Feature/mbedtls (#84)

* try to import mbedtls and build it

* add stubs socket class

* some boilterplate, read and write function implemented

* more boilterplate / current error in handshake because no CA cert is setup

* add something so skip ca verification, can ws curl https://google.com !

* cleanup / close implemented

* tweak CMakefiles

* typo in include

* update readme

* disable unittests

ixwebsocket/IXHttpClient.cpp

@@ -115,7 +115,7 @@ namespace ix
         if (!success)
         {
             std::stringstream ss;
-            ss << "Cannot connect to url: " << url;
+            ss << "Cannot connect to url: " << url << " / error : " << errMsg;
             return std::make_tuple(code, HttpErrorCode::CannotConnect,
                                    headers, payload, ss.str(),
                                    uploadSize, downloadSize);

ixwebsocket/IXSocketFactory.cpp

@@ -8,11 +8,13 @@
 
 #ifdef IXWEBSOCKET_USE_TLS
 
-# ifdef __APPLE__
+# ifdef IXWEBSOCKET_USE_MBED_TLS
+#  include <ixwebsocket/IXSocketMbedTLS.h>
+# elif __APPLE__
 #  include <ixwebsocket/IXSocketAppleSSL.h>
 # elif defined(_WIN32)
 #  include <ixwebsocket/IXSocketSChannel.h>
-# else
+# elif defined(IXWEBSOCKET_USE_OPEN_SSL)
 #  include <ixwebsocket/IXSocketOpenSSL.h>
 # endif
 
@@ -37,7 +39,9 @@ namespace ix
         else
         {
 #ifdef IXWEBSOCKET_USE_TLS
-# ifdef __APPLE__
+# if defined(IXWEBSOCKET_USE_MBED_TLS)
+            socket = std::make_shared<SocketMbedTLS>();
+# elif defined(__APPLE__)
             socket = std::make_shared<SocketAppleSSL>();
 # elif defined(_WIN32)
             socket = std::make_shared<SocketSChannel>();

