This patch allows to transfer both request/response between utilities and userspace URBs transfer over SSL. OpenSSL is used for the implementation.
Options --with-ssl=yes at ./configure and --ssl to command and daemon enable SSL. Default of --with-ssl is depends on existence of OpenSSL package. If it exists, default is --with-ssl=yes otherwise no.
If user space URBs transfer is not activated, ie. usbip_ux.ko is not installed, the utilites will fail in socket preparation.
To compile and execute the utilities, OpenSSL headers and libraries (openssl-devel or openssl-dev package) are needed.
Supported certificate files format is PEM.
Related options and their default are as following.
--ssl
Activate SSL. Default is non SSL.
--tcp-port
TCP port number. Default is 3240 for non SSL or 443 for SSL.
--key
Private key file. Default is ./cert/server.key (for usbipd and usbipa)
or ./cert/client.key (for usbip).
--cert
Certificate file. Default is ./cert/server.crt (for usbipd and usbipa)
or ./cert/client.crt (for usbip).
--root
Root CA's certification. Default is none.
--verification
Verification mode from none | relaxed | strict | once
(for usbipd and usbipa) or none | relaxed (for usbip).
Default is none.
Signed-off-by: Nobuo Iwata <nobuo.iwata@xxxxxxxxxxxxxxx>
---
tools/usb/usbip/configure.ac | 34 ++++++
tools/usb/usbip/src/Makefile.am | 10 +-
tools/usb/usbip/src/usbip.c | 55 ++++++++-
tools/usb/usbip/src/usbip_network.c | 47 ++++++++
tools/usb/usbip/src/usbip_network.h | 3 +
tools/usb/usbip/src/usbip_ssl.c | 232 ++++++++++++++++++++++++++++++++++++
tools/usb/usbip/src/usbip_ssl.h | 35 ++++++
tools/usb/usbip/src/usbipd.c | 108 ++++++++++++++++-
8 files changed, 516 insertions(+), 8 deletions(-)
create mode 100644 tools/usb/usbip/src/usbip_ssl.c
create mode 100644 tools/usb/usbip/src/usbip_ssl.h
diff --git a/tools/usb/usbip/configure.ac b/tools/usb/usbip/configure.ac
index 607d05c..3b8277e 100644
--- a/tools/usb/usbip/configure.ac
+++ b/tools/usb/usbip/configure.ac
@@ -90,6 +90,40 @@ AC_ARG_WITH([usbids-dir],
[USBIDS_DIR=$withval], [USBIDS_DIR="/usr/share/hwdata/"])
AC_SUBST([USBIDS_DIR])
+# Checks for SSL.
+AC_MSG_CHECKING([whether to use SSL])
+AC_ARG_WITH([ssl],
+ [AS_HELP_STRING([--with-ssl],
+ [use SSL (OpenSSL)])],
+ dnl [ACTION-IF-GIVEN]
+ [if test "$withval" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_MSG_CHECKING([for SSL_METHOD])
+ saved_LIBS="$LIBS"
+ LIBS="-lssl -lcrypt $saved_LIBS"
+ AC_TRY_LINK(
+ [#include <openssl/ssl.h>],
+ [SSL_METHOD *m = SSLv23_method();],
+ [AC_MSG_RESULT([yes]);
+ AC_DEFINE([USE_SSL], [1], [use ssl])
+ AC_SUBST([SSL_LIBS], ["-lssl -lcrypto"])],
+ [AC_MSG_RESULT([not found]); exit 1])
+ else
+ AC_MSG_RESULT([no]);
+ fi],
+ dnl [ACTION-IF-NOT-GIVEN]
+ [AC_MSG_RESULT([(default)])
+ AC_MSG_CHECKING([for SSL_METHOD])
