eventmachine 1.0.0.beta.2-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (141) hide show
  1. data/.gitignore +16 -0
  2. data/Gemfile +1 -0
  3. data/README +81 -0
  4. data/Rakefile +11 -0
  5. data/docs/COPYING +60 -0
  6. data/docs/ChangeLog +211 -0
  7. data/docs/DEFERRABLES +246 -0
  8. data/docs/EPOLL +141 -0
  9. data/docs/GNU +281 -0
  10. data/docs/INSTALL +13 -0
  11. data/docs/KEYBOARD +42 -0
  12. data/docs/LEGAL +25 -0
  13. data/docs/LIGHTWEIGHT_CONCURRENCY +130 -0
  14. data/docs/PURE_RUBY +75 -0
  15. data/docs/RELEASE_NOTES +94 -0
  16. data/docs/SMTP +4 -0
  17. data/docs/SPAWNED_PROCESSES +148 -0
  18. data/docs/TODO +8 -0
  19. data/eventmachine.gemspec +33 -0
  20. data/examples/ex_channel.rb +43 -0
  21. data/examples/ex_queue.rb +2 -0
  22. data/examples/ex_tick_loop_array.rb +15 -0
  23. data/examples/ex_tick_loop_counter.rb +32 -0
  24. data/examples/helper.rb +2 -0
  25. data/ext/binder.cpp +124 -0
  26. data/ext/binder.h +46 -0
  27. data/ext/cmain.cpp +838 -0
  28. data/ext/ed.cpp +1884 -0
  29. data/ext/ed.h +418 -0
  30. data/ext/em.cpp +2348 -0
  31. data/ext/em.h +228 -0
  32. data/ext/eventmachine.h +123 -0
  33. data/ext/extconf.rb +157 -0
  34. data/ext/fastfilereader/extconf.rb +85 -0
  35. data/ext/fastfilereader/mapper.cpp +214 -0
  36. data/ext/fastfilereader/mapper.h +59 -0
  37. data/ext/fastfilereader/rubymain.cpp +127 -0
  38. data/ext/kb.cpp +79 -0
  39. data/ext/page.cpp +107 -0
  40. data/ext/page.h +51 -0
  41. data/ext/pipe.cpp +347 -0
  42. data/ext/project.h +155 -0
  43. data/ext/rubymain.cpp +1200 -0
  44. data/ext/ssl.cpp +460 -0
  45. data/ext/ssl.h +94 -0
  46. data/java/.classpath +8 -0
  47. data/java/.project +17 -0
  48. data/java/src/com/rubyeventmachine/EmReactor.java +571 -0
  49. data/java/src/com/rubyeventmachine/EmReactorException.java +40 -0
  50. data/java/src/com/rubyeventmachine/EventableChannel.java +69 -0
  51. data/java/src/com/rubyeventmachine/EventableDatagramChannel.java +189 -0
  52. data/java/src/com/rubyeventmachine/EventableSocketChannel.java +364 -0
  53. data/lib/em/buftok.rb +138 -0
  54. data/lib/em/callback.rb +26 -0
  55. data/lib/em/channel.rb +57 -0
  56. data/lib/em/connection.rb +569 -0
  57. data/lib/em/deferrable.rb +206 -0
  58. data/lib/em/file_watch.rb +54 -0
  59. data/lib/em/future.rb +61 -0
  60. data/lib/em/iterator.rb +270 -0
  61. data/lib/em/messages.rb +66 -0
  62. data/lib/em/process_watch.rb +44 -0
  63. data/lib/em/processes.rb +119 -0
  64. data/lib/em/protocols.rb +36 -0
  65. data/lib/em/protocols/header_and_content.rb +138 -0
  66. data/lib/em/protocols/httpclient.rb +268 -0
  67. data/lib/em/protocols/httpclient2.rb +590 -0
  68. data/lib/em/protocols/line_and_text.rb +125 -0
  69. data/lib/em/protocols/line_protocol.rb +28 -0
  70. data/lib/em/protocols/linetext2.rb +161 -0
  71. data/lib/em/protocols/memcache.rb +323 -0
  72. data/lib/em/protocols/object_protocol.rb +45 -0
  73. data/lib/em/protocols/postgres3.rb +247 -0
  74. data/lib/em/protocols/saslauth.rb +175 -0
  75. data/lib/em/protocols/smtpclient.rb +357 -0
  76. data/lib/em/protocols/smtpserver.rb +640 -0
  77. data/lib/em/protocols/socks4.rb +66 -0
