--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libcoap2
Libcoap 4.2.0 got finally released, the previous release, 4.2.0-RC4 is
currently available in testing and I'd like to update the version in
testing to the current version in unstable.
The final release of 4.2.0 got some small fixes within the autotool
setup but also small updates to the example binaries.
Upstream accepted two patches about due spelling fixes which are now
dropped from the patch queue.
The source got between the two versions some polish on the macro names
within the files and some fixups in some PKI functions and code.
No new symbols are added or existing symbols got removed.
See attached debdiff for the full view on the changes.
unblock libcoap2/4.2.0-1
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru libcoap2-4.2.0~rc4/ChangeLog libcoap2-4.2.0/ChangeLog
--- libcoap2-4.2.0~rc4/ChangeLog 2018-08-05 03:41:02.000000000 +0200
+++ libcoap2-4.2.0/ChangeLog 2019-03-02 17:18:14.000000000 +0100
@@ -1,3 +1,18 @@
+2019-02-11 Olaf Bergmann <bergmann@tzi.org>
+
+ Change summary for version 4.2.0:
+
+ * DTLS support improvements (OpenSSL, GnuTLS, tinydtls)
+ * Pre-shared keys, X.509 certificates
+ * new session abstraction
+ * TCP and TLS support
+ * improved documentation; manual pages
+ * changes in internal PDU structure
+ * improved examples (DTLS usage, block-wise transfer)
+ * docker images for continuous integration
+ * support for Google OSS fuzzer
+ * MS Visual Studio project for Windows builds
+
2017-07-10 Olaf Bergmann <bergmann@tzi.org>
* DTLS support (OpenSSL, tinyDTLS) by Jean-Claude Michelou
diff -Nru libcoap2-4.2.0~rc4/configure libcoap2-4.2.0/configure
--- libcoap2-4.2.0~rc4/configure 2019-02-09 07:26:22.000000000 +0100
+++ libcoap2-4.2.0/configure 2019-03-02 17:21:15.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libcoap 4.2.0rc4.
+# Generated by GNU Autoconf 2.69 for libcoap 4.2.0.
#
# Report bugs to <libcoap-developers@lists.sourceforge.net>.
#
@@ -650,8 +650,8 @@
# Identity of this package.
PACKAGE_NAME='libcoap'
PACKAGE_TARNAME='libcoap'
-PACKAGE_VERSION='4.2.0rc4'
-PACKAGE_STRING='libcoap 4.2.0rc4'
+PACKAGE_VERSION='4.2.0'
+PACKAGE_STRING='libcoap 4.2.0'
PACKAGE_BUGREPORT='libcoap-developers@lists.sourceforge.net'
PACKAGE_URL='https://libcoap.net/'
@@ -1447,7 +1447,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libcoap 4.2.0rc4 to adapt to many kinds of systems.
+\`configure' configures libcoap 4.2.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1518,7 +1518,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libcoap 4.2.0rc4:";;
+ short | recursive ) echo "Configuration of libcoap 4.2.0:";;
esac
cat <<\_ACEOF
@@ -1658,7 +1658,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libcoap configure 4.2.0rc4
+libcoap configure 4.2.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2081,7 +2081,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libcoap $as_me 4.2.0rc4, which was
+It was created by libcoap $as_me 4.2.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2945,7 +2945,7 @@
# Define the identity of the package.
PACKAGE='libcoap'
- VERSION='4.2.0rc4'
+ VERSION='4.2.0'
# Some tools Automake needs.
@@ -13751,7 +13751,7 @@
# Note that tinyDTLS is used only when explicitly requested.
# Giving out an error message if we haven't found at least one crypto library.
- if test "x$have_gnutls" = "xno" -a "x$have_openssl" = "xno" -a "x$have_tinydtls" != "xno"; then
+ if test "x$have_gnutls" = "xno" -a "x$have_openssl" = "xno" -a "x$have_tinydtls" = "xno"; then
as_fn_error $? "==> Option '--enable-dtls' is set but one of the needed cryptography library GnuTLS nor OpenSSL nor tinyDTLS could be found!
Install at least one of the package(s) that contains the development files for GnuTLS (>= $gnutls_version_required) or OpenSSL(>= $openssl_version_required)
or disable the DTLS support using '--disable-dtls'." "$LINENO" 5
@@ -15031,7 +15031,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libcoap $as_me 4.2.0rc4, which was
+This file was extended by libcoap $as_me 4.2.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -15098,7 +15098,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libcoap config.status 4.2.0rc4
+libcoap config.status 4.2.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru libcoap2-4.2.0~rc4/configure.ac libcoap2-4.2.0/configure.ac
--- libcoap2-4.2.0~rc4/configure.ac 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/configure.ac 2019-03-02 17:18:14.000000000 +0100
@@ -13,7 +13,7 @@
# define an appending release state if needed, for example for pre-releases
# like 'alpha' or 'rc1', for a full release keep the value empty!
-m4_define([libcoap_release_state], [rc4])
+m4_define([libcoap_release_state], [])
# concatenate the full libcoap version string
m4_define([libcoap_version], [m4_format([%s.%s.%s%s], libcoap_major_version, libcoap_minor_version, libcoap_micro_version, libcoap_release_state)])
@@ -428,7 +428,7 @@
# Note that tinyDTLS is used only when explicitly requested.
# Giving out an error message if we haven't found at least one crypto library.
- if test "x$have_gnutls" = "xno" -a "x$have_openssl" = "xno" -a "x$have_tinydtls" != "xno"; then
+ if test "x$have_gnutls" = "xno" -a "x$have_openssl" = "xno" -a "x$have_tinydtls" = "xno"; then
AC_MSG_ERROR([==> Option '--enable-dtls' is set but one of the needed cryptography library GnuTLS nor OpenSSL nor tinyDTLS could be found!
Install at least one of the package(s) that contains the development files for GnuTLS (>= $gnutls_version_required) or OpenSSL(>= $openssl_version_required)
or disable the DTLS support using '--disable-dtls'.])
diff -Nru libcoap2-4.2.0~rc4/CONTRIBUTE libcoap2-4.2.0/CONTRIBUTE
--- libcoap2-4.2.0~rc4/CONTRIBUTE 2018-08-05 03:41:02.000000000 +0200
+++ libcoap2-4.2.0/CONTRIBUTE 2019-03-02 17:18:14.000000000 +0100
@@ -120,7 +120,7 @@
the source file:
--8<----
-/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 * -*- */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
--->8--
* Single lines within the source code should not be longer then 78
@@ -198,14 +198,13 @@
Also a good documentation on the usage of the libcoap and the example
binaries is always improvable. So we appreciate any help on this.
-* Man Pages
+* Manual Pages
The source is providing some example binaries which originally just should show
how the libcoap can be used. Right now these binaries are fully usable and
quite more than simple examples on a system. There are man pages for these
binaries available, if you found there is a improvement needed please do so and
write to the mailing list explained in section 2.
-Maybe you can write up some good HowTo's on the usage for these binaries. A man
-page for the library itself would be also a improvement.
+Maybe you can write up some good HowTo's on the usage for these binaries.
* HowTo's
The libcoap library has now a lot of functions you can use.
@@ -213,7 +212,7 @@
any external project. This means there is no HowTo or CheatSheet for a
programming person available. You want to write up something?
-* missed Functionality
+* Missing functionality
There are some features that are still missing inside the libcoap. For
example some DTLS implementations and proxy functionality.
diff -Nru libcoap2-4.2.0~rc4/debian/changelog libcoap2-4.2.0/debian/changelog
--- libcoap2-4.2.0~rc4/debian/changelog 2019-02-09 07:43:56.000000000 +0100
+++ libcoap2-4.2.0/debian/changelog 2019-03-02 17:35:18.000000000 +0100
@@ -1,3 +1,13 @@
+libcoap2 (4.2.0-1) unstable; urgency=medium
+
+ * [b0fedea] New upstream version 4.2.0
+ * [da9142e] rebuild patch queue from patch-queue branch
+ removed patches (applied upstream):
+ spelling-fix-Addtional-Additional.patch
+ spelling-fix-funtion-function.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sat, 02 Mar 2019 17:35:18 +0100
+
libcoap2 (4.2.0~rc4-1) unstable; urgency=medium
* [f43d44d] New upstream version 4.2.0~rc4
diff -Nru libcoap2-4.2.0~rc4/debian/patches/series libcoap2-4.2.0/debian/patches/series
--- libcoap2-4.2.0~rc4/debian/patches/series 2019-02-09 07:28:09.000000000 +0100
+++ libcoap2-4.2.0/debian/patches/series 2019-03-02 17:33:17.000000000 +0100
@@ -1,4 +1,2 @@
examples-Makefile.am-remove-DTLS_LIBS-variable.patch
examples-Makefile.am-create-DTLS-specific-binary-names.patch
-spelling-fix-funtion-function.patch
-spelling-fix-Addtional-Additional.patch
diff -Nru libcoap2-4.2.0~rc4/debian/patches/spelling-fix-Addtional-Additional.patch libcoap2-4.2.0/debian/patches/spelling-fix-Addtional-Additional.patch
--- libcoap2-4.2.0~rc4/debian/patches/spelling-fix-Addtional-Additional.patch 2019-02-09 07:28:09.000000000 +0100
+++ libcoap2-4.2.0/debian/patches/spelling-fix-Addtional-Additional.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,35 +0,0 @@
-From: Carsten Schoenert <c.schoenert@t-online.de>
-Date: Fri, 21 Dec 2018 08:03:31 +0100
-Subject: spelling: fix Addtional -> Additional
-
----
- include/coap2/coap_dtls.h | 2 +-
- man/coap_encryption.txt.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/include/coap2/coap_dtls.h b/include/coap2/coap_dtls.h
-index 2f61e03..756e0f9 100644
---- a/include/coap2/coap_dtls.h
-+++ b/include/coap2/coap_dtls.h
-@@ -226,7 +226,7 @@ typedef struct coap_dtls_pki_t {
- coap_dtls_sni_callback_t validate_sni_call_back;
- void *sni_call_back_arg; /**< Passed in to the sni call-back function */
-
-- /** Addtional Security call-back handler that is invoked when libcoap has
-+ /** Additional Security call-back handler that is invoked when libcoap has
- * done the standerd, defined validation checks at the TLS level,
- * If not @p NULL, called from within the TLS Client Hello connection
- * setup.
