version 1.12, 2002/09/06 03:01:26
|
version 1.13, 2002/09/20 00:29:19
|
|
|
// For the OSs that don't have /dev/random device file, | // For the OSs that don't have /dev/random device file, |
// must enable PEGASUS_SSL_RANDOMFILE flag. | // must enable PEGASUS_SSL_RANDOMFILE flag. |
// | // |
// CIM clients must specify a SSL random file and also |
|
// set isCIMClient to true. However, CIMserver does not |
|
// seem to care the Random seed and /dev/random. |
|
// |
|
// |
|
SSLContextRep::SSLContextRep(const String& certPath, | SSLContextRep::SSLContextRep(const String& certPath, |
SSLCertificateVerifyFunction* verifyCert, | SSLCertificateVerifyFunction* verifyCert, |
const String& randomFile, |
const String& randomFile) |
Boolean isCIMClient) |
|
{ | { |
PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::SSLContextRep()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::SSLContextRep()"); |
| |
|
|
#ifdef PEGASUS_SSL_RANDOMFILE | #ifdef PEGASUS_SSL_RANDOMFILE |
| |
// | // |
// We will only need SSL Random Seed for CIM Clients |
|
// |
|
if (isCIMClient) |
|
{ |
|
long seedNumber; |
|
// |
|
// Initialise OpenSSL 0.9.5 random number generator. | // Initialise OpenSSL 0.9.5 random number generator. |
// | // |
if ( randomFile != String::EMPTY ) |
if ( randomFile == String::EMPTY ) |
{ | { |
|
PEG_METHOD_EXIT(); |
|
throw( SSLException("Random seed file required")); |
|
} |
|
|
int ret = RAND_load_file(randomFile.getCString(), -1); | int ret = RAND_load_file(randomFile.getCString(), -1); |
if ( ret < 0 ) | if ( ret < 0 ) |
{ | { |
|
|
// | // |
// Will do more seeding | // Will do more seeding |
// | // |
|
long seedNumber; |
srandom((unsigned int)time(NULL)); // Initialize | srandom((unsigned int)time(NULL)); // Initialize |
seedNumber = random(); | seedNumber = random(); |
RAND_seed((unsigned char *) &seedNumber, sizeof(seedNumber)); | RAND_seed((unsigned char *) &seedNumber, sizeof(seedNumber)); |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
throw( SSLException("RAND_seed - Not enough seed data ")); | throw( SSLException("RAND_seed - Not enough seed data ")); |
} | } |
} |
|
else |
|
{ |
|
PEG_METHOD_EXIT(); |
|
throw( SSLException("Random seed file required")); |
|
} |
|
|
|
} |
|
| |
#endif // end of PEGASUS_SSL_RANDOMFILE | #endif // end of PEGASUS_SSL_RANDOMFILE |
| |
|
|
_certPath = sslContextRep._certPath; | _certPath = sslContextRep._certPath; |
// ATTN: verify_certificate is set implicitly in global variable | // ATTN: verify_certificate is set implicitly in global variable |
_randomFile = sslContextRep._randomFile; | _randomFile = sslContextRep._randomFile; |
_isCIMClient = sslContextRep._isCIMClient; |
|
_sslContext = _makeSSLContext(); | _sslContext = _makeSSLContext(); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
| |
SSLContextRep::SSLContextRep(const String& certPath, | SSLContextRep::SSLContextRep(const String& certPath, |
SSLCertificateVerifyFunction* verifyCert, | SSLCertificateVerifyFunction* verifyCert, |
const String& randomFile, |
const String& randomFile) {} |
Boolean isCIMClient) {} |
|
| |
SSLContextRep::SSLContextRep(const SSLContextRep& sslContextRep) {} | SSLContextRep::SSLContextRep(const SSLContextRep& sslContextRep) {} |
| |
|
|
SSLContext::SSLContext( | SSLContext::SSLContext( |
const String& certPath, | const String& certPath, |
SSLCertificateVerifyFunction* verifyCert, | SSLCertificateVerifyFunction* verifyCert, |
|
const String& randomFile) |
|
{ |
|
_rep = new SSLContextRep(certPath, verifyCert, randomFile); |
|
} |
|
|
|
#ifndef PEGASUS_REMOVE_DEPRECATED |
|
SSLContext::SSLContext( |
|
const String& certPath, |
|
SSLCertificateVerifyFunction* verifyCert, |
const String& randomFile, | const String& randomFile, |
Boolean isCIMClient) | Boolean isCIMClient) |
{ | { |
_rep = new SSLContextRep(certPath, verifyCert, randomFile, isCIMClient); |
_rep = new SSLContextRep(certPath, verifyCert, randomFile); |
} | } |
|
#endif |
| |
SSLContext::SSLContext(const SSLContext& sslContext) | SSLContext::SSLContext(const SSLContext& sslContext) |
{ | { |