10 files changed, 63 insertions, 143 deletions

diff --git a/cpp/src/Ice/PropertyNames.cpp b/cpp/src/Ice/PropertyNames.cpp
index 161f1340389..2d58eef25f6 100644
--- a/cpp/src/Ice/PropertyNames.cpp
+++ b/cpp/src/Ice/PropertyNames.cpp
@@ -7,7 +7,7 @@
 //
 // **********************************************************************
 
-// Generated by makeprops.py from file `../config/PropertyNames.def', Fri Apr 14 14:43:00 2006
+// Generated by makeprops.py from file `../config/PropertyNames.def', Mon Apr 17 10:30:14 2006
 
 // IMPORTANT: Do not edit this file -- any edits made here will be lost!
 
@@ -204,57 +204,34 @@ const char* IceInternal::PropertyNames::IcePatch2Props[] =
 
 const char* IceInternal::PropertyNames::IceSSLProps[] =
 {
-    "IceSSL.Client.CertAuthDir",
-    "IceSSL.Client.CertAuthFile",
-    "IceSSL.Client.CertFile",
-    "IceSSL.Client.CheckCertName",
-    "IceSSL.Client.CheckCRL",
-    "IceSSL.Client.Ciphers",
-    "IceSSL.Client.DefaultDir",
-    "IceSSL.Client.DH.*",
-    "IceSSL.Client.KeyFile",
-    "IceSSL.Client.Password",
-    "IceSSL.Client.PasswordRetryMax",
-    "IceSSL.Client.Protocols",
-    "IceSSL.Client.VerifyDepthMax",
-    "IceSSL.Client.VerifyPeer",
+    "IceSSL.Alias",
+    "IceSSL.CertAuthDir",
+    "IceSSL.CertAuthFile",
+    "IceSSL.CertFile",
+    "IceSSL.Certs",
+    "IceSSL.CertsPassword",
+    "IceSSL.CheckCertName",
+    "IceSSL.CheckCRL",
+    "IceSSL.Ciphers",
+    "IceSSL.DefaultDir",
     "IceSSL.DelayInit",
+    "IceSSL.DH.*",
     "IceSSL.EntropyDaemon",
     "IceSSL.ImportCert.*.*",
+    "IceSSL.KeyFile",
+    "IceSSL.Keystore",
+    "IceSSL.KeystorePassword",
+    "IceSSL.KeystoreType",
+    "IceSSL.Password",
+    "IceSSL.PasswordRetryMax",
+    "IceSSL.Protocols",
     "IceSSL.Random",
-    "IceSSL.Server.CertAuthDir",
-    "IceSSL.Server.CertAuthFile",
-    "IceSSL.Server.CertFile",
-    "IceSSL.Server.CheckCRL",
-    "IceSSL.Server.Ciphers",
-    "IceSSL.Server.DefaultDir",
-    "IceSSL.Server.DH.*",
-    "IceSSL.Server.KeyFile",
-    "IceSSL.Server.Password",
-    "IceSSL.Server.PasswordRetryMax",
-    "IceSSL.Server.Protocols",
-    "IceSSL.Server.VerifyDepthMax",
-    "IceSSL.Server.VerifyPeer",
     "IceSSL.Trace.Security",
-    "IceSSL.Client.Alias",
-    "IceSSL.Client.Certs",
-    "IceSSL.Client.CertsPassword",
-    "IceSSL.Client.Keystore",
-    "IceSSL.Client.KeystorePassword",
-    "IceSSL.Client.KeystoreType",
-    "IceSSL.Client.Truststore",
-    "IceSSL.Client.TruststorePassword",
-    "IceSSL.Client.TruststoreType",
-    "IceSSL.Server.Alias",
-    "IceSSL.Server.Certs",
-    "IceSSL.Server.CertsPassword",
-    "IceSSL.Server.ClientAuth",
-    "IceSSL.Server.Keystore",
-    "IceSSL.Server.KeystorePassword",
-    "IceSSL.Server.KeystoreType",
-    "IceSSL.Server.Truststore",
-    "IceSSL.Server.TruststorePassword",
-    "IceSSL.Server.TruststoreType",
+    "IceSSL.Truststore",
+    "IceSSL.TruststorePassword",
+    "IceSSL.TruststoreType",
+    "IceSSL.VerifyDepthMax",
+    "IceSSL.VerifyPeer",
     0
 };
 
diff --git a/cpp/src/Ice/PropertyNames.h b/cpp/src/Ice/PropertyNames.h
index d9f9d4e1531..98446db0f6a 100644
--- a/cpp/src/Ice/PropertyNames.h
+++ b/cpp/src/Ice/PropertyNames.h
@@ -7,7 +7,7 @@
 //
 // **********************************************************************
 
