"Fossies" - the Fresh Open Source Software Archive

Member "hitch-1.7.2/src/hitch.c" (29 Nov 2021, 104116 Bytes) of package /linux/www/hitch-1.7.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "hitch.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1.7.0_vs_1.7.2.

    1 /**
    2   * Copyright 2015-2016 Varnish Software
    3   * Copyright 2011 Bump Technologies, Inc. All rights reserved.
    4   *
    5   * Redistribution and use in source and binary forms, with or without
    6   * modification, are permitted provided that the following conditions
    7   * are met:
    8   *
    9   *    1. Redistributions of source code must retain the above
   10   *       copyright notice, this list of conditions and the following
   11   *       disclaimer.
   12   *
   13   *    2. Redistributions in binary form must reproduce the above
   14   *       copyright notice, this list of conditions and the following
   15   *       disclaimer in the documentation and/or other materials
   16   *       provided with the distribution.
   17   *
   18   * THIS SOFTWARE IS PROVIDED BY BUMP TECHNOLOGIES, INC. ``AS IS'' AND
   19   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   20   * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
   21   * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BUMP
   22   * TECHNOLOGIES, INC. OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
   23   * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   24   * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   25   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   26   * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   27   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
   28   * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
   29   * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   30   *
   31   * The views and conclusions contained in the software and
   32   * documentation are those of the authors and should not be
   33   * interpreted as representing official policies, either expressed or
   34   * implied, of Bump Technologies, Inc.
   35   *
   36   */
   37 
   38 #include "config.h"
   39 
   40 #include <openssl/x509.h>
   41 #include <openssl/x509_vfy.h>
   42 #include <openssl/engine.h>
   43 #include <sys/socket.h>
   44 #include <sys/time.h>
   45 #include <sys/types.h>
   46 #include <sys/un.h>
   47 #include <sys/wait.h>  /* WAIT_PID */
   48 
   49 #ifdef __linux__
   50 #  include <sys/prctl.h>
   51 #endif
   52 
   53 #ifdef __sun
   54 #  include <sys/filio.h>
   55 #endif
   56 
   57 #include <net/if.h>
   58 #include <netinet/in.h>
   59 #include <netinet/tcp.h>  /* TCP_NODELAY */
   60 
   61 #include <ctype.h>
   62 #include <errno.h>
   63 #include <getopt.h>
   64 #include <grp.h>
   65 #include <libgen.h>
   66 #include <limits.h>
   67 #include <netdb.h>
   68 #include <pwd.h>
   69 #include <sched.h>
   70 #include <signal.h>
   71 #include <stdarg.h>
   72 #include <stdlib.h>
   73 #include <string.h>
   74 #include <strings.h>
   75 #include <time.h>
   76 #include <unistd.h>
   77 
   78 #include "configuration.h"
   79 #include "hitch.h"
   80 #include "hssl_locks.h"
   81 #include "logging.h"
   82 #include "proxyv2.h"
   83 #include "ocsp.h"
   84 #include "shctx.h"
   85 #include "foreign/vpf.h"
   86 #include "foreign/uthash.h"
   87 #include "foreign/vsa.h"
   88 
   89 #ifndef MSG_NOSIGNAL
   90 #  define MSG_NOSIGNAL 0
   91 #endif
   92 #ifndef AI_ADDRCONFIG
   93 #  define AI_ADDRCONFIG 0
   94 #endif
   95 
   96 /* For Mac OS X */
   97 #ifndef TCP_KEEPIDLE
   98 #  ifdef TCP_KEEPALIVE
   99 #    define TCP_KEEPIDLE TCP_KEEPALIVE
  100 #  endif
  101 #endif
  102 
  103 #ifndef SOL_TCP
  104 #  define SOL_TCP IPPROTO_TCP
  105 #endif
  106 
  107 /* Do we have SNI support? */
  108 #ifndef OPENSSL_NO_TLSEXT
  109 #  ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
  110 #    define OPENSSL_NO_TLSEXT
  111 #  endif
  112 #endif
  113 
  114 #ifndef HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB
  115 #  define SSL_CTX_get_default_passwd_cb(ctx) ((ctx)->default_passwd_callback)
  116 #endif
  117 
  118 #ifndef HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA
  119 #  define SSL_CTX_get_default_passwd_cb_userdata(ctx) \
  120     ((ctx)->default_passwd_callback_userdata)
  121 #endif
  122 
  123 #ifndef HAVE_X509_NAME_ENTRY_GET_DATA
  124 #  define X509_NAME_ENTRY_get_data(entry) ((entry)->value)
  125 #endif
  126 
  127 /* logging.c */
  128 extern FILE *logfile;
  129 extern struct stat logf_st;
  130 extern time_t logf_check_t;
  131 
  132 /* Globals */
  133 struct ev_loop *loop;
  134 hitch_config *CONFIG;
  135 
  136 /* Worker proc's read side of mgt->worker pipe(2) */
  137 static ev_io mgt_rd;
  138 
  139 struct backend {
  140     unsigned        magic;
  141 #define BACKEND_MAGIC 0x41c09397
  142     struct suckaddr     *backaddr;
  143     int             ref;
  144 };
  145 
  146 static struct backend *backaddr;
  147 static pid_t master_pid;
  148 static pid_t ocsp_proc_pid;
  149 static int core_id;
  150 static SSL_SESSION *client_session;
  151 
  152 /* The current number of active client connections. */
  153 static uint64_t n_conns;
  154 
  155 /* Current generation of worker processes. Bumped after a sighup prior
  156  * to launching new children. */
  157 static unsigned worker_gen;
  158 
  159 static volatile unsigned n_sighup;
  160 static volatile unsigned n_sigchld;
  161 
  162 enum worker_state_e {
  163     WORKER_ACTIVE,
  164     WORKER_EXITING
  165 };
  166 
  167 static enum worker_state_e worker_state;
  168 
  169 struct worker_proc {
  170     unsigned            magic;
  171 #define WORKER_PROC_MAGIC       0xbc7fe9e6
  172 
  173     /* Writer end of pipe(2) for mgt -> worker ipc */
  174     int             pfd;
  175     pid_t               pid;
  176     unsigned            gen;
  177     int             core_id;
  178     VTAILQ_ENTRY(worker_proc)   list;
  179 };
  180 
  181 VTAILQ_HEAD(worker_proc_head, worker_proc);
  182 static struct worker_proc_head worker_procs;
  183 struct sslctx_s;
  184 struct sni_name_s;
  185 
  186 struct listen_sock {
  187     unsigned        magic;
  188 #define LISTEN_SOCK_MAGIC   0xda96b2f6
  189     int         sock;
  190     char            *name;
  191     ev_io           listener;
  192     struct sockaddr_storage addr;
  193     VTAILQ_ENTRY(listen_sock)   list;
  194 };
  195 
  196 VTAILQ_HEAD(listen_sock_head, listen_sock);
  197 
  198 struct frontend {
  199     unsigned        magic;
  200 #define FRONTEND_MAGIC      0x5b04e577
  201     int         match_global_certs;
  202     int         sni_nomatch_abort;
  203     struct sni_name_s   *sni_names;
  204     struct sslctx_s     *ssl_ctxs;
  205     struct sslctx_s     *default_ctx;
  206     const struct front_arg  *arg;
  207     struct addrinfo     *addrs;
  208     struct listen_sock_head socks;
  209     VTAILQ_ENTRY(frontend)  list;
  210 };
  211 
  212 VTAILQ_HEAD(frontend_head, frontend);
  213 
  214 static struct frontend_head frontends;
  215 
  216 #ifdef USE_SHARED_CACHE
  217 static ev_io shcupd_listener;
  218 static int shcupd_socket;
  219 struct addrinfo *shcupd_peers[MAX_SHCUPD_PEERS+1];
  220 static unsigned char shared_secret[SHA_DIGEST_LENGTH];
  221 #endif /*USE_SHARED_CACHE*/
  222 
  223 
  224 int create_workers;
  225 static struct vpf_fh *pfh = NULL;
  226 
  227 /* What agent/state requests the shutdown--for proper half-closed
  228  * handling */
  229 typedef enum _SHUTDOWN_REQUESTOR {
  230     SHUTDOWN_HARD,
  231     SHUTDOWN_CLEAR,
  232     SHUTDOWN_SSL
  233 } SHUTDOWN_REQUESTOR;
  234 
  235 static const char *SHUTDOWN_STR[] = {
  236     [SHUTDOWN_HARD] = "SHUTDOWN_HARD",
  237     [SHUTDOWN_CLEAR] = "SHUTDOWN_CLEAR",
  238     [SHUTDOWN_SSL] = "SHUTDOWN_SSL",
  239 };
  240 
  241 #ifndef OPENSSL_NO_TLSEXT
  242 
  243 sni_name *sni_names;
  244 static sslctx *ssl_ctxs;
  245 static sslctx *default_ctx;
  246 
  247 static void insert_sni_names(sslctx *sc, sni_name **sn_tab);
  248 static int load_cert_ctx(sslctx *so);
  249 #endif /* OPENSSL_NO_TLSEXT */
  250 
  251 
  252 enum worker_update_type {
  253     WORKER_GEN,
  254     BACKEND_REFRESH
  255 };
  256 
  257 union worker_update_payload {
  258     unsigned        gen;
  259     struct sockaddr_storage addr;
  260 };
  261 
  262 struct worker_update {
  263     enum worker_update_type     type;
  264     union worker_update_payload     payload;
  265 };
  266 
  267 /* set a file descriptor (socket) to non-blocking mode */
  268 static int
  269 setnonblocking(int fd)
  270 {
  271     int flag = 1;
  272 
  273     if (ioctl(fd, FIONBIO, &flag) < 0) {
  274         assert (errno == ECONNRESET || errno == ENOTCONN);
  275         return (-1);
  276     }
  277 
  278     return (0);
  279 }
  280 
  281 
  282 /* set a tcp socket to use TCP Keepalive */
  283 static void
  284 settcpkeepalive(int fd)
  285 {
  286     int optval = 1;
  287     socklen_t optlen = sizeof(optval);
  288 
  289     if(setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &optval, optlen) < 0) {
  290         SOCKERR("Error activating SO_KEEPALIVE on client socket");
  291     }
  292 
  293 #ifdef TCP_KEEPIDLE
  294     optval = CONFIG->TCP_KEEPALIVE_TIME;
  295     optlen = sizeof(optval);
  296     if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) {
  297         SOCKERR("Error setting TCP_KEEPIDLE on client socket");
  298     }
  299 #endif
  300 }
  301 
  302 
  303 #ifndef OPENSSL_NO_DH
  304 static int
  305 init_dh(SSL_CTX *ctx, const char *cert)
  306 {
  307     DH *dh;
  308     BIO *bio;
  309 
  310     AN(cert);
  311 
  312     bio = BIO_new_file(cert, "r");
  313     if (!bio) {
  314         log_ssl_error(NULL, "{core} BIO_new_file");
  315         return (-1);
  316     }
  317 
  318     dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
  319     BIO_free(bio);
  320     if (!dh) {
  321         LOG("{core} Note: no DH parameters found in %s\n", cert);
  322         return (-1);
  323     }
  324 
  325     LOG("{core} Using DH parameters from %s\n", cert);
  326     if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
  327         DH_free(dh);
  328         log_ssl_error(NULL, "{core} Error setting temp DH params");
  329         return (-1);
  330     }
  331     LOG("{core} DH initialized with %d bit key\n", 8*DH_size(dh));
  332     DH_free(dh);
  333     return (0);
  334 }
  335 
  336 static int init_ecdh(SSL_CTX *ctx, const char *ecdh_curve) {
  337 #ifndef OPENSSL_NO_EC
  338     if (ecdh_curve == NULL || strcmp(ecdh_curve, "auto") == 0) {
  339         /* For openssl >= 1.1 'auto' is default on and this is
  340          * just a NOOP macro. */
  341         AN(SSL_CTX_set_ecdh_auto(ctx, 1));
  342     } else {
  343         /* For openssl >= 1.1 this should really be "groups"
  344          * instead of "curves", but we use the old name to
  345          * support openssl 1.0 as well */
  346         if (SSL_CTX_set1_curves_list(ctx,
  347             ecdh_curve) == 0) {
  348             log_ssl_error(NULL,
  349                 "{core} Configuring ecdh curves '%s' failed\n",
  350                 ecdh_curve);
  351         }
  352     }
  353     LOG("{core} ECDH Initialized\n");
  354 #else
  355     (void) ctx;
  356     (void) ecdh_curve;
  357 #endif /* OPENSSL_NO_EC */
  358     return (0);
  359 }
  360 #endif /* OPENSSL_NO_DH */
  361 
  362 /* This callback function is executed while OpenSSL processes the SSL
  363  * handshake and does SSL record layer stuff.  It's used to trap
  364  * client-initiated renegotiations.
  365  */
  366 static void
  367 info_callback(const SSL *ssl, int where, int ret)
  368 {
  369     proxystate *ps;
  370     (void)ret;
  371     if (where & SSL_CB_HANDSHAKE_START) {
  372         CAST_OBJ_NOTNULL(ps, SSL_get_app_data(ssl), PROXYSTATE_MAGIC);
  373         if (ps->handshaked) {
  374             ps->renegotiation = 1;
  375             LOG("{core} SSL renegotiation asked by client\n");
  376         }
  377     }
  378 }
  379 
  380 #ifdef OPENSSL_WITH_NPN
  381 static int npn_select_cb(SSL *ssl, const unsigned char **out,
  382     unsigned *outlen, void *arg) {
  383     proxystate *ps;
  384     (void)arg;
  385     CAST_OBJ_NOTNULL(ps, SSL_get_app_data(ssl), PROXYSTATE_MAGIC);
  386     ps->npn_alpn_tried = 1;
  387 
  388     LOG("{npn} Got NPN callback\n");
  389     *out = (unsigned char *) CONFIG->ALPN_PROTOS_LV;
  390     *outlen = CONFIG->ALPN_PROTOS_LV_LEN;
  391 
  392     return (SSL_TLSEXT_ERR_OK);
  393 }
  394 #endif
  395 
  396 #ifdef OPENSSL_WITH_ALPN
  397 static int alpn_select_cb(SSL *ssl,
  398     const unsigned char **out,
  399     unsigned char *outlen,
  400     const unsigned char *in,
  401     unsigned int inlen,
  402     void *arg)
  403 {
  404     int selected;
  405     proxystate *ps;
  406     (void)arg;
  407 
  408     CAST_OBJ_NOTNULL(ps, SSL_get_app_data(ssl), PROXYSTATE_MAGIC);
  409     ps->npn_alpn_tried = 1;
  410 
  411     selected = SSL_select_next_proto((unsigned char **)out, outlen,
  412         CONFIG->ALPN_PROTOS_LV, CONFIG->ALPN_PROTOS_LV_LEN, in, inlen);
  413     if (selected == OPENSSL_NPN_NEGOTIATED)
  414         return (SSL_TLSEXT_ERR_OK);
  415     else {
  416         assert(selected == OPENSSL_NPN_NO_OVERLAP);
  417         LOGPROXY(ps, "ALPN: no overlap in protocols.\n");
  418         /* Here it is possible to add logging of which protocols
  419            the client wanted */
  420         return (SSL_TLSEXT_ERR_NOACK);
  421     }
  422     return (SSL_TLSEXT_ERR_NOACK);
  423 }
  424 #endif
  425 
  426 #ifdef USE_SHARED_CACHE
  427 
  428 /* Handle incoming message updates */
  429 static void
  430 handle_shcupd(struct ev_loop *loop, ev_io *w, int revents)
  431 {
  432     (void)revents;
  433     unsigned char msg[SHSESS_MAX_ENCODED_LEN], hash[EVP_MAX_MD_SIZE];
  434     ssize_t r;
  435     unsigned int hash_len;
  436     uint32_t encdate;
  437     long now = (time_t)ev_now(loop);
  438 
  439     while ((r = recv(w->fd, msg, sizeof(msg), 0)) > 0) {
  440         /* msg len must be greater than 1 Byte of data + sig length */
  441         if (r < (int)(1+sizeof(shared_secret)))
  442             continue;
  443 
  444         /* compute sig */
  445         r -= sizeof(shared_secret);
  446         HMAC(EVP_sha1(), shared_secret, sizeof(shared_secret), msg,
  447             r, hash, &hash_len);
  448 
  449         if (hash_len != sizeof(shared_secret)) /* should never happen */
  450            continue;
  451 
  452         /* check sign */
  453         if (memcmp(msg+r, hash, hash_len))
  454             continue;
  455 
  456         /* msg len must be greater than 1 Byte of data +
  457          * encdate length */
  458         if (r < (int)(1+sizeof(uint32_t)))
  459             continue;
  460 
  461         /* drop too unsync updates */
  462         r -= sizeof(uint32_t);
  463         encdate = *((uint32_t *)&msg[r]);
  464         assert(now >= ntohl(encdate));
  465         if ((now - ntohl(encdate)) >=
  466             SSL_CTX_get_timeout(default_ctx->ctx))
  467             continue;
  468 
  469         shctx_sess_add(msg, r, now);
  470     }
  471 }
  472 
  473 /* Send remote updates messages callback */
  474 void
  475 shcupd_session_new(unsigned char *msg, unsigned int len, long cdate)
  476 {
  477     unsigned int hash_len;
  478     struct addrinfo **pai = shcupd_peers;
  479     uint32_t ncdate;
  480 
  481     /* add session creation encoded date to footer */
  482     ncdate = htonl((uint32_t)cdate);
  483     memcpy(msg+len, &ncdate, sizeof(ncdate));
  484     len += sizeof(ncdate);
  485 
  486     /* add msg sign */
  487     HMAC(EVP_sha1(), shared_secret, sizeof(shared_secret),
  488         msg, len, msg+len, &hash_len);
  489     len += hash_len;
  490 
  491     /* send msg to peers */
  492     while (*pai) {
  493         sendto(shcupd_socket, msg, len, 0, (*pai)->ai_addr,
  494             (*pai)->ai_addrlen);
  495         pai++;
  496     }
  497 }
  498 
  499 /* Compute a sha1 secret from an ASN1 rsa private key */
  500 static int
  501 compute_secret(RSA *rsa, unsigned char *secret)
  502 {
  503     unsigned char *buf, *p;
  504     unsigned int length;
  505 
  506     length = i2d_RSAPrivateKey(rsa, NULL);
  507     if (length <= 0)
  508         return (-1);
  509 
  510     p = buf = (unsigned char *)malloc(length*sizeof(unsigned char));
  511     if (!buf)
  512         return (-1);
  513 
  514     i2d_RSAPrivateKey(rsa,&p);
  515     SHA1(buf, length, secret);
  516     free(buf);
  517     return (0);
  518 }
  519 
  520 /* Create udp socket to receive and send updates */
  521 static int
  522 create_shcupd_socket()
  523 {
  524     struct addrinfo *ai, hints;
  525     struct addrinfo **pai = shcupd_peers;
  526     memset(&hints, 0, sizeof hints);
  527     hints.ai_family = AF_UNSPEC;
  528     hints.ai_socktype = SOCK_DGRAM;
  529     hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
  530     const int gai_err = getaddrinfo(CONFIG->SHCUPD_IP,
  531         CONFIG->SHCUPD_PORT, &hints, &ai);
  532     if (gai_err != 0) {
  533         ERR("{getaddrinfo}: %s\n", gai_strerror(gai_err));
  534         exit(1);
  535     }
  536 
  537     /* check if peers inet family addresses match */
  538     while (*pai) {
  539         if ((*pai)->ai_family != ai->ai_family) {
  540             ERR("Share host and peers inet family differs\n");
  541             exit(1);
  542         }
  543         pai++;
  544     }
  545 
