summaryrefslogtreecommitdiff
path: root/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/IceSSL/SecureTransportTransceiverI.cpp')
-rw-r--r--cpp/src/IceSSL/SecureTransportTransceiverI.cpp299
1 files changed, 112 insertions, 187 deletions
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
index 3a74ee44e5f..9a8534e70e5 100644
--- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
+++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
@@ -176,185 +176,152 @@ IceSSL::TransceiverI::getNativeInfo()
IceInternal::SocketOperation
IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::Buffer& writeBuffer, bool&)
{
- try
+ if(_state == StateNeedConnect)
{
- if(_state == StateNeedConnect)
- {
- _state = StateConnectPending;
- return IceInternal::SocketOperationConnect;
- }
- else if(_state <= StateConnectPending)
+ _state = StateConnectPending;
+ return IceInternal::SocketOperationConnect;
+ }
+ else if(_state <= StateConnectPending)
+ {
+ IceInternal::doFinishConnect(_fd);
+ _desc = IceInternal::fdToString(_fd, _proxy, _addr, true);
+
+ if(_proxy)
{
- IceInternal::doFinishConnect(_fd);
- _desc = IceInternal::fdToString(_fd, _proxy, _addr, true);
+ //
+ // Prepare the read & write buffers in advance.
+ //
+ _proxy->beginWriteConnectRequest(_addr, writeBuffer);
+ _proxy->beginReadConnectRequestResponse(readBuffer);
- if(_proxy)
+ //
+ // Write the proxy connection message using TCP.
+ //
+ if(writeRaw(writeBuffer))
{
//
- // Prepare the read & write buffers in advance.
+ // Write completed without blocking.
//
- _proxy->beginWriteConnectRequest(_addr, writeBuffer);
- _proxy->beginReadConnectRequestResponse(readBuffer);
+ _proxy->endWriteConnectRequest(writeBuffer);
//
- // Write the proxy connection message using TCP.
+ // Try to read the response using TCP.
//
- if(writeRaw(writeBuffer))
+ if(readRaw(readBuffer))
{
//
- // Write completed without blocking.
+ // Read completed without blocking - fall through.
//
- _proxy->endWriteConnectRequest(writeBuffer);
-
- //
- // Try to read the response using TCP.
- //
- if(readRaw(readBuffer))
- {
- //
- // Read completed without blocking - fall through.
- //
- _proxy->endReadConnectRequestResponse(readBuffer);
- }
- else
- {
- //
- // Return SocketOperationRead to indicate we need to complete the read.
- //
- _state = StateProxyConnectRequestPending; // Wait for proxy response
- return IceInternal::SocketOperationRead;
- }
+ _proxy->endReadConnectRequestResponse(readBuffer);
}
else
{
//
- // Return SocketOperationWrite to indicate we need to complete the write.
+ // Return SocketOperationRead to indicate we need to complete the read.
//
- _state = StateProxyConnectRequest; // Send proxy connect request
- return IceInternal::SocketOperationWrite;
+ _state = StateProxyConnectRequestPending; // Wait for proxy response
+ return IceInternal::SocketOperationRead;
}
}
-
- _state = StateConnected;
- }
- else if(_state == StateProxyConnectRequest)
- {
- //
- // Write completed.
- //
- _proxy->endWriteConnectRequest(writeBuffer);
- _state = StateProxyConnectRequestPending; // Wait for proxy response
- return IceInternal::SocketOperationRead;
- }
- else if(_state == StateProxyConnectRequestPending)
- {
- //
- // Read completed.
- //
- _proxy->endReadConnectRequestResponse(readBuffer);
- _state = StateConnected;
- }
-
- assert(_state == StateConnected);
-
- OSStatus err = 0;
- if(!_ssl)
- {
- //
- // Initialize SSL context
- //
- _ssl = _engine->newContext(_incoming);
- if((err = SSLSetIOFuncs(_ssl, socketRead, socketWrite)))
- {
- throw SecurityException(__FILE__, __LINE__, "IceSSL: setting IO functions failed\n" +
- errorToString(err));
- }
-
- if((err = SSLSetConnection(_ssl, reinterpret_cast<SSLConnectionRef>(this))))
+ else
{
- throw SecurityException(__FILE__, __LINE__, "IceSSL: setting SSL connection failed\n" +
- errorToString(err));
+ //
+ // Return SocketOperationWrite to indicate we need to complete the write.
