eventmachine-le 1.1.2 → 1.1.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -453,12 +453,12 @@ extern "C" void evma_start_tls (const unsigned long binding)
453
453
  evma_set_tls_parms
454
454
  ******************/
455
455
 
456
- extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer)
456
+ extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls)
457
457
  {
458
458
  ensure_eventmachine("evma_set_tls_parms");
459
459
  EventableDescriptor *ed = dynamic_cast <EventableDescriptor*> (Bindable_t::GetObject (binding));
460
460
  if (ed)
461
- ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false));
461
+ ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false), (use_tls == 1 ? true : false));
462
462
  }
463
463
 
464
464
  /******************
data/ext/ed.cpp CHANGED
@@ -384,6 +384,7 @@ ConnectionDescriptor::ConnectionDescriptor (int sd, EventMachine_t *em):
384
384
  SslBox (NULL),
385
385
  bHandshakeSignaled (false),
386
386
  bSslVerifyPeer (false),
387
+ bSslUseTls (false),
387
388
  bSslPeerAccepted(false),
388
389
  #endif
389
390
  #ifdef HAVE_KQUEUE
@@ -1135,7 +1136,7 @@ void ConnectionDescriptor::StartTls()
1135
1136
  if (SslBox)
1136
1137
  throw std::runtime_error ("SSL/TLS already running on connection");
1137
1138
 
1138
- SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, GetBinding());
1139
+ SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, GetBinding());
1139
1140
  _DispatchCiphertext();
1140
1141
  #endif
1141
1142
 
@@ -1149,7 +1150,7 @@ void ConnectionDescriptor::StartTls()
1149
1150
  ConnectionDescriptor::SetTlsParms
1150
1151
  *********************************/
1151
1152
 
1152
- void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer)
1153
+ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls)
1153
1154
  {
1154
1155
  #ifdef WITH_SSL
1155
1156
  if (SslBox)
@@ -1159,6 +1160,7 @@ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char
1159
1160
  if (certchain_filename && *certchain_filename)
1160
1161
  CertChainFilename = certchain_filename;
1161
1162
  bSslVerifyPeer = verify_peer;
1163
+ bSslUseTls = use_tls;
1162
1164
  #endif
1163
1165
 
1164
1166
  #ifdef WITHOUT_SSL
data/ext/ed.h CHANGED
@@ -70,7 +70,7 @@ class EventableDescriptor: public Bindable_t
70
70
  virtual bool GetSubprocessPid (pid_t*) {return false;}
71
71
 
72
72
  virtual void StartTls() {}
73
- virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer) {}
73
+ virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls) {}
74
74
 
75
75
  #ifdef WITH_SSL
76
76
  virtual X509 *GetPeerCert() {return NULL;}
@@ -195,7 +195,7 @@ class ConnectionDescriptor: public EventableDescriptor
195
195
  virtual int GetOutboundDataSize() {return OutboundDataSize;}
196
196
 
197
197
  virtual void StartTls();
198
- virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer);
198
+ virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls);
199
199
 
200
200
  #ifdef WITH_SSL
201
201
  virtual X509 *GetPeerCert();
@@ -241,6 +241,7 @@ class ConnectionDescriptor: public EventableDescriptor
241
241
  std::string PrivateKeyFilename;
242
242
  bool bHandshakeSignaled;
243
243
  bool bSslVerifyPeer;
244
+ bool bSslUseTls;
244
245
  bool bSslPeerAccepted;
245
246
  #endif
246
247
 
@@ -69,7 +69,7 @@ extern "C" {
69
69
  const unsigned long evma_create_unix_domain_server (const char *filename);
70
70
  const unsigned long evma_open_datagram_socket (const char *server, int port);
71
71
  const unsigned long evma_open_keyboard();
72
- void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer);
72
+ void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer, int use_tls);
73
73
  void evma_start_tls (const unsigned long binding);
74
74
 
