summaryrefslogtreecommitdiff
path: root/cpp/src/IceSSL
diff options
context:
space:
mode:
authorBenoit Foucher <benoit@zeroc.com>2019-01-28 17:32:46 +0100
committerBenoit Foucher <benoit@zeroc.com>2019-01-28 17:43:31 +0100
commitdbd205f95d185c3f5c8096bc0ae4f4b93c30dfc9 (patch)
treedc54ea7e9e2fd221e60061e4d2fcde183b8b4b35 /cpp/src/IceSSL
parentSupport icessl openssl with Visual Studio 2017 (diff)
downloadice-dbd205f95d185c3f5c8096bc0ae4f4b93c30dfc9.tar.bz2
ice-dbd205f95d185c3f5c8096bc0ae4f4b93c30dfc9.tar.xz
ice-dbd205f95d185c3f5c8096bc0ae4f4b93c30dfc9.zip
Better SSL support for underlying transports that don't provide a socket file descriptor
Diffstat (limited to 'cpp/src/IceSSL')
-rw-r--r--cpp/src/IceSSL/OpenSSLTransceiverI.cpp256
-rw-r--r--cpp/src/IceSSL/OpenSSLTransceiverI.h6
-rw-r--r--cpp/src/IceSSL/SChannelTransceiverI.cpp48
-rw-r--r--cpp/src/IceSSL/SChannelTransceiverI.h2
-rw-r--r--cpp/src/IceSSL/SecureTransportTransceiverI.cpp13
5 files changed, 165 insertions, 160 deletions
diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp
index 9c0b260d9ac..9de9a9f53ea 100644
--- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp
+++ b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp
@@ -94,30 +94,35 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
if(!_ssl)
{
SOCKET fd = _delegate->getNativeInfo()->fd();
- if(fd == INVALID_SOCKET)
- {
- //
- // The delegate has finished its initialization but may not have a file descriptor yet (e.g., Bluetooth).
- // The underlying transport must (eventually) be socket-based.
- //
- return IceInternal::SocketOperationRead;
- }
-
-#ifdef ICE_USE_IOCP
+ BIO* bio = 0;
+ #ifdef ICE_USE_IOCP
_maxSendPacketSize = std::max(512, IceInternal::getSendBufferSize(fd));
_maxRecvPacketSize = std::max(512, IceInternal::getRecvBufferSize(fd));
- BIO* bio;
_sentBytes = 0;
- if(!BIO_new_bio_pair(&bio, _maxSendPacketSize, &_iocpBio, _maxRecvPacketSize))
+ if(!BIO_new_bio_pair(&bio, _maxSendPacketSize, &_memBio, _maxRecvPacketSize))
{
bio = 0;
- _iocpBio = 0;
+ _memBio = 0;
}
#else
- //
- // This static_cast is necessary due to 64bit windows. There SOCKET is a non-int type.
- //
- BIO* bio = BIO_new_socket(static_cast<int>(fd), 0);
+ if(fd == INVALID_SOCKET)
+ {
+ assert(_sentBytes == 0);
+ _maxSendPacketSize = 128 * 1024; // 128KB
+ _maxRecvPacketSize = 128 * 1024; // 128KB
+ if(!BIO_new_bio_pair(&bio, _maxSendPacketSize, &_memBio, _maxRecvPacketSize))
+ {
+ bio = 0;
+ _memBio = 0;
+ }
+ }
+ else
+ {
+ //
+ // This static_cast is necessary due to 64bit windows. There SOCKET is a non-int type.