ixwebsocket/IXSocketMbedTLS.cpp

@@ -0,0 +1,161 @@
+/*
+ *  IXSocketMbedTLS.cpp
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2018 Machine Zone, Inc. All rights reserved.
+ *
+ *  Some code taken from
+ *  https://github.com/rottor12/WsClientLib/blob/master/lib/src/WsClientLib.cpp
+ *  and mini_client.c example from mbedtls
+ */
+
+#include "IXSocketMbedTLS.h"
+#include "IXSocketConnect.h"
+#include "IXNetSystem.h"
+#include "IXSocket.h"
+
+#include <string.h>
+
+namespace ix
+{
+    SocketMbedTLS::~SocketMbedTLS()
+    {
+        close();
+    }
+
+    bool SocketMbedTLS::init(const std::string& host, std::string& errMsg)
+    {
+        mbedtls_ssl_init(&_ssl);
+        mbedtls_ssl_config_init(&_conf);
+        mbedtls_ctr_drbg_init(&_ctr_drbg);
+
+        const char *pers = "IXSocketMbedTLS";
+
+        mbedtls_entropy_init(&_entropy);
+        if (mbedtls_ctr_drbg_seed(&_ctr_drbg,
+                                  mbedtls_entropy_func,
+                                  &_entropy,
+                                  (const unsigned char *) pers,
+                                  strlen( pers ) ) != 0)
+        {
+            errMsg = "Setting entropy seed failed";
+            return false;
+        }
+
+        if (mbedtls_ssl_config_defaults(&_conf,
+                                        MBEDTLS_SSL_IS_CLIENT,
+                                        MBEDTLS_SSL_TRANSPORT_STREAM,
+                                        MBEDTLS_SSL_PRESET_DEFAULT ) != 0)
+        {
+            errMsg = "Setting config default failed";
+            return false;
+        }
+
+        mbedtls_ssl_conf_rng(&_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
+
+        // FIXME: cert verification is disabled
+        mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_NONE);
+
+        if (mbedtls_ssl_setup( &_ssl, &_conf ) != 0)
+        {
+            errMsg = "SSL setup failed";
+            return false;
+        }
+
+        if (mbedtls_ssl_set_hostname( &_ssl, host.c_str()) != 0)
+        {
+            errMsg = "SNI setup failed";
+            return false;
+        }
+
+        return true;
+    }
+
+    bool SocketMbedTLS::connect(const std::string& host,
+                                int port,
+                                std::string& errMsg,
+                                const CancellationRequest& isCancellationRequested)
+    {
+        _sockfd = SocketConnect::connect(host, port, errMsg, isCancellationRequested);
+        if (_sockfd == -1) return false;
+        if (!init(host, errMsg)) return false;
+
+        mbedtls_ssl_set_bio(&_ssl, &_sockfd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+        int res;
+        do 
+        {
+            res = mbedtls_ssl_handshake(&_ssl);
+        }
+        while (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+        if (res != 0)
+        {
+            char buf[256];
+            mbedtls_strerror(res, buf, sizeof(buf));
+
+            errMsg = "error in handshake : ";
+            errMsg += buf;
+            return false;
+        }
+
+        return true;
+    }
+
+    void SocketMbedTLS::close()
+    {
+        mbedtls_ssl_free(&_ssl);
+        mbedtls_ssl_config_free(&_conf);
+        mbedtls_ctr_drbg_free(&_ctr_drbg);
+        mbedtls_entropy_free(&_entropy);
+    }
+
+    ssize_t SocketMbedTLS::send(char* buf, size_t nbyte)
+    {
+        ssize_t sent = 0;
+
+        while (nbyte > 0)
+        {
+            std::lock_guard<std::mutex> lock(_mutex);
+
+            ssize_t res = mbedtls_ssl_write(&_ssl, (unsigned char*) buf, nbyte);
+
+            if (res > 0) {
+                nbyte -= res;
+                sent += res;
+            } else if (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE) {
+                errno = EWOULDBLOCK;
+                return -1;
+            } else {
+                return -1;
+            }
+        }
+        return sent;
+    }
+
+    ssize_t SocketMbedTLS::send(const std::string& buffer)
+    {
+        return send((char*)&buffer[0], buffer.size());
+    }
+
+    ssize_t SocketMbedTLS::recv(void* buf, size_t nbyte)
+    {
+        while (true)
+        {
+            std::lock_guard<std::mutex> lock(_mutex);
+
+            ssize_t res = mbedtls_ssl_read(&_ssl, (unsigned char*) buf, (int) nbyte);
+
+            if (res > 0)
+            {
+                return res;
+            }
+
+            if (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE)
+            {
+                errno = EWOULDBLOCK;
+            }
+            return -1;
+        }
+    }
+
+}

ixwebsocket/IXSocketMbedTLS.h

@@ -0,0 +1,47 @@
+/*
+ *  IXSocketMbedTLS.h
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ */
+
+#pragma once
+
+#include "IXSocket.h"
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/debug.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/error.h>
+#include <mbedtls/net.h>
+#include <mbedtls/platform.h>
+#include <mutex>
+
+namespace ix
+{
+    class SocketMbedTLS final : public Socket
+    {
+    public:
+        SocketMbedTLS() = default;
+        ~SocketMbedTLS();
+
+        virtual bool connect(const std::string& host,
+                             int port,
+                             std::string& errMsg,
+                             const CancellationRequest& isCancellationRequested) final;
+        virtual void close() final;
+
+        virtual ssize_t send(char* buffer, size_t length) final;
+        virtual ssize_t send(const std::string& buffer) final;
+        virtual ssize_t recv(void* buffer, size_t length) final;
+
+    private:
+        mbedtls_ssl_context _ssl;
+        mbedtls_ssl_config _conf;
+        mbedtls_entropy_context _entropy;
+        mbedtls_ctr_drbg_context _ctr_drbg;
+
+        std::mutex _mutex;
+
+        bool init(const std::string& host, std::string& errMsg);
+    };
+
+} // namespace ix

ixwebsocket/IXSocketOpenSSL.cpp

@@ -240,7 +240,6 @@ namespace ix
         }
     }
 
-    // No wait support
     bool SocketOpenSSL::connect(const std::string& host,
                                 int port,
                                 std::string& errMsg,
@@ -361,7 +360,6 @@ namespace ix
         return send((char*)&buffer[0], buffer.size());
     }
 
-    // No wait support
     ssize_t SocketOpenSSL::recv(void* buf, size_t nbyte)
     {
         while (true)