spdycat, spdyd: Support SPDY without SSL/TLS

Use --no-tls option to disable SSL/TLS and specify SPDY protocol version using -2 or -3.

spdycat, spdyd: Support SPDY without SSL/TLS
Use --no-tls option to disable SSL/TLS and specify SPDY protocol version using -2 or -3.
f97110f0 · Tatsuhiro Tsujikawa · 58b1da39 · f97110f0 · f97110f0 · f97110f0
Commit f97110f0 authored Nov 25, 2012 by Tatsuhiro Tsujikawa
6 changed files
--- a/src/SpdyServer.cc
+++ b/src/SpdyServer.cc
--- a/src/SpdyServer.h
+++ b/src/SpdyServer.h
@@ -52,8 +52,9 @@ struct Config {
  std::string cert_file;
  spdylay_on_request_recv_callback on_request_recv_callback;
  void *data_ptr;
-  bool spdy3_only;
+  uint16_t version;
  bool verify_client;
+  bool no_tls;
  Config();
 };

@@ -113,7 +114,7 @@ public:

  ssize_t recv_data(uint8_t *data, size_t len, int flags);

-  bool would_block(int r);
+  bool would_block() const;

  int submit_file_response(const std::string& status,
                           int32_t stream_id,
@@ -141,7 +142,7 @@ private:
  SSL* ssl_;
  uint16_t version_;
  int64_t session_id_;
-  bool want_write_;
+  uint8_t io_flags_;
  std::map<int32_t, Request*> id2req_;
 };


--- a/src/spdycat.cc
+++ b/src/spdycat.cc
@@ -67,6 +67,7 @@ struct Config {
  bool verbose;
  bool get_assets;
  bool stat;
+  bool no_tls;
  int spdy_version;
  // milliseconds
  int timeout;
@@ -75,7 +76,7 @@ struct Config {
  int window_bits;
  std::map<std::string,std::string> headers;
  Config():null_out(false), remote_name(false), verbose(false),
-           get_assets(false), stat(false),
+           get_assets(false), stat(false), no_tls(false),
           spdy_version(-1), timeout(-1), window_bits(-1)
  {}
 };
@@ -231,7 +232,7 @@ void submit_request(Spdylay& sc, const std::string& hostport,
 {
  uri::UriStruct& us = req->us;
  std::string path = us.dir+us.file+us.query;
-  int r = sc.submit_request(hostport, path, headers, 3, req);
+  int r = sc.submit_request(us.protocol, hostport, path, headers, 3, req);
  assert(r == 0);
 }

@@ -447,12 +448,7 @@ int communicate(const std::string& host, uint16_t port,
    return -1;
  }
  set_tcp_nodelay(fd);
-  SSL_CTX *ssl_ctx;
-  ssl_ctx = SSL_CTX_new(TLSv1_client_method());
-  if(!ssl_ctx) {
-    std::cerr << ERR_error_string(ERR_get_error(), 0) << std::endl;
-    return -1;
-  }
+
  std::string next_proto;
  switch(config.spdy_version) {
  case SPDYLAY_PROTO_SPDY2:
@@ -462,6 +458,15 @@ int communicate(const std::string& host, uint16_t port,
    next_proto = "spdy/3";
    break;
  }
+
+  SSL_CTX *ssl_ctx = 0;
+  SSL *ssl = 0;
+  if(!config.no_tls) {
+    ssl_ctx = SSL_CTX_new(TLSv1_client_method());
+    if(!ssl_ctx) {
+      std::cerr << ERR_error_string(ERR_get_error(), 0) << std::endl;
+      return -1;
+    }
    setup_ssl_ctx(ssl_ctx, &next_proto);
    if(!config.keyfile.empty()) {
      if(SSL_CTX_use_PrivateKey_file(ssl_ctx, config.keyfile.c_str(),
@@ -477,7 +482,7 @@ int communicate(const std::string& host, uint16_t port,
        return -1;
      }
    }
-  SSL *ssl = SSL_new(ssl_ctx);
+    ssl = SSL_new(ssl_ctx);
    if(!ssl) {
      std::cerr << ERR_error_string(ERR_get_error(), 0) << std::endl;
      return -1;
@@ -495,6 +500,7 @@ int communicate(const std::string& host, uint16_t port,
                << std::endl;
      return -1;
    }
+  }

  spdySession.record_handshake_time();
  int spdy_version = spdylay_npn_get_version(
@@ -503,6 +509,7 @@ int communicate(const std::string& host, uint16_t port,
  if (spdy_version <= 0) {
    return -1;
  }
+
  Spdylay sc(fd, ssl, spdy_version, callbacks, &spdySession);
  spdySession.sc = &sc;

