diff options
Diffstat (limited to 'cpp/src')
| -rw-r--r-- | cpp/src/Ice/Security.h | 296 | ||||
| -rw-r--r-- | cpp/src/Ice/SslConnectionOpenSSL.cpp | 36 | ||||
| -rw-r--r-- | cpp/src/Ice/SslConnectionOpenSSL.h | 8 | ||||
| -rw-r--r-- | cpp/src/Ice/SslConnectionOpenSSLClient.cpp | 65 | ||||
| -rw-r--r-- | cpp/src/Ice/SslConnectionOpenSSLServer.cpp | 61 | ||||
| -rw-r--r-- | cpp/src/Ice/SslFactory.cpp | 50 | ||||
| -rw-r--r-- | cpp/src/Ice/SslSystemOpenSSL.cpp | 84 | ||||
| -rw-r--r-- | cpp/src/Ice/SslSystemOpenSSL.h | 2 |
8 files changed, 339 insertions, 263 deletions
diff --git a/cpp/src/Ice/Security.h b/cpp/src/Ice/Security.h index 821636ab2fd..29005412f03 100644 --- a/cpp/src/Ice/Security.h +++ b/cpp/src/Ice/Security.h @@ -1,141 +1,155 @@ -// ********************************************************************** -// -// Copyright (c) 2001 -// MutableRealms, Inc. -// Huntsville, AL, USA -// -// All Rights Reserved -// -// ********************************************************************** -#ifndef ICE_SECURITY_H -#define ICE_SECURITY_H - -// NOTE: Define USE_SOCKETS in order to turn on use of sockets in OpenSSL -#ifndef USE_SOCKETS -#define USE_SOCKETS -#endif - -#include <openssl/ssl.h> - -namespace IceSecurity -{ - -typedef enum -{ - NO_SECURITY_TRACE = 0, - SECURITY_WARNINGS, - SECURITY_PARSE_WARNINGS, - SECURITY_METHODS, - SECURITY_EXCEPTIONS, - SECURITY_PROTOCOL, - SECURITY_PROTOCOL_DEBUG -} SecurityTraceLevel; - -} - -#define ICE_SECURITY_LOGGER(s) _logger->trace(_traceLevels->securityCat, s); - -#ifdef ICE_SECURITY_DEBUG - -#define ICE_SECURITY_LEVEL_METHODS (_traceLevels->security >= IceSecurity::SECURITY_METHODS) -#define ICE_SECURITY_LEVEL_PARSEWARNINGS (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS) -#define ICE_SECURITY_LEVEL_WARNINGS (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) -#define ICE_SECURITY_LEVEL_EXCEPTIONS (_traceLevels->security >= IceSecurity::SECURITY_EXCEPTIONS) -#define ICE_SECURITY_LEVEL_PROTOCOL (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) -#define ICE_SECURITY_LEVEL_PROTOCOL_DEBUG (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL_DEBUG) - -#define ICE_SECURITY_LEVEL_PROTOCOL_GLOBAL \ - (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL) - -#define ICE_METHOD_INV(s) \ - if (ICE_SECURITY_LEVEL_METHODS) \ - { \ - ICE_SECURITY_LOGGER("INV " + string(s)); \ - } - -#define ICE_METHOD_INS(s) \ - if (ICE_SECURITY_LEVEL_METHODS) \ - { \ - ICE_SECURITY_LOGGER("INS " + string(s)); \ - } - -#define ICE_METHOD_RET(s) \ - if (ICE_SECURITY_LEVEL_METHODS) \ - { \ - ICE_SECURITY_LOGGER("RET " + string(s)); \ - } - -#define ICE_PARSE_WARNING(s) \ - if (ICE_SECURITY_LEVEL_PARSEWARNINGS) \ - { \ - ICE_SECURITY_LOGGER("PWN " + string(s)); \ - } - -#define ICE_WARNING(s) \ - if (ICE_SECURITY_LEVEL_WARNINGS) \ - { \ - ICE_SECURITY_LOGGER("WRN " + string(s)); \ - } - -#define ICE_EXCEPTION(s) \ - if (ICE_SECURITY_LEVEL_EXCEPTIONS) \ - { \ - ICE_SECURITY_LOGGER("EXC " + string(s)); \ - } - -#define ICE_PROTOCOL(s) \ - if (ICE_SECURITY_LEVEL_PROTOCOL) \ - { \ - ICE_SECURITY_LOGGER("PTL " + string(s)); \ - } - -#define ICE_PROTOCOL_DEBUG(s) \ - if (ICE_SECURITY_LEVEL_PROTOCOL_DEBUG) \ - { \ - ICE_SECURITY_LOGGER("DBG " + string(s)); \ - } - -#else - -#define ICE_SECURITY_LEVEL_METHODS false -#define ICE_SECURITY_LEVEL_PARSEWARNINGS (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS) -#define ICE_SECURITY_LEVEL_WARNINGS (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) -#define ICE_SECURITY_LEVEL_EXCEPTIONS false -#define ICE_SECURITY_LEVEL_PROTOCOL false -#define ICE_SECURITY_LEVEL_PROTOCOL_DEBUG false -#define ICE_SECURITY_LEVEL_PROTOCOL_GLOBAL false - -#define ICE_METHOD_INV(s) -#define ICE_METHOD_INS(s) -#define ICE_METHOD_RET(s) - -#define ICE_PARSE_WARNING(s) \ - if (ICE_SECURITY_LEVEL_PARSEWARNINGS) \ - { \ - ICE_SECURITY_LOGGER("PWN " + string(s)); \ - } - -#define ICE_WARNING(s) \ - if (ICE_SECURITY_LEVEL_WARNINGS) \ - { \ - ICE_SECURITY_LOGGER("WRN " + string(s)); \ - } - -#define ICE_EXCEPTION(s) -#define ICE_PROTOCOL(s) -#define ICE_PROTOCOL_DEBUG(s) - -#endif - -#define ICE_SSLERRORS(s) \ - if (!s.empty()) \ - { \ - s += "\n"; \ - s += sslGetErrors(); \ - } \ - else \ - { \ - s = sslGetErrors(); \ - } - -#endif +// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+#ifndef ICE_SECURITY_H
+#define ICE_SECURITY_H
+
+// NOTE: Define USE_SOCKETS in order to turn on use of sockets in OpenSSL
+#ifndef USE_SOCKETS
+#define USE_SOCKETS
+#endif
+
+#include <openssl/ssl.h>
+
+namespace IceSecurity
+{
+
+typedef enum
+{
+ NO_SECURITY_TRACE = 0,
+ SECURITY_WARNINGS,
+ SECURITY_PARSE_WARNINGS,
+ SECURITY_METHODS,
+ SECURITY_EXCEPTIONS,
+ SECURITY_PROTOCOL,
+ SECURITY_PROTOCOL_DEBUG
+} SecurityTraceLevel;
+
+}
+
+#ifdef WIN32
+#define GETTHREADID GetCurrentThreadId()
+#else
+#define GETTHREADID getpid()
+#endif
+
+#ifdef ICE_SECURITY_DISPLAYTHREADS
+#define ICE_SECURITY_LOGGER(s) \
+ ostringstream thread; \
+ thread << "Thread(" << dec << GETTHREADID << ") "; \
+ _logger->trace(_traceLevels->securityCat, thread.str() + s);
+#else
+#define ICE_SECURITY_LOGGER(s) _logger->trace(_traceLevels->securityCat, s);
+#endif
+
+
+#ifdef ICE_SECURITY_DEBUG
+
+#define ICE_SECURITY_LEVEL_METHODS (_traceLevels->security >= IceSecurity::SECURITY_METHODS)
+#define ICE_SECURITY_LEVEL_PARSEWARNINGS (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS)
+#define ICE_SECURITY_LEVEL_WARNINGS (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
+#define ICE_SECURITY_LEVEL_EXCEPTIONS (_traceLevels->security >= IceSecurity::SECURITY_EXCEPTIONS)
+#define ICE_SECURITY_LEVEL_PROTOCOL (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
+#define ICE_SECURITY_LEVEL_PROTOCOL_DEBUG (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL_DEBUG)
+
+#define ICE_SECURITY_LEVEL_PROTOCOL_GLOBAL \
+ (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
+
+#define ICE_METHOD_INV(s) \
+ if (ICE_SECURITY_LEVEL_METHODS) \
+ { \
+ ICE_SECURITY_LOGGER("INV " + string(s)); \
+ }
+
+#define ICE_METHOD_INS(s) \
