10 files changed, 624 insertions, 8 deletions
diff --git a/cpp/all.dsw b/cpp/all.dsw
index cc3da2881d5..bdebc0245e4 100644
--- a/cpp/all.dsw
+++ b/cpp/all.dsw
@@ -1529,6 +1529,57 @@ Package=<4>
     Begin Project Dependency
     Project_Dep_Name iceutil
     End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name icessl
+    End Project Dependency
+}}}
+
+###############################################################################
+
+Project: "glaciersslC"=.\test\Glacier2\ssl\glaciersslC.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+    Begin Project Dependency
+    Project_Dep_Name glacier2
+    End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name ice
+    End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name icessl
+    End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name iceutil
+    End Project Dependency
+}}}
+
+###############################################################################
+
+Project: "glaciersslS"=.\test\Glacier2\ssl\glaciersslS.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+    Begin Project Dependency
+    Project_Dep_Name glacier2
+    End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name ice
+    End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name icessl
+    End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name iceutil
+    End Project Dependency
 }}}
 
 ###############################################################################
diff --git a/cpp/src/Glacier2/SessionRouterI.cpp b/cpp/src/Glacier2/SessionRouterI.cpp
index 87ff6b86426..8d34a4139c0 100644
--- a/cpp/src/Glacier2/SessionRouterI.cpp
+++ b/cpp/src/Glacier2/SessionRouterI.cpp
@@ -14,6 +14,9 @@
 
 #include <IceUtil/UUID.h>
 
+#include <IceSSL/Plugin.h>
+#include <Ice/Network.h>
+
 using namespace std;
 using namespace Ice;
 using namespace Glacier2;
@@ -338,6 +341,36 @@ Glacier2::SessionRouterI::createSession(const std::string& userId, const std::st
 	_pending.insert(current.con);
     }
 
+    Ice::Context ctx = current.ctx;
+
+    //
+    // Populate the SSL context information.
+    //
+    try
+    {
+	IceSSL::ConnectionInfo info = IceSSL::getConnectionInfo(current.con);
+	ctx["SSL.Active"] = "1";
+	ctx["SSL.Cipher"] = info.cipher;
+	ostringstream os;
+	os << ntohs(info.remoteAddr.sin_port);
+	ctx["SSL.Remote.Port"] = os.str();
+	ctx["SSL.Remote.Host"] = IceInternal::inetAddrToString(info.remoteAddr.sin_addr);
+	os.str("");
+	os << ntohs(info.localAddr.sin_port);
+	ctx["SSL.Local.Port"] = os.str();
+	ctx["SSL.Local.Host"] = IceInternal::inetAddrToString(info.localAddr.sin_addr);
+	try
+	{
+	    ctx["SSL.PeerCert"] = info.certs[0]->getPEMEncoding();
+	}
+	catch(const IceSSL::CertificateEncodingException&)
+	{
+	}
+    }
+    catch(const IceSSL::ConnectionInvalidException&)
+    {
+    }
+
     try
     {
 	//
@@ -345,10 +378,10 @@ Glacier2::SessionRouterI::createSession(const std::string& userId, const std::st
 	//
 	string reason;
 	bool ok;
-	
+
 	try
 	{
-	    ok = _verifier->checkPermissions(userId, password, reason, current.ctx);
+	    ok = _verifier->checkPermissions(userId, password, reason, ctx);
 	}
 	catch(const Exception& ex)
 	{
@@ -400,11 +433,11 @@ Glacier2::SessionRouterI::createSession(const std::string& userId, const std::st
 	    SessionControlPrx control;
 	    if(_adminAdapter)
 	    {
-	        control = SessionControlPrx::uncheckedCast(_adminAdapter->addWithUUID(
-								new SessionControlI(this, current.con)));
+	        control = SessionControlPrx::uncheckedCast(
+		    _adminAdapter->addWithUUID(new SessionControlI(this, current.con)));
 		controlId = control->ice_getIdentity();
 	    }
-	    session = _sessionManager->create(userId, control, current.ctx);
+	    session = _sessionManager->create(userId, control, ctx);
 	}
     