75
75
  #ifdef WITH_SSL
@@ -307,14 +307,14 @@ static VALUE t_start_tls (VALUE self, VALUE signature)
307
307
  t_set_tls_parms
308
308
  ***************/
309
309
 
310
- static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer)
310
+ static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls)
311
311
  {
312
312
  /* set_tls_parms takes a series of positional arguments for specifying such things
313
313
  * as private keys and certificate chains.
314
314
  * It's expected that the parameter list will grow as we add more supported features.
315
315
  * ALL of these parameters are optional, and can be specified as empty or NULL strings.
316
316
  */
317
- evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0));
317
+ evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0), (use_tls == Qtrue ? 1 : 0));
318
318
  return Qnil;
319
319
  }
320
320
 
@@ -1216,7 +1216,7 @@ extern "C" void Init_rubyeventmachine()
1216
1216
  rb_define_module_function (EmModule, "start_tcp_server", (VALUE(*)(...))t_start_server, 2);
1217
1217
  rb_define_module_function (EmModule, "stop_tcp_server", (VALUE(*)(...))t_stop_server, 1);
1218
1218
  rb_define_module_function (EmModule, "start_unix_server", (VALUE(*)(...))t_start_unix_server, 1);
1219
- rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 4);
1219
+ rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 5);
1220
1220
  rb_define_module_function (EmModule, "start_tls", (VALUE(*)(...))t_start_tls, 1);
1221
1221
  rb_define_module_function (EmModule, "get_peer_cert", (VALUE(*)(...))t_get_peer_cert, 1);
1222
1222
  rb_define_module_function (EmModule, "send_data", (VALUE(*)(...))t_send_data, 3);
@@ -120,7 +120,7 @@ static void InitializeDefaultCredentials()
120
120
  SslContext_t::SslContext_t
121
121
  **************************/
122
122
 
123
- SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls):
124
124
  pCtx (NULL),
125
125
  PrivateKey (NULL),
126
126
  Certificate (NULL)
@@ -145,7 +145,11 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
145
145
  }
146
146
 
147
147
  bIsServer = is_server;
148
- pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
148
+ if (use_tls)
149
+ pCtx = SSL_CTX_new (is_server ? TLSv1_server_method() : TLSv1_client_method());
150
+ else
151
+ pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
152
+
149
153
  if (!pCtx)
150
154
  throw std::runtime_error ("no SSL context");
151
155
 
@@ -216,10 +220,11 @@ SslContext_t::~SslContext_t()
216
220
  SslBox_t::SslBox_t
217
221
  ******************/
218
222
 
219
- SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
223
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding):
220
224
  bIsServer (is_server),
221
225
  bHandshakeCompleted (false),
222
226
  bVerifyPeer (verify_peer),
227
+ bUseTls (use_tls),
223
228
  pSSL (NULL),
224
229
  pbioRead (NULL),
225
230
  pbioWrite (NULL)
@@ -228,7 +233,7 @@ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &cer
228
233
  * a new one every time we come here.
229
234
  */
230
235
 
231
- Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
236
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls);
232
237
  assert (Context);
233
238
 
234
239
  pbioRead = BIO_new (BIO_s_mem());
data/ext/ssl.h CHANGED
@@ -33,7 +33,7 @@ class SslContext_t
33
33
  class SslContext_t
34
34
  {
35
35
  public:
36
- SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile);
36
+ SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls);
37
37
  virtual ~SslContext_t();
38
38
 
39
39
  private:
@@ -57,7 +57,7 @@ class SslBox_t
57
57
  class SslBox_t
58
58
  {
59
59
  public:
60
- SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding);
60
+ SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding);
61
61
  virtual ~SslBox_t();
62
62
 
