eventmachine 1.0.0.beta.2-x86-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. data/.gitignore +16 -0
  2. data/Gemfile +1 -0
  3. data/README +81 -0
  4. data/Rakefile +11 -0
  5. data/docs/COPYING +60 -0
  6. data/docs/ChangeLog +211 -0
  7. data/docs/DEFERRABLES +246 -0
  8. data/docs/EPOLL +141 -0
  9. data/docs/GNU +281 -0
  10. data/docs/INSTALL +13 -0
  11. data/docs/KEYBOARD +42 -0
  12. data/docs/LEGAL +25 -0
  13. data/docs/LIGHTWEIGHT_CONCURRENCY +130 -0
  14. data/docs/PURE_RUBY +75 -0
  15. data/docs/RELEASE_NOTES +94 -0
  16. data/docs/SMTP +4 -0
  17. data/docs/SPAWNED_PROCESSES +148 -0
  18. data/docs/TODO +8 -0
  19. data/eventmachine.gemspec +33 -0
  20. data/examples/ex_channel.rb +43 -0
  21. data/examples/ex_queue.rb +2 -0
  22. data/examples/ex_tick_loop_array.rb +15 -0
  23. data/examples/ex_tick_loop_counter.rb +32 -0
  24. data/examples/helper.rb +2 -0
  25. data/ext/binder.cpp +124 -0
  26. data/ext/binder.h +46 -0
  27. data/ext/cmain.cpp +838 -0
  28. data/ext/ed.cpp +1884 -0
  29. data/ext/ed.h +418 -0
  30. data/ext/em.cpp +2348 -0
  31. data/ext/em.h +228 -0
  32. data/ext/eventmachine.h +123 -0
  33. data/ext/extconf.rb +157 -0
  34. data/ext/fastfilereader/extconf.rb +85 -0
  35. data/ext/fastfilereader/mapper.cpp +214 -0
  36. data/ext/fastfilereader/mapper.h +59 -0
  37. data/ext/fastfilereader/rubymain.cpp +127 -0
  38. data/ext/kb.cpp +79 -0
  39. data/ext/page.cpp +107 -0
  40. data/ext/page.h +51 -0
  41. data/ext/pipe.cpp +347 -0
  42. data/ext/project.h +155 -0
  43. data/ext/rubymain.cpp +1200 -0
  44. data/ext/ssl.cpp +460 -0
  45. data/ext/ssl.h +94 -0
  46. data/java/.classpath +8 -0
  47. data/java/.project +17 -0
  48. data/java/src/com/rubyeventmachine/EmReactor.java +571 -0
  49. data/java/src/com/rubyeventmachine/EmReactorException.java +40 -0
  50. data/java/src/com/rubyeventmachine/EventableChannel.java +69 -0
  51. data/java/src/com/rubyeventmachine/EventableDatagramChannel.java +189 -0
  52. data/java/src/com/rubyeventmachine/EventableSocketChannel.java +364 -0
  53. data/lib/em/buftok.rb +138 -0
  54. data/lib/em/callback.rb +26 -0
  55. data/lib/em/channel.rb +57 -0
  56. data/lib/em/connection.rb +569 -0
  57. data/lib/em/deferrable.rb +206 -0
  58. data/lib/em/file_watch.rb +54 -0
  59. data/lib/em/future.rb +61 -0
  60. data/lib/em/iterator.rb +270 -0
  61. data/lib/em/messages.rb +66 -0
  62. data/lib/em/process_watch.rb +44 -0
  63. data/lib/em/processes.rb +119 -0
  64. data/lib/em/protocols.rb +36 -0
  65. data/lib/em/protocols/header_and_content.rb +138 -0
  66. data/lib/em/protocols/httpclient.rb +268 -0
  67. data/lib/em/protocols/httpclient2.rb +590 -0
  68. data/lib/em/protocols/line_and_text.rb +125 -0
  69. data/lib/em/protocols/line_protocol.rb +28 -0
  70. data/lib/em/protocols/linetext2.rb +161 -0
  71. data/lib/em/protocols/memcache.rb +323 -0
  72. data/lib/em/protocols/object_protocol.rb +45 -0
  73. data/lib/em/protocols/postgres3.rb +247 -0
  74. data/lib/em/protocols/saslauth.rb +175 -0
  75. data/lib/em/protocols/smtpclient.rb +357 -0
  76. data/lib/em/protocols/smtpserver.rb +640 -0
  77. data/lib/em/protocols/socks4.rb +66 -0