  546     int s = socket(ai->ai_family, SOCK_DGRAM, IPPROTO_UDP);
  547 
  548     if (s == -1)
  549         fail("{socket: shared cache updates}");
  550 
  551     int t = 1;
  552     (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &t, sizeof(int));
  553 #ifdef SO_REUSEPORT_WORKS
  554     (void)setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &t, sizeof(int));
  555 #endif
  556 
  557     if (setnonblocking(s) < 0)
  558         fail("{shared cache: setnonblocking}");
  559 
  560     if (ai->ai_addr->sa_family == AF_INET) {
  561         struct ip_mreqn mreqn;
  562 
  563         memset(&mreqn, 0, sizeof(mreqn));
  564         mreqn.imr_multiaddr.s_addr =
  565             ((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr;
  566 
  567         if (CONFIG->SHCUPD_MCASTIF) {
  568             if (isalpha(*CONFIG->SHCUPD_MCASTIF)) {
  569                 /* appears to be an iface name */
  570                 struct ifreq ifr;
  571                 memset(&ifr, 0, sizeof(ifr));
  572                 if (strlen(CONFIG->SHCUPD_MCASTIF) > IFNAMSIZ) {
  573                     ERR("Error iface name is too "
  574                         "long [%s]\n",
  575                         CONFIG->SHCUPD_MCASTIF);
  576                     exit(1);
  577                 }
  578 
  579                 memcpy(ifr.ifr_name, CONFIG->SHCUPD_MCASTIF,
  580                     strlen(CONFIG->SHCUPD_MCASTIF));
  581                 if (ioctl(s, SIOCGIFINDEX, &ifr)) {
  582                     fail("{ioctl: SIOCGIFINDEX}");
  583                 }
  584 
  585                 /* XXX: better use autoconf to detect those */
  586 #ifdef __FreeBSD__
  587                 mreqn.imr_ifindex = ifr.ifr_ifru.ifru_index;
  588 #else
  589                 mreqn.imr_ifindex = ifr.ifr_ifindex;
  590 #endif
  591             } else if (strchr(CONFIG->SHCUPD_MCASTIF,'.')) {
  592                 /* appears to be an ipv4 address */
  593                 mreqn.imr_address.s_addr =
  594                     inet_addr(CONFIG->SHCUPD_MCASTIF);
  595             } else {
  596                 /* appears to be an iface index */
  597                 mreqn.imr_ifindex =
  598                     atoi(CONFIG->SHCUPD_MCASTIF);
  599             }
  600         }
  601 
  602         if (setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP,
  603             &mreqn, sizeof(mreqn)) < 0) {
  604             if (errno != EINVAL) {
  605                 /* EINVAL if it is not a multicast address,
  606                  * not an error we consider unicast */
  607                 fail("{setsockopt: IP_ADD_MEMBERSIP}");
  608             }
  609         } else { /* this is a multicast address */
  610             unsigned char loop = 0;
  611             if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP,
  612                 &loop, sizeof(loop)) < 0) {
  613                 fail("{setsockopt: IP_MULTICAST_LOOP}");
  614             }
  615         }
  616 
  617         /* optional set sockopts for sending to multicast msg */
  618         if (CONFIG->SHCUPD_MCASTIF &&
  619             setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF,
  620             &mreqn, sizeof(mreqn)) < 0) {
  621             fail("{setsockopt: IP_MULTICAST_IF}");
  622         }
  623 
  624         if (CONFIG->SHCUPD_MCASTTTL) {
  625             unsigned char ttl;
  626 
  627             ttl = (unsigned char)atoi(CONFIG->SHCUPD_MCASTTTL);
  628             if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL,
  629                 &ttl, sizeof(ttl)) < 0) {
  630                 fail("{setsockopt: IP_MULTICAST_TTL}");
  631             }
  632         }
  633      }
  634 #ifdef IPV6_ADD_MEMBERSHIP
  635      else if (ai->ai_addr->sa_family == AF_INET6) {
  636         struct ipv6_mreq mreq;
  637 
  638         memset(&mreq, 0, sizeof(mreq));
  639         memcpy(&mreq.ipv6mr_multiaddr,
  640             &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
  641             sizeof(mreq.ipv6mr_multiaddr));
  642 
  643         if (CONFIG->SHCUPD_MCASTIF) {
  644             if (isalpha(*CONFIG->SHCUPD_MCASTIF)) {
  645                 /* appears to be an iface name */
  646                 struct ifreq ifr;
  647 
  648                 memset(&ifr, 0, sizeof(ifr));
  649                 if (strlen(CONFIG->SHCUPD_MCASTIF) > IFNAMSIZ) {
  650                     ERR("Error iface name is too "
  651                         "long [%s]\n",
  652                         CONFIG->SHCUPD_MCASTIF);
  653                     exit(1);
  654                 }
  655 
  656                 memcpy(ifr.ifr_name, CONFIG->SHCUPD_MCASTIF,
  657                     strlen(CONFIG->SHCUPD_MCASTIF));
  658 
  659                 if (ioctl(s, SIOCGIFINDEX, &ifr))
  660                     fail("{ioctl: SIOCGIFINDEX}");
  661 
  662                 mreq.ipv6mr_interface = ifr.ifr_ifindex;
  663             } else { /* option appears to be an iface index */
  664                 mreq.ipv6mr_interface =
  665                     atoi(CONFIG->SHCUPD_MCASTIF);
  666             }
  667         }
  668 
  669         if (setsockopt(s, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP,
  670             &mreq, sizeof(mreq)) < 0) {
  671             if (errno != EINVAL) {
  672                 /* EINVAL if it is not a multicast address,
  673                  * not an error we consider unicast */
  674                 fail("{setsockopt: IPV6_ADD_MEMBERSIP}");
  675             }
  676         } else { /* this is a multicast address */
  677             unsigned int loop = 0;
  678             if (setsockopt(s, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
  679                 &loop, sizeof(loop)) < 0) {
  680                 fail("{setsockopt: IPV6_MULTICAST_LOOP}");
  681             }
  682         }
  683         /* optional set sockopts for sending to multicast msg */
  684         if (setsockopt(s, IPPROTO_IPV6, IPV6_MULTICAST_IF,
  685             &mreq.ipv6mr_interface,
  686             sizeof(mreq.ipv6mr_interface)) < 0) {
  687             fail("{setsockopt: IPV6_MULTICAST_IF}");
  688         }
  689 
  690         if (CONFIG->SHCUPD_MCASTTTL) {
  691             int hops;
  692 
  693             hops = atoi(CONFIG->SHCUPD_MCASTTTL);
  694             if (setsockopt(s, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
  695                 &hops, sizeof(hops)) < 0) {
  696                 fail("{setsockopt: IPV6_MULTICAST_HOPS}");
  697             }
  698         }
  699     }
  700 #endif /* IPV6_ADD_MEMBERSHIP */
  701 
  702     if (bind(s, ai->ai_addr, ai->ai_addrlen)) {
  703         fail("{bind-socket}");
  704     }
  705 
  706     freeaddrinfo(ai);
  707     return (s);
  708 }
  709 
  710 #endif /*USE_SHARED_CACHE */
  711 
  712 EVP_PKEY *
  713 load_privatekey(SSL_CTX *ctx, const char *file)
  714 {
  715     BIO *bio;
  716     EVP_PKEY *pkey;
  717 
  718     bio = BIO_new_file(file, "r");
  719     if (!bio) {
  720         log_ssl_error(NULL, "{core} BIO_new_file");
  721         return (NULL);
  722     }
  723 
  724     pkey = PEM_read_bio_PrivateKey(bio, NULL,
  725         SSL_CTX_get_default_passwd_cb(ctx),
  726         SSL_CTX_get_default_passwd_cb_userdata(ctx));
  727     BIO_free(bio);
  728 
  729     if (!pkey) {
  730         log_ssl_error(NULL, "{core} PEM_read_bio_PrivateKey");
  731         return (NULL);
  732     }
  733 
  734     return (pkey);
  735 }
  736 
  737 #ifndef OPENSSL_NO_TLSEXT
  738 static int
  739 sni_match(const sni_name *sn, const char *srvname)
  740 {
  741     if (!sn->is_wildcard)
  742         return (strcasecmp(srvname, sn->sni_key) == 0);
  743     else {
  744         char *s = strchr(srvname, '.');
  745         if (s == NULL)
  746             return (0);
  747         return (strcasecmp(s, sn->sni_key + 1) == 0);
  748     }
  749 }
  750 
  751 static const sslctx *
  752 sni_lookup(const char *sni_key, const sni_name *sn_tab)
  753 {
  754     const sni_name *sn;
  755 
  756     AN(sni_key);
  757     CHECK_OBJ_NOTNULL(sn_tab, SNI_NAME_MAGIC);
  758 
  759     HASH_FIND_STR(sn_tab, sni_key, sn);
  760     if (sn == NULL) {
  761         char *s;
  762         /* attempt another lookup for wildcard matches */
  763         s = strchr(sni_key, '.');
  764         if (s != NULL)
  765             HASH_FIND_STR(sn_tab, s, sn);
  766     }
  767 
  768     if (sn != NULL) {
  769         CHECK_OBJ_NOTNULL(sn, SNI_NAME_MAGIC);
  770         if (sni_match(sn, sni_key))
  771             return (sn->sctx);
  772     }
  773 
  774     return (NULL);
  775 }
  776 
  777 static int
  778 sni_try_lookup(SSL *ssl, const char *sni_key, const struct sni_name_s *sn_tab)
  779 {
  780     const sslctx *sc;
  781 
  782     AN(ssl);
  783     AN(sni_key);
  784     CHECK_OBJ_NOTNULL(sn_tab, SNI_NAME_MAGIC);
  785 
  786     sc = sni_lookup(sni_key, sn_tab);
  787     if (sc == NULL)
  788         return (0);
  789 
  790     CHECK_OBJ(sc, SSLCTX_MAGIC);
  791     SSL_set_SSL_CTX(ssl, sc->ctx);
  792     return (1);
  793 }
  794 
  795 char *
  796 sni_build_key(const char *servername)
  797 {
  798     char *key, *c;
  799 
  800     if (servername == NULL)
  801         return (NULL);
  802 
  803     AN(servername);
  804     key = strdup(servername);
  805 
  806     for (c = key; *c != '\0'; c++)
  807         *c = tolower(*c);
  808     return (key);
  809 }
  810 
  811 /*
  812  * Switch the context of the current SSL object to the most appropriate one
  813  * based on the SNI header
  814  */
  815 static int
  816 sni_switch_ctx(SSL *ssl, int *al, void *data)
  817 {
  818     const struct frontend *fr = NULL;
  819     const char *servername;
  820     char *sni_key;
  821     int lookup_global = 1;
  822     int sni_nomatch_abort = CONFIG->SNI_NOMATCH_ABORT;
  823 
  824     AN(ssl);
  825     (void)al;
  826     if (data != NULL)
  827         CAST_OBJ_NOTNULL(fr, data, FRONTEND_MAGIC);
  828 
  829     servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
  830     if (servername == NULL)
  831         return (SSL_TLSEXT_ERR_NOACK);
  832 
  833     sni_key = sni_build_key(servername);
  834     AN(sni_key);
  835 
  836     if (fr != NULL) {
  837         if (sni_try_lookup(ssl, sni_key, fr->sni_names)) {
  838             free(sni_key);
  839             return (SSL_TLSEXT_ERR_OK);
  840         }
  841         lookup_global = fr->match_global_certs;
  842         if (fr->sni_nomatch_abort != -1)
  843             sni_nomatch_abort = fr->sni_nomatch_abort;
  844     }
  845 
  846     if (lookup_global && sni_try_lookup(ssl, sni_key, sni_names)) {
  847         free(sni_key);
  848         return (SSL_TLSEXT_ERR_OK);
  849     }
  850 
  851     free(sni_key);
  852 
  853     /* No matching certs */
  854     if (sni_nomatch_abort)
  855         return (SSL_TLSEXT_ERR_ALERT_FATAL);
  856     else
  857         return (SSL_TLSEXT_ERR_NOACK);
  858 }
  859 #endif /* OPENSSL_NO_TLSEXT */
  860 
  861 static void
  862 sctx_free(sslctx *sc, sni_name **sn_tab)
  863 {
  864     sni_name *sn, *sntmp;
  865 
  866     if (sc == NULL)
  867         return;
  868 
  869     HOCSP_free(&sc->staple);
  870 
  871     if (sn_tab != NULL)
  872         CHECK_OBJ_NOTNULL(*sn_tab, SNI_NAME_MAGIC);
  873 
  874     CHECK_OBJ_NOTNULL(sc, SSLCTX_MAGIC);
  875     VTAILQ_FOREACH_SAFE(sn, &sc->sni_list, list, sntmp) {
  876         CHECK_OBJ_NOTNULL(sn, SNI_NAME_MAGIC);
  877         VTAILQ_REMOVE(&sc->sni_list, sn, list);
  878         if (sn_tab != NULL)
  879             HASH_DEL(*sn_tab, sn);
  880         free(sn->servername);
  881         free(sn->sni_key);
  882         FREE_OBJ(sn);
  883     }
  884 
  885     free(sc->filename);
  886     SSL_CTX_free(sc->ctx);
  887     FREE_OBJ(sc);
  888 }
  889 
  890 X509 *
  891 Find_issuer(X509 *subj, STACK_OF(X509) *chain)
  892 {
  893        int i;
  894        X509 *x;
  895 
  896        AN(subj);
  897 
  898        for (i = 0; i < sk_X509_num(chain); i++) {
  899                x = sk_X509_value(chain, i);
  900                if (X509_check_issued(x, subj) == X509_V_OK)
  901                        return (x);
  902        }
  903 
  904        /* todo: look in cert store?  */
  905 
  906        return (NULL);
  907 }
  908 
  909 static int
  910 client_vfy_cb(int preverify_ok, X509_STORE_CTX *storectx)
  911 {
  912     proxystate *ps;
  913     SSL *ssl;
  914 
  915     ssl = X509_STORE_CTX_get_ex_data(storectx,
  916         SSL_get_ex_data_X509_STORE_CTX_idx());
  917     CAST_OBJ_NOTNULL(ps, SSL_get_app_data(ssl), PROXYSTATE_MAGIC);
  918     if (preverify_ok)
  919         ps->client_cert_conn = 1;
  920 
  921     return (preverify_ok);
  922 }
  923 
  924 static int
  925 client_vfy_init(SSL_CTX *ctx, int flags, const char *cafile)
  926 {
  927     X509_STORE *vfy;
  928     STACK_OF(X509_OBJECT) *objs;
  929     X509_OBJECT *o;
  930     X509 *crt;
  931     int i;
  932 
  933     AN(cafile);
  934     assert(flags != SSL_VERIFY_NONE);
  935     AN(flags & SSL_VERIFY_PEER);
  936 
  937     vfy = X509_STORE_new();
  938     if (!vfy) {
  939         log_ssl_error(NULL, "X509_STORE_new: allocation failed");
  940         return (1);
  941     }
  942     if (X509_STORE_load_locations(vfy, cafile, NULL) == 0) {
  943         log_ssl_error(NULL, "client_verify_ca: unable to "
  944             "load file '%s'",
  945             cafile);
  946         X509_STORE_free(vfy);
  947         return (1);
  948     }
  949 
  950     SSL_CTX_set1_verify_cert_store(ctx, vfy);
  951 
  952 #ifdef HAVE_X509_STORE_GET0_OBJECTS
  953     objs = X509_STORE_get0_objects(vfy);
  954 #else
  955     objs = vfy->objs;
  956 #endif
  957     for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
  958         o = sk_X509_OBJECT_value(objs, i);
  959 #ifdef HAVE_X509_OBJECT_GET0_X509
  960         crt = X509_OBJECT_get0_X509(o);
  961 #else
  962         crt = o->data.x509;
  963 #endif
  964         if (crt != NULL) {
  965             /* SSL_CTX_add_client_CA makes a copy of the
  966              * subject name, so the X509_STORE_free below
  967              * is safe. */
  968             SSL_CTX_add_client_CA(ctx, crt);
  969         }
  970     }
  971 
  972     SSL_CTX_set_verify(ctx, flags, client_vfy_cb);
  973 
  974     X509_STORE_free(vfy);
  975     return (0);
  976 }
  977 
  978 /* Initialize an SSL context */
  979 static sslctx *
  980 make_ctx_fr(const struct cfg_cert_file *cf, const struct frontend *fr,
  981     const struct front_arg *fa)
  982 {
  983     SSL_CTX *ctx;
  984     sslctx *sc;
  985     EVP_PKEY *pkey;
  986     int selected_protos = CONFIG->SELECTED_TLS_PROTOS;
  987     char *ciphers = CONFIG->CIPHERS_TLSv12;
  988     char *ciphersuites = CONFIG->CIPHERSUITES_TLSv13;
  989     int pref_srv_ciphers = CONFIG->PREFER_SERVER_CIPHERS;
  990     int client_verify = CONFIG->CLIENT_VERIFY;
  991 
  992     if (fa != NULL) {
  993         CHECK_OBJ_NOTNULL(fa, FRONT_ARG_MAGIC);
  994         if (fa->selected_protos != 0)
  995             selected_protos = fa->selected_protos;
  996         if (fa->ciphers_tlsv12 != NULL)
  997             ciphers = fa->ciphers_tlsv12;
  998         if (fa->prefer_server_ciphers != -1)
  999             pref_srv_ciphers = fa->prefer_server_ciphers;
 1000         if (fa->ciphersuites_tlsv13)
 1001             ciphersuites = fa->ciphersuites_tlsv13;
 1002         if (fa->client_verify != -1)
 1003             client_verify = fa->client_verify;
 1004     }
 1005 
 1006     long ssloptions = SSL_OP_NO_SSLv2 | SSL_OP_ALL |
 1007         SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
 1008 
 1009 #ifdef SSL_OP_NO_COMPRESSION
 1010     ssloptions |= SSL_OP_NO_COMPRESSION;
 1011 #endif
 1012 #ifdef SSL_OP_SINGLE_DH_USE
 1013     ssloptions |= SSL_OP_SINGLE_DH_USE;
 1014 #endif
 1015 #ifdef SSL_OP_SINGLE_ECDH_USE
 1016     ssloptions |= SSL_OP_SINGLE_ECDH_USE;
 1017 #endif
 1018     if (!(selected_protos & SSLv3_PROTO))
 1019         ssloptions |= SSL_OP_NO_SSLv3;
 1020     if (!(selected_protos & TLSv1_0_PROTO))
 1021         ssloptions |= SSL_OP_NO_TLSv1;
 1022     if (!(selected_protos & TLSv1_1_PROTO))
 1023         ssloptions |= SSL_OP_NO_TLSv1_1;
 1024     if (!(selected_protos & TLSv1_2_PROTO))
 1025         ssloptions |= SSL_OP_NO_TLSv1_2;
 1026 #ifdef SSL_OP_NO_TLSv1_3
 1027     if (!(selected_protos & TLSv1_3_PROTO))
 1028         ssloptions |= SSL_OP_NO_TLSv1_3;
 1029 #endif
 1030     ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
 1031         SSLv23_client_method() : SSLv23_server_method());
 1032 
 1033     SSL_CTX_set_options(ctx, ssloptions);
 1034     SSL_CTX_set_info_callback(ctx, info_callback);
 1035 #ifdef OPENSSL_WITH_ALPN
 1036     if (CONFIG->ALPN_PROTOS != NULL)
 1037         SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb, NULL);
 1038 #endif
 1039 #ifdef OPENSSL_WITH_NPN
 1040     if (CONFIG->ALPN_PROTOS != NULL)
 1041         SSL_CTX_set_next_protos_advertised_cb(ctx, npn_select_cb, NULL);
 1042 #endif
 1043 
 1044     if (ciphers != NULL) {
 1045         if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {
 1046             log_ssl_error(NULL, "{core} SSL_CTX_set_cipher_list");
 1047             return (NULL);
 1048         }
 1049     }
 1050 
 1051 #if HAVE_TLS_1_3
 1052     if (ciphersuites != NULL) {
 1053         if (SSL_CTX_set_ciphersuites(ctx, ciphersuites) != 1) {
 1054             log_ssl_error(NULL, "{core} SSL_CTX_set_ciphersuites");
 1055             return (NULL);
 1056         }
 1057     }
 1058 #else
 1059     (void) ciphersuites;
 1060 #endif
 1061     if (client_verify != SSL_VERIFY_NONE) {
 1062         const char *ca = CONFIG->CLIENT_VERIFY_CA;
