diff --git a/CMakeLists.txt b/CMakeLists.txt index 64f4aff7b..350ab2a15 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -320,6 +320,7 @@ set(sources instantiate_connection merkle natpmp + openssl part_file packet_buffer piece_picker diff --git a/ChangeLog b/ChangeLog index 7627e7ad0..c2a30dfba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ + * support validation of HTTPS trackers * deprecate strict super seeding mode * make UPnP port-mapping lease duration configurable * deprecate the bittyrant choking algorithm diff --git a/Jamfile b/Jamfile index e31ec3643..862f3cd69 100644 --- a/Jamfile +++ b/Jamfile @@ -663,6 +663,7 @@ SOURCES = instantiate_connection lazy_bdecode natpmp + openssl packet_buffer piece_picker peer_list diff --git a/docs/hunspell/libtorrent.dic b/docs/hunspell/libtorrent.dic index bf39faf70..c3835fcb7 100644 --- a/docs/hunspell/libtorrent.dic +++ b/docs/hunspell/libtorrent.dic @@ -559,3 +559,6 @@ leecher 6881l NOTSENT LOWAT +tls11 +tls12 +tls13 diff --git a/include/libtorrent/aux_/openssl.hpp b/include/libtorrent/aux_/openssl.hpp index d9d985b34..4a2f547da 100644 --- a/include/libtorrent/aux_/openssl.hpp +++ b/include/libtorrent/aux_/openssl.hpp @@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE. #ifdef TORRENT_USE_OPENSSL -// all of OpenSSL causes warnings, so we just have to disable them #include "libtorrent/aux_/disable_warnings_push.hpp" #ifdef TORRENT_WINDOWS @@ -63,43 +62,50 @@ POSSIBILITY OF SUCH DAMAGE. #include // for sk_GENERAL_NAME_value #include // for GENERAL_NAME -namespace libtorrent { namespace aux { -inline void openssl_set_tlsext_hostname(SSL* s, char const* name) -{ -#if OPENSSL_VERSION_NUMBER >= 0x90812f - SSL_set_tlsext_host_name(s, name); +#include +#if defined TORRENT_BUILD_SIMULATOR +#include "simulator/simulator.hpp" #endif -} + +#include "libtorrent/aux_/disable_warnings_pop.hpp" + +namespace libtorrent { + +namespace ssl { + +#if defined TORRENT_BUILD_SIMULATOR + using sim::asio::ssl::context; + using sim::asio::ssl::stream_base; + using sim::asio::ssl::stream; +#else + using boost::asio::ssl::context; + using boost::asio::ssl::stream_base; + using boost::asio::ssl::stream; +#endif +} // ssl + +namespace aux { + +TORRENT_EXTRA_EXPORT void openssl_set_tlsext_hostname(SSL* s, char const* name); #if OPENSSL_VERSION_NUMBER >= 0x90812f -inline void openssl_set_tlsext_servername_callback(SSL_CTX* ctx - , int (*servername_callback)(SSL*, int*, void*)) -{ - SSL_CTX_set_tlsext_servername_callback(ctx, servername_callback); -} +TORRENT_EXTRA_EXPORT void openssl_set_tlsext_servername_callback(SSL_CTX* ctx + , int (*servername_callback)(SSL*, int*, void*)); -inline void openssl_set_tlsext_servername_arg(SSL_CTX* ctx, void* userdata) -{ - SSL_CTX_set_tlsext_servername_arg(ctx, userdata); -} +TORRENT_EXTRA_EXPORT void openssl_set_tlsext_servername_arg(SSL_CTX* ctx, void* userdata); -inline int openssl_num_general_names(GENERAL_NAMES* gens) -{ - return sk_GENERAL_NAME_num(gens); -} +TORRENT_EXTRA_EXPORT int openssl_num_general_names(GENERAL_NAMES* gens); -inline GENERAL_NAME* openssl_general_name_value(GENERAL_NAMES* gens, int i) -{ - return sk_GENERAL_NAME_value(gens, i); -} +TORRENT_EXTRA_EXPORT GENERAL_NAME* openssl_general_name_value(GENERAL_NAMES* gens, int i); #endif // OPENSSL_VERSION_NUMBER -} -} +// converts setting_pack::ssl_version_t enum into asio version +ssl::context::method ssl_version(int const v); -#include "libtorrent/aux_/disable_warnings_pop.hpp" +} // aux +} // libtorrent #endif // TORRENT_USE_OPENSSL diff --git a/include/libtorrent/aux_/session_impl.hpp b/include/libtorrent/aux_/session_impl.hpp index b95f85c59..5183b0c77 100644 --- a/include/libtorrent/aux_/session_impl.hpp +++ b/include/libtorrent/aux_/session_impl.hpp @@ -876,9 +876,14 @@ namespace aux { io_service& m_io_service; #ifdef TORRENT_USE_OPENSSL - // this is a generic SSL context used when talking to - // unauthenticated HTTPS servers + // this is a generic SSL context used when talking to HTTPS servers ssl::context m_ssl_ctx; + + // this is the SSL context used for SSL listen sockets. It doesn't + // verify peers, but it has the servername callback set on it. Once it + // knows which torrent a peer is connecting to, it will switch the + // socket over to the torrent specific context, which does verify peers + ssl::context m_peer_ssl_ctx; #endif // handles delayed alerts diff --git a/include/libtorrent/config.hpp b/include/libtorrent/config.hpp index 207aa1e35..f323f4b06 100644 --- a/include/libtorrent/config.hpp +++ b/include/libtorrent/config.hpp @@ -38,6 +38,7 @@ POSSIBILITY OF SUCH DAMAGE. #define _FILE_OFFSET_BITS 64 #include +#include #include "libtorrent/aux_/disable_warnings_pop.hpp" @@ -567,6 +568,14 @@ constexpr std::size_t TORRENT_WRITE_HANDLER_MAX_SIZE = 342; #endif #endif // TORRENT_HAS_ARM_CRC32 +#ifndef TORRENT_USE_TLS13 +#if BOOST_VERSION >= 106900 +#define TORRENT_USE_TLS13 1 +#else +#define TORRENT_USE_TLS13 0 +#endif +#endif + namespace libtorrent {} // create alias diff --git a/include/libtorrent/http_connection.hpp b/include/libtorrent/http_connection.hpp index 3b17fd87a..77eaf978a 100644 --- a/include/libtorrent/http_connection.hpp +++ b/include/libtorrent/http_connection.hpp @@ -82,12 +82,12 @@ struct TORRENT_EXTRA_EXPORT http_connection http_connection(io_service& ios , resolver_interface& resolver , http_handler const& handler - , bool bottled = true - , int max_bottled_buffer_size = default_max_bottled_buffer_size - , http_connect_handler const& ch = http_connect_handler() - , http_filter_handler const& fh = http_filter_handler() + , bool bottled + , int max_bottled_buffer_size + , http_connect_handler const& ch + , http_filter_handler const& fh #ifdef TORRENT_USE_OPENSSL - , ssl::context* ssl_ctx = nullptr + , ssl::context* ssl_ctx #endif ); @@ -165,7 +165,6 @@ private: #ifdef TORRENT_USE_OPENSSL ssl::context* m_ssl_ctx; - bool m_own_ssl_context; #endif #if TORRENT_USE_I2P diff --git a/include/libtorrent/settings_pack.hpp b/include/libtorrent/settings_pack.hpp index ece8e61bc..6c7be47d7 100644 --- a/include/libtorrent/settings_pack.hpp +++ b/include/libtorrent/settings_pack.hpp @@ -1746,6 +1746,12 @@ namespace aux { // lower than 5 minutes. upnp_lease_duration, + // the SSL/TLS version to use for HTTPS trackers and SSL torrents. Set + // it to one of the ssl_version_t values. This setting only takes + // effect when passed in to the session constructor. It cannot be + // changed once the session has been constructed. + ssl_version, + max_int_setting_internal }; @@ -1759,6 +1765,18 @@ namespace aux { enum suggest_mode_t : std::uint8_t { no_piece_suggestions = 0, suggest_read_cache = 1 }; + enum ssl_version_t : std::uint8_t + { + // TLS version 1.1 + tls11, + // TLS version 1.2 + tls12, +#if TORRENT_USE_TLS13 + // TLS version 1.3 + tls13, +#endif + }; + enum choking_algorithm_t : std::uint8_t { fixed_slots_choker = 0, diff --git a/include/libtorrent/ssl_stream.hpp