Lines Matching refs:tls
68 tls{DefaultMemchunks(mcpool), DefaultPeekMemchunks(mcpool),
100 if (tls.ssl) {
102 SSL_set_shutdown(tls.ssl,
103 SSL_get_shutdown(tls.ssl) | SSL_RECEIVED_SHUTDOWN);
106 if (tls.cached_session) {
107 SSL_SESSION_free(tls.cached_session);
108 tls.cached_session = nullptr;
111 if (tls.cached_session_lookup_req) {
112 tls.cached_session_lookup_req->canceled = true;
113 tls.cached_session_lookup_req = nullptr;
116 SSL_shutdown(tls.ssl);
119 SSL_free(tls.ssl);
120 tls.ssl = nullptr;
122 tls.wbuf.reset();
123 tls.rbuf.reset();
124 tls.last_write_idle = {};
125 tls.warmup_writelen = 0;
126 tls.last_writelen = 0;
127 tls.last_readlen = 0;
128 tls.handshake_state = TLSHandshakeState::NORMAL;
129 tls.initial_handshake_done = false;
130 tls.reneg_started = false;
131 tls.sct_requested = false;
132 tls.early_data_finish = false;
151 SSL_set_connect_state(tls.ssl);
153 tls.early_data_finish = true;
157 auto &tlsconf = get_config()->tls;
161 SSL_set_bio(tls.ssl, bio, bio);
164 SSL_set_accept_state(tls.ssl);
165 tls.server_handshake = true;
177 auto &wbuf = conn->tls.wbuf;
181 if (conn->tls.initial_handshake_done) {
218 auto &rbuf = conn->tls.rbuf;
222 if (conn->tls.initial_handshake_done && rbuf.rleft() == 0) {
324 tls.ssl = ssl;
326 SSL_set_app_data(tls.ssl, this);
343 auto &tlsconf = get_config()->tls;
345 if (!tls.server_handshake || tlsconf.session_cache.memcached.host.empty()) {
355 LOG(INFO) << "tls: handshake read error";
359 tls.rbuf.append(buf.data(), nread);
360 if (read_buffer_full(tls.rbuf)) {
365 if (tls.initial_handshake_done) {
369 switch (tls.handshake_state) {
376 tls.wbuf.reset();
378 tls.rbuf.disable_peek(false);
380 auto ssl_ctx = SSL_get_SSL_CTX(tls.ssl);
381 auto ssl_opts = SSL_get_options(tls.ssl);
382 SSL_free(tls.ssl);
384 auto ssl = tls::create_ssl(ssl_ctx);
396 tls.handshake_state = TLSHandshakeState::NORMAL;
400 tls.handshake_state = TLSHandshakeState::NORMAL;
411 if (!tls.server_handshake || tls.early_data_finish) {
412 rv = SSL_do_handshake(tls.ssl);
417 rv = SSL_read_early_data(tls.ssl, buf.data(), buf.size(), &nread);
426 (tls.handshake_state == TLSHandshakeState::WRITE_STARTED ||
427 tls.wbuf.rleft()) &&
428 tls.earlybuf.rleft()) {
436 LOG(INFO) << "tls: read early data " << nread << " bytes";
439 tls.earlybuf.append(buf.data(), nread);
443 LOG(INFO) << "tls: read all early data; total "
444 << tls.earlybuf.rleft() << " bytes";
446 tls.early_data_finish = true;
449 (tls.handshake_state == TLSHandshakeState::WRITE_STARTED ||
450 tls.wbuf.rleft()) &&
451 tls.earlybuf.rleft()) {
455 rv = SSL_do_handshake(tls.ssl);
462 rv = SSL_do_handshake(tls.ssl);
466 auto err = SSL_get_error(tls.ssl, rv);
469 if (read_buffer_full(tls.rbuf)) {
471 LOG(INFO) << "tls: handshake message is too large";
480 LOG(INFO) << "tls: handshake libssl error: "
485 auto iovcnt = tls.wbuf.riovec(iov, 1);
488 tls.wbuf.drain(nwrite);
495 LOG(INFO) << "tls: handshake libssl error " << err;
501 if (tls.handshake_state == TLSHandshakeState::WAIT_FOR_SESSION_CACHE) {
503 LOG(INFO) << "tls: handshake is still in progress";
513 || SSL_in_init(tls.ssl)
516 tls.wbuf.rleft()) {
518 if (tls.handshake_state != TLSHandshakeState::WRITE_STARTED) {
519 tls.handshake_state = TLSHandshakeState::WRITE_STARTED;
521 tls.rbuf.disable_peek(true);
524 auto iovcnt = tls.wbuf.riovec(iov.data(), iov.size());
528 LOG(INFO) << "tls: handshake write error";
532 tls.wbuf.drain(nwrite);
534 if (tls.wbuf.rleft()) {
540 if (!read_buffer_full(tls.rbuf)) {
547 LOG(INFO) << "tls: handshake is still in progress";
553 if (!tlsconf.no_postpone_early_data && SSL_in_early_data(tls.ssl) &&
554 SSL_in_init(tls.ssl)) {
555 auto nread = SSL_read(tls.ssl, buf.data(), buf.size());
557 auto err = SSL_get_error(tls.ssl, nread);
577 tls.earlybuf.append(buf.data(), nread);
580 if (SSL_in_init(tls.ssl)) {
594 tls.rbuf.disable_peek(true);
596 tls.initial_handshake_done = true;
605 if (tls.initial_handshake_done) {
609 if (SSL_get_fd(tls.ssl) == -1) {
610 SSL_set_fd(tls.ssl, fd);
615 auto &tlsconf = get_config()->tls;
622 if (!tls.server_handshake || tls.early_data_finish) {
623 rv = SSL_do_handshake(tls.ssl);
628 rv = SSL_read_early_data(tls.ssl, buf.data(), buf.size(), &nread);
636 if (tlsconf.no_postpone_early_data && tls.earlybuf.rleft()) {
644 LOG(INFO) << "tls: read early data " << nread << " bytes";
647 tls.earlybuf.append(buf.data(), nread);
651 LOG(INFO) << "tls: read all early data; total "
652 << tls.earlybuf.rleft() << " bytes";
654 tls.early_data_finish = true;
656 if (tlsconf.no_postpone_early_data && tls.earlybuf.rleft()) {
660 rv = SSL_do_handshake(tls.ssl);
667 rv = SSL_do_handshake(tls.ssl);
671 auto err = SSL_get_error(tls.ssl, rv);
674 if (read_buffer_full(tls.rbuf)) {
676 LOG(INFO) << "tls: handshake message is too large";
687 LOG(INFO) << "tls: handshake libssl error: "
694 LOG(INFO) << "tls: handshake libssl error " << err;
702 LOG(INFO) << "tls: handshake is still in progress";
708 if (!tlsconf.no_postpone_early_data && SSL_in_early_data(tls.ssl) &&
709 SSL_in_init(tls.ssl)) {
710 auto nread = SSL_read(tls.ssl, buf.data(), buf.size());
712 auto err = SSL_get_error(tls.ssl, nread);
732 tls.earlybuf.append(buf.data(), nread);
735 if (SSL_in_init(tls.ssl)) {
748 tls.initial_handshake_done = true;
755 while (tls.wbuf.rleft()) {
757 auto iovcnt = tls.wbuf.riovec(iov.data(), iov.size());
761 LOG(INFO) << "tls: handshake write error";
771 tls.wbuf.drain(nwrite);
775 if (!SSL_in_init(tls.ssl)) {
777 auto nwrite = SSL_write(tls.ssl, "", 0);
779 auto err = SSL_get_error(tls.ssl, nwrite);
808 // We may have whole request in tls.rbuf. This means that we don't
815 nghttp2::tls::TLSSessionInfo tls_info{};
816 if (nghttp2::tls::get_tls_session_info(&tls_info, tls.ssl)) {
834 SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len);
838 SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len);
845 if (!nghttp2::tls::check_http2_tls_version(tls.ssl)) {
853 if (tls.server_handshake) {
854 check_block_list = !get_config()->tls.no_http2_cipher_block_list;
856 check_block_list = !get_config()->tls.client.no_http2_cipher_block_list;
860 nghttp2::tls::check_http2_cipher_block_list(tls.ssl)) {
883 if (tls.last_write_idle.time_since_epoch().count() >= 0 &&
884 t - tls.last_write_idle > tls_dyn_rec_idle_timeout) {
886 tls.warmup_writelen = 0;
890 if (tls.warmup_writelen >= tls_dyn_rec_warmup_threshold) {
898 if (tls.warmup_writelen < tls_dyn_rec_warmup_threshold) {
899 tls.warmup_writelen += n;
904 if (tls.last_write_idle.time_since_epoch().count() < 0) {
905 tls.last_write_idle = std::chrono::steady_clock::now();
915 // tls.last_writelen if SSL_write indicated I/O blocking.
916 if (tls.last_writelen == 0) {
923 len = tls.last_writelen;
924 tls.last_writelen = 0;
927 tls.last_write_idle = std::chrono::steady_clock::time_point(-1s);
929 auto &tlsconf = get_config()->tls;
931 tls.server_handshake && !tlsconf.session_cache.memcached.host.empty();
937 if (SSL_is_init_finished(tls.ssl)) {
938 rv = SSL_write(tls.ssl, data, len);
941 rv = SSL_write_early_data(tls.ssl, data, len, &nwrite);
948 auto rv = SSL_write(tls.ssl, data, len);
952 auto err = SSL_get_error(tls.ssl, rv);
960 tls.last_writelen = len;
1000 if (tls.earlybuf.rleft()) {
1001 return tls.earlybuf.remove(data, len);
1012 if (tls.last_readlen == 0) {
1018 len = tls.last_readlen;
1019 tls.last_readlen = 0;
1022 auto &tlsconf = get_config()->tls;
1024 tls.server_handshake && !tlsconf.session_cache.memcached.host.empty();
1027 if (!tls.early_data_finish) {
1030 auto rv = SSL_read_early_data(tls.ssl, data, len, &nread);
1032 auto err = SSL_get_error(tls.ssl, rv);
1035 tls.last_readlen = len;
1052 LOG(INFO) << "tls: read early data " << nread << " bytes";
1057 LOG(INFO) << "tls: read all early data";
1059 tls.early_data_finish = true;
1072 auto rv = SSL_read(tls.ssl, data, len);
1075 auto err = SSL_get_error(tls.ssl, rv);
1078 tls.last_readlen = len;
1255 if (SSL_version(tls.ssl) == TLS1_3_VERSION) {