  78. data/lib/em/protocols/stomp.rb +200 -0
  79. data/lib/em/protocols/tcptest.rb +53 -0
  80. data/lib/em/pure_ruby.rb +1013 -0
  81. data/lib/em/queue.rb +62 -0
  82. data/lib/em/spawnable.rb +85 -0
  83. data/lib/em/streamer.rb +130 -0
  84. data/lib/em/tick_loop.rb +85 -0
  85. data/lib/em/timers.rb +57 -0
  86. data/lib/em/version.rb +3 -0
  87. data/lib/eventmachine.rb +1548 -0
  88. data/lib/jeventmachine.rb +258 -0
  89. data/lib/rubyeventmachine.rb +2 -0
  90. data/setup.rb +1585 -0
  91. data/tasks/cpp.rake_example +77 -0
  92. data/tasks/doc.rake +30 -0
  93. data/tasks/package.rake +85 -0
  94. data/tasks/test.rake +6 -0
  95. data/tests/client.crt +31 -0
  96. data/tests/client.key +51 -0
  97. data/tests/test_attach.rb +136 -0
  98. data/tests/test_basic.rb +249 -0
  99. data/tests/test_channel.rb +64 -0
  100. data/tests/test_connection_count.rb +35 -0
  101. data/tests/test_defer.rb +49 -0
  102. data/tests/test_deferrable.rb +35 -0
  103. data/tests/test_epoll.rb +160 -0
  104. data/tests/test_error_handler.rb +35 -0
  105. data/tests/test_errors.rb +82 -0
  106. data/tests/test_exc.rb +55 -0
  107. data/tests/test_file_watch.rb +49 -0
  108. data/tests/test_futures.rb +198 -0
  109. data/tests/test_get_sock_opt.rb +30 -0
  110. data/tests/test_handler_check.rb +37 -0
  111. data/tests/test_hc.rb +190 -0
  112. data/tests/test_httpclient.rb +227 -0
  113. data/tests/test_httpclient2.rb +154 -0
  114. data/tests/test_inactivity_timeout.rb +50 -0
  115. data/tests/test_kb.rb +60 -0
  116. data/tests/test_ltp.rb +190 -0
  117. data/tests/test_ltp2.rb +317 -0
  118. data/tests/test_next_tick.rb +133 -0
  119. data/tests/test_object_protocol.rb +37 -0
  120. data/tests/test_pause.rb +70 -0
  121. data/tests/test_pending_connect_timeout.rb +48 -0
  122. data/tests/test_process_watch.rb +50 -0
  123. data/tests/test_processes.rb +128 -0
  124. data/tests/test_proxy_connection.rb +144 -0
  125. data/tests/test_pure.rb +134 -0
  126. data/tests/test_queue.rb +44 -0
  127. data/tests/test_running.rb +42 -0
  128. data/tests/test_sasl.rb +72 -0
  129. data/tests/test_send_file.rb +251 -0
  130. data/tests/test_servers.rb +76 -0
  131. data/tests/test_smtpclient.rb +83 -0
  132. data/tests/test_smtpserver.rb +85 -0
  133. data/tests/test_spawn.rb +322 -0
  134. data/tests/test_ssl_args.rb +79 -0
  135. data/tests/test_ssl_methods.rb +50 -0
  136. data/tests/test_ssl_verify.rb +82 -0
  137. data/tests/test_tick_loop.rb +59 -0
  138. data/tests/test_timers.rb +160 -0
  139. data/tests/test_ud.rb +36 -0
  140. data/tests/testem.rb +31 -0
  141. metadata +240 -0
@@ -0,0 +1,460 @@
1
+ /*****************************************************************************
2
+
3
+ $Id$
4
+
5
+ File: ssl.cpp
6
+ Date: 30Apr06
7
+
8
+ Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
9
+ Gmail: blackhedd
10
+
11
+ This program is free software; you can redistribute it and/or modify
12
+ it under the terms of either: 1) the GNU General Public License
13
+ as published by the Free Software Foundation; either version 2 of the
14
+ License, or (at your option) any later version; or 2) Ruby's License.