@@ -570,9 +577,11 @@ int communicate(const std::string& host, uint16_t port,
              << spdySession.reqvec.size()
              << ", processed=" << spdySession.complete << std::endl;
  }
+  if(ssl) {
    SSL_shutdown(ssl);
    SSL_free(ssl);
    SSL_CTX_free(ssl_ctx);
+  }
  shutdown(fd, SHUT_WR);
  close(fd);
  if(config.stat) {
@@ -632,7 +641,7 @@ int run(char **uris, int n)
 void print_usage(std::ostream& out)
 {
  out << "Usage: spdycat [-Oansv23] [-t <SECONDS>] [-w <WINDOW_BITS>] [--cert=<CERT>]\n"
-      << "               [--key=<KEY>] <URI>..."
+      << "               [--key=<KEY>] [--no-tls] <URI>..."
      << std::endl;
 }

@@ -664,6 +673,8 @@ void print_help(std::ostream& out)
      << "                       The file must be in PEM format.\n"
      << "    --key=<KEY>        Use the client private key file. The file\n"
      << "                       must be in PEM format.\n"
+      << "    --no-tls           Disable SSL/TLS. Use -2 or -3 to specify\n"
+      << "                       SPDY protocol version to use.\n"
      << std::endl;
 }

@@ -685,6 +696,7 @@ int main(int argc, char **argv)
      {"key", required_argument, &flag, 2 },
      {"help", no_argument, 0, 'h' },
      {"header", required_argument, 0, 'H' },
+      {"no-tls", no_argument, &flag, 3 },
      {0, 0, 0, 0 }
    };
    int option_index = 0;
@@ -774,12 +786,25 @@ int main(int argc, char **argv)
        // key option
        config.keyfile = optarg;
        break;
+      case 3:
+        // no-tls option
+        config.no_tls = true;
+        break;
      }
      break;
    default:
      break;
    }
  }
+
+  if(config.no_tls) {
+    if(config.spdy_version == -1) {
+      std::cerr << "Specify SPDY protocol version using either -2 or -3."
+                << std::endl;
+      exit(EXIT_FAILURE);
+    }
+  }
+
  struct sigaction act;
  memset(&act, 0, sizeof(struct sigaction));
  act.sa_handler = SIG_IGN;

