diff options
| author | Mark Spruiell <mes@zeroc.com> | 2006-04-20 16:35:15 +0000 |
|---|---|---|
| committer | Mark Spruiell <mes@zeroc.com> | 2006-04-20 16:35:15 +0000 |
| commit | 5f4cc52bbfbed5b684db676e79ed926a11edefab (patch) | |
| tree | 66b7a8e918fe62a7c65b964b24992f9a98d2a43f /java/src/IceSSL/ConnectorI.java | |
| parent | updating IceSSL properties (diff) | |
| download | ice-5f4cc52bbfbed5b684db676e79ed926a11edefab.tar.bz2 ice-5f4cc52bbfbed5b684db676e79ed926a11edefab.tar.xz ice-5f4cc52bbfbed5b684db676e79ed926a11edefab.zip | |
adding support for VerifyPeer; misc. fixes
Diffstat (limited to 'java/src/IceSSL/ConnectorI.java')
| -rw-r--r-- | java/src/IceSSL/ConnectorI.java | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/java/src/IceSSL/ConnectorI.java b/java/src/IceSSL/ConnectorI.java index 0df3c1ed049..cf197e1eb95 100644 --- a/java/src/IceSSL/ConnectorI.java +++ b/java/src/IceSSL/ConnectorI.java @@ -57,7 +57,7 @@ final class ConnectorI implements IceInternal.Connector catch(IllegalArgumentException ex) { Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "invalid ciphersuite"; + e.reason = "IceSSL: invalid ciphersuite"; e.initCause(ex); throw e; } @@ -82,7 +82,7 @@ final class ConnectorI implements IceInternal.Connector catch(IllegalArgumentException ex) { Ice.SecurityException e = new Ice.SecurityException(); - e.reason = "invalid protocol"; + e.reason = "IceSSL: invalid protocol"; e.initCause(ex); throw e; } @@ -105,10 +105,30 @@ final class ConnectorI implements IceInternal.Connector fd.startHandshake(); } + // + // Check IceSSL.VerifyPeer. + // + int verifyPeer = + _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2); + if(verifyPeer > 0) + { + try + { + fd.getSession().getPeerCertificates(); + } + catch(javax.net.ssl.SSLPeerUnverifiedException ex) + { + Ice.SecurityException e = new Ice.SecurityException(); + e.reason = "IceSSL: server did not supply a certificate"; + e.initCause(ex); + throw e; + } + } + if(!ctx.verifyPeer(fd, _host, false)) { Ice.SecurityException ex = new Ice.SecurityException(); - ex.reason = "outgoing connection rejected by certificate verifier"; + ex.reason = "IceSSL: outgoing connection rejected by certificate verifier"; throw ex; } } |