+ saved_LIBS="$LIBS"
+ LIBS="-lssl -lcrypt $saved_LIBS"
+ AC_TRY_LINK(
+ [#include <openssl/ssl.h>],
+ [SSL_METHOD *m = SSLv23_method();],
+ [AC_MSG_RESULT([yes]);
+ AC_DEFINE([USE_SSL], [1], [use ssl])
+ AC_SUBST([SSL_LIBS], ["-lssl -lcrypto"])],
+ [AC_MSG_RESULT([no]); LIBS="$saved_LIBS"])])
+
# use _FORTIFY_SOURCE
AC_MSG_CHECKING([whether to use fortify])
AC_ARG_WITH([fortify],
diff --git a/tools/usb/usbip/src/Makefile.am b/tools/usb/usbip/src/Makefile.am
index f5697c2..cbe55ec 100644
--- a/tools/usb/usbip/src/Makefile.am
+++ b/tools/usb/usbip/src/Makefile.am
@@ -1,14 +1,18 @@
AM_CPPFLAGS = -I$(top_srcdir)/libsrc -DUSBIDS_FILE='"@USBIDS_DIR@/usb.ids"'
AM_CFLAGS = @EXTRA_CFLAGS@
+AM_LDFLAGS = @SSL_LIBS@
LDADD = $(top_builddir)/libsrc/libusbip.la
sbin_PROGRAMS := usbip usbipd usbipa
-usbip_SOURCES := usbip.h utils.h usbip.c utils.c usbip_network.c \
+usbip_SOURCES := usbip.h utils.h usbip.c utils.c \
+ usbip_network.c usbip_ssl.c \
usbip_attach.c usbip_detach.c usbip_list.c \
usbip_bind.c usbip_unbind.c usbip_port.c \
usbip_connect.c usbip_disconnect.c
-usbipd_SOURCES := usbip_network.h usbipd.c usbipd_dev.c usbip_network.c
+usbipd_SOURCES := usbip_network.h usbipd.c usbipd_dev.c \
+ usbip_network.c usbip_ssl.c
-usbipa_SOURCES := usbip_network.h usbipd.c usbipd_app.c usbip_network.c
+usbipa_SOURCES := usbip_network.h usbipd.c usbipd_app.c \
+ usbip_network.c usbip_ssl.c
diff --git a/tools/usb/usbip/src/usbip.c b/tools/usb/usbip/src/usbip.c
index 9d1468f..e743d82 100644
--- a/tools/usb/usbip/src/usbip.c
+++ b/tools/usb/usbip/src/usbip.c
@@ -30,14 +30,29 @@
#include "usbip_network.h"
#include "usbip.h"
+#ifdef USE_SSL
+#include "usbip_ssl.h"
+
+int usbip_use_ssl = 0;
+char *usbip_ssl_default_cert = "cert/client.crt";
+char *usbip_ssl_default_key = "cert/client.key";
+#endif
+
static int usbip_help(int argc, char *argv[]);
static int usbip_version(int argc, char *argv[]);
static const char usbip_version_string[] = PACKAGE_STRING;
static const char usbip_usage_string[] =
- "usbip [--debug] [--log] [--tcp-port PORT] [version]\n"
- " [help] <command> <args>\n";
+ "usbip [--debug] [--log] [--tcp-port PORT]"
+#ifdef USE_SSL
+ " [--ssl]\n"
+ " [--key KEY-FILE] [--cert CERT-FILE] [--root ROOT-CERT-FILE]\n"
+ " [--verification-mode <none | relaxed>]\n"
+#else
+ "\n"
+#endif
+ " [version] [help] <command> <args>\n";
static void usbip_usage(void)
{
@@ -161,6 +176,13 @@ int main(int argc, char *argv[])
{ "debug", no_argument, NULL, 'd' },
{ "log", no_argument, NULL, 'l' },
{ "tcp-port", required_argument, NULL, 't' },
+#ifdef USE_SSL
+ { "ssl", no_argument, NULL, 's' },
+ { "cert", required_argument, NULL, 'c' },
+ { "key", required_argument, NULL, 'k' },
+ { "root", required_argument, NULL, 'r' },
+ { "verification", required_argument, NULL, 'V' },
+#endif
