diff options
| author | Anthony Neal <aneal@zeroc.com> | 2002-09-11 12:33:02 +0000 |
|---|---|---|
| committer | Anthony Neal <aneal@zeroc.com> | 2002-09-11 12:33:02 +0000 |
| commit | 22056550f5f34cc2ee1cd28a23fd40545c566c4b (patch) | |
| tree | dcd27d328d2e11f09924a407cc5fb08dfac32d8d /cpp | |
| parent | fixed retry bug (diff) | |
| download | ice-22056550f5f34cc2ee1cd28a23fd40545c566c4b.tar.bz2 ice-22056550f5f34cc2ee1cd28a23fd40545c566c4b.tar.xz ice-22056550f5f34cc2ee1cd28a23fd40545c566c4b.zip | |
Removed the Connection classes, added the new SslTransceiver hierarchy,
cleaned up a lot of code.
Diffstat (limited to 'cpp')
29 files changed, 1598 insertions, 1847 deletions
diff --git a/cpp/src/IceSSL/.depend b/cpp/src/IceSSL/.depend index a2119d0e71c..1a0bd69a44b 100644 --- a/cpp/src/IceSSL/.depend +++ b/cpp/src/IceSSL/.depend @@ -1,24 +1,22 @@ Plugin.o: Plugin.cpp ../../include/IceSSL/Plugin.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/Stream.h Exception.o: Exception.cpp ../../include/IceSSL/Exception.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h -PluginBaseI.o: PluginBaseI.cpp ../../include/Ice/ProtocolPluginFacade.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/EndpointFactoryF.h ../../include/Ice/InstanceF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../IceSSL/PluginBaseI.h ../../include/IceSSL/Plugin.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../IceSSL/TraceLevels.h -OpenSSLPluginI.o: OpenSSLPluginI.cpp ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../../include/IceUtil/RecMutex.h ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Properties.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/EndpointFactoryF.h ../IceSSL/OpenSSLPluginI.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../IceSSL/SslConnectionOpenSSLF.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ContextOpenSSLClient.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/DHParamsF.h ../../include/IceSSL/Exception.h ../IceSSL/ConfigParser.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/OpenSSLUtils.h ../IceSSL/SslConnectionOpenSSL.h ../IceSSL/SslConnection.h ../IceSSL/DefaultCertificateVerifier.h ../IceSSL/SingleCertificateVerifier.h ../IceSSL/SslEndpoint.h ../Ice/Endpoint.h ../Ice/TransceiverF.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../IceSSL/TraceLevels.h ../../include/IceSSL/RSAPrivateKey.h ../IceSSL/DHParams.h -SslEndpoint.o: SslEndpoint.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LocalException.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/EndpointFactoryF.h ../IceSSL/SslEndpoint.h ../Ice/Endpoint.h ../../include/Ice/EndpointF.h ../Ice/TransceiverF.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslAcceptor.h ../Ice/Acceptor.h ../IceSSL/SslConnector.h ../Ice/Connector.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h +PluginBaseI.o: PluginBaseI.cpp ../../include/Ice/ProtocolPluginFacade.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/EndpointFactoryF.h ../../include/Ice/InstanceF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../IceSSL/PluginBaseI.h ../../include/IceSSL/Plugin.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/TraceLevels.h +OpenSSLPluginI.o: OpenSSLPluginI.cpp ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../../include/IceUtil/RecMutex.h ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Properties.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/EndpointFactoryF.h ../IceSSL/OpenSSLPluginI.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ContextOpenSSLClient.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/DHParamsF.h ../../include/IceSSL/Exception.h ../IceSSL/ConfigParser.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/OpenSSLUtils.h ../IceSSL/DefaultCertificateVerifier.h ../IceSSL/SingleCertificateVerifier.h ../IceSSL/SslEndpoint.h ../Ice/Endpoint.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../IceSSL/TraceLevels.h ../../include/IceSSL/RSAPrivateKey.h ../IceSSL/DHParams.h +SslEndpoint.o: SslEndpoint.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LocalException.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/EndpointFactoryF.h ../IceSSL/SslEndpoint.h ../Ice/Endpoint.h ../../include/Ice/EndpointF.h ../Ice/TransceiverF.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/SslAcceptor.h ../Ice/Acceptor.h ../IceSSL/SslConnector.h ../Ice/Connector.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h SslException.o: SslException.cpp ../../include/Ice/LocalException.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/IceSSL/Exception.h -SslConnector.o: SslConnector.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/Network.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslConnector.h ../Ice/TransceiverF.h ../Ice/Connector.h ../Ice/ConnectorF.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../IceSSL/TraceLevels.h -SslAcceptor.o: SslAcceptor.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/Network.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslAcceptor.h ../Ice/TransceiverF.h ../Ice/Acceptor.h ../Ice/AcceptorF.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../IceSSL/TraceLevels.h -SslTransceiver.o: SslTransceiver.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Buffer.h ../Ice/Network.h ../IceSSL/OpenSSL.h ../IceSSL/SslConnection.h ../../include/Ice/LoggerF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../IceSSL/PluginBaseIF.h ../IceSSL/PluginBaseI.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../IceSSL/TraceLevels.h +SslConnector.o: SslConnector.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/Network.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/SslConnector.h ../Ice/TransceiverF.h ../Ice/Connector.h ../Ice/ConnectorF.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/TraceLevels.h +SslAcceptor.o: SslAcceptor.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/Network.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/SslAcceptor.h ../Ice/TransceiverF.h ../Ice/Acceptor.h ../Ice/AcceptorF.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/TraceLevels.h +SslTransceiver.o: SslTransceiver.cpp ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Buffer.h ../Ice/Network.h ../IceSSL/OpenSSL.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/SslTransceiverF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/PluginBaseI.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../IceSSL/TraceLevels.h ../../include/Ice/Logger.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ContextOpenSSLClient.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/DHParamsF.h ../IceSSL/OpenSSLUtils.h +SslClientTransceiver.o: SslClientTransceiver.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Buffer.h ../Ice/Network.h ../IceSSL/OpenSSL.h ../IceSSL/SslClientTransceiver.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/SslTransceiverF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/PluginBaseI.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../IceSSL/TraceLevels.h ../IceSSL/OpenSSLUtils.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLJanitors.h +SslServerTransceiver.o: SslServerTransceiver.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Buffer.h ../Ice/Network.h ../IceSSL/OpenSSL.h ../IceSSL/PluginBaseI.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/TraceLevels.h ../IceSSL/OpenSSLUtils.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/SslServerTransceiver.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h BaseCerts.o: BaseCerts.cpp ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../../include/IceUtil/Config.h CertificateAuthority.o: CertificateAuthority.cpp ../IceSSL/CertificateAuthority.h ../../include/IceUtil/Config.h CertificateDesc.o: CertificateDesc.cpp ../IceSSL/CertificateDesc.h ../../include/IceUtil/Config.h ConfigParser.o: ConfigParser.cpp ../IceSSL/ConfigParser.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../IceSSL/CertificateDesc.h ../IceSSL/GeneralConfig.h ../IceSSL/OpenSSL.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/TraceLevelsF.h ../IceSSL/ConfigParserErrorReporter.h ../../include/IceSSL/Exception.h ConfigParserErrorReporter.o: ConfigParserErrorReporter.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../IceSSL/ConfigParserErrorReporter.h ../../include/Ice/LoggerF.h ../IceSSL/TraceLevelsF.h ../IceSSL/OpenSSL.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h -SslConnection.o: SslConnection.cpp ../IceSSL/SslConnection.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h -SslConnectionOpenSSLClient.o: SslConnectionOpenSSLClient.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LocalException.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../IceSSL/OpenSSLUtils.h ../IceSSL/OpenSSL.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/SslConnectionOpenSSLClient.h ../IceSSL/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/SslConnection.h ../../include/Ice/Buffer.h ../../include/Ice/LoggerF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionOpenSSLF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h -SslConnectionOpenSSL.o: SslConnectionOpenSSL.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LocalException.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../IceSSL/OpenSSL.h ../../include/IceSSL/Exception.h ../IceSSL/SslConnection.h ../../include/Ice/Buffer.h ../../include/Ice/LoggerF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionOpenSSLF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../IceSSL/PluginBaseI.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ContextOpenSSLClient.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/DHParamsF.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h -SslConnectionOpenSSLServer.o: SslConnectionOpenSSLServer.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/LocalException.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../IceSSL/OpenSSLUtils.h ../IceSSL/OpenSSL.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/SslConnectionOpenSSLServer.h ../IceSSL/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/SslConnection.h ../../include/Ice/Buffer.h ../../include/Ice/LoggerF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionOpenSSLF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h -ContextOpenSSL.o: ContextOpenSSL.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Properties.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../IceSSL/DefaultCertificateVerifier.h ../../include/Ice/LoggerF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Exception.h ../../include/IceSSL/RSAKeyPair.h ../../include/IceSSL/RSAKeyPairF.h ../../include/IceSSL/RSACertificateGenF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/RSAPublicKeyF.h ../IceSSL/CertificateDesc.h ../IceSSL/SslConnectionOpenSSL.h ../IceSSL/SslConnection.h ../IceSSL/SslConnectionF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionOpenSSLF.h ../IceSSL/ContextOpenSSL.h ../../include/Ice/PropertiesF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h -ContextOpenSSLClient.o: ContextOpenSSLClient.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/IceSSL/Exception.h ../IceSSL/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/SslConnection.h ../../include/Ice/Buffer.h ../../include/Ice/LoggerF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionOpenSSLF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/ContextOpenSSLClient.h ../IceSSL/ContextOpenSSL.h ../../include/Ice/PropertiesF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/SslConnectionOpenSSLClient.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h -ContextOpenSSLServer.o: ContextOpenSSLServer.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/IceSSL/Exception.h ../IceSSL/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../IceSSL/SslConnection.h ../../include/Ice/Buffer.h ../../include/Ice/LoggerF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionOpenSSLF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../../include/Ice/PropertiesF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/SslConnectionOpenSSLServer.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h +ContextOpenSSL.o: ContextOpenSSL.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Properties.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../IceSSL/DefaultCertificateVerifier.h ../../include/Ice/LoggerF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Exception.h ../../include/IceSSL/RSAKeyPair.h ../../include/IceSSL/RSAKeyPairF.h ../../include/IceSSL/RSACertificateGenF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/RSAPublicKeyF.h ../IceSSL/CertificateDesc.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../IceSSL/SslTransceiverF.h ../IceSSL/PluginBaseIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/ContextOpenSSL.h ../../include/Ice/PropertiesF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h +ContextOpenSSLClient.o: ContextOpenSSLClient.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/IceSSL/Exception.h ../IceSSL/ContextOpenSSLClient.h ../IceSSL/ContextOpenSSL.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../IceSSL/OpenSSL.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../IceSSL/TempCerts.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../IceSSL/SslTransceiverF.h ../IceSSL/PluginBaseIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/SslClientTransceiver.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h +ContextOpenSSLServer.o: ContextOpenSSLServer.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/IceSSL/Exception.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../IceSSL/OpenSSL.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../IceSSL/TempCerts.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../IceSSL/SslTransceiverF.h ../IceSSL/PluginBaseIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/SslServerTransceiver.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h GeneralConfig.o: GeneralConfig.cpp ../IceSSL/GeneralConfig.h ../IceSSL/OpenSSL.h ../../include/IceUtil/Config.h TempCerts.o: TempCerts.cpp ../IceSSL/TempCerts.h ../IceSSL/CertificateDesc.h ../../include/IceUtil/Config.h CertificateVerifier.o: CertificateVerifier.cpp ../../include/IceSSL/CertificateVerifier.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h @@ -30,7 +28,7 @@ RSAPrivateKey.o: RSAPrivateKey.cpp ../../include/IceUtil/Config.h ../../include/ RSAPublicKey.o: RSAPublicKey.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Base64.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceUtil/Shared.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/IceSSL/RSAPublicKeyF.h ../IceSSL/Convert.h ../IceSSL/OpenSSLUtils.h ../../include/IceSSL/Exception.h RSAKeyPair.o: RSAKeyPair.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Base64.h ../../include/IceSSL/RSAKeyPair.h ../../include/IceUtil/Shared.