mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-08-10 11:50:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update TlsInit to re-apply suites/psks for repeated initializations.

Browse source 
Added ProgramSslInit to re-initialize manually when needed.
This commit is contained in:
Paul Kulchenko 2022-02-20 16:12:48 -08:00
parent 0fb21243fe
commit 9af60298da
1 changed files with 21 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

31
tool/net/redbean.c
View file

@ -5174,6 +5174,11 @@ static int LuaProgramSslFetchVerify(lua_State *L) {
return LuaProgramBool(L, &sslfetchverify); return LuaProgramBool(L, &sslfetchverify);
} }
static int LuaProgramSslInit(lua_State *L) {
TlsInit();
return 0;
}
static int LuaProgramLogMessages(lua_State *L) { static int LuaProgramLogMessages(lua_State *L) {
return LuaProgramBool(L, &logmessages); return LuaProgramBool(L, &logmessages);
} }
@ -5673,6 +5678,7 @@ static const luaL_Reg kLuaFuncs[] = {
{"ProgramSslCiphersuite", LuaProgramSslCiphersuite}, // {"ProgramSslCiphersuite", LuaProgramSslCiphersuite}, //
{"ProgramSslClientVerify", LuaProgramSslClientVerify}, // {"ProgramSslClientVerify", LuaProgramSslClientVerify}, //
{"ProgramSslCompression", LuaProgramSslCompression}, // {"ProgramSslCompression", LuaProgramSslCompression}, //
{"ProgramSslInit", LuaProgramSslInit}, //
{"ProgramSslFetchVerify", LuaProgramSslFetchVerify}, // {"ProgramSslFetchVerify", LuaProgramSslFetchVerify}, //
{"ProgramSslPresharedKey", LuaProgramSslPresharedKey}, // {"ProgramSslPresharedKey", LuaProgramSslPresharedKey}, //
{"ProgramSslTicketLifetime", LuaProgramSslTicketLifetime}, // {"ProgramSslTicketLifetime", LuaProgramSslTicketLifetime}, //
@ -6996,17 +7002,18 @@ static void TlsInit(void) {
#ifndef UNSECURE #ifndef UNSECURE
int suite; int suite;
if (sslinitialized) return; if (!sslinitialized) {
sslinitialized = true; InitializeRng(&rng);
InitializeRng(&rngcli);
cachain = GetSslRoots();
suite = suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_SUITEC;
mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM, suite);
mbedtls_ssl_config_defaults(&confcli, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM, suite);
}
InitializeRng(&rng); // the following setting can be re-applied even when SSL/TLS is initialized
InitializeRng(&rngcli);
cachain = GetSslRoots();
suite = suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_SUITEC;
mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM, suite);
mbedtls_ssl_config_defaults(&confcli, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM, suite);
if (suites.n) { if (suites.n) {
mbedtls_ssl_conf_ciphersuites(&conf, suites.p); mbedtls_ssl_conf_ciphersuites(&conf, suites.p);
mbedtls_ssl_conf_ciphersuites(&confcli, suites.p); mbedtls_ssl_conf_ciphersuites(&confcli, suites.p);
@ -7023,6 +7030,10 @@ static void TlsInit(void) {
mbedtls_ssl_conf_session_tickets_cb(&conf, mbedtls_ssl_ticket_write, mbedtls_ssl_conf_session_tickets_cb(&conf, mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse, &ssltick); mbedtls_ssl_ticket_parse, &ssltick);
} }
if (sslinitialized) return;
sslinitialized = true;
LoadCertificates(); LoadCertificates();
mbedtls_ssl_conf_sni(&conf, TlsRoute, 0); mbedtls_ssl_conf_sni(&conf, TlsRoute, 0);
mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0); mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0);