-diff --git a/man/coap_encryption.txt.in b/man/coap_encryption.txt.in
-index ec1a219..12d6e1c 100644
---- a/man/coap_encryption.txt.in
-+++ b/man/coap_encryption.txt.in
-@@ -150,7 +150,7 @@ typedef struct coap_dtls_pki_t {
- coap_dtls_sni_callback_t validate_sni_call_back;
- void *sni_call_back_arg; /* Passed in to the sni call-back function */
-
-- /** Addtional Security call-back handler that is invoked when libcoap has
-+ /** Additional Security call-back handler that is invoked when libcoap has
- * done the standerd, defined validation checks at the TLS level,
- * If not NULL, called from within the TLS Client Hello connection
- * setup.
diff -Nru libcoap2-4.2.0~rc4/debian/patches/spelling-fix-funtion-function.patch libcoap2-4.2.0/debian/patches/spelling-fix-funtion-function.patch
--- libcoap2-4.2.0~rc4/debian/patches/spelling-fix-funtion-function.patch 2019-02-09 07:28:15.000000000 +0100
+++ libcoap2-4.2.0/debian/patches/spelling-fix-funtion-function.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,49 +0,0 @@
-From: Carsten Schoenert <c.schoenert@t-online.de>
-Date: Sat, 24 Nov 2018 08:44:27 +0100
-Subject: spelling: fix funtion -> function
-
----
- include/coap2/pdu.h | 2 +-
- man/coap_logging.txt.in | 2 +-
- src/net.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/include/coap2/pdu.h b/include/coap2/pdu.h
-index e84a0b3..4e0d1f7 100644
---- a/include/coap2/pdu.h
-+++ b/include/coap2/pdu.h
-@@ -467,7 +467,7 @@ int coap_pdu_parse(coap_proto_t proto,
- * Adds token of length @p len to @p pdu.
- * Adding the token destroys any following contents of the pdu. Hence options
- * and data must be added after coap_add_token() has been called. In @p pdu,
-- * length is set to @p len + @c 4, and max_delta is set to @c 0. This funtion
-+ * length is set to @p len + @c 4, and max_delta is set to @c 0. This function
- * returns @c 0 on error or a value greater than zero on success.
- *
- * @param pdu The PDU where the token is to be added.
-diff --git a/man/coap_logging.txt.in b/man/coap_logging.txt.in
-index 26228ad..c28a970 100644
---- a/man/coap_logging.txt.in
-+++ b/man/coap_logging.txt.in
-@@ -57,7 +57,7 @@ Logging by default is to stderr or stdout depending on the logging level of
- the log entry. It ia possible to send the logging information to an
- application logging call-back handler for processing by the application.
-
--The *coap_log*() funtion is used to log information at the appropriate _level_.
-+The *coap_log*() function is used to log information at the appropriate _level_.
- The rest of the parameters follow the standard *printf*() function format.
-
- Logging levels (*coap_log_t*) are defined by (the same as for *syslog*()), which
-diff --git a/src/net.c b/src/net.c
-index 2d84a8b..b1867de 100644
---- a/src/net.c
-+++ b/src/net.c
-@@ -1857,7 +1857,7 @@ no_response(coap_pdu_t *request, coap_pdu_t *response) {
- val = coap_decode_var_bytes(coap_opt_value(nores), coap_opt_length(nores));
-
- /* The response should be dropped when the bit corresponding to
-- * the response class is set (cf. table in funtion
-+ * the response class is set (cf. table in function
- * documentation). When a No-Response option is present and the
- * bit is not set, the sender explicitly indicates interest in
- * this response. */
diff -Nru libcoap2-4.2.0~rc4/doc/Makefile.in libcoap2-4.2.0/doc/Makefile.in
--- libcoap2-4.2.0~rc4/doc/Makefile.in 2019-02-09 07:26:21.000000000 +0100
+++ libcoap2-4.2.0/doc/Makefile.in 2019-03-02 17:21:16.000000000 +0100
@@ -402,8 +402,8 @@
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@HAVE_DOXYGEN_FALSE@clean-local:
@HAVE_DOXYGEN_FALSE@distclean-local:
+@HAVE_DOXYGEN_FALSE@clean-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff -Nru libcoap2-4.2.0~rc4/examples/client.c libcoap2-4.2.0/examples/client.c
--- libcoap2-4.2.0~rc4/examples/client.c 2018-12-20 21:52:25.000000000 +0100
+++ libcoap2-4.2.0/examples/client.c 2019-03-02 17:18:14.000000000 +0100
@@ -2,7 +2,7 @@
/* coap-client -- simple CoAP client
*
- * Copyright (C) 2010--2016 Olaf Bergmann <bergmann@tzi.org> and others
+ * Copyright (C) 2010--2019 Olaf Bergmann <bergmann@tzi.org> and others
*
* This file is part of the CoAP library libcoap. Please see README for terms of
* use.
@@ -307,6 +307,23 @@
memcmp(received->token, the_token.s, the_token.length) == 0;
}
+static int
+event_handler(coap_context_t *ctx UNUSED_PARAM,
+ coap_event_t event,
+ struct coap_session_t *session UNUSED_PARAM) {
+
+ switch(event) {
+ case COAP_EVENT_DTLS_CLOSED:
+ case COAP_EVENT_TCP_CLOSED:
+ case COAP_EVENT_SESSION_CLOSED:
+ quit = 1;
+ break;
+ default:
+ break;
+ }
+ return 0;
+}
+
static void
message_handler(struct coap_context_t *ctx,
coap_session_t *session,
@@ -554,7 +571,7 @@
program = ++p;
fprintf( stderr, "%s v%s -- a small CoAP implementation\n"
- "(c) 2010-2018 Olaf Bergmann <bergmann@tzi.org> and others\n\n"
+ "Copyright (C) 2010-2019 Olaf Bergmann <bergmann@tzi.org> and others\n\n"
"%s\n\n"
"Usage: %s [-a addr] [-b [num,]size] [-e text] [-f file] [-l loss]\n"
"\t\t[-m method] [-o file] [-p port] [-r] [-s duration] [-t type]\n"
@@ -1074,17 +1091,31 @@
}
static coap_dtls_pki_t *
-setup_pki(void) {
+setup_pki(coap_context_t *ctx) {
static coap_dtls_pki_t dtls_pki;
static char client_sni[256];
+ /* If general root CAs are defined */
+ if (root_ca_file) {
+ struct stat stbuf;
+ if ((stat(root_ca_file, &stbuf) == 0) && S_ISDIR(stbuf.st_mode)) {
+ coap_context_set_pki_root_cas(ctx, NULL, root_ca_file);
+ } else {
+ coap_context_set_pki_root_cas(ctx, root_ca_file, NULL);
+ }
+ }
+
memset (&dtls_pki, 0, sizeof(dtls_pki));
dtls_pki.version = COAP_DTLS_PKI_SETUP_VERSION;
- if (ca_file) {
+ if (ca_file || root_ca_file) {
/*
* Add in additional certificate checking.
* This list of enabled can be tuned for the specific
* requirements - see 'man coap_encryption'.
+ *
+ * Note: root_ca_file is setup separately using
+ * coap_context_set_pki_root_cas(), but this is used to define what
+ * checking actually takes place.
*/
dtls_pki.verify_peer_cert = 1;
dtls_pki.require_peer_cert = 1;
@@ -1130,16 +1161,6 @@
) {
coap_session_t *session = NULL;
- /* If general root CAs are defined */
- if (root_ca_file) {
- struct stat stbuf;
- if ((stat(root_ca_file, &stbuf) == 0) && S_ISDIR(stbuf.st_mode)) {
- coap_context_set_pki_root_cas(ctx, NULL, root_ca_file);
- } else {
- coap_context_set_pki_root_cas(ctx, root_ca_file, NULL);
- }
- }
-
if ( local_addr ) {
int s;
struct addrinfo hints;
@@ -1163,8 +1184,9 @@
coap_address_init( &bind_addr );
bind_addr.size = rp->ai_addrlen;
memcpy( &bind_addr.addr, rp->ai_addr, rp->ai_addrlen );
- if (cert_file && (proto == COAP_PROTO_DTLS || proto == COAP_PROTO_TLS)) {
- coap_dtls_pki_t *dtls_pki = setup_pki();
+ if ((root_ca_file || ca_file || cert_file) &&
+ (proto == COAP_PROTO_DTLS || proto == COAP_PROTO_TLS)) {
+ coap_dtls_pki_t *dtls_pki = setup_pki(ctx);
session = coap_new_client_session_pki(ctx, &bind_addr, dst, proto, dtls_pki);
}
else if ((identity || key) &&
@@ -1181,8 +1203,9 @@
}
freeaddrinfo( result );
} else {
- if (cert_file && (proto == COAP_PROTO_DTLS || proto == COAP_PROTO_TLS)) {
- coap_dtls_pki_t *dtls_pki = setup_pki();
+ if ((root_ca_file || ca_file || cert_file) &&
+ (proto == COAP_PROTO_DTLS || proto == COAP_PROTO_TLS)) {
+ coap_dtls_pki_t *dtls_pki = setup_pki(ctx);
session = coap_new_client_session_pki(ctx, NULL, dst, proto, dtls_pki);
}
else if ((identity || key) &&
@@ -1399,6 +1422,7 @@
coap_register_option(ctx, COAP_OPTION_BLOCK2);
coap_register_response_handler(ctx, message_handler);
+ coap_register_event_handler(ctx, event_handler);
/* construct CoAP message */
diff -Nru libcoap2-4.2.0~rc4/examples/coap_list.h libcoap2-4.2.0/examples/coap_list.h
--- libcoap2-4.2.0~rc4/examples/coap_list.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/examples/coap_list.h 2019-02-09 07:54:00.000000000 +0100
@@ -25,8 +25,8 @@
* of coap-client
*/
-#ifndef _COAP_LIST_H_
-#define _COAP_LIST_H_
+#ifndef COAP_LIST_H_
+#define COAP_LIST_H_
#include <coap2/utlist.h>
@@ -47,4 +47,4 @@
/* removes all items from given queue and frees the allocated storage */
void coap_delete_list(coap_list_t *queue);
-#endif /* _COAP_LIST_H_ */
+#endif /* COAP_LIST_H_ */
diff -Nru libcoap2-4.2.0~rc4/examples/coap-server.c libcoap2-4.2.0/examples/coap-server.c
--- libcoap2-4.2.0~rc4/examples/coap-server.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/examples/coap-server.c 2019-03-02 17:18:14.000000000 +0100
@@ -1,9 +1,9 @@
-/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 * -*- */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* coap -- simple implementation of the Constrained Application Protocol (CoAP)
* as defined in RFC 7252
*
- * Copyright (C) 2010--2018 Olaf Bergmann <bergmann@tzi.org> and others
+ * Copyright (C) 2010--2019 Olaf Bergmann <bergmann@tzi.org> and others
*
* This file is part of the CoAP library libcoap. Please see README for terms
* of use.