b/include/libtorrent/ssl_stream.hpp index 4f4a0b30b..6e7859b0f 100644 --- a/include/libtorrent/ssl_stream.hpp +++ b/include/libtorrent/ssl_stream.hpp @@ -42,28 +42,8 @@ POSSIBILITY OF SUCH DAMAGE. #include -#include "libtorrent/aux_/disable_warnings_push.hpp" -#include -#if defined TORRENT_BUILD_SIMULATOR -#include "simulator/simulator.hpp" -#endif -#include "libtorrent/aux_/disable_warnings_pop.hpp" - namespace libtorrent { - namespace ssl { - -#if defined TORRENT_BUILD_SIMULATOR - using sim::asio::ssl::context; - using sim::asio::ssl::stream_base; - using sim::asio::ssl::stream; -#else - using boost::asio::ssl::context; - using boost::asio::ssl::stream_base; - using boost::asio::ssl::stream; -#endif - } - template class ssl_stream { diff --git a/include/libtorrent/upnp.hpp b/include/libtorrent/upnp.hpp index 4adda7740..626168a3c 100644 --- a/include/libtorrent/upnp.hpp +++ b/include/libtorrent/upnp.hpp @@ -43,6 +43,7 @@ POSSIBILITY OF SUCH DAMAGE. #include "libtorrent/aux_/portmap.hpp" #include "libtorrent/aux_/vector.hpp" #include "libtorrent/aux_/session_settings.hpp" +#include "libtorrent/aux_/openssl.hpp" // for ssl::context #include #include @@ -357,6 +358,10 @@ private: address_v4 m_listen_address; address_v4 m_netmask; std::string m_device; + +#ifdef TORRENT_USE_OPENSSL + ssl::context m_ssl_ctx; +#endif }; } diff --git a/simulation/test_http_connection.cpp b/simulation/test_http_connection.cpp index c268c9402..f934317ae 100644 --- a/simulation/test_http_connection.cpp +++ b/simulation/test_http_connection.cpp @@ -131,6 +131,11 @@ std::shared_ptr test_request(io_service& ios { std::printf(" ===== TESTING: %s =====\n", url.c_str()); +#ifdef TORRENT_USE_OPENSSL + ssl::context ssl_ctx(ssl::context::sslv23_client); + ssl_ctx.set_verify_mode(ssl::context::verify_none); +#endif + auto h = std::make_shared(ios , res , [=](error_code const& ec, http_parser const& parser @@ -177,7 +182,12 @@ std::shared_ptr test_request(io_service& ios ++*connect_handler_called; TEST_CHECK(c.socket().is_open()); std::printf("CONNECTED: %s\n", url.c_str()); - }); + } + , lt::http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &ssl_ctx +#endif + ); h->get(url, seconds(1), 0, &ps, 5, "test/user-agent", boost::none , resolver_flags{}, auth); @@ -630,14 +640,25 @@ TORRENT_TEST(http_connection_ssl_proxy) return sim::send_response(403, "Not supported", 1337); }); +#ifdef TORRENT_USE_OPENSSL + lt::ssl::context ssl_ctx(ssl::context::sslv23_client); + ssl_ctx.set_verify_mode(ssl::context::verify_none); +#endif + auto h = std::make_shared(client_ios , res , [&client_counter](error_code const& ec, http_parser const& - , span, http_connection&) + , span, http_connection&) { client_counter++; TEST_EQUAL(ec, boost::asio::error::operation_not_supported); - }); + } + , true, 1024*1024, lt::http_connect_handler() + , http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &ssl_ctx +#endif + ); h->start("10.0.0.2", 8080, seconds(1), 0, &ps, true /*ssl*/); diff --git a/src/Makefile.am b/src/Makefile.am index 7afead306..c619d17ad 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -94,6 +94,7 @@ libtorrent_rasterbar_la_SOURCES = \ magnet_uri.cpp \ merkle.cpp \ natpmp.cpp \ + openssl.cpp \ parse_url.cpp \ part_file.cpp \ pe_crypto.cpp \ diff --git a/src/http_connection.cpp b/src/http_connection.cpp index ca75b569a..09bbc31ca 100644 --- a/src/http_connection.cpp +++ b/src/http_connection.cpp @@ -74,7 +74,6 @@ http_connection::http_connection(io_service& ios , m_sock(ios) #ifdef TORRENT_USE_OPENSSL , m_ssl_ctx(ssl_ctx) - , m_own_ssl_context(false) #endif #if TORRENT_USE_I2P , m_i2p_conn(nullptr) @@ -107,12 +106,7 @@ http_connection::http_connection(io_service& ios TORRENT_ASSERT(m_handler); } -http_connection::~http_connection() -{ -#ifdef TORRENT_USE_OPENSSL - if (m_own_ssl_context) delete m_ssl_ctx; -#endif -} +http_connection::~http_connection() = default; void http_connection::get(std::string const& url, time_duration timeout, int prio , aux::proxy_settings const* ps, int handle_redirects, std::string const& user_agent @@ -256,6 +250,10 @@ void http_connection::start(std::string const& hostname, int port m_read_pos = 0; m_priority = prio; +#ifdef TORRENT_USE_OPENSSL + TORRENT_ASSERT(!ssl || m_ssl_ctx != nullptr); +#endif + if (ec) { lt::get_io_service(m_timer).post(std::bind(&http_connection::callback @@ -323,21 +321,7 @@ void http_connection::start(std::string const& hostname, int port #ifdef TORRENT_USE_OPENSSL if (m_ssl) { - if (m_ssl_ctx == nullptr) - { - m_ssl_ctx = new (std::nothrow) ssl::context(ssl::context::sslv23_client); - if (m_ssl_ctx) - { - m_own_ssl_context = true; - m_ssl_ctx->set_verify_mode(ssl::context::verify_none, ec); - if (ec) - { - lt::get_io_service(m_timer).post(std::bind(&http_connection::callback - , me, ec, span{})); - return; - } - } - } + TORRENT_ASSERT(m_ssl_ctx != nullptr); userdata = m_ssl_ctx; } #endif diff --git a/src/openssl.cpp b/src/openssl.cpp new file mode 100644 index 000000000..5a486018b --- /dev/null +++ b/src/openssl.cpp @@ -0,0 +1,97 @@ +/* + +Copyright (c) 2020, Arvid Norberg +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the distribution. + * Neither the name of the author nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +*/ + +#include "libtorrent/config.hpp" +#include "libtorrent/aux_/openssl.hpp" +#include "libtorrent/settings_pack.hpp" + +namespace libtorrent { +namespace aux { + +#ifdef TORRENT_USE_OPENSSL + +// all of OpenSSL causes warnings, so we just have to disable them +#include "libtorrent/aux_/disable_warnings_push.hpp" + +void openssl_set_tlsext_hostname(SSL* s, char const* name) +{ +#if OPENSSL_VERSION_NUMBER >= 0x90812f + SSL_set_tlsext_host_name(s, name); +#endif +} + +#if OPENSSL_VERSION_NUMBER >= 0x90812f + +void openssl_set_tlsext_servername_callback(SSL_CTX* ctx + , int (*servername_callback)(SSL*, int*, void*)) +{ + SSL_CTX_set_tlsext_servername_callback(ctx, servername_callback); +} + +void openssl_set_tlsext_servername_arg(SSL_CTX* ctx, void* userdata) +{ + SSL_CTX_set_tlsext_servername_arg(ctx, userdata); +} + +int openssl_num_general_names(GENERAL_NAMES* gens) +{ + return sk_GENERAL_NAME_num(gens); +} + +GENERAL_NAME* openssl_general_name_value(GENERAL_NAMES* gens, int i) +{ + return sk_GENERAL_NAME_value(gens, i); +} + +#include "libtorrent/aux_/disable_warnings_pop.hpp" + +#endif // OPENSSL_VERSION_NUMBER + +ssl::context::method ssl_version(int const v) +{ + switch (v) + { + case settings_pack::tls11: return ssl::context::tlsv11; + case settings_pack::tls12: return ssl::context::tlsv12; +#if TORRENT_USE_TLS13 + case settings_pack::tls13: return ssl::context::tlsv13; + default: return ssl::context::tlsv13; +#else + default: return ssl::context::tlsv12; +#endif + }; +} + +#endif // TORRENT_USE_OPENSSL + +} +} diff --git a/src/session_impl.cpp b/src/session_impl.cpp index dc2ac8def..f45d94fa4 100644 --- a/src/session_impl.cpp +++ b/src/session_impl.cpp @@ -454,7 +454,8 @@ namespace aux { : m_settings(pack) , m_io_service(ios) #ifdef TORRENT_USE_OPENSSL - , m_ssl_ctx(boost::asio::ssl::context::sslv23) + , m_ssl_ctx(ssl_version(pack.get_int(settings_pack::ssl_version))) + , m_peer_ssl_ctx(ssl_version(pack.get_int(settings_pack::ssl_version))) #endif , m_alerts(m_settings.get_int(settings_pack::alert_queue_size) , alert_category_t{static_cast(m_settings.get_int(settings_pack::alert_mask))}) @@ -495,7 +496,7 @@ namespace aux { , std::bind(&session_impl::on_incoming_utp_ssl, this, _1) , m_io_service , m_settings, m_stats_counters - , &m_ssl_ctx) + , &m_peer_ssl_ctx) #endif , m_timer(m_io_service) , m_lsd_announce_timer(m_io_service) @@ -537,10 +538,11 @@ namespace aux { #ifdef TORRENT_USE_OPENSSL error_code ec; m_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec); + m_peer_ssl_ctx.set_verify_mode(boost::asio::ssl::context::verify_none, ec); #if OPENSSL_VERSION_NUMBER >= 0x90812f - aux::openssl_set_tlsext_servername_callback(m_ssl_ctx.native_handle() + aux::openssl_set_tlsext_servername_callback(m_peer_ssl_ctx.native_handle() , servername_callback); - aux::openssl_set_tlsext_servername_arg(m_ssl_ctx.native_handle(), this); + aux::openssl_set_tlsext_servername_arg(m_peer_ssl_ctx.native_handle(), this); #endif // OPENSSL_VERSION_NUMBER #endif @@ -2461,11 +2463,11 @@ namespace { #ifdef TORRENT_USE_OPENSSL if (ssl == transport::ssl) { - // accept connections initializing the SSL connection to - // use the generic m_ssl_ctx context. However, since it has - // the servername callback set on it, we will switch away from - // this context into a specific torrent once we start handshaking - c->instantiate>(m_io_service, &m_ssl_ctx); + // accept connections initializing the SSL connection to use the peer + // ssl context. Since it has the servername callback set on it, we will + // switch away from this context into a specific torrent once we start + // handshaking + c->instantiate>(m_io_service, &m_peer_ssl_ctx); str = &c->get>()->next_layer(); } else diff --git a/src/settings_pack.cpp b/src/settings_pack.cpp index 34af32d73..4d64ebabd 100644 --- a/src/settings_pack.cpp +++ b/src/settings_pack.cpp @@ -350,6 +350,11 @@ constexpr int CLOSE_FILE_INTERVAL = 0; SET(resolver_cache_timeout, 1200, &session_impl::update_resolver_cache_timeout), SET(send_not_sent_low_watermark, 16384, nullptr), SET(upnp_lease_duration, 3600, nullptr), +#if TORRENT_USE_TLS13 + SET(ssl_version, settings_pack::tls13, nullptr), +#else + SET(ssl_version, settings_pack::tls12, nullptr), +#endif }}); #undef SET diff --git a/src/torrent.cpp b/src/torrent.cpp index 9ed4b0d9f..4f18d81e0 100644 --- a/src/torrent.cpp +++ b/src/torrent.cpp @@ -1625,7 +1625,8 @@ bool is_downloading_state(int const st) // create the SSL context for this torrent. We need to // inject the root certificate, and no other, to // verify other peers against - std::shared_ptr ctx = std::make_shared(context::sslv23); + std::shared_ptr ctx = std::make_shared( + aux::ssl_version(settings().get_int(settings_pack::ssl_version))); if (!ctx) { diff --git a/src/upnp.cpp b/src/upnp.cpp index 1a26a06a6..8d8f39560 100644 --- a/src/upnp.cpp +++ b/src/upnp.cpp @@ -50,6 +50,9 @@ POSSIBILITY OF SUCH DAMAGE. #include "libtorrent/aux_/disable_warnings_push.hpp" #include #include +#ifdef TORRENT_USE_OPENSSL +#include +#endif #include "libtorrent/aux_/disable_warnings_pop.hpp" #include @@ -114,7 +117,13 @@ upnp::upnp(io_service& ios , m_listen_address(listen_address) , m_netmask(netmask) , m_device(std::move(listen_device)) +#ifdef