS} nghttp.cc - ssl.cc + tls.cc ) if(HAVE_LIBXML2) list(APPEND NGHTTP_SOURCES HtmlParser.cc) @@ -58,7 +58,7 @@ if(ENABLE_APP) set(NGHTTPD_SOURCES ${HELPER_OBJECTS} nghttpd.cc - ssl.cc + tls.cc HttpServer.cc ) @@ -67,7 +67,7 @@ if(ENABLE_APP) util.cc http2.cc h2load.cc timegm.c - ssl.cc + tls.cc h2load_http2_session.cc h2load_http1_session.cc ) @@ -82,7 +82,7 @@ if(ENABLE_APP) set(NGHTTPX_SRCS util.cc http2.cc timegm.c app_helper.cc - ssl.cc + tls.cc shrpx_config.cc shrpx_accept_handler.cc shrpx_connection_handler.cc @@ -216,7 +216,7 @@ endif() if(ENABLE_ASIO_LIB) set(NGHTTP2_ASIO_SOURCES util.cc http2.cc - ssl.cc + tls.cc timegm.c asio_common.cc asio_io_service_pool.cc diff --git a/src/HttpServer.cc b/src/HttpServer.cc index 7dc16765..deb50d1c 100644 --- a/src/HttpServer.cc +++ b/src/HttpServer.cc @@ -60,7 +60,7 @@ #include "app_helper.h" #include "http2.h" #include "util.h" -#include "ssl.h" +#include "tls.h" #include "template.h" #ifndef O_BINARY @@ -877,7 +877,7 @@ int Http2Handler::connection_made() { } } - if (ssl_ && !nghttp2::ssl::check_http2_requirement(ssl_)) { + if (ssl_ && !nghttp2::tls::check_http2_requirement(ssl_)) { terminate_session(NGHTTP2_INADEQUATE_SECURITY); } @@ -2122,14 +2122,14 @@ int HttpServer::run() { SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); - if (nghttp2::ssl::ssl_ctx_set_proto_versions( - ssl_ctx, nghttp2::ssl::NGHTTP2_TLS_MIN_VERSION, - nghttp2::ssl::NGHTTP2_TLS_MAX_VERSION) != 0) { + if (nghttp2::tls::ssl_ctx_set_proto_versions( + ssl_ctx, nghttp2::tls::NGHTTP2_TLS_MIN_VERSION, + nghttp2::tls::NGHTTP2_TLS_MAX_VERSION) != 0) { std::cerr << "Could not set TLS versions" << std::endl; return -1; } - if (SSL_CTX_set_cipher_list(ssl_ctx, ssl::DEFAULT_CIPHER_LIST) == 0) { + if (SSL_CTX_set_cipher_list(ssl_ctx, tls::DEFAULT_CIPHER_LIST) == 0) { std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl; return -1; } diff --git a/src/Makefile.am b/src/Makefile.am index ea3f8a30..297c0b58 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -81,10 +81,10 @@ endif # HAVE_LIBXML2 nghttp_SOURCES = ${HELPER_OBJECTS} ${HELPER_HFILES} nghttp.cc nghttp.h \ ${HTML_PARSER_OBJECTS} ${HTML_PARSER_HFILES} \ - ssl.cc ssl.h + tls.cc tls.h nghttpd_SOURCES = ${HELPER_OBJECTS} ${HELPER_HFILES} nghttpd.cc \ - ssl.cc ssl.h \ + tls.cc tls.h \ HttpServer.cc HttpServer.h bin_PROGRAMS += h2load @@ -92,7 +92,7 @@ bin_PROGRAMS += h2load h2load_SOURCES = util.cc util.h \ http2.cc http2.h h2load.cc h2load.h \ timegm.c timegm.h \ - ssl.cc ssl.h \ + tls.cc tls.h \ h2load_session.h \ h2load_http2_session.cc h2load_http2_session.h \ h2load_http1_session.cc h2load_http1_session.h @@ -104,7 +104,7 @@ endif # HAVE_SPDYLAY NGHTTPX_SRCS = \ util.cc util.h http2.cc http2.h timegm.c timegm.h base64.h \ app_helper.cc app_helper.h \ - ssl.cc ssl.h \ + tls.cc tls.h \ shrpx_config.cc shrpx_config.h \ shrpx_error.h \ shrpx_accept_handler.cc shrpx_accept_handler.h \ @@ -240,7 +240,7 @@ lib_LTLIBRARIES = libnghttp2_asio.la libnghttp2_asio_la_SOURCES = \ util.cc util.h http2.cc http2.h \ - ssl.cc ssl.h \ + tls.cc tls.h \ ssl_compat.h \ timegm.c timegm.h \ asio_common.cc asio_common.h \ diff --git a/src/asio_client_tls_context.cc b/src/asio_client_tls_context.cc index 75830013..3291885b 100644 --- a/src/asio_client_tls_context.cc +++ b/src/asio_client_tls_context.cc @@ -28,7 +28,7 @@ #include -#include "ssl.h" +#include "tls.h" #include "util.h" namespace nghttp2 { diff --git a/src/asio_server_http2_impl.cc b/src/asio_server_http2_impl.cc index da138b7a..83368d45 100644 --- a/src/asio_server_http2_impl.cc +++ b/src/asio_server_http2_impl.cc @@ -28,7 +28,7 @@ #include "asio_server.h" #include "util.h" -#include "ssl.h" +#include "tls.h" #include "template.h" namespace nghttp2 { diff --git a/src/asio_server_tls_context.cc b/src/asio_server_tls_context.cc index 53fc9883..aa73cc50 100644 --- a/src/asio_server_tls_context.cc +++ b/src/asio_server_tls_context.cc @@ -28,7 +28,7 @@ #include -#include "ssl.h" +#include "tls.h" #include "util.h" namespace nghttp2 { @@ -72,7 +72,7 @@ configure_tls_context_easy(boost::system::error_code &ec, SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); - SSL_CTX_set_cipher_list(ctx, ssl::DEFAULT_CIPHER_LIST); + SSL_CTX_set_cipher_list(ctx, tls::DEFAULT_CIPHER_LIST); #ifndef OPENSSL_NO_EC auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); diff --git a/src/h2load.cc b/src/h2load.cc index cbf0e51a..51da4e44 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -59,7 +59,7 @@ #ifdef HAVE_SPDYLAY #include "h2load_spdy_session.h" #endif // HAVE_SPDYLAY -#include "ssl.h" +#include "tls.h" #include "http2.h" #include "util.h" #include "template.h" @@ -79,7 +79,7 @@ bool recorded(const std::chrono::steady_clock::time_point &t) { } // namespace Config::Config() - : ciphers(ssl::DEFAULT_CIPHER_LIST), + : ciphers(tls::DEFAULT_CIPHER_LIST), data_length(-1), addrs(nullptr), nreqs(1), @@ -625,7 +625,7 @@ void Client::report_tls_info() { if (worker->id == 0 && !worker->tls_info_report_done) { worker->tls_info_report_done = true; auto cipher = SSL_get_current_cipher(ssl); - std::cout << "TLS Protocol: " << ssl::get_tls_protocol(ssl) << "\n" + std::cout << "TLS Protocol: " << tls::get_tls_protocol(ssl) << "\n" << "Cipher: " << SSL_CIPHER_get_name(cipher) << std::endl; print_server_tmp_key(ssl); } @@ -1822,10 +1822,10 @@ Options: } // namespace int main(int argc, char **argv) { - ssl::libssl_init(); + tls::libssl_init(); #ifndef NOTHREADS - ssl::LibsslGlobalLock lock; + tls::LibsslGlobalLock lock; #endif // NOTHREADS std::string datafile; @@ -2242,9 +2242,9 @@ int main(int argc, char **argv) { SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); - if (nghttp2::ssl::ssl_ctx_set_proto_versions( - ssl_ctx, nghttp2::ssl::NGHTTP2_TLS_MIN_VERSION, - nghttp2::ssl::NGHTTP2_TLS_MAX_VERSION) != 0) { + if (nghttp2::tls::ssl_ctx_set_proto_versions( + ssl_ctx, nghttp2::tls::NGHTTP2_TLS_MIN_VERSION, + nghttp2::tls::NGHTTP2_TLS_MAX_VERSION) != 0) { std::cerr << "Could not set TLS versions" << std::endl; exit(EXIT_FAILURE); } diff --git a/src/nghttp.cc b/src/nghttp.cc index b94e2ba9..d05e28ee 