@@ -56,6 +56,7 @@
static char *cert_file = NULL; /* Combined certificate and private key in PEM */
static char *ca_file = NULL; /* CA for cert_file - for cert checking in PEM */
static char *root_ca_file = NULL; /* List of trusted Root CAs in PEM */
+static int require_peer_cert = 1; /* By default require peer cert */
#define MAX_KEY 64 /* Maximum length of a key (i.e., PSK) in bytes. */
static uint8_t key[MAX_KEY];
static ssize_t key_length = 0;
@@ -82,7 +83,7 @@
}
#define INDEX "This is a test server made with libcoap (see https://libcoap.net)\n" \
- "Copyright (C) 2010--2018 Olaf Bergmann <bergmann@tzi.org>\n\n"
+ "Copyright (C) 2010--2019 Olaf Bergmann <bergmann@tzi.org> and others\n\n"
static void
hnd_get_index(coap_context_t *ctx UNUSED_PARAM,
@@ -683,7 +684,7 @@
* requirements - see 'man coap_encryption'.
*/
dtls_pki.verify_peer_cert = 1;
- dtls_pki.require_peer_cert = 1;
+ dtls_pki.require_peer_cert = require_peer_cert;
dtls_pki.allow_self_signed = 1;
dtls_pki.allow_expired_certs = 1;
dtls_pki.cert_chain_validation = 1;
@@ -737,7 +738,7 @@
"Usage: %s [-d max] [-g group] [-l loss] [-p port] [-v num]\n"
"\t\t[-A address] [-N]\n"
"\t\t[[-k key] [-h hint]]\n"
- "\t\t[[-c certfile][-C cafile] [-R root_cafile]]\n"
+ "\t\t[[-c certfile][-C cafile] [-n] [-R root_cafile]]\n"
"General Options\n"
"\t-d max \t\tAllow dynamic creation of up to a total of max\n"
"\t \t\tresources. If max is reached, a 4.06 code is returned\n"
@@ -765,6 +766,8 @@
"PKI Options (if supported by underlying (D)TLS library)\n"
"\t-c certfile\tPEM file containing both CERTIFICATE and PRIVATE KEY\n"
"\t \t\tThis argument requires (D)TLS with PKI to be available\n"
+ "\t-n \t\tDisable the requirement for clients to have defined\n"
+ "\t \t\tclient certificates\n"
"\t-C cafile\tPEM file containing the CA Certificate that was used to\n"
"\t \t\tsign the certfile. If defined, then the client will be\n"
"\t \t\tgiven this CA Certificate during the TLS set up.\n"
@@ -952,7 +955,7 @@
clock_offset = time(NULL);
- while ((opt = getopt(argc, argv, "A:d:c:C:g:h:k:l:Np:R:v:")) != -1) {
+ while ((opt = getopt(argc, argv, "A:d:c:C:g:h:k:l:nNp:R:v:")) != -1) {
switch (opt) {
case 'A' :
strncpy(addr_str, optarg, NI_MAXHOST-1);
@@ -991,6 +994,9 @@
exit(1);
}
break;
+ case 'n':
+ require_peer_cert = 0;
+ break;
case 'N':
resource_flags = COAP_RESOURCE_FLAGS_NOTIFY_NON;
break;
diff -Nru libcoap2-4.2.0~rc4/include/coap2/address.h libcoap2-4.2.0/include/coap2/address.h
--- libcoap2-4.2.0~rc4/include/coap2/address.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/address.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief Representation of network addresses
*/
-#ifndef _COAP_ADDRESS_H_
-#define _COAP_ADDRESS_H_
+#ifndef COAP_ADDRESS_H_
+#define COAP_ADDRESS_H_
#include <assert.h>
#include <stdint.h>
@@ -174,4 +174,4 @@
}
#endif /* !WITH_LWIP && !WITH_CONTIKI */
-#endif /* _COAP_ADDRESS_H_ */
+#endif /* COAP_ADDRESS_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/async.h libcoap2-4.2.0/include/coap2/async.h
--- libcoap2-4.2.0~rc4/include/coap2/async.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/async.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief State management for asynchronous messages
*/
-#ifndef _COAP_ASYNC_H_
-#define _COAP_ASYNC_H_
+#ifndef COAP_ASYNC_H_
+#define COAP_ASYNC_H_
#include "net.h"
@@ -146,4 +146,4 @@
#endif /* WITHOUT_ASYNC */
-#endif /* _COAP_ASYNC_H_ */
+#endif /* COAP_ASYNC_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/bits.h libcoap2-4.2.0/include/coap2/bits.h
--- libcoap2-4.2.0~rc4/include/coap2/bits.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/bits.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief Bit vector manipulation
*/
-#ifndef _COAP_BITS_H_
-#define _COAP_BITS_H_
+#ifndef COAP_BITS_H_
+#define COAP_BITS_H_
#include <stdint.h>
@@ -75,4 +75,4 @@
return (*(vec + (bit >> 3)) & (1 << (bit & 0x07))) != 0;
}
-#endif /* _COAP_BITS_H_ */
+#endif /* COAP_BITS_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/block.h libcoap2-4.2.0/include/coap2/block.h
--- libcoap2-4.2.0~rc4/include/coap2/block.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/block.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_BLOCK_H_
-#define _COAP_BLOCK_H_
+#ifndef COAP_BLOCK_H_
+#define COAP_BLOCK_H_
#include "encode.h"
#include "option.h"
@@ -170,4 +170,4 @@
/**@}*/
-#endif /* _COAP_BLOCK_H_ */
+#endif /* COAP_BLOCK_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_debug.h libcoap2-4.2.0/include/coap2/coap_debug.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_debug.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_debug.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_DEBUG_H_
-#define _COAP_DEBUG_H_
+#ifndef COAP_DEBUG_H_
+#define COAP_DEBUG_H_
/**
* @defgroup logging Logging Support
@@ -206,4 +206,4 @@
int coap_debug_send_packet(void);
-#endif /* _COAP_DEBUG_H_ */
+#endif /* COAP_DEBUG_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_dtls.h libcoap2-4.2.0/include/coap2/coap_dtls.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_dtls.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_dtls.h 2019-03-02 17:18:14.000000000 +0100
@@ -8,8 +8,8 @@
* of use.
*/
-#ifndef _COAP_DTLS_H_
-#define _COAP_DTLS_H_
+#ifndef COAP_DTLS_H_
+#define COAP_DTLS_H_
#include "net.h"
#include "coap_session.h"
@@ -129,7 +129,7 @@
* The enum used for determining the PKI key formats.
*/
typedef enum coap_pki_key_t {
- COAP_PKI_KEY_PEM, /**< The PKI key type is PEM */
+ COAP_PKI_KEY_PEM = 0, /**< The PKI key type is PEM */
COAP_PKI_KEY_ASN1, /**< The PKI key type is ASN.1 (DER) */
} coap_pki_key_t;
@@ -226,7 +226,7 @@
coap_dtls_sni_callback_t validate_sni_call_back;
void *sni_call_back_arg; /**< Passed in to the sni call-back function */
- /** Addtional Security call-back handler that is invoked when libcoap has
+ /** Additional Security call-back handler that is invoked when libcoap has
* done the standerd, defined validation checks at the TLS level,
* If not @p NULL, called from within the TLS Client Hello connection
* setup.
@@ -261,8 +261,10 @@
void *
coap_dtls_new_context(struct coap_context_t *coap_context);
-#define COAP_DTLS_ROLE_CLIENT 0 /**< Internal function invoked for client */
-#define COAP_DTLS_ROLE_SERVER 1 /**< Internal function invoked for server */
+typedef enum coap_dtls_role_t {
+ COAP_DTLS_ROLE_CLIENT, /**< Internal function invoked for client */
+ COAP_DTLS_ROLE_SERVER /**< Internal function invoked for server */
+} coap_dtls_role_t;
/**
* Set the DTLS context's default PSK information.
@@ -288,7 +290,7 @@
int
coap_dtls_context_set_psk(struct coap_context_t *coap_context,
const char *identity_hint,
- int role);
+ coap_dtls_role_t role);
/**
* Set the DTLS context's default server PKI information.
@@ -312,7 +314,7 @@
int
coap_dtls_context_set_pki(struct coap_context_t *coap_context,
coap_dtls_pki_t *setup_data,
- int role);
+ coap_dtls_role_t role);
/**
* Set the dtls context's default Root CA information for a client or server.
