34 static std::unique_ptr<XrdTlsContext>
tlsContext =
nullptr;
47 static void MsgCallBack(
const char *tid,
const char *msg,
bool sslmsg)
56 inline static void Once()
58 static SetTlsMsgCB instance;
76 static int TlsDbgLvl()
79 std::string tlsDbgLvl;
98 static std::mutex tls_mutex;
99 std::lock_guard<std::mutex> tls_lock(tls_mutex);
108 env->
GetInt(
"NoTlsOK", notls);
113 const char *cadir = getenv(
"X509_CERT_DIR");
114 const char *cafile = getenv(
"X509_CERT_FILE");
116 if (!cadir && !cafile)
117 cadir =
"/etc/grid-security/certificates";
120 const mode_t camode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH;
124 env->
PutInt(
"NoTlsOK", 1);
128 std::string
emsg =
"unknown error";
129 tlsContext = std::make_unique<XrdTlsContext>(
nullptr,
nullptr, cadir, cafile, 0ul, &
emsg);
134 env->
PutInt(
"NoTlsOK", 1);
152 throw std::runtime_error(
"Failed to initialize TLS" );
165 const char *verhost = 0;
166 if( thehost !=
"localhost" && thehost !=
"127.0.0.1" && thehost !=
"[::1]" )
167 verhost = thehost.c_str();
168 XrdTls::RC error = pTls->Connect( verhost, &errmsg );
184 if( pTls->NeedHandShake() )
192 if( !st.
IsOK() )
return st;
201 if( !st.
IsOK() )
return st;
209 if( !st.
IsOK() )
return st;
222 XrdTls::RC error = pTls->Read( buffer, size, bytesRead );
228 if( !status.
IsOK() )
return status;
230 if( pTls->NeedHandShake() )
238 if( !st.
IsOK() )
return st;
246 pTlsHSRevert = ReadOnWrite;
248 if( !st.
IsOK() ) status = st;
259 if( pTlsHSRevert == ReadOnWrite )
262 if( !st.
IsOK() ) status = st;
282 for(
int i = 0; i < iocnt; ++i )
285 auto st =
Read(
static_cast<char*
>(
iov[i].iov_base ),
286 iov[i].iov_len, btsread );
287 if( !st.IsOK() )
return st;
288 bytesRead += btsread;
289 if( st.code ==
suRetry )
return st;
300 XrdTls::RC error = pTls->Write( buffer, size, bytesWritten );
306 if( !status.
IsOK() )
return status;
311 if( pTls->NeedHandShake() )
319 if( !st.
IsOK() )
return st;
327 pTlsHSRevert = WriteOnRead;
329 if( !st.
IsOK() ) status = st;
340 if( pTlsHSRevert == WriteOnRead )
343 if( !st.
IsOK() ) status = st;
353 if( bytesWritten == 0 )
404 if( pTlsHSRevert == ReadOnWrite )
411 else if( pTlsHSRevert == WriteOnRead )
static std::unique_ptr< XrdTlsContext > tlsContext
int emsg(int rc, char *msg)
XRootDStatus EnableUplink()
Enable uplink.
XRootDStatus DisableUplink()
Disable uplink.
static Log * GetLog()
Get default log.
static Env * GetEnv()
Get default client environment.
bool PutInt(const std::string &key, int value)
bool GetString(const std::string &key, std::string &value)
bool GetInt(const std::string &key, int &value)
void Error(uint64_t topic, const char *format,...)
Report an error.
void Debug(uint64_t topic, const char *format,...)
Print a debug message.
@ ReadyToWrite
Writing won't block.
@ ReadyToRead
New data has arrived.
int GetFD()
Get the file descriptor.
Tls(Socket *socket, AsyncSocketHandler *socketHandler)
Constructor - creates async TLS layer for given socker file descriptor.
XRootDStatus ReadV(iovec *iov, int iocnt, int &bytesRead)
XRootDStatus Read(char *buffer, size_t size, int &bytesRead)
uint8_t MapEvent(uint8_t event)
static void ClearErrorQueue()
Clear the error queue for the calling thread.
XRootDStatus Send(const char *buffer, size_t size, int &bytesWritten)
void Shutdown()
Shutdown the TLS/SSL connection.
XRootDStatus Connect(const std::string &thehost, XrdNetAddrInfo *netInfo)
Establish a TLS/SSL session and perform host verification.
void SetErrorMessage(const std::string &message)
Set the error message.
static const char * ValPath(const char *path, mode_t allow, bool isdir)
Socket wrapper for TLS I/O.
@ TLS_HS_NOBLK
Do not block during handshake.
@ TLS_RNB_WNB
Non-blocking read non-blocking write.
static void SetMsgCB(msgCB_t cbP)
static std::string RC2Text(XrdTls::RC rc, bool dbg=false)
static const int dbgSIO
Turn debugging in for socket I/O.
static const int dbgSOK
Turn debugging in for socket operations.
static const int dbgOUT
Force msgs to stderr for easier client debug.
static void ClearErrorQueue()
Clear the SSL error queue for the calling thread.
static const int dbgALL
Turn debugging for everything.
static const int dbgOFF
Turn debugging off (initial deault)
@ TLS_AOK
All went well, will always be zero.
@ TLS_WantWrite
Reissue call when writes do not block.
@ TLS_HNV_Error
A hostname validation error occuured.
@ TLS_CON_Closed
TLS connection has been closed.
@ TLS_WantRead
Reissue call when reads do not block.
@ TLS_VER_Error
Certificate verification failed.
@ TLS_UNK_Error
An unknown error occurred.
@ TLS_SYS_Error
A system call error occurred.
@ TLS_WantConnect
Reissue call when Connect() completes.
@ TLS_SSL_Error
An SSL error occurred.
static const int dbgCTX
Turn debugging in for context operations.
static void SetDebug(int opts, XrdSysLogger *logP=0)
const uint16_t errTlsError
const uint16_t stFatal
Fatal error, it's still an error.
const uint16_t stError
An error occurred that could potentially be retried.
const uint16_t stOK
Everything went OK.
const uint16_t errSocketError
none object for initializing empty Optional
bool IsOK() const
We're fine.