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/IceSSL/RSAKeyPairF.h ../../include/IceSSL/RSACertificateGenF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAPrivateKey.h ../../include/IceSSL/RSAPublicKey.h DHParams.o: DHParams.cpp ../IceSSL/DHParams.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../IceSSL/DHParamsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h -OpenSSLUtils.o: OpenSSLUtils.cpp ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../IceSSL/OpenSSLUtils.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/SslConnectionF.h ../IceSSL/TraceLevelsF.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../IceSSL/SslConnectionOpenSSLF.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ContextOpenSSLClient.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/DHParamsF.h ../IceSSL/SslConnectionOpenSSL.h ../IceSSL/SslConnection.h +OpenSSLUtils.o: OpenSSLUtils.cpp ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../IceSSL/OpenSSLUtils.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../IceSSL/PluginBaseI.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/Ice/LocalException.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/PluginBaseIF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ContextOpenSSLServer.h ../IceSSL/ContextOpenSSL.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../IceSSL/ContextOpenSSLF.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ContextOpenSSLClient.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/DHParamsF.h DefaultCertificateVerifier.o: DefaultCertificateVerifier.cpp ../../include/Ice/Logger.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../IceSSL/OpenSSL.h ../IceSSL/DefaultCertificateVerifier.h ../../include/Ice/LoggerF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h SingleCertificateVerifier.o: SingleCertificateVerifier.cpp ../IceSSL/SingleCertificateVerifier.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/Convert.h TraceLevels.o: TraceLevels.cpp ../IceSSL/TraceLevels.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../IceSSL/TraceLevelsF.h ../../include/Ice/Communicator.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Facet.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Time.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/PropertiesF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/CommunicatorF.h ../../include/Ice/EndpointFactoryF.h diff --git a/cpp/src/IceSSL/ContextOpenSSL.cpp b/cpp/src/IceSSL/ContextOpenSSL.cpp index 3362a876efe..405e4379c58 100644 --- a/cpp/src/IceSSL/ContextOpenSSL.cpp +++ b/cpp/src/IceSSL/ContextOpenSSL.cpp @@ -15,7 +15,7 @@ #include <IceSSL/Exception.h> #include <IceSSL/RSAKeyPair.h> #include <IceSSL/CertificateDesc.h> -#include <IceSSL/SslConnectionOpenSSL.h> +#include <IceSSL/SslTransceiver.h> #include <IceSSL/ContextOpenSSL.h> #include <IceSSL/OpenSSLJanitors.h> #include <IceSSL/OpenSSLUtils.h> @@ -27,12 +27,10 @@ using namespace std; using namespace Ice; using namespace IceInternal; -using IceSSL::ConnectionPtr; +void ::IceInternal::incRef(::IceSSL::Context* p) { p->__incRef(); } +void ::IceInternal::decRef(::IceSSL::Context* p) { p->__decRef(); } -void ::IceInternal::incRef(::IceSSL::OpenSSL::Context* p) { p->__incRef(); } -void ::IceInternal::decRef(::IceSSL::OpenSSL::Context* p) { p->__decRef(); } - -IceSSL::OpenSSL::Context::~Context() +IceSSL::Context::~Context() { if(_sslContext != 0) { @@ -43,35 +41,35 @@ IceSSL::OpenSSL::Context::~Context() } bool -IceSSL::OpenSSL::Context::isConfigured() +IceSSL::Context::isConfigured() { return (_sslContext != 0 ? true : false); } void -IceSSL::OpenSSL::Context::setCertificateVerifier(const CertificateVerifierPtr& verifier) +IceSSL::Context::setCertificateVerifier(const OpenSSL::CertificateVerifierPtr& verifier) { _certificateVerifier = verifier; } void -IceSSL::OpenSSL::Context::addTrustedCertificateBase64(const string& trustedCertString) +IceSSL::Context::addTrustedCertificateBase64(const string& trustedCertString) { - RSAPublicKey pubKey(trustedCertString); + OpenSSL::RSAPublicKey pubKey(trustedCertString); addTrustedCertificate(pubKey); } void -IceSSL::OpenSSL::Context::addTrustedCertificate(const Ice::ByteSeq& trustedCert) +IceSSL::Context::addTrustedCertificate(const Ice::ByteSeq& trustedCert) { - RSAPublicKey pubKey(trustedCert); + OpenSSL::RSAPublicKey pubKey(trustedCert); addTrustedCertificate(pubKey); } void -IceSSL::OpenSSL::Context::setRSAKeysBase64(const string& privateKey, +IceSSL::Context::setRSAKeysBase64(const string& privateKey, const string& publicKey) { if(privateKey.empty()) @@ -87,7 +85,7 @@ IceSSL::OpenSSL::Context::setRSAKeysBase64(const string& privateKey, } void -IceSSL::OpenSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey) +IceSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey) { if(privateKey.empty()) { @@ -102,7 +100,7 @@ IceSSL::OpenSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice:: } void -IceSSL::OpenSSL::Context::configure(const GeneralConfig& generalConfig, +IceSSL::Context::configure(const GeneralConfig& generalConfig, const CertificateAuthority& certificateAuthority, const BaseCertificates& baseCertificates) { @@ -142,20 +140,19 @@ IceSSL::OpenSSL::Context::configure(const GeneralConfig& generalConfig, // Protected // -IceSSL::OpenSSL::Context::Context(const IceSSL::TraceLevelsPtr& traceLevels, const LoggerPtr& logger, - const PropertiesPtr& properties) : +IceSSL::Context::Context(const TraceLevelsPtr& traceLevels, const LoggerPtr& logger, const PropertiesPtr& properties) : _traceLevels(traceLevels), _logger(logger), _properties(properties) { - _certificateVerifier = new DefaultCertificateVerifier(traceLevels, logger); + _certificateVerifier = new OpenSSL::DefaultCertificateVerifier(traceLevels, logger); _sslContext = 0; _maxPassphraseRetriesDefault = "4"; } SSL_METHOD* -IceSSL::OpenSSL::Context::getSslMethod(SslProtocol sslVersion) +IceSSL::Context::getSslMethod(SslProtocol sslVersion) { SSL_METHOD* sslMethod = 0; @@ -205,7 +202,7 @@ IceSSL::OpenSSL::Context::getSslMethod(SslProtocol sslVersion) } void -IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol) +IceSSL::Context::createContext(SslProtocol sslProtocol) { if(_sslContext != 0) { @@ -217,9 +214,9 @@ IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol) if(_sslContext == 0) { - ContextInitializationException contextInitEx(__FILE__, __LINE__); + OpenSSL::ContextInitializationException contextInitEx(__FILE__, __LINE__); - contextInitEx.message = "unable to create ssl context\n" + sslGetErrors(); + contextInitEx.message = "unable to create ssl context\n" + OpenSSL::sslGetErrors(); throw contextInitEx; } @@ -229,7 +226,7 @@ IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol) } void -IceSSL::OpenSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth) +IceSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth) { assert(_sslContext != 0); @@ -284,7 +281,7 @@ IceSSL::OpenSSL::Context::loadCertificateAuthority(const CertificateAuthority& c } void -IceSSL::OpenSSL::Context::setKeyCert(const CertificateDesc& certDesc, +IceSSL::Context::setKeyCert(const CertificateDesc& certDesc, const string& privateProperty, const string& publicProperty) { @@ -315,7 +312,7 @@ IceSSL::OpenSSL::Context::setKeyCert(const CertificateDesc& certDesc, } void -IceSSL::OpenSSL::Context::checkKeyCert() +IceSSL::Context::checkKeyCert() { assert(_sslContext != 0); @@ -323,10 +320,10 @@ IceSSL::OpenSSL::Context::checkKeyCert() // set against the SSL context match up. if(!SSL_CTX_check_private_key(_sslContext)) { - CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__); + OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__); certKeyMatchEx.message = "private key does not match the certificate public key"; - string sslError = sslGetErrors(); + string sslError = OpenSSL::sslGetErrors(); if(!sslError.empty()) { @@ -339,11 +336,11 @@ IceSSL::OpenSSL::Context::checkKeyCert() } void -IceSSL::OpenSSL::Context::addTrustedCertificate(const RSAPublicKey& trustedCertificate) +IceSSL::Context::addTrustedCertificate(const OpenSSL::RSAPublicKey& trustedCertificate) { if(_sslContext == 0) { - ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__); + OpenSSL::ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__); contextConfigEx.message = "ssl context not configured"; @@ -356,16 +353,16 @@ IceSSL::OpenSSL::Context::addTrustedCertificate(const RSAPublicKey& trustedCerti if(X509_STORE_add_cert(certStore, trustedCertificate.getX509PublicKey()) == 0) { - TrustedCertificateAddException trustEx(__FILE__, __LINE__); + OpenSSL::TrustedCertificateAddException trustEx(__FILE__, __LINE__); - trustEx.message = sslGetErrors(); + trustEx.message = OpenSSL::sslGetErrors(); throw trustEx; } } void -IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert) +IceSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert) { assert(_sslContext != 0); @@ -382,12 +379,12 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce // Set which Public Key file to use. if(SSL_CTX_use_certificate_file(_sslContext, publicFile, publicEncoding) <= 0) { - CertificateLoadException certLoadEx(__FILE__, __LINE__); + OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__); certLoadEx.message = "unable to load certificate from '"; certLoadEx.message += publicFile; certLoadEx.message += "'\n"; - certLoadEx.message += sslGetErrors(); + certLoadEx.message += OpenSSL::sslGetErrors(); throw certLoadEx; } @@ -410,7 +407,7 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce while(retryCount != _maxPassphraseTries) { // We ignore the errors and remove them from the stack. - string errorString = sslGetErrors(); + string errorString = OpenSSL::sslGetErrors(); // Set which Private Key file to use. pkLoadResult = SSL_CTX_use_PrivateKey_file(_sslContext, privKeyFile, privKeyFileType); @@ -447,10 +444,10 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce // key matches the private key when calling SSL_CTX_use_PrivateKey_file(). if(errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH) { - CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__); + OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__); certKeyMatchEx.message = "private key does not match the certificate public key"; - string sslError = sslGetErrors(); + string sslError = OpenSSL::sslGetErrors(); if(!sslError.empty()) { @@ -462,12 +459,12 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce } else { - PrivateKeyLoadException pklEx(__FILE__, __LINE__); + OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__); pklEx.message = "unable to load private key from '"; pklEx.message += privKeyFile; pklEx.message += "'\n"; - pklEx.message += sslGetErrors(); + pklEx.message += OpenSSL::sslGetErrors(); throw pklEx; } @@ -478,11 +475,11 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce } void -IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair) +IceSSL::Context::addKeyCert(const OpenSSL::RSAKeyPair& keyPair) { if(_sslContext == 0) { - ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__); + OpenSSL::ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__); contextConfigEx.message = "ssl context not configured"; @@ -497,10 +494,10 @@ IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair) // Set which Public Key file to use. if(SSL_CTX_use_certificate(_sslContext, keyPair.getX509PublicKey()) <= 0) { - CertificateLoadException certLoadEx(__FILE__, __LINE__); + OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__); certLoadEx.message = "unable to set certificate from memory"; - string sslError = sslGetErrors(); + string sslError = OpenSSL::sslGetErrors(); if(!sslError.empty()) { @@ -520,10 +517,10 @@ IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair) // key matches the private key when calling SSL_CTX_use_PrivateKey_file(). if(errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH) { - CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__); + OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__); certKeyMatchEx.message = "private key does not match the certificate public key"; - string sslError = sslGetErrors(); + string sslError = OpenSSL::sslGetErrors(); if(!sslError.empty()) { @@ -535,10 +532,10 @@ IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair) } else { - PrivateKeyLoadException pklEx(__FILE__, __LINE__); + OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__); pklEx.message = "unable to set private key from memory"; - string sslError = sslGetErrors(); + string sslError = OpenSSL::sslGetErrors(); if(!sslError.empty()) { @@ -554,7 +551,7 @@ IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair) } void -IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey) +IceSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey) { Ice::ByteSeq privKey = privateKey; @@ -569,11 +566,11 @@ IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice:: } // Make a key pair based on the DER encoded byte sequences. - addKeyCert(RSAKeyPair(privKey, publicKey)); + addKeyCert(OpenSSL::RSAKeyPair(privKey, publicKey)); } void -IceSSL::OpenSSL::Context::addKeyCert(const string& privateKey, const string& publicKey) +IceSSL::Context::addKeyCert(const string& privateKey, const string& publicKey) { string privKey = privateKey; @@ -588,11 +585,11 @@ IceSSL::OpenSSL::Context::addKeyCert(const string& privateKey, const string& pub } // Make a key pair based on the Base64 encoded strings. - addKeyCert(RSAKeyPair(privKey, publicKey)); + addKeyCert(OpenSSL::RSAKeyPair(privKey, publicKey)); } SSL* -IceSSL::OpenSSL::Context::createSSLConnection(int socket) +IceSSL::Context::createSSLConnection(int socket) { assert(_sslContext != 0); @@ -607,16 +604,16 @@ IceSSL::OpenSSL::Context::createSSLConnection(int socket) } void -IceSSL::OpenSSL::Context::connectionSetup(const ConnectionPtr& connection) +IceSSL::Context::transceiverSetup(const SslTransceiverPtr& transceiver) { // Set the Post-Handshake Read timeout // This timeout is implemented once on the first read after hanshake. int handshakeReadTimeout = _properties->getPropertyAsIntWithDefault(_handshakeTimeoutProperty, 5000); - connection->setHandshakeReadTimeout(handshakeReadTimeout); + transceiver->setHandshakeReadTimeout(handshakeReadTimeout); } void -IceSSL::OpenSSL::Context::setCipherList(const string& cipherList) +IceSSL::Context::setCipherList(const string& cipherList) { assert(_sslContext != 0); @@ -624,13 +621,13 @@ IceSSL::OpenSSL::Context::setCipherList(const string& cipherList) (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)) { string errorString = "WRN error setting cipher list " + cipherList + " -- using default list\n"; - errorString += sslGetErrors(); + errorString += OpenSSL::sslGetErrors(); _logger->trace(_traceLevels->securityCat, errorString); } } void -IceSSL::OpenSSL::Context::setDHParams(const BaseCertificates& baseCerts) +IceSSL::Context::setDHParams(const BaseCertificates& baseCerts) { DH* dh = 0; @@ -640,7 +637,7 @@ IceSSL::OpenSSL::Context::setDHParams(const BaseCertificates& baseCerts) // File type must be PEM - that's the only way we can load DH Params, apparently. if((!dhFile.empty()) && (encoding == SSL_FILETYPE_PEM)) { - dh = loadDHParam(dhFile.c_str()); + dh = OpenSSL::loadDHParam(dhFile.c_str()); } if(dh == 0) @@ -651,7 +648,7 @@ IceSSL::OpenSSL::Context::setDHParams(const BaseCertificates& baseCerts) "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key."); } - dh = getTempDH512(); + dh = OpenSSL::getTempDH512(); } if(dh != 0) diff --git a/cpp/src/IceSSL/ContextOpenSSL.h b/cpp/src/IceSSL/ContextOpenSSL.h index 5d209ef6d11..33168853311 100644 --- a/cpp/src/IceSSL/ContextOpenSSL.h +++ b/cpp/src/IceSSL/ContextOpenSSL.h @@ -8,8 +8,8 @@ // // ********************************************************************** -#ifndef ICE_SSL_CONTEXT_OPENSSL_H -#define ICE_SSL_CONTEXT_OPENSSL_H +#ifndef ICESSL_CONTEXT_H +#define ICESSL_CONTEXT_H #include <Ice/LoggerF.h> #include <Ice/PropertiesF.h> @@ -21,8 +21,7 @@ #include <IceSSL/CertificateAuthority.h> #include <IceSSL/BaseCerts.h> #include <IceSSL/TempCerts.h> -#include <IceSSL/SslConnectionF.h> -#include <IceSSL/SslConnectionOpenSSLF.h> +#include <IceSSL/SslTransceiver.h> #include <IceSSL/ContextOpenSSLF.h> #include <IceSSL/RSAPublicKey.h> #include <IceSSL/RSAKeyPairF.h> @@ -35,6 +34,8 @@ namespace OpenSSL class PluginI; +} + class Context : public IceUtil::Shared { public: @@ -43,7 +44,7 @@ public: bool isConfigured(); - virtual void setCertificateVerifier(const CertificateVerifierPtr&); + virtual void setCertificateVerifier(const OpenSSL::CertificateVerifierPtr&); virtual void addTrustedCertificateBase64(const std::string&); @@ -53,31 +54,31 @@ public: virtual void setRSAKeys(const Ice::ByteSeq&, const Ice::ByteSeq&); - virtual void configure(const IceSSL::GeneralConfig&, - const IceSSL::CertificateAuthority&, - const IceSSL::BaseCertificates&); + virtual void configure(const GeneralConfig&, + const CertificateAuthority&, + const BaseCertificates&); // Takes a socket fd as the first parameter. - virtual ::IceSSL::ConnectionPtr createConnection(int, const IceSSL::PluginBaseIPtr&) = 0; + virtual SslTransceiverPtr createTransceiver(int, const PluginBaseIPtr&) = 0; protected: - Context(const IceSSL::TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); + Context(const TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); SSL_METHOD* getSslMethod(SslProtocol); void createContext(SslProtocol); virtual void loadCertificateAuthority(const CertificateAuthority&); - void setKeyCert(const IceSSL::CertificateDesc&, const std::string&, const std::string&); + void setKeyCert(const CertificateDesc&, const std::string&, const std::string&); void checkKeyCert(); - void addTrustedCertificate(const IceSSL::OpenSSL::RSAPublicKey&); + void addTrustedCertificate(const OpenSSL::RSAPublicKey&); - void addKeyCert(const IceSSL::CertificateFile&, const IceSSL::CertificateFile&); + void addKeyCert(const CertificateFile&, const CertificateFile&); - void addKeyCert(const RSAKeyPair&); + void addKeyCert(const OpenSSL::RSAKeyPair&); void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&); @@ -85,13 +86,13 @@ protected: SSL* createSSLConnection(int); - void connectionSetup(const IceSSL::OpenSSL::ConnectionPtr& connection); + void transceiverSetup(const SslTransceiverPtr&); void setCipherList(const std::string&); - void setDHParams(const IceSSL::BaseCertificates&); + void setDHParams(const BaseCertificates&); - IceSSL::TraceLevelsPtr _traceLevels; + TraceLevelsPtr _traceLevels; Ice::LoggerPtr _logger; Ice::PropertiesPtr _properties; @@ -104,17 +105,13 @@ protected: std::string _passphraseRetriesProperty; std::string _maxPassphraseRetriesDefault; - IceSSL::CertificateVerifierPtr _certificateVerifier; + OpenSSL::CertificateVerifierPtr _certificateVerifier; SSL_CTX* _sslContext; int _maxPassphraseTries; - - friend class IceSSL::OpenSSL::PluginI; }; } -} - #endif diff --git a/cpp/src/IceSSL/ContextOpenSSLClient.cpp b/cpp/src/IceSSL/ContextOpenSSLClient.cpp index 6f735e98c43..da127d331c3 100644 --- a/cpp/src/IceSSL/ContextOpenSSLClient.cpp +++ b/cpp/src/IceSSL/ContextOpenSSLClient.cpp @@ -11,26 +11,23 @@ #include <Ice/Logger.h> #include <IceSSL/Exception.h> -#include <IceSSL/SslConnectionOpenSSL.h> #include <IceSSL/ContextOpenSSLClient.h> -#include <IceSSL/SslConnectionOpenSSLClient.h> +#include <IceSSL/SslClientTransceiver.h> #include <IceSSL/TraceLevels.h> using namespace std; using namespace Ice; -using IceSSL::ConnectionPtr; - void -IceSSL::OpenSSL::ClientContext::configure(const GeneralConfig& generalConfig, - const CertificateAuthority& certificateAuthority, - const BaseCertificates& baseCertificates) +IceSSL::ClientContext::configure(const GeneralConfig& generalConfig, + const CertificateAuthority& certificateAuthority, + const BaseCertificates& baseCertificates) { Context::configure(generalConfig, certificateAuthority, baseCertificates); loadCertificateAuthority(certificateAuthority); - if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL) + if(_traceLevels->security >= SECURITY_PROTOCOL) { ostringstream s; @@ -52,25 +49,26 @@ IceSSL::OpenSSL::ClientContext::configure(const GeneralConfig& generalConfig, } } -IceSSL::ConnectionPtr -IceSSL::OpenSSL::ClientContext::createConnection(int socket, const PluginBaseIPtr& plugin) +IceSSL::SslTransceiverPtr +IceSSL::ClientContext::createTransceiver(int socket, const PluginBaseIPtr& plugin) { if(_sslContext == 0) { - IceSSL::OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__); + OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__); throw contextEx; } - ConnectionPtr connection = new ClientConnection(_certificateVerifier, createSSLConnection(socket), plugin); + SSL* ssl = createSSLConnection(socket); + SslTransceiverPtr transceiver = new SslClientTransceiver(plugin, socket, _certificateVerifier, ssl); - connectionSetup(connection); + transceiverSetup(transceiver); - return connection; + return transceiver; } -IceSSL::OpenSSL::ClientContext::ClientContext(const IceSSL::TraceLevelsPtr& traceLevels, const LoggerPtr& logger, - const PropertiesPtr& properties) : +IceSSL::ClientContext::ClientContext(const TraceLevelsPtr& traceLevels, const LoggerPtr& logger, + const PropertiesPtr& properties) : Context(traceLevels, logger, properties) { _rsaPrivateKeyProperty = "IceSSL.Client.Overrides.RSA.PrivateKey"; diff --git a/cpp/src/IceSSL/ContextOpenSSLClient.h b/cpp/src/IceSSL/ContextOpenSSLClient.h index a42a4116b2a..3a9921a92e6 100644 --- a/cpp/src/IceSSL/ContextOpenSSLClient.h +++ b/cpp/src/IceSSL/ContextOpenSSLClient.h @@ -8,37 +8,32 @@ // // ********************************************************************** -#ifndef ICE_SSL_CONTEXT_OPENSSL_CLIENT_H -#define ICE_SSL_CONTEXT_OPENSSL_CLIENT_H +#ifndef ICESSL_CLIENT_CONTEXT_H +#define ICESSL_CLIENT_CONTEXT_H #include <IceSSL/ContextOpenSSL.h> namespace IceSSL { -namespace OpenSSL -{ - class ClientContext : public Context { public: - virtual void configure(const IceSSL::GeneralConfig&, - const IceSSL::CertificateAuthority&, - const IceSSL::BaseCertificates&); + virtual void configure(const GeneralConfig&, + const CertificateAuthority&, + const BaseCertificates&); // Takes a socket fd as the first parameter. - virtual IceSSL::ConnectionPtr createConnection(int, const IceSSL::PluginBaseIPtr&); + virtual SslTransceiverPtr createTransceiver(int, const PluginBaseIPtr&); protected: - ClientContext(const IceSSL::TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); + ClientContext(const TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); - friend class IceSSL::OpenSSL::PluginI; + friend class OpenSSL::PluginI; }; } -} - #endif diff --git a/cpp/src/IceSSL/ContextOpenSSLF.h b/cpp/src/IceSSL/ContextOpenSSLF.h index 364005a801b..918b37b62dd 100644 --- a/cpp/src/IceSSL/ContextOpenSSLF.h +++ b/cpp/src/IceSSL/ContextOpenSSLF.h @@ -16,21 +16,16 @@ namespace IceSSL { -namespace OpenSSL -{ - class Context; typedef IceInternal::Handle<Context> ContextPtr; } -} - namespace IceInternal { -void incRef(::IceSSL::OpenSSL::Context*); -void decRef(::IceSSL::OpenSSL::Context*); +void incRef(::IceSSL::Context*); +void decRef(::IceSSL::Context*); } diff --git a/cpp/src/IceSSL/ContextOpenSSLServer.cpp b/cpp/src/IceSSL/ContextOpenSSLServer.cpp index a15159ed065..62a2a7355a7 100644 --- a/cpp/src/IceSSL/ContextOpenSSLServer.cpp +++ b/cpp/src/IceSSL/ContextOpenSSLServer.cpp @@ -11,9 +11,8 @@ #include <Ice/Logger.h> #include <IceSSL/Exception.h> -#include <IceSSL/SslConnectionOpenSSL.h> #include <IceSSL/ContextOpenSSLServer.h> -#include <IceSSL/SslConnectionOpenSSLServer.h> +#include <IceSSL/SslServerTransceiver.h> #include <IceSSL/OpenSSLUtils.h> #include <IceSSL/TraceLevels.h> @@ -21,9 +20,9 @@ using namespace std; using namespace Ice; void -IceSSL::OpenSSL::ServerContext::configure(const GeneralConfig& generalConfig, - const CertificateAuthority& certificateAuthority, - const BaseCertificates& baseCertificates) +IceSSL::ServerContext::configure(const GeneralConfig& generalConfig, + const CertificateAuthority& certificateAuthority, + const BaseCertificates& baseCertificates) { Context::configure(generalConfig, certificateAuthority, baseCertificates); @@ -51,7 +50,7 @@ IceSSL::OpenSSL::ServerContext::configure(const GeneralConfig& generalConfig, reinterpret_cast<const unsigned char *>(connectionContext.c_str()), connectionContext.size()); - if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL) + if(_traceLevels->security >= SECURITY_PROTOCOL) { ostringstream s; @@ -71,29 +70,30 @@ IceSSL::OpenSSL::ServerContext::configure(const GeneralConfig& generalConfig, } } -IceSSL::ConnectionPtr -IceSSL::OpenSSL::ServerContext::createConnection(int socket, const PluginBaseIPtr& plugin) +IceSSL::SslTransceiverPtr +IceSSL::ServerContext::createTransceiver(int socket, const PluginBaseIPtr& plugin) { if(_sslContext == 0) { - ContextNotConfiguredException contextEx(__FILE__, __LINE__); + OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__); throw contextEx; } - ConnectionPtr connection = new ServerConnection(_certificateVerifier, createSSLConnection(socket), plugin); + SSL* ssl = createSSLConnection(socket); + SslTransceiverPtr transceiver = new SslServerTransceiver(plugin, socket, _certificateVerifier, ssl); - connectionSetup(connection); + transceiverSetup(transceiver); - return connection; + return transceiver; } // // Protected // -IceSSL::OpenSSL::ServerContext::ServerContext(const IceSSL::TraceLevelsPtr& traceLevels, const LoggerPtr& logger, - const PropertiesPtr& properties) : +IceSSL::ServerContext::ServerContext(const TraceLevelsPtr& traceLevels, const LoggerPtr& logger, + const PropertiesPtr& properties) : Context(traceLevels, logger, properties) { _rsaPrivateKeyProperty = "IceSSL.Server.Overrides.RSA.PrivateKey"; @@ -106,7 +106,7 @@ IceSSL::OpenSSL::ServerContext::ServerContext(const IceSSL::TraceLevelsPtr& trac } void -IceSSL::OpenSSL::ServerContext::loadCertificateAuthority(const CertificateAuthority& certAuth) +IceSSL::ServerContext::loadCertificateAuthority(const CertificateAuthority& certAuth) { assert(_sslContext != 0); @@ -123,10 +123,10 @@ IceSSL::OpenSSL::ServerContext::loadCertificateAuthority(const CertificateAuthor if(certNames == 0) { - if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) + if(_traceLevels->security >= SECURITY_WARNINGS) { string errorString = "unable to load certificate authorities certificate names from " + caFile + "\n"; - errorString += sslGetErrors(); + errorString += OpenSSL::sslGetErrors(); _logger->trace(_traceLevels->securityCat, "WRN " + errorString); } } diff --git a/cpp/src/IceSSL/ContextOpenSSLServer.h b/cpp/src/IceSSL/ContextOpenSSLServer.h index af3ff8e6da1..4e73f81e845 100644 --- a/cpp/src/IceSSL/ContextOpenSSLServer.h +++ b/cpp/src/IceSSL/ContextOpenSSLServer.h @@ -8,39 +8,34 @@ // // ********************************************************************** -#ifndef ICE_SSL_CONTEXT_OPENSSL_SERVER_H -#define ICE_SSL_CONTEXT_OPENSSL_SERVER_H +#ifndef ICESSL_SERVER_CONTEXT_H +#define ICESSL_SERVER_CONTEXT_H #include <IceSSL/ContextOpenSSL.h> namespace IceSSL { -namespace OpenSSL -{ - class ServerContext : public Context { public: - virtual void configure(const IceSSL::GeneralConfig&, - const IceSSL::CertificateAuthority&, - const IceSSL::BaseCertificates&); + virtual void configure(const GeneralConfig&, + const CertificateAuthority&, + const BaseCertificates&); // Takes a socket fd as the first parameter. - virtual IceSSL::ConnectionPtr createConnection(int, const IceSSL::PluginBaseIPtr&); + virtual SslTransceiverPtr createTransceiver(int, const PluginBaseIPtr&); protected: - ServerContext(const IceSSL::TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); + ServerContext(const TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); - virtual void loadCertificateAuthority(const IceSSL::CertificateAuthority& certAuth); + virtual void loadCertificateAuthority(const CertificateAuthority& certAuth); - friend class IceSSL::OpenSSL::PluginI; + friend class OpenSSL::PluginI; }; } -} - #endif diff --git a/cpp/src/IceSSL/Makefile b/cpp/src/IceSSL/Makefile index 6a898d28bbb..294eb9cc2fe 100644 --- a/cpp/src/IceSSL/Makefile +++ b/cpp/src/IceSSL/Makefile @@ -27,15 +27,13 @@ OBJS = Plugin.o \ SslConnector.o \ SslAcceptor.o \ SslTransceiver.o \ + SslClientTransceiver.o \ + SslServerTransceiver.o \ BaseCerts.o \ CertificateAuthority.o \ CertificateDesc.o \ ConfigParser.o \ ConfigParserErrorReporter.o \ - SslConnection.o \ - SslConnectionOpenSSLClient.o \ - SslConnectionOpenSSL.o \ - SslConnectionOpenSSLServer.o \ ContextOpenSSL.o \ ContextOpenSSLClient.o \ ContextOpenSSLServer.o \ diff --git a/cpp/src/IceSSL/OpenSSLPluginI.cpp b/cpp/src/IceSSL/OpenSSLPluginI.cpp index b5d6c32ccf8..daeb1590a60 100644 --- a/cpp/src/IceSSL/OpenSSLPluginI.cpp +++ b/cpp/src/IceSSL/OpenSSLPluginI.cpp @@ -22,7 +22,7 @@ #include <IceSSL/ConfigParser.h> #include <IceSSL/OpenSSLJanitors.h> #include <IceSSL/OpenSSLUtils.h> -#include <IceSSL/SslConnectionOpenSSL.h> +#include <IceSSL/SslTransceiver.h> #include <IceSSL/DefaultCertificateVerifier.h> #include <IceSSL/SingleCertificateVerifier.h> #include <IceSSL/SslEndpoint.h> @@ -152,8 +152,8 @@ IceSSL::SslLockKeeper::~SslLockKeeper() // // PluginI implementation // -IceSSL::ConnectionPtr -IceSSL::OpenSSL::PluginI::createConnection(ContextType connectionType, int socket) +IceSSL::SslTransceiverPtr +IceSSL::OpenSSL::PluginI::createTransceiver(ContextType connectionType, int socket) { IceUtil::RecMutex::Lock sync(_configMutex); @@ -172,18 +172,18 @@ IceSSL::OpenSSL::PluginI::createConnection(ContextType connectionType, int socke configure(connectionType); } - IceSSL::ConnectionPtr connection; + IceSSL::SslTransceiverPtr transceiver; if(connectionType == Client) { - connection = _clientContext.createConnection(socket, this); + transceiver = _clientContext.createTransceiver(socket, this); } else if(connectionType == Server) { - connection = _serverContext.createConnection(socket, this); + transceiver = _serverContext.createTransceiver(socket, this); } - return connection; + return transceiver; } bool diff --git a/cpp/src/IceSSL/OpenSSLPluginI.h b/cpp/src/IceSSL/OpenSSLPluginI.h index a143bd79ad9..36a9ac887ee 100644 --- a/cpp/src/IceSSL/OpenSSLPluginI.h +++ b/cpp/src/IceSSL/OpenSSLPluginI.h @@ -42,7 +42,7 @@ public: PluginI(const IceInternal::ProtocolPluginFacadePtr&); ~PluginI(); - virtual IceSSL::ConnectionPtr createConnection(ContextType, int); + virtual IceSSL::SslTransceiverPtr createTransceiver(ContextType, int); virtual bool isConfigured(ContextType); virtual void configure(); @@ -78,8 +78,8 @@ public: private: - ServerContext _serverContext; - ClientContext _clientContext; + IceSSL::ServerContext _serverContext; + IceSSL::ClientContext _clientContext; // Mutex to ensure synchronization of calls to configure // the contexts and calls to create connections. diff --git a/cpp/src/IceSSL/OpenSSLUtils.cpp b/cpp/src/IceSSL/OpenSSLUtils.cpp index 2a230096eaf..65251b1d08d 100644 --- a/cpp/src/IceSSL/OpenSSLUtils.cpp +++ b/cpp/src/IceSSL/OpenSSLUtils.cpp @@ -11,7 +11,6 @@ #include <IceUtil/Mutex.h> #include <IceSSL/OpenSSLUtils.h> #include <IceSSL/OpenSSLPluginI.h> -#include <IceSSL/SslConnectionOpenSSL.h> #include <openssl/err.h> using namespace std; @@ -517,11 +516,11 @@ verifyCallback(int ok, X509_STORE_CTX* ctx) SSL* sslConnection = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); assert(sslConnection != 0); - IceSSL::OpenSSL::ConnectionPtr connection = IceSSL::OpenSSL::Connection::getConnection(sslConnection); - assert(connection != 0); + IceSSL::SslTransceiverPtr transceiver = IceSSL::SslTransceiver::getTransceiver(sslConnection); + assert(transceiver != 0); // Call the connection, get it to perform the verification. - return connection->verifyCertificate(ok, ctx); + return transceiver->verifyCertificate(ok, ctx); } } diff --git a/cpp/src/IceSSL/PluginBaseI.h b/cpp/src/IceSSL/PluginBaseI.h index 85059f48b0f..c85fc8132cc 100644 --- a/cpp/src/IceSSL/PluginBaseI.h +++ b/cpp/src/IceSSL/PluginBaseI.h @@ -16,18 +16,18 @@ #include <Ice/ProtocolPluginFacadeF.h> #include <IceSSL/Plugin.h> #include <IceSSL/PluginBaseIF.h> -#include <IceSSL/SslConnectionF.h> #include <IceSSL/CertificateVerifierF.h> #include <IceSSL/TraceLevelsF.h> +#include <IceSSL/SslTransceiverF.h> namespace IceSSL { -class PluginBaseI : public IceSSL::Plugin +class PluginBaseI : public Plugin { public: - virtual ConnectionPtr createConnection(ContextType, int) = 0; + virtual SslTransceiverPtr createTransceiver(ContextType, int) = 0; virtual bool isConfigured(ContextType) = 0; diff --git a/cpp/src/IceSSL/SslAcceptor.cpp b/cpp/src/IceSSL/SslAcceptor.cpp index 925d378f704..420279d3578 100644 --- a/cpp/src/IceSSL/SslAcceptor.cpp +++ b/cpp/src/IceSSL/SslAcceptor.cpp @@ -75,10 +75,7 @@ IceSSL::SslAcceptor::accept(int timeout) _logger->trace(_traceLevels->networkCat, s.str()); } - IceSSL::ConnectionPtr connection = _plugin->createConnection(IceSSL::Server, fd); - TransceiverPtr transPtr = new SslTransceiver(_plugin, fd, connection); - - return transPtr; + return _plugin->createTransceiver(IceSSL::Server, fd); } string diff --git a/cpp/src/IceSSL/SslConnectionOpenSSLClient.cpp b/cpp/src/IceSSL/SslClientTransceiver.cpp index a84d0a82431..0dccb3b6016 100644 --- a/cpp/src/IceSSL/SslConnectionOpenSSLClient.cpp +++ b/cpp/src/IceSSL/SslClientTransceiver.cpp @@ -1,6 +1,6 @@ // ********************************************************************** // -// Copyright (c) 2001 +// Copyright (c) 2002 // Mutable Realms, Inc. // Huntsville, AL, USA // @@ -8,50 +8,175 @@ // // ********************************************************************** -#include <Ice/Network.h> #include <Ice/Logger.h> +#include <Ice/LoggerUtil.h> +#include <Ice/Buffer.h> +#include <Ice/Network.h> +#include <IceSSL/OpenSSL.h> +#include <IceSSL/SslClientTransceiver.h> +#include <IceSSL/PluginBaseI.h> +#include <IceSSL/TraceLevels.h> + #include <Ice/LocalException.h> #include <IceSSL/OpenSSLUtils.h> -#include <IceSSL/OpenSSL.h> #include <IceSSL/Exception.h> #include <IceSSL/OpenSSLJanitors.h> -#include <IceSSL/SslConnectionOpenSSLClient.h> -#include <IceSSL/TraceLevels.h> using namespace std; using namespace Ice; using namespace IceInternal; -//////////////////////////////////////////////// -////////// SslConnectionOpenSSLClient ////////// -//////////////////////////////////////////////// - // // Public Methods // -// Note: I would use a using directive of the form: -// using IceSSL::CertificateVerifierPtr; -// but unfortunately, it appears that this is not properly picked up. -// - -IceSSL::OpenSSL::ClientConnection::ClientConnection(const IceSSL::CertificateVerifierPtr& certificateVerifier, - SSL* connection, - const PluginBaseIPtr& plugin) : - Connection(certificateVerifier, connection, plugin) +void +IceSSL::SslClientTransceiver::write(Buffer& buf, int timeout) { - assert(_sslConnection != 0); + assert(_fd != INVALID_SOCKET); - // Set the Connect Connection state for this connection. - SSL_set_connect_state(_sslConnection); -} + int totalBytesWritten = 0; + int bytesWritten = 0; -IceSSL::OpenSSL::ClientConnection::~ClientConnection() -{ + int packetSize = buf.b.end() - buf.i; + +#ifdef _WIN32 + // + // Limit packet size to avoid performance problems on WIN32. + // (blatantly ripped off from Marc Laukien) + // + if(packetSize > 64 * 1024) + { + packetSize = 64 * 1024; + } +#endif + + // We keep reading until we're done + while(buf.i != buf.b.end()) + { + // Ensure we're initialized. + if(initialize(timeout) <= 0) + { + // Retry the initialize call + continue; + } + + // initialize() must have returned > 0, so we're okay to try a write. + + // Perform a select on the socket. + if(!writeSelect(timeout)) + { + // We're done here. + break; + } + + bytesWritten = sslWrite(static_cast<char*>(&*buf.i), packetSize); + + switch(getLastError()) + { + case SSL_ERROR_NONE: + { + if(bytesWritten > 0) + { + if(_traceLevels->network >= 3) + { + ostringstream s; + s << "sent " << bytesWritten << " of " << packetSize; + s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection)); + _logger->trace(_traceLevels->networkCat, s.str()); + } + + totalBytesWritten += bytesWritten; + + buf.i += bytesWritten; + + if(packetSize > buf.b.end() - buf.i) + { + packetSize = buf.b.end() - buf.i; + } + } + continue; + } + + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Perform another read. The read should take care of this. + continue; + } + + case SSL_ERROR_SYSCALL: + { + // NOTE: The OpenSSL demo client only raises and error condition if there were + // actually bytes written. This is considered to be an error status + // requiring shutdown. + // If nothing was written, the demo client stops writing - we continue. + // This is potentially something wierd to watch out for. + if(bytesWritten == -1) + { + // IO Error in underlying BIO + + if(interrupted()) + { + break; + } + + if(wouldBlock()) + { + break; + } + + if(connectionLost()) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else if(bytesWritten > 0) + { + ProtocolException protocolEx(__FILE__, __LINE__); + + // Protocol Error: Unexpected EOF + protocolEx.message = "encountered an EOF that violates the ssl protocol\n"; + protocolEx.message += OpenSSL::sslGetErrors(); + + throw protocolEx; + } + else // bytesWritten == 0 + { + // Didn't write anything, continue, should be fine. + break; + } + } + + case SSL_ERROR_SSL: + { + ProtocolException protocolEx(__FILE__, __LINE__); + + protocolEx.message = "encountered a violation of the ssl protocol\n"; + protocolEx.message += OpenSSL::sslGetErrors(); + + throw protocolEx; + } + + case SSL_ERROR_ZERO_RETURN: + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + } + } } int -IceSSL::OpenSSL::ClientConnection::handshake(int timeout) +IceSSL::SslClientTransceiver::handshake(int timeout) { assert(_sslConnection != 0); @@ -169,9 +294,9 @@ IceSSL::OpenSSL::ClientConnection::handshake(int timeout) { CertificateVerificationException certVerEx(__FILE__, __LINE__); - certVerEx.message = getVerificationError(verifyError); + certVerEx.message = OpenSSL::getVerificationError(verifyError); - string errors = sslGetErrors(); + string errors = OpenSSL::sslGetErrors(); if(!errors.empty()) { @@ -186,7 +311,7 @@ IceSSL::OpenSSL::ClientConnection::handshake(int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx.message = "encountered a violation of the ssl protocol during handshake\n"; - protocolEx.message += sslGetErrors(); + protocolEx.message += OpenSSL::sslGetErrors(); throw protocolEx; } @@ -218,162 +343,17 @@ IceSSL::OpenSSL::ClientConnection::handshake(int timeout) return retCode; } -int -IceSSL::OpenSSL::ClientConnection::write(Buffer& buf, int timeout) -{ - int totalBytesWritten = 0; - int bytesWritten = 0; - - int packetSize = buf.b.end() - buf.i; - -#ifdef _WIN32 - // - // Limit packet size to avoid performance problems on WIN32. - // (blatantly ripped off from Marc Laukien) - // - if(packetSize > 64 * 1024) - { - packetSize = 64 * 1024; - } -#endif - - // We keep reading until we're done - while(buf.i != buf.b.end()) - { - // Ensure we're initialized. - if(initialize(timeout) <= 0) - { - // Retry the initialize call - continue; - } - - // initialize() must have returned > 0, so we're okay to try a write. - - // Perform a select on the socket. - if(!writeSelect(timeout)) - { - // We're done here. - break; - } - - bytesWritten = sslWrite(static_cast<char*>(&*buf.i), packetSize); - - switch(getLastError()) - { - case SSL_ERROR_NONE: - { - if(bytesWritten > 0) - { - if(_traceLevels->network >= 3) - { - ostringstream s; - s << "sent " << bytesWritten << " of " << packetSize; - s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection)); - _logger->trace(_traceLevels->networkCat, s.str()); - } - - totalBytesWritten += bytesWritten; - - buf.i += bytesWritten; - - if(packetSize > buf.b.end() - buf.i) - { - packetSize = buf.b.end() - buf.i; - } - } - continue; - } - - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_X509_LOOKUP: - { - // Perform another read. The read should take care of this. - continue; - } - - case SSL_ERROR_SYSCALL: - { - // NOTE: The OpenSSL demo client only raises and error condition if there were - // actually bytes written. This is considered to be an error status - // requiring shutdown. - // If nothing was written, the demo client stops writing - we continue. - // This is potentially something wierd to watch out for. - if(bytesWritten == -1) - { - // IO Error in underlying BIO - - if(interrupted()) - { - break; - } - - if(wouldBlock()) - { - break; - } - - if(connectionLost()) - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - - SocketException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - else if(bytesWritten > 0) - { - ProtocolException protocolEx(__FILE__, __LINE__); - - // Protocol Error: Unexpected EOF - protocolEx.message = "encountered an EOF that violates the ssl protocol\n"; - protocolEx.message += sslGetErrors(); - - throw protocolEx; - } - else // bytesWritten == 0 - { - // Didn't write anything, continue, should be fine. - break; - } - } - - case SSL_ERROR_SSL: - { - ProtocolException protocolEx(__FILE__, __LINE__); - - protocolEx.message = "encountered a violation of the ssl protocol\n"; - protocolEx.message += sslGetErrors(); - - throw protocolEx; - } - - case SSL_ERROR_ZERO_RETURN: - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - } - } - - return totalBytesWritten; -} - // // Protected Methods // void -IceSSL::OpenSSL::ClientConnection::showConnectionInfo() +IceSSL::SslClientTransceiver::showConnectionInfo() { // Only in extreme cases do we enable this, partially because it doesn't use the Logger. - if((_traceLevels->security >= IceSSL::SECURITY_PROTOCOL_DEBUG) && 0) + if((_traceLevels->security >= SECURITY_PROTOCOL_DEBUG) && 0) { - BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE)); + OpenSSL::BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE)); BIO* bio = bioJanitor.get(); showCertificateChain(bio); @@ -391,3 +371,23 @@ IceSSL::OpenSSL::ClientConnection::showConnectionInfo() showSessionInfo(bio); } } + +// +// Private Methods +// + +// Note: I would use a using directive of the form: +// using IceSSL::CertificateVerifierPtr; +// but unfortunately, it appears that this is not properly picked up. +// + +IceSSL::SslClientTransceiver::SslClientTransceiver(const PluginBaseIPtr& plugin, + SOCKET fd, + const OpenSSL::CertificateVerifierPtr& certVerifier, + SSL* sslConnection) : + SslTransceiver(plugin, fd, certVerifier, sslConnection) +{ + // Set the Connect Connection state for this connection. + SSL_set_connect_state(_sslConnection); +} + diff --git a/cpp/src/IceSSL/SslClientTransceiver.h b/cpp/src/IceSSL/SslClientTransceiver.h new file mode 100644 index 00000000000..dba84a9231b --- /dev/null +++ b/cpp/src/IceSSL/SslClientTransceiver.h @@ -0,0 +1,39 @@ +// ********************************************************************** +// +// Copyright (c) 2002 +// Mutable Realms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CLIENT_TRANSCEIVER_H +#define ICE_SSL_CLIENT_TRANSCEIVER_H + +#include <Ice/LoggerF.h> +#include <IceSSL/SslTransceiver.h> +#include <IceSSL/ContextOpenSSLClient.h> +#include <IceSSL/PluginBaseIF.h> +#include <IceSSL/TraceLevelsF.h> + +namespace IceSSL +{ + +class ClientContext; + +class SslClientTransceiver : public SslTransceiver +{ +public: + virtual int handshake(int timeout = 0); + virtual void write(IceInternal::Buffer&, int); + +protected: + virtual void showConnectionInfo(); + SslClientTransceiver(const PluginBaseIPtr&, SOCKET, const OpenSSL::CertificateVerifierPtr&, SSL*); + friend class ClientContext; +}; + +} + +#endif diff --git a/cpp/src/IceSSL/SslConnection.cpp b/cpp/src/IceSSL/SslConnection.cpp deleted file mode 100644 index 1cf3d8dee37..00000000000 --- a/cpp/src/IceSSL/SslConnection.cpp +++ /dev/null @@ -1,28 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#include <IceSSL/SslConnection.h> - -void ::IceInternal::incRef(::IceSSL::Connection* p) { p->__incRef(); } -void ::IceInternal::decRef(::IceSSL::Connection* p) { p->__decRef(); } - -IceSSL::Connection::Connection(const TraceLevelsPtr& traceLevels, - const Ice::LoggerPtr& logger, - const CertificateVerifierPtr& certificateVerifier) : - _traceLevels(traceLevels), - _logger(logger), - _certificateVerifier(certificateVerifier) -{ -} - -IceSSL::Connection::~Connection() -{ -} - diff --git a/cpp/src/IceSSL/SslConnection.h b/cpp/src/IceSSL/SslConnection.h deleted file mode 100644 index b0aea426a6c..00000000000 --- a/cpp/src/IceSSL/SslConnection.h +++ /dev/null @@ -1,46 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#ifndef ICE_SSL_CONNECTION_H -#define ICE_SSL_CONNECTION_H - -#include <Ice/Buffer.h> -#include <Ice/LoggerF.h> -#include <IceSSL/SslConnectionF.h> -#include <IceSSL/TraceLevelsF.h> -#include <IceSSL/CertificateVerifierF.h> - -namespace IceSSL -{ - -class Connection : public IceUtil::Shared -{ -public: - - Connection(const TraceLevelsPtr&, - const Ice::LoggerPtr&, - const CertificateVerifierPtr&); - virtual ~Connection(); - - virtual int shutdown(int timeout = 0) = 0; - - virtual int read(IceInternal::Buffer&, int) = 0; - virtual int write(IceInternal::Buffer&, int) = 0; - -protected: - - TraceLevelsPtr _traceLevels; - Ice::LoggerPtr _logger; - CertificateVerifierPtr _certificateVerifier; -}; - -} - -#endif diff --git a/cpp/src/IceSSL/SslConnectionOpenSSL.cpp b/cpp/src/IceSSL/SslConnectionOpenSSL.cpp deleted file mode 100644 index 32de83aa15a..00000000000 --- a/cpp/src/IceSSL/SslConnectionOpenSSL.cpp +++ /dev/null @@ -1,889 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#include <Ice/Network.h> -#include <Ice/Logger.h> -#include <Ice/LocalException.h> - -#include <IceSSL/OpenSSL.h> -#include <IceSSL/Exception.h> -#include <IceSSL/SslConnection.h> -#include <IceSSL/SslConnectionOpenSSL.h> -#include <IceSSL/OpenSSLPluginI.h> -#include <IceSSL/CertificateVerifierOpenSSL.h> -#include <IceSSL/OpenSSLUtils.h> -#include <IceSSL/TraceLevels.h> - -#include <openssl/err.h> - -#include <sstream> - -using namespace std; -using namespace Ice; -using namespace IceInternal; - -//////////////////////////////// -////////// Connection ////////// -//////////////////////////////// - -// -// Static Member Initialization -// -IceSSL::OpenSSL::SslConnectionMap IceSSL::OpenSSL::Connection::_connectionMap; -IceUtil::Mutex IceSSL::OpenSSL::Connection::_connectionRepositoryMutex; - -// -// Public Methods -// - -void IceInternal::incRef(IceSSL::OpenSSL::Connection* p) { p->__incRef(); } -void IceInternal::decRef(IceSSL::OpenSSL::Connection* p) { p->__decRef(); } - -// Note: I would use a using directive of the form: -// using IceSSL::CertificateVerifierPtr; -// but unfortunately, it appears that this is not properly picked up. -// - -IceSSL::OpenSSL::Connection::Connection(const IceSSL::CertificateVerifierPtr& certificateVerifier, - SSL* sslConnection, - const PluginBaseIPtr& plugin) : - IceSSL::Connection(plugin->getTraceLevels(), plugin->getLogger(), certificateVerifier), - _sslConnection(sslConnection) -{ - assert(_sslConnection != 0); - assert(system != 0); - - SSL_set_ex_data(sslConnection, 0, static_cast<void*>(plugin.get())); - - // We always start off in a Handshake - _phase = Handshake; - - _lastError = SSL_ERROR_NONE; - - _initWantRead = 0; - _initWantWrite = 0; - - // None configured, default to indicated timeout - _handshakeReadTimeout = 0; - - // Set up the SSL to be able to refer back to our connection object. - addConnection(_sslConnection, this); -} - -IceSSL::OpenSSL::Connection::~Connection() -{ - if(_sslConnection != 0) - { - removeConnection(_sslConnection); - SSL_set_ex_data(_sslConnection, 0, 0); - SSL_free(_sslConnection); - _sslConnection = 0; - } -} - -int -IceSSL::OpenSSL::Connection::shutdown(int timeout) -{ - if(_sslConnection == 0) - { - return 1; - } - - int retCode = 0; - - if(_initWantWrite) - { - int i = writeSelect(timeout); - - if(i == 0) - { - return 0; - } - - _initWantWrite = 0; - } - else if(_initWantRead) - { - int i = readSelect(timeout); - - if(i == 0) - { - return 0; - } - - _initWantRead = 0; - } - - ERR_clear_error(); - - retCode = SSL_shutdown(_sslConnection); - - if(retCode == 1) - { - // Shutdown successful - shut down the socket for writing. - ::shutdown(SSL_get_fd(_sslConnection), SHUT_WR); - } - else if(retCode == -1) - { - setLastError(retCode); - - // Shutdown failed due to an error. - - switch(getLastError()) - { - case SSL_ERROR_WANT_WRITE: - { - _initWantWrite = 1; - retCode = 0; - break; - } - - case SSL_ERROR_WANT_READ: - { - _initWantRead = 1; - retCode = 0; - break; - } - - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_X509_LOOKUP: - { - // Ignore - retCode = 0; - break; - } - - case SSL_ERROR_SYSCALL: - { - // - // Some error with the underlying transport. - // - - if(interrupted()) - { - retCode = 0; - break; - } - - if(wouldBlock()) - { - readSelect(timeout); - retCode = 0; - break; - } - - if(connectionLost()) - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - - // - // Non-specific socket problem. - // - SocketException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - - case SSL_ERROR_SSL: - { - // - // Error in the SSL library, usually a Protocol error. - // - - ProtocolException protocolEx(__FILE__, __LINE__); - - protocolEx.message = "encountered a violation of the ssl protocol during shutdown\n"; - protocolEx.message += sslGetErrors(); - - throw protocolEx; - } - - case SSL_ERROR_ZERO_RETURN: - { - // - // Indicates that the SSL connection has been closed. For SSLv3.0 - // and TLSv1.0, it indicates that a closure alert was received, - // and thus the connection has been closed cleanly. - // - - CloseConnectionException ex(__FILE__, __LINE__); - throw ex; - } - } - } - - return retCode; -} - -void -IceSSL::OpenSSL::Connection::setHandshakeReadTimeout(int timeout) -{ - _handshakeReadTimeout = timeout; -} - -IceSSL::OpenSSL::ConnectionPtr -IceSSL::OpenSSL::Connection::getConnection(SSL* sslPtr) -{ - IceUtil::Mutex::Lock sync(_connectionRepositoryMutex); - - assert(sslPtr); - - Connection* connection = _connectionMap[sslPtr]; - - assert(connection); - - return ConnectionPtr(connection); -} - -// -// Note: Do not throw exceptions from verifyCertificate - it would rip through the OpenSSL system, -// interfering with the usual handling and alert system of the handshake. Exceptions should -// be caught here (if they can be generated), logged and then a fail return code (0) should -// returned. -// -int -IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext) -{ - // Should NEVER be able to happen. - assert(_certificateVerifier.get() != 0); - - // Get the verifier, make sure it is for OpenSSL connections - IceSSL::OpenSSL::CertificateVerifierPtr verifier; - verifier = dynamic_cast<IceSSL::OpenSSL::CertificateVerifier*>(_certificateVerifier.get()); - - // Check to make sure we have a proper verifier for the operation. - if(verifier) - { - // Use the verifier to verify the certificate - try - { - preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection); - } - catch(const Ice::LocalException& localEx) - { - if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) - { - ostringstream s; - - s << "WRN exception during certificate verification: " << std::endl; - s << localEx << flush; - - _logger->trace(_traceLevels->securityCat, s.str()); - } - - preVerifyOkay = 0; - } - } - else - { - // Note: This code should NEVER be able to be reached, as we check each - // CertificateVerifier as it is added to the System. - - if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) - { - string errorString; - - if(_certificateVerifier.get()) - { - errorString = "WRN improper CertificateVerifier type"; - } - else - { - // NOTE: This should NEVER be able to happen, but just in case. - errorString = "WRN CertificateVerifier not set"; - } - - _logger->trace(_traceLevels->securityCat, errorString); - } - } - - return preVerifyOkay; -} - -// -// Protected Methods -// - -int -IceSSL::OpenSSL::Connection::connect() -{ - assert(_sslConnection != 0); - - ERR_clear_error(); - int result = SSL_connect(_sslConnection); - - setLastError(result); - - return result; -} - -int -IceSSL::OpenSSL::Connection::accept() -{ - assert(_sslConnection != 0); - - ERR_clear_error(); - int result = SSL_accept(_sslConnection); - - setLastError(result); - - return result; -} - -// NOTE: Currently not used, maybe later. -int -IceSSL::OpenSSL::Connection::renegotiate() -{ - assert(_sslConnection != 0); - return SSL_renegotiate(_sslConnection); -} - -int -IceSSL::OpenSSL::Connection::initialize(int timeout) -{ - int retCode = 0; - - while(true) - { - // One lucky thread will get the honor of carrying out the hanshake, - // if there is one to perform. The HandshakeSentinel effectively - // establishes a first-come, first-serve policy. One thread will own - // the handshake, and the others will either return rejected to the - // caller (who will figure out what to do with them) OR wait until - // our lead thread is done. Then, the shuffle begins again. - // Eventually, all threads will filter through. - - HandshakeSentinel handshakeSentinel(_handshakeFlag); - - if(!handshakeSentinel.ownHandshake()) - { - if(timeout >= 0) - { - // We should return immediately here - do not block, - // leave it to the caller to figure this out. - retCode = -1; - break; - } - else - { - // We will wait here - blocking IO is being used. - IceUtil::Mutex::Lock sync(_handshakeWaitMutex); - } - } - else - { - // Perform our init(), then leave. - IceUtil::Mutex::Lock sync(_handshakeWaitMutex); - - // Here we 'take the ball and run with it' for as long as we can - // get away with it. As long as we don't encounter some error - // status (or completion), this thread continues to service the - // initialize() call. - while(retCode == 0) - { - switch(_phase) - { - case Handshake : - { - retCode = handshake(timeout); - break; - } - - case Shutdown : - { - retCode = shutdown(timeout); - break; - } - - case Connected : - { - retCode = SSL_is_init_finished(_sslConnection); - - if(!retCode) - { - // In this case, we are essentially renegotiating - // the connection at the behest of the peer. - _phase = Handshake; - continue; - } - - // Done here. - return retCode; - } - } - } - - break; - } - } - - return retCode; -} - -int -IceSSL::OpenSSL::Connection::pending() -{ - assert(_sslConnection != 0); - return SSL_pending(_sslConnection); -} - -int -IceSSL::OpenSSL::Connection::getLastError() const -{ - assert(_sslConnection != 0); - return SSL_get_error(_sslConnection, _lastError); -} - -int -IceSSL::OpenSSL::Connection::sslRead(char* buffer, int bufferSize) -{ - assert(_sslConnection != 0); - - ERR_clear_error(); - int bytesRead = SSL_read(_sslConnection, buffer, bufferSize); - - setLastError(bytesRead); - - return bytesRead; -} - -int -IceSSL::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize) -{ - assert(_sslConnection != 0); - - ERR_clear_error(); - int bytesWritten = SSL_write(_sslConnection, buffer, bufferSize); - - setLastError(bytesWritten); - - return bytesWritten; -} - -int -IceSSL::OpenSSL::Connection::select(int timeout, bool write) -{ - int ret; - - assert(_sslConnection != 0); - SOCKET fd = SSL_get_fd(_sslConnection); - - fd_set rwFdSet; - struct timeval tv; - - if(timeout >= 0) - { - tv.tv_sec = timeout / 1000; - tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000; - } - - do - { - FD_ZERO(&rwFdSet); - FD_SET(fd, &rwFdSet); - - if(timeout >= 0) - { - if(write) - { - ret = ::select(fd + 1, 0, &rwFdSet, 0, &tv); - } - else - { - ret = ::select(fd + 1, &rwFdSet, 0, 0, &tv); - } - } - else - { - if(write) - { - ret = ::select(fd + 1, 0, &rwFdSet, 0, 0); - } - else - { - ret = ::select(fd + 1, &rwFdSet, 0, 0, 0); - } - } - } - while(ret == SOCKET_ERROR && interrupted()); - - if(ret == SOCKET_ERROR) - { - SocketException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - - if(ret == 0) - { - throw TimeoutException(__FILE__, __LINE__); - } - - return FD_ISSET(fd, &rwFdSet); -} - -int -IceSSL::OpenSSL::Connection::readSelect(int timeout) -{ - return select(timeout, false); -} - -int -IceSSL::OpenSSL::Connection::writeSelect(int timeout) -{ - return select(timeout, true); -} - -int -IceSSL::OpenSSL::Connection::read(Buffer& buf, int timeout) -{ - int packetSize = buf.b.end() - buf.i; - int totalBytesRead = 0; - int bytesRead; - - int initReturn = 0; - - // We keep reading until we're done. - while(buf.i != buf.b.end()) - { - // Ensure we're initialized. - initReturn = initialize(timeout); - - if(initReturn == -1) - { - // Handshake underway, timeout immediately, easy way to deal with this. - throw TimeoutException(__FILE__, __LINE__); - } - - if(initReturn == 0) - { - // Retry the initialize call - continue; - } - - // initReturn must be > 0, so we're okay to try a read - - if(!pending() && !readSelect(_readTimeout)) - { - // Nothing is left to read (according to SSL). - if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL) - { - _logger->trace(_traceLevels->securityCat, "no pending application-level bytes"); - } - - // We're done here. - break; - } - - _readTimeout = timeout; - - bytesRead = sslRead(static_cast<char*>(&*buf.i), packetSize); - - switch(getLastError()) - { - case SSL_ERROR_NONE: - { - if(bytesRead > 0) - { - if(_traceLevels->network >= 3) - { - ostringstream s; - s << "received " << bytesRead << " of " << packetSize; - s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection)); - _logger->trace(_traceLevels->networkCat, s.str()); - } - - totalBytesRead += bytesRead; - - buf.i += bytesRead; - - if(packetSize > buf.b.end() - buf.i) - { - packetSize = buf.b.end() - buf.i; - } - } - continue; - } - - case SSL_ERROR_WANT_READ: - { - if(!readSelect(timeout)) - { - // Timeout and wait for them to arrive. - throw TimeoutException(__FILE__, __LINE__); - } - continue; - } - - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_X509_LOOKUP: - { - // Perform another read. The read should take care of this. - continue; - } - - case SSL_ERROR_SYSCALL: - { - if(bytesRead == -1) - { - // IO Error in underlying BIO - - if(interrupted()) - { - break; - } - - if(wouldBlock()) - { - break; - } - - if(connectionLost()) - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - - SocketException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - else // (bytesRead == 0) - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = 0; - throw ex; - } - } - - case SSL_ERROR_SSL: - { - ProtocolException protocolEx(__FILE__, __LINE__); - - protocolEx.message = "encountered a violation of the ssl protocol\n"; - protocolEx.message += sslGetErrors(); - - throw protocolEx; - } - - case SSL_ERROR_ZERO_RETURN: - { - // Indicates that that the SSL Connection has been closed. - // But does not necessarily indicate that the underlying transport - // has been closed (in the case of Ice, it definitely hasn't yet). - - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - } - } - - return totalBytesRead; -} - -void -IceSSL::OpenSSL::Connection::addConnection(SSL* sslPtr, Connection* connection) -{ - assert(sslPtr); - assert(connection); - IceUtil::Mutex::Lock sync(_connectionRepositoryMutex); - _connectionMap[sslPtr] = connection; -} - -void -IceSSL::OpenSSL::Connection::removeConnection(SSL* sslPtr) -{ - assert(sslPtr); - IceUtil::Mutex::Lock sync(_connectionRepositoryMutex); - _connectionMap.erase(sslPtr); -} - -void -IceSSL::OpenSSL::Connection::showCertificateChain(BIO* bio) -{ - assert(_sslConnection != 0); - assert(bio != 0); - - STACK_OF(X509)* sk; - - // Big nasty buffer - char buffer[4096]; - - if((sk = SSL_get_peer_cert_chain(_sslConnection)) != 0) - { - BIO_printf(bio,"---\nCertificate chain\n"); - - for(int i = 0; i < sk_X509_num(sk); i++) - { - X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk,i)), buffer, sizeof(buffer)); - BIO_printf(bio, "%2d s:%s\n", i, buffer); - - X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk,i)), buffer, sizeof(buffer)); - BIO_printf(bio, " i:%s\n", buffer); - - PEM_write_bio_X509(bio, sk_X509_value(sk, i)); - } - } - else - { - BIO_printf(bio, "---\nNo peer certificate chain available.