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_event.h libcoap2-4.2.0/include/coap2/coap_event.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_event.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_event.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_EVENT_H_
-#define _COAP_EVENT_H_
+#ifndef COAP_EVENT_H_
+#define COAP_EVENT_H_
#include "libcoap.h"
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap.h libcoap2-4.2.0/include/coap2/coap.h
--- libcoap2-4.2.0~rc4/include/coap2/coap.h 2019-02-09 07:26:26.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap.h 2019-03-02 17:21:26.000000000 +0100
@@ -8,8 +8,8 @@
* of use.
*/
-#ifndef _COAP_H_
-#define _COAP_H_
+#ifndef COAP_H_
+#define COAP_H_
/* Define the address where bug reports for libcoap should be sent. */
#define LIBCOAP_PACKAGE_BUGREPORT "libcoap-developers@lists.sourceforge.net"
@@ -18,13 +18,13 @@
#define LIBCOAP_PACKAGE_NAME "libcoap"
/* Define the full name and version of libcoap. */
-#define LIBCOAP_PACKAGE_STRING "libcoap 4.2.0rc4"
+#define LIBCOAP_PACKAGE_STRING "libcoap 4.2.0"
/* Define the home page for libcoap. */
#define LIBCOAP_PACKAGE_URL "https://libcoap.net/";
/* Define the version of libcoap this file belongs to. */
-#define LIBCOAP_PACKAGE_VERSION "4.2.0rc4"
+#define LIBCOAP_PACKAGE_VERSION "4.2.0"
#ifdef __cplusplus
extern "C" {
@@ -56,4 +56,4 @@
}
#endif
-#endif /* _COAP_H_ */
+#endif /* COAP_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_hashkey.h libcoap2-4.2.0/include/coap2/coap_hashkey.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_hashkey.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_hashkey.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief definition of hash key type and helper functions
*/
-#ifndef _COAP_HASHKEY_H_
-#define _COAP_HASHKEY_H_
+#ifndef COAP_HASHKEY_H_
+#define COAP_HASHKEY_H_
#include "libcoap.h"
#include "uthash.h"
@@ -37,9 +37,9 @@
coap_hash_impl((String),(Length),(Result))
/* This is used to control the pre-set hash-keys for resources. */
-#define __COAP_DEFAULT_HASH
+#define COAP_DEFAULT_HASH
#else
-#undef __COAP_DEFAULT_HASH
+#undef COAP_DEFAULT_HASH
#endif /* coap_hash */
/**
@@ -56,4 +56,4 @@
coap_hash((Str)->s, (Str)->length, (H)); \
}
-#endif /* _COAP_HASHKEY_H_ */
+#endif /* COAP_HASHKEY_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap.h.in libcoap2-4.2.0/include/coap2/coap.h.in
--- libcoap2-4.2.0~rc4/include/coap2/coap.h.in 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap.h.in 2019-02-09 07:54:00.000000000 +0100
@@ -8,8 +8,8 @@
* of use.
*/
-#ifndef _COAP_H_
-#define _COAP_H_
+#ifndef COAP_H_
+#define COAP_H_
/* Define the address where bug reports for libcoap should be sent. */
#define LIBCOAP_PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
@@ -56,4 +56,4 @@
}
#endif
-#endif /* _COAP_H_ */
+#endif /* COAP_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_io.h libcoap2-4.2.0/include/coap2/coap_io.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_io.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_io.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_IO_H_
-#define _COAP_IO_H_
+#ifndef COAP_IO_H_
+#define COAP_IO_H_
#include <assert.h>
#include <sys/types.h>
@@ -210,4 +210,4 @@
COAP_NACK_TLS_FAILED
} coap_nack_reason_t;
-#endif /* _COAP_IO_H_ */
+#endif /* COAP_IO_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_session.h libcoap2-4.2.0/include/coap2/coap_session.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_session.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_session.h 2019-02-09 07:54:00.000000000 +0100
@@ -6,8 +6,8 @@
* README for terms of use.
*/
-#ifndef _SESSION_H_
-#define _SESSION_H_
+#ifndef COAP_SESSION_H_
+#define COAP_SESSION_H_
#include "coap_io.h"
@@ -160,7 +160,7 @@
* @param session The CoAP session.
* @return maximum PDU size, not including header (but including token).
*/
-size_t coap_session_max_pdu_size(coap_session_t *session);
+size_t coap_session_max_pdu_size(const coap_session_t *session);
/**
* Creates a new client session to the designated server.
@@ -490,4 +490,4 @@
*/
coap_tid_t coap_session_send_ping(coap_session_t *session);
-#endif /* _SESSION_H */
+#endif /* COAP_SESSION_H */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/coap_time.h libcoap2-4.2.0/include/coap2/coap_time.h
--- libcoap2-4.2.0~rc4/include/coap2/coap_time.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/coap_time.h 2019-03-02 17:18:14.000000000 +0100
@@ -1,7 +1,7 @@
/*
* coap_time.h -- Clock Handling
*
- * Copyright (C) 2010-2013 Olaf Bergmann <bergmann@tzi.org>
+ * Copyright (C) 2010-2019 Olaf Bergmann <bergmann@tzi.org>
*
* This file is part of the CoAP library libcoap. Please see README for terms
* of use.
@@ -12,8 +12,8 @@
* @brief Clock Handling
*/
-#ifndef _COAP_TIME_H_
-#define _COAP_TIME_H_
+#ifndef COAP_TIME_H_
+#define COAP_TIME_H_
/**
* @defgroup clock Clock Handling
@@ -159,4 +159,4 @@
/** @} */
-#endif /* _COAP_TIME_H_ */
+#endif /* COAP_TIME_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/encode.h libcoap2-4.2.0/include/coap2/encode.h
--- libcoap2-4.2.0~rc4/include/coap2/encode.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/encode.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_ENCODE_H_
-#define _COAP_ENCODE_H_
+#ifndef COAP_ENCODE_H_
+#define COAP_ENCODE_H_
#if (BSD >= 199103) || defined(WITH_CONTIKI) || defined(_WIN32)
# include <string.h>
@@ -93,4 +93,4 @@
return (int)coap_encode_var_safe(buf, sizeof(value), value);
}
-#endif /* _COAP_ENCODE_H_ */
+#endif /* COAP_ENCODE_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/libcoap.h libcoap2-4.2.0/include/coap2/libcoap.h
--- libcoap2-4.2.0~rc4/include/coap2/libcoap.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/libcoap.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _LIBCOAP_H_
-#define _LIBCOAP_H_
+#ifndef COAP_LIBCOAP_H_
+#define COAP_LIBCOAP_H_
/* The non posix embedded platforms like Contiki, TinyOS, RIOT, ... doesn't have
* a POSIX compatible header structure so we have to slightly do some platform
@@ -55,4 +55,4 @@
void coap_cleanup(void);
-#endif /* _LIBCOAP_H_ */
+#endif /* COAP_LIBCOAP_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/mem.h libcoap2-4.2.0/include/coap2/mem.h
--- libcoap2-4.2.0~rc4/include/coap2/mem.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/mem.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_MEM_H_
-#define _COAP_MEM_H_
+#ifndef COAP_MEM_H_
+#define COAP_MEM_H_
#include <stdlib.h>
@@ -113,4 +113,4 @@
#endif /* WITH_LWIP */
-#endif /* _COAP_MEM_H_ */
+#endif /* COAP_MEM_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/net.h libcoap2-4.2.0/include/coap2/net.h
--- libcoap2-4.2.0~rc4/include/coap2/net.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/net.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_NET_H_
-#define _COAP_NET_H_
+#ifndef COAP_NET_H_
+#define COAP_NET_H_
#include <assert.h>
#include <stdlib.h>
@@ -739,4 +739,4 @@
*/
unsigned int coap_calc_timeout(coap_session_t *session, unsigned char r);
-#endif /* _COAP_NET_H_ */
+#endif /* COAP_NET_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/option.h libcoap2-4.2.0/include/coap2/option.h
--- libcoap2-4.2.0~rc4/include/coap2/option.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/option.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief Helpers for handling options in CoAP PDUs
*/
-#ifndef _COAP_OPTION_H_
-#define _COAP_OPTION_H_
+#ifndef COAP_OPTION_H_
+#define COAP_OPTION_H_
#include "bits.h"
#include "pdu.h"
@@ -458,4 +458,4 @@
*/
void coap_delete_optlist(coap_optlist_t *optlist_chain);
-#endif /* _OPTION_H_ */
+#endif /* COAP_OPTION_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/pdu.h libcoap2-4.2.0/include/coap2/pdu.h
--- libcoap2-4.2.0~rc4/include/coap2/pdu.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/pdu.h 2019-03-02 17:18:14.000000000 +0100
@@ -12,8 +12,8 @@
* @brief Pre-defined constants that reflect defaults for CoAP
*/
-#ifndef _COAP_PDU_H_
-#define _COAP_PDU_H_
+#ifndef COAP_PDU_H_
+#define COAP_PDU_H_
#include "uri.h"
@@ -385,7 +385,7 @@
/**
* Creates a new CoAP PDU.
*/
-coap_pdu_t *coap_new_pdu(struct coap_session_t *session);
+coap_pdu_t *coap_new_pdu(const struct coap_session_t *session);
/**
* Dispose of an CoAP PDU and frees associated storage.
@@ -467,7 +467,7 @@
* Adds token of length @p len to @p pdu.
* Adding the token destroys any following contents of the pdu. Hence options
* and data must be added after coap_add_token() has been called. In @p pdu,
- * length is set to @p len + @c 4, and max_delta is set to @c 0. This funtion
+ * length is set to @p len + @c 4, and max_delta is set to @c 0. This function
* returns @c 0 on error or a value greater than zero on success.
*
* @param pdu The PDU where the token is to be added.
