77static queued_udp_packet * udp_packets [65536 ] = {0 };
88static queued_udp_packet * udp_list_tail [65536 ] = {0 };
99static spinlock_t udp_read_lock = 0 ;
10+ static uint8_t * ca = NULL ;
11+ static size_t ca_len = 0 ;
1012
1113/**
1214 * @brief Idle callback to check if socket is ready to read.
@@ -248,12 +250,33 @@ void sslconnect_statement(struct basic_ctx* ctx) {
248250 ip = str_expr (ctx );
249251 accept_or_return (COMMA , ctx );
250252 port = expr (ctx );
251- accept_or_return (COMMA , ctx );
252- sni = expr (ctx );
253+ if (tokenizer_token (ctx ) == COMMA ) {
254+ accept_or_return (COMMA , ctx );
255+ sni = expr (ctx );
256+ if (!* sni ) {
257+ sni = NULL ;
258+ }
259+ }
253260
254- const char * ca = "" ;
261+ if (!ca ) {
262+ fs_directory_entry_t * info = fs_get_file_info ("/system/ssl/cacert.pem" );
263+ if (!info || (info -> flags & FS_DIRECTORY ) != 0 ) {
264+ tokenizer_error_print (ctx , "Unable to load CA cert bundle from /system/ssl/cacert.pem" );
265+ return ;
266+ }
267+ ca = kmalloc (info -> size );
268+ if (!ca ) {
269+ tokenizer_error_print (ctx , "Out of memory for CA cert bundle" );
270+ return ;
271+ }
272+ if (!fs_read_file (info , 0 , info -> size , ca )) {
273+ tokenizer_error_print (ctx , "Unable to load CA cert bundle from /system/ssl/cacert.pem" );
274+ return ;
275+ }
276+ ca_len = info -> size ;
277+ }
255278
256- int rv = ssl_connect (str_to_ip (ip ), port , 0 , true, sni , NULL , ( const uint8_t * ) ca , strlen ( ca ) );
279+ int rv = ssl_connect (str_to_ip (ip ), port , 0 , true, sni , NULL , ca , ca_len );
257280
258281 if (rv >= 0 ) {
259282 * (input + rv ) = 0 ;
@@ -339,6 +362,7 @@ int64_t basic_sslsockaccept(struct basic_ctx* ctx) {
339362 PARAMS_GET_ITEM (BIP_INT );
340363 const char * key = strval ;
341364 PARAMS_END ("SSLSOCKACCEPT" ,-1 );
365+ // TODO: Load the certs from the file paths
342366 int rv = ssl_accept (server , (const uint8_t * )cert , strlen (cert ), (const uint8_t * )key , strlen (key ), NULL , true);
343367 if (rv < 0 ) {
344368 tokenizer_error_print (ctx , socket_error (rv ));
@@ -349,7 +373,7 @@ int64_t basic_sslsockaccept(struct basic_ctx* ctx) {
349373
350374char * basic_insocket (struct basic_ctx * ctx ) {
351375 uint8_t input [2 ] = { 0 , 0 };
352-
376+
353377 PARAMS_START ;
354378 PARAMS_GET_ITEM (BIP_INT );
355379 int64_t fd = intval ;
@@ -360,15 +384,35 @@ char* basic_insocket(struct basic_ctx* ctx) {
360384 return "" ;
361385 }
362386
363- int rv = recv (fd , input , 1 , false, 0 );
387+ int rv ;
388+ if (tls_get (fd )) {
389+ int want ;
390+ int out_n ;
391+ bool ok ;
392+
393+ want = 0 ;
394+ out_n = 0 ;
395+ ok = tls_read_fd (fd , input , 1 , & want , & out_n );
396+ if (ok ) {
397+ rv = out_n ;
398+ } else {
399+ if (want == 1 ) {
400+ rv = 0 ;
401+ } else {
402+ rv = TCP_ERROR_CONNECTION_FAILED ;
403+ }
404+ }
405+ } else {
406+ rv = recv (fd , input , 1 , false, 0 );
407+ }
364408
365409 if (rv > 0 ) {
366410 input [1 ] = 0 ;
367411 return gc_strdup (ctx , (const char * )input );
368412 } else if (rv < 0 ) {
369413 tokenizer_error_print (ctx , socket_error (rv ));
370414 } else {
371- __asm__ volatile ("hlt " );
415+ __asm__ volatile ("pause " );
372416 }
373417 return "" ;
374418}
0 commit comments