eventmachine 1.0.0.beta.2-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +16 -0
- data/Gemfile +1 -0
- data/README +81 -0
- data/Rakefile +11 -0
- data/docs/COPYING +60 -0
- data/docs/ChangeLog +211 -0
- data/docs/DEFERRABLES +246 -0
- data/docs/EPOLL +141 -0
- data/docs/GNU +281 -0
- data/docs/INSTALL +13 -0
- data/docs/KEYBOARD +42 -0
- data/docs/LEGAL +25 -0
- data/docs/LIGHTWEIGHT_CONCURRENCY +130 -0
- data/docs/PURE_RUBY +75 -0
- data/docs/RELEASE_NOTES +94 -0
- data/docs/SMTP +4 -0
- data/docs/SPAWNED_PROCESSES +148 -0
- data/docs/TODO +8 -0
- data/eventmachine.gemspec +33 -0
- data/examples/ex_channel.rb +43 -0
- data/examples/ex_queue.rb +2 -0
- data/examples/ex_tick_loop_array.rb +15 -0
- data/examples/ex_tick_loop_counter.rb +32 -0
- data/examples/helper.rb +2 -0
- data/ext/binder.cpp +124 -0
- data/ext/binder.h +46 -0
- data/ext/cmain.cpp +838 -0
- data/ext/ed.cpp +1884 -0
- data/ext/ed.h +418 -0
- data/ext/em.cpp +2348 -0
- data/ext/em.h +228 -0
- data/ext/eventmachine.h +123 -0
- data/ext/extconf.rb +157 -0
- data/ext/fastfilereader/extconf.rb +85 -0
- data/ext/fastfilereader/mapper.cpp +214 -0
- data/ext/fastfilereader/mapper.h +59 -0
- data/ext/fastfilereader/rubymain.cpp +127 -0
- data/ext/kb.cpp +79 -0
- data/ext/page.cpp +107 -0
- data/ext/page.h +51 -0
- data/ext/pipe.cpp +347 -0
- data/ext/project.h +155 -0
- data/ext/rubymain.cpp +1200 -0
- data/ext/ssl.cpp +460 -0
- data/ext/ssl.h +94 -0
- data/java/.classpath +8 -0
- data/java/.project +17 -0
- data/java/src/com/rubyeventmachine/EmReactor.java +571 -0
- data/java/src/com/rubyeventmachine/EmReactorException.java +40 -0
- data/java/src/com/rubyeventmachine/EventableChannel.java +69 -0
- data/java/src/com/rubyeventmachine/EventableDatagramChannel.java +189 -0
- data/java/src/com/rubyeventmachine/EventableSocketChannel.java +364 -0
- data/lib/em/buftok.rb +138 -0
- data/lib/em/callback.rb +26 -0
- data/lib/em/channel.rb +57 -0
- data/lib/em/connection.rb +569 -0
- data/lib/em/deferrable.rb +206 -0
- data/lib/em/file_watch.rb +54 -0
- data/lib/em/future.rb +61 -0
- data/lib/em/iterator.rb +270 -0
- data/lib/em/messages.rb +66 -0
- data/lib/em/process_watch.rb +44 -0
- data/lib/em/processes.rb +119 -0
- data/lib/em/protocols.rb +36 -0
- data/lib/em/protocols/header_and_content.rb +138 -0
- data/lib/em/protocols/httpclient.rb +268 -0
- data/lib/em/protocols/httpclient2.rb +590 -0
- data/lib/em/protocols/line_and_text.rb +125 -0
- data/lib/em/protocols/line_protocol.rb +28 -0
- data/lib/em/protocols/linetext2.rb +161 -0
- data/lib/em/protocols/memcache.rb +323 -0
- data/lib/em/protocols/object_protocol.rb +45 -0
- data/lib/em/protocols/postgres3.rb +247 -0
- data/lib/em/protocols/saslauth.rb +175 -0
- data/lib/em/protocols/smtpclient.rb +357 -0
- data/lib/em/protocols/smtpserver.rb +640 -0
- data/lib/em/protocols/socks4.rb +66 -0
- data/lib/em/protocols/stomp.rb +200 -0
- data/lib/em/protocols/tcptest.rb +53 -0
