summaryrefslogtreecommitdiff
path: root/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/Ice/SslConnectionOpenSSLServer.cpp')
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLServer.cpp279
1 files changed, 134 insertions, 145 deletions
diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
index 40991e654ae..415cdafaae1 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
@@ -37,8 +37,6 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::~ServerConnection()
{
ICE_METHOD_INV("OpenSSL::ServerConnection::~ServerConnection()");
- shutdown();
-
ICE_METHOD_RET("OpenSSL::ServerConnection::~ServerConnection()");
}
@@ -47,31 +45,6 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::shutdown()
{
ICE_METHOD_INV("OpenSSL::ServerConnection::shutdown()");
- if (_sslConnection != 0)
- {
- // NOTE: This call is how the server application shuts down, but they are
- // also using SSL_CTX_set_quiet_shutdown().
- // SSL_set_shutdown(_sslConnection,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-
- int shutdown = 0;
- int retries = 100;
-
- do
- {
- shutdown = SSL_shutdown(_sslConnection);
- retries--;
- }
- while ((shutdown == 0) && (retries > 0));
-
- if (shutdown <= 0)
- {
- ostringstream s;
- s << "SSL shutdown failure encountered: code[" << shutdown << "] retries[";
- s << retries << "]\n" << fdToString(SSL_get_fd(_sslConnection));
- ICE_PROTOCOL_DEBUG(s.str());
- }
- }
-
Connection::shutdown();
ICE_METHOD_RET("OpenSSL::ServerConnection::shutdown()");
@@ -80,40 +53,38 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::shutdown()
int
IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout)
{
- JTCSyncT<JTCMutex> sync(_initMutex);
-
- ICE_METHOD_INV("OpenSSL::ServerConnection::init()");
-
- if (_timeoutEncountered)
- {
- throw TimeoutException(__FILE__, __LINE__);
- }
-
+ ICE_METHOD_INV("OpenSSL::ServerConnection::init()");
+
+ if (_timeoutEncountered)
+ {
+ throw TimeoutException(__FILE__, __LINE__);
+ }
+
int retCode = SSL_is_init_finished(_sslConnection);
while (!retCode)
{
int i = 0;
- _readTimeout = timeout > _handshakeReadTimeout ? timeout : _handshakeReadTimeout;
-
- try
- {
- if (_initWantRead)
- {
- i = readSelect(_readTimeout);
- }
- else if (_initWantWrite)
- {
- i = writeSelect(timeout);
- }
- }
- catch (const TimeoutException&)
- {
- _timeoutEncountered = true;
- throw;
- }
-
+ _readTimeout = timeout > _handshakeReadTimeout ? timeout : _handshakeReadTimeout;
+
+ try
+ {
+ if (_initWantRead)
+ {
+ i = readSelect(_readTimeout);
+ }
+ else if (_initWantWrite)
+ {
+ i = writeSelect(timeout);
+ }
+ }
+ catch (const TimeoutException&)
+ {
+ _timeoutEncountered = true;
+ throw;
+ }
+
if (_initWantRead && i == 0)
{
return 0;
@@ -204,12 +175,14 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout)
if (connectionLost())
{
+ ICE_DEV_DEBUG("ServerConnection::init(): Throwing ConnectionLostException... SslConnectionOpenSSLServer.cpp, 207");
ConnectionLostException ex(__FILE__, __LINE__);
ex.error = getSocketErrno();
throw ex;
}
else
{
+ ICE_DEV_DEBUG("ServerConnection::init(): Throwing SocketException... SslConnectionOpenSSLServer.cpp, 214");
SocketException ex(__FILE__, __LINE__);
ex.error = getSocketErrno();
throw ex;
@@ -294,7 +267,7 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout)
int totalBytesWritten = 0;
int bytesWritten = 0;
- int packetSize = buf.b.end() - buf.i;
+ int packetSize = buf.b.end() - buf.i;
#ifdef WIN32
//
@@ -310,124 +283,140 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout)
while (buf.i != buf.b.end())
{
// Ensure we're initialized.
- if (init(timeout))
+ int initReturn = initialize(timeout);
+
+ if (initReturn == -1)
{
- // Perform a select on the socket.
- if (!writeSelect(timeout))
- {
- // We're done here.
- break;
- }
+ // Handshake underway, we should just return with what we've got (even if that's nothing).
+ break;
+ }
+
+ if (initReturn == 0)
+ {
+ // Retry the initialize call
+ continue;
+ }
+
+ // initReturn must be > 0, so we're okay to try a write
- bytesWritten = sslWrite((char *)buf.i, packetSize);
+ // Perform a select on the socket.
+ if (!writeSelect(timeout))
+ {
+ // We're done here.
