summaryrefslogtreecommitdiff
path: root/cpp/src/Ice/SslConnectionOpenSSL.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/Ice/SslConnectionOpenSSL.cpp')
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSL.cpp296
1 files changed, 148 insertions, 148 deletions
diff --git a/cpp/src/Ice/SslConnectionOpenSSL.cpp b/cpp/src/Ice/SslConnectionOpenSSL.cpp
index 289015b64a1..7bc74e0559d 100644
--- a/cpp/src/Ice/SslConnectionOpenSSL.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSL.cpp
@@ -20,7 +20,7 @@
#include <openssl/err.h>
#include <string>
#include <sstream>
-#include <Ice/Network.h>
+#include <Ice/Network.h>
#include <Ice/OpenSSL.h>
#include <Ice/SslException.h>
#include <Ice/SslFactory.h>
@@ -69,15 +69,15 @@ void ::IceInternal::decRef(::IceSSL::OpenSSL::Connection* p) { p->__decRef(); }
// but unfortunately, it appears that this is not properly picked up.
//
-IceSSL::OpenSSL::Connection::Connection(const IceInternal::TraceLevelsPtr& traceLevels,
- const Ice::LoggerPtr& logger,
+IceSSL::OpenSSL::Connection::Connection(const IceInternal::TraceLevelsPtr& traceLevels,
+ const Ice::LoggerPtr& logger,
const IceSSL::CertificateVerifierPtr& certificateVerifier,
- SSL* sslConnection,
+ SSL* sslConnection,
const IceSSL::SystemInternalPtr& system) :
IceSSL::Connection(traceLevels, logger, certificateVerifier),
_sslConnection(sslConnection)
{
- assert(_sslConnection != 0);
+ assert(_sslConnection != 0);
assert(system != 0);
Factory::addSystemHandle(_sslConnection, system);
@@ -109,10 +109,10 @@ void
IceSSL::OpenSSL::Connection::shutdown()
{
if (_sslConnection == 0)
- {
- return;
+ {
+ return;
}
-
+
if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
{
_logger->trace(_traceLevels->securityCat, "WRN " +
@@ -120,7 +120,7 @@ IceSSL::OpenSSL::Connection::shutdown()
fdToString(SSL_get_fd(_sslConnection)));
}
- int shutdown = 0;
+ int shutdown = 0;
int numRetries = 100;
int retries = -numRetries;
@@ -142,7 +142,7 @@ IceSSL::OpenSSL::Connection::shutdown()
void
IceSSL::OpenSSL::Connection::setHandshakeReadTimeout(int timeout)
-{
+{
_handshakeReadTimeout = timeout;
}
@@ -160,12 +160,12 @@ IceSSL::OpenSSL::Connection::getConnection(SSL* sslPtr)
return ConnectionPtr(connection);
}
-//
-// Note: Do not throw exceptions from verifyCertificate - it would rip through the OpenSSL system,
-// interfering with the usual handling and alert system of the handshake. Exceptions should
-// be caught here (if they can be generated), logged and then a fail return code (0) should
-// returned.
-//
+//
+// Note: Do not throw exceptions from verifyCertificate - it would rip through the OpenSSL system,
+// interfering with the usual handling and alert system of the handshake. Exceptions should
+// be caught here (if they can be generated), logged and then a fail return code (0) should
+// returned.
+//
int
IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext)
{
@@ -179,24 +179,24 @@ IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX
// Check to make sure we have a proper verifier for the operation.
if (verifier)
{
- // Use the verifier to verify the certificate
- try
+ // Use the verifier to verify the certificate
+ try
{
- preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection);
- }
- catch (const Ice::LocalException& localEx)
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- ostringstream s;
-
- s << "WRN exception during certificate verification: " << std::endl;
- s << localEx << flush;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-
- preVerifyOkay = 0;
+ preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection);
+ }
+ catch (const Ice::LocalException& localEx)
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ ostringstream s;
+
+ s << "WRN exception during certificate verification: " << std::endl;
+ s << localEx << flush;
+
+ _logger->trace(_traceLevels->securityCat, s.str());
+ }
+
+ preVerifyOkay = 0;
}
}
else
@@ -232,8 +232,8 @@ IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX
int
IceSSL::OpenSSL::Connection::connect()
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int result = SSL_connect(_sslConnection);
setLastError(result);
@@ -244,20 +244,20 @@ IceSSL::OpenSSL::Connection::connect()
int
IceSSL::OpenSSL::Connection::accept()
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int result = SSL_accept(_sslConnection);
setLastError(result);
return result;
}
-
+
// NOTE: Currently not used, maybe later.
