Optimize config usage in concurrent server examples
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9150a8e..1cc9811 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -103,13 +103,7 @@
typedef struct {
int client_fd;
int thread_complete;
- mbedtls_entropy_context *entropy;
-#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_context *cache;
-#endif
- mbedtls_x509_crt *ca_chain;
- mbedtls_x509_crt *server_cert;
- mbedtls_pk_context *server_key;
+ const mbedtls_ssl_config *config;
} thread_info_t;
typedef struct {
@@ -128,79 +122,25 @@
int client_fd = thread_info->client_fd;
int thread_id = (int) pthread_self();
unsigned char buf[1024];
- char pers[50];
mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- mbedtls_ctr_drbg_context ctr_drbg;
/* Make sure memory references are valid */
mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
- mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
mbedtls_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
- mbedtls_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
-
- /* mbedtls_entropy_func() is thread-safe if MBEDTLS_THREADING_C is set
- */
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, thread_info->entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- mbedtls_printf( " [ #%d ] failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
- thread_id, -ret );
- goto thread_exit;
- }
-
- mbedtls_printf( " [ #%d ] ok\n", thread_id );
/*
- * 4. Setup stuff
+ * 4. Get the SSL context ready
*/
- mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
-
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
- MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
- {
- mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
- thread_id, -ret );
- goto thread_exit;
- }
-
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
{
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_setup returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
-
- /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
- * MBEDTLS_THREADING_C is set.
- */
-#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_conf_session_cache( &conf,
- mbedtls_ssl_cache_get, thread_info->cache,
- mbedtls_ssl_cache_set, thread_info->cache );
-#endif
-
- mbedtls_ssl_conf_ca_chain( &conf, thread_info->ca_chain, NULL );
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, thread_info->server_cert, thread_info->server_key ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
- goto thread_exit;
- }
-
- mbedtls_printf( " [ #%d ] ok\n", thread_id );
-
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
- mbedtls_printf( " [ #%d ] ok\n", thread_id );
-
/*
* 5. Handshake
*/
@@ -321,9 +261,7 @@
#endif
mbedtls_net_close( client_fd );
- mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
thread_info->thread_complete = 1;
@@ -374,9 +312,13 @@
int ret;
int listen_fd;
int client_fd = -1;
+ const char pers[] = "ssl_pthread_server";
mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
+ mbedtls_x509_crt cachain;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[100000];
@@ -391,18 +333,23 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
- base_info.cache = &cache;
#endif
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_x509_crt_init( &cachain );
+
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
memset( threads, 0, sizeof(threads) );
mbedtls_mutex_init( &debug_mutex );
+ base_info.config = &conf;
+
/*
* We use only a single entropy source that is used in all the threads.
*/
mbedtls_entropy_init( &entropy );
- base_info.entropy = &entropy;
/*
* 1. Load the certificates and private RSA key
@@ -410,8 +357,6 @@
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
- mbedtls_x509_crt_init( &srvcert );
-
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
@@ -425,7 +370,7 @@
goto exit;
}
- ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
@@ -442,13 +387,61 @@
goto exit;
}
- base_info.ca_chain = srvcert.next;
- base_info.server_cert = &srvcert;
- base_info.server_key = &pkey;
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1b. Seed the random number generator
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ -ret );
+ goto exit;
+ }
mbedtls_printf( " ok\n" );
/*
+ * 1c. Prepare SSL configuration
+ */
+ mbedtls_printf( " . Setting up the SSL data...." );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
+ {
+ mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
+
+ /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
+ * MBEDTLS_THREADING_C is set.
+ */
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set );
+#endif
+
+ mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+
+ /*
* 2. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
@@ -504,7 +497,9 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
+ mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
+ mbedtls_ssl_config_free( &conf );
mbedtls_mutex_free( &debug_mutex );