 1063         if (fa && fa->client_verify_ca)
 1064             ca = fa->client_verify_ca;
 1065         AN(ca);
 1066         if (client_vfy_init(ctx, client_verify, ca))
 1067             return (NULL);
 1068     }
 1069 
 1070     if (pref_srv_ciphers)
 1071         SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 1072 
 1073     AN(SSL_CTX_set_session_id_context(ctx, (const unsigned char *) "hitch",
 1074         strlen("hitch")));
 1075 
 1076     ALLOC_OBJ(sc, SSLCTX_MAGIC);
 1077     AN(sc);
 1078     sc->filename = strdup(cf->filename);
 1079     sc->mtim = cf->mtim;
 1080     sc->ctx = ctx;
 1081     sc->staple_vfy = cf->ocsp_vfy;
 1082     VTAILQ_INIT(&sc->sni_list);
 1083 
 1084     if (sc->staple_vfy > 0 ||
 1085         (sc-> staple_vfy < 0 && CONFIG->OCSP_VFY))
 1086         AN(SSL_CTX_set_default_verify_paths(ctx));
 1087 
 1088     if (CONFIG->PMODE == SSL_CLIENT)
 1089         return (sc);
 1090 
 1091     /* SSL_SERVER Mode stuff */
 1092     if (SSL_CTX_use_certificate_chain_file(ctx, cf->filename) <= 0) {
 1093         log_ssl_error(NULL,
 1094             "Error loading certificate file %s\n", cf->filename);
 1095         sctx_free(sc, NULL);
 1096         return (NULL);
 1097     }
 1098 
 1099     pkey = 0;
 1100     if (cf->priv_key_filename != 0) {
 1101         pkey = load_privatekey(ctx, cf->priv_key_filename);
 1102         if (!pkey) {
 1103             ERR("Error loading private key (%s)\n",
 1104                 cf->priv_key_filename);
 1105             sctx_free(sc, NULL);
 1106             return (NULL);
 1107         }
 1108     }
 1109     if (!pkey) {
 1110         pkey = load_privatekey(ctx, cf->filename);
 1111         if (!pkey) {
 1112             ERR("Error loading private key (%s)\n", cf->filename);
 1113             sctx_free(sc, NULL);
 1114             return (NULL);
 1115         }
 1116     }
 1117 
 1118     if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) {
 1119         log_ssl_error(NULL, "SSL_CTX_use_PrivateKey: %s",
 1120             cf->filename);
 1121         EVP_PKEY_free(pkey);
 1122         sctx_free(sc, NULL);
 1123         return (NULL);
 1124     }
 1125 
 1126 #ifndef OPENSSL_NO_DH
 1127     init_dh(ctx, cf->filename);
 1128     init_ecdh(ctx, CONFIG->ECDH_CURVE);
 1129 #endif /* OPENSSL_NO_DH */
 1130 
 1131 #ifndef OPENSSL_NO_TLSEXT
 1132     if (!SSL_CTX_set_tlsext_servername_callback(ctx, sni_switch_ctx)) {
 1133         ERR("Error setting up SNI support.\n");
 1134     }
 1135     CHECK_OBJ_ORNULL(fr, FRONTEND_MAGIC);
 1136     if (!SSL_CTX_set_tlsext_servername_arg(ctx, (void *)fr)) {
 1137         ERR("Error setting SNI servername arg.\n");
 1138     }
 1139 
 1140     if (load_cert_ctx(sc) != 0) {
 1141         EVP_PKEY_free(pkey);
 1142         sctx_free(sc, NULL);
 1143         return (NULL);
 1144     }
 1145 
 1146     if (CONFIG->OCSP_DIR) {
 1147         char *fn = HOCSP_fn(sc->filename);
 1148         /* attempt loading of cached ocsp staple */
 1149         if (fn != NULL) {
 1150             if (HOCSP_init_file(fn, sc, 1) == 0) {
 1151                 LOG("{core} Loaded cached OCSP staple "
 1152                     "for cert '%s'\n", sc->filename);
 1153                 sc->staple_fn = fn;
 1154             }
 1155             else {
 1156                 free(fn);
 1157             }
 1158         }
 1159     }
 1160 
 1161     if (sc->staple == NULL && cf->ocspfn != NULL) {
 1162         if (HOCSP_init_file(cf->ocspfn, sc, 0) != 0) {
 1163             ERR("Error loading OCSP response %s for stapling.\n",
 1164                 cf->ocspfn);
 1165             EVP_PKEY_free(pkey);
 1166             sctx_free(sc, NULL);
 1167             return (NULL);
 1168         } else {
 1169             LOG("{core} Loaded OCSP staple '%s'\n", cf->ocspfn);
 1170             sc->staple_fn = strdup(cf->ocspfn);
 1171             sc->staple->mtim = cf->ocsp_mtim;
 1172         }
 1173     }
 1174 
 1175     if (CONFIG->OCSP_DIR != NULL)
 1176         HOCSP_ev_stat(sc);
 1177 
 1178 #endif /* OPENSSL_NO_TLSEXT */
 1179 
 1180 #ifdef USE_SHARED_CACHE
 1181     if (CONFIG->SHARED_CACHE) {
 1182         if (shared_context_init(ctx, CONFIG->SHARED_CACHE) < 0) {
 1183             ERR("Unable to alloc memory for shared cache.\n");
 1184             EVP_PKEY_free(pkey);
 1185             sctx_free(sc, NULL);
 1186             return (NULL);
 1187         }
 1188         if (CONFIG->SHCUPD_PORT) {
 1189             RSA *rsa;
 1190             rsa = EVP_PKEY_get1_RSA(pkey);
 1191             if (rsa != NULL &&
 1192                 compute_secret(rsa, shared_secret) < 0) {
 1193                 ERR("Unable to compute shared secret.\n");
 1194                 EVP_PKEY_free(pkey);
 1195                 sctx_free(sc, NULL);
 1196                 return (NULL);
 1197             }
 1198 
 1199             /* Force TLS tickets because keys differs. */
 1200             SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
 1201 
 1202             if (*shcupd_peers) {
 1203                 shsess_set_new_cbk(shcupd_session_new);
 1204             }
 1205         }
 1206     }
 1207 #endif
 1208     EVP_PKEY_free(pkey);
 1209     return (sc);
 1210 }
 1211 
 1212 static void
 1213 insert_sni_names(sslctx *sc, sni_name **sn_tab)
 1214 {
 1215     sni_name *sn, *sn2;
 1216     char *key;
 1217     CHECK_OBJ_NOTNULL(sc, SSLCTX_MAGIC);
 1218 
 1219     VTAILQ_FOREACH(sn, &sc->sni_list, list) {
 1220         CHECK_OBJ_NOTNULL(sn, SNI_NAME_MAGIC);
 1221         key = sn->sni_key;
 1222         AN(key);
 1223         if (sn->is_wildcard)
 1224             key = sn->sni_key + 1;
 1225         HASH_FIND_STR(*sn_tab, key, sn2);
 1226         if (sn2 != NULL) {
 1227             ERR("Warning: SNI name '%s' from '%s' overridden"
 1228                 " by '%s'\n",
 1229                 key, sn2->sctx->filename, sn->sctx->filename);
 1230         }
 1231         HASH_ADD_KEYPTR(hh, *sn_tab, key, strlen(key), sn);
 1232     }
 1233 }
 1234 
 1235 static sslctx *
 1236 make_ctx(const struct cfg_cert_file *cf)
 1237 {
 1238     return (make_ctx_fr(cf, NULL, NULL));
 1239 }
 1240 #ifndef OPENSSL_NO_TLSEXT
 1241 static int
 1242 load_cert_ctx(sslctx *so)
 1243 {
 1244     X509 *x509;
 1245     X509_NAME *x509_name;
 1246     X509_NAME_ENTRY *x509_entry;
 1247     BIO *f;
 1248     STACK_OF(GENERAL_NAME) *names = NULL;
 1249     GENERAL_NAME *name;
 1250     int i;
 1251 
 1252 #define PUSH_CTX(asn1_str, ctx)                     \
 1253     do {                                \
 1254         sni_name *sn;                       \
 1255         ALLOC_OBJ(sn, SNI_NAME_MAGIC);              \
 1256         ASN1_STRING_to_UTF8(                    \
 1257             (unsigned char **)&sn->servername, asn1_str);   \
 1258         sn->is_wildcard =                   \
 1259             (strstr(sn->servername, "*.") == sn->servername);   \
 1260         sn->sni_key = sni_build_key(sn->servername);        \
 1261         sn->sctx = so;                      \
 1262         VTAILQ_INSERT_TAIL(&so->sni_list, sn, list);        \
 1263     } while (0)
 1264 
 1265     f = BIO_new(BIO_s_file());
 1266     // TODO: error checking
 1267 
 1268     if (!BIO_read_filename(f, so->filename)) {
 1269         ERR("Could not read certificate '%s'\n", so->filename);
 1270         return (1);
 1271     }
 1272     x509 = PEM_read_bio_X509_AUX(f, NULL, NULL, NULL);
 1273     BIO_free(f);
 1274 
 1275     so->x509 = x509;
 1276 
 1277     /* First, look for Subject Alternative Names. */
 1278     names = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
 1279     for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
 1280         name = sk_GENERAL_NAME_value(names, i);
 1281         if (name->type == GEN_DNS) {
 1282             PUSH_CTX(name->d.dNSName, ctx);
 1283         }
 1284     }
 1285     if (sk_GENERAL_NAME_num(names) > 0) {
 1286         sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
 1287         /* If we found some, don't bother looking any further. */
 1288         return (0);
 1289     } else if (names != NULL) {
 1290         sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
 1291     }
 1292 
 1293     /* Now we're left looking at the CN on the cert. */
 1294     x509_name = X509_get_subject_name(x509);
 1295     i = X509_NAME_get_index_by_NID(x509_name, NID_commonName, -1);
 1296     if (i < 0) {
 1297         ERR("Could not find Subject Alternative Names"
 1298             " or a CN on cert %s\n", so->filename);
 1299         return (1);
 1300     }
 1301     x509_entry = X509_NAME_get_entry(x509_name, i);
 1302     AN(x509_entry);
 1303     PUSH_CTX(X509_NAME_ENTRY_get_data(x509_entry), ctx);
 1304 
 1305     return (0);
 1306 }
 1307 #endif /* OPENSSL_NO_TLSEXT */
 1308 
 1309 /* Check that we don't needlessly load a cert that's already loaded. */
 1310 static sslctx *
 1311 find_ctx(const char *file)
 1312 {
 1313     sslctx *so;
 1314     HASH_FIND_STR(ssl_ctxs, file, so);
 1315     return (so);
 1316 }
 1317 
 1318 /* Init library and load specified certificate.
 1319  * Establishes a SSL_ctx, to act as a template for
 1320  * each connection */
 1321 void
 1322 init_openssl(void)
 1323 {
 1324     SSL_library_init();
 1325     SSL_load_error_strings();
 1326     OpenSSL_add_all_digests();
 1327 
 1328     if (CONFIG->ENGINE) {
 1329         ENGINE *e = NULL;
 1330         ENGINE_load_builtin_engines();
 1331         HSSL_Locks_Init();
 1332         if (!strcmp(CONFIG->ENGINE, "auto"))
 1333             ENGINE_register_all_complete();
 1334         else {
 1335             if ((e = ENGINE_by_id(CONFIG->ENGINE)) == NULL ||
 1336                 !ENGINE_init(e) ||
 1337                 !ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 1338                 log_ssl_error(NULL,
 1339                     "{core} ENGINE initialization failed");
 1340                 exit(1);
 1341             }
 1342             LOG("{core} will use OpenSSL engine %s.\n",
 1343                 ENGINE_get_id(e));
 1344             ENGINE_finish(e);
 1345             ENGINE_free(e);
 1346         }
 1347     }
 1348 }
 1349 
 1350 static void
 1351 init_certs(void) {
 1352     struct cfg_cert_file *cf, *cftmp;
 1353     sslctx *so;
 1354 
 1355     if (CONFIG->CERT_DEFAULT != NULL) {
 1356         default_ctx = make_ctx(CONFIG->CERT_DEFAULT);
 1357         if (default_ctx == NULL)
 1358             exit(1);
 1359 #ifndef OPENSSL_NO_TLSEXT
 1360         insert_sni_names(default_ctx, &sni_names);
 1361 #endif
 1362     }
 1363 
 1364     // Go through the list of PEMs and make some SSL contexts for
 1365     // them. We also keep track of the names associated with each
 1366     // cert so we can do SNI on them later
 1367     HASH_ITER(hh, CONFIG->CERT_FILES, cf, cftmp) {
 1368         if (find_ctx(cf->filename) == NULL) {
 1369             so = make_ctx(cf);
 1370             if (so == NULL)
 1371                 exit(1);
 1372             HASH_ADD_KEYPTR(hh, ssl_ctxs, so->filename,
 1373                 strlen(so->filename), so);
 1374 #ifndef OPENSSL_NO_TLSEXT
 1375             insert_sni_names(so, &sni_names);
 1376 #endif
 1377         }
 1378     }
 1379 }
 1380 
 1381 static void
 1382 destroy_lsock(struct listen_sock *ls)
 1383 {
 1384     CHECK_OBJ_NOTNULL(ls, LISTEN_SOCK_MAGIC);
 1385     if (ls->sock > 0)
 1386         (void) close(ls->sock);
 1387     free(ls->name);
 1388     FREE_OBJ(ls);
 1389 }
 1390 
 1391 static void
 1392 destroy_frontend(struct frontend *fr)
 1393 {
 1394     struct listen_sock *ls, *lstmp;
 1395     sslctx *sc, *sctmp;
 1396 
 1397     CHECK_OBJ_NOTNULL(fr, FRONTEND_MAGIC);
 1398 
 1399     VTAILQ_FOREACH_SAFE(ls, &fr->socks, list, lstmp) {
 1400         CHECK_OBJ_NOTNULL(ls, LISTEN_SOCK_MAGIC);
 1401         VTAILQ_REMOVE(&fr->socks, ls, list);
 1402         destroy_lsock(ls);
 1403     }
 1404 
 1405     HASH_ITER(hh, fr->ssl_ctxs, sc, sctmp) {
 1406         HASH_DEL(fr->ssl_ctxs, sc);
 1407         sctx_free(sc, &fr->sni_names);
 1408     }
 1409 
 1410     AZ(HASH_COUNT(fr->sni_names));
 1411     FREE_OBJ(fr);
 1412 }
 1413 
 1414 /* Create the bound socket in the parent process */
 1415 static int
 1416 frontend_listen(const struct front_arg *fa, struct frontend *fr)
 1417 {
 1418     struct addrinfo *ai, hints, *it;
 1419     struct listen_sock *ls, *lstmp;
 1420     struct listen_sock_head *slist;
 1421     char buf[INET6_ADDRSTRLEN+20];
 1422     char abuf[INET6_ADDRSTRLEN];
 1423     char pbuf[8];
 1424     int r, count = 0;
 1425 
 1426     CHECK_OBJ_NOTNULL(fa, FRONT_ARG_MAGIC);
 1427     CHECK_OBJ_NOTNULL(fr, FRONTEND_MAGIC);
 1428     slist = &fr->socks;
 1429 
 1430     ai = fr->addrs;
 1431     if (ai == NULL) {
 1432         memset(&hints, 0, sizeof hints);
 1433         hints.ai_family = AF_UNSPEC;
 1434         hints.ai_socktype = SOCK_STREAM;
 1435         hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
 1436         r = getaddrinfo(fa->ip, fa->port,
 1437             &hints, &ai);
 1438         if (r != 0) {
 1439             ERR("{getaddrinfo-listen}: %s: %s\n", fa->pspec,
 1440                 gai_strerror(r));
 1441             return (-1);
 1442         }
 1443     }
 1444 
 1445     for (it = ai; it != NULL; it = it->ai_next) {
 1446         ALLOC_OBJ(ls, LISTEN_SOCK_MAGIC);
 1447         VTAILQ_INSERT_TAIL(slist, ls, list);
 1448         count++;
 1449 
 1450         ls->sock = socket(it->ai_family, SOCK_STREAM, IPPROTO_TCP);
 1451         if (ls->sock == -1) {
 1452             ERR("{socket: main}: %s: %s\n", strerror(errno),
 1453                 fa->pspec);
 1454             goto creat_frontend_err;
 1455         }
 1456 
 1457         int t = 1;
 1458         if (setsockopt(ls->sock, SOL_SOCKET, SO_REUSEADDR,
 1459             &t, sizeof(int))
 1460             < 0) {
 1461             ERR("{setsockopt-reuseaddr}: %s: %s\n", strerror(errno),
 1462                 fa->pspec);
 1463             goto creat_frontend_err;
 1464         }
 1465 #ifdef SO_REUSEPORT_WORKS
 1466         if (setsockopt(ls->sock, SOL_SOCKET, SO_REUSEPORT,
 1467             &t, sizeof(int))
 1468             < 0) {
 1469             ERR("{setsockopt-reuseport}: %s: %s\n", strerror(errno),
 1470                 fa->pspec);
 1471             goto creat_frontend_err;
 1472         }
 1473 #endif
 1474 
 1475 #ifdef TCP_FASTOPEN_WORKS
 1476         if (CONFIG->TFO) {
 1477             if (setsockopt(ls->sock, SOL_TCP, TCP_FASTOPEN,
 1478                 &t, sizeof(int))
 1479                 < 0) {
 1480                 ERR("{setsockopt-tcp_fastopen}: %s: %s\n", strerror(errno),
 1481                     fa->pspec);
 1482                 goto creat_frontend_err;
 1483             }
 1484         }
 1485 #endif
 1486 
 1487         if(setnonblocking(ls->sock) < 0) {
 1488             ERR("{listen sock: setnonblocking}: %s: %s\n",
 1489                 strerror(errno), fa->pspec);
 1490             goto creat_frontend_err;
 1491         }
 1492 #ifdef IPV6_V6ONLY
 1493         t = 1;
 1494         if (it->ai_family == AF_INET6 &&
 1495             setsockopt(ls->sock, IPPROTO_IPV6, IPV6_V6ONLY, &t,
 1496             sizeof (t)) != 0) {
 1497             ERR("{setsockopt-ipv6only}: %s: %s\n", strerror(errno),
 1498                 fa->pspec);
 1499             goto creat_frontend_err;
 1500         }
 1501 #endif
 1502         if (CONFIG->RECV_BUFSIZE > 0) {
 1503             r = setsockopt(ls->sock, SOL_SOCKET, SO_RCVBUF,
 1504                 &CONFIG->RECV_BUFSIZE,
 1505                 sizeof(CONFIG->RECV_BUFSIZE));
 1506             if (r < 0) {
 1507                 ERR("{setsockopt-rcvbuf}: %s: %s\n",
 1508                     strerror(errno), fa->pspec);
 1509                 goto creat_frontend_err;
 1510             }
 1511         }
 1512         if (CONFIG->SEND_BUFSIZE > 0) {
 1513             r = setsockopt(ls->sock, SOL_SOCKET, SO_SNDBUF,
 1514                 &CONFIG->SEND_BUFSIZE,
 1515                 sizeof(CONFIG->SEND_BUFSIZE));
 1516             if (r < 0) {
 1517                 ERR("{setsockopt-sndbuf}: %s: %s\n",
 1518                     strerror(errno), fa->pspec);
 1519                 goto creat_frontend_err;
 1520             }
 1521         }
 1522 
 1523         if (bind(ls->sock, it->ai_addr, it->ai_addrlen)) {
 1524             ERR("{bind-socket}: %s: %s\n", strerror(errno),
 1525                 fa->pspec);
 1526             goto creat_frontend_err;
 1527         }
 1528 
 1529 #ifndef NO_DEFER_ACCEPT
 1530 #if TCP_DEFER_ACCEPT
 1531         int timeout = 1;
 1532         if (setsockopt(ls->sock, IPPROTO_TCP, TCP_DEFER_ACCEPT,
 1533             &timeout, sizeof(int)) < 0) {
 1534             ERR("{setsockopt-defer_accept}: %s: %s\n",
 1535                 strerror(errno), fa->pspec);
 1536             goto creat_frontend_err;
 1537         }
 1538 #endif /* TCP_DEFER_ACCEPT */
 1539 #endif
 1540         if (listen(ls->sock, CONFIG->BACKLOG) != 0) {
 1541             ERR("{listen-socket}: %s: %s\n", strerror(errno),
 1542                 fa->pspec);
 1543             goto creat_frontend_err;
 1544         }
 1545 
 1546         memcpy(&ls->addr, it->ai_addr, it->ai_addrlen);
 1547 
 1548         r = getnameinfo(it->ai_addr, it->ai_addrlen, abuf,
 1549             sizeof abuf, pbuf, sizeof pbuf,
 1550             NI_NUMERICHOST | NI_NUMERICSERV);
 1551         if (r != 0) {
 1552             ERR("{getnameinfo}: %s\n", fa->pspec);
 1553             goto creat_frontend_err;
 1554         }
 1555 
 1556         if (it->ai_addr->sa_family == AF_INET6) {
 1557             sprintf(buf, "[%s]:%s", abuf, pbuf);
 1558         } else {
 1559             sprintf(buf, "%s:%s", abuf, pbuf);
