/* SPDX-License-Identifier: LGPL-2.1+ */
-#if !ENABLE_DNS_OVER_TLS || !HAVE_GNUTLS
+#if !ENABLE_DNS_OVER_TLS || !DNS_OVER_TLS_USE_GNUTLS
#error This source file requires DNS-over-TLS to be enabled and GnuTLS to be available.
#endif
-#include "resolved-dnstls.h"
-#include "resolved-dns-stream.h"
-
#include <gnutls/socket.h>
+#include "resolved-dns-stream.h"
+#include "resolved-dnstls.h"
+
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
if (r < 0)
return r;
- r = gnutls_credentials_set(gs, GNUTLS_CRD_CERTIFICATE, server->dnstls_data.cert_cred);
+ r = gnutls_credentials_set(gs, GNUTLS_CRD_CERTIFICATE, stream->manager->dnstls_data.cert_cred);
if (r < 0)
return r;
gnutls_deinit(stream->dnstls_data.session);
}
-int dnstls_stream_on_io(DnsStream *stream) {
+int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) {
int r;
assert(stream);
assert(stream->encrypted);
assert(stream->dnstls_data.session);
- /* Store TLS Ticket for faster succesive TLS handshakes */
+ /* Store TLS Ticket for faster successive TLS handshakes */
if (stream->server && stream->server->dnstls_data.session_data.size == 0 && stream->dnstls_data.handshake == GNUTLS_E_SUCCESS)
gnutls_session_get_data2(stream->dnstls_data.session, &stream->server->dnstls_data.session_data);
case GNUTLS_E_AGAIN:
return -EAGAIN;
default:
- log_debug("Failed to invoke gnutls_record_send: %s", gnutls_strerror(ss));
- return -EPIPE;
+ return log_debug_errno(SYNTHETIC_ERRNO(EPIPE),
+ "Failed to invoke gnutls_record_send: %s",
+ gnutls_strerror(ss));
}
return ss;
case GNUTLS_E_AGAIN:
return -EAGAIN;
default:
- log_debug("Failed to invoke gnutls_record_recv: %s", gnutls_strerror(ss));
- return -EPIPE;
+ return log_debug_errno(SYNTHETIC_ERRNO(EPIPE),
+ "Failed to invoke gnutls_record_recv: %s",
+ gnutls_strerror(ss));
}
return ss;
}
-void dnstls_server_init(DnsServer *server) {
+void dnstls_server_free(DnsServer *server) {
assert(server);
- /* Do not verify cerificate */
- gnutls_certificate_allocate_credentials(&server->dnstls_data.cert_cred);
+ if (server->dnstls_data.session_data.data)
+ gnutls_free(server->dnstls_data.session_data.data);
}
-void dnstls_server_free(DnsServer *server) {
- assert(server);
+int dnstls_manager_init(Manager *manager) {
+ int r;
+ assert(manager);
- if (server->dnstls_data.cert_cred)
- gnutls_certificate_free_credentials(server->dnstls_data.cert_cred);
+ r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
+ if (r < 0)
+ return -ENOMEM;
- if (server->dnstls_data.session_data.data)
- gnutls_free(server->dnstls_data.session_data.data);
+ return 0;
+}
+
+void dnstls_manager_free(Manager *manager) {
+ assert(manager);
+
+ if (manager->dnstls_data.cert_cred)
+ gnutls_certificate_free_credentials(manager->dnstls_data.cert_cred);
}