diff options
Diffstat (limited to 'cpp/src/IceSSL/Instance.cpp')
| -rw-r--r-- | cpp/src/IceSSL/Instance.cpp | 153 |
1 files changed, 89 insertions, 64 deletions
diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/Instance.cpp index 585620c1c58..c46d740cd5f 100644 --- a/cpp/src/IceSSL/Instance.cpp +++ b/cpp/src/IceSSL/Instance.cpp @@ -184,96 +184,121 @@ IceSSL::Instance::Instance(const CommunicatorPtr& communicator) : PropertiesPtr properties = communicator->getProperties(); // - // Create the mutexes and set the callbacks. + // The IceSSL.InitOpenSSL property specifies whether we should perform the global + // startup (and shutdown) tasks for the OpenSSL library. // - if(!locks) + // If an application uses multiple components that each depend on OpenSSL, the + // application should disable OpenSSL initialization in those components and + // perform the initialization itself. + // + _initOpenSSL = properties->getPropertyAsIntWithDefault("IceSSL.InitOpenSSL", 1) > 0; + if(_initOpenSSL) { - locks = new IceUtil::Mutex[CRYPTO_num_locks()]; - CRYPTO_set_locking_callback(IceSSL_opensslLockCallback); - CRYPTO_set_id_callback(IceSSL_opensslThreadIdCallback); - } + // + // Create the mutexes and set the callbacks. + // + if(!locks) + { + locks = new IceUtil::Mutex[CRYPTO_num_locks()]; + CRYPTO_set_locking_callback(IceSSL_opensslLockCallback); + CRYPTO_set_id_callback(IceSSL_opensslThreadIdCallback); + } - // - // Load human-readable error messages. - // - SSL_load_error_strings(); + // + // Load human-readable error messages. + // + SSL_load_error_strings(); - // - // Initialize the SSL library. - // - SSL_library_init(); + // + // Initialize the SSL library. + // + SSL_library_init(); - // - // This is necessary to allow programs that use OpenSSL 0.9.x to - // load private key files generated by OpenSSL 1.x. - // - OpenSSL_add_all_algorithms(); + // + // This is necessary to allow programs that use OpenSSL 0.9.x to + // load private key files generated by OpenSSL 1.x. + // + OpenSSL_add_all_algorithms(); - // - // Initialize the PRNG. - // + // + // Initialize the PRNG. + // #ifdef WINDOWS - RAND_screen(); // Uses data from the screen if possible. + RAND_screen(); // Uses data from the screen if possible. #endif - char randFile[1024]; - if(RAND_file_name(randFile, sizeof(randFile))) // Gets the name of a default seed file. - { - RAND_load_file(randFile, 1024); - } - string randFiles = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.Random")); + char randFile[1024]; + if(RAND_file_name(randFile, sizeof(randFile))) // Gets the name of a default seed file. + { + RAND_load_file(randFile, 1024); + } + string randFiles = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.Random")); - if(!randFiles.empty()) - { - vector<string> files; + if(!randFiles.empty()) + { + vector<string> files; #ifdef _WIN32 - const string sep = ";"; + const string sep = ";"; #else - const string sep = ":"; + const string sep = ":"; #endif - string defaultDir = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.DefaultDir")); + string defaultDir = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.DefaultDir")); - if(!IceUtilInternal::splitString(randFiles, sep, files)) - { - PluginInitializationException ex(__FILE__, __LINE__); - ex.reason = "IceSSL: invalid value for IceSSL.Random:\n" + randFiles; - throw ex; - } - for(vector<string>::iterator p = files.begin(); p != files.end(); ++p) - { - string file = *p; - if(!checkPath(file, defaultDir, false)) + if(!IceUtilInternal::splitString(randFiles, sep, files)) { PluginInitializationException ex(__FILE__, __LINE__); - ex.reason = "IceSSL: entropy data file not found:\n" + file; + ex.reason = "IceSSL: invalid value for IceSSL.Random:\n" + randFiles; throw ex; } - if(!RAND_load_file(file.c_str(), 1024)) + for(vector<string>::iterator p = files.begin(); p != files.end(); ++p) + { + string file = *p; + if(!checkPath(file, defaultDir, false)) + { + PluginInitializationException ex(__FILE__, __LINE__); + ex.reason = "IceSSL: entropy data file not found:\n" + file; + throw ex; + } + if(!RAND_load_file(file.c_str(), 1024)) + { + PluginInitializationException ex(__FILE__, __LINE__); + ex.reason = "IceSSL: unable to load entropy data from " + file; + throw ex; + } + } + } +#ifndef _WIN32 + // + // The Entropy Gathering Daemon (EGD) is not available on Windows. + // The file should be a Unix domain socket for the daemon. + // + string entropyDaemon = properties->getProperty("IceSSL.EntropyDaemon"); + if(!entropyDaemon.empty()) + { + if(RAND_egd(entropyDaemon.c_str()) <= 0) { PluginInitializationException ex(__FILE__, __LINE__); - ex.reason = "IceSSL: unable to load entropy data from " + file; + ex.reason = "IceSSL: EGD failure using file " + entropyDaemon; throw ex; } } +#endif + if(!RAND_status()) + { + communicator->getLogger()->warning("IceSSL: insufficient data to initialize PRNG"); + } } -#ifndef _WIN32 - // - // The Entropy Gathering Daemon (EGD) is not available on Windows. - // The file should be a Unix domain socket for the daemon. - // - string entropyDaemon = properties->getProperty("IceSSL.EntropyDaemon"); - if(!entropyDaemon.empty()) + else { - if(RAND_egd(entropyDaemon.c_str()) <= 0) + if(!properties->getProperty("IceSSL.Random").empty()) { - PluginInitializationException ex(__FILE__, __LINE__); - ex.reason = "IceSSL: EGD failure using file " + entropyDaemon; - throw ex; + _logger->warning("IceSSL: ignoring IceSSL.Random because OpenSSL initialization is disabled"); + } +#ifndef _WIN32 + else if(!properties->getProperty("IceSSL.EntropyDaemon").empty()) + { + _logger->warning("IceSSL: ignoring IceSSL.EntropyDaemon because OpenSSL initialization is disabled"); } - } #endif - if(!RAND_status()) - { - communicator->getLogger()->warning("IceSSL: insufficient data to initialize PRNG"); } } @@ -299,7 +324,7 @@ IceSSL::Instance::~Instance() // IceUtilInternal::MutexPtrLock<IceUtil::Mutex> sync(staticMutex); - if(--instanceCount == 0) + if(--instanceCount == 0 && _initOpenSSL) { // // NOTE: We can't destroy the locks here: threads which might have called openssl methods |