+ //
+ _state = StateProxyConnectRequest; // Send proxy connect request
+ return IceInternal::SocketOperationWrite;
}
}
- SSLSessionState state;
- SSLGetSessionState(_ssl, &state);
+ _state = StateConnected;
+ }
+ else if(_state == StateProxyConnectRequest)
+ {
+ //
+ // Write completed.
+ //
+ _proxy->endWriteConnectRequest(writeBuffer);
+ _state = StateProxyConnectRequestPending; // Wait for proxy response
+ return IceInternal::SocketOperationRead;
+ }
+ else if(_state == StateProxyConnectRequestPending)
+ {
+ //
+ // Read completed.
+ //
+ _proxy->endReadConnectRequestResponse(readBuffer);
+ _state = StateConnected;
+ }
+
+ assert(_state == StateConnected);
+ OSStatus err = 0;
+ if(!_ssl)
+ {
//
- // SSL Handshake
+ // Initialize SSL context
//
- while(state == kSSLHandshake || state == kSSLIdle)
+ _ssl = _engine->newContext(_incoming);
+ if((err = SSLSetIOFuncs(_ssl, socketRead, socketWrite)))
{
- err = SSLHandshake(_ssl);
- if(err == noErr)
- {
- break; // We're done!
- }
- else if(err == errSSLWouldBlock)
- {
- assert(_flags & SSLWantRead || _flags & SSLWantWrite);
- return _flags & SSLWantRead ? IceInternal::SocketOperationRead : IceInternal::SocketOperationWrite;
- }
- else if(err == errSSLPeerAuthCompleted)
- {
- assert(!_trust);
- err = SSLCopyPeerTrust(_ssl, &_trust);
- if(err == noErr)
- {
- checkTrustResult(_trust, _engine, _instance);
- continue; // Call SSLHandshake to resume the handsake.
- }
- // Let it fall through, this will raise a SecurityException with the SSLCopyPeerTrust error.
- }
- else if(err == errSSLClosedGraceful || err == errSSLClosedAbort)
- {
- throw ConnectionLostException(__FILE__, __LINE__, 0);
- }
+ throw SecurityException(__FILE__, __LINE__, "IceSSL: setting IO functions failed\n" +
+ errorToString(err));
+ }
- IceInternal::Address remoteAddr;
- string desc = "<not available>";
- if(IceInternal::fdToRemoteAddress(_fd, remoteAddr))
- {
- desc = IceInternal::addrToString(remoteAddr);
- }
- ostringstream os;
- os << "IceSSL: ssl error occurred for new " << (_incoming ? "incoming" : "outgoing") << " connection:\n"
- << "remote address = " << desc << "\n" << errorToString(err);
- throw ProtocolException(__FILE__, __LINE__, os.str());
+ if((err = SSLSetConnection(_ssl, reinterpret_cast<SSLConnectionRef>(this))))
+ {
+ throw SecurityException(__FILE__, __LINE__, "IceSSL: setting SSL connection failed\n" +
+ errorToString(err));
}
- _engine->verifyPeer(_fd, _host, getNativeConnectionInfo());
- _state = StateHandshakeComplete;
}
- catch(const Ice::LocalException& ex)
+
+ SSLSessionState state;
+ SSLGetSessionState(_ssl, &state);
+
+ //
+ // SSL Handshake
+ //
+ while(state == kSSLHandshake || state == kSSLIdle)
{
- if(_instance->traceLevel() >= 2)
+ err = SSLHandshake(_ssl);
+ if(err == noErr)
{
- Trace out(_instance->logger(), _instance->traceCategory());
- out << "failed to establish " << _instance->protocol() << " connection\n";
- if(_incoming)
- {
- out << IceInternal::fdToString(_fd) << "\n" << ex;
- }
- else
+ break; // We're done!
+ }
+ else if(err == errSSLWouldBlock)
+ {
+ assert(_flags & SSLWantRead || _flags & SSLWantWrite);
+ return _flags & SSLWantRead ? IceInternal::SocketOperationRead : IceInternal::SocketOperationWrite;
+ }
+ else if(err == errSSLPeerAuthCompleted)
+ {
+ assert(!_trust);
+ err = SSLCopyPeerTrust(_ssl, &_trust);
+ if(err == noErr)
{
- out << IceInternal::fdToString(_fd, _proxy, _addr, false) << "\n" << ex;
+ checkTrustResult(_trust, _engine, _instance);
+ continue; // Call SSLHandshake to resume the handsake.