@@ -540,4 +540,4 @@
size_t coap_pdu_encode_header(coap_pdu_t *pdu, coap_proto_t proto);
-#endif /* _COAP_PDU_H_ */
+#endif /* COAP_PDU_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/prng.h libcoap2-4.2.0/include/coap2/prng.h
--- libcoap2-4.2.0~rc4/include/coap2/prng.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/prng.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief Pseudo Random Numbers
*/
-#ifndef _COAP_PRNG_H_
-#define _COAP_PRNG_H_
+#ifndef COAP_PRNG_H_
+#define COAP_PRNG_H_
/**
* @defgroup prng Pseudo Random Numbers
@@ -124,4 +124,4 @@
/** @} */
-#endif /* _COAP_PRNG_H_ */
+#endif /* COAP_PRNG_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/resource.h libcoap2-4.2.0/include/coap2/resource.h
--- libcoap2-4.2.0~rc4/include/coap2/resource.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/resource.h 2019-02-09 07:54:00.000000000 +0100
@@ -12,8 +12,8 @@
* @brief Generic resource handling
*/
-#ifndef _COAP_RESOURCE_H_
-#define _COAP_RESOURCE_H_
+#ifndef COAP_RESOURCE_H_
+#define COAP_RESOURCE_H_
# include <assert.h>
@@ -521,4 +521,4 @@
coap_resource_set_dirty(coap_resource_t *r,
const coap_string_t *query);
-#endif /* _COAP_RESOURCE_H_ */
+#endif /* COAP_RESOURCE_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/str.h libcoap2-4.2.0/include/coap2/str.h
--- libcoap2-4.2.0~rc4/include/coap2/str.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/str.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_STR_H_
-#define _COAP_STR_H_
+#ifndef COAP_STR_H_
+#define COAP_STR_H_
#include <string.h>
@@ -118,4 +118,4 @@
/** @} */
-#endif /* _COAP_STR_H_ */
+#endif /* COAP_STR_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/subscribe.h libcoap2-4.2.0/include/coap2/subscribe.h
--- libcoap2-4.2.0~rc4/include/coap2/subscribe.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/subscribe.h 2019-02-09 07:54:00.000000000 +0100
@@ -9,8 +9,8 @@
*/
-#ifndef _COAP_SUBSCRIBE_H_
-#define _COAP_SUBSCRIBE_H_
+#ifndef COAP_SUBSCRIBE_H_
+#define COAP_SUBSCRIBE_H_
#include "address.h"
#include "coap_io.h"
@@ -73,4 +73,4 @@
/** @} */
-#endif /* _COAP_SUBSCRIBE_H_ */
+#endif /* COAP_SUBSCRIBE_H_ */
diff -Nru libcoap2-4.2.0~rc4/include/coap2/uri.h libcoap2-4.2.0/include/coap2/uri.h
--- libcoap2-4.2.0~rc4/include/coap2/uri.h 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/include/coap2/uri.h 2019-02-09 07:54:00.000000000 +0100
@@ -7,8 +7,8 @@
* of use.
*/
-#ifndef _COAP_URI_H_
-#define _COAP_URI_H_
+#ifndef COAP_URI_H_
+#define COAP_URI_H_
#include <stdint.h>
@@ -144,4 +144,4 @@
/** @} */
-#endif /* _COAP_URI_H_ */
+#endif /* COAP_URI_H_ */
diff -Nru libcoap2-4.2.0~rc4/man/coap_encryption.txt.in libcoap2-4.2.0/man/coap_encryption.txt.in
--- libcoap2-4.2.0~rc4/man/coap_encryption.txt.in 2018-11-30 18:24:37.000000000 +0100
+++ libcoap2-4.2.0/man/coap_encryption.txt.in 2019-03-02 17:18:14.000000000 +0100
@@ -150,7 +150,7 @@
coap_dtls_sni_callback_t validate_sni_call_back;
void *sni_call_back_arg; /* Passed in to the sni call-back function */
- /** Addtional Security call-back handler that is invoked when libcoap has
+ /** Additional Security call-back handler that is invoked when libcoap has
* done the standerd, defined validation checks at the TLS level,
* If not NULL, called from within the TLS Client Hello connection
* setup.
diff -Nru libcoap2-4.2.0~rc4/man/coap_logging.txt.in libcoap2-4.2.0/man/coap_logging.txt.in
--- libcoap2-4.2.0~rc4/man/coap_logging.txt.in 2018-11-30 18:24:37.000000000 +0100
+++ libcoap2-4.2.0/man/coap_logging.txt.in 2019-03-02 17:18:14.000000000 +0100
@@ -57,7 +57,7 @@
the log entry. It ia possible to send the logging information to an
application logging call-back handler for processing by the application.
-The *coap_log*() funtion is used to log information at the appropriate _level_.
+The *coap_log*() function is used to log information at the appropriate _level_.
The rest of the parameters follow the standard *printf*() function format.
Logging levels (*coap_log_t*) are defined by (the same as for *syslog*()), which
diff -Nru libcoap2-4.2.0~rc4/man/coap-server.txt.in libcoap2-4.2.0/man/coap-server.txt.in
--- libcoap2-4.2.0~rc4/man/coap-server.txt.in 2018-12-20 21:52:25.000000000 +0100
+++ libcoap2-4.2.0/man/coap-server.txt.in 2019-03-02 17:18:14.000000000 +0100
@@ -17,7 +17,7 @@
*coap-server* [*-d* max] [*-g* group] [*-l* loss] [*-p* port] [*-v* num]
[*-A* address] [*-N*]
[[*-k* key] [*-h* hint]]
- [[*-c* certfile][*-C* cafile] [*-R* root_cafile]]
+ [[*-c* certfile] [*-n*] [*-C* cafile] [*-R* root_cafile]]
DESCRIPTION
-----------
@@ -85,6 +85,9 @@
*Note:* if *-k key* is defined, you need to define *-c cafile* as well to
have the server support both PSK and PKI.
+*-n* ::
+ Disable the requirement for clients to have defined client certificates
+
*-C* cafile::
PEM file containing the CA Certificate that was used to sign the certfile
defined using *-c certfile*.
diff -Nru libcoap2-4.2.0~rc4/README libcoap2-4.2.0/README
--- libcoap2-4.2.0~rc4/README 2018-11-27 18:53:45.000000000 +0100
+++ libcoap2-4.2.0/README 2019-03-02 17:18:14.000000000 +0100
@@ -3,7 +3,7 @@
[](https://travis-ci.org/obgm/libcoap)
[](https://scan.coverity.com/projects/obgm-libcoap)
-Copyright (C) 2010--2018 by Olaf Bergmann <bergmann@tzi.org> and others
+Copyright (C) 2010—2019 by Olaf Bergmann <bergmann@tzi.org> and others
ABOUT LIBCOAP
=============
diff -Nru libcoap2-4.2.0~rc4/src/address.c libcoap2-4.2.0/src/address.c
--- libcoap2-4.2.0~rc4/src/address.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/address.c 2019-03-02 17:18:14.000000000 +0100
@@ -1,6 +1,6 @@
/* address.c -- representation of network addresses
*
- * Copyright (C) 2015-2016 Olaf Bergmann <bergmann@tzi.org>
+ * Copyright (C) 2015-2016,2019 Olaf Bergmann <bergmann@tzi.org>
*
* This file is part of the CoAP library libcoap. Please see
* README for terms of use.
diff -Nru libcoap2-4.2.0~rc4/src/block.c libcoap2-4.2.0/src/block.c
--- libcoap2-4.2.0~rc4/src/block.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/block.c 2019-03-02 17:18:14.000000000 +0100
@@ -1,6 +1,6 @@
/* block.c -- block transfer
*
- * Copyright (C) 2010--2012,2015-2016 Olaf Bergmann <bergmann@tzi.org>
+ * Copyright (C) 2010--2012,2015-2019 Olaf Bergmann <bergmann@tzi.org> and others
*
* This file is part of the CoAP library libcoap. Please see
* README for terms of use.
diff -Nru libcoap2-4.2.0~rc4/src/coap_debug.c libcoap2-4.2.0/src/coap_debug.c
--- libcoap2-4.2.0~rc4/src/coap_debug.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/coap_debug.c 2019-03-02 17:18:14.000000000 +0100
@@ -1,6 +1,6 @@
/* debug.c -- debug utilities
*
- * Copyright (C) 2010--2012,2014--2015 Olaf Bergmann <bergmann@tzi.org>
+ * Copyright (C) 2010--2012,2014--2019 Olaf Bergmann <bergmann@tzi.org> and others
*
* This file is part of the CoAP library libcoap. Please see
* README for terms of use.
diff -Nru libcoap2-4.2.0~rc4/src/coap_gnutls.c libcoap2-4.2.0/src/coap_gnutls.c
--- libcoap2-4.2.0~rc4/src/coap_gnutls.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/coap_gnutls.c 2019-03-02 17:18:14.000000000 +0100
@@ -1,8 +1,8 @@
/*
- * coap_gnutls.c -- GunTLS Datagram Transport Layer Support for libcoap
+ * coap_gnutls.c -- GnuTLS Datagram Transport Layer Support for libcoap
*
* Copyright (C) 2017 Dag Bjorklund <dag.bjorklund@comsel.fi>
- * Copyright (C) 2018 Jon Shallow <supjps-libcoap@jpshallow.com>
+ * Copyright (C) 2018-2019 Jon Shallow <supjps-libcoap@jpshallow.com>
*
* This file is part of the CoAP library libcoap. Please see README for terms
* of use.