+ //
+ bio = BIO_new_socket(static_cast<int>(fd), 0);
+ }
#endif
if(!bio)
@@ -129,10 +134,11 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
if(!_ssl)
{
BIO_free(bio);
-#ifdef ICE_USE_IOCP
- BIO_free(_iocpBio);
- _iocpBio = 0;
-#endif
+ if(_memBio)
+ {
+ BIO_free(_memBio);
+ _memBio = 0;
+ }
throw SecurityException(__FILE__, __LINE__, "openssl failure");
}
SSL_set_bio(_ssl, bio, bio);
@@ -208,8 +214,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
sync.release();
#endif
-#ifdef ICE_USE_IOCP
- if(BIO_ctrl_pending(_iocpBio))
+ if(_memBio && BIO_ctrl_pending(_memBio))
{
if(!send())
{
@@ -217,7 +222,6 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
}
continue;
}
-#endif
if(ret <= 0)
{
@@ -234,51 +238,48 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
}
case SSL_ERROR_WANT_READ:
{
-#ifdef ICE_USE_IOCP
- if(receive())
+ if(_memBio && receive())
{
continue;
}
-#endif
return IceInternal::SocketOperationRead;
}
case SSL_ERROR_WANT_WRITE:
{
-#ifdef ICE_USE_IOCP
- if(send())
+ if(_memBio && send())
{
continue;
}
-#endif
return IceInternal::SocketOperationWrite;
}
case SSL_ERROR_SYSCALL:
{
-#ifndef ICE_USE_IOCP
- if(IceInternal::interrupted())
+ if(!_memBio)
{
- break;
- }
-
- if(IceInternal::wouldBlock())
- {
- if(SSL_want_read(_ssl))
+ if(IceInternal::interrupted())
{
- return IceInternal::SocketOperationRead;
+ break;
}
- else if(SSL_want_write(_ssl))
+
+ if(IceInternal::wouldBlock())
{
- return IceInternal::SocketOperationWrite;
+ if(SSL_want_read(_ssl))
+ {
+ return IceInternal::SocketOperationRead;
+ }
+ else if(SSL_want_write(_ssl))
+ {
+ return IceInternal::SocketOperationWrite;
+ }
+
+ break;
}
- break;
- }
-
- if(IceInternal::connectionLost() || IceInternal::getSocketErrno() == 0)
- {
- throw ConnectionLostException(__FILE__, __LINE__, IceInternal::getSocketErrno());
+ if(IceInternal::connectionLost() || IceInternal::getSocketErrno() == 0)
+ {
+ throw ConnectionLostException(__FILE__, __LINE__, IceInternal::getSocketErrno());
+ }
}
-#endif
throw SocketException(__FILE__, __LINE__, IceInternal::getSocketErrno());
}
case SSL_ERROR_SSL:
@@ -377,13 +378,11 @@ OpenSSL::TransceiverI::close()
_ssl = 0;
}
-#ifdef ICE_USE_IOCP
- if(_iocpBio)
+ if(_memBio)
{
- BIO_free(_iocpBio);
- _iocpBio = 0;
+ BIO_free(_memBio);
+ _memBio = 0;
}
-#endif
_delegate->close();
}
@@ -396,15 +395,13 @@ OpenSSL::TransceiverI::write(IceInternal::Buffer& buf)
return _delegate->write(buf);
}
-#ifdef ICE_USE_IOCP
- if(_writeBuffer.i != _writeBuffer.b.end())
+ if(_memBio && _writeBuffer.i != _writeBuffer.b.end())
{
if(!send())
{
return IceInternal::SocketOperationWrite;
}
}
-#endif
if(buf.i == buf.b.end())
{
@@ -414,37 +411,39 @@ OpenSSL::TransceiverI::write(IceInternal::Buffer& buf)
//
// It's impossible for packetSize to be more than an Int.
//
- int packetSize =
-#ifdef ICE_USE_IOCP
- std::min(static_cast<int>(_maxSendPacketSize), static_cast<int>(buf.b.end() - buf.i));
-#else
+ int packetSize = _memBio ?
+ std::min(static_cast<int>(_maxSendPacketSize), static_cast<int>(buf.b.end() - buf.i)) :
static_cast<int>(buf.b.end() - buf.i);
-#endif
+
while(buf.i != buf.b.end())
{
ERR_clear_error(); // Clear any spurious errors.
