emqx · qzhuyan · Sep 18, 2023 · Sep 6, 2023 · Sep 6, 2023 · Sep 6, 2023
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -98,7 +98,7 @@ elseif (CMAKE_SYSTEM_NAME MATCHES Darwin)
 endif()
 
 # @todo clean compiler warnings in the code
-target_compile_options(quicer_static PUBLIC "-ggdb3" "-Wno-unused-variable")
+target_compile_options(quicer_static PUBLIC "-ggdb3")
 
 if (DEFINED ENV{QUICER_TEST_COVER})
   add_compile_options("-fprofile-arcs" "-ftest-coverage")

diff --git a/c_src/quicer_config.c b/c_src/quicer_config.c
@@ -17,6 +17,7 @@ limitations under the License.
 #include "quicer_config.h"
 #include "quicer_internal.h"
 #include "quicer_queue.h"
+#include "quicer_tls.h"
 #include <msquichelper.h>
 
 extern BOOLEAN isRegistered;
@@ -266,14 +267,17 @@ ServerLoadConfiguration(ErlNifEnv *env,
 ERL_NIF_TERM
 ClientLoadConfiguration(ErlNifEnv *env,
                         const ERL_NIF_TERM *options, // map
-                        HQUIC *Configuration,
-                        bool HasCaCertFile)
+                        HQUIC Registration,
+                        HQUIC *Configuration)
 {
   QUIC_SETTINGS Settings = { 0 };
-  char cert_path[PATH_MAX + 1] = { 0 };
-  char key_path[PATH_MAX + 1] = { 0 };
-  char password[256] = { 0 };
   ERL_NIF_TERM ret = ATOM_OK;
+
+  if (!isRegistered && (Registration == GRegistration))
+    {
+      return ATOM_REG_FAILED;
+    }
+
   //
   // Configures the client's idle timeout.
   //
@@ -291,59 +295,21 @@ ClientLoadConfiguration(ErlNifEnv *env,
   /* Settings.IsSet.DesiredVersionsList = TRUE; */
 
   //
-  // Configures a default client configuration, optionally disabling
-  // server certificate validation.
+  // Configures a default client configuration
   //
   QUIC_CREDENTIAL_CONFIG CredConfig;
   CxPlatZeroMemory(&CredConfig, sizeof(CredConfig));
   CredConfig.Type = QUIC_CREDENTIAL_TYPE_NONE;
-  CredConfig.Flags = QUIC_CREDENTIAL_FLAG_CLIENT;
-
-  if ((get_str_from_map(env, ATOM_CERTFILE, options, cert_path, PATH_MAX + 1)
-       || get_str_from_map(env, ATOM_CERT, options, cert_path, PATH_MAX + 1))
-      && (get_str_from_map(env, ATOM_KEYFILE, options, key_path, PATH_MAX + 1)
-          || get_str_from_map(env, ATOM_KEY, options, key_path, PATH_MAX + 1)))
-    {
-      if (get_str_from_map(env, ATOM_PASSWORD, options, password, 256))
-        {
-          QUIC_CERTIFICATE_FILE_PROTECTED *CertFile
-              = (QUIC_CERTIFICATE_FILE_PROTECTED *)CXPLAT_ALLOC_NONPAGED(
-                  sizeof(QUIC_CERTIFICATE_FILE_PROTECTED),
-                  QUICER_CERTIFICATE_FILE);
-
-          CertFile->CertificateFile = cert_path;
-          CertFile->PrivateKeyFile = key_path;
-          CertFile->PrivateKeyPassword = password;
-          CredConfig.CertificateFileProtected = CertFile;
-          CredConfig.Type = QUIC_CREDENTIAL_TYPE_CERTIFICATE_FILE_PROTECTED;
-        }
-      else
-        {
-          QUIC_CERTIFICATE_FILE *CertFile
-              = (QUIC_CERTIFICATE_FILE *)CXPLAT_ALLOC_NONPAGED(
-                  sizeof(QUIC_CERTIFICATE_FILE), QUICER_CERTIFICATE_FILE);
-          CertFile->CertificateFile = cert_path;
-          CertFile->PrivateKeyFile = key_path;
-          CredConfig.CertificateFile = CertFile;
-          CredConfig.Type = QUIC_CREDENTIAL_TYPE_CERTIFICATE_FILE;
-        }
-    }
+  CredConfig.Flags |= QUIC_CREDENTIAL_FLAG_CLIENT;
 
-  // Should we try to verify the certificate the server sends?
-  bool Verify = load_verify(env, options, true);
+  // certs and keys are optional at client side
+  parse_cert_options(env, *options, &CredConfig);
 
-  if (!Verify)
+  // If Verify Peer...
+  if (!parse_verify_options(env, *options, &CredConfig, FALSE))
     {
-      CredConfig.Flags |= QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION;
+      return ERROR_TUPLE_2(ATOM_VERIFY);
     }
-  else if (HasCaCertFile)
-    {
-      // Do own validation instead against provided ca certs in cacertfile
-      CredConfig.Flags |= QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED;
-
-      CredConfig.Flags |= QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION;
-    }
-  // Default to validation against system ca certificates
 
   unsigned alpn_buffer_length = 0;
   QUIC_BUFFER alpn_buffers[MAX_ALPN];
@@ -359,7 +325,7 @@ ClientLoadConfiguration(ErlNifEnv *env,
   // and settings.
   //
   QUIC_STATUS Status = QUIC_STATUS_SUCCESS;
-  if (QUIC_FAILED(Status = MsQuic->ConfigurationOpen(GRegistration,
+  if (QUIC_FAILED(Status = MsQuic->ConfigurationOpen(Registration,
                                                      alpn_buffers,
                                                      alpn_buffer_length,
                                                      &Settings,
@@ -386,16 +352,7 @@ ClientLoadConfiguration(ErlNifEnv *env,
 done:
 
   // Cleanup CredConfig
-  if (QUIC_CREDENTIAL_TYPE_CERTIFICATE_FILE == CredConfig.Type)
-    {
-      CxPlatFree(CredConfig.CertificateFile, QUICER_CERTIFICATE_FILE);
-    }
-  else if (QUIC_CREDENTIAL_TYPE_CERTIFICATE_FILE_PROTECTED == CredConfig.Type)
-    {
-      CxPlatFree(CredConfig.CertificateFile,
-                 QUICER_CERTIFICATE_FILE_PROTECTED);
-    }
-
+  free_certificate(&CredConfig);
   return ret;
 }
 
@@ -2433,34 +2390,6 @@ set_config_opt(ErlNifEnv *env,
   return res;
 }
 
-// @deprecated
-int
-get_str_from_map(ErlNifEnv *env,
-                 ERL_NIF_TERM key,
-                 const ERL_NIF_TERM *map,
-                 char *buff,
-                 unsigned max_len)
-{
-
-  ERL_NIF_TERM tmp_term;
-  if (!buff)
-    {
-      return 0;
-    }
-  unsigned tmp_len = 0;
-  if (!enif_get_map_value(env, *map, key, &tmp_term))
-    {
-      return 0;
-    }
-
-  if (!enif_get_list_length(env, tmp_term, &tmp_len) || tmp_len > max_len)
-    {
-      return 0;
-    }
-
-  return enif_get_string(env, tmp_term, buff, tmp_len + 1, ERL_NIF_LATIN1);
-}
-
 /*
 ** Fill str_buffer with string value of key in map.
 ** In case str_buffer is NULL, then new memory will be allocated,

diff --git a/c_src/quicer_config.h b/c_src/quicer_config.h
@@ -71,8 +71,8 @@ ERL_NIF_TERM ServerLoadConfiguration(ErlNifEnv *env,
                                      QUIC_CREDENTIAL_CONFIG *Config);
 ERL_NIF_TERM ClientLoadConfiguration(ErlNifEnv *env,
                                      const ERL_NIF_TERM *option,
-                                     HQUIC *Configuration,
-                                     bool HasCaCertFile);
+                                     HQUIC Registration,
+                                     HQUIC *Configuration);
 
 bool load_alpn(ErlNifEnv *env,
                const ERL_NIF_TERM *option,
@@ -97,11 +97,6 @@ bool get_uint64_from_map(ErlNifEnv *env,
                          const ERL_NIF_TERM map,
                          ERL_NIF_TERM key,
                          uint64_t *value);
-int get_str_from_map(ErlNifEnv *env,
-                     ERL_NIF_TERM key,
-                     const ERL_NIF_TERM *map,
-                     char *buff,
-                     unsigned max_len);
 char *str_from_map(ErlNifEnv *env,
                    ERL_NIF_TERM key,
                    const ERL_NIF_TERM *map,