in OpenSSL 1.1.1 we can share the same context among all network connections

3 files changed, 73 insertions, 53 deletions

diff --git a/src/mir_app/src/netlib.cpp b/src/mir_app/src/netlib.cpp
index 5dd7bf4f97..eefbfd6641 100644
--- a/src/mir_app/src/netlib.cpp
+++ b/src/mir_app/src/netlib.cpp
@@ -439,6 +439,7 @@ void UnloadNetlibModule(void)
 	if (hConnectionOpenMutex)

 		CloseHandle(hConnectionOpenMutex);

 	WSACleanup();

+	OpenSsl_Unload();

 }

 

 int LoadNetlibModule(void)

@@ -448,6 +449,9 @@ int LoadNetlibModule(void)
 	WSADATA wsadata;

 	WSAStartup(MAKEWORD(2, 2), &wsadata);

 

+	if (!OpenSsl_Init())

+		return 1;

+

 	hConnectionHeaderMutex = CreateMutex(nullptr, FALSE, nullptr);

 	NetlibLogInit();

 

diff --git a/src/mir_app/src/netlib.h b/src/mir_app/src/netlib.h
index aeae2a7bd0..c08718b5bd 100644
--- a/src/mir_app/src/netlib.h
+++ b/src/mir_app/src/netlib.h
@@ -145,43 +145,47 @@ extern LIST<NetlibUser> netlibUser;
 extern HANDLE hEventConnected;

 extern HANDLE hEventDisconnected;

 

-// netlibautoproxy.c

+// netlibautoproxy.cpp

 void NetlibLoadIeProxy(void);

 void NetlibUnloadIeProxy(void);

 char* NetlibGetIeProxy(char *szUrl);

 bool NetlibGetIeProxyConn(NetlibConnection *nlc, bool forceHttps);

 

-// netlibbind.c

+// netlibbind.cpp

 int NetlibFreeBoundPort(NetlibBoundPort *nlbp);

 bool BindSocketToPort(const char *szPorts, SOCKET s, SOCKET s6, int* portn);

 

-// netlibhttp.c

+// netlibhttp.cpp

 void NetlibHttpSetLastErrorUsingHttpResult(int result);

 NETLIBHTTPREQUEST* NetlibHttpRecv(NetlibConnection* nlc, DWORD hflags, DWORD dflags, bool isConnect = false);

 void NetlibConnFromUrl(const char* szUrl, bool secur, NETLIBOPENCONNECTION &nloc);

 

-// netliblog.c

+// netliblog.cpp

 void NetlibLogShowOptions(void);

 void NetlibLogInit(void);

 void NetlibLogShutdown(void);

 

-// netlibopenconn.c

+// netlibopenconn.cpp

 DWORD DnsLookup(NetlibUser *nlu, const char *szHost);

 int WaitUntilReadable(SOCKET s, DWORD dwTimeout, bool check = false);

 int WaitUntilWritable(SOCKET s, DWORD dwTimeout);

 bool NetlibDoConnect(NetlibConnection *nlc);

 bool NetlibReconnect(NetlibConnection *nlc);

 

-// netlibopts.c

+// netlibopts.cpp

 int NetlibOptInitialise(WPARAM wParam, LPARAM lParam);

 void NetlibSaveUserSettingsStruct(const char *szSettingsModule, const NETLIBUSERSETTINGS *settings);

 

-// netlibsock.c

+// netlibsock.cpp

 #define NL_SELECT_READ  0x0001

 #define NL_SELECT_WRITE 0x0002

 #define NL_SELECT_ALL   (NL_SELECT_READ+NL_SELECT_WRITE)

 

-// netlibupnp.c

+// netlibssl.cpp

+bool OpenSsl_Init();

+void OpenSsl_Unload();