--- a/src/spdyd.cc
+++ b/src/spdyd.cc
@@ -47,7 +47,7 @@ extern bool ssl_debug;
 namespace {
 void print_usage(std::ostream& out)
 {
-  out << "Usage: spdyd [-3DVhv] [-d <PATH>] <PORT> <PRIVATE_KEY> <CERT>"
+  out << "Usage: spdyd [-23DVhv] [-d <PATH>] [--no-tls] <PORT> [<PRIVATE_KEY> <CERT>]"
      << std::endl;
 }
 } // namespace
@@ -74,7 +74,10 @@ void print_help(std::ostream& out)
      << "                       current working directory.\n"
      << "    -v, --verbose      Print debug information such as reception/\n"
      << "                       transmission of frames and name/value pairs.\n"
+      << "    -2, --spdy2        Only use SPDY/2.\n"
      << "    -3, --spdy3        Only use SPDY/3.\n"
+      << "    --no-tls           Disable SSL/TLS. Use -2 or -3 to specify\n"
+      << "                       SPDY protocol version to use.\n"
      << "    -h, --help         Print this help.\n"
      << std::endl;
 }
@@ -84,17 +87,20 @@ int main(int argc, char **argv)
 {
  Config config;
  while(1) {
+    int flag;
    static option long_options[] = {
      {"daemon", no_argument, 0, 'D' },
      {"htdocs", required_argument, 0, 'd' },
      {"help", no_argument, 0, 'h' },
      {"verbose", no_argument, 0, 'v' },
+      {"spdy2", no_argument, 0, '2' },
      {"spdy3", no_argument, 0, '3' },
      {"verify-client", no_argument, 0, 'V' },
+      {"no-tls", no_argument, &flag, 1 },
      {0, 0, 0, 0 }
    };
    int option_index = 0;
-    int c = getopt_long(argc, argv, "DVd:hv3", long_options, &option_index);
+    int c = getopt_long(argc, argv, "DVd:hv23", long_options, &option_index);
    if(c == -1) {
      break;
    }
@@ -114,20 +120,45 @@ int main(int argc, char **argv)
    case 'v':
      config.verbose = true;
      break;
+    case '2':
+      config.version = SPDYLAY_PROTO_SPDY2;
+      break;
    case '3':
-      config.spdy3_only = true;
+      config.version = SPDYLAY_PROTO_SPDY3;
      break;
    case '?':
      exit(EXIT_FAILURE);
+    case 0:
+      switch(flag) {
+      case 1:
+        // no-tls option
+        config.no_tls = true;
+        break;
+      }
+      break;
    default:
      break;
    }
  }
-  if(argc-optind < 3) {
+  if(argc-optind < (config.no_tls ? 1 : 3)) {
    print_usage(std::cerr);
    std::cerr << "Too few arguments" << std::endl;
    exit(EXIT_FAILURE);
  }
+
+  config.port = strtol(argv[optind++], 0, 10);
+
+  if(config.no_tls) {
+    if(config.version == 0) {
+      std::cerr << "Specify SPDY protocol version using either -2 or -3."
+                << std::endl;
+      exit(EXIT_FAILURE);
+    }
+  } else {
+    config.private_key_file = argv[optind++];
+    config.cert_file = argv[optind++];
+  }
+
  if(config.daemon) {
    if(config.htdocs.empty()) {
      print_usage(std::cerr);
@@ -150,9 +181,6 @@ int main(int argc, char **argv)
  SSL_load_error_strings();
  SSL_library_init();
  reset_timer();
-  config.port = strtol(argv[optind++], 0, 10);
-  config.private_key_file = argv[optind++];
-  config.cert_file = argv[optind++];
  config.on_request_recv_callback = htdocs_on_request_recv_callback;
  ssl_debug = config.verbose;


--- a/src/spdylay_ssl.cc
+++ b/src/spdylay_ssl.cc
@@ -54,7 +54,7 @@ Spdylay::Spdylay(int fd, SSL *ssl, uint16_t version,
                 const spdylay_session_callbacks *callbacks,
                 void *user_data)
  : fd_(fd), ssl_(ssl), version_(version), user_data_(user_data),
-    want_write_(false)
+    io_flags_(0)
 {
  int r = spdylay_session_client_new(&session_, version_, callbacks, this);
  assert(r == 0);
@@ -78,20 +78,36 @@ int Spdylay::send()
 ssize_t Spdylay::send_data(const uint8_t *data, size_t len, int flags)
 {
  ssize_t r;
+  io_flags_ = 0;
+  if(ssl_) {
    ERR_clear_error();
    r = SSL_write(ssl_, data, len);
+    if(r < 0) {
+      io_flags_ = get_ssl_io_demand(ssl_, r);
+    }
+  } else {
+    while((r = ::send(fd_, data, len, 0)) == -1 && errno == EINTR);
+    if(r == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+      io_flags_ |= WANT_WRITE;
+    }
+  }
  return r;
 }

 ssize_t Spdylay::recv_data(uint8_t *data, size_t len, int flags)
 {
  ssize_t r;
-  want_write_ = false;
+  io_flags_ = 0;
+  if(ssl_) {
    ERR_clear_error();
    r = SSL_read(ssl_, data, len);
    if(r < 0) {
-    if(SSL_get_error(ssl_, r) == SSL_ERROR_WANT_WRITE) {
-      want_write_ = true;
+      io_flags_ = get_ssl_io_demand(ssl_, r);
+    }
+  } else {
+    while((r = ::recv(fd_, data, len, 0)) == -1 && errno == EINTR);
+    if(r == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+      io_flags_ |= WANT_READ;
    }
  }
  return r;
@@ -99,12 +115,12 @@ ssize_t Spdylay::recv_data(uint8_t *data, size_t len, int flags)

 bool Spdylay::want_read()
 {
-  return spdylay_session_want_read(session_);
+  return spdylay_session_want_read(session_) || (io_flags_ & WANT_READ);
 }

 bool Spdylay::want_write()
 {
-  return spdylay_session_want_write(session_) || want_write_;
+  return spdylay_session_want_write(session_) || (io_flags_ & WANT_WRITE);
 }

 bool Spdylay::finish()
@@ -123,7 +139,8 @@ void* Spdylay::user_data()
  return user_data_;
 }