\n"); - } -} - -void -IceSSL::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType) -{ - assert(_sslConnection != 0); - assert(bio != 0); - - X509* peerCert = 0; - char buffer[4096]; - - if((peerCert = SSL_get_peer_certificate(_sslConnection)) != 0) - { - BIO_printf(bio, "%s Certificate\n", connType); - PEM_write_bio_X509(bio, peerCert); - - X509_NAME_oneline(X509_get_subject_name(peerCert), buffer, sizeof(buffer)); - BIO_printf(bio, "subject=%s\n", buffer); - - X509_NAME_oneline(X509_get_issuer_name(peerCert), buffer, sizeof(buffer)); - BIO_printf(bio, "issuer=%s\n", buffer); - - EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(peerCert); - BIO_printf(bio,"%s public key is %d bit\n", connType, EVP_PKEY_bits(pktmp)); - EVP_PKEY_free(pktmp); - - X509_free(peerCert); - } - else - { - BIO_printf(bio, "No %s certificate available.\n", connType); - } -} - -void -IceSSL::OpenSSL::Connection::showSharedCiphers(BIO* bio) -{ - assert(_sslConnection != 0); - assert(bio != 0); - - char buffer[4096]; - char* strPointer = 0; - - if((strPointer = SSL_get_shared_ciphers(_sslConnection, buffer, sizeof(buffer))) != 0) - { - // This works only for SSL 2. In later protocol versions, the client does not know - // what other ciphers (in addition to the one to be used in the current connection) - // the server supports. - - BIO_printf(bio, "---\nShared Ciphers:\n"); - - int j = 0; - int i = 0; - - while(*strPointer) - { - if(*strPointer == ':') - { - BIO_write(bio, " ", (15-j%25)); - i++; - j=0; - BIO_write(bio, ((i%3)?" ":"\n"), 1); - } - else - { - BIO_write(bio, strPointer, 1); - j++; - } - - strPointer++; - } - - BIO_write(bio,"\n",1); - } -} - -void -IceSSL::OpenSSL::Connection::showSessionInfo(BIO* bio) -{ - assert(_sslConnection != 0); - assert(bio != 0); - - if(_sslConnection->hit) - { - BIO_printf(bio, "Reused session-id\n"); - } - - PEM_write_bio_SSL_SESSION(bio, SSL_get_session(_sslConnection)); -} - -void -IceSSL::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio) -{ - assert(_sslConnection != 0); - assert(bio != 0); - - const char* str; - SSL_CIPHER* cipher; - - // Show the cipher that was finally selected. - cipher = SSL_get_current_cipher(_sslConnection); - - str = SSL_CIPHER_get_name(cipher); - BIO_printf(bio, "Cipher Version: %s\n", ((str != 0) ? str : "(NONE)")); - - str = SSL_CIPHER_get_version(cipher); - BIO_printf(bio, "Cipher Name: %s\n", ((str != 0) ? str : "(NONE)")); -} - -void -IceSSL::OpenSSL::Connection::showHandshakeStats(BIO* bio) -{ - assert(_sslConnection != 0); - assert(bio != 0); - - BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n", - BIO_number_read(SSL_get_rbio(_sslConnection)), - BIO_number_written(SSL_get_wbio(_sslConnection))); -} - -void -IceSSL::OpenSSL::Connection::showClientCAList(BIO* bio, const char* connType) -{ - assert(_sslConnection != 0); - assert(bio != 0); - assert(connType != 0); - - char buffer[4096]; - STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection); - - if((sk != 0) && (sk_X509_NAME_num(sk) > 0)) - { - BIO_printf(bio,"---\nAcceptable %s certificate CA names\n", connType); - - for(int i = 0; i < sk_X509_NAME_num(sk); i++) - { - X509_NAME_oneline(sk_X509_NAME_value(sk, i), buffer, sizeof(buffer)); - BIO_write(bio, buffer, strlen(buffer)); - BIO_write(bio,"\n", 1); - } - } - else - { - BIO_printf(bio,"---\nNo %s certificate CA names sent\n", connType); - } -} diff --git a/cpp/src/IceSSL/SslConnectionOpenSSL.h b/cpp/src/IceSSL/SslConnectionOpenSSL.h deleted file mode 100644 index ba634711776..00000000000 --- a/cpp/src/IceSSL/SslConnectionOpenSSL.h +++ /dev/null @@ -1,206 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#ifndef ICE_SSL_CONNECTION_OPENSSL_H -#define ICE_SSL_CONNECTION_OPENSSL_H - -#include <IceUtil/Mutex.h> -#include <IceSSL/SslConnection.h> -#include <IceSSL/PluginBaseIF.h> -#include <IceSSL/SslConnectionOpenSSLF.h> -#include <IceSSL/CertificateVerifierOpenSSL.h> -#include <IceSSL/TraceLevelsF.h> - -#include <openssl/ssl.h> - -#include <map> - -namespace IceSSL -{ - -namespace OpenSSL -{ - -class SafeFlag -{ -public: - - SafeFlag(bool flagVal = false) - { - _flag = flagVal; - } - - ~SafeFlag() - { - } - - bool checkAndSet() - { - IceUtil::Mutex::Lock sync(_mutex); - - if(_flag) - { - return false; - } - else - { - _flag = true; - return true; - } - } - - bool check() - { - IceUtil::Mutex::Lock sync(_mutex); - return _flag; - } - - void set() - { - IceUtil::Mutex::Lock sync(_mutex); - _flag = true; - } - - void unset() - { - IceUtil::Mutex::Lock sync(_mutex); - _flag = false; - } - -private: - - IceUtil::Mutex _mutex; - bool _flag; -}; - -class HandshakeSentinel -{ -public: - - HandshakeSentinel(SafeFlag& handshakeFlag) : - _flag(handshakeFlag) - { - _ownHandshake = _flag.checkAndSet(); - } - - ~HandshakeSentinel() - { - if(_ownHandshake) - { - _flag.unset(); - } - } - - bool ownHandshake() - { - return _ownHandshake; - } - -private: - - bool _ownHandshake; - SafeFlag& _flag; -}; - -// NOTE: This is a mapping from SSL* to Connection*, for use with the verifyCallback. -// I have purposely not used ConnectionPtr here, as connections register themselves -// with this map on construction and unregister themselves in the destructor. If -// this map used ConnectionPtr, Connection instances would never destruct as there -// would always be a reference to them from the map. -typedef std::map<SSL*, Connection*> SslConnectionMap; - -typedef enum -{ - Handshake, // The connection is negotiating a connection with the peer. - Shutdown, // The connection is in the process of shutting down. - Connected // The connection is connected - communication may continue. -} ConnectPhase; - -class Connection : public IceSSL::Connection -{ -public: - - Connection(const IceSSL::CertificateVerifierPtr&, - SSL*, - const IceSSL::PluginBaseIPtr&); - virtual ~Connection(); - - virtual int shutdown(int timeout = 0); - - virtual int read(IceInternal::Buffer&, int); - virtual int write(IceInternal::Buffer&, int) = 0; - - virtual int handshake(int timeout = 0) = 0; - - void setHandshakeReadTimeout(int timeout); - - static ConnectionPtr getConnection(SSL*); - - // Callback from OpenSSL for purposes of certificate verification - int verifyCertificate(int, X509_STORE_CTX*); - -protected: - - int connect(); - int accept(); - int renegotiate(); - int initialize(int timeout); - - int pending(); - int getLastError() const; - - int sslRead(char*, int); - int sslWrite(char*, int); - - int select(int, bool); - int readSelect(int); - int writeSelect(int); - - int readSSL(IceInternal::Buffer&, int); - - static void addConnection(SSL*, Connection*); - static void removeConnection(SSL*); - - virtual void showConnectionInfo() = 0; - - void showCertificateChain(BIO*); - void showPeerCertificate(BIO*, const char*); - void showSharedCiphers(BIO*); - void showSessionInfo(BIO*); - void showSelectedCipherInfo(BIO*); - void showHandshakeStats(BIO*); - void showClientCAList(BIO*, const char*); - - void setLastError(int errorCode) { _lastError = errorCode; }; - - static SslConnectionMap _connectionMap; - static IceUtil::Mutex _connectionRepositoryMutex; - - // Pointer to the OpenSSL Connection structure. - SSL* _sslConnection; - - int _lastError; - - IceUtil::Mutex _handshakeWaitMutex; - - SafeFlag _handshakeFlag; - int _initWantRead; - int _initWantWrite; - int _handshakeReadTimeout; - int _readTimeout; - - ConnectPhase _phase; -}; - -} - -} - -#endif diff --git a/cpp/src/IceSSL/SslConnectionOpenSSLClient.h b/cpp/src/IceSSL/SslConnectionOpenSSLClient.h deleted file mode 100644 index f4c65e8630e..00000000000 --- a/cpp/src/IceSSL/SslConnectionOpenSSLClient.h +++ /dev/null @@ -1,44 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#ifndef ICE_SSL_CONNECTION_OPENSSL_CLIENT_H -#define ICE_SSL_CONNECTION_OPENSSL_CLIENT_H - -#include <IceSSL/SslConnectionOpenSSL.h> - -namespace IceSSL -{ - -namespace OpenSSL -{ - -class ClientConnection : public Connection -{ -public: - - ClientConnection(const IceSSL::CertificateVerifierPtr&, - SSL*, - const IceSSL::PluginBaseIPtr&); - virtual ~ClientConnection(); - - virtual int handshake(int timeout = 0); - - virtual int write(IceInternal::Buffer&, int); - -protected: - - virtual void showConnectionInfo(); -}; - -} - -} - -#endif diff --git a/cpp/src/IceSSL/SslConnectionOpenSSLF.h b/cpp/src/IceSSL/SslConnectionOpenSSLF.h deleted file mode 100644 index 8edbd05df6c..00000000000 --- a/cpp/src/IceSSL/SslConnectionOpenSSLF.h +++ /dev/null @@ -1,37 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2002 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#ifndef ICE_SSL_CONNECTION_OPENSSL_F_H -#define ICE_SSL_CONNECTION_OPENSSL_F_H - -#include <Ice/Handle.h> - -namespace IceSSL -{ - -namespace OpenSSL -{ - -class Connection; -typedef IceInternal::Handle<Connection> ConnectionPtr; - -} - -} - -namespace IceInternal -{ - -void incRef(::IceSSL::OpenSSL::Connection*); -void decRef(::IceSSL::OpenSSL::Connection*); - -} - -#endif diff --git a/cpp/src/IceSSL/SslConnectionOpenSSLServer.h b/cpp/src/IceSSL/SslConnectionOpenSSLServer.h deleted file mode 100644 index e3318fc0892..00000000000 --- a/cpp/src/IceSSL/SslConnectionOpenSSLServer.h +++ /dev/null @@ -1,44 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// Mutable Realms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** - -#ifndef ICE_SSL_CONNECTION_OPENSSL_SERVER_H -#define ICE_SSL_CONNECTION_OPENSSL_SERVER_H - -#include <IceSSL/SslConnectionOpenSSL.h> - -namespace IceSSL -{ - -namespace OpenSSL -{ - -class ServerConnection : public Connection -{ -public: - - ServerConnection(const IceSSL::CertificateVerifierPtr&, - SSL*, - const IceSSL::PluginBaseIPtr&); - virtual ~ServerConnection(); - - virtual int handshake(int timeout = 0); - - virtual int write(IceInternal::Buffer&, int); - -protected: - - virtual void showConnectionInfo(); -}; - -} - -} - -#endif diff --git a/cpp/src/IceSSL/SslConnector.cpp b/cpp/src/IceSSL/SslConnector.cpp index 89dac540516..65d010af218 100644 --- a/cpp/src/IceSSL/SslConnector.cpp +++ b/cpp/src/IceSSL/SslConnector.cpp @@ -44,8 +44,7 @@ IceSSL::SslConnector::connect(int timeout) logger->trace(traceLevels->networkCat, s.str()); } - IceSSL::ConnectionPtr connection = _plugin->createConnection(IceSSL::Client, fd); - return new SslTransceiver(_plugin, fd, connection); + return _plugin->createTransceiver(IceSSL::Client, fd); } string diff --git a/cpp/src/IceSSL/SslConnectionOpenSSLServer.cpp b/cpp/src/IceSSL/SslServerTransceiver.cpp index 5548ee82bcc..4732c59bad9 100644 --- a/cpp/src/IceSSL/SslConnectionOpenSSLServer.cpp +++ b/cpp/src/IceSSL/SslServerTransceiver.cpp @@ -8,15 +8,19 @@ // // ********************************************************************** -#include <Ice/Network.h> #include <Ice/Logger.h> +#include <Ice/LoggerUtil.h> +#include <Ice/Buffer.h> +#include <Ice/Network.h> +#include <IceSSL/OpenSSL.h> +#include <IceSSL/PluginBaseI.h> +#include <IceSSL/TraceLevels.h> + #include <Ice/LocalException.h> #include <IceSSL/OpenSSLUtils.h> -#include <IceSSL/OpenSSL.h> #include <IceSSL/Exception.h> #include <IceSSL/OpenSSLJanitors.h> -#include <IceSSL/SslConnectionOpenSSLServer.h> -#include <IceSSL/TraceLevels.h> +#include <IceSSL/SslServerTransceiver.h> #include <sstream> @@ -24,36 +28,142 @@ using namespace std; using namespace Ice; using namespace IceInternal; -////////////////////////////////////// -////////// ServerConnection ////////// -////////////////////////////////////// - // // Public Methods // -// Note: I would use a using directive of the form: -// using IceSSL::CertificateVerifierPtr; -// but unfortunately, it appears that this is not properly picked up. -// - -IceSSL::OpenSSL::ServerConnection::ServerConnection(const IceSSL::CertificateVerifierPtr& certificateVerifier, - SSL* connection, - const PluginBaseIPtr& plugin) : - Connection(certificateVerifier, connection, plugin) +void +IceSSL::SslServerTransceiver::write(Buffer& buf, int timeout) { - assert(_sslConnection != 0); + assert(_fd != INVALID_SOCKET); - // Set the Accept Connection state for this connection. - SSL_set_accept_state(_sslConnection); -} + int totalBytesWritten = 0; + int bytesWritten = 0; -IceSSL::OpenSSL::ServerConnection::~ServerConnection() -{ + int packetSize = buf.b.end() - buf.i; + +#ifdef _WIN32 + // + // Limit packet size to avoid performance problems on WIN32. + // + if(packetSize > 64 * 1024) + { + packetSize = 64 * 1024; + } +#endif + + // We keep writing until we're done. + while(buf.i != buf.b.end()) + { + // Ensure we're initialized. + if(initialize(timeout) <= 0) + { + // Retry the initialize call + continue; + } + + // initialize() must have returned > 0, so we're okay to try a write. + + // Perform a select on the socket. + if(!writeSelect(timeout)) + { + // We're done here. + break; + } + + bytesWritten = sslWrite(static_cast<char*>(&*buf.i), packetSize); + + switch(getLastError()) + { + case SSL_ERROR_NONE: + { + if(_traceLevels->network >= 3) + { + ostringstream s; + s << "sent " << bytesWritten << " of " << packetSize; + s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection)); + _logger->trace(_traceLevels->networkCat, s.str()); + } + + totalBytesWritten += bytesWritten; + + buf.i += bytesWritten; + + if(packetSize > buf.b.end() - buf.i) + { + packetSize = buf.b.end() - buf.i; + } + continue; + } + + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: + { + continue; + } + + case SSL_ERROR_SYSCALL: + { + if(bytesWritten == -1) + { + // IO Error in underlying BIO + + if(interrupted()) + { + break; + } + + if(wouldBlock()) + { + break; + } + + if(connectionLost()) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else + { + ProtocolException protocolEx(__FILE__, __LINE__); + + // Protocol Error: Unexpected EOF. + protocolEx.message = "encountered an EOF that violates the ssl protocol\n"; + protocolEx.message += IceSSL::OpenSSL::sslGetErrors(); + + throw protocolEx; + } + } + + case SSL_ERROR_SSL: + { + ProtocolException protocolEx(__FILE__, __LINE__); + + protocolEx.message = "encountered a violation of the ssl protocol\n"; + protocolEx.message += IceSSL::OpenSSL::sslGetErrors(); + + throw protocolEx; + } + + case SSL_ERROR_ZERO_RETURN: + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + } + } } int -IceSSL::OpenSSL::ServerConnection::handshake(int timeout) +IceSSL::SslServerTransceiver::handshake(int timeout) { assert(_sslConnection != 0); @@ -108,7 +218,7 @@ IceSSL::OpenSSL::ServerConnection::handshake(int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx.message = "encountered an ssl protocol violation during handshake\n"; - protocolEx.message += sslGetErrors(); + protocolEx.message += IceSSL::OpenSSL::sslGetErrors(); throw protocolEx; } @@ -171,7 +281,7 @@ IceSSL::OpenSSL::ServerConnection::handshake(int timeout) // Protocol Error: Unexpected EOF protocolEx.message = "encountered an eof during handshake that violates the ssl protocol\n"; - protocolEx.message += sslGetErrors(); + protocolEx.message += IceSSL::OpenSSL::sslGetErrors(); throw protocolEx; } @@ -182,7 +292,7 @@ IceSSL::OpenSSL::ServerConnection::handshake(int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx.message = "encountered a violation of the ssl protocol during handshake\n"; - protocolEx.message += sslGetErrors(); + protocolEx.message += IceSSL::OpenSSL::sslGetErrors(); throw protocolEx; } @@ -209,147 +319,17 @@ IceSSL::OpenSSL::ServerConnection::handshake(int timeout) return retCode; } -int -IceSSL::OpenSSL::ServerConnection::write(Buffer& buf, int timeout) -{ - int totalBytesWritten = 0; - int bytesWritten = 0; - - int packetSize = buf.b.end() - buf.i; - -#ifdef _WIN32 - // - // Limit packet size to avoid performance problems on WIN32. - // - if(packetSize > 64 * 1024) - { - packetSize = 64 * 1024; - } -#endif - - // We keep writing until we're done. - while(buf.i != buf.b.end()) - { - // Ensure we're initialized. - if(initialize(timeout) <= 0) - { - // Retry the initialize call - continue; - } - - // initialize() must have returned > 0, so we're okay to try a write. - - // Perform a select on the socket. - if(!writeSelect(timeout)) - { - // We're done here. - break; - } - - bytesWritten = sslWrite(static_cast<char*>(&*buf.i), packetSize); - - switch(getLastError()) - { - case SSL_ERROR_NONE: - { - if(_traceLevels->network >= 3) - { - ostringstream s; - s << "sent " << bytesWritten << " of " << packetSize; - s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection)); - _logger->trace(_traceLevels->networkCat, s.str()); - } - - totalBytesWritten += bytesWritten; - - buf.i += bytesWritten; - - if(packetSize > buf.b.end() - buf.i) - { - packetSize = buf.b.end() - buf.i; - } - continue; - } - - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_X509_LOOKUP: - { - continue; - } - - case SSL_ERROR_SYSCALL: - { - if(bytesWritten == -1) - { - // IO Error in underlying BIO - - if(interrupted()) - { - break; - } - - if(wouldBlock()) - { - break; - } - - if(connectionLost()) - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - - SocketException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - else - { - ProtocolException protocolEx(__FILE__, __LINE__); - - // Protocol Error: Unexpected EOF. - protocolEx.message = "encountered an EOF that violates the ssl protocol\n"; - protocolEx.message += sslGetErrors(); - - throw protocolEx; - } - } - - case SSL_ERROR_SSL: - { - ProtocolException protocolEx(__FILE__, __LINE__); - - protocolEx.message = "encountered a violation of the ssl protocol\n"; - protocolEx.message += sslGetErrors(); - - throw protocolEx; - } - - case SSL_ERROR_ZERO_RETURN: - { - ConnectionLostException ex(__FILE__, __LINE__); - ex.error = getSocketErrno(); - throw ex; - } - } - } - - return totalBytesWritten; -} - // // Protected Methods // void -IceSSL::OpenSSL::ServerConnection::showConnectionInfo() +IceSSL::SslServerTransceiver::showConnectionInfo() { // Only in extreme cases do we enable this, partially because it doesn't use the Logger. if((_traceLevels->security >= IceSSL::SECURITY_PROTOCOL_DEBUG) && 0) { - BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE)); + IceSSL::OpenSSL::BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE)); BIO* bio = bioJanitor.get(); showCertificateChain(bio); @@ -365,3 +345,20 @@ IceSSL::OpenSSL::ServerConnection::showConnectionInfo() showSessionInfo(bio); } } + +// Note: I would use a using directive of the form: +// using IceSSL::CertificateVerifierPtr; +// but unfortunately, it appears that this is not properly picked up. +// + +IceSSL::SslServerTransceiver::SslServerTransceiver(const PluginBaseIPtr& plugin, + SOCKET fd, + const IceSSL::OpenSSL::CertificateVerifierPtr& certVerifier, + SSL* sslConnection) : + SslTransceiver(plugin, fd, certVerifier, sslConnection) +{ + // Set the Accept Connection state for this connection. + SSL_set_accept_state(sslConnection); +} + + diff --git a/cpp/src/IceSSL/SslServerTransceiver.h b/cpp/src/IceSSL/SslServerTransceiver.h new file mode 100644 index 00000000000..b0e60b8f1e8 --- /dev/null +++ b/cpp/src/IceSSL/SslServerTransceiver.h @@ -0,0 +1,34 @@ +// ********************************************************************** +// +// Copyright (c) 2002 +// Mutable Realms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_SERVER_TRANSCEIVER_H +#define ICE_SSL_SERVER_TRANSCEIVER_H + +#include <IceSSL/SslTransceiver.h> + +namespace IceSSL +{ + +class SslServerTransceiver : public SslTransceiver +{ +public: + virtual int handshake(int timeout = 0); + virtual void write(IceInternal::Buffer&, int); + +protected: + virtual void showConnectionInfo(); + SslServerTransceiver(const PluginBaseIPtr&, SOCKET, const OpenSSL::CertificateVerifierPtr&, SSL*); + friend class ServerContext; +}; + +} + +#endif + diff --git a/cpp/src/IceSSL/SslTransceiver.cpp b/cpp/src/IceSSL/SslTransceiver.cpp index 00966041063..1b9d582f622 100644 --- a/cpp/src/IceSSL/SslTransceiver.cpp +++ b/cpp/src/IceSSL/SslTransceiver.cpp @@ -12,15 +12,37 @@ #include <Ice/Buffer.h> #include <Ice/Network.h> #include <IceSSL/OpenSSL.h> -#include <IceSSL/SslConnection.h> #include <IceSSL/SslTransceiver.h> #include <IceSSL/PluginBaseI.h> #include <IceSSL/TraceLevels.h> +// Added +#include <Ice/Logger.h> +#include <Ice/LocalException.h> + +#include <IceSSL/Exception.h> +#include <IceSSL/OpenSSLPluginI.h> +#include <IceSSL/CertificateVerifierOpenSSL.h> +#include <IceSSL/OpenSSLUtils.h> + +#include <openssl/err.h> + +#include <sstream> +// Added + using namespace std; using namespace Ice; using namespace IceInternal; -using IceSSL::ConnectionPtr; +using namespace IceSSL::OpenSSL; + +// +// Static Member Initialization +// +IceSSL::SslTransceiverMap IceSSL::SslTransceiver::_transceiverMap; +IceUtil::Mutex IceSSL::SslTransceiver::_transceiverRepositoryMutex; + +void ::IceInternal::incRef(::IceSSL::SslTransceiver* p) { p->__incRef(); } +void ::IceInternal::decRef(::IceSSL::SslTransceiver* p) { p->__decRef(); } SOCKET IceSSL::SslTransceiver::fd() @@ -45,7 +67,7 @@ IceSSL::SslTransceiver::close() int retries = -numRetries; do { - shutdown = _sslConnection->shutdown(); + shutdown = internalShutdown(); retries++; } while((shutdown == 0) && (retries < 0)); @@ -77,7 +99,7 @@ IceSSL::SslTransceiver::shutdown() int retries = -numRetries; do { - shutdown = _sslConnection->shutdown(); + shutdown = internalShutdown(); retries++; } while((shutdown == 0) && (retries < 0)); @@ -87,17 +109,154 @@ IceSSL::SslTransceiver::shutdown() } void -IceSSL::SslTransceiver::write(Buffer& buf, int timeout) -{ - assert(_fd != INVALID_SOCKET); - _sslConnection->write(buf, timeout); -} - -void IceSSL::SslTransceiver::read(Buffer& buf, int timeout) { assert(_fd != INVALID_SOCKET); - if(!_sslConnection->read(buf, timeout)) + + int packetSize = buf.b.end() - buf.i; + int totalBytesRead = 0; + int bytesRead; + + int initReturn = 0; + + // We keep reading until we're done. + while(buf.i != buf.b.end()) + { + // Ensure we're initialized. + initReturn = initialize(timeout); + + if(initReturn == -1) + { + // Handshake underway, timeout immediately, easy way to deal with this. + throw TimeoutException(__FILE__, __LINE__); + } + + if(initReturn == 0) + { + // Retry the initialize call + continue; + } + + // initReturn must be > 0, so we're okay to try a read + + if(!pending() && !readSelect(_readTimeout)) + { + // Nothing is left to read (according to SSL). + if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL) + { + _logger->trace(_traceLevels->securityCat, "no pending application-level bytes"); + } + + // We're done here. + break; + } + + _readTimeout = timeout; + + bytesRead = sslRead(static_cast<char*>(&*buf.i), packetSize); + + switch(getLastError()) + { + case SSL_ERROR_NONE: + { + if(bytesRead > 0) + { + if(_traceLevels->network >= 3) + { + ostringstream s; + s << "received " << bytesRead << " of " << packetSize; + s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection)); + _logger->trace(_traceLevels->networkCat, s.str()); + } + + totalBytesRead += bytesRead; + + buf.i += bytesRead; + + if(packetSize > buf.b.end() - buf.i) + { + packetSize = buf.b.end() - buf.i; + } + } + continue; + } + + case SSL_ERROR_WANT_READ: + { + if(!readSelect(timeout)) + { + // Timeout and wait for them to arrive. + throw TimeoutException(__FILE__, __LINE__); + } + continue; + } + + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Perform another read. The read should take care of this. + continue; + } + + case SSL_ERROR_SYSCALL: + { + if(bytesRead == -1) + { + // IO Error in underlying BIO + + if(interrupted()) + { + break; + } + + if(wouldBlock()) + { + break; + } + + if(connectionLost()) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else // (bytesRead == 0) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = 0; + throw ex; + } + } + + case SSL_ERROR_SSL: + { + ProtocolException protocolEx(__FILE__, __LINE__); + + protocolEx.message = "encountered a violation of the ssl protocol\n"; + protocolEx.message += sslGetErrors(); + + throw protocolEx; + } + + case SSL_ERROR_ZERO_RETURN: + { + // Indicates that that the SSL Connection has been closed. + // But does not necessarily indicate that the underlying transport + // has been closed (in the case of Ice, it definitely hasn't yet). + + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + } + } + + if(totalBytesRead == 0) { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { @@ -113,21 +272,713 @@ IceSSL::SslTransceiver::toString() const return fdToString(_fd); } +void +IceSSL::SslTransceiver::setHandshakeReadTimeout(int timeout) +{ + _handshakeReadTimeout = timeout; +} + +IceSSL::SslTransceiverPtr +IceSSL::SslTransceiver::getTransceiver(SSL* sslPtr) +{ + IceUtil::Mutex::Lock sync(_transceiverRepositoryMutex); + + assert(sslPtr); + + SslTransceiver* transceiver = _transceiverMap[sslPtr]; + + assert(transceiver); + + return SslTransceiverPtr(transceiver); +} + +// +// Note: Do not throw exceptions from verifyCertificate - it would rip through the OpenSSL system, +// interfering with the usual handling and alert system of the handshake. Exceptions should +// be caught here (if they can be generated), logged and then a fail return code (0) should +// returned. +// +int +IceSSL::SslTransceiver::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext) +{ + // Should NEVER be able to happen. + assert(_certificateVerifier.get() != 0); + + // Get the verifier, make sure it is for OpenSSL connections + IceSSL::OpenSSL::CertificateVerifierPtr verifier; + verifier = dynamic_cast<IceSSL::OpenSSL::CertificateVerifier*>(_certificateVerifier.get()); + + // Check to make sure we have a proper verifier for the operation. + if(verifier) + { + // Use the verifier to verify the certificate + try + { + preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection); + } + catch(const Ice::LocalException& localEx) + { + if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) + { + ostringstream s; + + s << "WRN exception during certificate verification: " << std::endl; + s << localEx << flush; + + _logger->trace(_traceLevels->securityCat, s.str()); + } + + preVerifyOkay = 0; + } + } + else + { + // Note: This code should NEVER be able to be reached, as we check each + // CertificateVerifier as it is added to the System. + + if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) + { + string errorString; + + if(_certificateVerifier.get()) + { + errorString = "WRN improper CertificateVerifier type"; + } + else + { + // NOTE: This should NEVER be able to happen, but just in case. + errorString = "WRN CertificateVerifier not set"; + } + + _logger->trace(_traceLevels->securityCat, errorString); + } + } + + return preVerifyOkay; +} + +// +// Protected Methods +// + +// Note: I would use a using directive of the form: +// using IceSSL::CertificateVerifierPtr; +// but unfortunately, it appears that this is not properly picked up. +// + +int +IceSSL::SslTransceiver::internalShutdown(int timeout) +{ + if(_sslConnection == 0) + { + return 1; + } + + int retCode = 0; + + if(_initWantWrite) + { + int i = writeSelect(timeout); + + if(i == 0) + { + return 0; + } + + _initWantWrite = 0; + } + else if(_initWantRead) + { + int i = readSelect(timeout); + + if(i == 0) + { + return 0; + } + + _initWantRead = 0; + } + + ERR_clear_error(); + + retCode = SSL_shutdown(_sslConnection); + + if(retCode == 1) + { + // Shutdown successful - shut down the socket for writing. + ::shutdown(SSL_get_fd(_sslConnection), SHUT_WR); + } + else if(retCode == -1) + { + setLastError(retCode); + + // Shutdown failed due to an error. + + switch(getLastError()) + { + case SSL_ERROR_WANT_WRITE: + { + _initWantWrite = 1; + retCode = 0; + break; + } + + case SSL_ERROR_WANT_READ: + { + _initWantRead = 1; + retCode = 0; + break; + } + + case SSL_ERROR_NONE: + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Ignore + retCode = 0; + break; + } + + case SSL_ERROR_SYSCALL: + { + // + // Some error with the underlying transport. + // + + if(interrupted()) + { + retCode = 0; + break; + } + + if(wouldBlock()) + { + readSelect(timeout); + retCode = 0; + break; + } + + if(connectionLost()) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + // + // Non-specific socket problem. + // + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + case SSL_ERROR_SSL: + { + // + // Error in the SSL library, usually a Protocol error. + // + + ProtocolException protocolEx(__FILE__, __LINE__); + + protocolEx.message = "encountered a violation of the ssl protocol during shutdown\n"; + protocolEx.message += sslGetErrors(); + + throw protocolEx; + } + + case SSL_ERROR_ZERO_RETURN: + { + // + // Indicates that the SSL connection has been closed. For SSLv3.0 + // and TLSv1.0, it indicates that a closure alert was received, + // and thus the connection has been closed cleanly. + // + + CloseConnectionException ex(__FILE__, __LINE__); + throw ex; + } + } + } + + return retCode; +} + +int +IceSSL::SslTransceiver::connect() +{ + assert(_sslConnection != 0); + + ERR_clear_error(); + int result = SSL_connect(_sslConnection); + + setLastError(result); + + return result; +} + +int +IceSSL::SslTransceiver::accept() +{ + assert(_sslConnection != 0); + + ERR_clear_error(); + int result = SSL_accept(_sslConnection); + + setLastError(result); + + return result; +} + +// NOTE: Currently not used, maybe later. +int +IceSSL::SslTransceiver::renegotiate() +{ + assert(_sslConnection != 0); + return SSL_renegotiate(_sslConnection); +} + +int +IceSSL::SslTransceiver::initialize(int timeout) +{ + int retCode = 0; + + while(true) + { + // One lucky thread will get the honor of carrying out the hanshake, + // if there is one to perform. The HandshakeSentinel effectively + // establishes a first-come, first-serve policy. One thread will own + // the handshake, and the others will either return rejected to the + // caller (who will figure out what to do with them) OR wait until + // our lead thread is done. Then, the shuffle begins again. + // Eventually, all threads will filter through. + + HandshakeSentinel handshakeSentinel(_handshakeFlag); + + if(!handshakeSentinel.ownHandshake()) + { + if(timeout >= 0) + { + // We should return immediately here - do not block, + // leave it to the caller to figure this out. + retCode = -1; + break; + } + else + { + // We will wait here - blocking IO is being used. + IceUtil::Mutex::Lock sync(_handshakeWaitMutex); + } + } + else + { + // Perform our init(), then leave. + IceUtil::Mutex::Lock sync(_handshakeWaitMutex); + + // Here we 'take the ball and run with it' for as long as we can + // get away with it. As long as we don't encounter some error + // status (or completion), this thread continues to service the + // initialize() call. + while(retCode == 0) + { + switch(_phase) + { + case Handshake : + { + retCode = handshake(timeout); + break; + } + + case Shutdown : + { + retCode = internalShutdown(timeout); + break; + } + + case Connected : + { + retCode = SSL_is_init_finished(_sslConnection); + + if(!retCode) + { + // In this case, we are essentially renegotiating + // the connection at the behest of the peer. + _phase = Handshake; + continue; + } + + // Done here. + return retCode; + } + } + } + + break; + } + } + + return retCode; +} + +int +IceSSL::SslTransceiver::pending() +{ + assert(_sslConnection != 0); + return SSL_pending(_sslConnection); +} + +int +IceSSL::SslTransceiver::getLastError() const +{ + assert(_sslConnection != 0); + return SSL_get_error(_sslConnection, _lastError); +} + +int +IceSSL::SslTransceiver::sslRead(char* buffer, int bufferSize) +{ + assert(_sslConnection != 0); + + ERR_clear_error(); + int bytesRead = SSL_read(_sslConnection, buffer, bufferSize); + + setLastError(bytesRead); + + return bytesRead; +} + +int +IceSSL::SslTransceiver::sslWrite(char* buffer, int bufferSize) +{ + assert(_sslConnection != 0); + + ERR_clear_error(); + int bytesWritten = SSL_write(_sslConnection, buffer, bufferSize); + + setLastError(bytesWritten); + + return bytesWritten; +} + +int +IceSSL::SslTransceiver::select(int timeout, bool write) +{ + int ret; + + assert(_sslConnection != 0); + SOCKET fd = SSL_get_fd(_sslConnection); + + fd_set rwFdSet; + struct timeval tv; + + if(timeout >= 0) + { + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000; + } + + do + { + FD_ZERO(&rwFdSet); + FD_SET(fd, &rwFdSet); + + if(timeout >= 0) + { + if(write) + { + ret = ::select(fd + 1, 0, &rwFdSet, 0, &tv); + } + else + { + ret = ::select(fd + 1, &rwFdSet, 0, 0, &tv); + } + } + else + { + if(write) + { + ret = ::select(fd + 1, 0, &rwFdSet, 0, 0); + } + else + { + ret = ::select(fd + 1, &rwFdSet, 0, 0, 0); + } + } + } + while(ret == SOCKET_ERROR && interrupted()); + + if(ret == SOCKET_ERROR) + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + if(ret == 0) + { + throw TimeoutException(__FILE__, __LINE__); + } + + return FD_ISSET(fd, &rwFdSet); +} + +int +IceSSL::SslTransceiver::readSelect(int timeout) +{ + return select(timeout, false); +} + +int +IceSSL::SslTransceiver::writeSelect(int timeout) +{ + return select(timeout, true); +} + +// +// Static Protected +// + +void +IceSSL::SslTransceiver::addTransceiver(SSL* sslPtr, SslTransceiver* transceiver) +{ + assert(sslPtr); + assert(transceiver); + IceUtil::Mutex::Lock sync(_transceiverRepositoryMutex); + _transceiverMap[sslPtr] = transceiver; +} + +void +IceSSL::SslTransceiver::removeTransceiver(SSL* sslPtr) +{ + assert(sslPtr); + IceUtil::Mutex::Lock sync(_transceiverRepositoryMutex); + _transceiverMap.erase(sslPtr); +} + +void +IceSSL::SslTransceiver::showCertificateChain(BIO* bio) +{ + assert(_sslConnection != 0); + assert(bio != 0); + + STACK_OF(X509)* sk; + + // Big nasty buffer + char buffer[4096]; + + if((sk = SSL_get_peer_cert_chain(_sslConnection)) != 0) + { + BIO_printf(bio,"---\nCertificate chain\n"); + + for(int i = 0; i < sk_X509_num(sk); i++) + { + X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk,i)), buffer, sizeof(buffer)); + BIO_printf(bio, "%2d s:%s\n", i, buffer); + + X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk,i)), buffer, sizeof(buffer)); + BIO_printf(bio, " i:%s\n", buffer); + + PEM_write_bio_X509(bio, sk_X509_value(sk, i)); + } + } + else + { + BIO_printf(bio, "---\nNo peer certificate chain available.\n"); + } +} + +void +IceSSL::SslTransceiver::showPeerCertificate(BIO* bio, const char* connType) +{ + assert(_sslConnection != 0); + assert(bio != 0); + + X509* peerCert = 0; + char buffer[4096]; + + if((peerCert = SSL_get_peer_certificate(_sslConnection)) != 0) + { + BIO_printf(bio, "%s Certificate\n", connType); + PEM_write_bio_X509(bio, peerCert); + + X509_NAME_oneline(X509_get_subject_name(peerCert), buffer, sizeof(buffer)); + BIO_printf(bio, "subject=%s\n", buffer); + + X509_NAME_oneline(X509_get_issuer_name(peerCert), buffer, sizeof(buffer)); + BIO_printf(bio, "issuer=%s\n", buffer); + + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(peerCert); + BIO_printf(bio,"%s public key is %d bit\n", connType, EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + + X509_free(peerCert); + } + else + { + BIO_printf(bio, "No %s certificate available.\n", connType); + } +} + +void +IceSSL::SslTransceiver::showSharedCiphers(BIO* bio) +{ + assert(_sslConnection != 0); + assert(bio != 0); + + char buffer[4096]; + char* strPointer = 0; + + if((strPointer = SSL_get_shared_ciphers(_sslConnection, buffer, sizeof(buffer))) != 0) + { + // This works only for SSL 2. In later protocol versions, the client does not know + // what other ciphers (in addition to the one to be used in the current connection) + // the server supports. + + BIO_printf(bio, "---\nShared Ciphers:\n"); + + int j = 0; + int i = 0; + + while(*strPointer) + { + if(*strPointer == ':') + { + BIO_write(bio, " ", (15-j%25)); + i++; + j=0; + BIO_write(bio, ((i%3)?" ":"\n"), 1); + } + else + { + BIO_write(bio, strPointer, 1); + j++; + } + + strPointer++; + } + + BIO_write(bio,"\n",1); + } +} + +void +IceSSL::SslTransceiver::showSessionInfo(BIO* bio) +{ + assert(_sslConnection != 0); + assert(bio != 0); + + if(_sslConnection->hit) + { + BIO_printf(bio, "Reused session-id\n"); + } + + PEM_write_bio_SSL_SESSION(bio, SSL_get_session(_sslConnection)); +} + +void +IceSSL::SslTransceiver::showSelectedCipherInfo(BIO* bio) +{ + assert(_sslConnection != 0); + assert(bio != 0); + + const char* str; + SSL_CIPHER* cipher; + + // Show the cipher that was finally selected. + cipher = SSL_get_current_cipher(_sslConnection); + + str = SSL_CIPHER_get_name(cipher); + BIO_printf(bio, "Cipher Version: %s\n", ((str != 0) ? str : "(NONE)")); + + str = SSL_CIPHER_get_version(cipher); + BIO_printf(bio, "Cipher Name: %s\n", ((str != 0) ? str : "(NONE)")); +} + +void +IceSSL::SslTransceiver::showHandshakeStats(BIO* bio) +{ + assert(_sslConnection != 0); + assert(bio != 0); + + BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n", + BIO_number_read(SSL_get_rbio(_sslConnection)), + BIO_number_written(SSL_get_wbio(_sslConnection))); +} + +void +IceSSL::SslTransceiver::showClientCAList(BIO* bio, const char* connType) +{ + assert(_sslConnection != 0); + assert(bio != 0); + assert(connType != 0); + + char buffer[4096]; + STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection); + + if((sk != 0) && (sk_X509_NAME_num(sk) > 0)) + { + BIO_printf(bio,"---\nAcceptable %s certificate CA names\n", connType); + + for(int i = 0; i < sk_X509_NAME_num(sk); i++) + { + X509_NAME_oneline(sk_X509_NAME_value(sk, i), buffer, sizeof(buffer)); + BIO_write(bio, buffer, strlen(buffer)); + BIO_write(bio,"\n", 1); + } + } + else + { + BIO_printf(bio,"---\nNo %s certificate CA names sent\n", connType); + } +} + + +// +// Private Methods +// + IceSSL::SslTransceiver::SslTransceiver(const PluginBaseIPtr& plugin, SOCKET fd, - const ConnectionPtr& sslConnection) : + const IceSSL::OpenSSL::CertificateVerifierPtr& certificateVerifier, + SSL* sslConnection) : + _sslConnection(sslConnection), _traceLevels(plugin->getTraceLevels()), _logger(plugin->getLogger()), _fd(fd), - _sslConnection(sslConnection) + _certificateVerifier(certificateVerifier) { assert(sslConnection != 0); FD_ZERO(&_rFdSet); FD_ZERO(&_wFdSet); + + SSL_set_ex_data(sslConnection, 0, static_cast<void*>(plugin.get())); + + // We always start off in a Handshake + _phase = Handshake; + + _lastError = SSL_ERROR_NONE; + + _initWantRead = 0; + _initWantWrite = 0; + + // None configured, default to indicated timeout + _handshakeReadTimeout = 0; + + // Set up the SSL to be able to refer back to our connection object. + addTransceiver(_sslConnection, this); } IceSSL::SslTransceiver::~SslTransceiver() { assert(_fd == INVALID_SOCKET); + + if(_sslConnection != 0) + { + removeTransceiver(_sslConnection); + SSL_set_ex_data(_sslConnection, 0, 0); + SSL_free(_sslConnection); + _sslConnection = 0; + } } + diff --git a/cpp/src/IceSSL/SslTransceiver.h b/cpp/src/IceSSL/SslTransceiver.h index 17da4cb64dd..d2b6e3f2894 100644 --- a/cpp/src/IceSSL/SslTransceiver.h +++ b/cpp/src/IceSSL/SslTransceiver.h @@ -13,15 +13,115 @@ #include <Ice/LoggerF.h> #include <Ice/Transceiver.h> -#include <IceSSL/SslConnectionF.h> +#include <Ice/Buffer.h> +#include <IceUtil/Mutex.h> +#include <IceSSL/SslTransceiverF.h> #include <IceSSL/PluginBaseIF.h> #include <IceSSL/TraceLevelsF.h> +#include <IceSSL/CertificateVerifierF.h> +#include <IceSSL/CertificateVerifierOpenSSL.h> + +#include <openssl/ssl.h> +#include <map> namespace IceSSL { -class SslConnector; -class SslAcceptor; +class SafeFlag +{ +public: + + SafeFlag(bool flagVal = false) + { + _flag = flagVal; + } + + ~SafeFlag() + { + } + + bool checkAndSet() + { + IceUtil::Mutex::Lock sync(_mutex); + + if(_flag) + { + return false; + } + else + { + _flag = true; + return true; + } + } + + bool check() + { + IceUtil::Mutex::Lock sync(_mutex); + return _flag; + } + + void set() + { + IceUtil::Mutex::Lock sync(_mutex); + _flag = true; + } + + void unset() + { + IceUtil::Mutex::Lock sync(_mutex); + _flag = false; + } + +private: + + IceUtil::Mutex _mutex; + bool _flag; +}; + +class HandshakeSentinel +{ +public: + + HandshakeSentinel(SafeFlag& handshakeFlag) : + _flag(handshakeFlag) + { + _ownHandshake = _flag.checkAndSet(); + } + + ~HandshakeSentinel() + { + if(_ownHandshake) + { + _flag.unset(); + } + } + + bool ownHandshake() + { + return _ownHandshake; + } + +private: + + bool _ownHandshake; + SafeFlag& _flag; +}; + +// NOTE: This is a mapping from SSL* to SslTransceiver*, for use with the verifyCallback. +// I have purposely not used SslTransceiverPtr here, as connections register themselves +// with this map on construction and unregister themselves in the destructor. If +// this map used SslTransceiverPtr, SslTransceiver instances would never destruct as there +// would always be a reference to them from the map. +class SslTransceiver; +typedef std::map<SSL*, SslTransceiver*> SslTransceiverMap; + +typedef enum +{ + Handshake, // The connection is negotiating a connection with the peer. + Shutdown, // The connection is in the process of shutting down. + Connected // The connection is connected - communication may continue. +} ConnectPhase; class SslTransceiver : public IceInternal::Transceiver { @@ -30,17 +130,73 @@ public: virtual SOCKET fd(); virtual void close(); virtual void shutdown(); - virtual void write(IceInternal::Buffer&, int); + virtual void write(IceInternal::Buffer&, int) = 0; virtual void read(IceInternal::Buffer&, int); virtual std::string toString() const; -private: + virtual int handshake(int timeout = 0) = 0; + void setHandshakeReadTimeout(int timeout); + static SslTransceiverPtr getTransceiver(SSL*); + + // Callback from OpenSSL for purposes of certificate verification + int verifyCertificate(int, X509_STORE_CTX*); + +protected: + + virtual int internalShutdown(int timeout = 0); + + int connect(); + int accept(); + int renegotiate(); + int initialize(int timeout); + + int pending(); + int getLastError() const; + + int sslRead(char*, int); + int sslWrite(char*, int); + + int select(int, bool); + int readSelect(int); + int writeSelect(int); + + int readSSL(IceInternal::Buffer&, int); + + static void addTransceiver(SSL*, SslTransceiver*); + static void removeTransceiver(SSL*); + + virtual void showConnectionInfo() = 0; + + void showCertificateChain(BIO*); + void showPeerCertificate(BIO*, const char*); + void showSharedCiphers(BIO*); + void showSessionInfo(BIO*); + void showSelectedCipherInfo(BIO*); + void showHandshakeStats(BIO*); + void showClientCAList(BIO*, const char*); + + void setLastError(int errorCode) { _lastError = errorCode; }; + + static SslTransceiverMap _transceiverMap; + static IceUtil::Mutex _transceiverRepositoryMutex; + + // Pointer to the OpenSSL Connection structure. + SSL* _sslConnection; + + int _lastError; + + IceUtil::Mutex _handshakeWaitMutex; - SslTransceiver(const PluginBaseIPtr&, SOCKET, const ::IceSSL::ConnectionPtr&); + SafeFlag _handshakeFlag; + int _initWantRead; + int _initWantWrite; + int _handshakeReadTimeout; + int _readTimeout; + ConnectPhase _phase; + + SslTransceiver(const PluginBaseIPtr&, SOCKET, const IceSSL::OpenSSL::CertificateVerifierPtr&, SSL*); virtual ~SslTransceiver(); - friend class SslConnector; - friend class SslAcceptor; TraceLevelsPtr _traceLevels; Ice::LoggerPtr _logger; @@ -48,7 +204,7 @@ private: fd_set _rFdSet; fd_set _wFdSet; - ::IceSSL::ConnectionPtr _sslConnection; + IceSSL::OpenSSL::CertificateVerifierPtr _certificateVerifier; }; } diff --git a/cpp/src/IceSSL/SslConnectionF.h b/cpp/src/IceSSL/SslTransceiverF.h index 0de8ba0eee9..af4fc85d1a7 100644 --- a/cpp/src/IceSSL/SslConnectionF.h +++ b/cpp/src/IceSSL/SslTransceiverF.h @@ -8,24 +8,24 @@ // // ********************************************************************** -#ifndef ICE_SSL_CONNECTION_F_H -#define ICE_SSL_CONNECTION_F_H +#ifndef ICE_SSL_TRANSEIVER_OPENSSL_F_H +#define ICE_SSL_TRANSEIVER_OPENSSL_F_H #include <Ice/Handle.h> namespace IceSSL { -class Connection; -typedef IceInternal::Handle<Connection> ConnectionPtr; +class SslTransceiver; +typedef IceInternal::Handle<SslTransceiver> SslTransceiverPtr; } namespace IceInternal { -void incRef(::IceSSL::Connection*); -void decRef(::IceSSL::Connection*); +void incRef(::IceSSL::SslTransceiver*); +void decRef(::IceSSL::SslTransceiver*); } |