bug 3464 - IceSSL.CheckCertName property had no effect in C++

author: Mark Spruiell <mes@zeroc.com> 2009-01-02 16:12:32 -0800
committer: Mark Spruiell <mes@zeroc.com> 2009-01-02 16:12:32 -0800
commit: 1ee3aa381a7f236a76f256630124c39c85a06493 (patch)
tree: ded9f42682ddc884c8a6dd9b4ae75db52beef603 /cpp
parent: Merge branch 'R3_3_branch' (diff)
download: ice-1ee3aa381a7f236a76f256630124c39c85a06493.tar.bz2
ice-1ee3aa381a7f236a76f256630124c39c85a06493.tar.xz
ice-1ee3aa381a7f236a76f256630124c39c85a06493.zip
7 files changed, 49 insertions, 11 deletions
diff --git a/cpp/src/IceSSL/AcceptorI.cpp b/cpp/src/IceSSL/AcceptorI.cpp
index ce3c2230c38..677f8235198 100644
--- a/cpp/src/IceSSL/AcceptorI.cpp
+++ b/cpp/src/IceSSL/AcceptorI.cpp
@@ -109,7 +109,7 @@ IceSSL::AcceptorI::accept()
     // SSL handshaking is performed in TransceiverI::initialize, since
     // accept must not block.
     //
-    return new TransceiverI(_instance, ssl, fd, true, true, _adapterName);
+    return new TransceiverI(_instance, ssl, fd, "", true, true, _adapterName);
 }
 
 string
diff --git a/cpp/src/IceSSL/ConnectorI.cpp b/cpp/src/IceSSL/ConnectorI.cpp
index 56b459519c3..9d03d2c1a47 100644
--- a/cpp/src/IceSSL/ConnectorI.cpp
+++ b/cpp/src/IceSSL/ConnectorI.cpp
@@ -71,7 +71,7 @@ IceSSL::ConnectorI::connect()
         // SSL handshaking is performed in TransceiverI::initialize, since
         // connect must not block.
         //
-        return new TransceiverI(_instance, ssl, fd, connected, false);
+        return new TransceiverI(_instance, ssl, fd, _host, connected, false);
     }
     catch(const Ice::LocalException& ex)
     {
@@ -159,10 +159,11 @@ IceSSL::ConnectorI::operator<(const IceInternal::Connector& r) const
     return IceInternal::compareAddress(_addr, p->_addr) == -1;
 }
 
-IceSSL::ConnectorI::ConnectorI(const InstancePtr& instance, const struct sockaddr_storage& addr, Ice::Int timeout,
-                               const string& connectionId) :
+IceSSL::ConnectorI::ConnectorI(const InstancePtr& instance, const string& host, const struct sockaddr_storage& addr,
+                               Ice::Int timeout, const string& connectionId) :
     _instance(instance),
     _logger(instance->communicator()->getLogger()),
+    _host(host),
     _addr(addr),
     _timeout(timeout),
     _connectionId(connectionId)
diff --git a/cpp/src/IceSSL/ConnectorI.h b/cpp/src/IceSSL/ConnectorI.h
index dd1f67119ff..e659421fc5f 100644
--- a/cpp/src/IceSSL/ConnectorI.h
+++ b/cpp/src/IceSSL/ConnectorI.h
@@ -41,12 +41,13 @@ public:
 
 private:
     
-    ConnectorI(const InstancePtr&, const struct sockaddr_storage&, Ice::Int, const std::string&);
+    ConnectorI(const InstancePtr&, const std::string&, const struct sockaddr_storage&, Ice::Int, const std::string&);
     virtual ~ConnectorI();
     friend class EndpointI;
 
     const InstancePtr _instance;
     const Ice::LoggerPtr _logger;
+    const std::string _host;
     struct sockaddr_storage _addr;
     const Ice::Int _timeout;
     const std::string _connectionId;
diff --git a/cpp/src/IceSSL/EndpointI.cpp b/cpp/src/IceSSL/EndpointI.cpp
index 238ca12c040..fcf37b58515 100644
--- a/cpp/src/IceSSL/EndpointI.cpp
+++ b/cpp/src/IceSSL/EndpointI.cpp
@@ -474,7 +474,7 @@ IceSSL::EndpointI::connectors(const vector<struct sockaddr_storage>& addresses)
     vector<IceInternal::ConnectorPtr> connectors;
     for(unsigned int i = 0; i < addresses.size(); ++i)
     {
-        connectors.push_back(new ConnectorI(_instance, addresses[i], _timeout, _connectionId));
+        connectors.push_back(new ConnectorI(_instance, _host, addresses[i], _timeout, _connectionId));
     }
     return connectors;
 }
diff --git a/cpp/src/IceSSL/TransceiverI.cpp b/cpp/src/IceSSL/TransceiverI.cpp
index 8721f214d3d..9cbde9975b4 100644
--- a/cpp/src/IceSSL/TransceiverI.cpp
+++ b/cpp/src/IceSSL/TransceiverI.cpp
@@ -461,7 +461,7 @@ IceSSL::TransceiverI::initialize()
         }
         while(!SSL_is_init_finished(_ssl));
     