int
IceSSL::OpenSSL::Connection::renegotiate()
{
- assert(_sslConnection != 0);
+ assert(_sslConnection != 0);
return SSL_renegotiate(_sslConnection);
}
@@ -267,7 +267,7 @@ IceSSL::OpenSSL::Connection::initialize(int timeout)
int retCode = 0;
while (true)
- {
+ {
// One lucky thread will get the honor of carrying out the hanshake,
// if there is one to perform. The HandshakeSentinel effectively
// establishes a first-come, first-serve policy. One thread will own
@@ -305,25 +305,25 @@ IceSSL::OpenSSL::Connection::initialize(int timeout)
return retCode;
}
-int
-IceSSL::OpenSSL::Connection::pending()
-{
- assert(_sslConnection != 0);
- return SSL_pending(_sslConnection);
-}
-
-int
-IceSSL::OpenSSL::Connection::getLastError() const
-{
- assert(_sslConnection != 0);
- return SSL_get_error(_sslConnection, _lastError);
-}
-
+int
+IceSSL::OpenSSL::Connection::pending()
+{
+ assert(_sslConnection != 0);
+ return SSL_pending(_sslConnection);
+}
+
+int
+IceSSL::OpenSSL::Connection::getLastError() const
+{
+ assert(_sslConnection != 0);
+ return SSL_get_error(_sslConnection, _lastError);
+}
+
int
IceSSL::OpenSSL::Connection::sslRead(char* buffer, int bufferSize)
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int bytesRead = SSL_read(_sslConnection, buffer, bufferSize);
setLastError(bytesRead);
@@ -334,8 +334,8 @@ IceSSL::OpenSSL::Connection::sslRead(char* buffer, int bufferSize)
int
IceSSL::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize)
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int bytesWritten = SSL_write(_sslConnection, buffer, bufferSize);
setLastError(bytesWritten);
@@ -343,78 +343,78 @@ IceSSL::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize)
return bytesWritten;
}
-int
-IceSSL::OpenSSL::Connection::select(int timeout, bool write)
-{
- int ret;
-
- assert(_sslConnection != 0);
- SOCKET fd = SSL_get_fd(_sslConnection);
-
- fd_set rwFdSet;
- struct timeval tv;
-
- if (timeout >= 0)
- {
- tv.tv_sec = timeout / 1000;
- tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
- }
-
- do
- {
- FD_ZERO(&rwFdSet);
- FD_SET(fd, &rwFdSet);
-
- if (timeout >= 0)
- {
- if (write)
- {
- ret = ::select(fd + 1, 0, &rwFdSet, 0, &tv);
- }
- else
- {
- ret = ::select(fd + 1, &rwFdSet, 0, 0, &tv);
- }
- }
- else
- {
- if (write)
- {
- ret = ::select(fd + 1, 0, &rwFdSet, 0, 0);
- }
- else
- {
- ret = ::select(fd + 1, &rwFdSet, 0, 0, 0);
- }
- }
- }
- while (ret == SOCKET_ERROR && interrupted());
-
- if (ret == SOCKET_ERROR)
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
-
- if (ret == 0)
- {
- throw TimeoutException(__FILE__, __LINE__);
- }
-
- return FD_ISSET(fd, &rwFdSet);
+int
+IceSSL::OpenSSL::Connection::select(int timeout, bool write)
+{
+ int ret;
+
+ assert(_sslConnection != 0);
+ SOCKET fd = SSL_get_fd(_sslConnection);
+
+ fd_set rwFdSet;
+ struct timeval tv;
+
+ if (timeout >= 0)
+ {
+ tv.tv_sec = timeout / 1000;
+ tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
+ }
+
+ do
+ {
+ FD_ZERO(&rwFdSet);
+ FD_SET(fd, &rwFdSet);
+
+ if (timeout >= 0)
+ {
+ if (write)
+ {
+ ret = ::select(fd + 1, 0, &rwFdSet, 0, &tv);
+ }
+ else
+ {
+ ret = ::select(fd + 1, &rwFdSet, 0, 0, &tv);
+ }
+ }
+ else
+ {
+ if (write)
+ {
+ ret = ::select(fd + 1, 0, &rwFdSet, 0, 0);
+ }
+ else
+ {
+ ret = ::select(fd + 1, &rwFdSet, 0, 0, 0);