- data/lib/em/pure_ruby.rb +1013 -0
- data/lib/em/queue.rb +62 -0
- data/lib/em/spawnable.rb +85 -0
- data/lib/em/streamer.rb +130 -0
- data/lib/em/tick_loop.rb +85 -0
- data/lib/em/timers.rb +57 -0
- data/lib/em/version.rb +3 -0
- data/lib/eventmachine.rb +1548 -0
- data/lib/jeventmachine.rb +258 -0
- data/lib/rubyeventmachine.rb +2 -0
- data/setup.rb +1585 -0
- data/tasks/cpp.rake_example +77 -0
- data/tasks/doc.rake +30 -0
- data/tasks/package.rake +85 -0
- data/tasks/test.rake +6 -0
- data/tests/client.crt +31 -0
- data/tests/client.key +51 -0
- data/tests/test_attach.rb +136 -0
- data/tests/test_basic.rb +249 -0
- data/tests/test_channel.rb +64 -0
- data/tests/test_connection_count.rb +35 -0
- data/tests/test_defer.rb +49 -0
- data/tests/test_deferrable.rb +35 -0
- data/tests/test_epoll.rb +160 -0
- data/tests/test_error_handler.rb +35 -0
- data/tests/test_errors.rb +82 -0
- data/tests/test_exc.rb +55 -0
- data/tests/test_file_watch.rb +49 -0
- data/tests/test_futures.rb +198 -0
- data/tests/test_get_sock_opt.rb +30 -0
- data/tests/test_handler_check.rb +37 -0
- data/tests/test_hc.rb +190 -0
- data/tests/test_httpclient.rb +227 -0
- data/tests/test_httpclient2.rb +154 -0
- data/tests/test_inactivity_timeout.rb +50 -0
- data/tests/test_kb.rb +60 -0
- data/tests/test_ltp.rb +190 -0
- data/tests/test_ltp2.rb +317 -0
- data/tests/test_next_tick.rb +133 -0
- data/tests/test_object_protocol.rb +37 -0
- data/tests/test_pause.rb +70 -0
- data/tests/test_pending_connect_timeout.rb +48 -0
- data/tests/test_process_watch.rb +50 -0
- data/tests/test_processes.rb +128 -0
- data/tests/test_proxy_connection.rb +144 -0
- data/tests/test_pure.rb +134 -0
- data/tests/test_queue.rb +44 -0
- data/tests/test_running.rb +42 -0
- data/tests/test_sasl.rb +72 -0
- data/tests/test_send_file.rb +251 -0
- data/tests/test_servers.rb +76 -0
- data/tests/test_smtpclient.rb +83 -0
- data/tests/test_smtpserver.rb +85 -0
- data/tests/test_spawn.rb +322 -0
- data/tests/test_ssl_args.rb +79 -0
- data/tests/test_ssl_methods.rb +50 -0
- data/tests/test_ssl_verify.rb +82 -0
- data/tests/test_tick_loop.rb +59 -0
- data/tests/test_timers.rb +160 -0
- data/tests/test_ud.rb +36 -0
- data/tests/testem.rb +31 -0
- metadata +240 -0
data/ext/ssl.cpp
ADDED
@@ -0,0 +1,460 @@
|
|
1
|
+
/*****************************************************************************
|
2
|
+
|
3
|
+
$Id$
|
4
|
+
|
5
|
+
File: ssl.cpp
|
6
|
+
Date: 30Apr06
|
7
|
+
|
8
|
+
Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
|
9
|
+
Gmail: blackhedd
|
10
|
+
|
11
|
+
This program is free software; you can redistribute it and/or modify
|
12
|
+
it under the terms of either: 1) the GNU General Public License
|
13
|
+
as published by the Free Software Foundation; either version 2 of the
|
14
|
+
License, or (at your option) any later version; or 2) Ruby's License.
|
15
|
+
|
16
|
+
See the file COPYING for complete licensing information.