-// Generated by makeprops.py from file `../config/PropertyNames.def', Fri Apr 14 14:43:00 2006
+// Generated by makeprops.py from file `../config/PropertyNames.def', Mon Apr 17 10:30:14 2006
 
 // IMPORTANT: Do not edit this file -- any edits made here will be lost!
 
diff --git a/cpp/src/IceSSL/AcceptorI.cpp b/cpp/src/IceSSL/AcceptorI.cpp
index 9c048c9eebd..df7b1f1f8e4 100644
--- a/cpp/src/IceSSL/AcceptorI.cpp
+++ b/cpp/src/IceSSL/AcceptorI.cpp
@@ -67,7 +67,7 @@ IceSSL::AcceptorI::accept(int timeout)
     //
     // The plugin may not be fully initialized.
     //
-    ContextPtr ctx = _instance->serverContext();
+    ContextPtr ctx = _instance->context();
 
     SOCKET fd = IceInternal::doAccept(_fd, timeout);
     IceInternal::setBlock(fd, false);
@@ -205,7 +205,7 @@ IceSSL::AcceptorI::accept(int timeout)
 	}
 	while(!SSL_is_init_finished(ssl));
 
-	_instance->serverContext()->verifyPeer(ssl, "", true);
+	_instance->context()->verifyPeer(ssl, "", true);
     }
     catch(...)
     {
@@ -221,7 +221,7 @@ IceSSL::AcceptorI::accept(int timeout)
 
     if(_instance->securityTraceLevel() >= 1)
     {
-	_instance->serverContext()->traceConnection(ssl, true);
+	_instance->context()->traceConnection(ssl, true);
     }
 
     return new TransceiverI(_instance, ssl, fd);
diff --git a/cpp/src/IceSSL/ConnectorI.cpp b/cpp/src/IceSSL/ConnectorI.cpp
index 544d9d869e1..4dca418940d 100644
--- a/cpp/src/IceSSL/ConnectorI.cpp
+++ b/cpp/src/IceSSL/ConnectorI.cpp
@@ -28,7 +28,7 @@ IceSSL::ConnectorI::connect(int timeout)
     //
     // The plugin may not be fully initialized.
     //
-    ContextPtr ctx = _instance->clientContext();
+    ContextPtr ctx = _instance->context();
 
     if(_instance->networkTraceLevel() >= 2)
     {
@@ -145,7 +145,7 @@ IceSSL::ConnectorI::connect(int timeout)
 	}
 	while(!SSL_is_init_finished(ssl));
 
-	_instance->clientContext()->verifyPeer(ssl, _host, false);
+	_instance->context()->verifyPeer(ssl, _host, false);
     }
     catch(...)
     {
@@ -161,7 +161,7 @@ IceSSL::ConnectorI::connect(int timeout)
 
     if(_instance->securityTraceLevel() >= 1)
     {
-	_instance->clientContext()->traceConnection(ssl, false);
+	_instance->context()->traceConnection(ssl, false);
     }
 
     return new TransceiverI(_instance, ssl, fd);
diff --git a/cpp/src/IceSSL/Context.cpp b/cpp/src/IceSSL/Context.cpp
index 2635a51a9ec..1988f526116 100644
--- a/cpp/src/IceSSL/Context.cpp
+++ b/cpp/src/IceSSL/Context.cpp
@@ -80,7 +80,7 @@ passwordError()
 //
 // Context.
 //
-IceSSL::Context::Context(const InstancePtr& instance, const string& propPrefix, SSL_CTX* ctx) :
+IceSSL::Context::Context(const InstancePtr& instance, SSL_CTX* ctx) :
     _instance(instance),
     _logger(instance->communicator()->getLogger()),
     _ctx(ctx)
@@ -114,6 +114,7 @@ IceSSL::Context::Context(const InstancePtr& instance, const string& propPrefix,
 	SSL_CTX_set_session_cache_mode(_ctx, SSL_SESS_CACHE_OFF);
 
 	PropertiesPtr properties = _instance->communicator()->getProperties();
+	const string propPrefix = "IceSSL.";
 
 	//
 	// Check for a default directory. We look in this directory for
@@ -135,6 +136,14 @@ IceSSL::Context::Context(const InstancePtr& instance, const string& propPrefix,
 	}
 
