diff options
Diffstat (limited to 'cpp/src/IceSSL/Util.cpp')
| -rw-r--r-- | cpp/src/IceSSL/Util.cpp | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp index e472d1f2e4e..54b9b9c3ebd 100644 --- a/cpp/src/IceSSL/Util.cpp +++ b/cpp/src/IceSSL/Util.cpp @@ -317,74 +317,6 @@ IceSSL::checkPath(string& path, const string& defaultDir, bool dir) return false; } -IceSSL::ConnectionInfo -IceSSL::populateConnectionInfo(SSL* ssl, SOCKET fd, const string& adapterName, bool incoming) -{ - ConnectionInfo info; - info.adapterName = adapterName; - info.incoming = incoming; - - assert(ssl != 0); - - // - // On the client side, SSL_get_peer_cert_chain returns the entire chain of certs. - // On the server side, the peer certificate must be obtained separately. - // - // Since we have no clear idea whether the connection is server or client side, - // the peer certificate is obtained separately and compared against the first - // certificate in the chain. If they are not the same, it is added to the chain. - // - X509* cert = SSL_get_peer_certificate(ssl); - STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl); - if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0))) - { - info.certs.push_back(new Certificate(cert)); - } - else - { - X509_free(cert); - } - - if(chain != 0) - { - for(int i = 0; i < sk_X509_num(chain); ++i) - { - X509* cert = sk_X509_value(chain, i); - // - // Duplicate the certificate since the stack comes straight from the SSL connection. - // - info.certs.push_back(new Certificate(X509_dup(cert))); - } - } - - info.cipher = SSL_get_cipher_name(ssl); // Nothing needs to be free'd. - - IceInternal::fdToLocalAddress(fd, info.localAddr); - - if(!IceInternal::fdToRemoteAddress(fd, info.remoteAddr)) - { -#ifdef _WIN32 - // - // A bug exists in Windows XP Service Pack 2 that causes getpeername to return a - // "socket not connected" error when using IPv6. See the following bug report: - // - // https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=338445 - // - // As a workaround, we do not raise a socket exception, but instead return a - // "null" value for the remote address. - // - memset(&info.remoteAddr, 0, sizeof(info.remoteAddr)); - info.remoteAddr.ss_family = AF_UNSPEC; -#else - SocketException ex(__FILE__, __LINE__); - ex.error = IceInternal::getSocketErrno(); - throw ex; -#endif - } - - return info; -} - string IceSSL::getSslErrors(bool verbose) { |