schannel getNativeInfo fix

author: Jose <jose@zeroc.com> 2014-11-25 11:14:08 +0100
committer: Jose <jose@zeroc.com> 2014-11-25 11:14:08 +0100
commit: 31e20b4bb529d285760e8a2354f5a5599b10af59 (patch)
tree: e6cd6e4843db9be1c9de589985f992951a62bf54 /cpp/src/IceSSL/SChannelTransceiverI.cpp
parent: Ubuntu distribution fixes (diff)
download: ice-31e20b4bb529d285760e8a2354f5a5599b10af59.tar.bz2
ice-31e20b4bb529d285760e8a2354f5a5599b10af59.tar.xz
ice-31e20b4bb529d285760e8a2354f5a5599b10af59.zip
1 files changed, 16 insertions, 4 deletions
diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/IceSSL/SChannelTransceiverI.cpp
index 4969a0fc5fc..b1931f7be3e 100644
--- a/cpp/src/IceSSL/SChannelTransceiverI.cpp
+++ b/cpp/src/IceSSL/SChannelTransceiverI.cpp
@@ -651,9 +651,8 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
 
         if(!cert && (!_incoming || _engine->getVerifyPeer() == 2))
         {
-            // Clients require server certificate if VerifyPeer>0
-            // and servers require client certificate if
-            // VerifyPeer=2
+            // Clients require server certificate if VerifyPeer > 0
+            // and servers require client certificate if VerifyPeer == 2
             throw ProtocolException(__FILE__, __LINE__, "IceSSL: certificate required:" +
                                     IceUtilInternal::lastErrorToString());
         }
@@ -761,11 +760,13 @@ IceSSL::TransceiverI::close()
     if(_sslInitialized)
     {
         DeleteSecurityContext(&_ssl);
+        _sslInitialized = false;
     }
 
     if(_credentialsInitialized)
     {
         FreeCredentialsHandle(&_credentials);
+        _credentialsInitialized = false;
     }
 
     _stream->close();
@@ -987,6 +988,7 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const
         SECURITY_STATUS err = QueryContextAttributes(ssl, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &cert);
         if(err == SEC_E_OK)
         {
+            assert(cert);
             CERT_CHAIN_PARA chainP;
             memset(&chainP, 0, sizeof(chainP));
             chainP.cbSize = sizeof(chainP);
@@ -1017,14 +1019,24 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const
                 }
                 CertFreeCertificateChain(certChain);
             }
+            CertFreeCertificateContext(cert);
+        }
+        else if(err != SEC_E_NO_CREDENTIALS)
+        {
+            throw SecurityException(__FILE__, __LINE__, "IceSSL: error reading peer certificate:" +
+                                    IceUtilInternal::lastErrorToString());
         }
-        CertFreeCertificateContext(cert);
 
         SecPkgContext_ConnectionInfo connInfo;
         if(QueryContextAttributes(ssl, SECPKG_ATTR_CONNECTION_INFO, &connInfo) == SEC_E_OK)
         {
             info->cipher = _engine->getCipherName(connInfo.aiCipher);
         }
+        else
+        {
+            throw SecurityException(__FILE__, __LINE__, "IceSSL: error reading cipher info:" +
+                                    IceUtilInternal::lastErrorToString());
+        }
     }
 
     info->adapterName = _adapterName;
author	Jose <jose@zeroc.com>	2014-11-25 11:14:08 +0100
committer	Jose <jose@zeroc.com>	2014-11-25 11:14:08 +0100
commit	31e20b4bb529d285760e8a2354f5a5599b10af59 (patch)
tree	e6cd6e4843db9be1c9de589985f992951a62bf54 /cpp/src/IceSSL/SChannelTransceiverI.cpp
parent	Ubuntu distribution fixes (diff)
download	ice-31e20b4bb529d285760e8a2354f5a5599b10af59.tar.bz2 ice-31e20b4bb529d285760e8a2354f5a5599b10af59.tar.xz ice-31e20b4bb529d285760e8a2354f5a5599b10af59.zip