diff options
| author | Anthony Neal <aneal@zeroc.com> | 2001-11-30 19:58:47 +0000 |
|---|---|---|
| committer | Anthony Neal <aneal@zeroc.com> | 2001-11-30 19:58:47 +0000 |
| commit | 0943a96869b83130fb7f2c3983a918a0dbad144b (patch) | |
| tree | 45203542428d3f0776f88e98733eb1ad47dbabbc /cpp/src/Ice/SslSystemOpenSSL.cpp | |
| parent | converted some stuff to use Application.h (diff) | |
| download | ice-0943a96869b83130fb7f2c3983a918a0dbad144b.tar.bz2 ice-0943a96869b83130fb7f2c3983a918a0dbad144b.tar.xz ice-0943a96869b83130fb7f2c3983a918a0dbad144b.zip | |
Have fixed the handshake problem, now handshakes take place in the
read/write methods. As well, I have changed the configuration
properties to be under the Ice.Security.* branch of properties. I have
added a new configuration property having to do with the timeout value
for the first read after the handshake has completed - the default
value should be sufficient, but in case it is not, this is a tweak that
is avaliable.
Diffstat (limited to 'cpp/src/Ice/SslSystemOpenSSL.cpp')
| -rw-r--r-- | cpp/src/Ice/SslSystemOpenSSL.cpp | 84 |
1 files changed, 29 insertions, 55 deletions
diff --git a/cpp/src/Ice/SslSystemOpenSSL.cpp b/cpp/src/Ice/SslSystemOpenSSL.cpp index 1bac81e1e63..5da6270aa8f 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.cpp +++ b/cpp/src/Ice/SslSystemOpenSSL.cpp @@ -279,7 +279,6 @@ verifyCallback(int ok, X509_STORE_CTX *ctx) }
// Only if ICE_PROTOCOL level logging is on do we worry about this.
-// if (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
if (ICE_SECURITY_LEVEL_PROTOCOL_GLOBAL)
{
char buf[256];
@@ -426,7 +425,7 @@ bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
{
- outStringStream << "PTC ";
+ outStringStream << "PTC Thread(" << dec << GETTHREADID << ") ";
outStringStream << "read from " << hex << (void *)bio << " [" << hex << (void *)argp;
outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x";
outStringStream << hex << ret << "))";
@@ -434,7 +433,7 @@ bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) }
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
{
- outStringStream << "PTC ";
+ outStringStream << "PTC Thread(" << dec << GETTHREADID << ") ";
outStringStream << "write to " << hex << (void *)bio << " [" << hex << (void *)argp;
outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x";
outStringStream << hex << ret << "))";
@@ -518,29 +517,7 @@ IceSecurity::Ssl::OpenSSL::System::createServerConnection(int socket) Connection* connection = new ServerConnection(sslConnection, _systemID);
- connection->setTrace(_traceLevels);
- connection->setLogger(_logger);
-
- continueInit:
- try
- {
- while (!connection->init()) { }
- }
- catch (const TimeoutException&)
- {
- // Ignore, this might happen a lot during handshake.
- goto continueInit;
- }
- catch (...)
- {
- if (connection != 0)
- {
- delete connection;
- connection = 0;
- }
-
- throw;
- }
+ commonConnectionSetup(connection);
ICE_METHOD_RET("OpenSSL::System::createServerConnection()");
@@ -571,29 +548,7 @@ IceSecurity::Ssl::OpenSSL::System::createClientConnection(int socket) Connection* connection = new ClientConnection(sslConnection, _systemID);
- connection->setTrace(_traceLevels);
- connection->setLogger(_logger);
-
- continueInit:
- try
- {
- while (!connection->init()) { }
- }
- catch (const TimeoutException&)
- {
- // Ignore, this might happen a lot during handshake.
- goto continueInit;
- }
- catch (...)
- {
- if (connection != 0)
- {
- delete connection;
- connection = 0;
- }
-
- throw;
- }
+ commonConnectionSetup(connection);
ICE_METHOD_RET("OpenSSL::System::createClientConnection()");
@@ -663,14 +618,10 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() _globalLogger = _logger;
}
- // TODO: Get the Path and File properly here.
- string configFile = _properties->getProperty("Ice.Ssl.Config");
- string certificatePath = _properties->getProperty("Ice.Ssl.CertPath");
+ string configFile = _properties->getProperty("Ice.Security.Ssl.Config");
+ string certificatePath = _properties->getProperty("Ice.Security.Ssl.CertPath");
Parser sslConfig(configFile, certificatePath);
- // const string& systemID = getSystemID();
- // Parser sslConfig(systemID);
-
sslConfig.setTrace(_traceLevels);
sslConfig.setLogger(_logger);
@@ -1239,6 +1190,29 @@ IceSecurity::Ssl::OpenSSL::System::sslGetErrors() return errorMessage;
}
+void
+IceSecurity::Ssl::OpenSSL::System::commonConnectionSetup(Connection* connection)
+{
+ connection->setTrace(_traceLevels);
+ connection->setLogger(_logger);
+
+ // Set the Post-Hanshake Read timeout
+ // This timeout is implemented once on the first read after hanshake.
+ int handshakeReadTimeout;
+ string value = _properties->getProperty("Ice.Security.Ssl.Handshake.ReadTimeout");
+
+ if (!value.empty())
+ {
+ const_cast<int&>(handshakeReadTimeout) = atoi(value.c_str());
+ }
+ else
+ {
+ handshakeReadTimeout = 10000;
+ }
+
+ connection->setHandshakeReadTimeout(handshakeReadTimeout);
+}
+
SSL*
IceSecurity::Ssl::OpenSSL::System::createConnection(SSL_CTX* sslContext, int socket)
{
|