15
+
16
+ See the file COPYING for complete licensing information.
17
+
18
+ *****************************************************************************/
19
+
20
+
21
+ #ifdef WITH_SSL
22
+
23
+ #include "project.h"
24
+
25
+
26
+ bool SslContext_t::bLibraryInitialized = false;
27
+
28
+
29
+
30
+ static void InitializeDefaultCredentials();
31
+ static EVP_PKEY *DefaultPrivateKey = NULL;
32
+ static X509 *DefaultCertificate = NULL;
33
+
34
+ static char PrivateMaterials[] = {
35
+ "-----BEGIN RSA PRIVATE KEY-----\n"
36
+ "MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
37
+ "Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
38
+ "AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
39
+ "AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
40
+ "H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
41
+ "I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
42
+ "6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
43
+ "w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
44
+ "PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
45
+ "xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
46
+ "xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
47
+ "dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
48
+ "2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
49
+ "-----END RSA PRIVATE KEY-----\n"
50
+ "-----BEGIN CERTIFICATE-----\n"
51
+ "MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
52
+ "VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
53
+ "FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
54
+ "A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
55
+ "ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
56
+ "NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
57
+ "EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
58
+ "aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
59
+ "hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
60
+ "AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
61
+ "VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
62
+ "9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
63
+ "AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
64
+ "HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
65
+ "EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
66
+ "VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
67
+ "AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
68
+ "aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
69
+ "SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
70
+ "Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
71
+ "uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
72
+ "-----END CERTIFICATE-----\n"};
73
+
74
+ /* These private materials were made with:
75
+ * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
76
+ * TODO: We need a full-blown capability to work with user-supplied
77
+ * keypairs and properly-signed certificates.
78
+ */
79
+
80
+
81
+ /*****************
82
+ builtin_passwd_cb
83
+ *****************/
84
+
85
+ extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
86
+ {
87
+ strcpy (buf, "kittycat");
88
+ return 8;
89
+ }
90
+
91
+ /****************************
92
+ InitializeDefaultCredentials
93
+ ****************************/
94
+
95
+ static void InitializeDefaultCredentials()
96
+ {
97
+ BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
98
+ assert (bio);
99
+
100
+ if (DefaultPrivateKey) {
101
+ // we may come here in a restart.
102
+ EVP_PKEY_free (DefaultPrivateKey);
103
+ DefaultPrivateKey = NULL;
104
+ }
105
+ PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
106
+
107
+ if (DefaultCertificate) {
108
+ // we may come here in a restart.
109
+ X509_free (DefaultCertificate);
110
+ DefaultCertificate = NULL;
111
+ }
112
+ PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
113
+
114
+ BIO_free (bio);
115
+ }
116
+
117
+
118
+
119
+ /**************************
120
+ SslContext_t::SslContext_t
121
+ **************************/
122
+
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
124
+ pCtx (NULL),
125
+ PrivateKey (NULL),
126
+ Certificate (NULL)
127
+ {
128
+ /* TODO: the usage of the specified private-key and cert-chain filenames only applies to
129
+ * client-side connections at this point. Server connections currently use the default materials.
130
+ * That needs to be fixed asap.
131
+ * Also, in this implementation, server-side connections use statically defined X-509 defaults.
132
+ * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
133
+ * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
134
+ */
135
+
136
+ if (!bLibraryInitialized) {
137
+ bLibraryInitialized = true;
138
+ SSL_library_init();
139
+ OpenSSL_add_ssl_algorithms();
140
+ OpenSSL_add_all_algorithms();
141
+ SSL_load_error_strings();
142
+ ERR_load_crypto_strings();
143
+
144
+ InitializeDefaultCredentials();
145
+ }
146
+
147
+ bIsServer = is_server;
148
+ pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
149
+ if (!pCtx)
150
+ throw std::runtime_error ("no SSL context");
151
+
152
+ SSL_CTX_set_options (pCtx, SSL_OP_ALL);
153
+ //SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
154
+
155
+ if (is_server) {
156
+ // The SSL_CTX calls here do NOT allocate memory.