+ break;
+ }
+
+ bytesWritten = sslWrite((char *)buf.i, packetSize);
- switch (getLastError())
+ switch (getLastError())
+ {
+ case SSL_ERROR_NONE:
{
- case SSL_ERROR_NONE:
- {
- if (_traceLevels->network >= 3)
- {
- ostringstream s;
- s << "sent " << bytesWritten << " of " << packetSize;
- s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection));
- _logger->trace(_traceLevels->networkCat, s.str());
- }
-
- totalBytesWritten += bytesWritten;
-
- buf.i += bytesWritten;
-
- if (packetSize > buf.b.end() - buf.i)
- {
- packetSize = buf.b.end() - buf.i;
- }
- continue;
+ if (_traceLevels->network >= 3)
+ {
+ ostringstream s;
+ s << "sent " << bytesWritten << " of " << packetSize;
+ s << " bytes via ssl\n" << fdToString(SSL_get_fd(_sslConnection));
+ _logger->trace(_traceLevels->networkCat, s.str());
}
- case SSL_ERROR_WANT_WRITE: // Retry...
- {
- ICE_PROTOCOL("Error SSL_ERROR_WANT_WRITE: Repeating as per protocol.");
+ totalBytesWritten += bytesWritten;
- continue;
- }
+ buf.i += bytesWritten;
- case SSL_ERROR_WANT_READ: // The demo server ignores this error.
+ if (packetSize > buf.b.end() - buf.i)
{
- ICE_PROTOCOL("Error SSL_ERROR_WANT_READ: Ignoring as per protocol.");
-
- continue;
+ packetSize = buf.b.end() - buf.i;
}
+ continue;
+ }
- case SSL_ERROR_WANT_X509_LOOKUP: // The demo server ignores this error.
- {
- ICE_PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol.");
+ case SSL_ERROR_WANT_WRITE: // Retry...
+ {
+ ICE_PROTOCOL("Error SSL_ERROR_WANT_WRITE: Repeating as per protocol.");
- continue;
- }
+ continue;
+ }
- case SSL_ERROR_SYSCALL:
- {
- if (bytesWritten == -1)
- {
- // IO Error in underlying BIO
-
- if (interrupted())
- {
- break;
- }
-
- if (wouldBlock())
- {
- break;
- }
-
- if (connectionLost())
- {
- ConnectionLostException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- else
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- }
- else
- {
- ProtocolException protocolEx(__FILE__, __LINE__);
+ case SSL_ERROR_WANT_READ: // The demo server ignores this error.
+ {
+ ICE_PROTOCOL("Error SSL_ERROR_WANT_READ: Ignoring as per protocol.");
- // Protocol Error: Unexpected EOF
- protocolEx._message = "Encountered an EOF that violates the SSL Protocol.";
+ continue;
+ }
+
+ case SSL_ERROR_WANT_X509_LOOKUP: // The demo server ignores this error.
+ {
+ ICE_PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol.");
- ICE_SSLERRORS(protocolEx._message);
- ICE_EXCEPTION(protocolEx._message);
+ continue;
+ }
- throw protocolEx;
+ case SSL_ERROR_SYSCALL:
+ {
+ if (bytesWritten == -1)
+ {
+ // IO Error in underlying BIO
+
+ if (interrupted())
+ {
+ break;
+ }
+
+ if (wouldBlock())
+ {
+ break;
}
- }
- case SSL_ERROR_SSL:
+ if (connectionLost())
+ {
+ ICE_DEV_DEBUG("ServerConnection::write(): Throwing ConnectionLostException... SslConnectionOpenSSLServer.cpp, 388");
+ ConnectionLostException ex(__FILE__, __LINE__);
+ ex.error = getSocketErrno();
+ throw ex;
+ }
+ else
+ {
+ ICE_DEV_DEBUG("ServerConnection::write(): Throwing SocketException... SslConnectionOpenSSLServer.cpp, 395");
+ SocketException ex(__FILE__, __LINE__);
+ ex.error = getSocketErrno();
+ throw ex;
+ }
+ }
+ else
{
ProtocolException protocolEx(__FILE__, __LINE__);
- protocolEx._message = "Encountered a violation of the SSL Protocol.";
+ // Protocol Error: Unexpected EOF
+ protocolEx._message = "Encountered an EOF that violates the SSL Protocol.";
ICE_SSLERRORS(protocolEx._message);
ICE_EXCEPTION(protocolEx._message);
throw protocolEx;
}
+ }
- case SSL_ERROR_ZERO_RETURN:
- {
- ICE_EXCEPTION("SSL_ERROR_ZERO_RETURN");
+ case SSL_ERROR_SSL:
+ {
+ ProtocolException protocolEx(__FILE__, __LINE__);
- ConnectionLostException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
+ protocolEx._message = "Encountered a violation of the SSL Protocol.";
+
+ ICE_SSLERRORS(protocolEx._message);
+ ICE_EXCEPTION(protocolEx._message);
+
+ throw protocolEx;
+ }
+
+ case SSL_ERROR_ZERO_RETURN:
+ {
+ ICE_EXCEPTION("SSL_ERROR_ZERO_RETURN");
+ ICE_DEV_DEBUG("ServerConnection::write(): Throwing ConnectionLostException... SslConnectionOpenSSLServer.cpp, 430");
+
+ ConnectionLostException ex(__FILE__, __LINE__);
+ ex.error = getSocketErrno();
+ throw ex;
}
}
}