{ NULL, 0, NULL, 0 }
};
@@ -171,7 +193,11 @@ int main(int argc, char *argv[])
usbip_use_stderr = 1;
opterr = 0;
for (;;) {
- opt = getopt_long(argc, argv, "+dlt:", opts, NULL);
+ opt = getopt_long(argc, argv, "+dlt:"
+#ifdef USE_SSL
+ "sc:k:r:V:"
+#endif
+ , opts, NULL);
if (opt == -1)
break;
@@ -187,6 +213,26 @@ int main(int argc, char *argv[])
case 't':
usbip_setup_port_number(optarg);
break;
+#ifdef USE_SSL
+ case 's':
+ usbip_use_ssl = 1;
+ break;
+ case 'c':
+ usbip_ssl_setup_cert(optarg);
+ break;
+ case 'k':
+ usbip_ssl_setup_key(optarg);
+ break;
+ case 'r':
+ usbip_ssl_setup_root(optarg);
+ break;
+ case 'V':
+ if (usbip_ssl_setup_verification_mode(optarg, 1)) {
+ usbip_usage();
+ goto out;
+ }
+ break;
+#endif
case '?':
printf("usbip: invalid option\n");
default:
@@ -194,6 +240,9 @@ int main(int argc, char *argv[])
goto out;
}
}
+#ifdef USE_SSL
+ usbip_fixup_port_number();
+#endif
cmd = argv[optind];
if (cmd) {
diff --git a/tools/usb/usbip/src/usbip_network.c b/tools/usb/usbip/src/usbip_network.c
index 329de34..39ed18c 100644
--- a/tools/usb/usbip/src/usbip_network.c
+++ b/tools/usb/usbip/src/usbip_network.c
@@ -33,8 +33,16 @@
#include "usbip_common.h"
#include "usbip_network.h"
+#ifdef USE_SSL
+#include "usbip_ssl.h"
+
+extern int usbip_use_ssl;
+SSL_CTX *usbip_ssl_context;
+#endif
+
int usbip_port = 3240;
char *usbip_port_string = "3240";
+static int usbip_port_default = 1;
void usbip_setup_port_number(char *arg)
{
@@ -60,9 +68,20 @@ void usbip_setup_port_number(char *arg)
usbip_port = port;
usbip_port_string = arg;
+ usbip_port_default = 0;
info("using port %d (\"%s\")", usbip_port, usbip_port_string);
}
+#ifdef USE_SSL
+void usbip_fixup_port_number(void)
+{
+ if (usbip_port_default) {
+ usbip_port = 443;
+ usbip_port_string = "443";
+ }
+}
+#endif
+
void usbip_net_pack_uint32_t(int pack, uint32_t *num)
{
uint32_t i;
@@ -316,13 +335,41 @@ usbip_sock_t *usbip_net_tcp_connect(char *hostname, char *service)
close(sockfd);
return NULL;
}
+#ifdef USE_SSL
+ if (usbip_use_ssl) {
+ SSL *ssl;
+ usbip_ssl_context = usbip_ssl_setup(0);
+ if (usbip_ssl_context == NULL) {
+ close(sockfd);
+ return NULL;
+ }
+ ssl = usbip_ssl_connect(usbip_ssl_context, sockfd);
+ if (ssl == NULL) {
+ usbip_ssl_teardown(usbip_ssl_context);
+ close(sockfd);
+ return NULL;
+ }
+ usbip_sock_init(sock, sockfd, ssl,
+ usbip_ssl_send, usbip_ssl_recv,
+ usbip_ssl_shutdown);
+ } else {
+ usbip_sock_init(sock, sockfd, NULL, NULL, NULL, NULL);
+ }
+#else
usbip_sock_init(sock, sockfd, NULL, NULL, NULL, NULL);
+#endif
return sock;
}
void usbip_net_tcp_close(usbip_sock_t *sock)
{
+#ifdef USE_SSL
+ if (usbip_use_ssl) {
+ usbip_ssl_close((SSL*)sock->arg);
+ usbip_ssl_teardown(usbip_ssl_context);
+ }
+#endif
close(sock->fd);
free(sock);
}
diff --git a/tools/usb/usbip/src/usbip_network.h b/tools/usb/usbip/src/usbip_network.h