+ if (ICE_SECURITY_LEVEL_METHODS) \
+ { \
+ ICE_SECURITY_LOGGER("INS " + string(s)); \
+ }
+
+#define ICE_METHOD_RET(s) \
+ if (ICE_SECURITY_LEVEL_METHODS) \
+ { \
+ ICE_SECURITY_LOGGER("RET " + string(s)); \
+ }
+
+#define ICE_PARSE_WARNING(s) \
+ if (ICE_SECURITY_LEVEL_PARSEWARNINGS) \
+ { \
+ ICE_SECURITY_LOGGER("PWN " + string(s)); \
+ }
+
+#define ICE_WARNING(s) \
+ if (ICE_SECURITY_LEVEL_WARNINGS) \
+ { \
+ ICE_SECURITY_LOGGER("WRN " + string(s)); \
+ }
+
+#define ICE_EXCEPTION(s) \
+ if (ICE_SECURITY_LEVEL_EXCEPTIONS) \
+ { \
+ ICE_SECURITY_LOGGER("EXC " + string(s)); \
+ }
+
+#define ICE_PROTOCOL(s) \
+ if (ICE_SECURITY_LEVEL_PROTOCOL) \
+ { \
+ ICE_SECURITY_LOGGER("PTL " + string(s)); \
+ }
+
+#define ICE_PROTOCOL_DEBUG(s) \
+ if (ICE_SECURITY_LEVEL_PROTOCOL_DEBUG) \
+ { \
+ ICE_SECURITY_LOGGER("DBG " + string(s)); \
+ }
+
+#else
+
+#define ICE_SECURITY_LEVEL_METHODS false
+#define ICE_SECURITY_LEVEL_PARSEWARNINGS (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS)
+#define ICE_SECURITY_LEVEL_WARNINGS (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
+#define ICE_SECURITY_LEVEL_EXCEPTIONS false
+#define ICE_SECURITY_LEVEL_PROTOCOL false
+#define ICE_SECURITY_LEVEL_PROTOCOL_DEBUG false
+#define ICE_SECURITY_LEVEL_PROTOCOL_GLOBAL false
+
+#define ICE_METHOD_INV(s)
+#define ICE_METHOD_INS(s)
+#define ICE_METHOD_RET(s)
+
+#define ICE_PARSE_WARNING(s) \
+ if (ICE_SECURITY_LEVEL_PARSEWARNINGS) \
+ { \
+ ICE_SECURITY_LOGGER("PWN " + string(s)); \
+ }
+
+#define ICE_WARNING(s) \
+ if (ICE_SECURITY_LEVEL_WARNINGS) \
+ { \
+ ICE_SECURITY_LOGGER("WRN " + string(s)); \
+ }
+
+#define ICE_EXCEPTION(s)
+#define ICE_PROTOCOL(s)
+#define ICE_PROTOCOL_DEBUG(s)
+
+#endif
+
+#define ICE_SSLERRORS(s) \
+ if (!s.empty()) \
+ { \
+ s += "\n"; \
+ s += sslGetErrors(); \
+ } \
+ else \
+ { \
+ s = sslGetErrors(); \
+ }
+
+#endif
diff --git a/cpp/src/Ice/SslConnectionOpenSSL.cpp b/cpp/src/Ice/SslConnectionOpenSSL.cpp index a8f937710b7..3b150bb3f49 100644 --- a/cpp/src/Ice/SslConnectionOpenSSL.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSL.cpp @@ -45,8 +45,13 @@ IceSecurity::Ssl::OpenSSL::Connection::Connection(SSL* sslConnection, string& sy _lastError = SSL_ERROR_NONE; - initWantRead = 0; - initWantWrite = 0; + _initWantRead = 0; + _initWantWrite = 0; +
+ _timeoutEncountered = false;
+
+ // None configured, default to indicated timeout
+ _handshakeReadTimeout = 0;
} IceSecurity::Ssl::OpenSSL::Connection::~Connection() @@ -323,7 +328,8 @@ IceSecurity::Ssl::OpenSSL::Connection::readSelect(int timeout) } if (ret == 0) - { + {
+ _timeoutEncountered = true; throw TimeoutException(__FILE__, __LINE__); } @@ -400,17 +406,19 @@ IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout) { bytesPending = pending(); - if (!bytesPending && readSelect(timeout)) - { - bytesPending = 1; - } - - if (!bytesPending) - { - // We're done here. - break; - } - + if (!bytesPending && readSelect(_readTimeout))
+ {
+ bytesPending = 1;
+ }
+
+ _readTimeout = timeout;
+
+ if (!bytesPending)
+ {
+ // We're done here.