  78. data/lib/em/protocols/stomp.rb +200 -0
  79. data/lib/em/protocols/tcptest.rb +53 -0
  80. data/lib/em/pure_ruby.rb +1013 -0
  81. data/lib/em/queue.rb +62 -0
  82. data/lib/em/spawnable.rb +85 -0
  83. data/lib/em/streamer.rb +130 -0
  84. data/lib/em/tick_loop.rb +85 -0
  85. data/lib/em/timers.rb +57 -0
  86. data/lib/em/version.rb +3 -0
  87. data/lib/eventmachine.rb +1548 -0
  88. data/lib/jeventmachine.rb +258 -0
  89. data/lib/rubyeventmachine.rb +2 -0
  90. data/setup.rb +1585 -0
  91. data/tasks/cpp.rake_example +77 -0
  92. data/tasks/doc.rake +30 -0
  93. data/tasks/package.rake +85 -0
  94. data/tasks/test.rake +6 -0
  95. data/tests/client.crt +31 -0
  96. data/tests/client.key +51 -0
  97. data/tests/test_attach.rb +136 -0
  98. data/tests/test_basic.rb +249 -0
  99. data/tests/test_channel.rb +64 -0
  100. data/tests/test_connection_count.rb +35 -0
  101. data/tests/test_defer.rb +49 -0
  102. data/tests/test_deferrable.rb +35 -0
  103. data/tests/test_epoll.rb +160 -0
  104. data/tests/test_error_handler.rb +35 -0
  105. data/tests/test_errors.rb +82 -0
  106. data/tests/test_exc.rb +55 -0
  107. data/tests/test_file_watch.rb +49 -0
  108. data/tests/test_futures.rb +198 -0
  109. data/tests/test_get_sock_opt.rb +30 -0
  110. data/tests/test_handler_check.rb +37 -0
  111. data/tests/test_hc.rb +190 -0
  112. data/tests/test_httpclient.rb +227 -0
  113. data/tests/test_httpclient2.rb +154 -0
  114. data/tests/test_inactivity_timeout.rb +50 -0
  115. data/tests/test_kb.rb +60 -0
  116. data/tests/test_ltp.rb +190 -0
  117. data/tests/test_ltp2.rb +317 -0
  118. data/tests/test_next_tick.rb +133 -0
  119. data/tests/test_object_protocol.rb +37 -0
  120. data/tests/test_pause.rb +70 -0
  121. data/tests/test_pending_connect_timeout.rb +48 -0
  122. data/tests/test_process_watch.rb +50 -0
  123. data/tests/test_processes.rb +128 -0
  124. data/tests/test_proxy_connection.rb +144 -0
  125. data/tests/test_pure.rb +134 -0
  126. data/tests/test_queue.rb +44 -0
  127. data/tests/test_running.rb +42 -0
  128. data/tests/test_sasl.rb +72 -0
  129. data/tests/test_send_file.rb +251 -0
  130. data/tests/test_servers.rb +76 -0
  131. data/tests/test_smtpclient.rb +83 -0
  132. data/tests/test_smtpserver.rb +85 -0
  133. data/tests/test_spawn.rb +322 -0
  134. data/tests/test_ssl_args.rb +79 -0
  135. data/tests/test_ssl_methods.rb +50 -0
  136. data/tests/test_ssl_verify.rb +82 -0
  137. data/tests/test_tick_loop.rb +59 -0
  138. data/tests/test_timers.rb +160 -0
  139. data/tests/test_ud.rb +36 -0
  140. data/tests/testem.rb +31 -0
  141. metadata +240 -0
@@ -0,0 +1,460 @@
1
+ /*****************************************************************************
2
+
3
+ $Id$
4
+
5
+ File: ssl.cpp
6
+ Date: 30Apr06
7
+
8
+ Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
9
+ Gmail: blackhedd
10
+
11
+ This program is free software; you can redistribute it and/or modify
12
+ it under the terms of either: 1) the GNU General Public License
13
+ as published by the Free Software Foundation; either version 2 of the
14
+ License, or (at your option) any later version; or 2) Ruby's License.