|
17
|
+
|
18
|
+
*****************************************************************************/
|
19
|
+
|
20
|
+
|
21
|
+
#ifdef WITH_SSL
|
22
|
+
|
23
|
+
#include "project.h"
|
24
|
+
|
25
|
+
|
26
|
+
bool SslContext_t::bLibraryInitialized = false;
|
27
|
+
|
28
|
+
|
29
|
+
|
30
|
+
static void InitializeDefaultCredentials();
|
31
|
+
static EVP_PKEY *DefaultPrivateKey = NULL;
|
32
|
+
static X509 *DefaultCertificate = NULL;
|
33
|
+
|
34
|
+
static char PrivateMaterials[] = {
|
35
|
+
"-----BEGIN RSA PRIVATE KEY-----\n"
|
36
|
+
"MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
|
37
|
+
"Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
|
38
|
+
"AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
|
39
|
+
"AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
|
40
|
+
"H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
|
41
|
+
"I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
|
42
|
+
"6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
|
43
|
+
"w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
|
44
|
+
"PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
|
45
|
+
"xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
|
46
|
+
"xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
|
47
|
+
"dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
|
48
|
+
"2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
|
49
|
+
"-----END RSA PRIVATE KEY-----\n"
|
50
|
+
"-----BEGIN CERTIFICATE-----\n"
|
51
|
+
"MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
|
52
|
+
"VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
|
53
|
+
"FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
|
54
|
+
"A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
|
55
|
+
"ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
|
56
|
+
"NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
|
57
|
+
"EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
|
58
|
+
"aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
|
59
|
+
"hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
|
60
|
+
"AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
|
61
|
+
"VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
|
62
|
+
"9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
|
63
|
+
"AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
|
64
|
+
"HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
|
65
|
+
"EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
|
66
|
+
"VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
|
67
|
+
"AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
|
68
|
+
"aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
|
69
|
+
"SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
|
70
|
+
"Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
|
71
|
+
"uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
|
72
|
+
"-----END CERTIFICATE-----\n"};
|
73
|
+
|
74
|
+
/* These private materials were made with:
|
75
|
+
* openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
|
76
|
+
* TODO: We need a full-blown capability to work with user-supplied
|
77
|
+
* keypairs and properly-signed certificates.
|
78
|
+
*/
|
79
|
+
|
80
|
+
|
81
|
+
/*****************
|
82
|
+
builtin_passwd_cb
|
83
|
+
*****************/
|
84
|
+
|
85
|
+
extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
|
86
|
+
{
|
87
|
+
strcpy (buf, "kittycat");
|
88
|
+
return 8;
|
89
|
+
}
|
90
|
+
|
91
|
+
/****************************
|
92
|
+
InitializeDefaultCredentials
|
93
|
+
****************************/
|
94
|
+
|
95
|
+
static void InitializeDefaultCredentials()
|
96
|
+
{
|
97
|
+
BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
|
98
|
+
assert (bio);
|
99
|
+
|
100
|
+
if (DefaultPrivateKey) {
|
101
|
+
// we may come here in a restart.
|
102
|
+
EVP_PKEY_free (DefaultPrivateKey);
|
103
|
+
DefaultPrivateKey = NULL;
|
104
|
+
}
|
105
|
+
PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
|
106
|
+
|
107
|
+
if (DefaultCertificate) {
|
108
|
+
// we may come here in a restart.
|
109
|
+
X509_free (DefaultCertificate);
|
110
|
+
DefaultCertificate = NULL;
|
111
|
+
}
|
112
|
+
PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
|
113
|
+
|
114
|
+
BIO_free (bio);
|
115
|
+
}
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
/**************************
|
120
|
+
SslContext_t::SslContext_t
|
121
|
+
**************************/
|
122
|
+
|
123
|
+
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
|
124
|
+
pCtx (NULL),
|
125
|
+
PrivateKey (NULL),
|
126
|
+
Certificate (NULL)
|
127
|
+
{
|
128
|
+
/* TODO: the usage of the specified private-key and cert-chain filenames only applies to
|
129
|
+
* client-side connections at this point. Server connections currently use the default materials.
|
130
|
+
* That needs to be fixed asap.
|
131
|
+
* Also, in this implementation, server-side connections use statically defined X-509 defaults.
