From 11ba210ab0826ab5f13579080e9e2992d9cfac33 Mon Sep 17 00:00:00 2001
From: Marek Vavrusa <marek@vavrusa.com>
Date: Fri, 5 Aug 2016 10:48:25 -0700
Subject: [PATCH] daemon/tls: cleanup, documented tls functions

---
 daemon/bindings.c | 15 ++++++++++++---
 daemon/tls.h      | 19 +++++++++++++++++--
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/daemon/bindings.c b/daemon/bindings.c
index 4828e7b44..ebfe2009f 100644
--- a/daemon/bindings.c
+++ b/daemon/bindings.c
@@ -340,8 +340,8 @@ static int net_pipeline(lua_State *L)
 		return 1;
 	}
 	int len = lua_tointeger(L, 1);
-	if (len < 0 || len > 4096) {
-		format_error(L, "tcp_pipeline must be within <0, 4096>");
+	if (len < 0 || len > UINT16_MAX) {
+		format_error(L, "tcp_pipeline must be within <0, 65535>");
 		lua_error(L);
 	}
 	worker->tcp_pipeline_max = len;
@@ -360,8 +360,17 @@ static int net_tls(lua_State *L)
 		return 0;
 	}
 
+	/* Only return current credentials. */
 	if (lua_gettop(L) == 0) {
-		lua_pushfstring(L, "(\"%s\", \"%s\")", net->tls_credentials->tls_cert, net->tls_credentials->tls_key);
+		/* No credentials configured yet. */
+		if (!net->tls_credentials) {
+			return 0;
+		}
+		lua_newtable(L);
+		lua_pushstring(L, net->tls_credentials->tls_cert);
+		lua_setfield(L, -2, "cert_file");
+		lua_pushstring(L, net->tls_credentials->tls_key);
+		lua_setfield(L, -2, "key_file");
 		return 1;
 	}
 
diff --git a/daemon/tls.h b/daemon/tls.h
index 3838fe37a..12375c7cd 100644
--- a/daemon/tls.h
+++ b/daemon/tls.h
@@ -29,18 +29,33 @@ struct tls_credentials {
 	gnutls_certificate_credentials_t credentials;
 };
 
+/*! Toggle verbose logging from TLS context. */
 void tls_setup_logging(bool verbose);
 
+/*! Create an empty TLS context in query context */
 struct tls_ctx_t* tls_new(struct worker_ctx *worker);
+
+/*! Close a TLS context */
 void tls_free(struct tls_ctx_t* tls);
 
+/*! Push new data to TLS context for sending */
 int tls_push(struct qr_task *task, uv_handle_t* handle, knot_pkt_t * pkt);
+
+/*! Unwrap incoming data from a TLS stream and pass them to TCP session. */
 int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *buf, ssize_t nread);
 
+/*! Set TLS certificate and key from files. */
 int tls_certificate_set(struct network *net, const char *tls_cert, const char *tls_key);
+
+/*! Borrow TLS credentials for context. */
+struct tls_credentials *tls_credentials_reserve(struct tls_credentials *worker);
+
+/*! Release TLS credentials for context (decrements refcount or frees). */
 int tls_credentials_release(struct tls_credentials *tls_credentials);
+
+/*! Free TLS credentials, must not be called if it holds positive refcount. */
 void tls_credentials_free(struct tls_credentials *tls_credentials);
-struct tls_credentials *tls_credentials_reserve(struct tls_credentials *worker);
-/* Log DNS-over-TLS OOB key-pin form of current credentials:
+
+/*! Log DNS-over-TLS OOB key-pin form of current credentials:
  * https://tools.ietf.org/html/rfc7858#appendix-A */
 void tls_credentials_log_pins(struct tls_credentials *tls_credentials);
-- 
GitLab