-#ifdef ICE_USE_IOCP
int ret;
- if(_sentBytes)
+ if(_memBio)
{
- ret = _sentBytes;
- _sentBytes = 0;
- }
- else
- {
- ret = SSL_write(_ssl, reinterpret_cast<const void*>(&*buf.i), packetSize);
- if(ret > 0)
+ if(_sentBytes)
{
- if(!send())
+ ret = _sentBytes;
+ _sentBytes = 0;
+ }
+ else
+ {
+ ret = SSL_write(_ssl, reinterpret_cast<const void*>(&*buf.i), packetSize);
+ if(ret > 0)
{
- _sentBytes = ret;
- return IceInternal::SocketOperationWrite;
+ if(!send())
+ {
+ _sentBytes = ret;
+ return IceInternal::SocketOperationWrite;
+ }
}
}
}
-#else
- int ret = SSL_write(_ssl, reinterpret_cast<const void*>(&*buf.i), packetSize);
-#endif
+ else
+ {
+ ret = SSL_write(_ssl, reinterpret_cast<const void*>(&*buf.i), packetSize);
+ }
+
if(ret <= 0)
{
switch(SSL_get_error(_ssl, ret))
@@ -463,35 +462,34 @@ OpenSSL::TransceiverI::write(IceInternal::Buffer& buf)
}
case SSL_ERROR_WANT_WRITE:
{
-#ifdef ICE_USE_IOCP
- if(send())
+ if(_memBio && send())
{
continue;
}
-#endif
return IceInternal::SocketOperationWrite;
}
case SSL_ERROR_SYSCALL:
{
-#ifndef ICE_USE_IOCP
-
- if(IceInternal::interrupted())
+ if(!_memBio)
{
- continue;
- }
+ if(IceInternal::interrupted())
+ {
+ continue;
+ }
- if(IceInternal::noBuffers() && packetSize > 1024)
- {
- packetSize /= 2;
- continue;
- }
+ if(IceInternal::noBuffers() && packetSize > 1024)
+ {
+ packetSize /= 2;
+ continue;
+ }
- if(IceInternal::wouldBlock())
- {
- assert(SSL_want_write(_ssl));
- return IceInternal::SocketOperationWrite;
+ if(IceInternal::wouldBlock())
+ {
+ assert(SSL_want_write(_ssl));
+ return IceInternal::SocketOperationWrite;
+ }
}
-#endif
+
if(IceInternal::connectionLost() || IceInternal::getSocketErrno() == 0)
{
throw ConnectionLostException(__FILE__, __LINE__, IceInternal::getSocketErrno());
@@ -527,15 +525,13 @@ OpenSSL::TransceiverI::read(IceInternal::Buffer& buf)
return _delegate->read(buf);
}
-#ifdef ICE_USE_IOCP
- if(_readBuffer.i != _readBuffer.b.end())
+ if(_memBio && _readBuffer.i != _readBuffer.b.end())
{
if(!receive())
{
return IceInternal::SocketOperationRead;
}
}
-#endif
//
// Note: We assume that OpenSSL doesn't read more SSL records than
@@ -573,12 +569,10 @@ OpenSSL::TransceiverI::read(IceInternal::Buffer& buf)
}
case SSL_ERROR_WANT_READ:
{
-#ifdef ICE_USE_IOCP
- if(receive())
+ if(_memBio && receive())
{
continue;
}
-#endif
return IceInternal::SocketOperationRead;
}
case SSL_ERROR_WANT_WRITE:
@@ -588,24 +582,26 @@ OpenSSL::TransceiverI::read(IceInternal::Buffer& buf)
}
case SSL_ERROR_SYSCALL:
{
-#ifndef ICE_USE_IOCP
- if(IceInternal::interrupted())
+ if(!_memBio)
{
- continue;
- }
+ if(IceInternal::interrupted())
+ {
+ continue;
+ }
- if(IceInternal::noBuffers() && packetSize > 1024)
- {
- packetSize /= 2;
- continue;
- }
+ if(IceInternal::noBuffers() && packetSize > 1024)
+ {
+ packetSize /= 2;
+ continue;
+ }
- if(IceInternal::wouldBlock())
- {
- assert(SSL_want_read(_ssl));
- return IceInternal::SocketOperationRead;
+ if(IceInternal::wouldBlock())
+ {
+ assert(SSL_want_read(_ssl));
+ return IceInternal::SocketOperationRead;
+ }
}
-#endif
+
if(IceInternal::connectionLost() || IceInternal::getSocketErrno() == 0)
{
throw ConnectionLostException(__FILE__, __LINE__, IceInternal::getSocketErrno());
@@ -655,10 +651,10 @@ OpenSSL::TransceiverI::startWrite(IceInternal::Buffer& buffer)