|
132
|
+
* One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
|
133
|
+
* objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
|
134
|
+
*/
|
135
|
+
|
136
|
+
if (!bLibraryInitialized) {
|
137
|
+
bLibraryInitialized = true;
|
138
|
+
SSL_library_init();
|
139
|
+
OpenSSL_add_ssl_algorithms();
|
140
|
+
OpenSSL_add_all_algorithms();
|
141
|
+
SSL_load_error_strings();
|
142
|
+
ERR_load_crypto_strings();
|
143
|
+
|
144
|
+
InitializeDefaultCredentials();
|
145
|
+
}
|
146
|
+
|
147
|
+
bIsServer = is_server;
|
148
|
+
pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
|
149
|
+
if (!pCtx)
|
150
|
+
throw std::runtime_error ("no SSL context");
|
151
|
+
|
152
|
+
SSL_CTX_set_options (pCtx, SSL_OP_ALL);
|
153
|
+
//SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
|
154
|
+
|
155
|
+
if (is_server) {
|
156
|
+
// The SSL_CTX calls here do NOT allocate memory.
|
157
|
+
int e;
|
158
|
+
if (privkeyfile.length() > 0)
|
159
|
+
e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
|
160
|
+
else
|
161
|
+
e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
|
162
|
+
assert (e > 0);
|
163
|
+
if (certchainfile.length() > 0)
|
164
|
+
e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
|
165
|
+
else
|
166
|
+
e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
|
167
|
+
assert (e > 0);
|
168
|
+
}
|
169
|
+
|
170
|
+
SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
|
171
|
+
|
172
|
+
if (is_server) {
|
173
|
+
SSL_CTX_sess_set_cache_size (pCtx, 128);
|
174
|
+
SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
|
175
|
+
}
|
176
|
+
else {
|
177
|
+
int e;
|
178
|
+
if (privkeyfile.length() > 0) {
|
179
|
+
e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
|
180
|
+
assert (e > 0);
|
181
|
+
}
|
182
|
+
if (certchainfile.length() > 0) {
|
183
|
+
e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
|
184
|
+
assert (e > 0);
|
185
|
+
}
|
186
|
+
}
|
187
|
+
}
|
188
|
+
|
189
|
+
|
190
|
+
|
191
|
+
/***************************
|
192
|
+
SslContext_t::~SslContext_t
|
193
|
+
***************************/
|
194
|
+
|
195
|
+
SslContext_t::~SslContext_t()
|
196
|
+
{
|
197
|
+
if (pCtx)
|
198
|
+
SSL_CTX_free (pCtx);
|
199
|
+
if (PrivateKey)
|
200
|
+
EVP_PKEY_free (PrivateKey);
|
201
|
+
if (Certificate)
|
202
|
+
X509_free (Certificate);
|
203
|
+
}
|
204
|
+
|
205
|
+
|
206
|
+
|
207
|
+
/******************
|
208
|
+
SslBox_t::SslBox_t
|
209
|
+
******************/
|
210
|
+
|
211
|
+
SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
|
212
|
+
bIsServer (is_server),
|
213
|
+
bHandshakeCompleted (false),
|
214
|
+
bVerifyPeer (verify_peer),
|
215
|
+
pSSL (NULL),
|
216
|
+
pbioRead (NULL),
|
217
|
+
pbioWrite (NULL)
|
218
|
+
{
|
219
|
+
/* TODO someday: make it possible to re-use SSL contexts so we don't have to create
|
220
|
+
* a new one every time we come here.