157
+ int e;
158
+ if (privkeyfile.length() > 0)
159
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
160
+ else
161
+ e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
162
+ assert (e > 0);
163
+ if (certchainfile.length() > 0)
164
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
165
+ else
166
+ e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
167
+ assert (e > 0);
168
+ }
169
+
170
+ SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
171
+
172
+ if (is_server) {
173
+ SSL_CTX_sess_set_cache_size (pCtx, 128);
174
+ SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
175
+ }
176
+ else {
177
+ int e;
178
+ if (privkeyfile.length() > 0) {
179
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
180
+ assert (e > 0);
181
+ }
182
+ if (certchainfile.length() > 0) {
183
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
184
+ assert (e > 0);
185
+ }
186
+ }
187
+ }
188
+
189
+
190
+
191
+ /***************************
192
+ SslContext_t::~SslContext_t
193
+ ***************************/
194
+
195
+ SslContext_t::~SslContext_t()
196
+ {
197
+ if (pCtx)
198
+ SSL_CTX_free (pCtx);
199
+ if (PrivateKey)
200
+ EVP_PKEY_free (PrivateKey);
201
+ if (Certificate)
202
+ X509_free (Certificate);
203
+ }
204
+
205
+
206
+
207
+ /******************
208
+ SslBox_t::SslBox_t
209
+ ******************/
210
+
211
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
212
+ bIsServer (is_server),
213
+ bHandshakeCompleted (false),
214
+ bVerifyPeer (verify_peer),
215
+ pSSL (NULL),
216
+ pbioRead (NULL),
217
+ pbioWrite (NULL)
218
+ {
219
+ /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
220
+ * a new one every time we come here.
221
+ */
222
+
223
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
224
+ assert (Context);
225
+
226
+ pbioRead = BIO_new (BIO_s_mem());
227
+ assert (pbioRead);
228
+
229
+ pbioWrite = BIO_new (BIO_s_mem());
230
+ assert (pbioWrite);
231
+
232
+ pSSL = SSL_new (Context->pCtx);
233
+ assert (pSSL);
234
+ SSL_set_bio (pSSL, pbioRead, pbioWrite);
235
+
236
+ // Store a pointer to the binding signature in the SSL object so we can retrieve it later
237
+ SSL_set_ex_data(pSSL, 0, (void*) binding);
238
+
239
+ if (bVerifyPeer)
240
+ SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
241
+
242
+ if (!bIsServer)
243
+ SSL_connect (pSSL);
244
+ }
245
+
246
+
247
+
248
+ /*******************
249
+ SslBox_t::~SslBox_t
250
+ *******************/
251
+
252
+ SslBox_t::~SslBox_t()
253
+ {
254
+ // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
255
+ if (pSSL) {
256
+ if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
257
+ SSL_shutdown (pSSL);
258
+ else
259
+ SSL_clear (pSSL);
260
+ SSL_free (pSSL);
261
+ }
262
+
263
+ delete Context;
264
+ }
265
+
266
+
267
+
268
+ /***********************
269
+ SslBox_t::PutCiphertext
270
+ ***********************/
271
+
272
+ bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
273
+ {
274
+ assert (buf && (bufsize > 0));
275
+
276
+ assert (pbioRead);
277
+ int n = BIO_write (pbioRead, buf, bufsize);
278
+
279
+ return (n == bufsize) ? true : false;
280
+ }
281
+
282
+
283
+ /**********************
284
+ SslBox_t::GetPlaintext
285
+ **********************/
286
+
287
+ int SslBox_t::GetPlaintext (char *buf, int bufsize)
288
+ {
289
+ if (!SSL_is_init_finished (pSSL)) {
290
+ int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
291
+ if (e < 0) {
292
+ int er = SSL_get_error (pSSL, e);
293
+ if (er != SSL_ERROR_WANT_READ) {
294
+ // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
295
+ return (er == SSL_ERROR_SSL) ? (-2) : (-1);
296
+ }
297
+ else
298
+ return 0;
299
+ }
300
+ bHandshakeCompleted = true;
301
+ // If handshake finished, FALL THROUGH and return the available plaintext.
302
+ }
303
+
304
+ if (!SSL_is_init_finished (pSSL)) {
305
+ // We can get here if a browser abandons a handshake.
306
+ // The user can see a warning dialog and abort the connection.