index 1c304e0..3f7d0d3 100644
--- a/tools/usb/usbip/src/usbip_network.h
+++ b/tools/usb/usbip/src/usbip_network.h
@@ -17,6 +17,9 @@
extern int usbip_port;
extern char *usbip_port_string;
void usbip_setup_port_number(char *arg);
+#ifdef USE_SSL
+void usbip_fixup_port_number(void);
+#endif
/* ---------------------------------------------------------------------- */
/* Common header for all the kinds of PDUs. */
diff --git a/tools/usb/usbip/src/usbip_ssl.c b/tools/usb/usbip/src/usbip_ssl.c
new file mode 100644
index 0000000..f6b0db6
--- /dev/null
+++ b/tools/usb/usbip/src/usbip_ssl.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (C) 2015 Nobuo Iwata
+ *
+ * OpenSSL functions for USB/IP.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+#ifdef USE_SSL
+
+#include "usbip_ssl.h"
+#include "usbip_common.h"
+#include "usbip_ux.h"
+
+extern char *usbip_ssl_default_cert;
+extern char *usbip_ssl_default_key;
+
+static const char *ssl_cert = NULL;
+static const char *ssl_key = NULL;
+static const char *ssl_root = NULL;
+static int ssl_verification_mode = SSL_VERIFY_NONE;
+
+void usbip_ssl_setup_cert(const char *arg)
+{
+ dbg("Parsing cert arg '%s'", arg);
+ ssl_cert = arg;
+}
+
+void usbip_ssl_setup_key(const char *arg)
+{
+ dbg("Parsing key arg '%s'", arg);
+ ssl_cert = arg;
+}
+
+void usbip_ssl_setup_root(const char *arg)
+{
+ dbg("Parsing root arg '%s'", arg);
+ ssl_root = arg;
+}
+
+int usbip_ssl_setup_verification_mode(const char *arg, int server)
+{
+ dbg("Parsing verification arg '%s'", arg);
+ if (!strcmp(arg, "none")) {
+ ssl_verification_mode = SSL_VERIFY_NONE;
+ } else if (!strcmp(arg, "relaxed")) {
+ ssl_verification_mode = SSL_VERIFY_PEER;
+ } else if (server && !strcmp(arg, "strict")) {
+ ssl_verification_mode = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ } else if (server && !strcmp(arg, "once")) {
+ ssl_verification_mode = SSL_VERIFY_CLIENT_ONCE;
+ } else {
+ return -1;
+ }
+ return 0;
+}
+
+static int load_cert(SSL_CTX *ctx)
+{
+ int ret;
+
+ if (ssl_cert == NULL) {
+ ssl_cert = usbip_ssl_default_cert;
+ }
+ if (ssl_key == NULL) {
+ ssl_key = usbip_ssl_default_key;
+ }
+ ret = SSL_CTX_use_certificate_file(ctx, ssl_cert, SSL_FILETYPE_PEM);
+ if (ret != 1) {
+ err("Fail to load cert: %s", ERR_reason_error_string(ERR_get_error()));
+ return -1;
+ }
+ ret = SSL_CTX_use_PrivateKey_file(ctx, ssl_key, SSL_FILETYPE_PEM);
+ if (ret != 1) {
+ err("Fail to load key: %s", ERR_reason_error_string(ERR_get_error()));
+ return -1;
+ }
+ if (ssl_root != NULL) {
+ ret = SSL_CTX_load_verify_locations(ctx, ssl_root, NULL);
+ if (ret != 1) {
+ err("Fail to load root: %s", ERR_reason_error_string(ERR_get_error()));
+ return -1;
+ }
+ }
+ return 0;
+}
+
+SSL_CTX *usbip_ssl_setup(int server)
+{
+ SSL_CTX *ctx;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+ ERR_load_BIO_strings();
+ OpenSSL_add_all_algorithms();
+
+ if (!usbip_ux_installed()) {
+ err("Userspace transmission is not enabled for SSL.");
+ goto err0;
+ }
+ if (server) {
+ ctx = SSL_CTX_new(SSLv23_server_method());
+ } else {
+ ctx = SSL_CTX_new(SSLv3_client_method());
+ }
+ if (ctx == NULL) {
+ err("Fail to create context: %s", ERR_reason_error_string(ERR_get_error()));
+ goto err0;
+ }
+ if (load_cert(ctx)) {
+ goto err1;
+ }
+ SSL_CTX_set_verify(ctx, ssl_verification_mode, NULL);
+ return ctx;
+err1:
+ SSL_CTX_free(ctx);
+err0:
+ return NULL;
+}
+
+void usbip_ssl_teardown(SSL_CTX *ctx)
+{
+ SSL_CTX_free(ctx);
+}
+
+static SSL *alloc_ssl(SSL_CTX *ctx, int sockfd)
+{
+ SSL *ssl;
+
+ ssl = SSL_new(ctx);
+ if (ssl == NULL) {
+ err("Fail to create ssl: %s", ERR_reason_error_string(ERR_get_error()));
+ goto err0;
+ }
+ if (SSL_set_fd(ssl, sockfd) != 1) {
+ err("Fail to set fd to ssl: %s", ERR_reason_error_string(ERR_get_error()));
+ goto err1;
+ }
+ return ssl;
+err1:
+ SSL_free(ssl);
+err0:
+ return NULL;
+}
+
+SSL *usbip_ssl_accept(SSL_CTX *ctx, int sockfd)
+{
+ SSL *ssl;
+ int ret;
+
+ ssl = alloc_ssl(ctx, sockfd);
+ if (ssl == NULL) {
+ goto err0;
+ }
+ ret = SSL_accept(ssl);
+ if (ret != 1) {
+ err("Fail to accept: %s", ERR_reason_error_string(ERR_get_error()));
+ if (ret < 0) {
+ SSL_shutdown(ssl);
+ }
+ goto err1;
+ }
+ return ssl;
+err1:
+ SSL_free(ssl);
+err0:
+ return NULL;
+}
+
+SSL *usbip_ssl_connect(SSL_CTX *ctx, int sockfd)
+{
+ SSL *ssl;
+ int ret;
+
+ ssl = alloc_ssl(ctx, sockfd);
+ if (ssl == NULL) {
+ goto err0;
+ }
+ ret = SSL_connect(ssl);
+ if (ret != 1) {
+ err("Fail to connect: %s", ERR_reason_error_string(ERR_get_error()));
+ if (ret < 0) {
+ SSL_shutdown(ssl);
+ }
+ goto err1;
+ }
+ return ssl;
+err1:
+ SSL_free(ssl);
+err0:
+ return NULL;
+}
+
+void usbip_ssl_close(SSL *ssl)
+{
+ SSL_free(ssl);
+}
+
+ssize_t usbip_ssl_send(void *arg, void *buf, size_t len)
+{
+ SSL *ssl = (SSL*)arg;
+ return SSL_write(ssl, buf, len);
+}
+
+ssize_t usbip_ssl_recv(void *arg, void *buf, size_t len, int all)
+{
+ SSL *ssl = (SSL*)arg;
+ char *p = (char*)buf;
+ ssize_t bytes, received = 0;
+
+ do {
+ bytes = SSL_read(ssl, p+received, len-received);
+ if (bytes == 0) {
+ return received;
+ } else if (bytes < 0) {
+ return -1;
+ }
+ received += bytes;
+ } while(all && received < (ssize_t)len);
+ return received;
+}
+
+void usbip_ssl_shutdown(void *arg)
+{
+ SSL *ssl = (SSL*)arg;
+ SSL_shutdown(ssl);
+}
+
+#endif /* USE_SSL */
+
diff --git a/tools/usb/usbip/src/usbip_ssl.h b/tools/usb/usbip/src/usbip_ssl.h
new file mode 100644
index 0000000..78b1181
--- /dev/null
+++ b/tools/usb/usbip/src/usbip_ssl.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2015 Nobuo Iwata
+ *
+ * OpenSSL functions for USB/IP.
+ */
+
+#ifndef __USBIP_SSL_H
+#define __USBIP_SSL_H
+
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+#ifdef USE_SSL
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <unistd.h>
+
+void usbip_ssl_setup_cert(const char *arg);
+void usbip_ssl_setup_key(const char *arg);
+void usbip_ssl_setup_root(const char *arg);
+int usbip_ssl_setup_verification_mode(const char *arg, int server);
+SSL_CTX *usbip_ssl_setup(int server);
+void usbip_ssl_teardown(SSL_CTX *ctx);
+SSL *usbip_ssl_accept(SSL_CTX *ctx, int sockfd);
+SSL *usbip_ssl_connect(SSL_CTX *ctx, int sockfd);
+void usbip_ssl_close(SSL *ssl);
+ssize_t usbip_ssl_send(void *arg, void *buf, size_t len);
+ssize_t usbip_ssl_recv(void *arg, void *buf, size_t len, int all);
+void usbip_ssl_shutdown(void *arg);
+
+#endif /* USE_SSL */
+
+#endif /* !__USBIP_SSL_H */
diff --git a/tools/usb/usbip/src/usbipd.c b/tools/usb/usbip/src/usbipd.c
index 5f7cd86..07d5edd 100644
--- a/tools/usb/usbip/src/usbipd.c
+++ b/tools/usb/usbip/src/usbipd.c
@@ -46,6 +46,15 @@
#include "usbip_ux.h"
#include "list.h"
+#ifdef USE_SSL
+#include "usbip_ssl.h"
+
+int usbip_use_ssl = 0;
+char *usbip_ssl_default_cert = "cert/server.crt";
+char *usbip_ssl_default_key = "cert/server.key";
+SSL_CTX *usbip_ssl_context;
+#endif
+
extern char *usbip_progname;
#define MAXSOCKFD 20
@@ -77,6 +86,28 @@ static const char usbipd_help_string[] =
"\n"
" -tPORT, --tcp-port PORT\n"
" Listen on TCP/IP port PORT.\n"
+#ifdef USE_SSL
+ " Default is 3240 for non-SSL or 443 for SSL.\n"
+#else
+ " Default is 3240.\n"
+#endif
+#ifdef USE_SSL
+ "\n"
+ " -s, --ssl\n"
+ " Use SSL.\n"
+ "\n"
+ " -kKEY-FILE, --key KEY-FILE\n"
+ " Private key file. Default is %s.\n"
+ "\n"
+ " -cCERT-FILE, --cert CERT-FILE\n"
+ " Certificate file. Default is %s.\n"
+ "\n"
+ " -rROOT-CERT-FILE, --root ROOT-CERT-FILE\n"
+ " Trusted CA file. Default is none.\n"
+ "\n"
+ " -VVERIFICATION-MODE, --verification VERIFICATION-MODE\n"
+ " Verification mode - none(default), relaxed, strict or once.\n"
+#endif
"\n"
" -h, --help\n"
" Print this help.\n"
@@ -86,7 +117,11 @@ static const char usbipd_help_string[] =
static void usbipd_help(void)
{
- printf(usbipd_help_string, usbip_progname, usbip_default_pid_file);
+ printf(usbipd_help_string, usbip_progname, usbip_default_pid_file
+#ifdef USE_SSL
+ , usbip_ssl_default_key, usbip_ssl_default_cert
+#endif
+ );
}
#ifdef HAVE_LIBWRAP
@@ -153,8 +188,26 @@ int process_request(int listenfd)
childpid = fork();
if (childpid == 0) {
close(listenfd);
+#ifdef USE_SSL
+ if (usbip_use_ssl) {
+ SSL *ssl = usbip_ssl_accept(usbip_ssl_context, connfd);
+ if (ssl == NULL) {
+ close(connfd);
+ exit(1);
+ }
+ usbip_sock_init(&sock, connfd, ssl,
+ usbip_ssl_send, usbip_ssl_recv,
+ usbip_ssl_shutdown);
+ usbip_recv_pdu(&sock, host, port);
+ usbip_ssl_close(ssl);
+ } else {
+ usbip_sock_init(&sock, connfd, NULL, NULL, NULL, NULL);
+ usbip_recv_pdu(&sock, host, port);
+ }
+#else
usbip_sock_init(&sock, connfd, NULL, NULL, NULL, NULL);
usbip_recv_pdu(&sock, host, port);
+#endif
close(connfd);
exit(0);
}
@@ -229,6 +282,9 @@ static int listen_all_addrinfo(struct addrinfo *ai_head, int sockfdlist[],
}
info("listening on %s", ai_buf);
+#ifdef USE_SSL
+ if (usbip_use_ssl) info("using ssl");
+#endif
sockfdlist[nsockfd++] = sock;
}
@@ -351,6 +407,15 @@ static int do_standalone_mode(int daemonize, int ipv4, int ipv6)
usbip_driver_close();
return -1;
}
+#ifdef USE_SSL
+ if (usbip_use_ssl) {
+ usbip_ssl_context = usbip_ssl_setup(1);
+ if (usbip_ssl_context == NULL) {
+ usbip_driver_close();
+ return -1;
+ }
+ }
+#endif
nsockfd = listen_all_addrinfo(ai_head, sockfdlist,
sizeof(sockfdlist) / sizeof(*sockfdlist));
freeaddrinfo(ai_head);
@@ -396,6 +461,11 @@ static int do_standalone_mode(int daemonize, int ipv4, int ipv6)
}
info("shutting down " PROGNAME);
+#ifdef USE_SSL
+ if (usbip_use_ssl) {
+ usbip_ssl_teardown(usbip_ssl_context);
+ }
+#endif
free(fds);
usbip_driver_close();
@@ -412,6 +482,13 @@ int main(int argc, char *argv[])
{ "debug", no_argument, NULL, 'd' },
{ "pid", optional_argument, NULL, 'P' },
{ "tcp-port", required_argument, NULL, 't' },
+#ifdef USE_SSL
+ { "ssl", no_argument, NULL, 's' },
+ { "cert", required_argument, NULL, 'c' },
+ { "key", required_argument, NULL, 'k' },
+ { "root", required_argument, NULL, 'r' },
+ { "verification", required_argument, NULL, 'V' },
+#endif
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, 'v' },
{ NULL, 0, NULL, 0 }
@@ -437,7 +514,11 @@ int main(int argc, char *argv[])
cmd = cmd_standalone_mode;
for (;;) {
- opt = getopt_long(argc, argv, "46DdP::t:hv", longopts, NULL);
+ opt = getopt_long(argc, argv, "46DdP::t:"
+#ifdef USE_SSL
+ "sc:k:r:V:"
+#endif
+ "hv", longopts, NULL);
if (opt == -1)
break;
@@ -464,6 +545,26 @@ int main(int argc, char *argv[])
case 't':
usbip_setup_port_number(optarg);
break;
+#ifdef USE_SSL
+ case 's':
+ usbip_use_ssl = 1;
+ break;
+ case 'c':
+ usbip_ssl_setup_cert(optarg);
+ break;
+ case 'k':
+ usbip_ssl_setup_key(optarg);
+ break;
+ case 'r':
+ usbip_ssl_setup_root(optarg);
+ break;
+ case 'V':
+ if (usbip_ssl_setup_verification_mode(optarg, 1)) {
+ usbipd_help();
+ goto err_out;
+ }
+ break;
+#endif
case 'v':
cmd = cmd_version;
break;
@@ -473,6 +574,9 @@ int main(int argc, char *argv[])
goto err_out;
}
}
+#ifdef USE_SSL
+ usbip_fixup_port_number();
+#endif
if (!ipv4 && !ipv6)
ipv4 = ipv6 = 1;
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
