1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
// **********************************************************************
//
// Copyright (c) 2003-2005 ZeroC, Inc. All rights reserved.
//
// This copy of Ice is licensed to you under the terms described in the
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
#ifndef ICE_SSL_TRANSCEIVER_H
#define ICE_SSL_TRANSCEIVER_H
#include <IceUtil/Mutex.h>
#include <Ice/LoggerF.h>
#include <Ice/StatsF.h>
#include <IceSSL/SslTransceiverF.h>
#include <IceSSL/OpenSSLPluginIF.h>
#include <IceSSL/TraceLevelsF.h>
#include <IceSSL/CertificateVerifierF.h>
#include <IceUtil/StaticMutex.h>
#include <Ice/Transceiver.h>
#include <Ice/Buffer.h>
#include <IceSSL/CertificateVerifierOpenSSL.h>
#include <openssl/ssl.h>
#include <map>
namespace IceSSL
{
// NOTE: This is a mapping from SSL* to SslTransceiver*, for use with
// the verifyCallback. I have purposely not used SslTransceiverPtr
// here, as connections register themselves with this map on
// construction and unregister themselves in the destructor. If this
// map used SslTransceiverPtr, SslTransceiver instances would never
// destruct as there would always be a reference to them from the map.
class SslTransceiver;
typedef std::map<SSL*, SslTransceiver*> SslTransceiverMap;
class SslTransceiver : public IceInternal::Transceiver
{
public:
virtual SOCKET fd();
virtual void close();
virtual void shutdownWrite();
virtual void shutdownReadWrite();
virtual void write(IceInternal::Buffer&, int);
virtual void read(IceInternal::Buffer&, int);
virtual std::string type() const;
virtual std::string toString() const;
virtual void initialize(int timeout);
static SslTransceiverPtr getTransceiver(SSL*);
// Callback from OpenSSL for purposes of certificate verification
int verifyCertificate(int, X509_STORE_CTX*);
private:
void internalShutdownWrite(int timeout);
void select(int, bool);
void readSelect(int);
void writeSelect(int);
static void addTransceiver(SSL*, SslTransceiver*);
static void removeTransceiver(SSL*);
void showCertificateChain(BIO*);
void showPeerCertificate(BIO*, const char*);
void showSharedCiphers(BIO*);
void showSessionInfo(BIO*);
void showSelectedCipherInfo(BIO*);
void showHandshakeStats(BIO*);
void showClientCAList(BIO*, const char*);
static SslTransceiverMap _transceiverMap;
static IceUtil::StaticMutex _transceiverRepositoryMutex;
SslTransceiver(ContextType, const OpenSSLPluginIPtr&, SOCKET, const IceSSL::CertificateVerifierPtr&, SSL*, int);
virtual ~SslTransceiver();
friend class ClientContext;
friend class ServerContext;
// Pointer to the OpenSSL Connection structure.
const ContextType _contextType;
const OpenSSLPluginIPtr _plugin;
SOCKET _fd;
const IceSSL::CertificateVerifierPtr _certificateVerifier;
/*const*/ SSL* _sslConnection;
const Ice::LoggerPtr _logger;
const TraceLevelsPtr _traceLevels;
const Ice::StatsPtr _stats;
};
}
#endif
|