int packetSize = std::min(static_cast<int>(_maxSendPacketSize), static_cast<int>(buffer.b.end() - buffer.i));
_sentBytes = SSL_write(_ssl, reinterpret_cast<void*>(&*buffer.i), packetSize);
- assert(BIO_ctrl_pending(_iocpBio));
- _writeBuffer.b.resize( BIO_ctrl_pending(_iocpBio));
+ assert(BIO_ctrl_pending(_memBio));
+ _writeBuffer.b.resize( BIO_ctrl_pending(_memBio));
_writeBuffer.i = _writeBuffer.b.begin();
- BIO_read(_iocpBio, _writeBuffer.i, static_cast<int>(_writeBuffer.b.size()));
+ BIO_read(_memBio, _writeBuffer.i, static_cast<int>(_writeBuffer.b.size()));
}
return _delegate->startWrite(_writeBuffer) && buffer.i == buffer.b.end();
@@ -700,8 +696,8 @@ OpenSSL::TransceiverI::startRead(IceInternal::Buffer& buffer)
SSL_read(_ssl, reinterpret_cast<void*>(&*buffer.i), static_cast<int>(buffer.b.end() - buffer.i));
assert(ret <= 0 && SSL_get_error(_ssl, ret) == SSL_ERROR_WANT_READ);
- assert(BIO_ctrl_get_read_request(_iocpBio));
- _readBuffer.b.resize(BIO_ctrl_get_read_request(_iocpBio));
+ assert(BIO_ctrl_get_read_request(_memBio));
+ _readBuffer.b.resize(BIO_ctrl_get_read_request(_memBio));
_readBuffer.i = _readBuffer.b.begin();
}
@@ -722,7 +718,7 @@ OpenSSL::TransceiverI::finishRead(IceInternal::Buffer& buffer)
_delegate->finishRead(_readBuffer);
if(_readBuffer.i == _readBuffer.b.end())
{
- int n = BIO_write(_iocpBio, _readBuffer.b.begin(), static_cast<int>(_readBuffer.b.size()));
+ int n = BIO_write(_memBio, _readBuffer.b.begin(), static_cast<int>(_readBuffer.b.size()));
if(n < 0) // Expected if the transceiver was closed.
{
throw SecurityException(__FILE__, __LINE__, "SSL bio write failed");
@@ -872,13 +868,11 @@ OpenSSL::TransceiverI::TransceiverI(const InstancePtr& instance,
_delegate(delegate),
_connected(false),
_verified(false),
- _ssl(0)
-#ifdef ICE_USE_IOCP
- , _iocpBio(0),
+ _ssl(0),
+ _memBio(0),
_sentBytes(0),
_maxSendPacketSize(0),
_maxRecvPacketSize(0)
-#endif
{
}
@@ -886,14 +880,13 @@ OpenSSL::TransceiverI::~TransceiverI()
{
}
-#ifdef ICE_USE_IOCP
bool
OpenSSL::TransceiverI::receive()
{
if(_readBuffer.i == _readBuffer.b.end())
{
- assert(BIO_ctrl_get_read_request(_iocpBio));
- _readBuffer.b.resize(BIO_ctrl_get_read_request(_iocpBio));
+ assert(BIO_ctrl_get_read_request(_memBio));
+ _readBuffer.b.resize(BIO_ctrl_get_read_request(_memBio));
_readBuffer.i = _readBuffer.b.begin();
}
@@ -910,7 +903,7 @@ OpenSSL::TransceiverI::receive()
#ifndef NDEBUG
int n =
#endif
- BIO_write(_iocpBio, &_readBuffer.b[0], static_cast<int>(_readBuffer.b.end() - _readBuffer.b.begin()));
+ BIO_write(_memBio, &_readBuffer.b[0], static_cast<int>(_readBuffer.b.end() - _readBuffer.b.begin()));
assert(n == static_cast<int>(_readBuffer.b.end() - _readBuffer.b.begin()));
@@ -922,10 +915,10 @@ OpenSSL::TransceiverI::send()
{
if(_writeBuffer.i == _writeBuffer.b.end())
{
- assert(BIO_ctrl_pending(_iocpBio));
- _writeBuffer.b.resize( BIO_ctrl_pending(_iocpBio));
+ assert(BIO_ctrl_pending(_memBio));
+ _writeBuffer.b.resize( BIO_ctrl_pending(_memBio));
_writeBuffer.i = _writeBuffer.b.begin();
- BIO_read(_iocpBio, _writeBuffer.i, static_cast<int>(_writeBuffer.b.size()));
+ BIO_read(_memBio, _writeBuffer.i, static_cast<int>(_writeBuffer.b.size()));
}
if(_writeBuffer.i != _writeBuffer.b.end())
@@ -937,4 +930,3 @@ OpenSSL::TransceiverI::send()
}