 1560         }
 1561         ls->name = strdup(buf);
 1562         AN(ls->name);
 1563         if (getpid() != master_pid)
 1564             LOG("{core} Listening on %s\n", ls->name);
 1565     }
 1566 
 1567     if (fr->addrs == NULL) {
 1568         assert(getpid() == master_pid);
 1569         VTAILQ_FOREACH_SAFE(ls, slist, list, lstmp) {
 1570             VTAILQ_REMOVE(slist, ls, list);
 1571             destroy_lsock(ls);
 1572         }
 1573         fr->addrs = ai;
 1574     } else {
 1575         fr->addrs = NULL;
 1576         freeaddrinfo(ai);
 1577     }
 1578     return (count);
 1579 
 1580 creat_frontend_err:
 1581     freeaddrinfo(ai);
 1582     VTAILQ_FOREACH_SAFE(ls, slist, list, lstmp) {
 1583         VTAILQ_REMOVE(slist, ls, list);
 1584         destroy_lsock(ls);
 1585     }
 1586 
 1587     return (-1);
 1588 }
 1589 
 1590 static struct frontend *
 1591 create_frontend(const struct front_arg *fa)
 1592 {
 1593     struct frontend *fr;
 1594     sslctx *so;
 1595     int count = 0;
 1596     struct frontend_head tmp_list;
 1597     struct cfg_cert_file *cf;
 1598 
 1599     CHECK_OBJ_NOTNULL(fa, FRONT_ARG_MAGIC);
 1600     ALLOC_OBJ(fr, FRONTEND_MAGIC);
 1601     VTAILQ_INIT(&fr->socks);
 1602     AN(fr);
 1603 
 1604     fr->arg = fa;
 1605     fr->match_global_certs = fa->match_global_certs;
 1606     fr->sni_nomatch_abort = fa->sni_nomatch_abort;
 1607 
 1608     VTAILQ_INIT(&tmp_list);
 1609     count = frontend_listen(fa, fr);
 1610     if (count < 0) {
 1611         destroy_frontend(fr);
 1612         return (NULL);
 1613     }
 1614 
 1615     for (cf = fa->certs; cf != NULL; cf = cf->hh.next) {
 1616         so = make_ctx_fr(cf, fr, fa);
 1617         if (so == NULL) {
 1618             destroy_frontend(fr);
 1619             return (NULL);
 1620         }
 1621         HASH_ADD_KEYPTR(hh, fr->ssl_ctxs,
 1622             so->filename, strlen(so->filename), so);
 1623 #ifndef OPENSSL_NO_TLSEXT
 1624         insert_sni_names(so, &fr->sni_names);
 1625 #endif
 1626         if (cf->hh.next == NULL)
 1627             fr->default_ctx = so;
 1628     }
 1629 
 1630     return (fr);
 1631 }
 1632 
 1633 static const void *
 1634 Get_Sockaddr(const struct sockaddr *sa, socklen_t *sl);
 1635 
 1636 static struct backend *
 1637 backend_create(struct sockaddr *sa)
 1638 {
 1639     socklen_t len;
 1640     const void *addr;
 1641     struct backend *b;
 1642     struct suckaddr *su;
 1643 
 1644     addr = Get_Sockaddr(sa, &len);
 1645     AN(addr);
 1646     su = VSA_Malloc(addr, len);
 1647     ALLOC_OBJ(b, BACKEND_MAGIC);
 1648     b->backaddr = su;
 1649     b->ref = 1;
 1650     return (b);
 1651 }
 1652 
 1653 static struct backend *
 1654 backend_ref(void)
 1655 {
 1656     CHECK_OBJ_NOTNULL(backaddr, BACKEND_MAGIC);
 1657     AN(backaddr->ref);
 1658     backaddr->ref++;
 1659     return (backaddr);
 1660 }
 1661 
 1662 
 1663 void
 1664 backend_deref(struct backend **be)
 1665 {
 1666     struct backend *b;
 1667     b = *be;
 1668 
 1669     CHECK_OBJ_NOTNULL(b, BACKEND_MAGIC);
 1670     AN(b->ref);
 1671     b->ref--;
 1672 
 1673     if (b->ref == 0) {
 1674         free(b->backaddr);
 1675         FREE_OBJ(*be);
 1676     }
 1677 }
 1678 
 1679 /* Initiate a clear-text nonblocking connect() to the backend IP on behalf
 1680  * of a newly connected upstream (encrypted) client */
 1681 static int
 1682 create_back_socket(struct backend *b)
 1683 {
 1684     socklen_t len;
 1685     const struct sockaddr *addr;
 1686 
 1687     CHECK_OBJ_NOTNULL(b, BACKEND_MAGIC);
 1688     addr = (struct sockaddr *) VSA_Get_Sockaddr(b->backaddr, &len);
 1689     AN(addr);
 1690     int s = socket(addr->sa_family, SOCK_STREAM, 0);
 1691 
 1692     if (s == -1)
 1693         return (-1);
 1694 
 1695     if (addr->sa_family != PF_UNIX) {
 1696         int flag = 1;
 1697         int ret = setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
 1698             (char *)&flag, sizeof(flag));
 1699         if (ret == -1)
 1700             ERR("Couldn't setsockopt to backend (TCP_NODELAY):"
 1701                 " %s\n", strerror(errno));
 1702     }
 1703     if (setnonblocking(s) < 0) {
 1704         (void)close(s);
 1705         return (-1);
 1706     }
 1707     return (s);
 1708 }
 1709 
 1710 /* Only enable a libev ev_io event if the proxied connection still
 1711  * has both up and down connected */
 1712 static void
 1713 safe_enable_io(proxystate *ps, ev_io *w)
 1714 {
 1715     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 1716     if (!ps->want_shutdown)
 1717         ev_io_start(loop, w);
 1718 }
 1719 
 1720 static void
 1721 check_exit_state(void)
 1722 {
 1723     if (worker_state == WORKER_EXITING && n_conns == 0) {
 1724         LOGL("Worker %d (gen: %d) in state EXITING "
 1725             "is now exiting.\n", core_id, worker_gen);
 1726         _exit(0);
 1727     }
 1728 }
 1729 
 1730 /* Only enable a libev ev_io event if the proxied connection still
 1731  * has both up and down connected */
 1732 static void
 1733 shutdown_proxy(proxystate *ps, SHUTDOWN_REQUESTOR req)
 1734 {
 1735     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 1736     LOGPROXY(ps, "proxy shutdown req=%s\n", SHUTDOWN_STR[req]);
 1737     if (ps->want_shutdown || req == SHUTDOWN_HARD) {
 1738         ev_io_stop(loop, &ps->ev_w_ssl);
 1739         ev_io_stop(loop, &ps->ev_r_ssl);
 1740         ev_io_stop(loop, &ps->ev_w_handshake);
 1741         ev_io_stop(loop, &ps->ev_r_handshake);
 1742         ev_timer_stop(loop, &ps->ev_t_handshake);
 1743         ev_io_stop(loop, &ps->ev_w_connect);
 1744         ev_timer_stop(loop, &ps->ev_t_connect);
 1745         ev_io_stop(loop, &ps->ev_w_clear);
 1746         ev_io_stop(loop, &ps->ev_r_clear);
 1747         ev_io_stop(loop, &ps->ev_proxy);
 1748 
 1749         (void)SSL_shutdown(ps->ssl);
 1750 
 1751         ERR_clear_error();
 1752         SSL_free(ps->ssl);
 1753 
 1754         close(ps->fd_up);
 1755         close(ps->fd_down);
 1756         backend_deref(&ps->backend);
 1757 
 1758         ringbuffer_cleanup(&ps->ring_clear2ssl);
 1759         ringbuffer_cleanup(&ps->ring_ssl2clear);
 1760         free(ps);
 1761 
 1762         n_conns--;
 1763         check_exit_state();
 1764     }
 1765     else {
 1766         ps->want_shutdown = 1;
 1767         if (req == SHUTDOWN_CLEAR &&
 1768             ringbuffer_is_empty(&ps->ring_clear2ssl))
 1769             shutdown_proxy(ps, SHUTDOWN_HARD);
 1770         else if (req == SHUTDOWN_SSL &&
 1771             ringbuffer_is_empty(&ps->ring_ssl2clear))
 1772             shutdown_proxy(ps, SHUTDOWN_HARD);
 1773     }
 1774 }
 1775 
 1776 /* Handle various socket errors */
 1777 static void
 1778 handle_socket_errno(proxystate *ps, int backend)
 1779 {
 1780     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 1781     if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
 1782         return;
 1783 
 1784     if (backend)
 1785         ERR("{backend} Socket error: %s\n", strerror(errno));
 1786     else
 1787         LOG("{client} Socket error: %s\n", strerror(errno));
 1788     shutdown_proxy(ps, SHUTDOWN_CLEAR);
 1789 }
 1790 
 1791 /* Start connect to backend */
 1792 static int
 1793 start_connect(proxystate *ps)
 1794 {
 1795     int t = 1;
 1796     socklen_t len;
 1797     const void *addr;
 1798 
 1799     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 1800     CHECK_OBJ_NOTNULL(ps->backend, BACKEND_MAGIC);
 1801     addr = VSA_Get_Sockaddr(ps->backend->backaddr, &len);
 1802     AN(addr);
 1803 
 1804     t = connect(ps->fd_down, addr, len);
 1805     if (t == 0 || errno == EINPROGRESS || errno == EINTR) {
 1806         ev_io_start(loop, &ps->ev_w_connect);
 1807         ev_timer_start(loop, &ps->ev_t_connect);
 1808         return (0);
 1809     }
 1810 
 1811     ERR("{backend-connect}: %s\n", strerror(errno));
 1812     shutdown_proxy(ps, SHUTDOWN_HARD);
 1813 
 1814     return (-1);
 1815 }
 1816 
 1817 /* Read some data from the backend when libev says data is available--
 1818  * write it into the upstream buffer and make sure the write event is
 1819  * enabled for the upstream socket */
 1820 static void
 1821 clear_read(struct ev_loop *loop, ev_io *w, int revents)
 1822 {
 1823     (void) revents;
 1824     int t;
 1825     proxystate *ps;
 1826     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 1827     if (ps->want_shutdown) {
 1828         ev_io_stop(loop, &ps->ev_r_clear);
 1829         return;
 1830     }
 1831     int fd = w->fd;
 1832     char *buf = ringbuffer_write_ptr(&ps->ring_clear2ssl);
 1833     t = recv(fd, buf, ps->ring_clear2ssl.data_len, 0);
 1834 
 1835     if (t > 0) {
 1836         ringbuffer_write_append(&ps->ring_clear2ssl, t);
 1837         if (ringbuffer_is_full(&ps->ring_clear2ssl))
 1838             ev_io_stop(loop, &ps->ev_r_clear);
 1839         if (ps->handshaked)
 1840             safe_enable_io(ps, &ps->ev_w_ssl);
 1841     }
 1842     else if (t == 0) {
 1843         LOGPROXY(ps,"Connection closed by %s\n",
 1844             fd == ps->fd_down ? "backend" : "client");
 1845         shutdown_proxy(ps, SHUTDOWN_CLEAR);
 1846     }
 1847     else {
 1848         assert(t == -1);
 1849         handle_socket_errno(ps, fd == ps->fd_down ? 1 : 0);
 1850     }
 1851 }
 1852 
 1853 
 1854 /* Write some data, previously received on the secure upstream socket,
 1855  * out of the downstream buffer and onto the backend socket */
 1856 static void
 1857 clear_write(struct ev_loop *loop, ev_io *w, int revents)
 1858 {
 1859     (void)revents;
 1860     int t;
 1861     proxystate *ps;
 1862     int fd = w->fd;
 1863     int sz;
 1864 
 1865     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 1866     assert(!ringbuffer_is_empty(&ps->ring_ssl2clear));
 1867 
 1868     char *next = ringbuffer_read_next(&ps->ring_ssl2clear, &sz);
 1869     t = send(fd, next, sz, MSG_NOSIGNAL);
 1870 
 1871     if (t > 0) {
 1872         if (t == sz) {
 1873             ringbuffer_read_pop(&ps->ring_ssl2clear);
 1874             if (ps->handshaked)
 1875                 safe_enable_io(ps, &ps->ev_r_ssl);
 1876             if (ringbuffer_is_empty(&ps->ring_ssl2clear)) {
 1877                 if (ps->want_shutdown) {
 1878                     shutdown_proxy(ps, SHUTDOWN_HARD);
 1879                     return; // dealloc'd
 1880                 }
 1881                 ev_io_stop(loop, &ps->ev_w_clear);
 1882             }
 1883         } else {
 1884             ringbuffer_read_skip(&ps->ring_ssl2clear, t);
 1885         }
 1886     } else {
 1887         assert(t == -1);
 1888         handle_socket_errno(ps, fd == ps->fd_down ? 1 : 0);
 1889     }
 1890 }
 1891 
 1892 static void start_handshake(proxystate *ps, int err);
 1893 
 1894 static unsigned
 1895 sockaddr_port(const struct sockaddr *sa)
 1896 {
 1897     const struct sockaddr_in *sa4;
 1898     const struct sockaddr_in6 *sa6;
 1899 
 1900     switch (sa->sa_family) {
 1901     case PF_INET:
 1902         sa4 = (struct sockaddr_in *) sa;
 1903         return (ntohs((sa4->sin_port)));
 1904     case PF_INET6:
 1905         sa6 = (struct sockaddr_in6 *) sa;
 1906         return (ntohs((sa6->sin6_port)));
 1907     default:
 1908         return (0);
 1909     }
 1910 }
 1911 
 1912 /* Continue/complete the asynchronous connect() before starting data
 1913  * transmission between front/backend */
 1914 static void
 1915 handle_connect(struct ev_loop *loop, ev_io *w, int revents)
 1916 {
 1917     int t, r;
 1918     proxystate *ps;
 1919     socklen_t len;
 1920     const void *addr;
 1921 
 1922     (void)revents;
 1923     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 1924     CHECK_OBJ_NOTNULL(ps->backend, BACKEND_MAGIC);
 1925     addr = VSA_Get_Sockaddr(ps->backend->backaddr, &len);
 1926     AN(addr);
 1927 
 1928     t = connect(ps->fd_down, addr, len);
 1929 
 1930     if (!t || errno == EISCONN || !errno) {
 1931         ev_io_stop(loop, &ps->ev_w_connect);
 1932         ev_timer_stop(loop, &ps->ev_t_connect);
 1933 
 1934         if (!ps->clear_connected) {
 1935             struct sockaddr_storage ss;
 1936             socklen_t sl;
 1937 
 1938             sl = sizeof(addr);
 1939             r = getsockname(ps->fd_down,
 1940                 (struct sockaddr *) &ss, &sl);
 1941             AZ(r);
 1942             ps->connect_port = sockaddr_port(
 1943                 (struct sockaddr *) &ss);
 1944             LOGPROXY(ps, "backend connected\n");
 1945 
 1946             ps->clear_connected = 1;
 1947 
 1948             /* if incoming buffer is not full */
 1949             if (!ringbuffer_is_full(&ps->ring_clear2ssl))
 1950                 safe_enable_io(ps, &ps->ev_r_clear);
 1951 
 1952             /* if outgoing buffer is not empty */
 1953             if (!ringbuffer_is_empty(&ps->ring_ssl2clear))
 1954                 // not safe.. we want to resume stream
 1955                 // even during half-closed
 1956                 ev_io_start(loop, &ps->ev_w_clear);
 1957         } else {
 1958             /* Clear side already connected so connect is on
 1959              * secure side: perform handshake */
 1960             start_handshake(ps, SSL_ERROR_WANT_WRITE);
 1961         }
 1962     }
 1963     else if (errno == EINPROGRESS || errno == EINTR || errno == EALREADY) {
 1964         /* do nothing, we'll get phoned home again... */
 1965     } else {
 1966         ERR("{backend-connect}: %s\n", strerror(errno));
 1967         shutdown_proxy(ps, SHUTDOWN_HARD);
 1968     }
 1969 }
 1970 
 1971 static void
 1972 connect_timeout(EV_P_ ev_timer *w, int revents)
 1973 {
 1974     (void)loop;
 1975     (void)revents;
 1976     proxystate *ps;
 1977     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 1978     ERRPROXY(ps,"backend connect timeout\n");
 1979     //shutdown_proxy(ps, SHUTDOWN_HARD);
 1980 }
 1981 
 1982 /* Upon receiving a signal from OpenSSL that a handshake is required, re-wire
 1983  * the read/write events to hook up to the handshake handlers */
 1984 static void
 1985 start_handshake(proxystate *ps, int err)
 1986 {
 1987     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 1988 
 1989     ev_io_stop(loop, &ps->ev_r_ssl);
 1990     ev_io_stop(loop, &ps->ev_w_ssl);
 1991 
 1992     ps->handshaked = 0;
 1993 
 1994     LOGPROXY(ps,"ssl handshake start\n");
 1995     if (err == SSL_ERROR_WANT_READ)
 1996         ev_io_start(loop, &ps->ev_r_handshake);
 1997     else if (err == SSL_ERROR_WANT_WRITE)
 1998         ev_io_start(loop, &ps->ev_w_handshake);
 1999     ev_timer_start(loop, &ps->ev_t_handshake);
 2000 }
 2001 
 2002 #if defined(OPENSSL_WITH_NPN) || defined(OPENSSL_WITH_ALPN)
 2003 static void
 2004 get_alpn(proxystate *ps, const unsigned char **selected, unsigned *len) {
 2005     *selected = NULL;
 2006     *len = 0;
 2007 #ifdef OPENSSL_WITH_ALPN
 2008     SSL_get0_alpn_selected(ps->ssl, selected, len);
 2009 #endif
 2010 #ifdef OPENSSL_WITH_NPN
 2011     if (*len == 0)
 2012         SSL_get0_next_proto_negotiated(ps->ssl, selected, len);
 2013 #endif
 2014 }
 2015 #endif /* OPENSSL_WITH_NPN || OPENSSL_WITH_ALPN */
 2016 
 2017 static int
 2018 proxy_tlv_append(char *dst, ssize_t dstlen, unsigned type,
 2019     const char *val, ssize_t len)
 2020 {
 2021     if (len == -1)
 2022         len = strlen(val);
 2023     if (dstlen < len + 3)
 2024         return (0);
 2025     dst[0] = type;
 2026     dst[1] = (len >> 8) & 0xff;
 2027     dst[2] = len & 0xff;
 2028     memcpy(dst + 3, val, len);
 2029     return (len + 3);
 2030 }
 2031 
 2032 static int
 2033 proxy_tlv_cert(struct proxystate *ps, char *dst, ssize_t dstlen)
 2034 {
 2035     X509 *crt;
 2036     BIO *bio;
 2037     struct buf_mem_st bm[1];
 2038 
 2039     crt = SSL_get_peer_certificate(ps->ssl);
 2040     if (crt == NULL)
 2041         return (0);
 2042 
 2043     memset(bm, 0, sizeof(*bm));
 2044     /* set aside the first three bytes for PROXY tlv type and size */
 2045     bm->data = dst + 3;
 2046     bm->max = dstlen - 3;
 2047     bio = BIO_new(BIO_s_mem());
 2048     AN(bio);        /* this should only fail if OOM */
 2049     BIO_set_mem_buf(bio, bm, BIO_NOCLOSE);
 2050 
 2051     if (PEM_write_bio_X509_AUX(bio, crt) == 0) {
 2052         BIO_free(bio);
 2053         X509_free(crt);
 2054         log_ssl_error(ps,
 2055             "proxy-client-cert (PEM_write_bio_X509_AUX) failed");
 2056         return (0);
 2057     }
 2058     X509_free(crt);
 2059     AN(BIO_free(bio));
 2060 
 2061     /* Type flag. Types 0xe0-0xef are available for custom
 2062      * application-specific use. */
 2063     dst[0] = 0xe0;
 2064 
 2065     dst[1] = (bm->length >> 8) & 0xff;
 2066     dst[2] = bm->length & 0xff;
 2067 
 2068     return (bm->length + 3);
 2069 }
 2070 
 2071 static void
 2072 write_proxy_v2(proxystate *ps, const struct sockaddr *local)
 2073 {
 2074     struct pp2_hdr *p;
 2075     size_t len = 16, maxlen;
 2076     char *base;
 2077     const char *tlv_tok;
 2078     unsigned tlv_len;
 2079     int i;
 2080 
 2081     union addr {
 2082         struct sockaddr     sa;
 2083         struct sockaddr_in  sa4;
 2084         struct sockaddr_in6 sa6;
 2085     } *l, *r;
 2086 
 2087     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 2088     base = ringbuffer_write_ptr(&ps->ring_ssl2clear);
 2089     p = (struct pp2_hdr *)base;
 2090     l = (union addr *) local;
 2091     r = (union addr *) &ps->remote_ip;
 2092     maxlen = ps->ring_ssl2clear.data_len;
 2093     /* XXX: should it be rounded down to PP2_HEADER_MAX? */
 2094 
 2095     memcpy(&p->sig, PP2_SIG, sizeof PP2_SIG);
 2096     p->ver_cmd = PP2_VERSION|PP2_CMD_PROXY;
 2097     p->fam = l->sa.sa_family == AF_INET ?