+

+// netlibupnp.cpp

 bool NetlibUPnPAddPortMapping(WORD intport, char *proto, WORD *extport, DWORD *extip, bool search);

 void NetlibUPnPDeletePortMapping(WORD extport, char* proto);

 void NetlibUPnPCleanup(void*);

diff --git a/src/mir_app/src/netlib_ssl.cpp b/src/mir_app/src/netlib_ssl.cpp
index 861e801095..1d752454df 100644
--- a/src/mir_app/src/netlib_ssl.cpp
+++ b/src/mir_app/src/netlib_ssl.cpp
@@ -44,41 +44,15 @@ struct SslHandle : public MZeroedObject
 	{
 		if (session)
 			SSL_free(session);
-		if (ctx)
-			SSL_CTX_free(ctx);
 	}
 
 	SOCKET s;
-	SSL_CTX *ctx;
 	SSL *session;
 	SocketState state;
 };
 
-static void SSL_library_unload(void)
-{
-	/* Load Library Pointers */
-	if (!bSslInitDone)
-		return;
-
-	bSslInitDone = false;
-}
-
-static bool SSL_library_load(void)
-{
-	/* Load Library Pointers */
-	if (bSslInitDone)
-		return true;
-
-	if (!bSslInitDone) { // init OpenSSL
-		SSL_library_init();
-		SSL_load_error_strings();
-		// FIXME check errors
-
-		bSslInitDone = true;
-	}
-
-	return bSslInitDone;
-}
+static SSL_CTX *g_ctx;
+static mir_cs csSsl;
 
 static void dump_error(SSL *session, int err)
 {
@@ -129,25 +103,11 @@ static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false)
 
 static bool ClientConnect(SslHandle *ssl, const char*)
 {
-	SSL_METHOD *meth = (SSL_METHOD*)SSLv23_client_method();
-
-	// contrary to what it's named, SSLv23 announces all supported ciphers/versions,
-	// generally TLS1.2 in a TLS1.0 Client Hello
-	if (!meth) {
-		Netlib_Logf(nullptr, "SSL setup failure: client method");
-		return false;
-	}
-	ssl->ctx = SSL_CTX_new(meth);
-	if (!ssl->ctx) {
-		Netlib_Logf(nullptr, "SSL setup failure: context");
-		return false;
+	{
+		mir_cslock lck(csSsl);
+		ssl->session = SSL_new(g_ctx);
 	}
 
-	// SSL_read/write should transparently handle renegotiations
-	SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, nullptr);
-
-	RAND_screen();
-	ssl->session = SSL_new(ssl->ctx);
 	if (!ssl->session) {
 		Netlib_Logf(nullptr, "SSL setup failure: session");
 		return false;
@@ -437,3 +397,55 @@ MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen)
 	memcpy(pBuf, buf, len);
 	return pBuf;
 }
+
+/////////////////////////////////////////////////////////////////////////////////////////
+// module entry point
+
+bool OpenSsl_Init(void)
+{
+	/* Load Library Pointers */
+	if (bSslInitDone)
+		return true;
+
+	if (!bSslInitDone) { // init OpenSSL
+		SSL_library_init();
+		SSL_load_error_strings();
+		// FIXME check errors
+
+		const SSL_METHOD *meth = TLS_client_method();
+		if (!meth) {
+			Netlib_Logf(nullptr, "SSL setup failure: client method");
+			return false;
+		}
+
+		g_ctx = SSL_CTX_new(meth);
+		if (!g_ctx) {
+			Netlib_Logf(nullptr, "SSL setup failure: context");
+			return false;
+		}
+
+		VARSW wszPemFile(L"%miranda_path%\\libs\\microsoft.pem");
+		SSL_CTX_load_verify_locations(g_ctx, _T2A(wszPemFile), NULL);
+
+		// SSL_read/write should transparently handle renegotiations
+		SSL_CTX_ctrl(g_ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, nullptr);
+
+		RAND_screen();
+
+		bSslInitDone = true;
+	}
+
+	return bSslInitDone;
+}
+
+void OpenSsl_Unload(void)
+{
+	/* Load Library Pointers */
+	if (!bSslInitDone)
+		return;
+
+	if (g_ctx)
+		SSL_CTX_free(g_ctx);
+
+	bSslInitDone = false;
+}