return _writeBuffer.i == _writeBuffer.b.end();
}
-#endif
diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.h b/cpp/src/IceSSL/OpenSSLTransceiverI.h
index 94ad07f802a..62afc012367 100644
--- a/cpp/src/IceSSL/OpenSSLTransceiverI.h
+++ b/cpp/src/IceSSL/OpenSSLTransceiverI.h
@@ -56,10 +56,8 @@ private:
TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool);
virtual ~TransceiverI();
-#ifdef ICE_USE_IOCP
bool receive();
bool send();
-#endif
friend class IceSSL::OpenSSL::SSLEngine;
@@ -75,14 +73,12 @@ private:
bool _verified;
SSL* _ssl;
-#ifdef ICE_USE_IOCP
- BIO* _iocpBio;
+ BIO* _memBio;
IceInternal::Buffer _writeBuffer;
IceInternal::Buffer _readBuffer;
int _sentBytes;
size_t _maxSendPacketSize;
size_t _maxRecvPacketSize;
-#endif
};
typedef IceUtil::Handle<TransceiverI> TransceiverIPtr;
diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/IceSSL/SChannelTransceiverI.cpp
index 8ffd5aac553..eea97189df1 100644
--- a/cpp/src/IceSSL/SChannelTransceiverI.cpp
+++ b/cpp/src/IceSSL/SChannelTransceiverI.cpp
@@ -229,9 +229,9 @@ SChannel::TransceiverI::sslHandshake()
}
SECURITY_STATUS err = SEC_E_OK;
- DWORD ctxFlags = 0;
if(_state == StateHandshakeNotStarted)
{
+ _ctxFlags = 0;
_readBuffer.b.resize(2048);
_readBuffer.i = _readBuffer.b.begin();
_credentials = _engine->newCredentialsHandle(_incoming);
@@ -243,7 +243,7 @@ SChannel::TransceiverI::sslHandshake()
SecBufferDesc outBufferDesc = { SECBUFFER_VERSION, 1, &outBuffer };
err = InitializeSecurityContext(&_credentials, 0, const_cast<char *>(_host.c_str()), flags, 0, 0, 0, 0,
- &_ssl, &outBufferDesc, &ctxFlags, 0);
+ &_ssl, &outBufferDesc, &_ctxFlags, 0);
if(err != SEC_E_OK && err != SEC_I_CONTINUE_NEEDED)
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + secStatusToString(err));
@@ -291,7 +291,7 @@ SChannel::TransceiverI::sslHandshake()
if(_incoming)
{
err = AcceptSecurityContext(&_credentials, (_sslInitialized ? &_ssl : 0), &inBufferDesc, flags, 0,
- &_ssl, &outBufferDesc, &ctxFlags, 0);
+ &_ssl, &outBufferDesc, &_ctxFlags, 0);
if(err == SEC_I_CONTINUE_NEEDED || err == SEC_E_OK)
{
_sslInitialized = true;
@@ -300,7 +300,7 @@ SChannel::TransceiverI::sslHandshake()
else
{
err = InitializeSecurityContext(&_credentials, &_ssl, const_cast<char*>(_host.c_str()), flags, 0, 0,
- &inBufferDesc, 0, 0, &outBufferDesc, &ctxFlags, 0);
+ &inBufferDesc, 0, 0, &outBufferDesc, &_ctxFlags, 0);
}
//
@@ -349,7 +349,14 @@ SChannel::TransceiverI::sslHandshake()
if(token->cbBuffer)
{
- _state = StateHandshakeWriteContinue; // Continue writing if we have a token.
+ if(err == SEC_E_OK)
+ {
+ _state = StateHandshakeWriteNoContinue; // Write and don't continue.
+ }
+ else
+ {
+ _state = StateHandshakeWriteContinue; // Continue writing if we have a token.
+ }
}
else if(err == SEC_E_OK)
{
@@ -359,7 +366,7 @@ SChannel::TransceiverI::sslHandshake()
// Otherwise continue either reading credentials
}
- if(_state == StateHandshakeWriteContinue)
+ if(_state == StateHandshakeWriteContinue || _state == StateHandshakeWriteNoContinue)
{
//
// Write any pending data.
@@ -368,11 +375,10 @@ SChannel::TransceiverI::sslHandshake()
{
return IceInternal::SocketOperationWrite;
}
- if(err == SEC_E_OK)
+ if(_state == StateHandshakeWriteNoContinue)
{
break; // Token is written and we weren't told to continue, so we're done!