}
+ // Let it fall through, this will raise a SecurityException with the SSLCopyPeerTrust error.
}
- throw;
- }
-
- if(_instance->traceLevel() >= 1)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- if(_incoming)
+ else if(err == errSSLClosedGraceful || err == errSSLClosedAbort)
{
- out << "accepted " << _instance->protocol() << " connection\n" << _desc;
+ throw ConnectionLostException(__FILE__, __LINE__, 0);
}
- else
+
+ IceInternal::Address remoteAddr;
+ string desc = "<not available>";
+ if(IceInternal::fdToRemoteAddress(_fd, remoteAddr))
{
- out << _instance->protocol() << " connection established\n" << _desc;
+ desc = IceInternal::addrToString(remoteAddr);
}
+ ostringstream os;
+ os << "IceSSL: ssl error occurred for new " << (_incoming ? "incoming" : "outgoing") << " connection:\n"
+ << "remote address = " << desc << "\n" << errorToString(err);
+ throw ProtocolException(__FILE__, __LINE__, os.str());
}
+ _engine->verifyPeer(_fd, _host, getNativeConnectionInfo());
+ _state = StateHandshakeComplete;
if(_instance->engine()->securityTraceLevel() >= 1)
{
@@ -396,12 +363,6 @@ IceSSL::TransceiverI::closing(bool initiator, const Ice::LocalException&)
void
IceSSL::TransceiverI::close()
{
- if(_state == StateHandshakeComplete && _instance->traceLevel() >= 1)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- out << "closing " << _instance->protocol() << " connection\n" << toString();
- }
-
if(_trust)
{
CFRelease(_trust);
@@ -493,21 +454,6 @@ IceSSL::TransceiverI::write(IceInternal::Buffer& buf)
}
}
- if(_instance->traceLevel() >= 3)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- out << "sent ";
- if(_buffered)
- {
- out << _buffered << " of " << _buffered;
- }
- else
- {
- out << processed << " of " << packetSize;
- }
- out << " bytes via " << protocol() << "\n" << toString();
- }
-
if(_buffered)
{
buf.i += _buffered;
@@ -559,16 +505,6 @@ IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool&)
size_t processed = 0;
OSStatus err = SSLRead(_ssl, reinterpret_cast<void*>(buf.i), packetSize, &processed);
- if(processed)
- {
- if(_instance->traceLevel() >= 3)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- out << "received " << processed << " of " << packetSize << " bytes via " << protocol() << "\n"
- << toString();
- }
- }
-
if(err)
{
if(err == errSSLWouldBlock)
@@ -630,6 +566,12 @@ IceSSL::TransceiverI::toString() const
return _desc;
}
+string
+IceSSL::TransceiverI::toDetailedString() const
+{
+ return toString();
+}
+
Ice::ConnectionInfoPtr
IceSSL::TransceiverI::getInfo() const
{
@@ -670,11 +612,6 @@ IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, SOCKET fd, const
{
_state = StateConnected;
_desc = IceInternal::fdToString(_fd, _proxy, _addr, true);
- if(_instance->traceLevel() >= 1)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- out << _instance->protocol() << " connection established\n" << _desc;
- }
}
else
{
@@ -790,12 +727,6 @@ IceSSL::TransceiverI::writeRaw(IceInternal::Buffer& buf)
}
}
- if(_instance->traceLevel() >= 3)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- out << "sent " << ret << " of " << packetSize << " bytes via " << protocol() << "\n" << toString();
- }
-
buf.i += ret;
if(packetSize > buf.b.end() - buf.i)
@@ -849,12 +780,6 @@ IceSSL::TransceiverI::readRaw(IceInternal::Buffer& buf)
}
}
- if(_instance->traceLevel() >= 3)
- {
- Trace out(_instance->logger(), _instance->traceCategory());
- out << "received " << ret << " of " << packetSize << " bytes via " << protocol() << "\n" << toString();
- }
-
buf.i += ret;
if(packetSize > buf.b.end() - buf.i)
{
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-05 14:42:44 +0000