@@ -88,6 +88,12 @@
gnutls_priority_t priority_cache;
} coap_gnutls_context_t;
+typedef enum coap_free_bye_t {
+ COAP_FREE_BYE_AS_TCP, /**< call gnutls_bye() with GNUTLS_SHUT_RDWR */
+ COAP_FREE_BYE_AS_UDP, /**< call gnutls_bye() with GNUTLS_SHUT_WR */
+ COAP_FREE_BYE_NONE /**< do not call gnutls_bye() */
+} coap_free_bye_t;
+
#if (GNUTLS_VERSION_NUMBER >= 0x030505)
#define VARIANTS "NORMAL:+ECDHE-PSK:+PSK:+ECDHE-ECDSA:+AES-128-CCM-8"
#else
@@ -161,9 +167,14 @@
static void
coap_gnutls_audit_log_func(gnutls_session_t g_session, const char* text)
{
- coap_session_t *c_session =
- (coap_session_t *)gnutls_transport_get_ptr(g_session);
- coap_log(LOG_WARNING, "** %s: %s", coap_session_str(c_session), text);
+ if (g_session) {
+ coap_session_t *c_session =
+ (coap_session_t *)gnutls_transport_get_ptr(g_session);
+ coap_log(LOG_WARNING, "** %s: %s",
+ coap_session_str(c_session), text);
+ } else {
+ coap_log(LOG_WARNING, "** (null): %s", text);
+ }
}
static void
@@ -182,7 +193,7 @@
int
coap_dtls_context_set_pki(coap_context_t *c_context,
coap_dtls_pki_t* setup_data,
- int role UNUSED)
+ coap_dtls_role_t role UNUSED)
{
coap_gnutls_context_t *g_context =
((coap_gnutls_context_t *)c_context->dtls_context);
@@ -247,7 +258,7 @@
int
coap_dtls_context_set_psk(coap_context_t *c_context,
const char *identity_hint UNUSED,
- int role UNUSED
+ coap_dtls_role_t role UNUSED
) {
coap_gnutls_context_t *g_context =
((coap_gnutls_context_t *)c_context->dtls_context);
@@ -365,6 +376,14 @@
uint8_t psk_key[64];
size_t psk_len;
+ /* Constant passed to get_client_psk callback. The final byte is
+ * reserved for a terminating 0. */
+ const size_t max_identity_len = sizeof(identity) - 1;
+
+ /* Initialize result parameters. */
+ *username = NULL;
+ key->data = NULL;
+
if (c_session == NULL || c_session->context == NULL ||
c_session->context->get_client_psk == NULL) {
return -1;
@@ -375,20 +394,26 @@
0,
identity,
&identity_len,
- sizeof (identity) - 1,
+ max_identity_len,
psk_key,
sizeof(psk_key));
- if (identity_len < sizeof (identity))
- identity[identity_len] = 0;
+ assert(identity_len < sizeof(identity));
+ /* Reserve dynamic memory to hold the identity and a terminating
+ * zero. */
*username = gnutls_malloc(identity_len+1);
- memcpy(*username, identity, identity_len+1);
+ if (*username) {
+ memcpy(*username, identity, identity_len);
+ *username[identity_len] = '\0';
+ }
key->data = gnutls_malloc(psk_len);
- memcpy(key->data, psk_key, psk_len);
- key->size = psk_len;
+ if (key->data) {
+ memcpy(key->data, psk_key, psk_len);
+ key->size = psk_len;
+ }
- return 0;
+ return (*username && key->data) ? 0 : -1;
}
/*
@@ -521,6 +546,9 @@
gnutls_x509_crt_t cert;
uint8_t der[2048];
size_t size;
+ /* status == 0 indicates that the certificate passed to
+ * setup_data.validate_cn_call_back has been validated. */
+ const int cert_is_trusted = !status;
cert_list = gnutls_certificate_get_peers(g_session, &cert_list_size);
if (cert_list_size == 0) {
@@ -543,7 +571,7 @@
size,
c_session,
0,
- status ? 0 : 1,
+ cert_is_trusted,
g_context->setup_data.cn_call_back_arg)) {
alert = GNUTLS_A_ACCESS_DENIED;
goto fail;
@@ -600,29 +628,30 @@
static int
setup_pki_credentials(gnutls_certificate_credentials_t *pki_credentials,
coap_gnutls_context_t *g_context,
- coap_dtls_pki_t *setup_data)
+ coap_dtls_pki_t *setup_data, coap_dtls_role_t role)
{
int ret;
+ G_CHECK(gnutls_certificate_allocate_credentials(pki_credentials),
+ "gnutls_certificate_allocate_credentials");
+
switch (setup_data->pki_key.key_type) {
case COAP_PKI_KEY_PEM:
if (setup_data->pki_key.key.pem.public_cert &&
setup_data->pki_key.key.pem.public_cert[0] &&
setup_data->pki_key.key.pem.private_key &&
setup_data->pki_key.key.pem.private_key[0]) {
- G_CHECK(gnutls_certificate_allocate_credentials(pki_credentials),
- "gnutls_certificate_allocate_credentials");
-
G_CHECK(gnutls_certificate_set_x509_key_file(*pki_credentials,
setup_data->pki_key.key.pem.public_cert,
setup_data->pki_key.key.pem.private_key,
GNUTLS_X509_FMT_PEM),
"gnutls_certificate_set_x509_key_file");
}
- else {
+ else if (role == COAP_DTLS_ROLE_SERVER) {
coap_log(LOG_ERR,
- "***setup_pki: (D)TLS: No Client Certificate + Private "
- "Key defined\n");
+ "***setup_pki: (D)TLS: No %s Certificate + Private "
+ "Key defined\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if (setup_data->pki_key.key.pem.ca_file &&
@@ -655,10 +684,11 @@
GNUTLS_X509_FMT_DER),
"gnutls_certificate_set_x509_key_mem");
}
- else {
+ else if (role == COAP_DTLS_ROLE_SERVER) {
coap_log(LOG_ERR,
- "***setup_pki: (D)TLS: No Client Certificate + Private "
- "Key defined\n");
+ "***setup_pki: (D)TLS: No %s Certificate + Private "
+ "Key defined\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if (setup_data->pki_key.key.asn1.ca_cert &&
@@ -696,6 +726,11 @@
"gnutls_certificate_set_x509_trust_dir");
#endif
}
+ if (!(g_context->psk_pki_enabled & IS_PKI)) {
+ /* No PKI defined at all - still need a trust set up for 3.6.0 or later */
+ G_CHECK(gnutls_certificate_set_x509_system_trust(*pki_credentials),
+ "gnutls_certificate_set_x509_system_trust");
+ }
/* Verify Peer */
if (setup_data->verify_peer_cert) {
@@ -814,7 +849,7 @@
if ((ret = setup_pki_credentials(
&g_context->sni_entry_list[i].pki_credentials,
g_context,
- &sni_setup_data)) < 0) {
+ &sni_setup_data, COAP_DTLS_ROLE_CLIENT)) < 0) {
int keep_ret = ret;
G_ACTION(gnutls_alert_send(g_session, GNUTLS_AL_FATAL,
GNUTLS_A_BAD_CERTIFICATE));
@@ -882,10 +917,15 @@
gnutls_free(psk_key.data);
}
- if (g_context->psk_pki_enabled & IS_PKI) {
+ if ((g_context->psk_pki_enabled & IS_PKI) ||
+ (g_context->psk_pki_enabled & (IS_PSK | IS_PKI)) == 0) {
+ /*
+ * If neither PSK or PKI have been set up, use PKI basics.
+ * This works providing COAP_PKI_KEY_PEM has a value of 0.
+ */
coap_dtls_pki_t *setup_data = &g_context->setup_data;
G_CHECK(setup_pki_credentials(&g_env->pki_credentials, g_context,
- setup_data),
+ setup_data, COAP_DTLS_ROLE_CLIENT),
"setup_pki_credentials");
G_CHECK(gnutls_credentials_set(g_env->g_session, GNUTLS_CRD_CERTIFICATE,
@@ -897,7 +937,7 @@
&g_context->alpn_proto, 1, 0),
"gnutls_alpn_set_protocols");
- /* Issue SNI if requested */
+ /* Issue SNI if requested (only happens if PKI defined) */
if (setup_data->client_sni) {
G_CHECK(gnutls_server_name_set(g_env->g_session, GNUTLS_NAME_DNS,
setup_data->client_sni,
@@ -981,7 +1021,7 @@
if (g_context->psk_pki_enabled & IS_PKI) {
coap_dtls_pki_t *setup_data = &g_context->setup_data;
G_CHECK(setup_pki_credentials(&g_env->pki_credentials, g_context,
- setup_data),
+ setup_data, COAP_DTLS_ROLE_SERVER),
"setup_pki_credentials");
if (setup_data->require_peer_cert) {
@@ -1150,26 +1190,32 @@
static void
coap_dtls_free_gnutls_env(coap_gnutls_context_t *g_context,
coap_gnutls_env_t *g_env,
- int unreliable)
+ coap_free_bye_t free_bye)
{
if (g_env) {
/* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
* connections because the peer's closure message might
* be lost */
- gnutls_bye(g_env->g_session, unreliable ?
+ if (free_bye != COAP_FREE_BYE_NONE) {
+ /* Only do this if appropriate */
+ gnutls_bye(g_env->g_session, free_bye == COAP_FREE_BYE_AS_UDP ?
GNUTLS_SHUT_WR : GNUTLS_SHUT_RDWR);
+ }
gnutls_deinit(g_env->g_session);
g_env->g_session = NULL;
if (g_context->psk_pki_enabled & IS_PSK) {
if (g_context->psk_pki_enabled & IS_CLIENT) {
gnutls_psk_free_client_credentials(g_env->psk_cl_credentials);
+ g_env->psk_cl_credentials = NULL;
}
else {
gnutls_psk_free_server_credentials(g_env->psk_sv_credentials);
+ g_env->psk_sv_credentials = NULL;
}
}
if (g_context->psk_pki_enabled & IS_PKI) {
gnutls_certificate_free_credentials(g_env->pki_credentials);
+ g_env->pki_credentials = NULL;
}
gnutls_free(g_env);
}
@@ -1223,6 +1269,7 @@
"Insufficient credentials provided.\n");
ret = -1;
break;
+ case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
case GNUTLS_E_FATAL_ALERT_RECEIVED:
log_last_alert(g_env->g_session);
c_session->dtls_event = COAP_EVENT_DTLS_CLOSED;
@@ -1233,6 +1280,15 @@
c_session->dtls_event = COAP_EVENT_DTLS_ERROR;
ret = 0;
break;
+ case GNUTLS_E_NO_CERTIFICATE_FOUND:
+ coap_log(LOG_WARNING,
+ "Client Certificate requested and required, but not provided\n"
+ );
+ G_ACTION(gnutls_alert_send(g_env->g_session, GNUTLS_AL_FATAL,
+ GNUTLS_A_BAD_CERTIFICATE));
+ c_session->dtls_event = COAP_EVENT_DTLS_CLOSED;
+ ret = -1;
+ break;
case GNUTLS_E_DECRYPTION_FAILED:
coap_log(LOG_WARNING,
"do_gnutls_handshake: session establish "
@@ -1244,7 +1300,7 @@
ret = -1;
break;
case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
- /* fall through */
+ /* fall through */
case GNUTLS_E_TIMEDOUT:
c_session->dtls_event = COAP_EVENT_DTLS_CLOSED;
ret = -1;
@@ -1269,7 +1325,8 @@
if (ret == -1) {
coap_dtls_free_gnutls_env(c_session->context->dtls_context,
g_env,
- COAP_PROTO_NOT_RELIABLE(c_session->proto));
+ COAP_PROTO_NOT_RELIABLE(c_session->proto) ?