 	//
+	// CheckCertName determines whether we compare the name in a peer's
+	// certificate against its hostname.
+	//
+	{
+	    _checkCertName = properties->getPropertyAsIntWithDefault(propPrefix + "CheckCertName", 0) > 0;
+	}
+
+	//
 	// Determine whether a certificate is required from the peer.
 	//
 	{
@@ -551,6 +560,7 @@ IceSSL::Context::verifyPeer(SSL* ssl, const string& address, bool incoming)
 
 	//
 	// Compare the peer's address against the dnsName and ipAddress values.
+	// This is only relevant for an outgoing connection.
 	//
 	if(!address.empty())
 	{
@@ -838,29 +848,3 @@ IceSSL::Context::parseProtocols(const string& val)
     }
     SSL_CTX_set_options(_ctx, opts);
 }
-
-//
-// ClientContext.
-//
-IceSSL::ClientContext::ClientContext(const InstancePtr& instance, SSL_CTX* ctx) :
-    Context(instance, "IceSSL.Client.", ctx)
-{
-    PropertiesPtr properties = _instance->communicator()->getProperties();
-
-    //
-    // CheckCertName determines whether we compare the name in a peer's
-    // certificate against its hostname.
-    //
-    {
-	_checkCertName = properties->getPropertyAsIntWithDefault("IceSSL.Client.CheckCertName", 0) > 0;
-    }
-}
-
-//
-// ServerContext.
-//
-IceSSL::ServerContext::ServerContext(const InstancePtr& instance, SSL_CTX* ctx) :
-    Context(instance, "IceSSL.Server.", ctx)
-{
-    _checkCertName = false;
-}
diff --git a/cpp/src/IceSSL/Context.h b/cpp/src/IceSSL/Context.h
index 4ab8acd074c..b3b70262331 100644
--- a/cpp/src/IceSSL/Context.h
+++ b/cpp/src/IceSSL/Context.h
@@ -21,7 +21,7 @@ class Context : public IceUtil::Shared
 {
 public:
 
-    Context(const InstancePtr&, const std::string&, SSL_CTX*);
+    Context(const InstancePtr&, SSL_CTX*);
     ~Context();
 
     SSL_CTX* ctx() const;
@@ -55,22 +55,6 @@ protected:
 };
 typedef IceUtil::Handle<Context> ContextPtr;
 
-class ClientContext : public Context
-{
-public:
-
-    ClientContext(const InstancePtr&, SSL_CTX*);
-};
-typedef IceUtil::Handle<ClientContext> ClientContextPtr;
-
-class ServerContext : public Context
-{
-public:
-
-    ServerContext(const InstancePtr&, SSL_CTX*);
-};
-typedef IceUtil::Handle<ServerContext> ServerContextPtr;
-
 }
 
 #endif
diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/Instance.cpp
index 1a3b7e9a7d7..72e21bc2b32 100644
--- a/cpp/src/IceSSL/Instance.cpp
+++ b/cpp/src/IceSSL/Instance.cpp
@@ -35,16 +35,14 @@ IceSSL::Instance::Instance(const CommunicatorPtr& communicator)
     _securityTraceCategory = "Security";
 
     //
-    // Create the client and server contexts. We always create both, even
-    // if only one is used.
+    // Create the context.
     //
-    // If IceSSL.DelayInit=1, postpone the creation of the contexts until
+    // If IceSSL.DelayInit=1, postpone the creation of the context until
     // the application manually initializes the plugin.
     //
     if(properties->getPropertyAsInt("IceSSL.DelayInit") == 0)
     {
-	_clientContext = new ClientContext(this, 0);
-	_serverContext = new ServerContext(this, 0);
+	_context = new Context(this, 0);
     }
 
     //
@@ -56,9 +54,9 @@ IceSSL::Instance::Instance(const CommunicatorPtr& communicator)
 }
 
 void
-IceSSL::Instance::initialize(SSL_CTX* clientContext, SSL_CTX* serverContext)
+IceSSL::Instance::initialize(SSL_CTX* context)
 {
-    if(_clientContext)
+    if(_context)
     {
 	SecurityException ex(__FILE__, __LINE__);
 	ex.reason = "plugin is already initialized";
@@ -66,8 +64,7 @@ IceSSL::Instance::initialize(SSL_CTX* clientContext, SSL_CTX* serverContext)
     }
     else
     {
-	_clientContext = new ClientContext(this, clientContext);
-	_serverContext = new ServerContext(this, serverContext);
+	_context = new Context(this, context);
     }
 }
 