+ break;
+ }
+
bytesRead = sslRead((char *)buf.i, packetSize); switch (getLastError()) diff --git a/cpp/src/Ice/SslConnectionOpenSSL.h b/cpp/src/Ice/SslConnectionOpenSSL.h index c0c8be8b5b3..9a89277262f 100644 --- a/cpp/src/Ice/SslConnectionOpenSSL.h +++ b/cpp/src/Ice/SslConnectionOpenSSL.h @@ -47,6 +47,7 @@ public: void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; }; void setLogger(LoggerPtr traceLevels) { _logger = traceLevels; }; + void setHandshakeReadTimeout(int timeout) { _handshakeReadTimeout = timeout; };
protected: @@ -103,8 +104,11 @@ protected: System* _system; JTCMutex _initMutex; - int initWantRead; - int initWantWrite; + int _initWantRead; + int _initWantWrite; + bool _timeoutEncountered;
+ int _handshakeReadTimeout;
+ int _readTimeout;
}; } diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp index 209f9725c7a..d1d39597c0c 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp @@ -77,35 +77,50 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout) { JTCSyncT<JTCMutex> sync(_initMutex); - int retCode = 0; - - ICE_METHOD_INV("OpenSSL::ClientConnection::init()"); + ICE_METHOD_INV("OpenSSL::ClientConnection::init()");
+
+ if (_timeoutEncountered)
+ {
+ throw TimeoutException(__FILE__, __LINE__);
+ }
+
+ int retCode = SSL_is_init_finished(_sslConnection); - if (!SSL_is_init_finished(_sslConnection)) + while (!retCode) { - int i = 0; - - if (initWantRead) - { - i = readSelect(timeout); - } - else if (initWantWrite) - { - i = writeSelect(timeout); + int i = 0;
+
+ _readTimeout = timeout;
+
+ try
+ {
+ if (_initWantRead) + { + i = readSelect(timeout); + } + else if (_initWantWrite) + { + i = writeSelect(timeout); + }
+ }
+ catch (const TimeoutException&)
+ {
+ _timeoutEncountered = true;
+ throw;
} - if (initWantRead && i == 0) + if (_initWantRead && i == 0) { return 0; } - if (initWantWrite && i == 0) + if (_initWantWrite && i == 0) { return 0; } - initWantRead = 0; - initWantWrite = 0; + _initWantRead = 0; + _initWantWrite = 0; int result = connect(); @@ -118,13 +133,13 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout) { case SSL_ERROR_WANT_READ: { - initWantRead = 1; + _initWantRead = 1; break; } case SSL_ERROR_WANT_WRITE: { - initWantWrite = 1; + _initWantWrite = 1; break; } @@ -201,14 +216,12 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout) if (retCode > 0) { + _readTimeout = timeout > _handshakeReadTimeout ? timeout : _handshakeReadTimeout;
+
// Init finished, look at the connection information. showConnectionInfo(); } } - else - { - retCode = 1; - } ICE_METHOD_RET("OpenSSL::ClientConnection::init()"); @@ -255,8 +268,8 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::write(Buffer& buf, int timeout) int totalBytesWritten = 0; int bytesWritten = 0; - int packetSize = buf.b.end() - buf.i; - + int packetSize = buf.b.end() - buf.i;
+
#ifdef WIN32 // // Limit packet size to avoid performance problems on WIN32. @@ -447,7 +460,7 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::showConnectionInfo() ICE_METHOD_INV("OpenSSL::ClientConnection::showConnectionInfo()"); // Only in extreme cases do we enable this, partially because it doesn't use the Logger. - if (ICE_SECURITY_LEVEL_PROTOCOL_DEBUG) + if (ICE_SECURITY_LEVEL_PROTOCOL_DEBUG && 0) { ICE_PROTOCOL_DEBUG("Begin Connection Information"); diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp index 35547fa3a2c..f2244f85455 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp @@ -82,35 +82,50 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) { JTCSyncT<JTCMutex> sync(_initMutex); - int retCode = 0; + ICE_METHOD_INV("OpenSSL::ServerConnection::init()");