100644 --- a/src/nghttp.cc +++ b/src/nghttp.cc @@ -57,7 +57,7 @@ #include "HtmlParser.h" #include "util.h" #include "base64.h" -#include "ssl.h" +#include "tls.h" #include "template.h" #ifndef O_BINARY @@ -2247,15 +2247,15 @@ int communicate( SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); - if (nghttp2::ssl::ssl_ctx_set_proto_versions( - ssl_ctx, nghttp2::ssl::NGHTTP2_TLS_MIN_VERSION, - nghttp2::ssl::NGHTTP2_TLS_MAX_VERSION) != 0) { + if (nghttp2::tls::ssl_ctx_set_proto_versions( + ssl_ctx, nghttp2::tls::NGHTTP2_TLS_MIN_VERSION, + nghttp2::tls::NGHTTP2_TLS_MAX_VERSION) != 0) { std::cerr << "[ERROR] Could not set TLS versions" << std::endl; result = -1; goto fin; } - if (SSL_CTX_set_cipher_list(ssl_ctx, ssl::DEFAULT_CIPHER_LIST) == 0) { + if (SSL_CTX_set_cipher_list(ssl_ctx, tls::DEFAULT_CIPHER_LIST) == 0) { std::cerr << "[ERROR] " << ERR_error_string(ERR_get_error(), nullptr) << std::endl; result = -1; @@ -2718,7 +2718,7 @@ Options: } // namespace int main(int argc, char **argv) { - ssl::libssl_init(); + tls::libssl_init(); bool color = false; while (1) { diff --git a/src/nghttpd.cc b/src/nghttpd.cc index 6080037b..b26aea2f 100644 --- a/src/nghttpd.cc +++ b/src/nghttpd.cc @@ -48,7 +48,7 @@ #include "app_helper.h" #include "HttpServer.h" #include "util.h" -#include "ssl.h" +#include "tls.h" namespace nghttp2 { @@ -190,10 +190,10 @@ Options: } // namespace int main(int argc, char **argv) { - ssl::libssl_init(); + tls::libssl_init(); #ifndef NOTHREADS - ssl::LibsslGlobalLock lock; + tls::LibsslGlobalLock lock; #endif // NOTHREADS Config config; diff --git a/src/shrpx-unittest.cc b/src/shrpx-unittest.cc index e53c1ac6..a5104afd 100644 --- a/src/shrpx-unittest.cc +++ b/src/shrpx-unittest.cc @@ -43,7 +43,7 @@ #include "shrpx_http_test.h" #include "base64_test.h" #include "shrpx_config.h" -#include "ssl.h" +#include "tls.h" #include "shrpx_router_test.h" #include "shrpx_log.h" @@ -55,7 +55,7 @@ int main(int argc, char *argv[]) { CU_pSuite pSuite = NULL; unsigned int num_tests_failed; - nghttp2::ssl::libssl_init(); + nghttp2::tls::libssl_init(); shrpx::create_config(); diff --git a/src/shrpx.cc b/src/shrpx.cc index e0aca40f..15a961d2 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -88,7 +88,7 @@ #include "shrpx_log.h" #include "util.h" #include "app_helper.h" -#include "ssl.h" +#include "tls.h" #include "template.h" #include "allocator.h" #include "ssl_compat.h" @@ -1437,9 +1437,9 @@ void fill_default_config(Config *config) { } tlsconf.session_timeout = std::chrono::hours(12); - tlsconf.ciphers = StringRef::from_lit(nghttp2::ssl::DEFAULT_CIPHER_LIST); + tlsconf.ciphers = StringRef::from_lit(nghttp2::tls::DEFAULT_CIPHER_LIST); tlsconf.client.ciphers = - StringRef::from_lit(nghttp2::ssl::DEFAULT_CIPHER_LIST); + StringRef::from_lit(nghttp2::tls::DEFAULT_CIPHER_LIST); tlsconf.min_proto_version = ssl::proto_version_from_string(DEFAULT_TLS_MIN_PROTO_VERSION); tlsconf.max_proto_version = @@ -3032,10 +3032,10 @@ int main(int argc, char **argv) { int rv; std::array errbuf; - nghttp2::ssl::libssl_init(); + nghttp2::tls::libssl_init(); #ifndef NOTHREADS - nghttp2::ssl::LibsslGlobalLock lock; + nghttp2::tls::LibsslGlobalLock lock; #endif // NOTHREADS Log::set_severity_level(NOTICE); diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc index f46f5039..9260e9e3 100644 --- a/src/shrpx_client_handler.cc +++ b/src/shrpx_client_handler.cc @@ -56,7 +56,7 @@ #endif // HAVE_SPDYLAY #include "util.h" #include "template.h" -#include "ssl.h" +#include "tls.h" using namespace nghttp2; @@ -1202,7 +1202,7 @@ void ClientHandler::start_immediate_shutdown() { } void ClientHandler::write_accesslog(Downstream *downstream) { - nghttp2::ssl::TLSSessionInfo tls_info; + nghttp2::tls::TLSSessionInfo tls_info; auto &req = downstream->request(); auto config = get_config(); @@ -1217,7 +1217,7 @@ void ClientHandler::write_accesslog(Downstream *downstream) { config->logging.access.format, LogSpec{ downstream, ipaddr_, alpn_, - nghttp2::ssl::get_tls_session_info(&tls_info, conn_.tls.ssl), + nghttp2::tls::get_tls_session_info(&tls_info, conn_.tls.ssl), std::chrono::high_resolution_clock::now(), // request_end_time port_, faddr_->port, config->pid, }); diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 4a4ed14e..338e0f1c 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -502,8 +502,8 @@ int Connection::write_tls_pending_handshake() { if (LOG_ENABLED(INFO)) { LOG(INFO) << "SSL/TLS handshake completed"; - nghttp2::ssl::TLSSessionInfo tls_info{}; - if (nghttp2::ssl::get_tls_session_info(&tls_info, tls.ssl)) { + nghttp2::tls::TLSSessionInfo tls_info{}; + if (nghttp2::tls::get_tls_session_info(&tls_info, tls.ssl)) { LOG(INFO) << "cipher=" << tls_info.cipher << " protocol=" << tls_info.protocol << " resumption=" << (tls_info.session_reused ? "yes" : "no") @@ -530,7 +530,7 @@ int Connection::check_http2_requirement() { !util::check_h2_is_selected(StringRef{next_proto, next_proto_len})) { return 0; } - if (!nghttp2::ssl::check_http2_tls_version(tls.ssl)) { + if (!nghttp2::tls::check_http2_tls_version(tls.ssl)) { if (LOG_ENABLED(INFO)) { LOG(INFO) << "TLSv1.2 was not negotiated. HTTP/2 must not be used."; } @@ -545,7 +545,7 @@ int Connection::check_http2_requirement() { } if (check_black_list && - nghttp2::ssl::check_http2_cipher_black_list(tls.ssl)) { + nghttp2::tls::check_http2_cipher_black_list(tls.ssl)) { if (LOG_ENABLED(INFO)) { LOG(INFO) << "The negotiated cipher suite is in HTTP/2 cipher suite " "black list. HTTP/2 must not be used."; diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index dafc9b0c..cdbb89b3 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -47,7 +47,7 @@ #include "http2.h" #include "util.h" #include "base64.h" -#include "ssl.h" +#include "tls.h" using namespace nghttp2; diff --git a/src/shrpx_live_check.cc b/src/shrpx_live_check.cc index c478be25..2645d3e2 100644 --- a/src/shrpx_live_check.cc +++ b/src/shrpx_live_check.cc @@ -768,7 +768,7 @@ int LiveCheck::connection_made() { } auto must_terminate = - addr_->tls && !nghttp2::ssl::check_http2_requirement(conn_.tls.ssl); + addr_->tls && !nghttp2::tls::check_http2_requirement(conn_.tls.ssl); if (must_terminate) { if (LOG_ENABLED(INFO)) { diff --git a/src/shrpx_log.h b/src/shrpx_log.h index 1afb6e1a..61abb9e2 100644 --- a/src/shrpx_log.h +++ b/src/shrpx_log.h @@ -36,7 +36,7 @@ #include "shrpx_config.h" #include "shrpx_log_config.h" -#include "ssl.h" +#include "tls.h" #include "template.h" using namespace nghttp2; @@ -148,7 +148,7 @@ struct LogSpec { Downstream *downstream; StringRef remote_addr; StringRef alpn; - const nghttp2::ssl::TLSSessionInfo *tls_info; + const nghttp2::tls::TLSSessionInfo *tls_info; std::chrono::high_resolution_clock::time_point request_end_time; StringRef remote_port; uint16_t server_port; diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc index b9ce118b..24b005a4 100644 --- a/src/shrpx_ssl.cc +++ b/src/shrpx_ssl.cc @@ -62,7 +62,7 @@ #include "shrpx_memcached_dispatcher.h" #include "shrpx_connection_handler.h" #include "util.h" -#include "ssl.h" +#include "tls.h" #include "template.h" #include "ssl_compat.h" @@ -687,7 +687,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask); - if (nghttp2::ssl::ssl_ctx_set_proto_versions( + if (nghttp2::tls::ssl_ctx_set_proto_versions( ssl_ctx, tlsconf.min_proto_version, tlsconf.max_proto_version) != 0) { LOG(FATAL) << "Could not set TLS protocol version"; DIE(); @@ -934,7 +934,7 @@ SSL_CTX *create_ssl_client_context( SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_sess_set_new_cb(ssl_ctx, tls_session_client_new_cb); - if (nghttp2::ssl::ssl_ctx_set_proto_versions( + if (nghttp2::tls::ssl_ctx_set_proto_versions( ssl_ctx, tlsconf.min_proto_version, tlsconf.max_proto_version) != 0) { LOG(FATAL) << "Could not set TLS protocol version"; DIE(); diff --git a/src/ssl.cc b/src/tls.cc similarity index 99% rename from src/ssl.cc rename to src/tls.cc index 8ad44b96..6920fe40 100644 --- a/src/ssl.cc +++ b/src/tls.cc @@ -22,7 +22,7 @@ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#include "ssl.h" +#include "tls.h" #include #include @@ -36,7 +36,7 @@ namespace nghttp2 { -namespace ssl { +namespace tls { #if OPENSSL_1_1_API @@ -196,6 +196,6 @@ int ssl_ctx_set_proto_versions(SSL_CTX *ssl_ctx, int min, int max) { #endif // !OPENSSL_1_1_API && !defined(OPENSSL_IS_BORINGSSL) } -} // namespace ssl +} // namespace tls } // namespace nghttp2 diff --git a/src/ssl.h b/src/tls.h similarity index 98% rename from src/ssl.h rename to src/tls.h index 845aa2fe..8aa618d5 100644 --- a/src/ssl.h +++ b/src/tls.h @@ -22,8 +22,8 @@ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#ifndef SSL_H -#define SSL_H +#ifndef TLS_H +#define TLS_H #include "nghttp2_config.h" @@ -33,7 +33,7 @@ namespace nghttp2 { -namespace ssl { +namespace tls { // Acquire OpenSSL global lock to share SSL_CTX across multiple // threads. The constructor acquires lock and destructor unlocks. @@ -113,8 +113,8 @@ void libssl_init(); // 0 if it succeeds, or -1. int ssl_ctx_set_proto_versions(SSL_CTX *ssl_ctx, int min, int max); -} // namespace ssl +} // namespace tls } // namespace nghttp2 -#endif // SSL_H +#endif // TLS_H