version 1.57, 2006/08/14 08:10:34
|
version 1.58, 2006/09/29 17:38:12
|
|
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// | // |
|
//============================================================================== |
|
// |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
#include <Pegasus/Common/Socket.h> | #include <Pegasus/Common/Socket.h> |
|
|
SSLSocket::SSLSocket( | SSLSocket::SSLSocket( |
SocketHandle socket, | SocketHandle socket, |
SSLContext * sslcontext, | SSLContext * sslcontext, |
ReadWriteSem * sslContextObjectLock, |
ReadWriteSem * sslContextObjectLock) |
Boolean exportConnection) |
|
: | : |
_SSLConnection(0), | _SSLConnection(0), |
_socket(socket), | _socket(socket), |
_SSLContext(sslcontext), | _SSLContext(sslcontext), |
_sslContextObjectLock(sslContextObjectLock), | _sslContextObjectLock(sslContextObjectLock), |
_SSLCallbackInfo(0), | _SSLCallbackInfo(0), |
_certificateVerified(false), |
_certificateVerified(false) |
_exportConnection(exportConnection) |
|
{ | { |
PEG_METHOD_ENTER(TRC_SSL, "SSLSocket::SSLSocket()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLSocket::SSLSocket()"); |
| |
|
|
// export connection, get the peer certificate and verify the trust | // export connection, get the peer certificate and verify the trust |
// store validation result. | // store validation result. |
// | // |
if (_SSLContext->isPeerVerificationEnabled() || _exportConnection) |
if (_SSLContext->isPeerVerificationEnabled()) |
{ | { |
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "Attempting to certify client"); | PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "Attempting to certify client"); |
| |
|
|
{ | { |
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, | PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, |
"---> SSL: Client Certificate not verified"); | "---> SSL: Client Certificate not verified"); |
// |
|
// On export connection, do not continue if the |
|
// certificate is not verified. |
|
// |
|
if (_exportConnection) |
|
{ |
|
X509_free(client_cert); |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
} | } |
| |
X509_free(client_cert); | X509_free(client_cert); |
|
|
{ | { |
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, | PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, |
"---> SSL: Client not certified, no certificate received"); | "---> SSL: Client not certified, no certificate received"); |
// |
|
// On export connection, do not continue if peer certificate |
|
// is not received |
|
// |
|
if (_exportConnection) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return -1; |
|
} |
|
} | } |
} | } |
else | else |
|
|
MP_Socket::MP_Socket( | MP_Socket::MP_Socket( |
SocketHandle socket, | SocketHandle socket, |
SSLContext * sslcontext, | SSLContext * sslcontext, |
ReadWriteSem * sslContextObjectLock, |
ReadWriteSem * sslContextObjectLock) |
Boolean exportConnection) |
|
{ | { |
PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()"); | PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()"); |
if (sslcontext != NULL) | if (sslcontext != NULL) |
{ | { |
_isSecure = true; | _isSecure = true; |
_sslsock = new SSLSocket( | _sslsock = new SSLSocket( |
socket, sslcontext, sslContextObjectLock, exportConnection); |
socket, sslcontext, sslContextObjectLock); |
} | } |
else | else |
{ | { |
|
|
MP_Socket::MP_Socket( | MP_Socket::MP_Socket( |
SocketHandle socket, | SocketHandle socket, |
SSLContext * sslcontext, | SSLContext * sslcontext, |
ReadWriteSem * sslContextObjectLock, |
ReadWriteSem * sslContextObjectLock) |
Boolean exportConnection) |
|
: _socket(socket), _isSecure(false), _socketWriteTimeout(20) {} | : _socket(socket), _isSecure(false), _socketWriteTimeout(20) {} |
| |
#endif | #endif |