+
+ if (_timeoutEncountered)
+ {
+ throw TimeoutException(__FILE__, __LINE__);
+ }
+
+ int retCode = SSL_is_init_finished(_sslConnection); - ICE_METHOD_INV("OpenSSL::ServerConnection::init()"); - - if (!SSL_is_init_finished(_sslConnection)) + while (!retCode) { int i = 0; - if (initWantRead) - { - i = readSelect(timeout); - } - else if (initWantWrite) - { - i = writeSelect(timeout); - } - - if (initWantRead && i == 0) + _readTimeout = timeout;
+
+ try
+ {
+ if (_initWantRead)
+ {
+ i = readSelect(timeout);
+ }
+ else if (_initWantWrite)
+ {
+ i = writeSelect(timeout);
+ }
+ }
+ catch (const TimeoutException&)
+ {
+ _timeoutEncountered = true;
+ throw;
+ }
+
+ if (_initWantRead && i == 0) { return 0; } - if (initWantWrite && i == 0) + if (_initWantWrite && i == 0) { return 0; } - initWantRead = 0; - initWantWrite = 0; + _initWantRead = 0; + _initWantWrite = 0; int result = accept(); @@ -150,13 +165,13 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) { case SSL_ERROR_WANT_READ: { - initWantRead = 1; + _initWantRead = 1; break; } case SSL_ERROR_WANT_WRITE: { - initWantWrite = 1; + _initWantWrite = 1; break; } @@ -231,14 +246,12 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) if (retCode > 0) { + _readTimeout = timeout > _handshakeReadTimeout ? timeout : _handshakeReadTimeout;
+
// Init finished, look at the connection information. showConnectionInfo(); } } - else - { - retCode = 1; - } ICE_METHOD_RET("OpenSSL::ServerConnection::init()"); @@ -283,7 +296,7 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout) int totalBytesWritten = 0; int bytesWritten = 0; - int packetSize = buf.b.end() - buf.i; + int packetSize = buf.b.end() - buf.i;
#ifdef WIN32 // diff --git a/cpp/src/Ice/SslFactory.cpp b/cpp/src/Ice/SslFactory.cpp index 54e0af0a8fc..45d962adb9e 100644 --- a/cpp/src/Ice/SslFactory.cpp +++ b/cpp/src/Ice/SslFactory.cpp @@ -12,22 +12,70 @@ #endif #include <Ice/SslFactory.h> -#include <Ice/SslSystemOpenSSL.h> +#include <Ice/SslSystemOpenSSL.h>
+#include <Ice/Security.h> +
+#define OPENSSL_THREAD_DEFINES
+#include <openssl/opensslconf.h>
+#if defined(THREADS)
+#else
+#error "Thread support not enabled"
+#endif
+
namespace IceSecurity { namespace Ssl { +
+
+extern "C"
+{
+ void lockingCallback(int, int, const char*, int);
+}
// Static member instantiations. JTCMutex Factory::_systemRepositoryMutex; SystemMap Factory::_systemRepository; SslHandleSystemMap Factory::_sslHandleSystemRepository; +
+class SslLockKeeper
+{
+
+public:
+ SslLockKeeper()
+ {
+ CRYPTO_set_locking_callback((void (*)(int, int, const char*, int))lockingCallback);
+ }
+
+ ~SslLockKeeper()
+ {
+ CRYPTO_set_locking_callback(NULL);
+ }
+
+ JTCMutex sslLocks[CRYPTO_NUM_LOCKS];
+
+};
+
+SslLockKeeper lockKeeper;
} } +
+void IceSecurity::Ssl::lockingCallback(int mode, int type, const char *file, int line)
+{
+ if (mode & CRYPTO_LOCK)
+ {
+ lockKeeper.sslLocks[type].lock();
+ }
+ else
+ {
+ lockKeeper.sslLocks[type].unlock();
+ }
+}
+
IceSecurity::Ssl::System* IceSecurity::Ssl::Factory::getSystem(string& systemIdentifier) diff --git a/cpp/src/Ice/SslSystemOpenSSL.cpp b/cpp/src/Ice/SslSystemOpenSSL.cpp index 1bac81e1e63..5da6270aa8f 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.cpp +++ b/cpp/src/Ice/SslSystemOpenSSL.cpp @@ -279,7 +279,6 @@ verifyCallback(int ok, X509_STORE_CTX *ctx) }
// Only if ICE_PROTOCOL level logging is on do we worry about this.
