version 1.75, 2008/02/26 19:15:05
|
version 1.75.4.1, 2008/07/01 15:18:02
|
|
|
} | } |
else | else |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1, |
"--->SSL: Error setting callback info"); | "--->SSL: Error setting callback info"); |
} | } |
| |
|
|
char buff[256]; | char buff[256]; |
// added in OpenSSL 0.9.6: | // added in OpenSSL 0.9.6: |
ERR_error_string_n(rc, buff, sizeof(buff)); | ERR_error_string_n(rc, buff, sizeof(buff)); |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL3, |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL1, |
"---> SSL: Not accepted %d %s client IP address : %s", | "---> SSL: Not accepted %d %s client IP address : %s", |
ssl_rsn, buff, (const char*)_ipAddress.getCString() )); | ssl_rsn, buff, (const char*)_ipAddress.getCString() )); |
} | } |
|
|
| |
char serialNumberString[32]; | char serialNumberString[32]; |
sprintf(serialNumberString, "%lu", | sprintf(serialNumberString, "%lu", |
clientCert->getSerialNumber()); |
(unsigned long)clientCert->getSerialNumber()); |
| |
PEG_AUDIT_LOG(logCertificateBasedAuthentication( | PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
clientCert->getIssuerName(), | clientCert->getIssuerName(), |
|
|
} | } |
else if (ssl_rc == 0) | else if (ssl_rc == 0) |
{ | { |
ssl_rsn = SSL_get_error(sslConnection, ssl_rc); |
PEG_TRACE(( |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, "Shutdown SSL_accept()"); |
TRC_SSL, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, "Error Code: %d", ssl_rsn )); |
Tracer::LEVEL1, |
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, |
"Shutdown SSL_accept(). Error Code: %d Error string: %s", |
"Error string: " + String(ERR_error_string(ssl_rc, NULL))); |
SSL_get_error(sslConnection, ssl_rc), |
|
ERR_error_string(ssl_rc, NULL))); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
|
// | // |
if (_SSLContext->isPeerVerificationEnabled()) | if (_SSLContext->isPeerVerificationEnabled()) |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"Attempting to certify client"); | "Attempting to certify client"); |
| |
// | // |
|
|
// get certificate verification result and create a audit log entry. | // get certificate verification result and create a audit log entry. |
// | // |
int verifyResult = SSL_get_verify_result(sslConnection); | int verifyResult = SSL_get_verify_result(sslConnection); |
PEG_TRACE((TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
"Verification Result: %d", verifyResult )); | "Verification Result: %d", verifyResult )); |
_certificateVerified = (verifyResult == X509_V_OK); | _certificateVerified = (verifyResult == X509_V_OK); |
| |
char serialNumberString[32]; | char serialNumberString[32]; |
sprintf(serialNumberString, "%lu", clientCert->getSerialNumber()); |
sprintf(serialNumberString, "%lu", |
|
(unsigned long)clientCert->getSerialNumber()); |
| |
PEG_AUDIT_LOG(logCertificateBasedAuthentication( | PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
clientCert->getIssuerName(), | clientCert->getIssuerName(), |
|
|
| |
if (ssl_rc == 0) | if (ssl_rc == 0) |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE(( |
"---> SSL: Shutdown SSL_connect()"); |
TRC_SSL, |
PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, |
Tracer::LEVEL1, |
"Error string: " + String(ERR_error_string(ssl_rc, NULL))); |
"---> SSL: Shutdown SSL_connect() failed. Error string: %s", |
|
ERR_error_string(ssl_rc, NULL))); |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return -1; | return -1; |
} | } |
|
|
char buff[256]; | char buff[256]; |
// added in OpenSSL 0.9.6: | // added in OpenSSL 0.9.6: |
ERR_error_string_n(rc, buff, sizeof(buff)); | ERR_error_string_n(rc, buff, sizeof(buff)); |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL3, |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL1, |
"---> SSL: Not connected %d %s", ssl_rsn, buff)); | "---> SSL: Not connected %d %s", ssl_rsn, buff)); |
} | } |
| |
|
|
// Check the result of select. | // Check the result of select. |
if (selectResult == 0) | if (selectResult == 0) |
{ | { |
PEG_TRACE_CSTRING(TRC_DISCARDED_DATA, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_DISCARDED_DATA, Tracer::LEVEL1, |
"---> SSL: Failed to connect, connection timed out."); | "---> SSL: Failed to connect, connection timed out."); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return -1; | return -1; |
} | } |
else if (selectResult == PEGASUS_SOCKET_ERROR) | else if (selectResult == PEGASUS_SOCKET_ERROR) |
{ | { |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL3, |
PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL1, |
"---> SSL: Failed to connect, select error, return code = %d", | "---> SSL: Failed to connect, select error, return code = %d", |
selectResult)); | selectResult)); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
| |
if (_SSLContext->isPeerVerificationEnabled()) | if (_SSLContext->isPeerVerificationEnabled()) |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"Attempting to verify server certificate."); | "Attempting to verify server certificate."); |
| |
X509* server_cert = SSL_get_peer_certificate(sslConnection); | X509* server_cert = SSL_get_peer_certificate(sslConnection); |
|
|
| |
if (SSL_get_verify_result(sslConnection) == X509_V_OK) | if (SSL_get_verify_result(sslConnection) == X509_V_OK) |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"--->SSL: Server Certificate verified."); | "--->SSL: Server Certificate verified."); |
} | } |
else | else |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"--->SSL: Server Certificate not verified, but the " | "--->SSL: Server Certificate not verified, but the " |
"callback overrode the default error."); | "callback overrode the default error."); |
} | } |
|
|
} | } |
else | else |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL1, |
"-->SSL: Server not certified, no certificate received."); | "-->SSL: Server not certified, no certificate received."); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return -1; | return -1; |
|
|
} | } |
else | else |
{ | { |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"---> SSL: Server certification disabled"); | "---> SSL: Server certification disabled"); |
} | } |
| |