}
- assert(err == SEC_I_CONTINUE_NEEDED);
_state = StateHandshakeReadContinue;
}
}
@@ -380,68 +386,68 @@ SChannel::TransceiverI::sslHandshake()
//
// Check if the requested capabilities are met
//
- if(flags != ctxFlags)
+ if(flags != _ctxFlags)
{
if(_incoming)
{
- if(!(ctxFlags & ASC_REQ_SEQUENCE_DETECT))
+ if(!(_ctxFlags & ASC_REQ_SEQUENCE_DETECT))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup sequence detect");
}
- if(!(ctxFlags & ASC_REQ_REPLAY_DETECT))
+ if(!(_ctxFlags & ASC_REQ_REPLAY_DETECT))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup replay detect");
}
- if(!(ctxFlags & ASC_REQ_CONFIDENTIALITY))
+ if(!(_ctxFlags & ASC_REQ_CONFIDENTIALITY))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup confidentiality");
}
- if(!(ctxFlags & ASC_REQ_EXTENDED_ERROR))
+ if(!(_ctxFlags & ASC_REQ_EXTENDED_ERROR))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup extended error");
}
- if(!(ctxFlags & ASC_REQ_ALLOCATE_MEMORY))
+ if(!(_ctxFlags & ASC_REQ_ALLOCATE_MEMORY))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup memory allocation");
}
- if(!(ctxFlags & ASC_REQ_STREAM))
+ if(!(_ctxFlags & ASC_REQ_STREAM))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup stream");
}
}
else
{
- if(!(ctxFlags & ISC_REQ_SEQUENCE_DETECT))
+ if(!(_ctxFlags & ISC_REQ_SEQUENCE_DETECT))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup sequence detect");
}
- if(!(ctxFlags & ISC_REQ_REPLAY_DETECT))
+ if(!(_ctxFlags & ISC_REQ_REPLAY_DETECT))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup replay detect");
}
- if(!(ctxFlags & ISC_REQ_CONFIDENTIALITY))
+ if(!(_ctxFlags & ISC_REQ_CONFIDENTIALITY))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup confidentiality");
}
- if(!(ctxFlags & ISC_REQ_EXTENDED_ERROR))
+ if(!(_ctxFlags & ISC_REQ_EXTENDED_ERROR))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup extended error");
}
- if(!(ctxFlags & ISC_REQ_ALLOCATE_MEMORY))
+ if(!(_ctxFlags & ISC_REQ_ALLOCATE_MEMORY))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup memory allocation");
}
- if(!(ctxFlags & ISC_REQ_STREAM))
+ if(!(_ctxFlags & ISC_REQ_STREAM))
{
throw SecurityException(__FILE__, __LINE__, "IceSSL: SChannel failed to setup stream");
}
diff --git a/cpp/src/IceSSL/SChannelTransceiverI.h b/cpp/src/IceSSL/SChannelTransceiverI.h
index f21fd1ac205..a82e7355c97 100644
--- a/cpp/src/IceSSL/SChannelTransceiverI.h
+++ b/cpp/src/IceSSL/SChannelTransceiverI.h
@@ -83,6 +83,7 @@ private:
StateHandshakeNotStarted,
StateHandshakeReadContinue,
StateHandshakeWriteContinue,
+ StateHandshakeWriteNoContinue,
StateHandshakeComplete
};
@@ -93,6 +94,7 @@ private:
const bool _incoming;
const IceInternal::TransceiverPtr _delegate;
State _state;
+ DWORD _ctxFlags;
//
// Buffered encrypted data that has not been written.
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
index cc168b0ab94..739e218a91a 100644
--- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
+++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
@@ -210,8 +210,17 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe
// Limit the size of packets passed to SSLWrite/SSLRead to avoid
// blocking and holding too much memory.
//
- _maxSendPacketSize = std::max(512, IceInternal::getSendBufferSize(_delegate->getNativeInfo()->fd()));
- _maxRecvPacketSize = std::max(512, IceInternal::getRecvBufferSize(_delegate->getNativeInfo()->fd()));
+ if(_delegate->getNativeInfo()->fd() != INVALID_SOCKET)
+ {
+ _maxSendPacketSize = std::max(512, IceInternal::getSendBufferSize(_delegate->getNativeInfo()->fd()));
+ _maxRecvPacketSize = std::max(512, IceInternal::getRecvBufferSize(_delegate->getNativeInfo()->fd()));
+ }
+ else
+ {
+ _maxSendPacketSize = 128 * 1024; // 128KB
+ _maxRecvPacketSize = 128 * 1024; // 128KB
+ }
+
OSStatus err = 0;
if(!_ssl)
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 20:29:29 +0000