63
63
  int PutPlaintext (const char*, int);
@@ -78,6 +78,7 @@ class SslBox_t
78
78
  bool bIsServer;
79
79
  bool bHandshakeCompleted;
80
80
  bool bVerifyPeer;
81
+ bool bUseTls;
81
82
  SSL *pSSL;
82
83
  BIO *pbioRead;
83
84
  BIO *pbioWrite;
@@ -389,10 +389,12 @@ module EventMachine
389
389
  #
390
390
  # @option args [String] :private_key_file (nil) local path of a readable file that must contain a private key in the [PEM format](http://en.wikipedia.org/wiki/Privacy_Enhanced_Mail).
391
391
  #
392
- # @option args [String] :verify_peer (false) indicates whether a server should request a certificate from a peer, to be verified by user code.
392
+ # @option args [Boolean] :verify_peer (false) indicates whether a server should request a certificate from a peer, to be verified by user code.
393
393
  # If true, the {#ssl_verify_peer} callback on the {EventMachine::Connection} object is called with each certificate
394
394
  # in the certificate chain provided by the peer. See documentation on {#ssl_verify_peer} for how to use this.
395
395
  #
396
+ # @option args [Boolean] :use_tls (false) indicates whether TLS or SSL must be offered to the peer. If true TLS is used, SSL otherwise.
397
+ #
396
398
  # @example Using TLS with EventMachine
397
399
  #
398
400
  # require 'rubygems'
@@ -417,7 +419,7 @@ module EventMachine
417
419
  #
418
420
  # @see #ssl_verify_peer
419
421
  def start_tls args={}
420
- priv_key, cert_chain, verify_peer = args.values_at(:private_key_file, :cert_chain_file, :verify_peer)
422
+ priv_key, cert_chain, verify_peer, use_tls = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls)
421
423
 
422
424
  [priv_key, cert_chain].each do |file|
423
425
  next if file.nil? or file.empty?
@@ -425,7 +427,7 @@ module EventMachine
425
427
  "Could not find #{file} for start_tls" unless File.exists? file
426
428
  end
427
429
 
428
- EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer)
430
+ EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false))
429
431
  EventMachine::start_tls @signature
430
432
  end
431
433
 
@@ -1,3 +1,3 @@
1
1
  module EventMachine
2
- VERSION = "1.1.2"
2
+ VERSION = "1.1.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: eventmachine-le
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.1.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -11,11 +11,11 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2012-07-13 00:00:00.000000000 Z
14
+ date: 2012-08-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rake-compiler
18
- requirement: &10365700 !ruby/object:Gem::Requirement
18
+ requirement: &17526700 !ruby/object:Gem::Requirement
19
19
  none: false
20
20
  requirements:
21
21
  - - ! '>='
@@ -23,10 +23,10 @@ dependencies:
23
23
  version: 0.7.9
24
24
  type: :development
25
25
  prerelease: false
26
- version_requirements: *10365700
26
+ version_requirements: *17526700
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: yard
29
- requirement: &10365240 !ruby/object:Gem::Requirement
29
+ requirement: &17526220 !ruby/object:Gem::Requirement
30
30
  none: false
31
31
  requirements:
32
32
  - - ! '>='
@@ -34,10 +34,10 @@ dependencies:
34
34
  version: 0.7.2
35
35
  type: :development
36
36
  prerelease: false
37
- version_requirements: *10365240
37
+ version_requirements: *17526220
38
38
  - !ruby/object:Gem::Dependency
39
39
  name: bluecloth
40
- requirement: &10364860 !ruby/object:Gem::Requirement
40
+ requirement: &17525820 !ruby/object:Gem::Requirement
41
41
  none: false
42
42
  requirements:
43
43
  - - ! '>='
@@ -45,7 +45,7 @@ dependencies:
45
45
  version: '0'
46
46
  type: :development
47
47
  prerelease: false
48
- version_requirements: *10364860
48
+ version_requirements: *17525820
49
49
  description: ! 'EventMachine-LE (Live Edition) is a branch of EventMachine (https://github.com/eventmachine/eventmachine).
50
50
 
51
51