+ COAP_FREE_BYE_AS_UDP : COAP_FREE_BYE_AS_TCP);
return NULL;
}
}
@@ -1279,7 +1336,9 @@
void coap_dtls_free_session(coap_session_t *c_session) {
if (c_session && c_session->context) {
coap_dtls_free_gnutls_env(c_session->context->dtls_context,
- c_session->tls, COAP_PROTO_NOT_RELIABLE(c_session->proto));
+ c_session->tls,
+ COAP_PROTO_NOT_RELIABLE(c_session->proto) ?
+ COAP_FREE_BYE_AS_UDP : COAP_FREE_BYE_AS_TCP);
c_session->tls = NULL;
}
}
@@ -1433,6 +1492,22 @@
return ret;
}
+#define DTLS_CT_HANDSHAKE 22
+#define DTLS_HT_CLIENT_HELLO 1
+
+/** Generic header structure of the DTLS record layer. */
+typedef struct __attribute__((__packed__)) {
+ uint8_t content_type; /**< content type of the included message */
+ uint16_t version; /**< Protocol version */
+ uint16_t epoch; /**< counter for cipher state changes */
+ uint8_t sequence_number[6]; /**< sequence number */
+ uint16_t length; /**< length of the following fragment */
+ uint8_t handshake; /**< If content_type == DTLS_CT_HANDSHAKE */
+} dtls_record_handshake_t;
+
+#define OFF_CONTENT_TYPE 0 /* offset of content_type in dtls_record_handshake_t */
+#define OFF_HANDSHAKE_TYPE 13 /* offset of handshake in dtls_record_handshake_t */
+
/*
* return 0 failed
* 1 passed
@@ -1447,6 +1522,24 @@
int ret;
if (!g_env) {
+ /*
+ * Need to check that this actually is a Client Hello before wasting
+ * time allocating and then freeing off g_env.
+ */
+ if (data_len < (OFF_HANDSHAKE_TYPE + 1)) {
+ coap_log(LOG_DEBUG,
+ "coap_dtls_hello: ContentType %d Short Packet (%ld < %d) dropped\n",
+ data[OFF_CONTENT_TYPE], data_len, OFF_HANDSHAKE_TYPE + 1);
+ return 0;
+ }
+ if (data[OFF_CONTENT_TYPE] != DTLS_CT_HANDSHAKE ||
+ data[OFF_HANDSHAKE_TYPE] != DTLS_HT_CLIENT_HELLO) {
+ coap_log(LOG_DEBUG,
+ "coap_dtls_hello: ContentType %d Handshake %d dropped\n",
+ data[OFF_CONTENT_TYPE], data[OFF_HANDSHAKE_TYPE]);
+ return 0;
+ }
+
g_env = coap_dtls_new_gnutls_env(c_session, GNUTLS_SERVER);
if (g_env) {
c_session->tls = g_env;
@@ -1464,6 +1557,14 @@
g_env->seen_client_hello = 0;
return 1;
}
+ /*
+ * as the above failed, need to remove g_env to clean up any
+ * pollution of the information
+ */
+ coap_dtls_free_gnutls_env(
+ ((coap_gnutls_context_t *)c_session->context->dtls_context),
+ g_env, COAP_FREE_BYE_NONE);
+ c_session->tls = NULL;
}
return 0;
}
@@ -1499,11 +1600,20 @@
coap_session_t *c_session = (struct coap_session_t *)context;
if (out != NULL) {
- ret = (int)coap_socket_read(&c_session->sock, out, outl);
+#ifdef _WIN32
+ ret = recv(c_session->sock.fd, (char *)out, (int)outl, 0);
+#else
+ ret = recv(c_session->sock.fd, out, outl, 0);
+#endif
if (ret == 0) {
- errno = EAGAIN;
- ret = -1;
- }
+ /* graceful shutdown */
+ c_session->sock.flags &= ~COAP_SOCKET_CAN_READ;
+ return 0;
+ } else if (ret == COAP_SOCKET_ERROR)
+ c_session->sock.flags &= ~COAP_SOCKET_CAN_READ;
+ else if (ret < (ssize_t)outl)
+ c_session->sock.flags &= ~COAP_SOCKET_CAN_READ;
+ return ret;
}
return ret;
}
@@ -1708,11 +1818,14 @@
errno = EAGAIN;
ret = 0;
break;
+ case GNUTLS_E_PULL_ERROR:
+ c_session->dtls_event = COAP_EVENT_DTLS_ERROR;
+ break;
default:
- coap_log(LOG_WARNING,
- "coap_tls_read: gnutls_record_recv "
- "returned %d: '%s'\n",
- ret, gnutls_strerror(ret));
+ coap_log(LOG_WARNING,
+ "coap_tls_read: gnutls_record_recv "
+ "returned %d: '%s'\n",
+ ret, gnutls_strerror(ret));
ret = -1;
break;
}
diff -Nru libcoap2-4.2.0~rc4/src/coap_io.c libcoap2-4.2.0/src/coap_io.c
--- libcoap2-4.2.0~rc4/src/coap_io.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/coap_io.c 2019-03-02 17:18:14.000000000 +0100
@@ -1,6 +1,6 @@
/* coap_io.c -- Default network I/O functions for libcoap
*
- * Copyright (C) 2012,2014,2016 Olaf Bergmann <bergmann@tzi.org>
+ * Copyright (C) 2012,2014,2016-2019 Olaf Bergmann <bergmann@tzi.org> and others
*
* This file is part of the CoAP library libcoap. Please see
* README for terms of use.
diff -Nru libcoap2-4.2.0~rc4/src/coap_notls.c libcoap2-4.2.0/src/coap_notls.c
--- libcoap2-4.2.0~rc4/src/coap_notls.c 2018-11-30 18:24:37.000000000 +0100
+++ libcoap2-4.2.0/src/coap_notls.c 2019-03-02 17:18:14.000000000 +0100
@@ -40,7 +40,7 @@
int
coap_dtls_context_set_pki(coap_context_t *ctx UNUSED,
coap_dtls_pki_t* setup_data UNUSED,
- int server UNUSED
+ coap_dtls_role_t role UNUSED
) {
return 0;
}
@@ -56,7 +56,7 @@
int
coap_dtls_context_set_psk(coap_context_t *ctx UNUSED,
const char *hint UNUSED,
- int server UNUSED
+ coap_dtls_role_t role UNUSED
) {
return 0;
}
diff -Nru libcoap2-4.2.0~rc4/src/coap_openssl.c libcoap2-4.2.0/src/coap_openssl.c
--- libcoap2-4.2.0~rc4/src/coap_openssl.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/coap_openssl.c 2019-03-02 17:18:14.000000000 +0100
@@ -559,7 +559,7 @@
int
coap_dtls_context_set_psk(coap_context_t *ctx,
const char *identity_hint,
- int role
+ coap_dtls_role_t role
) {
coap_openssl_context_t *context = ((coap_openssl_context_t *)ctx->dtls_context);
BIO *bio;
@@ -814,7 +814,7 @@
static int
setup_pki_ssl(SSL *ssl,
- coap_dtls_pki_t* setup_data, int isserver
+ coap_dtls_pki_t* setup_data, coap_dtls_role_t role
) {
switch (setup_data->pki_key.key_type) {
case COAP_PKI_KEY_PEM:
@@ -825,14 +825,18 @@
SSL_FILETYPE_PEM))) {
coap_log(LOG_WARNING,
"*** setup_pki: (D)TLS: %s: Unable to configure "
- "Client Certificate\n",
- setup_data->pki_key.key.pem.public_cert);
+ "%s Certificate\n",
+ setup_data->pki_key.key.pem.public_cert,
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return 0;
}
}
- else {
+ else if (role == COAP_DTLS_ROLE_SERVER ||
+ (setup_data->pki_key.key.pem.private_key &&
+ setup_data->pki_key.key.pem.private_key[0])) {
coap_log(LOG_ERR,
- "*** setup_pki: (D)TLS: No Client Certificate defined\n");
+ "*** setup_pki: (D)TLS: No %s Certificate defined\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return 0;
}
if (setup_data->pki_key.key.pem.private_key &&
@@ -847,9 +851,12 @@
return 0;
}
}
- else {
+ else if (role == COAP_DTLS_ROLE_SERVER ||
+ (setup_data->pki_key.key.pem.public_cert &&
+ setup_data->pki_key.key.pem.public_cert[0])) {
coap_log(LOG_ERR,
- "*** setup_pki: (D)TLS: No Client Private Key defined\n");
+ "*** setup_pki: (D)TLS: No %s Private Key defined\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return 0;
}
if (setup_data->pki_key.key.pem.ca_file &&
@@ -860,7 +867,7 @@
char *rw_var = NULL;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
- if (isserver) {
+ if (role == COAP_DTLS_ROLE_SERVER) {
STACK_OF(X509_NAME) *cert_names = SSL_load_client_CA_file(setup_data->pki_key.key.pem.ca_file);
if (cert_names != NULL)
@@ -868,8 +875,9 @@
else {
coap_log(LOG_WARNING,
"*** setup_pki: (D)TLS: %s: Unable to configure "
- "client CA File\n",
- setup_data->pki_key.key.pem.ca_file);
+ "%s CA File\n",
+ setup_data->pki_key.key.pem.ca_file,
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return 0;
}
}
@@ -902,14 +910,18 @@
setup_data->pki_key.key.asn1.public_cert_len))) {
coap_log(LOG_WARNING,
"*** setup_pki: (D)TLS: %s: Unable to configure "
- "Client Certificate\n",
+ "%s Certificate\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client",
"ASN1");
return 0;
}
}
- else {
+ else if (role == COAP_DTLS_ROLE_SERVER ||
+ (setup_data->pki_key.key.asn1.private_key &&
+ setup_data->pki_key.key.asn1.private_key[0])) {
coap_log(LOG_ERR,
- "*** setup_pki: (D)TLS: No Client Certificate defined\n");
+ "*** setup_pki: (D)TLS: No %s Certificate defined\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return 0;
}
if (setup_data->pki_key.key.asn1.private_key &&
@@ -920,14 +932,18 @@
setup_data->pki_key.key.asn1.private_key_len))) {
coap_log(LOG_WARNING,
"*** setup_pki: (D)TLS: %s: Unable to configure "
- "Client Private Key\n",
+ "%s Private Key\n",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client",
"ASN1");
return 0;
}
}
- else {
+ else if (role == COAP_DTLS_ROLE_SERVER ||
+ (setup_data->pki_key.key.asn1.public_cert &&
+ setup_data->pki_key.key.asn1.public_cert_len > 0)) {
coap_log(LOG_ERR,
- "*** setup_pki: (D)TLS: No Client Private Key defined\n");
+ "*** setup_pki: (D)TLS: No %s Private Key defined",
+ role == COAP_DTLS_ROLE_SERVER ? "Server" : "Client");
return 0;
}
if (setup_data->pki_key.key.asn1.ca_cert &&
@@ -938,7 +954,7 @@
X509_STORE *st;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
- if (isserver) {
+ if (role == COAP_DTLS_ROLE_SERVER) {
if (!x509 || !SSL_add_client_CA(ssl, x509)) {
coap_log(LOG_WARNING,
"*** setup_pki: (D)TLS: %s: Unable to configure "
@@ -1323,19 +1339,20 @@
*/
if (session && session->context->psk_key && session->context->psk_key_len) {
int len = SSL_client_hello_get0_ciphers(ssl, &out);
- STACK_OF(SSL_CIPHER) *peer_ciphers;
- STACK_OF(SSL_CIPHER) *scsvc;
- int ii;
-
- len = SSL_bytes_to_cipher_list(ssl, out, len,
- SSL_client_hello_isv2(ssl),
- &peer_ciphers, &scsvc);
- for (ii = 0; ii < sk_SSL_CIPHER_num (peer_ciphers); ii++) {
- const SSL_CIPHER *peer_cipher = sk_SSL_CIPHER_value(peer_ciphers, ii);
+ STACK_OF(SSL_CIPHER) *peer_ciphers = NULL;
+ STACK_OF(SSL_CIPHER) *scsvc = NULL;
- if (strstr (SSL_CIPHER_get_name (peer_cipher), "PSK")) {
- psk_requested = 1;
- break;
+ if (len && SSL_bytes_to_cipher_list(ssl, out, len,
+ SSL_client_hello_isv2(ssl),
+ &peer_ciphers, &scsvc)) {
+ int ii;
+ for (ii = 0; ii < sk_SSL_CIPHER_num (peer_ciphers); ii++) {
+ const SSL_CIPHER *peer_cipher = sk_SSL_CIPHER_value(peer_ciphers, ii);
+
+ if (strstr (SSL_CIPHER_get_name (peer_cipher), "PSK")) {
+ psk_requested = 1;
+ break;
+ }
}
}
sk_SSL_CIPHER_free(peer_ciphers);
@@ -1503,7 +1520,7 @@
int
coap_dtls_context_set_pki(coap_context_t *ctx,
coap_dtls_pki_t *setup_data,
- int role
+ coap_dtls_role_t role
) {
coap_openssl_context_t *context =
((coap_openssl_context_t *)ctx->dtls_context);
diff -Nru libcoap2-4.2.0~rc4/src/coap_session.c libcoap2-4.2.0/src/coap_session.c
--- libcoap2-4.2.0~rc4/src/coap_session.c 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/src/coap_session.c 2019-02-09 07:54:00.000000000 +0100
@@ -6,8 +6,8 @@
* README for terms of use.
*/
-#ifndef _COAP_SESSION_H_
-#define _COAP_SESSION_H_
+#ifndef COAP_SESSION_C_
+#define COAP_SESSION_C_
#include "coap_config.h"
@@ -186,7 +186,7 @@
coap_free_type(COAP_SESSION, session);
}
-size_t coap_session_max_pdu_size(coap_session_t *session) {
+size_t coap_session_max_pdu_size(const coap_session_t *session) {
size_t max_with_header = (size_t)(session->mtu - session->tls_overhead);
if (COAP_PROTO_NOT_RELIABLE(session->proto))
return max_with_header > 4 ? max_with_header - 4 : 0;
@@ -998,4 +998,4 @@
return szEndpoint;
}
-#endif /* _COAP_SESSION_H_ */
+#endif /* COAP_SESSION_C_ */
diff -Nru libcoap2-4.2.0~rc4/src/coap_tinydtls.c libcoap2-4.2.0/src/coap_tinydtls.c
--- libcoap2-4.2.0~rc4/src/coap_tinydtls.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/coap_tinydtls.c 2019-03-02 17:18:14.000000000 +0100
@@ -490,7 +490,7 @@
int
coap_dtls_context_set_pki(coap_context_t *ctx UNUSED,
coap_dtls_pki_t* setup_data UNUSED,
- int server UNUSED
+ coap_dtls_role_t role UNUSED
) {
return 0;
}
@@ -506,7 +506,7 @@
int
coap_dtls_context_set_psk(coap_context_t *ctx UNUSED,
const char *hint UNUSED,
- int server UNUSED
+ coap_dtls_role_t role UNUSED
) {
return 1;
}
diff -Nru libcoap2-4.2.0~rc4/src/net.c libcoap2-4.2.0/src/net.c
--- libcoap2-4.2.0~rc4/src/net.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/net.c 2019-03-02 17:18:14.000000000 +0100
@@ -1857,7 +1857,7 @@
val = coap_decode_var_bytes(coap_opt_value(nores), coap_opt_length(nores));
/* The response should be dropped when the bit corresponding to
- * the response class is set (cf. table in funtion
+ * the response class is set (cf. table in function
* documentation). When a No-Response option is present and the
* bit is not set, the sender explicitly indicates interest in
* this response. */
diff -Nru libcoap2-4.2.0~rc4/src/option.c libcoap2-4.2.0/src/option.c
--- libcoap2-4.2.0~rc4/src/option.c 2019-02-09 07:23:59.000000000 +0100
+++ libcoap2-4.2.0/src/option.c 2019-03-02 17:18:14.000000000 +0100
@@ -557,6 +557,7 @@
node = coap_malloc_type(COAP_OPTLIST, sizeof(coap_optlist_t) + length);
if (node) {
+ memset(node, 0, (sizeof(coap_optlist_t) + length));
node->number = number;
node->length = length;
node->data = (uint8_t *)&node[1];
diff -Nru libcoap2-4.2.0~rc4/src/pdu.c libcoap2-4.2.0/src/pdu.c
--- libcoap2-4.2.0~rc4/src/pdu.c 2019-02-09 07:26:16.000000000 +0100
+++ libcoap2-4.2.0/src/pdu.c 2019-02-09 07:54:00.000000000 +0100
@@ -128,7 +128,7 @@
}
coap_pdu_t *
-coap_new_pdu(struct coap_session_t *session) {
+coap_new_pdu(const struct coap_session_t *session) {
coap_pdu_t *pdu = coap_pdu_init(0, 0, 0, coap_session_max_pdu_size(session));
#ifndef NDEBUG
if (!pdu)
diff -Nru libcoap2-4.2.0~rc4/TODO libcoap2-4.2.0/TODO
--- libcoap2-4.2.0~rc4/TODO 2018-10-14 08:31:10.000000000 +0200
+++ libcoap2-4.2.0/TODO 2019-03-02 17:18:14.000000000 +0100
@@ -11,13 +11,7 @@
=================
* CRITICAL ISSUES
=================
--> Remove the #include "coap_config.h" directive from the public header files.
-> Remove #ifdef HAVE_ASSERT_H and so on from the public headers.
--> Use coap.h as the only header to include from the public view.
--> DTLS functionality
- -> Adding DTLS functions based on openssl
- -> Bill Benett has starting some improvements here, please contact him
- first before starting something
-> Proxy functionality
-> A coap-server should be able to act as proxy server
@@ -27,35 +21,10 @@
-> Create some development rules like:
--> How to submit patches? What about pull requests?
--> How to implement/change platform related code?
--> Adding some documentation for classical users on how to use the libcoap
--> Clean up the various inclusion for #ifdef __cplusplus #extern "C" {}
--> Adding additional config options (like --with-pdu-size)
--> Split of the platform related code into [foo]_platform.c files
--> In general, improving the online doxygen documentation like creating some
- additional information for doxygen (startpage, development information,
- ...)
--> In special, improving ...
- Adding prams and return explanation in:
- include/coap/coap_io.h
- include/coap/option.h
- include/coap/net.h
- include/coap/resource.h
- include/coap/str.h
- include/coap/subscribe.h
- include/coap/uri.h
- Adding @brief directive
- include/coap/block.h
- include/coap/coap_io.h
- include/coap/debug.h
- include/coap/encode.h
- include/coap/net.h
- include/coap/str.h
- include/coap/subscribe.h
- include/coap/uri.h
+-> Further improve the API documentation
==============
* MINOR ISSUES
==============
--> Remove the not needed Makefile.in.old files
-> Adding a logo for libcoap
--- End Message ---