TORRENT_USE_OPENSSL + , m_ssl_ctx(ssl::context::sslv23_client) +#endif { +#ifdef TORRENT_USE_OPENSSL + m_ssl_ctx.set_verify_mode(ssl::context::verify_none); +#endif } void upnp::start() @@ -420,7 +429,13 @@ void upnp::connect(rootdevice& d) d.upnp_connection = std::make_shared(m_io_service , m_resolver , std::bind(&upnp::on_upnp_xml, self(), _1, _2 - , std::ref(d), _4)); + , std::ref(d), _4), true, default_max_bottled_buffer_size + , http_connect_handler() + , http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &m_ssl_ctx +#endif + ); d.upnp_connection->get(d.url, seconds(30), 1); } TORRENT_CATCH (std::exception const& exc) @@ -819,7 +834,12 @@ void upnp::update_map(rootdevice& d, port_mapping_t const i) , m_resolver , std::bind(&upnp::on_upnp_map_response, self(), _1, _2 , std::ref(d), i, _4), true, default_max_bottled_buffer_size - , std::bind(&upnp::create_port_mapping, self(), _1, std::ref(d), i)); + , std::bind(&upnp::create_port_mapping, self(), _1, std::ref(d), i) + , http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &m_ssl_ctx +#endif + ); d.upnp_connection->start(d.hostname, d.port , seconds(10), 1, nullptr, false, 5, m.local_ep.address()); @@ -831,7 +851,12 @@ void upnp::update_map(rootdevice& d, port_mapping_t const i) , m_resolver , std::bind(&upnp::on_upnp_unmap_response, self(), _1, _2 , std::ref(d), i, _4), true, default_max_bottled_buffer_size - , std::bind(&upnp::delete_port_mapping, self(), std::ref(d), i)); + , std::bind(&upnp::delete_port_mapping, self(), std::ref(d), i) + , http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &m_ssl_ctx +#endif + ); d.upnp_connection->start(d.hostname, d.port , seconds(10), 1, nullptr, false, 5, m.local_ep.address()); } @@ -1044,7 +1069,12 @@ void upnp::on_upnp_xml(error_code const& e , m_resolver , std::bind(&upnp::on_upnp_get_ip_address_response, self(), _1, _2 , std::ref(d), _4), true, default_max_bottled_buffer_size - , std::bind(&upnp::get_ip_address, self(), std::ref(d))); + , std::bind(&upnp::get_ip_address, self(), std::ref(d)) + , http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &m_ssl_ctx +#endif + ); d.upnp_connection->start(d.hostname, d.port , seconds(10), 1); } diff --git a/test/settings.cpp b/test/settings.cpp index 9082c456d..e517a5f35 100644 --- a/test/settings.cpp +++ b/test/settings.cpp @@ -87,6 +87,9 @@ lt::settings_pack settings() pack.set_int(settings_pack::half_open_limit, 1); #endif + // to be compatible with python + pack.set_int(settings_pack::ssl_version, settings_pack::tls12); + return pack; } diff --git a/test/test_http_connection.cpp b/test/test_http_connection.cpp index fa9b1c958..b16d6145b 100644 --- a/test/test_http_connection.cpp +++ b/test/test_http_connection.cpp @@ -121,8 +121,18 @@ void run_test(std::string const& url, int size, int status, int connected << " connected: " << connected << " error: " << (ec?ec->message():"no error") << std::endl; +#ifdef TORRENT_USE_OPENSSL + ssl::context ssl_ctx(ssl::context::sslv23_client); + ssl_ctx.set_verify_mode(ssl::context::verify_none); +#endif + std::shared_ptr h = std::make_shared(ios - , res, &::http_handler_test, true, 1024*1024, &::http_connect_handler_test); + , res, &::http_handler_test, true, 1024*1024, &::http_connect_handler_test + , http_filter_handler() +#ifdef TORRENT_USE_OPENSSL + , &ssl_ctx +#endif + ); h->get(url, seconds(5), 0, &ps, 5, "test/user-agent", boost::none, resolver_flags{}, auth); ios.reset(); error_code e;