-// if (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
if (ICE_SECURITY_LEVEL_PROTOCOL_GLOBAL)
{
char buf[256];
@@ -426,7 +425,7 @@ bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
{
- outStringStream << "PTC ";
+ outStringStream << "PTC Thread(" << dec << GETTHREADID << ") ";
outStringStream << "read from " << hex << (void *)bio << " [" << hex << (void *)argp;
outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x";
outStringStream << hex << ret << "))";
@@ -434,7 +433,7 @@ bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) }
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
{
- outStringStream << "PTC ";
+ outStringStream << "PTC Thread(" << dec << GETTHREADID << ") ";
outStringStream << "write to " << hex << (void *)bio << " [" << hex << (void *)argp;
outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x";
outStringStream << hex << ret << "))";
@@ -518,29 +517,7 @@ IceSecurity::Ssl::OpenSSL::System::createServerConnection(int socket) Connection* connection = new ServerConnection(sslConnection, _systemID);
- connection->setTrace(_traceLevels);
- connection->setLogger(_logger);
-
- continueInit:
- try
- {
- while (!connection->init()) { }
- }
- catch (const TimeoutException&)
- {
- // Ignore, this might happen a lot during handshake.
- goto continueInit;
- }
- catch (...)
- {
- if (connection != 0)
- {
- delete connection;
- connection = 0;
- }
-
- throw;
- }
+ commonConnectionSetup(connection);
ICE_METHOD_RET("OpenSSL::System::createServerConnection()");
@@ -571,29 +548,7 @@ IceSecurity::Ssl::OpenSSL::System::createClientConnection(int socket) Connection* connection = new ClientConnection(sslConnection, _systemID);
- connection->setTrace(_traceLevels);
- connection->setLogger(_logger);
-
- continueInit:
- try
- {
- while (!connection->init()) { }
- }
- catch (const TimeoutException&)
- {
- // Ignore, this might happen a lot during handshake.
- goto continueInit;
- }
- catch (...)
- {
- if (connection != 0)
- {
- delete connection;
- connection = 0;
- }
-
- throw;
- }
+ commonConnectionSetup(connection);
ICE_METHOD_RET("OpenSSL::System::createClientConnection()");
@@ -663,14 +618,10 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() _globalLogger = _logger;
}
- // TODO: Get the Path and File properly here.
- string configFile = _properties->getProperty("Ice.Ssl.Config");
- string certificatePath = _properties->getProperty("Ice.Ssl.CertPath");
+ string configFile = _properties->getProperty("Ice.Security.Ssl.Config");
+ string certificatePath = _properties->getProperty("Ice.Security.Ssl.CertPath");
Parser sslConfig(configFile, certificatePath);
- // const string& systemID = getSystemID();
- // Parser sslConfig(systemID);
-
sslConfig.setTrace(_traceLevels);
sslConfig.setLogger(_logger);
@@ -1239,6 +1190,29 @@ IceSecurity::Ssl::OpenSSL::System::sslGetErrors() return errorMessage;
}
+void
+IceSecurity::Ssl::OpenSSL::System::commonConnectionSetup(Connection* connection)
+{
+ connection->setTrace(_traceLevels);
+ connection->setLogger(_logger);
+
+ // Set the Post-Hanshake Read timeout
+ // This timeout is implemented once on the first read after hanshake.
+ int handshakeReadTimeout;
+ string value = _properties->getProperty("Ice.Security.Ssl.Handshake.ReadTimeout");
+
+ if (!value.empty())
+ {
+ const_cast<int&>(handshakeReadTimeout) = atoi(value.c_str());
+ }
+ else
+ {
+ handshakeReadTimeout = 10000;
+ }
+
+ connection->setHandshakeReadTimeout(handshakeReadTimeout);
+}
+
SSL*
IceSecurity::Ssl::OpenSSL::System::createConnection(SSL_CTX* sslContext, int socket)
{
diff --git a/cpp/src/Ice/SslSystemOpenSSL.h b/cpp/src/Ice/SslSystemOpenSSL.h index d09e1efd696..94b3984c2ed 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.h +++ b/cpp/src/Ice/SslSystemOpenSSL.h @@ -161,6 +161,8 @@ private: // Retrieves errors from the OpenSSL library. string sslGetErrors(); + void commonConnectionSetup(Connection*);
+
// Create a connection. SSL* createConnection(SSL_CTX*, int); |