@@ -119,28 +116,16 @@ IceSSL::Instance::securityTraceCategory() const
     return _securityTraceCategory;
 }
 
-ClientContextPtr
-IceSSL::Instance::clientContext() const
+ContextPtr
+IceSSL::Instance::context() const
 {
-    if(!_clientContext)
+    if(!_context)
     {
 	PluginInitializationException ex(__FILE__, __LINE__);
 	ex.reason = "IceSSL: plugin is not fully initialized";
 	throw ex;
     }
-    return _clientContext;
-}
-
-ServerContextPtr
-IceSSL::Instance::serverContext() const
-{
-    if(!_serverContext)
-    {
-	PluginInitializationException ex(__FILE__, __LINE__);
-	ex.reason = "IceSSL: plugin is not fully initialized";
-	throw ex;
-    }
-    return _serverContext;
+    return _context;
 }
 
 CertificateVerifierPtr
@@ -217,6 +202,5 @@ void
 IceSSL::Instance::destroy()
 {
     _facade = 0;
-    _clientContext = 0;
-    _serverContext = 0;
+    _context = 0;
 }
diff --git a/cpp/src/IceSSL/Instance.h b/cpp/src/IceSSL/Instance.h
index 03b99a3b1e9..cb8d5d5caee 100644
--- a/cpp/src/IceSSL/Instance.h
+++ b/cpp/src/IceSSL/Instance.h
@@ -25,7 +25,7 @@ public:
 
     Instance(const Ice::CommunicatorPtr&);
 
-    void initialize(SSL_CTX*, SSL_CTX*);
+    void initialize(SSL_CTX*);
     void setCertificateVerifier(const CertificateVerifierPtr&);
     void setPasswordPrompt(const PasswordPromptPtr&);
 
@@ -36,8 +36,7 @@ public:
     int securityTraceLevel() const;
     std::string securityTraceCategory() const;
 
-    ClientContextPtr clientContext() const;
-    ServerContextPtr serverContext() const;
+    ContextPtr context() const;
 
     CertificateVerifierPtr certificateVerifier() const;
     PasswordPromptPtr passwordPrompt() const;
@@ -51,8 +50,7 @@ private:
     IceInternal::ProtocolPluginFacadePtr _facade;
     int _securityTraceLevel;
     std::string _securityTraceCategory;
-    ClientContextPtr _clientContext;
-    ServerContextPtr _serverContext;
+    ContextPtr _context;
     CertificateVerifierPtr _verifier;
     PasswordPromptPtr _prompt;
 };
diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp
index e4a614809dc..2eb013078aa 100644
--- a/cpp/src/IceSSL/PluginI.cpp
+++ b/cpp/src/IceSSL/PluginI.cpp
@@ -114,9 +114,9 @@ IceSSL::PluginI::destroy()
 }
 
 void
-IceSSL::PluginI::initialize(SSL_CTX* clientContext, SSL_CTX* serverContext)
+IceSSL::PluginI::initialize(SSL_CTX* context)
 {
-    _instance->initialize(clientContext, serverContext);
+    _instance->initialize(context);
 }
 
 void
@@ -132,15 +132,9 @@ IceSSL::PluginI::setPasswordPrompt(const PasswordPromptPtr& prompt)
 }
 
 SSL_CTX*
-IceSSL::PluginI::clientContext()
+IceSSL::PluginI::context()
 {
-    return _instance->clientContext()->ctx();
-}
-
-SSL_CTX*
-IceSSL::PluginI::serverContext()
-{
-    return _instance->serverContext()->ctx();
+    return _instance->context()->ctx();
 }
 
 void
diff --git a/cpp/src/IceSSL/PluginI.h b/cpp/src/IceSSL/PluginI.h
index 8da74a0667a..ac00379e60a 100644
--- a/cpp/src/IceSSL/PluginI.h
+++ b/cpp/src/IceSSL/PluginI.h
@@ -26,12 +26,11 @@ public:
 
     virtual void destroy();
 
-    virtual void initialize(SSL_CTX* = 0, SSL_CTX* = 0);
+    virtual void initialize(SSL_CTX* = 0);
     virtual void setCertificateVerifier(const CertificateVerifierPtr&);
     virtual void setPasswordPrompt(const PasswordPromptPtr&);
 
-    virtual SSL_CTX* clientContext();
-    virtual SSL_CTX* serverContext();
+    virtual SSL_CTX* context();
 
 private: