eventmachine-le 1.1.0.beta.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (129) hide show
  1. data/.gitignore +21 -0
  2. data/.yardopts +7 -0
  3. data/GNU +281 -0
  4. data/LICENSE +60 -0
  5. data/README.md +80 -0
  6. data/Rakefile +19 -0
  7. data/eventmachine-le.gemspec +42 -0
  8. data/ext/binder.cpp +124 -0
  9. data/ext/binder.h +46 -0
  10. data/ext/cmain.cpp +841 -0
  11. data/ext/ed.cpp +1995 -0
  12. data/ext/ed.h +424 -0
  13. data/ext/em.cpp +2377 -0
  14. data/ext/em.h +243 -0
  15. data/ext/eventmachine.h +126 -0
  16. data/ext/extconf.rb +166 -0
  17. data/ext/fastfilereader/extconf.rb +94 -0
  18. data/ext/fastfilereader/mapper.cpp +214 -0
  19. data/ext/fastfilereader/mapper.h +59 -0
  20. data/ext/fastfilereader/rubymain.cpp +127 -0
  21. data/ext/kb.cpp +79 -0
  22. data/ext/page.cpp +107 -0
  23. data/ext/page.h +51 -0
  24. data/ext/pipe.cpp +347 -0
  25. data/ext/project.h +155 -0
  26. data/ext/rubymain.cpp +1269 -0
  27. data/ext/ssl.cpp +468 -0
  28. data/ext/ssl.h +94 -0
  29. data/lib/em/buftok.rb +110 -0
  30. data/lib/em/callback.rb +58 -0
  31. data/lib/em/channel.rb +64 -0
  32. data/lib/em/completion.rb +304 -0
  33. data/lib/em/connection.rb +728 -0
  34. data/lib/em/deferrable.rb +210 -0
  35. data/lib/em/deferrable/pool.rb +2 -0
  36. data/lib/em/file_watch.rb +73 -0
  37. data/lib/em/future.rb +61 -0
  38. data/lib/em/iterator.rb +313 -0
  39. data/lib/em/messages.rb +66 -0
  40. data/lib/em/pool.rb +151 -0
  41. data/lib/em/process_watch.rb +45 -0
  42. data/lib/em/processes.rb +123 -0
  43. data/lib/em/protocols.rb +37 -0
  44. data/lib/em/protocols/header_and_content.rb +138 -0
  45. data/lib/em/protocols/httpclient.rb +279 -0
  46. data/lib/em/protocols/httpclient2.rb +600 -0
  47. data/lib/em/protocols/line_and_text.rb +125 -0
  48. data/lib/em/protocols/line_protocol.rb +29 -0
  49. data/lib/em/protocols/linetext2.rb +161 -0
  50. data/lib/em/protocols/memcache.rb +331 -0
  51. data/lib/em/protocols/object_protocol.rb +46 -0
  52. data/lib/em/protocols/postgres3.rb +246 -0
  53. data/lib/em/protocols/saslauth.rb +175 -0
  54. data/lib/em/protocols/smtpclient.rb +365 -0
  55. data/lib/em/protocols/smtpserver.rb +663 -0
  56. data/lib/em/protocols/socks4.rb +66 -0
  57. data/lib/em/protocols/stomp.rb +202 -0
  58. data/lib/em/protocols/tcptest.rb +54 -0
  59. data/lib/em/queue.rb +71 -0
  60. data/lib/em/resolver.rb +195 -0
  61. data/lib/em/spawnable.rb +84 -0
  62. data/lib/em/streamer.rb +118 -0
  63. data/lib/em/threaded_resource.rb +90 -0
  64. data/lib/em/tick_loop.rb +85 -0
  65. data/lib/em/timers.rb +106 -0
  66. data/lib/em/version.rb +3 -0
  67. data/lib/eventmachine-le.rb +10 -0
  68. data/lib/eventmachine.rb +1548 -0
  69. data/rakelib/cpp.rake_example +77 -0
  70. data/rakelib/package.rake +98 -0
  71. data/rakelib/test.rake +8 -0
  72. data/tests/client.crt +31 -0
  73. data/tests/client.key +51 -0
  74. data/tests/em_test_helper.rb +143 -0
  75. data/tests/test_attach.rb +148 -0
  76. data/tests/test_basic.rb +294 -0
  77. data/tests/test_channel.rb +62 -0
  78. data/tests/test_completion.rb +177 -0
  79. data/tests/test_connection_count.rb +33 -0
  80. data/tests/test_defer.rb +18 -0
  81. data/tests/test_deferrable.rb +35 -0
  82. data/tests/test_epoll.rb +134 -0
  83. data/tests/test_error_handler.rb +38 -0
  84. data/tests/test_exc.rb +28 -0
  85. data/tests/test_file_watch.rb +65 -0
  86. data/tests/test_futures.rb +170 -0
  87. data/tests/test_get_sock_opt.rb +37 -0
  88. data/tests/test_handler_check.rb +35 -0
  89. data/tests/test_hc.rb +155 -0
  90. data/tests/test_httpclient.rb +190 -0
  91. data/tests/test_httpclient2.rb +128 -0
  92. data/tests/test_inactivity_timeout.rb +54 -0
  93. data/tests/test_ipv4.rb +125 -0
  94. data/tests/test_ipv6.rb +131 -0
  95. data/tests/test_iterator.rb +110 -0
  96. data/tests/test_kb.rb +34 -0
  97. data/tests/test_line_protocol.rb +33 -0
  98. data/tests/test_ltp.rb +138 -0
  99. data/tests/test_ltp2.rb +288 -0
  100. data/tests/test_next_tick.rb +104 -0
  101. data/tests/test_object_protocol.rb +36 -0
  102. data/tests/test_pause.rb +78 -0
  103. data/tests/test_pending_connect_timeout.rb +52 -0
  104. data/tests/test_pool.rb +196 -0
  105. data/tests/test_process_watch.rb +48 -0
  106. data/tests/test_processes.rb +133 -0
  107. data/tests/test_proxy_connection.rb +168 -0
  108. data/tests/test_pure.rb +88 -0
  109. data/tests/test_queue.rb +50 -0
  110. data/tests/test_resolver.rb +55 -0
  111. data/tests/test_running.rb +14 -0
  112. data/tests/test_sasl.rb +47 -0
  113. data/tests/test_send_file.rb +217 -0
  114. data/tests/test_servers.rb +33 -0
  115. data/tests/test_set_sock_opt.rb +41 -0
  116. data/tests/test_shutdown_hooks.rb +23 -0
  117. data/tests/test_smtpclient.rb +55 -0
  118. data/tests/test_smtpserver.rb +120 -0
  119. data/tests/test_spawn.rb +293 -0
  120. data/tests/test_ssl_args.rb +78 -0
  121. data/tests/test_ssl_methods.rb +48 -0
  122. data/tests/test_ssl_verify.rb +82 -0
  123. data/tests/test_threaded_resource.rb +55 -0
  124. data/tests/test_tick_loop.rb +59 -0
  125. data/tests/test_timers.rb +180 -0
  126. data/tests/test_ud.rb +8 -0
  127. data/tests/test_udp46.rb +53 -0
  128. data/tests/test_unbind_reason.rb +48 -0
  129. metadata +390 -0
data/ext/ssl.cpp ADDED
@@ -0,0 +1,468 @@
1
+ /*****************************************************************************
2
+
3
+ $Id$
4
+
5
+ File: ssl.cpp
6
+ Date: 30Apr06
7
+
8
+ Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
9
+ Gmail: blackhedd
10
+
11
+ This program is free software; you can redistribute it and/or modify
12
+ it under the terms of either: 1) the GNU General Public License
13
+ as published by the Free Software Foundation; either version 2 of the
14
+ License, or (at your option) any later version; or 2) Ruby's License.
15
+
16
+ See the file COPYING for complete licensing information.
17
+
18
+ *****************************************************************************/
19
+
20
+
21
+ #ifdef WITH_SSL
22
+
23
+ #include "project.h"
24
+
25
+
26
+ bool SslContext_t::bLibraryInitialized = false;
27
+
28
+
29
+
30
+ static void InitializeDefaultCredentials();
31
+ static EVP_PKEY *DefaultPrivateKey = NULL;
32
+ static X509 *DefaultCertificate = NULL;
33
+
34
+ static char PrivateMaterials[] = {
35
+ "-----BEGIN RSA PRIVATE KEY-----\n"
36
+ "MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
37
+ "Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
38
+ "AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
39
+ "AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
40
+ "H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
41
+ "I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
42
+ "6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
43
+ "w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
44
+ "PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
45
+ "xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
46
+ "xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
47
+ "dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
48
+ "2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
49
+ "-----END RSA PRIVATE KEY-----\n"
50
+ "-----BEGIN CERTIFICATE-----\n"
51
+ "MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
52
+ "VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
53
+ "FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
54
+ "A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
55
+ "ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
56
+ "NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
57
+ "EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
58
+ "aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
59
+ "hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
60
+ "AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
61
+ "VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
62
+ "9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
63
+ "AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
64
+ "HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
65
+ "EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
66
+ "VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
67
+ "AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
68
+ "aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
69
+ "SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
70
+ "Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
71
+ "uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
72
+ "-----END CERTIFICATE-----\n"};
73
+
74
+ /* These private materials were made with:
75
+ * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
76
+ * TODO: We need a full-blown capability to work with user-supplied
77
+ * keypairs and properly-signed certificates.
78
+ */
79
+
80
+
81
+ /*****************
82
+ builtin_passwd_cb
83
+ *****************/
84
+
85
+ extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
86
+ {
87
+ strcpy (buf, "kittycat");
88
+ return 8;
89
+ }
90
+
91
+ /****************************
92
+ InitializeDefaultCredentials
93
+ ****************************/
94
+
95
+ static void InitializeDefaultCredentials()
96
+ {
97
+ BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
98
+ assert (bio);
99
+
100
+ if (DefaultPrivateKey) {
101
+ // we may come here in a restart.
102
+ EVP_PKEY_free (DefaultPrivateKey);
103
+ DefaultPrivateKey = NULL;
104
+ }
105
+ PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
106
+
107
+ if (DefaultCertificate) {
108
+ // we may come here in a restart.
109
+ X509_free (DefaultCertificate);
110
+ DefaultCertificate = NULL;
111
+ }
112
+ PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
113
+
114
+ BIO_free (bio);
115
+ }
116
+
117
+
118
+
119
+ /**************************
120
+ SslContext_t::SslContext_t
121
+ **************************/
122
+
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
124
+ pCtx (NULL),
125
+ PrivateKey (NULL),
126
+ Certificate (NULL)
127
+ {
128
+ /* TODO: the usage of the specified private-key and cert-chain filenames only applies to
129
+ * client-side connections at this point. Server connections currently use the default materials.
130
+ * That needs to be fixed asap.
131
+ * Also, in this implementation, server-side connections use statically defined X-509 defaults.
132
+ * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
133
+ * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
134
+ */
135
+
136
+ if (!bLibraryInitialized) {
137
+ bLibraryInitialized = true;
138
+ SSL_library_init();
139
+ OpenSSL_add_ssl_algorithms();
140
+ OpenSSL_add_all_algorithms();
141
+ SSL_load_error_strings();
142
+ ERR_load_crypto_strings();
143
+
144
+ InitializeDefaultCredentials();
145
+ }
146
+
147
+ bIsServer = is_server;
148
+ pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
149
+ if (!pCtx)
150
+ throw std::runtime_error ("no SSL context");
151
+
152
+ SSL_CTX_set_options (pCtx, SSL_OP_ALL);
153
+ //SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
154
+ #ifdef SSL_MODE_RELEASE_BUFFERS
155
+ SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
156
+ #endif
157
+
158
+ if (is_server) {
159
+ // The SSL_CTX calls here do NOT allocate memory.
160
+ int e;
161
+ if (privkeyfile.length() > 0)
162
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
163
+ else
164
+ e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
165
+ if (e <= 0) ERR_print_errors_fp(stderr);
166
+ assert (e > 0);
167
+
168
+ if (certchainfile.length() > 0)
169
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
170
+ else
171
+ e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
172
+ if (e <= 0) ERR_print_errors_fp(stderr);
173
+ assert (e > 0);
174
+ }
175
+
176
+ SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
177
+
178
+ if (is_server) {
179
+ SSL_CTX_sess_set_cache_size (pCtx, 128);
180
+ SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
181
+ }
182
+ else {
183
+ int e;
184
+ if (privkeyfile.length() > 0) {
185
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
186
+ if (e <= 0) ERR_print_errors_fp(stderr);
187
+ assert (e > 0);
188
+ }
189
+ if (certchainfile.length() > 0) {
190
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
191
+ if (e <= 0) ERR_print_errors_fp(stderr);
192
+ assert (e > 0);
193
+ }
194
+ }
195
+ }
196
+
197
+
198
+
199
+ /***************************
200
+ SslContext_t::~SslContext_t
201
+ ***************************/
202
+
203
+ SslContext_t::~SslContext_t()
204
+ {
205
+ if (pCtx)
206
+ SSL_CTX_free (pCtx);
207
+ if (PrivateKey)
208
+ EVP_PKEY_free (PrivateKey);
209
+ if (Certificate)
210
+ X509_free (Certificate);
211
+ }
212
+
213
+
214
+
215
+ /******************
216
+ SslBox_t::SslBox_t
217
+ ******************/
218
+
219
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
220
+ bIsServer (is_server),
221
+ bHandshakeCompleted (false),
222
+ bVerifyPeer (verify_peer),
223
+ pSSL (NULL),
224
+ pbioRead (NULL),
225
+ pbioWrite (NULL)
226
+ {
227
+ /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
228
+ * a new one every time we come here.
229
+ */
230
+
231
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
232
+ assert (Context);
233
+
234
+ pbioRead = BIO_new (BIO_s_mem());
235
+ assert (pbioRead);
236
+
237
+ pbioWrite = BIO_new (BIO_s_mem());
238
+ assert (pbioWrite);
239
+
240
+ pSSL = SSL_new (Context->pCtx);
241
+ assert (pSSL);
242
+ SSL_set_bio (pSSL, pbioRead, pbioWrite);
243
+
244
+ // Store a pointer to the binding signature in the SSL object so we can retrieve it later
245
+ SSL_set_ex_data(pSSL, 0, (void*) binding);
246
+
247
+ if (bVerifyPeer)
248
+ SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
249
+
250
+ if (!bIsServer)
251
+ SSL_connect (pSSL);
252
+ }
253
+
254
+
255
+
256
+ /*******************
257
+ SslBox_t::~SslBox_t
258
+ *******************/
259
+
260
+ SslBox_t::~SslBox_t()
261
+ {
262
+ // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
263
+ if (pSSL) {
264
+ if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
265
+ SSL_shutdown (pSSL);
266
+ else
267
+ SSL_clear (pSSL);
268
+ SSL_free (pSSL);
269
+ }
270
+
271
+ delete Context;
272
+ }
273
+
274
+
275
+
276
+ /***********************
277
+ SslBox_t::PutCiphertext
278
+ ***********************/
279
+
280
+ bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
281
+ {
282
+ assert (buf && (bufsize > 0));
283
+
284
+ assert (pbioRead);
285
+ int n = BIO_write (pbioRead, buf, bufsize);
286
+
287
+ return (n == bufsize) ? true : false;
288
+ }
289
+
290
+
291
+ /**********************
292
+ SslBox_t::GetPlaintext
293
+ **********************/
294
+
295
+ int SslBox_t::GetPlaintext (char *buf, int bufsize)
296
+ {
297
+ if (!SSL_is_init_finished (pSSL)) {
298
+ int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
299
+ if (e < 0) {
300
+ int er = SSL_get_error (pSSL, e);
301
+ if (er != SSL_ERROR_WANT_READ) {
302
+ // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
303
+ return (er == SSL_ERROR_SSL) ? (-2) : (-1);
304
+ }
305
+ else
306
+ return 0;
307
+ }
308
+ bHandshakeCompleted = true;
309
+ // If handshake finished, FALL THROUGH and return the available plaintext.
310
+ }
311
+
312
+ if (!SSL_is_init_finished (pSSL)) {
313
+ // We can get here if a browser abandons a handshake.
314
+ // The user can see a warning dialog and abort the connection.
315
+ cerr << "<SSL_incomp>";
316
+ return 0;
317
+ }
318
+
319
+ //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
320
+
321
+ int n = SSL_read (pSSL, buf, bufsize);
322
+ if (n >= 0) {
323
+ return n;
324
+ }
325
+ else {
326
+ if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
327
+ return 0;
328
+ }
329
+ else {
330
+ return -1;
331
+ }
332
+ }
333
+
334
+ return 0;
335
+ }
336
+
337
+
338
+
339
+ /**************************
340
+ SslBox_t::CanGetCiphertext
341
+ **************************/
342
+
343
+ bool SslBox_t::CanGetCiphertext()
344
+ {
345
+ assert (pbioWrite);
346
+ return BIO_pending (pbioWrite) ? true : false;
347
+ }
348
+
349
+
350
+
351
+ /***********************
352
+ SslBox_t::GetCiphertext
353
+ ***********************/
354
+
355
+ int SslBox_t::GetCiphertext (char *buf, int bufsize)
356
+ {
357
+ assert (pbioWrite);
358
+ assert (buf && (bufsize > 0));
359
+
360
+ return BIO_read (pbioWrite, buf, bufsize);
361
+ }
362
+
363
+
364
+
365
+ /**********************
366
+ SslBox_t::PutPlaintext
367
+ **********************/
368
+
369
+ int SslBox_t::PutPlaintext (const char *buf, int bufsize)
370
+ {
371
+ // The caller will interpret the return value as the number of bytes written.
372
+ // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
373
+ // from SSL_write means we should immediately retry? The socket-machine loop
374
+ // will probably wait for a time-out cycle (perhaps a second) before re-trying.
375
+ // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
376
+
377
+ /* We internally queue any outbound plaintext that can't be dispatched
378
+ * because we're in the middle of a handshake or something.
379
+ * When we get called, try to send any queued data first, and then
380
+ * send the caller's data (or queue it). We may get called with no outbound
381
+ * data, which means we try to send the outbound queue and that's all.
382
+ *
383
+ * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
384
+ * Note that if we return 0, the connection is still considered live
385
+ * and we are signalling that we have accepted the outbound data (if any).
386
+ */
387
+
388
+ OutboundQ.Push (buf, bufsize);
389
+
390
+ if (!SSL_is_init_finished (pSSL))
391
+ return 0;
392
+
393
+ bool fatal = false;
394
+ bool did_work = false;
395
+
396
+ while (OutboundQ.HasPages()) {
397
+ const char *page;
398
+ int length;
399
+ OutboundQ.Front (&page, &length);
400
+ assert (page && (length > 0));
401
+ int n = SSL_write (pSSL, page, length);
402
+ if (n > 0) {
403
+ did_work = true;
404
+ OutboundQ.PopFront();
405
+ }
406
+ else {
407
+ int er = SSL_get_error (pSSL, n);
408
+ if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
409
+ fatal = true;
410
+ break;
411
+ }
412
+ }
413
+
414
+
415
+ if (did_work)
416
+ return 1;
417
+ else if (fatal)
418
+ return -1;
419
+ else
420
+ return 0;
421
+ }
422
+
423
+ /**********************
424
+ SslBox_t::GetPeerCert
425
+ **********************/
426
+
427
+ X509 *SslBox_t::GetPeerCert()
428
+ {
429
+ X509 *cert = NULL;
430
+
431
+ if (pSSL)
432
+ cert = SSL_get_peer_certificate(pSSL);
433
+
434
+ return cert;
435
+ }
436
+
437
+
438
+ /******************
439
+ ssl_verify_wrapper
440
+ *******************/
441
+
442
+ extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
443
+ {
444
+ unsigned long binding;
445
+ X509 *cert;
446
+ SSL *ssl;
447
+ BUF_MEM *buf;
448
+ BIO *out;
449
+ int result;
450
+
451
+ cert = X509_STORE_CTX_get_current_cert(ctx);
452
+ ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
453
+ binding = (unsigned long) SSL_get_ex_data(ssl, 0);
454
+
455
+ out = BIO_new(BIO_s_mem());
456
+ PEM_write_bio_X509(out, cert);
457
+ BIO_write(out, "\0", 1);
458
+ BIO_get_mem_ptr(out, &buf);
459
+
460
+ ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
461
+ result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
462
+ BUF_MEM_free(buf);
463
+
464
+ return result;
465
+ }
466
+
467
+ #endif // WITH_SSL
468
+