|
221
|
+
*/
|
222
|
+
|
223
|
+
Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
|
224
|
+
assert (Context);
|
225
|
+
|
226
|
+
pbioRead = BIO_new (BIO_s_mem());
|
227
|
+
assert (pbioRead);
|
228
|
+
|
229
|
+
pbioWrite = BIO_new (BIO_s_mem());
|
230
|
+
assert (pbioWrite);
|
231
|
+
|
232
|
+
pSSL = SSL_new (Context->pCtx);
|
233
|
+
assert (pSSL);
|
234
|
+
SSL_set_bio (pSSL, pbioRead, pbioWrite);
|
235
|
+
|
236
|
+
// Store a pointer to the binding signature in the SSL object so we can retrieve it later
|
237
|
+
SSL_set_ex_data(pSSL, 0, (void*) binding);
|
238
|
+
|
239
|
+
if (bVerifyPeer)
|
240
|
+
SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
|
241
|
+
|
242
|
+
if (!bIsServer)
|
243
|
+
SSL_connect (pSSL);
|
244
|
+
}
|
245
|
+
|
246
|
+
|
247
|
+
|
248
|
+
/*******************
|
249
|
+
SslBox_t::~SslBox_t
|
250
|
+
*******************/
|
251
|
+
|
252
|
+
SslBox_t::~SslBox_t()
|
253
|
+
{
|
254
|
+
// Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
|
255
|
+
if (pSSL) {
|
256
|
+
if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
|
257
|
+
SSL_shutdown (pSSL);
|
258
|
+
else
|
259
|
+
SSL_clear (pSSL);
|
260
|
+
SSL_free (pSSL);
|
261
|
+
}
|
262
|
+
|
263
|
+
delete Context;
|
264
|
+
}
|
265
|
+
|
266
|
+
|
267
|
+
|
268
|
+
/***********************
|
269
|
+
SslBox_t::PutCiphertext
|
270
|
+
***********************/
|
271
|
+
|
272
|
+
bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
|
273
|
+
{
|
274
|
+
assert (buf && (bufsize > 0));
|
275
|
+
|
276
|
+
assert (pbioRead);
|
277
|
+
int n = BIO_write (pbioRead, buf, bufsize);
|
278
|
+
|
279
|
+
return (n == bufsize) ? true : false;
|
280
|
+
}
|
281
|
+
|
282
|
+
|
283
|
+
/**********************
|
284
|
+
SslBox_t::GetPlaintext
|
285
|
+
**********************/
|
286
|
+
|
287
|
+
int SslBox_t::GetPlaintext (char *buf, int bufsize)
|
288
|
+
{
|
289
|
+
if (!SSL_is_init_finished (pSSL)) {
|
290
|
+
int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
|
291
|
+
if (e < 0) {
|
292
|
+
int er = SSL_get_error (pSSL, e);
|
293
|
+
if (er != SSL_ERROR_WANT_READ) {
|
294
|
+
// Return -1 for a nonfatal error, -2 for an error that should force the connection down.
|
295
|
+
return (er == SSL_ERROR_SSL) ? (-2) : (-1);
|
296
|
+
}
|
297
|
+
else
|
298
|
+
return 0;
|
299
|
+
}
|
300
|
+
bHandshakeCompleted = true;
|
301
|
+
// If handshake finished, FALL THROUGH and return the available plaintext.
|
302
|
+
}
|
303
|
+
|
304
|
+
if (!SSL_is_init_finished (pSSL)) {
|
305
|
+
// We can get here if a browser abandons a handshake.
|
306
|
+
// The user can see a warning dialog and abort the connection.
|
307
|
+
cerr << "<SSL_incomp>";
|
308
|
+
return 0;
|
309
|
+
}
|
310
|
+
|
311
|
+
//cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
|
312
|
+
|
313
|
+
int n = SSL_read (pSSL, buf, bufsize);
|
314
|
+
if (n >= 0) {
|
315
|
+
return n;
|
316
|
+
}
|
317
|
+
else {
|
318
|
+
if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
|
319
|
+
return 0;
|
320
|
+
}
|
321
|
+
else {
|
322
|
+
return -1;
|
323
|
+
}
|
324
|
+
}
|
325
|
+
|
326
|
+
return 0;
|
327
|
+
}
|
328
|
+
|
329
|
+
|
330
|
+
|
331
|
+
/**************************
|
332
|
+
SslBox_t::CanGetCiphertext
|
333
|
+
**************************/
|
334
|
+
|
335
|
+
bool SslBox_t::CanGetCiphertext()
|
336
|
+
{
|
337
|
+
assert (pbioWrite);
|
338
|
+
return BIO_pending (pbioWrite) ? true : false;
|
339
|
+
}
|
340
|
+
|
341
|
+
|
342
|
+
|
343
|
+
/***********************
|
344
|
+
SslBox_t::GetCiphertext
|
345
|
+
***********************/
|
346
|
+
|
347
|
+
int SslBox_t::GetCiphertext (char *buf, int bufsize)
|
348
|
+
{
|
349
|
+
assert (pbioWrite);
|
350
|
+
assert (buf && (bufsize > 0));
|
351
|
+
|
352
|
+
return BIO_read (pbioWrite, buf, bufsize);
|
353
|
+
}
|
354
|
+
|
355
|
+
|
356
|
+
|
357
|
+
/**********************
|
358
|
+
SslBox_t::PutPlaintext
|
359
|
+
**********************/
|
360
|
+
|
361
|
+
int SslBox_t::PutPlaintext (const char *buf, int bufsize)
|
362
|
+
{
|
363
|
+
// The caller will interpret the return value as the number of bytes written.