-        _instance->verifyPeer(_ssl, _fd, "", _adapterName, _incoming);
+        _instance->verifyPeer(_ssl, _fd, _host, _adapterName, _incoming);
     }
     catch(const Ice::LocalException& ex)
     {
@@ -513,15 +513,16 @@ IceSSL::TransceiverI::getConnectionInfo() const
     return populateConnectionInfo(_ssl, _fd, _adapterName, _incoming);
 }
 
-IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, SSL* ssl, SOCKET fd, bool connected,
+IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, SSL* ssl, SOCKET fd, const string& host, bool connected,
                                    bool incoming, const string& adapterName) :
     _instance(instance),
     _logger(instance->communicator()->getLogger()),
     _stats(instance->communicator()->getStats()),
     _ssl(ssl),
     _fd(fd),
-    _adapterName(adapterName),
+    _host(host),
     _incoming(incoming),
+    _adapterName(adapterName),
     _state(connected ? StateConnected : StateNeedConnect),
     _desc(IceInternal::fdToString(fd))
 {
diff --git a/cpp/src/IceSSL/TransceiverI.h b/cpp/src/IceSSL/TransceiverI.h
index 01f190d0df3..cb982fca9b3 100644
--- a/cpp/src/IceSSL/TransceiverI.h
+++ b/cpp/src/IceSSL/TransceiverI.h
@@ -51,7 +51,7 @@ public:
 
 private:
 
-    TransceiverI(const InstancePtr&, SSL*, SOCKET, bool, bool, const std::string& = "");
+    TransceiverI(const InstancePtr&, SSL*, SOCKET, const std::string&, bool, bool, const std::string& = "");
     virtual ~TransceiverI();
     friend class ConnectorI;
     friend class AcceptorI;
@@ -65,8 +65,10 @@ private:
 
     SOCKET _fd;
 
-    const std::string _adapterName;
+    const std::string _host;
+
     const bool _incoming;
+    const std::string _adapterName;
 
     State _state;
     std::string _desc;
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index bb4793825a1..fb5b81345e7 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -499,6 +499,39 @@ allTests(const CommunicatorPtr& communicator, const string& testDir)
         }
         fact->destroyServer(server);
         comm->destroy();
+
+        //
+        // Test IceSSL.CheckCertName. The test certificate for the server contains "server"
+        // and "127.0.0.1" in its subjectAltName, so we only perform this test when the
+        // default host is "127.0.0.1".
+        //
+        if(defaultHost == "127.0.0.1")
+        {
+            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost);
+            initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_nopass_ca1_pub.pem");
+            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+            initData.properties->setProperty("IceSSL.CheckCertName", "1");
+            comm = initialize(initData);
+
+            fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+            test(fact);
+            d = createServerProps(defaultProperties, defaultDir, defaultHost);
+            d["IceSSL.CertAuthFile"] = "cacert1.pem";
+            d["IceSSL.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+            d["IceSSL.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+            server = fact->createServer(d);
+            try
+            {
+                server->ice_ping();
+            }
+            catch(const LocalException&)
+            {
+                test(false);
+            }
+            fact->destroyServer(server);
+            comm->destroy();
+        }
     }
     cout << "ok" << endl;
author	Mark Spruiell <mes@zeroc.com>	2009-01-02 16:12:32 -0800
committer	Mark Spruiell <mes@zeroc.com>	2009-01-02 16:12:32 -0800
commit	1ee3aa381a7f236a76f256630124c39c85a06493 (patch)
tree	ded9f42682ddc884c8a6dd9b4ae75db52beef603 /cpp
parent	Merge branch 'R3_3_branch' (diff)
download	ice-1ee3aa381a7f236a76f256630124c39c85a06493.tar.bz2 ice-1ee3aa381a7f236a76f256630124c39c85a06493.tar.xz ice-1ee3aa381a7f236a76f256630124c39c85a06493.zip