15
+
16
+ See the file COPYING for complete licensing information.
17
+
18
+ *****************************************************************************/
19
+
20
+
21
+ #ifdef WITH_SSL
22
+
23
+ #include "project.h"
24
+
25
+
26
+ bool SslContext_t::bLibraryInitialized = false;
27
+
28
+
29
+
30
+ static void InitializeDefaultCredentials();
31
+ static EVP_PKEY *DefaultPrivateKey = NULL;
32
+ static X509 *DefaultCertificate = NULL;
33
+
34
+ static char PrivateMaterials[] = {
35
+ "-----BEGIN RSA PRIVATE KEY-----\n"
36
+ "MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
37
+ "Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
38
+ "AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
39
+ "AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
40
+ "H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
41
+ "I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
42
+ "6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
43
+ "w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
44
+ "PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
45
+ "xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
46
+ "xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
47
+ "dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
48
+ "2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
49
+ "-----END RSA PRIVATE KEY-----\n"
50
+ "-----BEGIN CERTIFICATE-----\n"
51
+ "MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
52
+ "VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
53
+ "FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
54
+ "A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
55
+ "ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
56
+ "NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
57
+ "EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
58
+ "aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
59
+ "hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
60
+ "AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
61
+ "VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
62
+ "9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
63
+ "AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
64
+ "HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
65
+ "EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
66
+ "VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
67
+ "AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
68
+ "aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
69
+ "SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
70
+ "Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
71
+ "uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
72
+ "-----END CERTIFICATE-----\n"};
73
+
74
+ /* These private materials were made with:
75
+ * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
76
+ * TODO: We need a full-blown capability to work with user-supplied
77
+ * keypairs and properly-signed certificates.
78
+ */
79
+
80
+
81
+ /*****************
82
+ builtin_passwd_cb
83
+ *****************/
84
+
85
+ extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
86
+ {
87
+ strcpy (buf, "kittycat");
88
+ return 8;
89
+ }
90
+
91
+ /****************************
92
+ InitializeDefaultCredentials
93
+ ****************************/
94
+
95
+ static void InitializeDefaultCredentials()
96
+ {
97
+ BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
98
+ assert (bio);
99
+
100
+ if (DefaultPrivateKey) {
101
+ // we may come here in a restart.
102
+ EVP_PKEY_free (DefaultPrivateKey);
103
+ DefaultPrivateKey = NULL;
104
+ }
105
+ PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
106
+
107
+ if (DefaultCertificate) {
108
+ // we may come here in a restart.
109
+ X509_free (DefaultCertificate);
110
+ DefaultCertificate = NULL;
111
+ }
112
+ PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
113
+
114
+ BIO_free (bio);
115
+ }
116
+
117
+
118
+
119
+ /**************************
120
+ SslContext_t::SslContext_t
121
+ **************************/
122
+
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
124
+ pCtx (NULL),
125
+ PrivateKey (NULL),
126
+ Certificate (NULL)
127
+ {
128
+ /* TODO: the usage of the specified private-key and cert-chain filenames only applies to
129
+ * client-side connections at this point. Server connections currently use the default materials.
130
+ * That needs to be fixed asap.
131
+ * Also, in this implementation, server-side connections use statically defined X-509 defaults.
132
+ * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
133
+ * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
134
+ */
135
+
136
+ if (!bLibraryInitialized) {
137
+ bLibraryInitialized = true;
138
+ SSL_library_init();
139
+ OpenSSL_add_ssl_algorithms();
140
+ OpenSSL_add_all_algorithms();
141
+ SSL_load_error_strings();
142
+ ERR_load_crypto_strings();
143
+
144
+ InitializeDefaultCredentials();
145
+ }
146
+
147
+ bIsServer = is_server;
148
+ pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
149
+ if (!pCtx)
150
+ throw std::runtime_error ("no SSL context");
151
+
152
+ SSL_CTX_set_options (pCtx, SSL_OP_ALL);
153
+ //SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
154
+
155
+ if (is_server) {
156
+ // The SSL_CTX calls here do NOT allocate memory.
