http: make ustream_ssl optional, only use provided ssl context

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0d48175cab222b452a18ea6ed6e360319aa0c701..f7fd05114c61c5ad16791ca9ad56ac89dbc5856d 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -13,10 +13,10 @@ IF(APPLE)
 ENDIF()
 
 ADD_LIBRARY(uclient SHARED uclient.c uclient-http.c uclient-utils.c)
-TARGET_LINK_LIBRARIES(uclient ubox ustream-ssl)
+TARGET_LINK_LIBRARIES(uclient ubox dl)
 
 ADD_EXECUTABLE(uclient-example uclient-example.c)
-TARGET_LINK_LIBRARIES(uclient-example uclient)
+TARGET_LINK_LIBRARIES(uclient-example uclient ustream-ssl)
 
 INSTALL(FILES uclient.h uclient-utils.h
        DESTINATION include/libubox

diff --git a/uclient-example.c b/uclient-example.c
index a54aa889d202d5c6d8b9b32e843bf94da0009881..8c9d3e6d20e3304053c3a14e0cd454d052c5d81d 100644 (file)
--- a/uclient-example.c
+++ b/uclient-example.c
@@ -155,7 +155,7 @@ int main(int argc, char **argv)
                return 1;
        }
 
-       uclient_http_set_ssl_ctx(cl, ctx, verify);
+       uclient_http_set_ssl_ctx(cl, &ustream_ssl_ops, ctx, verify);
        example_request_sm(cl);
        uloop_run();
        uloop_done();

diff --git a/uclient-http.c b/uclient-http.c
index 83eac58f1ea9e24fece60ac7ac259378c0893fa6..e7d3ff0e1d175ae85bc63d4074a0e1160a330cf4 100644 (file)
--- a/uclient-http.c
+++ b/uclient-http.c
@@ -61,6 +61,7 @@ static const char * const request_types[__REQ_MAX] = {
 struct uclient_http {
        struct uclient uc;
 
+       const struct ustream_ssl_ops *ssl_ops;
        struct ustream_ssl_ctx *ssl_ctx;
        struct ustream *us;
 
@@ -68,7 +69,6 @@ struct uclient_http {
        struct ustream_ssl ussl;
 
        bool ssl_require_validation;
-       bool ssl_ctx_ext;
        bool ssl;
        bool eof;
        bool connection_close;
@@ -654,13 +654,15 @@ static int uclient_setup_http(struct uclient_http *uh)
        int ret;
 
        uh->us = us;
+       uh->ssl = false;
+
        us->string_data = true;
        us->notify_state = uclient_notify_state;
        us->notify_read = uclient_notify_read;
 
        ret = uclient_do_connect(uh, "80");
        if (ret)
-               return ret;
+               return UCLIENT_ERROR_CONNECT;
 
        return 0;
 }
@@ -715,12 +717,12 @@ static int uclient_setup_https(struct uclient_http *uh)
        uh->ssl = true;
        uh->us = us;
 
+       if (!uh->ssl_ctx)
+               return UCLIENT_ERROR_MISSING_SSL_CONTEXT;
+
        ret = uclient_do_connect(uh, "443");
        if (ret)
-               return ret;
-
-       if (!uh->ssl_ctx)
-               uh->ssl_ctx = ustream_ssl_context_new(false);
+               return UCLIENT_ERROR_CONNECT;
 
        us->string_data = true;
        us->notify_state = uclient_ssl_notify_state;
@@ -728,8 +730,8 @@ static int uclient_setup_https(struct uclient_http *uh)
        uh->ussl.notify_error = uclient_ssl_notify_error;
        uh->ussl.notify_verify_error = uclient_ssl_notify_verify_error;
        uh->ussl.notify_connected = uclient_ssl_notify_connected;
-       ustream_ssl_init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false);
-       ustream_ssl_set_peer_cn(&uh->ussl, uh->uc.url->host);
+       uh->ssl_ops->init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false);
+       uh->ssl_ops->set_peer_cn(&uh->ussl, uh->uc.url->host);
 
        return 0;
 }
@@ -751,9 +753,6 @@ static int uclient_http_connect(struct uclient *cl)
        else
                ret = uclient_setup_http(uh);
 
-       if (ret)
-               uclient_http_error(uh, UCLIENT_ERROR_CONNECT);
-
        return ret;
 }
 
@@ -769,18 +768,16 @@ static struct uclient *uclient_http_alloc(void)
 
 static void uclient_http_free_ssl_ctx(struct uclient_http *uh)
 {
-       if (uh->ssl_ctx && !uh->ssl_ctx_ext)
-               ustream_ssl_context_free(uh->ssl_ctx);
-
-       uh->ssl_ctx_ext = false;
+       uh->ssl_ops = NULL;
+       uh->ssl_ctx = NULL;
 }
 
 static void uclient_http_free(struct uclient *cl)
 {
        struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
 
-       uclient_http_free_ssl_ctx(uh);
        uclient_http_free_url_state(cl);
+       uclient_http_free_ssl_ctx(uh);
        blob_buf_free(&uh->headers);
        blob_buf_free(&uh->meta);
        free(uh);
@@ -976,7 +973,8 @@ bool uclient_http_redirect(struct uclient *cl)
        return true;
 }
 
-int uclient_http_set_ssl_ctx(struct uclient *cl, struct ustream_ssl_ctx *ctx, bool require_validation)
+int uclient_http_set_ssl_ctx(struct uclient *cl, const struct ustream_ssl_ops *ops,
+                            struct ustream_ssl_ctx *ctx, bool require_validation)
 {
        struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
 
@@ -986,8 +984,8 @@ int uclient_http_set_ssl_ctx(struct uclient *cl, struct ustream_ssl_ctx *ctx, bo
        uclient_http_free_url_state(cl);
 
        uclient_http_free_ssl_ctx(uh);
+       uh->ssl_ops = ops;
        uh->ssl_ctx = ctx;
-       uh->ssl_ctx_ext = !!ctx;
        uh->ssl_require_validation = !!ctx && require_validation;
 
        return 0;

diff --git a/uclient.h b/uclient.h
index 25990c06fca3a5b6e9855def09ae863cc3e3a0a8..95b6d57a521bd33e53260c6ab86499897421bd36 100644 (file)
--- a/uclient.h
+++ b/uclient.h
@@ -32,6 +32,7 @@ enum uclient_error_code {
        UCLIENT_ERROR_CONNECT,
        UCLIENT_ERROR_SSL_INVALID_CERT,
        UCLIENT_ERROR_SSL_CN_MISMATCH,
+       UCLIENT_ERROR_MISSING_SSL_CONTEXT,
 };
 
 union uclient_addr {
@@ -85,6 +86,7 @@ int uclient_http_set_header(struct uclient *cl, const char *name, const char *va
 int uclient_http_set_request_type(struct uclient *cl, const char *type);
 bool uclient_http_redirect(struct uclient *cl);
 
-int uclient_http_set_ssl_ctx(struct uclient *cl, struct ustream_ssl_ctx *ctx, bool require_validation);
+int uclient_http_set_ssl_ctx(struct uclient *cl, const struct ustream_ssl_ops *ops,
+                            struct ustream_ssl_ctx *ctx, bool require_validation);
 
 #endif