 2098         PP2_TRANS_STREAM|PP2_FAM_INET :
 2099         PP2_TRANS_STREAM|PP2_FAM_INET6;
 2100 
 2101     if (l->sa.sa_family == AF_INET) {
 2102         len += 12;
 2103 
 2104         /* src/client */
 2105         memcpy(&p->addr.ipv4.src_addr, &r->sa4.sin_addr.s_addr,
 2106             sizeof p->addr.ipv4.src_addr);
 2107         memcpy(&p->addr.ipv4.src_port, &r->sa4.sin_port,
 2108             sizeof p->addr.ipv4.src_port);
 2109 
 2110         /* dst/server */
 2111         memcpy(&p->addr.ipv4.dst_addr, &l->sa4.sin_addr.s_addr,
 2112             sizeof p->addr.ipv4.dst_addr);
 2113         memcpy(&p->addr.ipv4.dst_port, &l->sa4.sin_port,
 2114             sizeof p->addr.ipv4.dst_port);
 2115     } else {
 2116         assert (l->sa.sa_family == AF_INET6);
 2117         len += 36;
 2118 
 2119         /* src/client */
 2120         memcpy(&p->addr.ipv6.src_addr, &r->sa6.sin6_addr.s6_addr,
 2121             sizeof p->addr.ipv6.src_addr);
 2122         memcpy(&p->addr.ipv6.src_port, &r->sa6.sin6_port,
 2123             sizeof p->addr.ipv6.src_port);
 2124 
 2125         /* dst/server */
 2126         memcpy(&p->addr.ipv6.dst_addr, &l->sa6.sin6_addr.s6_addr,
 2127             sizeof p->addr.ipv6.dst_addr);
 2128         memcpy(&p->addr.ipv6.dst_port, &l->sa6.sin6_port,
 2129             sizeof p->addr.ipv6.dst_port);
 2130     }
 2131 
 2132     /* This is where we add something related to NPN or ALPN*/
 2133 #if defined(OPENSSL_WITH_ALPN) || defined(OPENSSL_WITH_NPN)
 2134     tlv_tok = NULL;
 2135     tlv_len = 0;
 2136     get_alpn(ps, (const unsigned char **)&tlv_tok, &tlv_len);
 2137     if (tlv_len > 0) {
 2138         /* let the server know that a protocol was selected. */
 2139         i = proxy_tlv_append(base + len, maxlen - len,
 2140             PP2_TYPE_ALPN, tlv_tok, tlv_len);
 2141         AN(i);
 2142         len += i;
 2143     }
 2144 #endif
 2145     if (CONFIG->PROXY_AUTHORITY) {
 2146         tlv_tok = SSL_get_servername(ps->ssl,
 2147             TLSEXT_NAMETYPE_host_name);
 2148         if (tlv_tok != NULL) {
 2149             tlv_len = strlen(tlv_tok);
 2150             i = proxy_tlv_append(base + len, maxlen - len,
 2151                 PP2_TYPE_AUTHORITY, tlv_tok, tlv_len);
 2152             len += i;
 2153         }
 2154     }
 2155     if (CONFIG->PROXY_CLIENT_CERT)
 2156         len += proxy_tlv_cert(ps, base + len, maxlen - len);
 2157 
 2158     if (CONFIG->PROXY_TLV) {
 2159         X509 *crt;
 2160         ssize_t sz = 0;
 2161         struct pp2_tlv_ssl *tlv;
 2162         char *tlvp = base + len;
 2163         const char *tmp;
 2164 
 2165         tlvp[0] = PP2_TYPE_SSL;
 2166         /* tlvp[1..2] to be updated with payload length later */
 2167         len += 3;
 2168         tlv = (struct pp2_tlv_ssl *) (&base[len]);
 2169         tlv->client = PP2_CLIENT_SSL;
 2170         tlv->verify = htonl(1);
 2171 
 2172         /* PP2_CLIENT_CERT_SESS */
 2173         crt = SSL_get_peer_certificate(ps->ssl);
 2174         if (crt) {
 2175             tlv->client |= PP2_CLIENT_CERT_SESS;
 2176             tlv->verify = htonl(SSL_get_verify_result(ps->ssl));
 2177             X509_free(crt);
 2178         }
 2179 
 2180         /* PP2_CLIENT_CERT_CONN */
 2181         if (ps->client_cert_conn)
 2182             tlv->client |= PP2_CLIENT_CERT_CONN;
 2183         len += 5;
 2184         sz += 5;
 2185 
 2186         tmp = SSL_get_version(ps->ssl);
 2187         AN(tmp);
 2188         i = proxy_tlv_append(base + len, maxlen - len,
 2189             PP2_SUBTYPE_SSL_VERSION, tmp, -1);
 2190         len += i;
 2191         sz += i;
 2192 
 2193         tmp = SSL_get_cipher_name(ps->ssl);
 2194         AN(tmp);
 2195         i = proxy_tlv_append(base + len, maxlen - len,
 2196             PP2_SUBTYPE_SSL_CIPHER, tmp, -1);
 2197         len += i;
 2198         sz += i;
 2199 
 2200         tlvp[1] = (sz >> 8) & 0xff;
 2201         tlvp[2] = sz & 0xff;
 2202     }
 2203 
 2204     p->len = htons(len - 16);
 2205     ringbuffer_write_append(&ps->ring_ssl2clear, len);
 2206 }
 2207 
 2208 static void
 2209 write_proxy_v1(proxystate *ps, const struct sockaddr *local, socklen_t slen)
 2210 {
 2211     char *p;
 2212     char src_addr[INET6_ADDRSTRLEN+1], dst_addr[INET6_ADDRSTRLEN+1];
 2213     char src_port[8], dst_port[8];
 2214     size_t len;
 2215     int n;
 2216 
 2217     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 2218 
 2219     p = ringbuffer_write_ptr(&ps->ring_ssl2clear);
 2220     n = getnameinfo(local, slen, dst_addr, sizeof dst_addr, dst_port,
 2221         sizeof dst_port, NI_NUMERICHOST | NI_NUMERICSERV);
 2222     AZ(n);
 2223 
 2224     n = getnameinfo((struct sockaddr *) &ps->remote_ip, slen, src_addr,
 2225         sizeof src_addr, src_port, sizeof src_port,
 2226         NI_NUMERICHOST | NI_NUMERICSERV);
 2227     AZ(n);
 2228 
 2229     if (local->sa_family == AF_INET) {
 2230         len = sprintf(p, "PROXY TCP4 %s %s %s %s\r\n", src_addr,
 2231             dst_addr, src_port, dst_port);
 2232     } else {
 2233         assert (local->sa_family == AF_INET6);
 2234         len = sprintf(p, "PROXY TCP6 %s %s %s %s\r\n", src_addr,
 2235             dst_addr, src_port, dst_port);
 2236     }
 2237     assert (len > 0);
 2238     ringbuffer_write_append(&ps->ring_ssl2clear, len);
 2239 }
 2240 
 2241 static void
 2242 write_ip_octet(proxystate *ps)
 2243 {
 2244     char *ring_pnt;
 2245 
 2246     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 2247     ring_pnt = ringbuffer_write_ptr(&ps->ring_ssl2clear);
 2248     assert(ps->remote_ip.ss_family == AF_INET ||
 2249         ps->remote_ip.ss_family == AF_INET6);
 2250     *ring_pnt++ = (unsigned char) ps->remote_ip.ss_family;
 2251     if (ps->remote_ip.ss_family == AF_INET6) {
 2252         memcpy(ring_pnt,
 2253             &((struct sockaddr_in6 *)
 2254             &ps->remote_ip)->sin6_addr.s6_addr, 16U);
 2255         ringbuffer_write_append(&ps->ring_ssl2clear, 1U + 16U);
 2256     }
 2257     else {
 2258         memcpy(ring_pnt, &((struct sockaddr_in *)
 2259             &ps->remote_ip)->sin_addr.s_addr, 4U);
 2260         ringbuffer_write_append(&ps->ring_ssl2clear, 1U + 4U);
 2261     }
 2262 }
 2263 
 2264 #if defined(OPENSSL_WITH_NPN) || defined(OPENSSL_WITH_ALPN)
 2265 static int is_protocol_matching(const unsigned char *selected, unsigned len) {
 2266     int unsigned i = 0;
 2267     if (CONFIG->ALPN_PROTOS_LV != NULL) {
 2268         while (i < CONFIG->ALPN_PROTOS_LV_LEN) {
 2269             if(CONFIG->ALPN_PROTOS_LV[i] == len &&
 2270                 0 == memcmp(selected,
 2271                 CONFIG->ALPN_PROTOS_LV + i + 1,
 2272                 len))
 2273                 return (1);
 2274             i+= CONFIG->ALPN_PROTOS_LV[i] + 1;
 2275         }
 2276     }
 2277     return (0);
 2278 }
 2279 
 2280 static int is_alpn_shutdown_needed(proxystate *ps) {
 2281     const unsigned char *alpn_tok;
 2282     unsigned alpn_len;
 2283 
 2284     if (CONFIG->ALPN_PROTOS_LV == NULL)
 2285         return (0);
 2286 
 2287     get_alpn(ps, &alpn_tok, &alpn_len);
 2288     if (alpn_len == 0) {
 2289         /* If alpn / npn was tried, shut down */
 2290         if(ps->npn_alpn_tried) {
 2291             LOGPROXY(ps, "Unsuccessful NPN/ALPN negotiation\n");
 2292             return (1);
 2293         } else
 2294             LOGPROXY(ps, "No NPN/ALPN negotiation happened.\n");
 2295     } else if (!is_protocol_matching(alpn_tok, alpn_len)) {
 2296         LOGPROXY(ps, "NPN: Unknown protocol selected\n");
 2297         return (1);
 2298     } else
 2299         LOGPROXY(ps, "NPN/ALPN protocol: %.*s\n",
 2300             alpn_len, alpn_tok);
 2301     return (0);
 2302 }
 2303 #endif
 2304 
 2305 /* After OpenSSL is done with a handshake, re-wire standard read/write handlers
 2306  * for data transmission */
 2307 static void end_handshake(proxystate *ps) {
 2308     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 2309     ev_io_stop(loop, &ps->ev_r_handshake);
 2310     ev_io_stop(loop, &ps->ev_w_handshake);
 2311     ev_timer_stop(loop, &ps->ev_t_handshake);
 2312 
 2313 #if defined(OPENSSL_WITH_NPN) || defined(OPENSSL_WITH_ALPN)
 2314     if (is_alpn_shutdown_needed(ps)) {
 2315         shutdown_proxy(ps, SHUTDOWN_HARD);
 2316         return;
 2317     }
 2318 #endif
 2319     LOGPROXY(ps,"ssl end handshake\n");
 2320     /* Disable renegotiation (CVE-2009-3555) */
 2321 #ifdef HAVE_STRUCT_SSL_ST_S3
 2322     /* For OpenSSL 1.1, setting the following flag does not seem
 2323      * to be possible. This is OK, since SSLv3 negotiation will
 2324      * not happen in OpenSSL 0.9.8m or later unless
 2325      * SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set. */
 2326     if (ps->ssl->s3) {
 2327         ps->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
 2328     }
 2329 #endif
 2330     ps->handshaked = 1;
 2331 
 2332     /* Check if clear side is connected */
 2333     if (!ps->clear_connected) {
 2334         if (CONFIG->WRITE_PROXY_LINE_V1 ||
 2335             CONFIG->WRITE_PROXY_LINE_V2) {
 2336             struct sockaddr_storage local;
 2337             socklen_t slen = sizeof local;
 2338             AZ(getsockname(ps->fd_up, (struct sockaddr *) &local,
 2339                 &slen));
 2340             if (CONFIG->WRITE_PROXY_LINE_V1)
 2341                 write_proxy_v1(ps, (struct sockaddr *) &local,
 2342                     slen);
 2343             else
 2344                 write_proxy_v2(ps, (struct sockaddr *) &local);
 2345         } else if (CONFIG->WRITE_IP_OCTET) {
 2346             write_ip_octet(ps);
 2347         }
 2348 
 2349         /* start connect now */
 2350         if (0 != start_connect(ps))
 2351             return;
 2352     } else {
 2353         /* hitch used in client mode, keep client session ) */
 2354         if (!SSL_session_reused(ps->ssl)) {
 2355             if (client_session)
 2356                 SSL_SESSION_free(client_session);
 2357             client_session = SSL_get1_session(ps->ssl);
 2358         }
 2359     }
 2360 
 2361     /* if incoming buffer is not full */
 2362     if (!ringbuffer_is_full(&ps->ring_ssl2clear))
 2363         safe_enable_io(ps, &ps->ev_r_ssl);
 2364 
 2365     /* if outgoing buffer is not empty */
 2366     if (!ringbuffer_is_empty(&ps->ring_clear2ssl))
 2367         // not safe.. we want to resume stream even during half-closed
 2368         ev_io_start(loop, &ps->ev_w_ssl);
 2369 }
 2370 
 2371 
 2372 static int
 2373 client_proxy_proxy2(struct proxystate *ps, BIO *b, char *buf, int c)
 2374 {
 2375     struct pp2_hdr hdr;
 2376     char *ring, *p;
 2377     int n, sz, rlen;
 2378 
 2379     memcpy(&hdr, buf, c);
 2380     p = (char *) &hdr;
 2381     p += c;
 2382 
 2383     n = BIO_read(b, p, PP2_HDR_LEN - c);
 2384     if (n <= 0 || n != PP2_HDR_LEN - c) {
 2385         LOG("{client} Unexpected read error in proxy-proxyv2: "
 2386             "BIO_read: %d\n", n);
 2387         shutdown_proxy(ps, SHUTDOWN_SSL);
 2388         return (1);
 2389     }
 2390 
 2391     sz = ntohs(hdr.len);
 2392     AN(ringbuffer_is_empty(&ps->ring_ssl2clear));
 2393     rlen = ps->ring_ssl2clear.data_len;
 2394     if (sz + PP2_HDR_LEN > rlen) {
 2395         /* we have 32k of space, so this should relly never occur. */
 2396         LOG("{client} PROXYv2 overflow: header too long\n");
 2397         shutdown_proxy(ps, SHUTDOWN_SSL);
 2398         return (1);
 2399     }
 2400 
 2401     ring = ringbuffer_write_ptr(&ps->ring_ssl2clear);
 2402     memcpy(ring, &hdr, PP2_HDR_LEN);
 2403     n = BIO_read(b, ring + PP2_HDR_LEN, sz);
 2404     if (n != sz) {
 2405         LOG("{client} proxy-proxyv2: Short read: %d\n", n);
 2406         shutdown_proxy(ps, SHUTDOWN_SSL);
 2407         return (1);
 2408     }
 2409     ringbuffer_write_append(&ps->ring_ssl2clear, n + PP2_HDR_LEN);
 2410     return (0);
 2411 }
 2412 
 2413 static int
 2414 client_proxy_proxy1(struct proxystate *ps, BIO *b, char *buf, int n)
 2415 {
 2416     char *begin, *end, *p;
 2417     int t;
 2418 
 2419     assert(ringbuffer_is_empty(&ps->ring_ssl2clear));
 2420     begin = ringbuffer_write_ptr(&ps->ring_ssl2clear);
 2421 
 2422     /* PROXY spec says 107 bytes is the maximum size */
 2423     end = begin + 108;
 2424     memcpy(begin, buf, n);
 2425     p = begin + n;
 2426 
 2427     // Copy characters one-by-one until we hit a \n or an error
 2428     while (p != end && (t = BIO_read(b, p, 1)) == 1) {
 2429         if (*p++ == '\n')
 2430             break;
 2431     }
 2432 
 2433     if (p == end) {
 2434         LOG("{client} Unexpectedly long PROXY line. Malformed req?\n");
 2435         shutdown_proxy(ps, SHUTDOWN_SSL);
 2436         return (1);
 2437     } else if (t != 1) {
 2438         LOG("{client} Unexpected error reading PROXY line\n");
 2439         shutdown_proxy(ps, SHUTDOWN_SSL);
 2440         return (1);
 2441 
 2442     }
 2443 
 2444     ringbuffer_write_append(&ps->ring_ssl2clear,
 2445         p - begin);
 2446     return (0);
 2447 }
 2448 
 2449 static void
 2450 client_proxy_proxy(struct ev_loop *loop, ev_io *w, int revents)
 2451 {
 2452     proxystate *ps;
 2453     BIO *b;
 2454     char buf[32];
 2455     int n;
 2456 
 2457     (void) revents;
 2458 
 2459     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 2460     b = SSL_get_rbio(ps->ssl);
 2461 
 2462     /* PROXYv1: 'PROXY ' */
 2463     /* PROXYv2:  PP2_SIG, (12 octets) */
 2464 
 2465     n = BIO_read(b, buf, 12);
 2466     if (n != 12) {
 2467         LOG("{client} Unexpected read error in proxy-proxyv2: "
 2468             "BIO_read: %d\n", n);
 2469         shutdown_proxy(ps, SHUTDOWN_SSL);
 2470         return;
 2471     }
 2472 
 2473     if (memcmp(buf, "PROXY ", 6) == 0) {
 2474         if (client_proxy_proxy1(ps, b, buf, n))
 2475             return;
 2476     } else if (memcmp(buf, PP2_SIG, 12) == 0) {
 2477         if (client_proxy_proxy2(ps, b, buf, n))
 2478             return;
 2479     } else {
 2480         LOG("{client} Received invalid PROXY/PROXYv2 header\n");
 2481         shutdown_proxy(ps, SHUTDOWN_SSL);
 2482         return;
 2483     }
 2484 
 2485     ev_io_stop(loop, &ps->ev_proxy);
 2486     start_handshake(ps, SSL_ERROR_WANT_READ);
 2487 }
 2488 
 2489 /* The libev I/O handler during the OpenSSL handshake phase.  Basically, just
 2490  * let OpenSSL do what it likes with the socket and obey its requests for reads
 2491  * or writes */
 2492 static void
 2493 client_handshake(struct ev_loop *loop, ev_io *w, int revents)
 2494 {
 2495     (void)revents;
 2496     int t;
 2497     const char *errtok;
 2498     proxystate *ps;
 2499     int errno_val;
 2500 
 2501 
 2502     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 2503 
 2504     LOGPROXY(ps,"ssl client handshake revents=%x\n",revents);
 2505     t = SSL_do_handshake(ps->ssl);
 2506     if (t == 1) {
 2507         end_handshake(ps);
 2508     } else {
 2509         errno_val = errno;
 2510         int err = SSL_get_error(ps->ssl, t);
 2511         switch (err) {
 2512 #define SSL_ERR(a)              \
 2513             case a: errtok = #a; break;
 2514 #include "ssl_err.h"
 2515 #undef SSL_ERR
 2516         default:
 2517             errtok = "<undefined>";
 2518         }
 2519 
 2520         LOGPROXY(ps,"ssl client handshake err=%s\n",errtok);
 2521         if (err == SSL_ERROR_WANT_READ) {
 2522             ev_io_stop(loop, &ps->ev_w_handshake);
 2523             ev_io_start(loop, &ps->ev_r_handshake);
 2524         } else if (err == SSL_ERROR_WANT_WRITE) {
 2525             ev_io_stop(loop, &ps->ev_r_handshake);
 2526             ev_io_start(loop, &ps->ev_w_handshake);
 2527         } else if (err == SSL_ERROR_ZERO_RETURN) {
 2528             LOG("{%s} Connection closed (in handshake)\n",
 2529                 w->fd == ps->fd_up ? "client" : "backend");
 2530             shutdown_proxy(ps, SHUTDOWN_SSL);
 2531         } else if (err == SSL_ERROR_SYSCALL) {
 2532             LOG("{%s} SSL socket error in handshake: %s\n",
 2533                 w->fd == ps->fd_up ? "client" : "backend",
 2534                 strerror(errno_val));
 2535             shutdown_proxy(ps, SHUTDOWN_SSL);
 2536         } else {
 2537             if (err == SSL_ERROR_SSL) {
 2538                 log_ssl_error(ps, "Handshake failure");
 2539             } else {
 2540                 LOG("{%s} Unexpected SSL error "
 2541                     "(in handshake): %d\n",
 2542                     w->fd == ps->fd_up ? "client" : "backend",
 2543                     err);
 2544             }
 2545             shutdown_proxy(ps, SHUTDOWN_SSL);
 2546         }
 2547     }
 2548 }
 2549 
 2550 static void
 2551 handshake_timeout(EV_P_ ev_timer *w, int revents)
 2552 {
 2553     (void)loop;
 2554     (void)revents;
 2555     proxystate *ps;
 2556     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 2557     LOGPROXY(ps,"SSL handshake timeout\n");
 2558     shutdown_proxy(ps, SHUTDOWN_HARD);
 2559 }
 2560 
 2561 #define SSLERR(ps, which, log)                      \
 2562     switch (err) {                          \
 2563     case SSL_ERROR_ZERO_RETURN:                 \
 2564         log(ps,"Connection closed by " which "\n");     \
 2565         break;                          \
 2566     case SSL_ERROR_SYSCALL:                     \
 2567         if (errno == 0) {                   \
 2568             log(ps,"Connection closed by " which "\n"); \
 2569         } else {                        \
 2570             log(ps,"SSL socket error (" which "): %s\n",    \
 2571                 strerror(errno));               \
 2572         }                           \
 2573         break;                          \
 2574     default:                            \
 2575         log(ps,"{" which "} Unexpected SSL_read error ("    \
 2576             which "): %d\n", err);              \
 2577     }
 2578 
 2579 /* Handle a socket error condition passed to us from OpenSSL */
 2580 static void
 2581 handle_fatal_ssl_error(proxystate *ps, int err, int backend)
 2582 {
 2583     CHECK_OBJ_NOTNULL(ps, PROXYSTATE_MAGIC);
 2584     if (backend) {
 2585         SSLERR(ps, "backend", ERRPROXY);
 2586     } else {
 2587         SSLERR(ps, "client", LOGPROXY);
 2588     }
 2589     shutdown_proxy(ps, SHUTDOWN_SSL);
 2590 }
 2591 
 2592 /* Read some data from the upstream secure socket via OpenSSL,
 2593  * and buffer anything we get for writing to the backend */
 2594 static void
 2595 ssl_read(struct ev_loop *loop, ev_io *w, int revents)
 2596 {
 2597     (void)revents;
 2598     int t;
 2599     proxystate *ps;
 2600 
 2601     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 2602 
 2603     if (ps->want_shutdown) {
 2604         ev_io_stop(loop, &ps->ev_r_ssl);
 2605         return;
 2606     }
 2607     if (ringbuffer_is_full(&ps->ring_ssl2clear)) {