-int Spdylay::submit_request(const std::string& hostport,
+int Spdylay::submit_request(const std::string& scheme,
+                            const std::string& hostport,
                            const std::string& path,
                            const std::map<std::string,std::string> &headers,
                            uint8_t pri,
@@ -144,7 +161,7 @@ int Spdylay::submit_request(const std::string& hostport,
    ":method", "GET",
    ":path", path.c_str(),
    ":version", "HTTP/1.1",
-    ":scheme", "https",
+    ":scheme", scheme.c_str(),
    ":host", hostport.c_str(),
    "accept", "*/*",
    "user-agent", "spdylay/" SPDYLAY_VERSION
@@ -196,10 +213,9 @@ int Spdylay::submit_settings(int flags, spdylay_settings_entry *iv, size_t niv)
  return spdylay_submit_settings(session_, flags, iv, niv);
 }

-bool Spdylay::would_block(int r)
+bool Spdylay::would_block()
 {
-  int e = SSL_get_error(ssl_, r);
-  return e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_WANT_READ;
+  return io_flags_;
 }

 int connect_to(const std::string& host, uint16_t port)
@@ -395,11 +411,14 @@ ssize_t send_callback(spdylay_session *session,
  Spdylay *sc = (Spdylay*)user_data;
  ssize_t r = sc->send_data(data, len, flags);
  if(r < 0) {
-    if(sc->would_block(r)) {
+    if(sc->would_block()) {
      r = SPDYLAY_ERR_WOULDBLOCK;
    } else {
      r = SPDYLAY_ERR_CALLBACK_FAILURE;
    }
+  } else if(r == 0) {
+    // In OpenSSL, r == 0 means EOF because SSL_write may do read.
+    r = SPDYLAY_ERR_CALLBACK_FAILURE;
  }
  return r;
 }
@@ -410,7 +429,7 @@ ssize_t recv_callback(spdylay_session *session,
  Spdylay *sc = (Spdylay*)user_data;
  ssize_t r = sc->recv_data(data, len, flags);
  if(r < 0) {
-    if(sc->would_block(r)) {
+    if(sc->would_block()) {
      r = SPDYLAY_ERR_WOULDBLOCK;
    } else {
      r = SPDYLAY_ERR_CALLBACK_FAILURE;
@@ -792,6 +811,18 @@ int64_t time_delta(const timeval& a, const timeval& b)
  return res;
 }

+uint8_t get_ssl_io_demand(SSL *ssl, ssize_t r)
+{
+  switch(SSL_get_error(ssl, r)) {
+  case SSL_ERROR_WANT_WRITE:
+    return WANT_WRITE;
+  case SSL_ERROR_WANT_READ:
+    return WANT_READ;
+  default:
+    return 0;
+  }
+}
+
 namespace {
 timeval base_tv;
 } // namespace

--- a/src/spdylay_ssl.h
+++ b/src/spdylay_ssl.h
@@ -55,11 +55,12 @@ public:
  bool want_write();
  bool finish();
  int fd() const;
-  int submit_request(const std::string& hostport, const std::string& path,
+  int submit_request(const std::string& scheme,
+                     const std::string& hostport, const std::string& path,
                     const std::map<std::string,std::string>& headers,
                     uint8_t pri, void *stream_user_data);
  int submit_settings(int flags, spdylay_settings_entry *iv, size_t niv);
-  bool would_block(int r);
+  bool would_block();
  void* user_data();
 private:
  int fd_;
@@ -67,7 +68,7 @@ private:
  uint16_t version_;
  spdylay_session *session_;
  void *user_data_;
-  bool want_write_;
+  uint8_t io_flags_;
  bool debug_;
 };

@@ -148,6 +149,13 @@ void get_timer(timeval *tv);

 void print_timer();

+enum {
+  WANT_READ = 1,
+  WANT_WRITE = 1 << 1
+};
+
+uint8_t get_ssl_io_demand(SSL *ssl, ssize_t r);
+
 } // namespace spdylay

 #endif // SPDYLAY_SSL_H