 	//
diff --git a/cpp/src/Glacier2/glacier2router.dsp b/cpp/src/Glacier2/glacier2router.dsp
index 34c32b92a3f..2181f9dccf2 100755
--- a/cpp/src/Glacier2/glacier2router.dsp
+++ b/cpp/src/Glacier2/glacier2router.dsp
@@ -51,7 +51,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 libeay32.lib pcre.lib /nologo /subsystem:console /pdb:none /machine:I386 /FIXED:no
+# ADD LINK32 pcre.lib ws2_32.lib libeay32.lib /nologo /subsystem:console /pdb:none /machine:I386 /FIXED:no
 # SUBTRACT LINK32 /debug /nodefaultlib
 # Begin Special Build Tool
 OutDir=.\Release
@@ -83,7 +83,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 libeay32.lib pcred.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /FIXED:no
+# ADD LINK32 pcred.lib ws2_32.lib libeay32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /FIXED:no
 # SUBTRACT LINK32 /pdb:none
 # Begin Special Build Tool
 OutDir=.\Debug
diff --git a/cpp/src/Ice/Network.cpp b/cpp/src/Ice/Network.cpp
index 201d63f5bbe..fff635e1f13 100644
--- a/cpp/src/Ice/Network.cpp
+++ b/cpp/src/Ice/Network.cpp
@@ -34,7 +34,7 @@ using namespace IceInternal;
 static IceUtil::StaticMutex inetMutex = ICE_STATIC_MUTEX_INITIALIZER;
 
 string
-inetAddrToString(const struct in_addr& in)
+IceInternal::inetAddrToString(const struct in_addr& in)
 {
     //
     // inet_ntoa uses static memory on some platforms so we protect
diff --git a/cpp/src/Ice/Network.h b/cpp/src/Ice/Network.h
index f81fc8c03e8..b5cf02d8f80 100644
--- a/cpp/src/Ice/Network.h
+++ b/cpp/src/Ice/Network.h
@@ -121,6 +121,7 @@ ICE_API bool isPeerLocal(SOCKET);
 #endif
 
 ICE_API int getSocketErrno();
+ICE_API std::string inetAddrToString(const struct in_addr&);
 