 2608         ERRPROXY(ps, "attempt to read ssl when ring full");
 2609         ev_io_stop(loop, &ps->ev_r_ssl);
 2610         return;
 2611     }
 2612 
 2613     char *buf = ringbuffer_write_ptr(&ps->ring_ssl2clear);
 2614     t = SSL_read(ps->ssl, buf, ps->ring_ssl2clear.data_len);
 2615 
 2616     /* Fix CVE-2009-3555. Disable reneg if started by client. */
 2617     if (ps->renegotiation) {
 2618         shutdown_proxy(ps, SHUTDOWN_SSL);
 2619         return;
 2620     }
 2621 
 2622     if (t > 0) {
 2623         ringbuffer_write_append(&ps->ring_ssl2clear, t);
 2624         if (ringbuffer_is_full(&ps->ring_ssl2clear))
 2625             ev_io_stop(loop, &ps->ev_r_ssl);
 2626         if (ps->clear_connected)
 2627             safe_enable_io(ps, &ps->ev_w_clear);
 2628     } else {
 2629         int err = SSL_get_error(ps->ssl, t);
 2630         if (err == SSL_ERROR_WANT_WRITE) {
 2631             start_handshake(ps, err);
 2632         } else if (err == SSL_ERROR_WANT_READ) {
 2633             /* NOOP. Incomplete SSL data */
 2634         } else {
 2635             if (err == SSL_ERROR_SSL) {
 2636                 log_ssl_error(ps, "SSL_read error");
 2637             }
 2638             handle_fatal_ssl_error(ps, err,
 2639                 w->fd == ps->fd_up ? 0 : 1);
 2640         }
 2641     }
 2642 }
 2643 
 2644 /* Write some previously-buffered backend data upstream on the
 2645  * secure socket using OpenSSL */
 2646 static void
 2647 ssl_write(struct ev_loop *loop, ev_io *w, int revents)
 2648 {
 2649     (void)revents;
 2650     int t;
 2651     int sz;
 2652     proxystate *ps;
 2653 
 2654     CAST_OBJ_NOTNULL(ps, w->data, PROXYSTATE_MAGIC);
 2655 
 2656     assert(!ringbuffer_is_empty(&ps->ring_clear2ssl));
 2657     char *next = ringbuffer_read_next(&ps->ring_clear2ssl, &sz);
 2658     t = SSL_write(ps->ssl, next, sz);
 2659     if (t > 0) {
 2660         if (t == sz) {
 2661             ringbuffer_read_pop(&ps->ring_clear2ssl);
 2662             if (ps->clear_connected)
 2663                 // can be re-enabled b/c we've popped
 2664                 safe_enable_io(ps, &ps->ev_r_clear);
 2665             if (ringbuffer_is_empty(&ps->ring_clear2ssl)) {
 2666                 if (ps->want_shutdown) {
 2667                     shutdown_proxy(ps, SHUTDOWN_HARD);
 2668                     return;
 2669                 }
 2670                 ev_io_stop(loop, &ps->ev_w_ssl);
 2671             }
 2672         } else {
 2673             ringbuffer_read_skip(&ps->ring_clear2ssl, t);
 2674         }
 2675     } else {
 2676         int err = SSL_get_error(ps->ssl, t);
 2677         if (err == SSL_ERROR_WANT_READ) {
 2678             start_handshake(ps, err);
 2679         } else if (err == SSL_ERROR_WANT_WRITE) {
 2680             /* NOOP. Incomplete SSL data */
 2681         } else {
 2682             if (err == SSL_ERROR_SSL) {
 2683                 log_ssl_error(ps, "SSL_write error");
 2684             } else {
 2685                 LOG("{%s} SSL_write error: %d\n",
 2686                     w->fd == ps->fd_up ? "client" : "backend",
 2687                     err);
 2688             }
 2689             handle_fatal_ssl_error(ps, err,
 2690                 w->fd == ps->fd_up ? 0 : 1);
 2691         }
 2692     }
 2693 }
 2694 
 2695 
 2696 /* libev read handler for the bound sockets.  Socket is accepted,
 2697  * the proxystate is allocated and initalized, and we're off the races
 2698  * connecting to the backend */
 2699 static void
 2700 handle_accept(struct ev_loop *loop, ev_io *w, int revents)
 2701 {
 2702     (void)revents;
 2703     (void)loop;
 2704     struct sockaddr_storage addr;
 2705     sslctx *so;
 2706     struct frontend *fr;
 2707     proxystate *ps;
 2708     socklen_t sl = sizeof(addr);
 2709 
 2710 #if HAVE_ACCEPT4==1
 2711     int client = accept4(w->fd, (struct sockaddr *) &addr, &sl,
 2712         SOCK_NONBLOCK);
 2713 #else
 2714     int client = accept(w->fd, (struct sockaddr *) &addr, &sl);
 2715 #endif
 2716     if (client == -1) {
 2717         switch (errno) {
 2718         case EMFILE:
 2719             ERR("{client} accept() failed; "
 2720                 "too many open files for this process\n");
 2721             break;
 2722 
 2723         case ENFILE:
 2724             ERR("{client} accept() failed; "
 2725                 "too many open files for this system\n");
 2726             break;
 2727 
 2728         default:
 2729             if (errno != EINTR && errno != EWOULDBLOCK &&
 2730                 errno != EAGAIN && errno != ENOTTY &&
 2731                 errno != ECONNABORTED) {
 2732                 SOCKERR("{client} accept() failed");
 2733             }
 2734         }
 2735         return;
 2736     }
 2737 
 2738     int flag = 1;
 2739     int ret = setsockopt(client, IPPROTO_TCP, TCP_NODELAY,
 2740         (char *)&flag, sizeof(flag) );
 2741     if (ret == -1) {
 2742         SOCKERR("Couldn't setsockopt on client (TCP_NODELAY)");
 2743     }
 2744 #ifdef TCP_CWND
 2745     int cwnd = 10;
 2746     ret = setsockopt(client, IPPROTO_TCP, TCP_CWND, &cwnd, sizeof(cwnd));
 2747     if (ret == -1) {
 2748         SOCKERR("Couldn't setsockopt on client (TCP_CWND)");
 2749     }
 2750 #endif
 2751 
 2752 #if HAVE_ACCEPT4==0
 2753     if (setnonblocking(client) < 0) {
 2754         SOCKERR("{client} setnonblocking failed");
 2755         (void) close(client);
 2756         return;
 2757     }
 2758 #endif
 2759 
 2760     settcpkeepalive(client);
 2761 
 2762     ALLOC_OBJ(ps, PROXYSTATE_MAGIC);
 2763     if (ps == NULL) {
 2764         (void)close(client);
 2765         ERR("{malloc-err}: %s\n", strerror(errno));
 2766         return;
 2767     }
 2768 
 2769     ps->backend = backend_ref();
 2770     ps->fd_down = create_back_socket(ps->backend);
 2771     if (ps->fd_down == -1) {
 2772         (void) close(client);
 2773         backend_deref(&ps->backend);
 2774         free(ps);
 2775         ERR("{backend-socket}: %s\n", strerror(errno));
 2776         return;
 2777     }
 2778 
 2779 
 2780     CAST_OBJ_NOTNULL(fr, w->data, FRONTEND_MAGIC);
 2781     if (fr->default_ctx != NULL)
 2782         CAST_OBJ_NOTNULL(so, fr->default_ctx, SSLCTX_MAGIC);
 2783     else
 2784         CAST_OBJ_NOTNULL(so, default_ctx, SSLCTX_MAGIC);
 2785 
 2786     SSL *ssl = SSL_new(so->ctx);
 2787     if (ssl == NULL) {
 2788         (void)close(ps->fd_down);
 2789         (void)close(client);
 2790         backend_deref(&ps->backend);
 2791         free(ps);
 2792         ERR("{SSL_new}: %s\n", strerror(errno));
 2793         return;
 2794     }
 2795 
 2796     long mode = SSL_MODE_ENABLE_PARTIAL_WRITE;
 2797 #ifdef SSL_MODE_RELEASE_BUFFERS
 2798     mode |= SSL_MODE_RELEASE_BUFFERS;
 2799 #endif
 2800     SSL_set_mode(ssl, mode);
 2801     SSL_set_accept_state(ssl);
 2802     SSL_set_fd(ssl, client);
 2803 
 2804     ps->fd_up = client;
 2805     ps->ssl = ssl;
 2806     ps->want_shutdown = 0;
 2807     ps->clear_connected = 0;
 2808     ps->handshaked = 0;
 2809     ps->renegotiation = 0;
 2810     ps->remote_ip = addr;
 2811     ps->connect_port = 0;
 2812 
 2813     ringbuffer_init(&ps->ring_clear2ssl, CONFIG->RING_SLOTS,
 2814         CONFIG->RING_DATA_LEN);
 2815     ringbuffer_init(&ps->ring_ssl2clear, CONFIG->RING_SLOTS,
 2816         CONFIG->RING_DATA_LEN);
 2817 
 2818     /* set up events */
 2819     ev_io_init(&ps->ev_r_ssl, ssl_read, client, EV_READ);
 2820     ev_io_init(&ps->ev_w_ssl, ssl_write, client, EV_WRITE);
 2821 
 2822     ev_io_init(&ps->ev_r_handshake, client_handshake, client, EV_READ);
 2823     ev_io_init(&ps->ev_w_handshake, client_handshake, client, EV_WRITE);
 2824     ev_timer_init(&ps->ev_t_handshake, handshake_timeout,
 2825         CONFIG->SSL_HANDSHAKE_TIMEOUT, 0.);
 2826 
 2827     ev_io_init(&ps->ev_proxy, client_proxy_proxy, client, EV_READ);
 2828     ev_io_init(&ps->ev_w_connect, handle_connect, ps->fd_down, EV_WRITE);
 2829     ev_timer_init(&ps->ev_t_connect, connect_timeout,
 2830         CONFIG->BACKEND_CONNECT_TIMEOUT, 0.);
 2831 
 2832     ev_io_init(&ps->ev_w_clear, clear_write, ps->fd_down, EV_WRITE);
 2833     ev_io_init(&ps->ev_r_clear, clear_read, ps->fd_down, EV_READ);
 2834 
 2835     ps->ev_r_ssl.data = ps;
 2836     ps->ev_w_ssl.data = ps;
 2837     ps->ev_r_clear.data = ps;
 2838     ps->ev_w_clear.data = ps;
 2839     ps->ev_proxy.data = ps;
 2840     ps->ev_w_connect.data = ps;
 2841     ps->ev_t_connect.data = ps;
 2842     ps->ev_r_handshake.data = ps;
 2843     ps->ev_w_handshake.data = ps;
 2844     ps->ev_t_handshake.data = ps;
 2845 
 2846     /* Link back proxystate to SSL state */
 2847     SSL_set_app_data(ssl, ps);
 2848 
 2849     n_conns++;
 2850 
 2851     LOGPROXY(ps, "proxy connect\n");
 2852     if (CONFIG->PROXY_PROXY_LINE) {
 2853         ev_io_start(loop, &ps->ev_proxy);
 2854     } else {
 2855         /* for client-first handshake */
 2856         start_handshake(ps, SSL_ERROR_WANT_READ);
 2857     }
 2858 }
 2859 
 2860 
 2861 static void
 2862 check_ppid(struct ev_loop *loop, ev_timer *w, int revents)
 2863 {
 2864     struct frontend *fr;
 2865     struct listen_sock *ls;
 2866     (void)revents;
 2867     pid_t ppid = getppid();
 2868     if (ppid != master_pid) {
 2869         ERR("{core} Process %d detected parent death, "
 2870             "closing listener sockets.\n", core_id);
 2871         ev_timer_stop(loop, w);
 2872         VTAILQ_FOREACH(fr, &frontends, list) {
 2873             CHECK_OBJ_NOTNULL(fr, FRONTEND_MAGIC);
 2874             VTAILQ_FOREACH(ls, &fr->socks, list) {
 2875                 CHECK_OBJ_NOTNULL(ls, LISTEN_SOCK_MAGIC);
 2876                 ev_io_stop(loop, &ls->listener);
 2877                 close(ls->sock);
 2878             }
 2879         }
 2880     }
 2881 }
 2882 
 2883 static const void *
 2884 Get_Sockaddr(const struct sockaddr *sa, socklen_t *sl)
 2885 {
 2886     AN(sa);
 2887     AN(sl);
 2888 
 2889     switch (sa->sa_family) {
 2890     case PF_INET:
 2891         *sl = sizeof(struct sockaddr_in);
 2892         break;
 2893     case PF_INET6:
 2894         *sl = sizeof(struct sockaddr_in6);
 2895         break;
 2896     case PF_UNIX:
 2897         *sl = sizeof(struct sockaddr_un);
 2898         break;
 2899     default:
 2900         *sl = 0;
 2901         return (NULL);
 2902     }
 2903     return (sa);
 2904 }
 2905 
 2906 static void
 2907 handle_mgt_rd(struct ev_loop *loop, ev_io *w, int revents)
 2908 {
 2909     ssize_t r;
 2910     struct frontend *fr;
 2911     struct listen_sock *ls;
 2912     struct worker_update wu;
 2913 
 2914     (void) revents;
 2915     r = read(w->fd, &wu, sizeof(wu));
 2916     if (r  == -1) {
 2917         if (errno == EWOULDBLOCK || errno == EAGAIN)
 2918             return;
 2919         LOGL("Error in mgt->worker read operation. "
 2920             "Restarting process.");
 2921         /* If something went wrong here, the process will be
 2922          * left in utter limbo as to whether it should keep
 2923          * running or not. Kill the process and let the mgt
 2924          * process start it back up. */
 2925         _exit(1);
 2926     } else if (r == 0) {
 2927         /* Parent died .. */
 2928         _exit(1);
 2929     }
 2930 
 2931     if (wu.type == WORKER_GEN && wu.payload.gen != worker_gen) {
 2932         /* This means this process has reached its retirement age. */
 2933         if (worker_state == WORKER_EXITING)
 2934             return;
 2935         worker_state = WORKER_EXITING;
 2936 
 2937         /* Stop accepting new connections. */
 2938         VTAILQ_FOREACH(fr, &frontends, list) {
 2939             CHECK_OBJ_NOTNULL(fr, FRONTEND_MAGIC);
 2940             VTAILQ_FOREACH(ls, &fr->socks, list) {
 2941                 CHECK_OBJ_NOTNULL(ls, LISTEN_SOCK_MAGIC);
 2942                 ev_io_stop(loop, &ls->listener);
 2943                 close(ls->sock);
 2944             }
 2945         }
 2946 
 2947         check_exit_state();
 2948 
 2949         LOGL("Worker %d (gen: %d): State %s\n", core_id, worker_gen,
 2950         (worker_state == WORKER_EXITING) ? "EXITING" : "ACTIVE");
 2951     } else if (wu.type == WORKER_GEN && wu.payload.gen == worker_gen) {
 2952         return;
 2953     } else if (wu.type == BACKEND_REFRESH) {
 2954         struct backend *b;
 2955         b = backend_create((struct sockaddr *)&wu.payload.addr);
 2956         backend_deref(&backaddr);
 2957         backaddr = b;
 2958         AN(VSA_Sane(backaddr->backaddr));
 2959     } else
 2960         WRONG("Invalid worker update state");
 2961 }
 2962 
 2963 static void
 2964 handle_clear_accept(struct ev_loop *loop, ev_io *w, int revents)
 2965 {
 2966     (void)revents;
 2967     (void)loop;
 2968     struct sockaddr_storage addr;
 2969     struct frontend *fr;
 2970     sslctx *so;
 2971     proxystate *ps;
 2972     socklen_t sl = sizeof(addr);
 2973     int client = accept(w->fd, (struct sockaddr *) &addr, &sl);
 2974     if (client == -1) {
 2975         switch (errno) {
 2976         case EMFILE:
 2977             ERR("{client} accept() failed; "
 2978                 "too many open files for this process\n");
 2979             break;
 2980 
 2981         case ENFILE:
 2982             ERR("{client} accept() failed; "
 2983                 "too many open files for this system\n");
 2984             break;
 2985 
 2986         default:
 2987             if (errno != EINTR && errno != EWOULDBLOCK &&
 2988                 errno != EAGAIN && errno != ECONNABORTED) {
 2989                 SOCKERR("{client} accept() failed");
 2990             }
 2991             break;
 2992         }
 2993         return;
 2994     }
 2995 
 2996     int flag = 1;
 2997     int ret = setsockopt(client, IPPROTO_TCP, TCP_NODELAY,
 2998         (char *)&flag, sizeof(flag) );
 2999     if (ret == -1) {
 3000         ERR("Couldn't setsockopt on client (TCP_NODELAY): %s\n",
 3001             strerror(errno));
 3002     }
 3003 #ifdef TCP_CWND
 3004     int cwnd = 10;
 3005     ret = setsockopt(client, IPPROTO_TCP, TCP_CWND, &cwnd, sizeof(cwnd));
 3006     if (ret == -1) {
 3007         ERR("Couldn't setsockopt on client (TCP_CWND): %s\n",
 3008             strerror(errno));
 3009     }
 3010 #endif
 3011 
 3012     if (setnonblocking(client)) {
 3013         SOCKERR("{client} setnonblocking failed");
 3014         (void) close(client);
 3015         return;
 3016     }
 3017 
 3018     settcpkeepalive(client);
 3019 
 3020     ALLOC_OBJ(ps, PROXYSTATE_MAGIC);
 3021     ps->backend = backend_ref();
 3022     ps->fd_down = create_back_socket(ps->backend);
 3023     if (ps->fd_down == -1) {
 3024         backend_deref(&ps->backend);
 3025         close(client);
 3026         free(ps);
 3027         ERR("{backend-socket}: %s\n", strerror(errno));
 3028         return;
 3029     }
 3030 
 3031     CAST_OBJ_NOTNULL(fr, w->data, FRONTEND_MAGIC);
 3032     if (fr->default_ctx != NULL)
 3033         CAST_OBJ_NOTNULL(so, fr->default_ctx, SSLCTX_MAGIC);
 3034     else
 3035         CAST_OBJ_NOTNULL(so, default_ctx, SSLCTX_MAGIC);
 3036     SSL *ssl = SSL_new(so->ctx);
 3037     long mode = SSL_MODE_ENABLE_PARTIAL_WRITE;
 3038 #ifdef SSL_MODE_RELEASE_BUFFERS
 3039     mode |= SSL_MODE_RELEASE_BUFFERS;
 3040 #endif
 3041     SSL_set_mode(ssl, mode);
 3042     SSL_set_connect_state(ssl);
 3043     SSL_set_fd(ssl, ps->fd_down);
 3044     if (client_session)
 3045         SSL_set_session(ssl, client_session);
 3046 
 3047     ps->fd_up = client;
 3048     ps->ssl = ssl;
 3049     ps->want_shutdown = 0;
 3050     ps->clear_connected = 1;
 3051     ps->handshaked = 0;
 3052     ps->renegotiation = 0;
 3053     ps->remote_ip = addr;
 3054     ringbuffer_init(&ps->ring_clear2ssl, CONFIG->RING_SLOTS,
 3055         CONFIG->RING_DATA_LEN);
 3056     ringbuffer_init(&ps->ring_ssl2clear, CONFIG->RING_SLOTS,
 3057         CONFIG->RING_DATA_LEN);
 3058 
 3059     /* set up events */
 3060     ev_io_init(&ps->ev_r_clear, clear_read, client, EV_READ);
 3061     ev_io_init(&ps->ev_w_clear, clear_write, client, EV_WRITE);
 3062 
 3063     ev_io_init(&ps->ev_w_connect, handle_connect, ps->fd_down, EV_WRITE);
 3064     ev_timer_init(&ps->ev_t_connect, connect_timeout,
 3065         CONFIG->BACKEND_CONNECT_TIMEOUT, 0.);
 3066 
 3067     ev_io_init(&ps->ev_r_handshake, client_handshake,
 3068         ps->fd_down, EV_READ);
 3069     ev_io_init(&ps->ev_w_handshake, client_handshake,
 3070         ps->fd_down, EV_WRITE);
 3071     ev_timer_init(&ps->ev_t_handshake, handshake_timeout,
 3072         CONFIG->SSL_HANDSHAKE_TIMEOUT, 0.);
 3073 
 3074     ev_io_init(&ps->ev_w_ssl, ssl_write, ps->fd_down, EV_WRITE);
 3075     ev_io_init(&ps->ev_r_ssl, ssl_read, ps->fd_down, EV_READ);
 3076 
 3077     ps->ev_r_ssl.data = ps;
 3078     ps->ev_w_ssl.data = ps;
 3079     ps->ev_r_clear.data = ps;
 3080     ps->ev_w_clear.data = ps;
 3081     ps->ev_w_connect.data = ps;
 3082     ps->ev_r_handshake.data = ps;
 3083     ps->ev_w_handshake.data = ps;
 3084     ps->ev_t_handshake.data = ps;
 3085 
 3086     /* Link back proxystate to SSL state */
 3087     SSL_set_app_data(ssl, ps);
 3088 
 3089     n_conns++;
 3090 
 3091     ev_io_start(loop, &ps->ev_r_clear);
 3092     start_connect(ps); /* start connect */
 3093 }
 3094 
 3095 /* Set up the child (worker) process including libev event loop, read event
 3096  * on the bound sockets, etc */
 3097 static void
 3098 handle_connections(int mgt_fd)
 3099 {
 3100     struct frontend *fr;
 3101     sslctx *sc, *sctmp;
 3102     struct listen_sock *ls;
 3103     struct sigaction sa;
 3104 
 3105     worker_state = WORKER_ACTIVE;
 3106     LOGL("{core} Process %d online\n", core_id);
 3107 
 3108     /* child cannot create new children... */
 3109     create_workers = 0;
 3110 
 3111     /* nor can they handle SIGHUP */
 3112     sa.sa_flags = 0;
 3113     sa.sa_handler = SIG_IGN;
 3114     sigemptyset(&sa.sa_mask);
 3115     AZ(sigaction(SIGHUP, &sa, NULL));
 3116 
 3117 #if defined(CPU_ZERO) && defined(CPU_SET)
 3118     cpu_set_t cpus;
 3119 
 3120     CPU_ZERO(&cpus);
 3121     CPU_SET(core_id, &cpus);
 3122 
 3123     int res = sched_setaffinity(0, sizeof(cpus), &cpus);
 3124     if (!res)
 3125         LOG("{core} Successfully attached to CPU #%d\n", core_id);
 3126     else
 3127         ERR("{core-warning} Unable to attach to CPU #%d; "
 3128             "do you have that many cores?\n", core_id);
 3129 #endif
 3130 
 3131     loop = ev_default_loop(EVFLAG_AUTO);
 3132 
 3133     ev_timer timer_ppid_check;
 3134     ev_timer_init(&timer_ppid_check, check_ppid, 1.0, 1.0);
 3135     ev_timer_start(loop, &timer_ppid_check);
 3136 
 3137     VTAILQ_FOREACH(fr, &frontends, list) {
 3138         VTAILQ_FOREACH(ls, &fr->socks, list) {
 3139             ev_io_init(&ls->listener,
 3140                 (CONFIG->PMODE == SSL_CLIENT) ?
 3141                 handle_clear_accept : handle_accept,
 3142                 ls->sock, EV_READ);
 3143             ls->listener.data = fr;
 3144             ev_io_start(loop, &ls->listener);
 3145         }
 3146     }
 3147 
 3148     if (CONFIG->OCSP_DIR != NULL) {
 3149         HASH_ITER(hh, ssl_ctxs, sc, sctmp) {
 3150             if (sc->ev_staple)
 3151                 ev_stat_start(loop, sc->ev_staple);
 3152         }
 3153 
 3154         VTAILQ_FOREACH(fr, &frontends, list) {
 3155             HASH_ITER(hh, fr->ssl_ctxs, sc, sctmp) {
 3156                 if (sc->ev_staple)
 3157                     ev_stat_start(loop, sc->ev_staple);
 3158             }
 3159         }
 3160 
 3161         if (default_ctx != NULL && default_ctx->ev_staple != NULL)
 3162             ev_stat_start(loop, default_ctx->ev_staple);
 3163     }
 3164 
 3165     AZ(setnonblocking(mgt_fd));
 3166     ev_io_init(&mgt_rd, handle_mgt_rd, mgt_fd, EV_READ);
 3167     ev_io_start(loop, &mgt_rd);
 3168 
 3169     ev_loop(loop, 0);
 3170     ERR("Worker %d (gen: %d) exiting.\n", core_id, worker_gen);
 3171     _exit(1);
 3172 }
 3173 
 3174 
 3175 /*
 3176    OCSP requestor process.
 3177 */
 3178 static void
 3179 handle_ocsp_task(void) {
 3180     struct frontend *fr;
 3181     struct listen_sock *ls;
 3182     sslctx *sc, *sctmp;
 3183     ev_timer timer_ppid_check;
 3184 
 3185     /* we don't accept incoming connections for this process.  */
 3186     VTAILQ_FOREACH(fr, &frontends, list) {
 3187         CHECK_OBJ_NOTNULL(fr, FRONTEND_MAGIC);
 3188         VTAILQ_FOREACH(ls, &fr->socks, list) {
 3189             CHECK_OBJ_NOTNULL(ls, LISTEN_SOCK_MAGIC);
 3190             ev_io_stop(loop, &ls->listener);
 3191             close(ls->sock);
 3192         }
 3193     }
 3194 
 3195     (void) umask(027);
 3196     loop = ev_default_loop(EVFLAG_AUTO);
 3197 
 3198     /* Create ocspquery work items for any eligible ocsp queries */
 3199 
 3200     HASH_ITER(hh, ssl_ctxs, sc, sctmp) {
 3201         HOCSP_mktask(sc, NULL, -1.0);
 3202     }
 3203 
 3204     VTAILQ_FOREACH(fr, &frontends, list) {
 3205         HASH_ITER(hh, fr->ssl_ctxs, sc, sctmp) {
 3206             HOCSP_mktask(sc, NULL, -1.0);
 3207         }
 3208     }
 3209 
 3210     if (default_ctx != NULL)
 3211         HOCSP_mktask(default_ctx, NULL, -1.0);
 3212 
 3213     ev_timer_init(&timer_ppid_check, check_ppid, 1.0, 1.0);
 3214     ev_timer_start(loop, &timer_ppid_check);
 3215 
 3216     ev_loop(loop, 0);
 3217 
 3218     _exit(0);
 3219 }
 3220 
 3221 void
 3222 change_root()
 3223 {
 3224     if (chroot(CONFIG->CHROOT) == -1)
 3225         fail("chroot");
 3226     if (chdir("/"))
 3227         fail("chdir");
 3228 }
 3229 
 3230 void
 3231 drop_privileges(void)
 3232 {
 3233 
 3234     if (geteuid() == 0) {
 3235         if (CONFIG->UID >= 0)
 3236             AZ(setgroups(0, NULL));
 3237         if (CONFIG->GID >= 0)
 3238             AZ(setgid(CONFIG->GID));
 3239         if (CONFIG->UID >= 0)
 3240             AZ(setuid(CONFIG->UID));
 3241     } else {
 3242         LOG("{core} Not running as root, no priv-sep\n");
 3243     }
 3244 
 3245     /* On Linux >= 2.4, you need to set the dumpable flag
 3246        to get core dumps after you have done a setuid. */
 3247 
 3248 #ifdef __linux__
 3249     if (prctl(PR_SET_DUMPABLE, 1) != 0)
 3250         LOG("Could not set dumpable bit.  Core dumps turned off\n");
 3251 #endif
 3252 }
 3253 
 3254 static int
 3255 verify_privileges(void)
 3256 {
 3257     if (geteuid() == 0 &&
 3258         !(CONFIG->UID == 0 && CONFIG->GID == 0)) {
 3259         ERR("{core} ERROR: "
 3260             "Refusing to run workers as root, "
 3261             "unless user and group is explicitly set"
 3262             " to root.\n");
 3263         return (0);
 3264     }
 3265     return (1);
 3266 }
 3267 
 3268 static int
 3269 backaddr_init_uds(void)
 3270 {
 3271     struct sockaddr_un sun;
 3272     struct backend *b;
 3273     int l;
 3274 
 3275     if (backaddr != NULL)
 3276         /* Already configured - we don't refresh UDS addresses. */
 3277         return (0);
 3278 
 3279     AN(CONFIG->BACK_PATH);
 3280     memset(&sun, 0, sizeof sun);
 3281     sun.sun_family = PF_UNIX;
 3282     l = snprintf(sun.sun_path, sizeof(sun.sun_path), "%s",
 3283         CONFIG->BACK_PATH);
 3284     /* the length of BACK_PATH is verified to fit into
 3285      * sun.sun_path in configuration.c */
 3286     assert(l < (int)sizeof(sun.sun_path));
 3287 
 3288     b = backend_create((struct sockaddr *)&sun);
 3289     backaddr = b;
 3290 
 3291     return (0);
 3292 }
 3293 
 3294 static int
 3295 backaddr_init(void) {
 3296     struct addrinfo *result;
 3297     struct addrinfo hints;
 3298     struct backend *b;
 3299 
 3300     if (CONFIG->BACK_PATH)
 3301         return (backaddr_init_uds());
 3302 
 3303     memset(&hints, 0, sizeof hints);
 3304     hints.ai_family = AF_UNSPEC;
 3305     hints.ai_socktype = SOCK_STREAM;
 3306     hints.ai_flags = 0;
 3307     const int gai_err = getaddrinfo(CONFIG->BACK_IP, CONFIG->BACK_PORT,
 3308         &hints, &result);
 3309     if (gai_err != 0) {
 3310         ERR("{getaddrinfo-backend}: %s\n", gai_strerror(gai_err));
 3311         exit(1);
 3312     }
 3313 
 3314     b = backend_create(result->ai_addr);
 3315     freeaddrinfo(result);
 3316 
 3317     if (backaddr == NULL) {
 3318         backaddr = b;
 3319         return (1);
 3320     }
 3321 
 3322     if (VSA_Compare(backaddr->backaddr, b->backaddr) != 0) {
 3323         free(backaddr);
 3324         backaddr = b;
 3325         return (1);
 3326     }
 3327 
 3328     backend_deref(&b);
 3329     AZ(b);
 3330 
 3331     return (0);
 3332 }
 3333 
 3334 void
 3335 init_globals(void)
 3336 {
 3337     struct addrinfo hints;
 3338 
 3339     VTAILQ_INIT(&frontends);
 3340     VTAILQ_INIT(&worker_procs);
 3341 
 3342     backaddr_init();
 3343 
 3344     (void)hints;
 3345 
 3346 #ifdef USE_SHARED_CACHE
 3347     if (CONFIG->SHARED_CACHE) {
 3348         /* cache update peers addresses */
 3349         shcupd_peer_opt *spo = CONFIG->SHCUPD_PEERS;
 3350         struct addrinfo **pai = shcupd_peers;
 3351 
 3352         while (spo->ip) {
 3353             memset(&hints, 0, sizeof hints);
 3354             hints.ai_family = AF_UNSPEC;
 3355             hints.ai_socktype = SOCK_DGRAM;
 3356             hints.ai_flags = 0;
 3357             const int gai_err = getaddrinfo(spo->ip,
 3358                 spo->port ? spo->port : CONFIG->SHCUPD_PORT,
 3359                 &hints, pai);
 3360             if (gai_err != 0) {
 3361                 ERR("{getaddrinfo}: %s\n",
 3362                     gai_strerror(gai_err));
 3363                 exit(1);
 3364             }
 3365             spo++;
 3366             pai++;
 3367         }
 3368     }
 3369 #endif
 3370     if (CONFIG->SYSLOG)
 3371         openlog("hitch", LOG_CONS | LOG_PID | LOG_NDELAY,
 3372             CONFIG->SYSLOG_FACILITY);
 3373 }
 3374 
 3375 /* Forks COUNT children starting with START_INDEX.  We keep a struct
 3376  * child_proc per child so the parent can manage it later. */
 3377 void
 3378 start_workers(int start_index, int count)
 3379 {
 3380     struct worker_proc *c;
 3381     struct frontend *fr;
 3382     int pfd[2];
 3383 
 3384     /* don't do anything if we're not allowed to create new workers */
 3385     if (!create_workers)
 3386         return;
 3387 
 3388     for (core_id = start_index;
 3389         core_id < start_index + count; core_id++) {
 3390         ALLOC_OBJ(c, WORKER_PROC_MAGIC);
 3391         AZ(pipe(pfd));
 3392         c->pfd = pfd[1];
 3393         c->gen = worker_gen;
 3394         c->pid = fork();
 3395         c->core_id = core_id;
 3396         if (c->pid == -1) {
 3397             ERR("{core} fork() failed: %s; Goodbye cruel world!\n",
 3398                 strerror(errno));
 3399             exit(1);
 3400         } else if (c->pid == 0) { /* child */
 3401             close(pfd[1]);
 3402             FREE_OBJ(c);
 3403             VTAILQ_FOREACH(fr, &frontends, list) {
 3404                 CHECK_OBJ_NOTNULL(fr->arg, FRONT_ARG_MAGIC);
 3405                 assert(frontend_listen(fr->arg, fr) > 0);
 3406             }
 3407             if (CONFIG->CHROOT && CONFIG->CHROOT[0])
 3408                 change_root();
 3409             if (CONFIG->UID >= 0 || CONFIG->GID >= 0)
 3410                 drop_privileges();
 3411             if (!verify_privileges())
 3412                 _exit(1);
 3413             handle_connections(pfd[0]);
 3414             exit(0);
 3415         } else { /* parent. Track new child. */
 3416             close(pfd[0]);
 3417             VTAILQ_INSERT_TAIL(&worker_procs, c, list);
 3418         }
 3419     }
 3420 }
 3421 
 3422 void
 3423 start_ocsp_proc(void)
 3424 {
 3425     ocsp_proc_pid = fork();
 3426 
 3427     if (ocsp_proc_pid == -1) {
 3428         ERR("{core}: fork() failed: %s: Exiting.\n", strerror(errno));
 3429         exit(1);
 3430     } else if (ocsp_proc_pid == 0) {
 3431         if (CONFIG->UID >= 0 || CONFIG->GID >= 0)
 3432             drop_privileges();
 3433         if (!verify_privileges())
 3434             _exit(1);
 3435         handle_ocsp_task();
 3436     }
 3437 
 3438     /* child proc should never return. */
 3439     AN(ocsp_proc_pid);
 3440 }
 3441 
 3442 
 3443 /* Forks a new child to replace the old, dead, one with the given PID.*/
 3444 void
 3445 replace_child_with_pid(pid_t pid)
 3446 {
 3447     struct worker_proc *c, *cp;
 3448 
 3449     /* find old child's slot and put a new child there */
 3450     VTAILQ_FOREACH_SAFE(c, &worker_procs, list, cp) {
 3451         if (c->pid == pid) {
 3452             VTAILQ_REMOVE(&worker_procs, c, list);
 3453             /* Only replace if it matches current generation. */
 3454             if (c->gen == worker_gen)
 3455                 start_workers(c->core_id, 1);
 3456             FREE_OBJ(c);
 3457             return;
 3458         }
 3459     }
 3460 
 3461     ERR("Cannot find index for child pid %d", pid);
 3462 }
 3463 
 3464 /* Manage status changes in child processes */
 3465 static void
 3466 do_wait(void)
 3467 {
 3468     struct worker_proc *c, *ctmp;
 3469     int status;
 3470     int pid;
 3471 
 3472 #define WAIT_PID(p, action) do {                    \
 3473     pid = waitpid(p, &status, WNOHANG);             \
 3474     if (pid == 0) {                         \
 3475         /* child has not exited */              \
 3476         break;                          \
 3477     }                               \
 3478     else if (pid == -1) {                       \
 3479         if (errno == EINTR)                 \
 3480             ERR("{core} Interrupted waitpid\n");        \
 3481         else                            \
 3482             fail("waitpid");                \
 3483     } else {                            \
 3484         if (WIFEXITED(status)) {                \
 3485             ERR("{core} Child %d exited with status %d.\n", \
 3486                 pid, WEXITSTATUS(status));          \
 3487             action;                     \
 3488         } else if (WIFSIGNALED(status)) {           \
 3489             ERR("{core} Child %d was terminated by "    \
 3490                 "signal %d.\n", pid, WTERMSIG(status)); \
 3491             action;                     \
 3492         }                           \
 3493     }                               \
 3494     } while (0)
 3495 
 3496     VTAILQ_FOREACH_SAFE(c, &worker_procs, list, ctmp) {
 3497         WAIT_PID(c->pid, replace_child_with_pid(pid));
 3498     }
 3499 
 3500     /* also check if the ocsp worker killed itself */
 3501     if (ocsp_proc_pid != 0)
 3502         WAIT_PID(ocsp_proc_pid,
 3503             if (CONFIG->OCSP_DIR) {
 3504                 start_ocsp_proc();
 3505             } else {
 3506                 ocsp_proc_pid = 0;
 3507             });
 3508 }
 3509 
 3510 static void
 3511 sigchld_handler(int signum)
 3512 {
 3513     assert(signum == SIGCHLD);
 3514     n_sigchld++;
 3515 }
 3516 
 3517 
 3518 static void
 3519 sigh_terminate (int __attribute__ ((unused)) signo)
 3520 {
 3521     struct worker_proc *c;
 3522     /* don't create any more children */
 3523     create_workers = 0;
 3524 
 3525     /* are we the master? */
 3526     if (getpid() == master_pid) {
 3527         LOGL("{core} Received signal %d, shutting down.\n", signo);
 3528 
 3529         /* kill all children */
 3530         VTAILQ_FOREACH(c, &worker_procs, list) {
 3531             /* LOG("Stopping worker pid %d.\n", c->pid); */
 3532             if (c->pid > 1 &&
 3533                 kill(c->pid, SIGTERM) != 0) {
 3534                 ERR("{core} Unable to send SIGTERM to worker "
 3535                     "pid %d: %s\n", c->pid,
 3536                     strerror(errno));
 3537             }
 3538         }
 3539 
 3540         if (ocsp_proc_pid != 0)
 3541             kill(ocsp_proc_pid, SIGTERM);
 3542     }
 3543 
 3544     /* this is it, we're done... */
 3545     exit(0);
 3546 }
 3547 
 3548 static void
 3549 sighup_handler(int signum)
 3550 {
 3551     assert(signum == SIGHUP);
 3552     n_sighup++;
 3553 }
 3554 
 3555 static void
 3556 init_signals()
 3557 {
 3558     struct sigaction act;
 3559 
 3560     sigemptyset(&act.sa_mask);
 3561     act.sa_flags = 0;
 3562     act.sa_handler = SIG_IGN;
 3563 
 3564     /* Avoid getting PIPE signal when writing to a closed file descriptor */
 3565     if (sigaction(SIGPIPE, &act, NULL) < 0)
 3566         fail("sigaction - sigpipe");
 3567 
 3568     /* We don't care if someone stops and starts a child process
 3569      * with kill (1) */
 3570     act.sa_flags = SA_NOCLDSTOP;
 3571     act.sa_handler = sigchld_handler;
 3572 
 3573     /* We do care when child processes change status */
 3574     if (sigaction(SIGCHLD, &act, NULL) < 0)
 3575         fail("sigaction - sigchld");
 3576 
 3577     /* catch INT and TERM signals */
 3578     act.sa_flags = 0;
 3579     act.sa_handler = sigh_terminate;
 3580     if (sigaction(SIGINT, &act, NULL) < 0) {
 3581         ERR("Unable to register SIGINT signal handler: %s\n",
 3582             strerror(errno));
 3583         exit(1);
 3584     }
 3585     if (sigaction(SIGTERM, &act, NULL) < 0) {
 3586         ERR("Unable to register SIGTERM signal handler: %s\n",
 3587             strerror(errno));
 3588         exit(1);
 3589     }
 3590 
 3591     act.sa_handler = sighup_handler;
 3592     if (sigaction(SIGHUP, &act, NULL) != 0) {
 3593         ERR("Unable to register SIGHUP signal handler: %s\n",
 3594             strerror(errno));
 3595         exit(1);
 3596     }
 3597 
 3598 }
 3599 
 3600 static void
 3601 openssl_check_version()
 3602 {
 3603     /* detect OpenSSL version in runtime */
 3604     long openssl_version = SSLeay();
 3605 
 3606     /* check if we're running the same openssl that we were */
 3607     /* compiled with */
 3608     if ((openssl_version ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
 3609         ERR(
 3610             "WARNING: {core} OpenSSL version mismatch; "
 3611                 "hitch was compiled with %lx, now using %lx.\n",
 3612             (unsigned long int)OPENSSL_VERSION_NUMBER,
 3613             (unsigned long int)openssl_version
 3614         );
 3615         /* now what? exit now? */
 3616         /* exit(1); */
 3617     }
 3618 
 3619     LOG("{core} Using OpenSSL version %lx.\n",
 3620         (unsigned long int)openssl_version);
 3621 }
 3622 
 3623 
 3624 static void
 3625 remove_pfh(void)
 3626 {
 3627     if (pfh && master_pid == getpid()) {
 3628         VPF_Remove(pfh);
 3629     }
 3630 }
 3631 
 3632 struct cfg_tpc_obj;
 3633 
 3634 enum cfg_tpc_type {
 3635     CFG_FRONTEND,
 3636     CFG_CERT
 3637 
 3638     /* ... */
 3639 };
 3640 
 3641 /* Commit/rollback handling:
 3642    - KEEP:
 3643     - commit: reuse
 3644     - rollback: do nothing
 3645    - NEW:
 3646     - commit: use as new
 3647     - rollback: drop
 3648 
 3649    - DROP:
 3650     - commit: drop
 3651     - rollback: do nothing
 3652  */
 3653 enum cfg_tpc_handling {
 3654     CFG_TPC_KEEP,
 3655     CFG_TPC_NEW,
 3656     CFG_TPC_DROP
 3657 };
 3658 
 3659 typedef void cfg_tpc_rollback_f(struct cfg_tpc_obj *o);
 3660 typedef void cfg_tpc_commit_f(struct cfg_tpc_obj *o);
 3661 
 3662 struct cfg_tpc_obj {
 3663     unsigned        magic;
 3664 #define CFG_TPC_OBJ_MAGIC   0xd6953e5f
 3665     enum cfg_tpc_type   type;
 3666     enum cfg_tpc_handling   handling;
 3667     void            *p[2];
 3668     cfg_tpc_rollback_f  *rollback;
 3669     cfg_tpc_commit_f    *commit;
 3670     VTAILQ_ENTRY(cfg_tpc_obj) list;
 3671 };
 3672 
 3673 VTAILQ_HEAD(cfg_tpc_obj_head, cfg_tpc_obj);
 3674 
 3675 static struct cfg_tpc_obj *
 3676 make_cfg_obj(enum cfg_tpc_type type, enum cfg_tpc_handling handling,
 3677     void *priv0, void *priv1, cfg_tpc_rollback_f *rollback,
 3678     cfg_tpc_commit_f *commit)
 3679 {
 3680     struct cfg_tpc_obj *o;
 3681 
 3682     ALLOC_OBJ(o, CFG_TPC_OBJ_MAGIC);
 3683     AN(o);
 3684     o->type = type;
 3685     o->handling = handling;
 3686     o->p[0] = priv0;
 3687     o->p[1] = priv1;
 3688     o->rollback = rollback;
 3689     o->commit = commit;
 3690 
 3691     return (o);
 3692 }
 3693 
 3694 static void
 3695 frontend_rollback(struct cfg_tpc_obj *o)
 3696 {
 3697     struct frontend *fr;
 3698 
 3699     if (o->handling == CFG_TPC_NEW) {
 3700         CAST_OBJ_NOTNULL(fr, o->p[0], FRONTEND_MAGIC);
 3701         destroy_frontend(fr);
 3702     }
 3703 
 3704     /* KEEP/DROP: ignore */
 3705 }
 3706 
 3707 static void
 3708 frontend_commit(struct cfg_tpc_obj *o)
 3709 {
 3710     struct frontend *fr;
 3711     sslctx *sc;
 3712     CAST_OBJ_NOTNULL(fr, o->p[0], FRONTEND_MAGIC);
 3713 
 3714     switch (o->handling) {
 3715     case CFG_TPC_NEW:
 3716         VTAILQ_INSERT_TAIL(&frontends, fr, list);
 3717         /* FALL-THROUGH */
 3718     case CFG_TPC_KEEP:
 3719         if (o->p[1]) {
 3720             CAST_OBJ_NOTNULL(sc, o->p[1], SSLCTX_MAGIC);
 3721             /* fr->sctx = sc; */
 3722         }
 3723         break;
 3724     case CFG_TPC_DROP:
 3725         VTAILQ_REMOVE(&frontends, fr, list);
 3726         destroy_frontend(fr);
 3727         break;
 3728     }
 3729 }
 3730 
 3731 static void cert_rollback(struct cfg_tpc_obj *o);
 3732 static void cert_commit(struct cfg_tpc_obj *o);
 3733 
 3734 // Is this incorrectly named?
 3735 static int
 3736 ocsp_cfg_changed(const struct cfg_cert_file *cf, const sslctx *sc)
 3737 {
 3738     if (sc->staple != NULL && cf->ocspfn == NULL)
 3739         return (1);     /* Dropped OCSP definition */
 3740 
 3741     if (sc->staple == NULL && cf->ocspfn != NULL)
 3742         return (1);     /* Added OCSP definition */
 3743 
 3744     if (sc->staple != NULL && cf->ocspfn != NULL) {
 3745         if (strcmp(sc->staple_fn, cf->ocspfn) != 0
 3746             || sc->staple->mtim < cf->ocsp_mtim)
 3747             return (1); /* Updated */
 3748     }
 3749 
 3750     return (0);
 3751 }
 3752 
 3753 /* Query frontend-specific certificates.  */
 3754 static int
 3755 cert_fr_query(struct frontend *fr, struct front_arg *fa,
 3756     struct cfg_tpc_obj_head *cfg_objs)
 3757 {
 3758     struct cfg_cert_file *cf, *cftmp;
 3759     sslctx *sc, *sctmp;
 3760     struct cfg_tpc_obj *o;
 3761 
 3762     HASH_ITER(hh, fr->ssl_ctxs, sc, sctmp) {
 3763         HASH_FIND_STR(fa->certs, sc->filename, cf);
 3764         if (cf != NULL && cf->mtim <= sc->mtim
 3765             && !ocsp_cfg_changed(cf, sc)) {
 3766             cf->mark = 1;
 3767         } else {
 3768             o = make_cfg_obj(CFG_CERT, CFG_TPC_DROP,
 3769                 sc, fr, cert_rollback, cert_commit);
 3770             VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3771         }
 3772     }
 3773 
 3774     HASH_ITER(hh, fa->certs, cf, cftmp) {
 3775         if (cf->mark)
 3776             continue;
 3777         sc = make_ctx_fr(cf, fr, fa);
 3778         if (sc == NULL)
 3779             return (-1);
 3780         o = make_cfg_obj(CFG_CERT, CFG_TPC_NEW,
 3781             sc, fr, cert_rollback, cert_commit);
 3782         VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3783     }
 3784 
 3785     return (0);
 3786 }
 3787 
 3788 /* Query reload of listen sockets.