157
+ int e;
158
+ if (privkeyfile.length() > 0)
159
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
160
+ else
161
+ e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
162
+ assert (e > 0);
163
+ if (certchainfile.length() > 0)
164
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
165
+ else
166
+ e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
167
+ assert (e > 0);
168
+ }
169
+
170
+ SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
171
+
172
+ if (is_server) {
173
+ SSL_CTX_sess_set_cache_size (pCtx, 128);
174
+ SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
175
+ }
176
+ else {
177
+ int e;
178
+ if (privkeyfile.length() > 0) {
179
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
180
+ assert (e > 0);
181
+ }
182
+ if (certchainfile.length() > 0) {
183
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
184
+ assert (e > 0);
185
+ }
186
+ }
187
+ }
188
+
189
+
190
+
191
+ /***************************
192
+ SslContext_t::~SslContext_t
193
+ ***************************/
194
+
195
+ SslContext_t::~SslContext_t()
196
+ {
197
+ if (pCtx)
198
+ SSL_CTX_free (pCtx);
199
+ if (PrivateKey)
200
+ EVP_PKEY_free (PrivateKey);
201
+ if (Certificate)
202
+ X509_free (Certificate);
203
+ }
204
+
205
+
206
+
207
+ /******************
208
+ SslBox_t::SslBox_t
209
+ ******************/
210
+
211
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
212
+ bIsServer (is_server),
213
+ bHandshakeCompleted (false),
214
+ bVerifyPeer (verify_peer),
215
+ pSSL (NULL),
216
+ pbioRead (NULL),
217
+ pbioWrite (NULL)
218
+ {
219
+ /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
220
+ * a new one every time we come here.
221
+ */
222
+
223
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
224
+ assert (Context);
225
+
226
+ pbioRead = BIO_new (BIO_s_mem());
227
+ assert (pbioRead);
228
+
229
+ pbioWrite = BIO_new (BIO_s_mem());
230
+ assert (pbioWrite);
231
+
232
+ pSSL = SSL_new (Context->pCtx);
233
+ assert (pSSL);
234
+ SSL_set_bio (pSSL, pbioRead, pbioWrite);
235
+
236
+ // Store a pointer to the binding signature in the SSL object so we can retrieve it later
237
+ SSL_set_ex_data(pSSL, 0, (void*) binding);
238
+
239
+ if (bVerifyPeer)
240
+ SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
241
+
242
+ if (!bIsServer)
243
+ SSL_connect (pSSL);
244
+ }
245
+
246
+
247
+
248
+ /*******************
249
+ SslBox_t::~SslBox_t
250
+ *******************/
251
+
252
+ SslBox_t::~SslBox_t()
253
+ {
254
+ // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
255
+ if (pSSL) {
256
+ if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
257
+ SSL_shutdown (pSSL);
258
+ else
259
+ SSL_clear (pSSL);
260
+ SSL_free (pSSL);
261
+ }
262
+
263
+ delete Context;
264
+ }
265
+
266
+
267
+
268
+ /***********************
269
+ SslBox_t::PutCiphertext
270
+ ***********************/
271
+
272
+ bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
273
+ {
274
+ assert (buf && (bufsize > 0));
275
+
276
+ assert (pbioRead);
277
+ int n = BIO_write (pbioRead, buf, bufsize);
278
+
279
+ return (n == bufsize) ? true : false;
280
+ }
281
+
282
+
283
+ /**********************
284
+ SslBox_t::GetPlaintext
285
+ **********************/
286
+
287
+ int SslBox_t::GetPlaintext (char *buf, int bufsize)
288
+ {
289
+ if (!SSL_is_init_finished (pSSL)) {
290
+ int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
291
+ if (e < 0) {
292
+ int er = SSL_get_error (pSSL, e);
293
+ if (er != SSL_ERROR_WANT_READ) {
294
+ // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
295
+ return (er == SSL_ERROR_SSL) ? (-2) : (-1);
296
+ }
297
+ else
298
+ return 0;
299
+ }
300
+ bHandshakeCompleted = true;
301
+ // If handshake finished, FALL THROUGH and return the available plaintext.
302
+ }
303
+
304
+ if (!SSL_is_init_finished (pSSL)) {
305
+ // We can get here if a browser abandons a handshake.
306
+ // The user can see a warning dialog and abort the connection.