|
364
|
+
// WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
|
365
|
+
// from SSL_write means we should immediately retry? The socket-machine loop
|
366
|
+
// will probably wait for a time-out cycle (perhaps a second) before re-trying.
|
367
|
+
// THIS WOULD CAUSE A PERCEPTIBLE DELAY!
|
368
|
+
|
369
|
+
/* We internally queue any outbound plaintext that can't be dispatched
|
370
|
+
* because we're in the middle of a handshake or something.
|
371
|
+
* When we get called, try to send any queued data first, and then
|
372
|
+
* send the caller's data (or queue it). We may get called with no outbound
|
373
|
+
* data, which means we try to send the outbound queue and that's all.
|
374
|
+
*
|
375
|
+
* Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
|
376
|
+
* Note that if we return 0, the connection is still considered live
|
377
|
+
* and we are signalling that we have accepted the outbound data (if any).
|
378
|
+
*/
|
379
|
+
|
380
|
+
OutboundQ.Push (buf, bufsize);
|
381
|
+
|
382
|
+
if (!SSL_is_init_finished (pSSL))
|
383
|
+
return 0;
|
384
|
+
|
385
|
+
bool fatal = false;
|
386
|
+
bool did_work = false;
|
387
|
+
|
388
|
+
while (OutboundQ.HasPages()) {
|
389
|
+
const char *page;
|
390
|
+
int length;
|
391
|
+
OutboundQ.Front (&page, &length);
|
392
|
+
assert (page && (length > 0));
|
393
|
+
int n = SSL_write (pSSL, page, length);
|
394
|
+
if (n > 0) {
|
395
|
+
did_work = true;
|
396
|
+
OutboundQ.PopFront();
|
397
|
+
}
|
398
|
+
else {
|
399
|
+
int er = SSL_get_error (pSSL, n);
|
400
|
+
if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
|
401
|
+
fatal = true;
|
402
|
+
break;
|
403
|
+
}
|
404
|
+
}
|
405
|
+
|
406
|
+
|
407
|
+
if (did_work)
|
408
|
+
return 1;
|
409
|
+
else if (fatal)
|
410
|
+
return -1;
|
411
|
+
else
|
412
|
+
return 0;
|
413
|
+
}
|
414
|
+
|
415
|
+
/**********************
|
416
|
+
SslBox_t::GetPeerCert
|
417
|
+
**********************/
|
418
|
+
|
419
|
+
X509 *SslBox_t::GetPeerCert()
|
420
|
+
{
|
421
|
+
X509 *cert = NULL;
|
422
|
+
|
423
|
+
if (pSSL)
|
424
|
+
cert = SSL_get_peer_certificate(pSSL);
|
425
|
+
|
426
|
+
return cert;
|
427
|
+
}
|
428
|
+
|
429
|
+
|
430
|
+
/******************
|
431
|
+
ssl_verify_wrapper
|
432
|
+
*******************/
|
433
|
+
|
434
|
+
extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
|
435
|
+
{
|
436
|
+
unsigned long binding;
|
437
|
+
X509 *cert;
|
438
|
+
SSL *ssl;
|
439
|
+
BUF_MEM *buf;
|
440
|
+
BIO *out;
|
441
|
+
int result;
|
442
|
+
|
443
|
+
cert = X509_STORE_CTX_get_current_cert(ctx);
|
444
|
+
ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
|
445
|
+
binding = (unsigned long) SSL_get_ex_data(ssl, 0);
|
446
|
+
|
447
|
+
out = BIO_new(BIO_s_mem());
|
448
|
+
PEM_write_bio_X509(out, cert);
|
449
|
+
BIO_write(out, "\0", 1);
|
450
|
+
BIO_get_mem_ptr(out, &buf);
|
451
|
+
|
452
|
+
ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
|
453
|
+
result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
|
454
|
+
BUF_MEM_free(buf);
|
455
|
+
|
456
|
+
return result;
|
457
|
+
}
|
458
|
+
|
459
|
+
#endif // WITH_SSL
|
460
|
+
|