 3789    Returns -1 on failure.
 3790    Failure: Caller calls .rollback() on the objects added in cfg_objs.
 3791    Success: Caller calls .commit()
 3792 */
 3793 static int
 3794 frontend_query(struct front_arg *new_set, struct cfg_tpc_obj_head *cfg_objs)
 3795 {
 3796     struct frontend *fr;
 3797     struct front_arg *fa, *ftmp;
 3798     struct cfg_tpc_obj *o;
 3799 
 3800     VTAILQ_FOREACH(fr, &frontends, list) {
 3801         HASH_FIND_STR(new_set, fr->arg->pspec, fa);
 3802         if (fa != NULL) {
 3803             fa->mark = 1;
 3804             o = make_cfg_obj(CFG_FRONTEND, CFG_TPC_KEEP, fr, NULL,
 3805                 frontend_rollback, frontend_commit);
 3806             if(cert_fr_query(fr, fa, cfg_objs) < 0) {
 3807                 FREE_OBJ(o);
 3808                 return (-1);
 3809             }
 3810 
 3811         } else
 3812             o = make_cfg_obj(CFG_FRONTEND, CFG_TPC_DROP, fr, NULL,
 3813                 frontend_rollback, frontend_commit);
 3814         VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3815     }
 3816 
 3817     HASH_ITER(hh, new_set, fa, ftmp) {
 3818         if (!fa->mark) {
 3819             fr = create_frontend(fa);
 3820             if (fr == NULL)
 3821                 return (-1);
 3822             o = make_cfg_obj(CFG_FRONTEND, CFG_TPC_NEW,
 3823                 fr, NULL, frontend_rollback, frontend_commit);
 3824             VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3825         }
 3826     }
 3827 
 3828     return (0);
 3829 }
 3830 
 3831 static void
 3832 cert_rollback(struct cfg_tpc_obj *o)
 3833 {
 3834     sslctx *sc;
 3835 
 3836     if (o->handling != CFG_TPC_NEW)
 3837         return;
 3838 
 3839     CAST_OBJ_NOTNULL(sc, o->p[0], SSLCTX_MAGIC);
 3840     sctx_free(sc, NULL);
 3841 }
 3842 
 3843 static void
 3844 cert_commit(struct cfg_tpc_obj *o)
 3845 {
 3846     sslctx *sc;
 3847     sni_name **sn_tab;
 3848     sslctx **ctxs;
 3849     struct frontend *fr;
 3850 
 3851     sn_tab = &sni_names;
 3852     ctxs = &ssl_ctxs;
 3853 
 3854     CAST_OBJ_NOTNULL(sc, o->p[0], SSLCTX_MAGIC);
 3855     if (o->p[1] != NULL) {
 3856         CAST_OBJ_NOTNULL(fr, o->p[1], FRONTEND_MAGIC);
 3857         sn_tab = &fr->sni_names;
 3858         ctxs = &fr->ssl_ctxs;
 3859     }
 3860 
 3861     switch (o->handling) {
 3862     case CFG_TPC_NEW:
 3863         HASH_ADD_KEYPTR(hh, *ctxs, sc->filename,
 3864             strlen(sc->filename), sc);
 3865         insert_sni_names(sc, sn_tab);
 3866         break;
 3867     case CFG_TPC_KEEP:
 3868         WRONG("unreachable");
 3869         break;
 3870     case CFG_TPC_DROP:
 3871         HASH_DEL(*ctxs, sc);
 3872         sctx_free(sc, sn_tab);
 3873         break;
 3874     }
 3875 }
 3876 
 3877 static void
 3878 dcert_rollback(struct cfg_tpc_obj *o)
 3879 {
 3880     cert_rollback(o);
 3881 }
 3882 
 3883 static void
 3884 dcert_commit(struct cfg_tpc_obj *o)
 3885 {
 3886     sslctx *sc;
 3887 
 3888     CAST_OBJ_NOTNULL(sc, o->p[0], SSLCTX_MAGIC);
 3889     CHECK_OBJ_NOTNULL(sni_names, SNI_NAME_MAGIC);
 3890 
 3891     switch (o->handling) {
 3892     case CFG_TPC_NEW:
 3893         sctx_free(default_ctx, &sni_names);
 3894         default_ctx = sc;
 3895         insert_sni_names(sc, &sni_names);
 3896         break;
 3897     case CFG_TPC_KEEP:
 3898         /* FALL-THROUGH */
 3899     case CFG_TPC_DROP:
 3900         /* We always have a default cert. This should not
 3901          * happen. */
 3902         WRONG("unreachable");
 3903         break;
 3904     }
 3905 }
 3906 
 3907 /* Query reload of certificate files */
 3908 static int
 3909 cert_query(hitch_config *cfg, struct cfg_tpc_obj_head *cfg_objs)
 3910 {
 3911     struct cfg_cert_file *cf, *cftmp;
 3912     sslctx *sc, *sctmp;
 3913     struct cfg_tpc_obj *o;
 3914 
 3915     /* NB: The ordering here is significant. It is imperative that
 3916      * all DROP objects are inserted before any NEW objects, in
 3917      * order to not wreak havoc in cert_commit().  */
 3918     HASH_ITER(hh, ssl_ctxs, sc, sctmp) {
 3919         HASH_FIND_STR(cfg->CERT_FILES, sc->filename, cf);
 3920         if (cf != NULL && cf->mtim <= sc->mtim
 3921             && !ocsp_cfg_changed(cf, sc)) {
 3922             cf->mark = 1;
 3923         } else {
 3924             o = make_cfg_obj(CFG_CERT, CFG_TPC_DROP,
 3925                 sc, NULL, cert_rollback, cert_commit);
 3926             VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3927         }
 3928     }
 3929 
 3930     /* handle default cert. Default cert has its own
 3931      * rollback/commit functions. */
 3932     if (cfg->CERT_DEFAULT != NULL) {
 3933         cf = cfg->CERT_DEFAULT;
 3934         CHECK_OBJ_NOTNULL(default_ctx, SSLCTX_MAGIC);
 3935         if (strcmp(default_ctx->filename, cf->filename) != 0
 3936             || cf->mtim > default_ctx->mtim
 3937             || ocsp_cfg_changed(cf, default_ctx)) {
 3938             sc = make_ctx(cf);
 3939             if (sc == NULL)
 3940                 return (-1);
 3941             o = make_cfg_obj(CFG_CERT, CFG_TPC_NEW,
 3942                 sc, NULL, dcert_rollback, dcert_commit);
 3943             VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3944         }
 3945     }
 3946 
 3947     HASH_ITER(hh, cfg->CERT_FILES, cf, cftmp) {
 3948         if (cf->mark)
 3949             continue;
 3950         sc = make_ctx(cf);
 3951         if (sc == NULL)
 3952             return (-1);
 3953         o = make_cfg_obj(CFG_CERT, CFG_TPC_NEW,
 3954             sc, NULL, cert_rollback, cert_commit);
 3955         VTAILQ_INSERT_TAIL(cfg_objs, o, list);
 3956     }
 3957 
 3958     return (0);
 3959 }
 3960 
 3961 static void
 3962 notify_workers(struct worker_update *wu)
 3963 {
 3964     struct worker_proc *c;
 3965     int i;
 3966     VTAILQ_FOREACH(c, &worker_procs, list) {
 3967         if ((wu->type == WORKER_GEN && wu->payload.gen != c->gen) ||
 3968              (wu->type == BACKEND_REFRESH)) {
 3969             errno = 0;
 3970             do {
 3971                 i = write(c->pfd, (void*)wu, sizeof(*wu));
 3972                 if (i == -1 && errno != EINTR) {
 3973                     if (wu->type == WORKER_GEN)
 3974                         ERR("WARNING: {core} Unable to "
 3975                         "gracefully reload worker %d"
 3976                         " (%s).\n",
 3977                         c->pid, strerror(errno));
 3978                     else
 3979                         ERR("WARNING: {core} Unable to "
 3980                         "notify worker %d "
 3981                         "with changed backend address (%s).\n",
 3982                         c->pid, strerror(errno));
 3983 
 3984                     (void)kill(c->pid, SIGTERM);
 3985                     break;
 3986                 }
 3987             } while (i == -1 && errno == EINTR);
 3988 
 3989             if (wu->type == WORKER_GEN)
 3990                 (void)close(c->pfd);
 3991 
 3992         }
 3993     }
 3994 }
 3995 
 3996 /*
 3997  * Print Hitch's listen enpoints to a file.
 3998  * Used for testing purposes.
 3999  */
 4000 int
 4001 listen_endpoint_print(const char *fn)
 4002 {
 4003     FILE *fp;
 4004     int n;
 4005     struct frontend *fr;
 4006     struct addrinfo *it;
 4007     char hostbuf[NI_MAXHOST];
 4008     char servbuf[NI_MAXSERV];
 4009 
 4010     fp = fopen(fn, "w");
 4011     if (fp == NULL) {
 4012         perror("fopen");
 4013         return (1);
 4014     }
 4015 
 4016     VTAILQ_FOREACH(fr, &frontends, list) {
 4017         for (it = fr->addrs; it != NULL; it = it->ai_next) {
 4018             if (it->ai_addr->sa_family != AF_INET)
 4019                 continue;
 4020             n = getnameinfo(it->ai_addr, it->ai_addrlen,
 4021                 hostbuf, sizeof(hostbuf), servbuf, sizeof(servbuf),
 4022                 NI_NUMERICHOST|NI_NUMERICSERV);
 4023             AZ(n);
 4024             fprintf(fp, "%s:%s\n", hostbuf, servbuf);
 4025         }
 4026     }
 4027 
 4028     fclose(fp);
 4029     return (0);
 4030 }
 4031 
 4032 static void
 4033 reconfigure(int argc, char **argv)
 4034 {
 4035     hitch_config *cfg_new;
 4036     struct cfg_tpc_obj_head cfg_objs;
 4037     struct cfg_tpc_obj *cto, *cto_tmp;
 4038     struct timeval tv;
 4039     double t0, t1;
 4040     struct worker_update wu;
 4041     struct frontend *fr;
 4042 
 4043     LOGL("Received SIGHUP: Initiating configuration reload.\n");
 4044     AZ(gettimeofday(&tv, NULL));
 4045     t0 = tv.tv_sec + 1e-6 * tv.tv_usec;
 4046 
 4047     VTAILQ_INIT(&cfg_objs);
 4048     cfg_new = config_new();
 4049     AN(cfg_new);
 4050     if (config_parse_cli(argc, argv, cfg_new) != 0) {
 4051         ERR("Config reload failed: %s\n", config_error_get());
 4052         config_destroy(cfg_new);
 4053         return;
 4054     }
 4055 
 4056     /* NB: the ordering of the foo_query() calls here is
 4057      * significant. */
 4058     if (frontend_query(cfg_new->LISTEN_ARGS, &cfg_objs) < 0
 4059         || cert_query(cfg_new, &cfg_objs) < 0) {
 4060         VTAILQ_FOREACH_SAFE(cto, &cfg_objs, list, cto_tmp) {
 4061             VTAILQ_REMOVE(&cfg_objs, cto, list);
 4062             AN(cto->rollback);
 4063             cto->rollback(cto);
 4064             FREE_OBJ(cto);
 4065         }
 4066         ERR("{core} Config reload failed.\n");
 4067         return;
 4068     } else {
 4069         VTAILQ_FOREACH_SAFE(cto, &cfg_objs, list, cto_tmp) {
 4070             VTAILQ_REMOVE(&cfg_objs, cto, list);
 4071             AN(cto->commit);
 4072             cto->commit(cto);
 4073             FREE_OBJ(cto);
 4074         }
 4075     }
 4076 
 4077     /* Rewire default sslctx and front_arg for each frontend after
 4078      * a reload */
 4079     VTAILQ_FOREACH(fr, &frontends, list) {
 4080         struct front_arg *fa;
 4081         struct cfg_cert_file *cf;
 4082         sslctx *sc;
 4083 
 4084         HASH_FIND_STR(cfg_new->LISTEN_ARGS, fr->arg->pspec, fa);
 4085         CHECK_OBJ_NOTNULL(fa, FRONT_ARG_MAGIC);
 4086 
 4087         /* rewire fr->arg: the previous value will be freed
 4088          * below when we config_destroy() the old
 4089          * configuration set. */
 4090         fr->arg = fa;
 4091 
 4092         if (HASH_COUNT(fr->ssl_ctxs) == 0) {
 4093             fr->default_ctx = NULL;
 4094             continue;
 4095         }
 4096 
 4097         cf = fa->certs;
 4098         CHECK_OBJ_NOTNULL(cf, CFG_CERT_FILE_MAGIC);
 4099         while (cf->hh.next != NULL)
 4100             cf = cf->hh.next;
 4101         HASH_FIND_STR(fr->ssl_ctxs, cf->filename, sc);
 4102         CHECK_OBJ_NOTNULL(sc, SSLCTX_MAGIC);
 4103         fr->default_ctx = sc;
 4104     }
 4105 
 4106     AZ(gettimeofday(&tv, NULL));
 4107     t1 = tv.tv_sec + 1e-6 * tv.tv_usec;
 4108 
 4109     LOGL("{core} Config reloaded in %.2lf seconds. "
 4110         "Starting new child processes.\n", t1 - t0);
 4111 
 4112     config_destroy(CONFIG);
 4113     CONFIG = cfg_new;
 4114 
 4115     worker_gen++;
 4116     start_workers(0, CONFIG->NCORES);
 4117 
 4118     if (CONFIG->DEBUG_LISTEN_ADDR)
 4119         listen_endpoint_print(CONFIG->DEBUG_LISTEN_ADDR);
 4120 
 4121     wu.type = WORKER_GEN;
 4122     wu.payload.gen = worker_gen;
 4123     notify_workers(&wu);
 4124 
 4125     if (ocsp_proc_pid > 0) {
 4126         (void) kill(ocsp_proc_pid, SIGTERM);
 4127         /*
 4128          * Restarting the OCSP process is taken
 4129          * care of in do_wait
 4130          */
 4131     } else if (CONFIG->OCSP_DIR != NULL && ocsp_proc_pid <= 0) {
 4132         start_ocsp_proc();
 4133     }
 4134 }
 4135 
 4136 void
 4137 sleep_and_refresh(hitch_config *CONFIG)
 4138 {
 4139     /* static backend address */
 4140     if (!CONFIG->BACKEND_REFRESH_TIME) {
 4141         pause();
 4142         return;
 4143     }
 4144 
 4145     int rv = 0;
 4146     while (1) {
 4147         rv = usleep(CONFIG->BACKEND_REFRESH_TIME*1000000);
 4148         if (rv == -1 && errno == EINTR)
 4149             break;
 4150         else if(backaddr_init()) {
 4151             struct worker_update wu;
 4152             wu.type = BACKEND_REFRESH;
 4153             socklen_t len;
 4154             const void *addr =
 4155                 VSA_Get_Sockaddr(backaddr->backaddr, &len);
 4156             AN(addr);
 4157             memcpy(&(wu.payload.addr), addr, len);
 4158             notify_workers(&wu);
 4159         }
 4160     }
 4161 }
 4162 
 4163 
 4164 /* Process command line args, create the bound socket,
 4165  * spawn child (worker) processes, and respawn if any die */
 4166 int
 4167 main(int argc, char **argv)
 4168 {
 4169     // initialize configuration
 4170     struct front_arg *fa, *ftmp;
 4171 
 4172     master_pid = getpid();
 4173     CONFIG = config_new();
 4174 
 4175     // parse command line
 4176     if (config_parse_cli(argc, argv, CONFIG) != 0) {
 4177         fprintf(stderr, "%s\n", config_error_get());
 4178         return (1);
 4179     }
 4180 
 4181     if (CONFIG->LOG_FILENAME) {
 4182         FILE* f;
 4183         if ((f = fopen(CONFIG->LOG_FILENAME, "a")) == NULL) {
 4184             /* logging.c */
 4185             logfile = stderr;
 4186             ERR("FATAL: Unable to open log file: %s: %s\n",
 4187                 CONFIG->LOG_FILENAME, strerror(errno));
 4188             exit(2);
 4189         }
 4190         logfile = f;
 4191         if (CONFIG->UID >=0 || CONFIG->GID >= 0) {
 4192             AZ(fchown(fileno(logfile), CONFIG->UID, CONFIG->GID));
 4193         }
 4194         AZ(fstat(fileno(logfile), &logf_st));
 4195         logf_check_t = time(NULL);
 4196     } else {
 4197         logfile = stderr;
 4198     }
 4199     AZ(setvbuf(logfile, NULL, _IONBF, BUFSIZ));
 4200 
 4201     if (CONFIG->TEST) {
 4202         /* Override log level for config test */
 4203         CONFIG->LOG_LEVEL = 3;
 4204         fprintf(stderr, "Trying to initialize SSL contexts with your"
 4205             " certificates\n");
 4206         init_globals();
 4207         init_openssl();
 4208         init_certs();
 4209         fprintf(stderr, "%s configuration looks ok.\n",
 4210             basename(argv[0]));
 4211         return (0);
 4212     }
 4213 
 4214     LOGL("{core} %s starting\n", PACKAGE_STRING);
 4215     create_workers = 1;
 4216 
 4217     openssl_check_version();
 4218 
 4219     init_signals();
 4220     init_globals();
 4221     init_openssl();
 4222 
 4223     HASH_ITER(hh, CONFIG->LISTEN_ARGS, fa, ftmp) {
 4224         struct frontend *fr = create_frontend(fa);
 4225         if (fr == NULL)
 4226             exit(1);
 4227         VTAILQ_INSERT_TAIL(&frontends, fr, list);
 4228     }
 4229 
 4230     /* load certificates, pass to handle_connections */
 4231     LOGL("{core} Loading certificate pem files (%d)\n",
 4232         HASH_COUNT(CONFIG->CERT_FILES) + 1); /* XXX: TODO */
 4233     init_certs();
 4234 
 4235 #ifdef USE_SHARED_CACHE
 4236     if (CONFIG->SHCUPD_PORT) {
 4237         /* create socket to send(children) and
 4238            receive(parent) cache updates */
 4239         shcupd_socket = create_shcupd_socket();
 4240     }
 4241 #endif /* USE_SHARED_CACHE */
 4242 
 4243     if (CONFIG->CHROOT && CONFIG->CHROOT[0] && geteuid() != 0) {
 4244         ERR("{core} ERROR: chroot requires hitch to be"
 4245             " started as root.\n");
 4246         exit(1);
 4247     }
 4248 
 4249     if (geteuid() == 0 && CONFIG->UID < 0) {
 4250         ERR("{core} ERROR: Refusing to run workers as root.\n");
 4251         exit(1);
 4252     }
 4253 
 4254     if (CONFIG->DAEMONIZE) {
 4255         if (!CONFIG->SYSLOG && !CONFIG->LOG_FILENAME) {
 4256             LOG("{core} Warning: daemonizing with neither "
 4257                 "'syslog' nor 'log-filename' configured: "
 4258                 "Hitch will not produce log messages.\n");
 4259         }
 4260         if (logfile == stdout || logfile == stderr)
 4261             logfile = NULL;
 4262         if (daemon(0, 0) == -1) {
 4263             ERR("Unable to daemonize: %s\n", strerror(errno));
 4264             exit(1);
 4265         }
 4266     }
 4267 
 4268     /* Reset master_pid in case we daemonized */
 4269     master_pid = getpid();
 4270 
 4271     if (CONFIG->PIDFILE) {
 4272         pfh = VPF_Open(CONFIG->PIDFILE, 0644, NULL);
 4273         if (pfh == NULL) {
 4274             ERR("FATAL: Could not open pid (-p) file (%s): %s\n",
 4275                 CONFIG->PIDFILE, strerror(errno));
 4276             exit(1);
 4277         }
 4278 
 4279         AZ(VPF_Write(pfh));
 4280         atexit(remove_pfh);
 4281     }
 4282 
 4283     start_workers(0, CONFIG->NCORES);
 4284 
 4285     if (CONFIG->DEBUG_LISTEN_ADDR) {
 4286         listen_endpoint_print(CONFIG->DEBUG_LISTEN_ADDR);
 4287     }
 4288 
 4289     if (CONFIG->OCSP_DIR != NULL)
 4290         start_ocsp_proc();
 4291 
 4292 #ifdef USE_SHARED_CACHE
 4293     if (CONFIG->SHCUPD_PORT) {
 4294         /* start event loop to receive cache updates */
 4295         loop = ev_default_loop(EVFLAG_AUTO);
 4296         ev_io_init(&shcupd_listener, handle_shcupd, shcupd_socket,
 4297             EV_READ);
 4298         ev_io_start(loop, &shcupd_listener);
 4299     }
 4300 #endif /* USE_SHARED_CACHE */
 4301 
 4302     LOGL("{core} %s initialization complete\n", PACKAGE_STRING);
 4303     for (;;) {
 4304 #ifdef USE_SHARED_CACHE
 4305         if (CONFIG->SHCUPD_PORT) {
 4306             while (n_sighup == 0 && n_sigchld == 0) {
 4307                 /* event loop to receive cache updates */
 4308                 ev_loop(loop, EVRUN_ONCE);
 4309             }
 4310         } else
 4311             sleep_and_refresh(CONFIG);
 4312 #else
 4313 
 4314         sleep_and_refresh(CONFIG);
 4315         /* Sleep and let the children work.
 4316          * Parent will be woken up if a signal arrives */
 4317 #endif /* USE_SHARED_CACHE */
 4318 
 4319         while (n_sighup != 0) {
 4320             n_sighup = 0;
 4321             reconfigure(argc, argv);
 4322         }
 4323 
 4324         while (n_sigchld != 0) {
 4325             n_sigchld = 0;
 4326             do_wait();
 4327         }
 4328     }
 4329 
 4330     exit(0); /* just a formality; we never get here */
 4331 }