307
+ cerr << "<SSL_incomp>";
308
+ return 0;
309
+ }
310
+
311
+ //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
312
+
313
+ int n = SSL_read (pSSL, buf, bufsize);
314
+ if (n >= 0) {
315
+ return n;
316
+ }
317
+ else {
318
+ if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
319
+ return 0;
320
+ }
321
+ else {
322
+ return -1;
323
+ }
324
+ }
325
+
326
+ return 0;
327
+ }
328
+
329
+
330
+
331
+ /**************************
332
+ SslBox_t::CanGetCiphertext
333
+ **************************/
334
+
335
+ bool SslBox_t::CanGetCiphertext()
336
+ {
337
+ assert (pbioWrite);
338
+ return BIO_pending (pbioWrite) ? true : false;
339
+ }
340
+
341
+
342
+
343
+ /***********************
344
+ SslBox_t::GetCiphertext
345
+ ***********************/
346
+
347
+ int SslBox_t::GetCiphertext (char *buf, int bufsize)
348
+ {
349
+ assert (pbioWrite);
350
+ assert (buf && (bufsize > 0));
351
+
352
+ return BIO_read (pbioWrite, buf, bufsize);
353
+ }
354
+
355
+
356
+
357
+ /**********************
358
+ SslBox_t::PutPlaintext
359
+ **********************/
360
+
361
+ int SslBox_t::PutPlaintext (const char *buf, int bufsize)
362
+ {
363
+ // The caller will interpret the return value as the number of bytes written.
364
+ // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
365
+ // from SSL_write means we should immediately retry? The socket-machine loop
366
+ // will probably wait for a time-out cycle (perhaps a second) before re-trying.
367
+ // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
368
+
369
+ /* We internally queue any outbound plaintext that can't be dispatched
370
+ * because we're in the middle of a handshake or something.
371
+ * When we get called, try to send any queued data first, and then
372
+ * send the caller's data (or queue it). We may get called with no outbound
373
+ * data, which means we try to send the outbound queue and that's all.
374
+ *
375
+ * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
376
+ * Note that if we return 0, the connection is still considered live
377
+ * and we are signalling that we have accepted the outbound data (if any).
378
+ */
379
+
380
+ OutboundQ.Push (buf, bufsize);
381
+
382
+ if (!SSL_is_init_finished (pSSL))
383
+ return 0;
384
+
385
+ bool fatal = false;
386
+ bool did_work = false;
387
+
388
+ while (OutboundQ.HasPages()) {
389
+ const char *page;
390
+ int length;
391
+ OutboundQ.Front (&page, &length);
392
+ assert (page && (length > 0));
393
+ int n = SSL_write (pSSL, page, length);
394
+ if (n > 0) {
395
+ did_work = true;
396
+ OutboundQ.PopFront();
397
+ }
398
+ else {
399
+ int er = SSL_get_error (pSSL, n);
400
+ if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
401
+ fatal = true;
402
+ break;
403
+ }
404
+ }
405
+
406
+
407
+ if (did_work)
408
+ return 1;
409
+ else if (fatal)
410
+ return -1;
411
+ else
412
+ return 0;
413
+ }
414
+
415
+ /**********************
416
+ SslBox_t::GetPeerCert
417
+ **********************/
418
+
419
+ X509 *SslBox_t::GetPeerCert()
420
+ {
421
+ X509 *cert = NULL;
422
+
423
+ if (pSSL)
424
+ cert = SSL_get_peer_certificate(pSSL);
425
+
426
+ return cert;
427
+ }
428
+
429
+
430
+ /******************
431
+ ssl_verify_wrapper
432
+ *******************/
433
+
434
+ extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
435
+ {
436
+ unsigned long binding;
437
+ X509 *cert;
438
+ SSL *ssl;
439
+ BUF_MEM *buf;
440
+ BIO *out;
441
+ int result;
442
+
443
+ cert = X509_STORE_CTX_get_current_cert(ctx);
444
+ ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
445
+ binding = (unsigned long) SSL_get_ex_data(ssl, 0);
446
+
447
+ out = BIO_new(BIO_s_mem());
448
+ PEM_write_bio_X509(out, cert);
449
+ BIO_write(out, "\0", 1);
450
+ BIO_get_mem_ptr(out, &buf);
451
+
452
+ ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
453
+ result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
454
+ BUF_MEM_free(buf);
455
+
456
+ return result;
457
+ }
458
+
459
+ #endif // WITH_SSL
460
+