Uli Schlachter [Fri, 8 Dec 2017 12:33:16 +0000 (13:33 +0100)]
Simplify "is this utf8?"-check
Currently the code tries to convert from UTF-8 to UTF-8 in strict mode
to check if a given string is valid. As suggested in [1], just checking
if a given string is valid UTF-8 can be done in a simpler way via
u_strFromUTF8, a function that converts from UTF-8 to UTF-16, but
calling it in such a way that it does not actually produce any output.
Uli Schlachter [Fri, 8 Dec 2017 12:15:11 +0000 (13:15 +0100)]
Make sockets inherit encoding from their parent socket
Doing SetEncoding() on a listener is kind of pointless since no data is
transferred. This commit changes the code so that this encoding is
inherited by sockets accepted by the listener.
Uli Schlachter [Wed, 8 Feb 2017 16:11:24 +0000 (17:11 +0100)]
Add basic support for UNIX sockets
This adds some basic support for listening on and connecting to UNIX
sockets. Since a lot of code assumes, for example, that an IP address
and a port number is present, this socket will behave weirdly in various
situations, for example when listing all sockets and their remote
address. However, transferring data does work.
This also adds a simple test program to demonstrate this new support.
This program is an echo server and client in one process. It listens on
a UNIX socket, connects to it and sends the string "Hello World!" back
and forth. When run, the output is:
Incoming connection from localhost on port 0
Echoing: Hello World!
Client disconnected
We can already see in this output that the remote address is not
identified correctly.
Since this program leaves the socket behind (does not delete the
socket), running the sample program again results in:
Listener error: Address already in use
Failed to listen on 'echo'!
William Elwood [Sat, 3 Sep 2016 19:44:28 +0000 (20:44 +0100)]
Fix use of features deprecated in OpenSSL 1.1
If OpenSSL 1.1 is configured in such a way that features deprecated in 1.1.0 are not built, then compile errors would result here.
If I'm reading the previous algorithm correctly then this changes the meaning of `m_iMethod` in `SSLClientSetup` and `SetupServerCTX`:
- By default, it uses the version-flexible SSLv23_*_method/TLS_*_method and trusts the SSL library to do the right thing. [unchanged]
- For non-default `m_iMethod` where the SSL library supports that version, then it uses that version only. [unchanged]
- For non-default `m_iMethod` where the SSL library does not support that version, now it always uses the version-flexible SSLv23_*_method/TLS_*_method and trusts the SSL library to do the right thing. [changed?]
It also looks like there's a minor bug in the old algorithm in `SetupServerCTX` where asking for TLS1 with an SSL library not supporting TLS1.1 would bypass the TLS1 case and fall through to the default case (`case TLS1:` is inside the TLS1_1_VERSION guard).
William Elwood [Sat, 3 Sep 2016 18:27:45 +0000 (19:27 +0100)]
Fix use of a feature deprecated in OpenSSL 1.0
If OpenSSL 1.1 is configured in such a way that features deprecated in 1.0.0 are not built, then compile errors would result here.
If it is also configured in such a way that features deprecated in 1.1.0 are not built, then compile errors would result from the replacement API (which was of course deprecated in 1.1).
Bernard Spil [Sat, 7 Mar 2015 13:55:51 +0000 (14:55 +0100)]
Fix build with LibreSSL
LibreSSL does not include openssl/comp.h from openssl/ssl.h making build of Csocket fail. this patch fixes this error.
(cherry picked from commit 5494c125599fbe02e6d7839d1a8ebeffe3e77907)
Bernard Spil [Fri, 9 Oct 2015 07:04:43 +0000 (09:04 +0200)]
Fix build when OpenSSL is built without SSLv3
If OpenSSL is built without SSLv3 support (configure --no-ssl3), this will fail to build. Patch fixes that. Please see https://github.com/pcbsd/freebsd-ports/blob/master/irc/znc/files/patch-src_Csocket.cpp as well. This is intended to be applied to the FreeBSD ports tree as well.
As a side note: You may wish to refactor the code to only use SSLv23_ methods and set SSL_OP_NO_* using SSL_CTX_set_options. This seems to be the canonical way to be able to negotiate any SSL/TLS version. In addition, OpenSSL 1.1 will be marking SSLv23_ methods as deprecated and replace them with TLS_ methods.
(cherry picked from commit 4dda6ada04fe334cf4a337d9138cc48fc346a992)
Bernard Spil [Fri, 9 Oct 2015 07:04:43 +0000 (09:04 +0200)]
Fix build when OpenSSL is built without SSLv3
If OpenSSL is built without SSLv3 support (configure --no-ssl3), this will fail to build. Patch fixes that. Please see https://github.com/pcbsd/freebsd-ports/blob/master/irc/znc/files/patch-src_Csocket.cpp as well. This is intended to be applied to the FreeBSD ports tree as well.
As a side note: You may wish to refactor the code to only use SSLv23_ methods and set SSL_OP_NO_* using SSL_CTX_set_options. This seems to be the canonical way to be able to negotiate any SSL/TLS version. In addition, OpenSSL 1.1 will be marking SSLv23_ methods as deprecated and replace them with TLS_ methods.
James Taylor [Fri, 26 Dec 2014 10:25:16 +0000 (10:25 +0000)]
Change namespace for <fcntl.h>
* Fixes warnings under musl-libc.
* <fcntl.h> should be universal in the Unix world, it's more likely a system doesn't have <sys/fcntl.h> than if it doesn't have <fcntl.h> (and has <sys/fcntl.h>.)