 }
 
diff --git a/cpp/test/Glacier2/ssl/Client.cpp b/cpp/test/Glacier2/ssl/Client.cpp
new file mode 100755
index 00000000000..90f9a56cff2
--- /dev/null
+++ b/cpp/test/Glacier2/ssl/Client.cpp
@@ -0,0 +1,119 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Ice/Application.h>
+#include <Glacier2/Router.h>
+#include <TestCommon.h>
+
+using namespace std;
+using namespace Ice;
+//using namespace Test;
+
+class CallbackClient : public Application
+{
+public:
+
+    virtual int run(int, char*[]);
+};
+
+int
+main(int argc, char* argv[])
+{
+    //
+    // We must disable connection warnings, because we attempt to ping
+    // the router before session establishment, as well as after
+    // session destruction. Both will cause a ConnectionLostException.
+    //
+    Ice::PropertiesPtr properties = Ice::getDefaultProperties(argc, argv);
+    properties->setProperty("Ice.Warn.Connections", "0");
+
+    CallbackClient app;
+    return app.main(argc, argv);
+}
+
+int
+CallbackClient::run(int argc, char* argv[])
+{
+    Glacier2::RouterPrx router = Glacier2::RouterPrx::uncheckedCast(
+	communicator()->stringToProxy("abc/def:tcp -h 127.0.0.1 -p 12347 -t 10000"));
+    communicator()->setDefaultRouter(router);
+
+    //
+    // First try to create a non ssl sessions.
+    //
+    cout << "creating non-ssl session with tcp connection... ";
+    try
+    {
+	Glacier2::SessionPrx session = router->createSession("nossl", "");
+	router->destroySession();
+    }
+    catch(const Ice::ConnectionLostException&)
+    {
+    }
+    catch(const Glacier2::PermissionDeniedException&)
+    {
+	test(false);
+    }
+    cout << "ok" << endl;
+    cout << "creating ssl session with tcp connection... ";
+    try
+    {
+	Glacier2::SessionPrx session = router->createSession("ssl", "");
+	test(false);
+    }
+    catch(const Glacier2::PermissionDeniedException&)
+    {
+    }
+    cout << "ok" << endl;
+
+    //
+    // Switch to using the SSL router. First, clear the router. Then
+    // set a new SSL based router.
+    //
+    communicator()->setDefaultRouter(Glacier2::RouterPrx());
+    router = Glacier2::RouterPrx::uncheckedCast(
+	communicator()->stringToProxy("abc/def:ssl -h 127.0.0.1 -p 12348 -t 10000"));
+    communicator()->setDefaultRouter(router);
+
+    //
+    // Next try to create a non ssl session. This should succeed.
+    //
+    cout << "creating non-ssl session with ssl connection... ";
+    try
+    {
+	Glacier2::SessionPrx session = router->createSession("nossl", "");
+	test(false);
+    }
+    catch(const Glacier2::PermissionDeniedException&)
+    {
+    }
+    cout << "ok" << endl;
+
+    cout << "creating ssl session with ssl connection... ";
+    try
+    {
+	Glacier2::SessionPrx session = router->createSession("ssl", "");
+	router->destroySession();
+    }
+    catch(const Ice::ConnectionLostException&)
+    {
+    }
+    catch(const Glacier2::PermissionDeniedException&)
+    {
+	test(false);
+    }
+    cout << "ok" << endl;
+
+    communicator()->setDefaultRouter(0);
+    Glacier2::AdminPrx admin = Glacier2::AdminPrx::checkedCast(
+	communicator()->stringToProxy("ABC/DEF:tcp -h 127.0.0.1 -p 12349 -t 10000"));
+    admin->shutdown();
+    
+    return EXIT_SUCCESS;
+}
diff --git a/cpp/test/Glacier2/ssl/Server.cpp b/cpp/test/Glacier2/ssl/Server.cpp
new file mode 100755
index 00000000000..a144cd0aa1d
--- /dev/null
+++ b/cpp/test/Glacier2/ssl/Server.cpp
@@ -0,0 +1,121 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Ice/Application.h>
+#include <Glacier2/PermissionsVerifier.h>
+#include <Glacier2/Session.h>
+#include <TestCommon.h>
+#include <IceSSL/Plugin.h>
+
+using namespace std;
+
+class PermissionsVerifierI : public Glacier2::PermissionsVerifier
+{
+public:
+
+    virtual bool
+    checkPermissions(const string& userId, const string&, string&, const Ice::Current& current) const
+    {
+	map<string, string>::const_iterator p = current.ctx.find("SSL.Active");
+	
+	if(userId == "nossl")
+	{
+	    return p == current.ctx.end();
+	}
+	else if(userId == "ssl")
+	{
+	    return p != current.ctx.end();
+	}
+	return false;
+    }
+};
+
+class SessionI : public Glacier2::Session
+{
+public:
+
+    SessionI(const string& userId) :
+	_userId(userId)
+    {