+ }
+ }
+ }
+ while (ret == SOCKET_ERROR && interrupted());
+
+ if (ret == SOCKET_ERROR)
+ {
+ SocketException ex(__FILE__, __LINE__);
+ ex.error = getSocketErrno();
+ throw ex;
+ }
+
+ if (ret == 0)
+ {
+ throw TimeoutException(__FILE__, __LINE__);
+ }
+
+ return FD_ISSET(fd, &rwFdSet);
}
int
IceSSL::OpenSSL::Connection::readSelect(int timeout)
{
- return select(timeout, false);
+ return select(timeout, false);
}
int
IceSSL::OpenSSL::Connection::writeSelect(int timeout)
-{
- return select(timeout, true);
+{
+ return select(timeout, true);
}
int
@@ -569,14 +569,14 @@ IceSSL::OpenSSL::Connection::read(Buffer& buf, int timeout)
return totalBytesRead;
}
-
+
void
IceSSL::OpenSSL::Connection::addConnection(SSL* sslPtr, Connection* connection)
{
assert(sslPtr);
assert(connection);
IceUtil::Mutex::Lock sync(_connectionRepositoryMutex);
- _connectionMap[sslPtr] = connection;
+ _connectionMap[sslPtr] = connection;
}
void
@@ -589,10 +589,10 @@ IceSSL::OpenSSL::Connection::removeConnection(SSL* sslPtr)
void
IceSSL::OpenSSL::Connection::showCertificateChain(BIO* bio)
-{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+{
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
STACK_OF(X509)* sk;
// Big nasty buffer
@@ -622,9 +622,9 @@ IceSSL::OpenSSL::Connection::showCertificateChain(BIO* bio)
void
IceSSL::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
X509* peerCert = 0;
char buffer[4096];
@@ -655,16 +655,16 @@ IceSSL::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType)
void
IceSSL::OpenSSL::Connection::showSharedCiphers(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
char buffer[4096];
char* strPointer = 0;
if ((strPointer = SSL_get_shared_ciphers(_sslConnection, buffer, sizeof(buffer))) != 0)
{
- // This works only for SSL 2. In later protocol versions, the client does not know
- // what other ciphers (in addition to the one to be used in the current connection)
+ // This works only for SSL 2. In later protocol versions, the client does not know
+ // what other ciphers (in addition to the one to be used in the current connection)
// the server supports.
BIO_printf(bio, "---\nShared Ciphers:\n");
@@ -697,9 +697,9 @@ IceSSL::OpenSSL::Connection::showSharedCiphers(BIO* bio)
void
IceSSL::OpenSSL::Connection::showSessionInfo(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
if (_sslConnection->hit)
{
BIO_printf(bio, "Reused session-id\n");
@@ -711,9 +711,9 @@ IceSSL::OpenSSL::Connection::showSessionInfo(BIO* bio)
void
IceSSL::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
const char* str;
SSL_CIPHER* cipher;
@@ -730,9 +730,9 @@ IceSSL::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio)
void
IceSSL::OpenSSL::Connection::showHandshakeStats(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(_sslConnection)),
BIO_number_written(SSL_get_wbio(_sslConnection)));
@@ -741,10 +741,10 @@ IceSSL::OpenSSL::Connection::showHandshakeStats(BIO* bio)
void
IceSSL::OpenSSL::Connection::showClientCAList(BIO* bio, const char* connType)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
- assert(connType != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+ assert(connType != 0);
+
char buffer[4096];
STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection);
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 05:39:23 +0000