307
+ cerr << "<SSL_incomp>";
308
+ return 0;
309
+ }
310
+
311
+ //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
312
+
313
+ int n = SSL_read (pSSL, buf, bufsize);
314
+ if (n >= 0) {
315
+ return n;
316
+ }
317
+ else {
318
+ if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
319
+ return 0;
320
+ }
321
+ else {
322
+ return -1;
323
+ }
324
+ }
325
+
326
+ return 0;
327
+ }
328
+
329
+
330
+
331
+ /**************************
332
+ SslBox_t::CanGetCiphertext
333
+ **************************/
334
+
335
+ bool SslBox_t::CanGetCiphertext()
336
+ {
337
+ assert (pbioWrite);
338
+ return BIO_pending (pbioWrite) ? true : false;
339
+ }
340
+
341
+
342
+
343
+ /***********************
344
+ SslBox_t::GetCiphertext
345
+ ***********************/
346
+
347
+ int SslBox_t::GetCiphertext (char *buf, int bufsize)
348
+ {
349
+ assert (pbioWrite);
350
+ assert (buf && (bufsize > 0));
351
+
352
+ return BIO_read (pbioWrite, buf, bufsize);
353
+ }
354
+
355
+
356
+
357
+ /**********************
358
+ SslBox_t::PutPlaintext
359
+ **********************/
360
+
361
+ int SslBox_t::PutPlaintext (const char *buf, int bufsize)
362
+ {
363
+ // The caller will interpret the return value as the number of bytes written.
364
+ // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
365
+ // from SSL_write means we should immediately retry? The socket-machine loop
366
+ // will probably wait for a time-out cycle (perhaps a second) before re-trying.
367
+ // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
368
+
369
+ /* We internally queue any outbound plaintext that can't be dispatched
370
+ * because we're in the middle of a handshake or something.
371
+ * When we get called, try to send any queued data first, and then
372
+ * send the caller's data (or queue it). We may get called with no outbound
373
+ * data, which means we try to send the outbound queue and that's all.
374
+ *
375
+ * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
376
+ * Note that if we return 0, the connection is still considered live
377
+ * and we are signalling that we have accepted the outbound data (if any).
378
+ */
379
+
380
+ OutboundQ.Push (buf, bufsize);
381
+
382
+ if (!SSL_is_init_finished (pSSL))
383
+ return 0;
384
+
385
+ bool fatal = false;
386
+ bool did_work = false;
387
+
388
+ while (OutboundQ.HasPages()) {
389
+ const char *page;
390
+ int length;
391
+ OutboundQ.Front (&page, &length);
392
+ assert (page && (length > 0));
393
+ int n = SSL_write (pSSL, page, length);
394
+ if (n > 0) {
395
+ did_work = true;
396
+ OutboundQ.PopFront();
397
+ }
398
+ else {
399
+ int er = SSL_get_error (pSSL, n);
400
+ if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
401
+ fatal = true;
402
+ break;
403
+ }
404
+ }
405
+
406
+
407
+ if (did_work)
408
+ return 1;
409
+ else if (fatal)
410
+ return -1;
411
+ else
412
+ return 0;
413
+ }
414
+
415
+ /**********************
416
+ SslBox_t::GetPeerCert
417
+ **********************/
418
+
419
+ X509 *SslBox_t::GetPeerCert()
420
+ {
421
+ X509 *cert = NULL;
422
+
423
+ if (pSSL)
424
+ cert = SSL_get_peer_certificate(pSSL);
425
+
426
+ return cert;
427
+ }
428
+
429
+
430
+ /******************
431
+ ssl_verify_wrapper
432
+ *******************/
433
+
434
+ extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
435
+ {
436
+ unsigned long binding;
437
+ X509 *cert;
438
+ SSL *ssl;
439
+ BUF_MEM *buf;
440
+ BIO *out;
441
+ int result;
442
+
443
+ cert = X509_STORE_CTX_get_current_cert(ctx);
444
+ ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
445
+ binding = (unsigned long) SSL_get_ex_data(ssl, 0);
446
+
447
+ out = BIO_new(BIO_s_mem());
448
+ PEM_write_bio_X509(out, cert);
449
+ BIO_write(out, "\0", 1);
450
+ BIO_get_mem_ptr(out, &buf);
451
+
452
+ ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
453
+ result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
454
+ BUF_MEM_free(buf);
455
+
456
+ return result;
457
+ }
458
+
459
+ #endif // WITH_SSL
460
+