+    }
+
+    virtual void
+    destroy(const Ice::Current& current)
+    {
+	current.adapter->remove(current.id);
+	if(_userId == "ssl")
+	{
+	    current.adapter->getCommunicator()->shutdown();
+	}
+    }
+    
+private:
+
+    const string _userId;
+};
+
+class SessionManagerI : public Glacier2::SessionManager
+{
+public:
+
+    virtual Glacier2::SessionPrx
+    SessionManagerI::create(const string& userId, const Glacier2::SessionControlPrx&, const Ice::Current& current)
+    {
+	if(userId == "ssl")
+	{
+	    test(current.ctx.find("SSL.Active")->second == "1");
+	    test(current.ctx.find("SSL.Cipher") != current.ctx.end());
+	    test(current.ctx.find("SSL.Remote.Host")->second == "127.0.0.1");
+	    test(current.ctx.find("SSL.Local.Host")->second == "127.0.0.1");
+	    test(current.ctx.find("SSL.Local.Port")->second == "12348");
+	    try
+	    {
+		IceSSL::CertificatePtr cert = IceSSL::Certificate::decodePEM(current.ctx.find("SSL.PeerCert")->second);
+		test(cert->getIssuerDN() ==
+		     "/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc."
+		     "/OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com");
+		test(cert->getSubjectDN() ==
+		     "/C=US/ST=Florida/O=ZeroC, Inc./OU=Ice/emailAddress=info@zeroc.com/CN=Client");
+		test(cert->checkValidity());
+	    }
+	    catch(const IceSSL::CertificateReadException&)
+	    {
+		test(false);
+	    }
+	}
+	Glacier2::SessionPtr session = new SessionI(userId);
+	return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
+    }
+};
+
+class SessionServer : public Ice::Application
+{
+public:
+
+    virtual int run(int, char*[]);
+};
+
+int
+main(int argc, char* argv[])
+{
+    SessionServer app;
+    return app.main(argc, argv);
+}
+
+int
+SessionServer::run(int argc, char* argv[])
+{
+    Ice::ObjectAdapterPtr adapter = communicator()->createObjectAdapterWithEndpoints(
+	"SessionServer", "tcp -h 127.0.0.1 -p 12350 -t 10000");
+    adapter->add(new PermissionsVerifierI, Ice::stringToIdentity("verifier"));
+    adapter->add(new SessionManagerI, Ice::stringToIdentity("sessionmanager"));
+    adapter->activate();
+    communicator()->waitForShutdown();
+    return EXIT_SUCCESS;
+}
diff --git a/cpp/test/Glacier2/ssl/glaciersslC.dsp b/cpp/test/Glacier2/ssl/glaciersslC.dsp
new file mode 100755
index 00000000000..0f486399598
--- /dev/null
+++ b/cpp/test/Glacier2/ssl/glaciersslC.dsp
@@ -0,0 +1,106 @@
+# Microsoft Developer Studio Project File - Name="glaciersslC" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=glaciersslC - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "glaciersslC.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "glaciersslC.mak" CFG="glaciersslC - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "glaciersslC - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "glaciersslC - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "glaciersslC - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c
+# SUBTRACT CPP /Fr /YX
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 Ice.lib IceUtil.lib /nologo /subsystem:console /pdb:none /machine:I386 /out:"client.exe" /libpath:"../../../lib" /FIXED:no
+# SUBTRACT LINK32 /debug /nodefaultlib
+
+!ELSEIF  "$(CFG)" == "glaciersslC - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c
+# SUBTRACT CPP /Fr /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 Iced.lib IceUtild.lib /nologo /subsystem:console /debug /machine:I386 /out:"client.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no
+# SUBTRACT LINK32 /pdb:none
+
+!ENDIF 
+
+# Begin Target
+
+# Name "glaciersslC - Win32 Release"
+# Name "glaciersslC - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\Client.cpp
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/cpp/test/Glacier2/ssl/glaciersslS.dsp b/cpp/test/Glacier2/ssl/glaciersslS.dsp
new file mode 100755
index 00000000000..197f5679110
--- /dev/null
+++ b/cpp/test/Glacier2/ssl/glaciersslS.dsp
@@ -0,0 +1,106 @@
+# Microsoft Developer Studio Project File - Name="glaciersslS" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=glaciersslS - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "glaciersslS.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "glaciersslS.mak" CFG="glaciersslS - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "glaciersslS - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "glaciersslS - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "glaciersslS - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c
