[XrdCl] Bind additional data streams to encrypted control stream.

This includes: - binding additional encrypted data streams to encrypted control stream - binding additional unencrypted data streams to encrypted control stream - binding by default one unencrypted data stream to encrypted control stream if protocol response has kXR_gotoTLS flag set and kXR_tlsData reset
xrootd · Oct 16, 2019 · 386626d · 386626d
1 parent 5a0b8bc
commit 386626d
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 11 deletions.
diff --git a/src/XrdCl/XrdClXRootDTransport.cc b/src/XrdCl/XrdClXRootDTransport.cc
@@ -1433,13 +1433,21 @@ namespace XrdCl
     XRootDStreamInfo &sInfo = info->stream[handShakeData->subStreamId];
 
     //----------------------------------------------------------------------
-    // We are about to login and the server asked to start encrypting with
+    // We are about to login and the server asked to start encrypting
     // before login
     //----------------------------------------------------------------------
     if( ( sInfo.status == XRootDStreamInfo::LoginSent ) &&
         ( info->serverFlags & kXR_tlsLogin ) )
       return true;
 
+    //----------------------------------------------------------------------
+    // We are about to bind a data stream and the server asked to start
+    // encrypting before bind
+    //----------------------------------------------------------------------
+    if( ( sInfo.status == XRootDStreamInfo::BindSent ) &&
+        ( info->serverFlags & kXR_tlsData ) )
+      return true;
+
     //----------------------------------------------------------------------
     // The hand-shake is done and the server requested to encrypt the session
     //----------------------------------------------------------------------

diff --git a/src/api_test/CMakeLists.txt b/src/api_test/CMakeLists.txt
@@ -28,6 +28,7 @@ target_link_libraries(
   xrdsrv
   XrdUtils
   ssl
-  crypto )
+  crypto
+  pthread )
 
 
diff --git a/src/api_test/xrd_api_test.cc b/src/api_test/xrd_api_test.cc
@@ -6,8 +6,8 @@
 
 int main( int argc, char *argv[] )
 {
-  XrdCl::Env *env = XrdCl::DefaultEnv::GetEnv();
-  env->PutInt( "SubStreamsPerChannel", 2 );
+//  XrdCl::Env *env = XrdCl::DefaultEnv::GetEnv();
+//  env->PutInt( "SubStreamsPerChannel", 2 );
 
   XrdCl::File f;
 

diff --git a/src/api_test/xrdsrv.cc b/src/api_test/xrdsrv.cc
@@ -175,18 +175,17 @@ void HandleProtocolReq( SocketIO &io, ClientRequestHdr *hdr )
   respHdr.dlen = htonl( sizeof( ServerResponseBody_Protocol ) );
   io.write( &respHdr, sizeof(ServerResponseHeader) );
 
-  kXR_int32 flags = 0;
-  if( &io == &mainio )
-    flags = kXR_DataServer | kXR_haveTLS | kXR_gotoTLS | kXR_tlsLogin; // | kXR_tlsData;
-  else
-    flags = kXR_DataServer | kXR_haveTLS; // | kXR_gotoTLS | kXR_tlsLogin | kXR_tlsData;
+  kXR_int32 flags = kXR_DataServer | kXR_haveTLS | kXR_gotoTLS | kXR_tlsLogin;// | kXR_tlsData;
+  std::cout << "Server flags = " << flags << std::endl;
 
   ServerResponseBody_Protocol body;
   body.pval  = htonl( 0x310 );
-  body.flags = htonl( kXR_DataServer ) | htonl( kXR_haveTLS ) | htonl( kXR_gotoTLS ) | htonl( kXR_tlsLogin ) | htonl( kXR_tlsData );
+  body.flags = htonl( flags );
   io.write( &body, sizeof(ServerResponseBody_Protocol) );
 
-  if( flags & kXR_gotoTLS )
+  if( &io == &mainio && ( flags & kXR_tlsLogin ) )
+    io.TlsHandShake();
+  else if( &io == &dataio && (flags & kXR_tlsData ) )
     io.TlsHandShake();
 }