diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2009-10-21 17:02:37 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2009-10-21 17:02:37 +0200 |
| commit | a80b3c8cbb203c78b061e99e1a764685af4a93e9 (patch) | |
| tree | 5448b1dd66499b8fc9e46c618aa65b6687855946 /cpp/src/IceSSL/Instance.cpp | |
| parent | Bug 4311 - change Ice::Service::start signature (diff) | |
| download | ice-a80b3c8cbb203c78b061e99e1a764685af4a93e9.tar.bz2 ice-a80b3c8cbb203c78b061e99e1a764685af4a93e9.tar.xz ice-a80b3c8cbb203c78b061e99e1a764685af4a93e9.zip | |
- Removed old IceSSL::ConnectionInfo struct, it's now replaced with
IceSSL::NativeConnectionInfo.
- Removed Ice::ConnectionInfo endpoint attribute.
- Added Ice::Connection::getEndpoint() method.
- Added Ice::ConnectionInfo adapterName and incoming attributes.
- Replaced Tcp and Udp prefixes with TCP and UDP in endpoint/info classes.
- Added IPEndpointInfo and IPConnectionInfo intermediate classes.
- Fixed 2058: deprecate ice_hash for Ice.Object & Ice.LocalObject, added ice_getHash
- Fixed bug where Ice::Endpoint comparison would only compare the endpoint object addresses rather than the endpoint attributes like in Java and C#.
- Added ice_getHash implementation for endpoints and cleaned up Reference::hash to use HashUtil.h helper methods.
- Added test/Ice/info and removed endpoint info test from test/Ice/proxy.
Diffstat (limited to 'cpp/src/IceSSL/Instance.cpp')
| -rw-r--r-- | cpp/src/IceSSL/Instance.cpp | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/Instance.cpp index 03bb4010062..66f148da791 100644 --- a/cpp/src/IceSSL/Instance.cpp +++ b/cpp/src/IceSSL/Instance.cpp @@ -783,7 +783,7 @@ IceSSL::Instance::securityTraceCategory() const } void -IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const string& adapterName, bool incoming) +IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const NativeConnectionInfoPtr& info) { long result = SSL_get_verify_result(ssl); if(result != X509_V_OK) @@ -935,13 +935,11 @@ IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const s } } - ConnectionInfo info = populateConnectionInfo(ssl, fd, adapterName, incoming); - - if(_verifyDepthMax > 0 && static_cast<int>(info.certs.size()) > _verifyDepthMax) + if(_verifyDepthMax > 0 && static_cast<int>(info->certs.size()) > _verifyDepthMax) { ostringstream ostr; - ostr << (incoming ? "incoming" : "outgoing") << " connection rejected:\n" - << "length of peer's certificate chain (" << info.certs.size() << ") exceeds maximum of " + ostr << (info->incoming ? "incoming" : "outgoing") << " connection rejected:\n" + << "length of peer's certificate chain (" << info->certs.size() << ") exceeds maximum of " << _verifyDepthMax; string msg = ostr.str(); if(_securityTraceLevel >= 1) @@ -955,7 +953,7 @@ IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const s if(!_trustManager->verify(info)) { - string msg = string(incoming ? "incoming" : "outgoing") + " connection rejected by trust manager"; + string msg = string(info->incoming ? "incoming" : "outgoing") + " connection rejected by trust manager"; if(_securityTraceLevel >= 1) { _logger->trace(_securityTraceCategory, msg + "\n" + IceInternal::fdToString(fd)); @@ -967,7 +965,7 @@ IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const s if(_verifier && !_verifier->verify(info)) { - string msg = string(incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier"; + string msg = string(info->incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier"; if(_securityTraceLevel >= 1) { _logger->trace(_securityTraceCategory, msg + "\n" + IceInternal::fdToString(fd)); |