+# SUBTRACT CPP /Fr /YX
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 Ice.lib IceUtil.lib /nologo /subsystem:console /pdb:none /machine:I386 /out:"server.exe" /libpath:"../../../lib" /FIXED:no
+# SUBTRACT LINK32 /debug /nodefaultlib
+
+!ELSEIF  "$(CFG)" == "glaciersslS - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c
+# SUBTRACT CPP /Fr /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 Iced.lib IceUtild.lib /nologo /subsystem:console /debug /machine:I386 /out:"server.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no
+# SUBTRACT LINK32 /pdb:none
+
+!ENDIF 
+
+# Begin Target
+
+# Name "glaciersslS - Win32 Release"
+# Name "glaciersslS - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\Server.cpp
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/cpp/test/Glacier2/ssl/run.py b/cpp/test/Glacier2/ssl/run.py
new file mode 100755
index 00000000000..ad1ccd16027
--- /dev/null
+++ b/cpp/test/Glacier2/ssl/run.py
@@ -0,0 +1,79 @@
+#!/usr/bin/env python
+# **********************************************************************
+#
+# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+#
+# This copy of Ice is licensed to you under the terms described in the
+# ICE_LICENSE file included in this distribution.
+#
+# **********************************************************************
+
+import os, sys
+
+for toplevel in [".", "..", "../..", "../../..", "../../../.."]:
+    toplevel = os.path.normpath(toplevel)
+    if os.path.exists(os.path.join(toplevel, "config", "TestUtil.py")):
+        break
+else:
+    raise "can't find toplevel directory!"
+
+sys.path.append(os.path.join(toplevel, "config"))
+import TestUtil
+
+name = os.path.join("Glacier2", "ssl")
+
+testdir = os.path.join(toplevel, "test", name)
+server = os.path.join(testdir, "server")
+command = server + TestUtil.clientServerOptions + " --Ice.Trace.Network=2"
+
+print "starting server...",
+serverPipe = os.popen(command)
+TestUtil.getServerPid(serverPipe)
+TestUtil.getAdapterReady(serverPipe)
+print "ok"
+
+router = os.path.join(toplevel, "bin", "glacier2router")
+command = router + TestUtil.clientServerOptions + \
+          r' --Ice.Warn.Dispatch=0' + \
+          r' --Glacier2.AllowCategories="c1 c2"' + \
+          r' --Glacier2.AddUserToAllowCategories="2"' + \
+          r' --Glacier2.RouterIdentity="abc/def"' + \
+          r' --Glacier2.AdminIdentity="ABC/DEF"' + \
+          r' --Glacier2.Client.Endpoints="tcp -h 127.0.0.1 -p 12347 -t 10000:ssl -h 127.0.0.1 -p 12348 -t 10000"' + \
+          r' --Glacier2.Server.Endpoints="tcp -h 127.0.0.1 -t 10000"' \
+          r' --Glacier2.Admin.Endpoints="tcp -h 127.0.0.1 -p 12349 -t 10000"' + \
+          r' --Glacier2.SessionManager="sessionmanager:tcp -h 127.0.0.1 -p 12350 -t 10000"' + \
+          r' --Glacier2.PermissionsVerifier="verifier:tcp -h 127.0.0.1 -p 12350 -t 10000"' + \
+          r" --IceSSL.DefaultDir=" + os.path.join(toplevel, "certs") + \
+          r' --IceSSL.CertFile=s_rsa1024_pub.pem' + \
+          r' --IceSSL.KeyFile=s_rsa1024_priv.pem' + \
+          r' --IceSSL.CertAuthFile=cacert.pem' + ' --Ice.Trace.Network=2'
+
+print "starting router...",
+starterPipe = os.popen(command)
+TestUtil.getServerPid(starterPipe)
+TestUtil.getAdapterReady(starterPipe)
+print "ok"
+
+client = os.path.join(testdir, "client")
+command = client + TestUtil.clientOptions + \
+           " --IceSSL.DefaultDir=" + os.path.join(toplevel, "certs") + \
+           " --IceSSL.CertFile=c_rsa1024_pub.pem" + \
+           " --IceSSL.KeyFile=c_rsa1024_priv.pem" + \
+           " --IceSSL.CertAuthFile=cacert.pem"
+
+print "starting client...",
+clientPipe = os.popen(command)
+print "ok"
+
+TestUtil.printOutputFromPipe(clientPipe)
+
+clientStatus = TestUtil.closePipe(clientPipe)
+serverStatus = TestUtil.closePipe(serverPipe)
+starterStatus = TestUtil.closePipe(starterPipe)
+
+if clientStatus or serverStatus or starterStatus:
+    TestUtil.killServers()
+    sys.exit(1)
+
+sys.exit(0)