eventmachine 1.2.0.dev.2-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (181) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +105 -0
  3. data/GNU +281 -0
  4. data/LICENSE +60 -0
  5. data/README.md +108 -0
  6. data/docs/DocumentationGuidesIndex.md +27 -0
  7. data/docs/GettingStarted.md +521 -0
  8. data/docs/old/ChangeLog +211 -0
  9. data/docs/old/DEFERRABLES +246 -0
  10. data/docs/old/EPOLL +141 -0
  11. data/docs/old/INSTALL +13 -0
  12. data/docs/old/KEYBOARD +42 -0
  13. data/docs/old/LEGAL +25 -0
  14. data/docs/old/LIGHTWEIGHT_CONCURRENCY +130 -0
  15. data/docs/old/PURE_RUBY +75 -0
  16. data/docs/old/RELEASE_NOTES +94 -0
  17. data/docs/old/SMTP +4 -0
  18. data/docs/old/SPAWNED_PROCESSES +148 -0
  19. data/docs/old/TODO +8 -0
  20. data/examples/guides/getting_started/01_eventmachine_echo_server.rb +18 -0
  21. data/examples/guides/getting_started/02_eventmachine_echo_server_that_recognizes_exit_command.rb +22 -0
  22. data/examples/guides/getting_started/03_simple_chat_server.rb +149 -0
  23. data/examples/guides/getting_started/04_simple_chat_server_step_one.rb +27 -0
  24. data/examples/guides/getting_started/05_simple_chat_server_step_two.rb +43 -0
  25. data/examples/guides/getting_started/06_simple_chat_server_step_three.rb +98 -0
  26. data/examples/guides/getting_started/07_simple_chat_server_step_four.rb +121 -0
  27. data/examples/guides/getting_started/08_simple_chat_server_step_five.rb +141 -0
  28. data/examples/old/ex_channel.rb +43 -0
  29. data/examples/old/ex_queue.rb +2 -0
  30. data/examples/old/ex_tick_loop_array.rb +15 -0
  31. data/examples/old/ex_tick_loop_counter.rb +32 -0
  32. data/examples/old/helper.rb +2 -0
  33. data/ext/binder.cpp +124 -0
  34. data/ext/binder.h +46 -0
  35. data/ext/cmain.cpp +988 -0
  36. data/ext/ed.cpp +2111 -0
  37. data/ext/ed.h +442 -0
  38. data/ext/em.cpp +2379 -0
  39. data/ext/em.h +308 -0
  40. data/ext/eventmachine.h +143 -0
  41. data/ext/extconf.rb +270 -0
  42. data/ext/fastfilereader/extconf.rb +110 -0
  43. data/ext/fastfilereader/mapper.cpp +216 -0
  44. data/ext/fastfilereader/mapper.h +59 -0
  45. data/ext/fastfilereader/rubymain.cpp +127 -0
  46. data/ext/kb.cpp +79 -0
  47. data/ext/page.cpp +107 -0
  48. data/ext/page.h +51 -0
  49. data/ext/pipe.cpp +354 -0
  50. data/ext/project.h +176 -0
  51. data/ext/rubymain.cpp +1504 -0
  52. data/ext/ssl.cpp +615 -0
  53. data/ext/ssl.h +103 -0
  54. data/java/.classpath +8 -0
  55. data/java/.project +17 -0
  56. data/java/src/com/rubyeventmachine/EmReactor.java +591 -0
  57. data/java/src/com/rubyeventmachine/EmReactorException.java +40 -0
  58. data/java/src/com/rubyeventmachine/EventableChannel.java +72 -0
  59. data/java/src/com/rubyeventmachine/EventableDatagramChannel.java +201 -0
  60. data/java/src/com/rubyeventmachine/EventableSocketChannel.java +415 -0
  61. data/lib/2.0/fastfilereaderext.so +0 -0
  62. data/lib/2.0/rubyeventmachine.so +0 -0
  63. data/lib/2.1/fastfilereaderext.so +0 -0
  64. data/lib/2.1/rubyeventmachine.so +0 -0
  65. data/lib/2.2/fastfilereaderext.so +0 -0
  66. data/lib/2.2/rubyeventmachine.so +0 -0
  67. data/lib/2.3/fastfilereaderext.so +0 -0
  68. data/lib/2.3/rubyeventmachine.so +0 -0
  69. data/lib/em/buftok.rb +59 -0
  70. data/lib/em/callback.rb +58 -0
  71. data/lib/em/channel.rb +69 -0
  72. data/lib/em/completion.rb +304 -0
  73. data/lib/em/connection.rb +770 -0
  74. data/lib/em/deferrable.rb +210 -0
  75. data/lib/em/deferrable/pool.rb +2 -0
  76. data/lib/em/file_watch.rb +73 -0
  77. data/lib/em/future.rb +61 -0
  78. data/lib/em/iterator.rb +252 -0
  79. data/lib/em/messages.rb +66 -0
  80. data/lib/em/pool.rb +151 -0
  81. data/lib/em/process_watch.rb +45 -0
  82. data/lib/em/processes.rb +123 -0
  83. data/lib/em/protocols.rb +37 -0
  84. data/lib/em/protocols/header_and_content.rb +138 -0
  85. data/lib/em/protocols/httpclient.rb +299 -0
  86. data/lib/em/protocols/httpclient2.rb +600 -0
  87. data/lib/em/protocols/line_and_text.rb +125 -0
  88. data/lib/em/protocols/line_protocol.rb +29 -0
  89. data/lib/em/protocols/linetext2.rb +166 -0
  90. data/lib/em/protocols/memcache.rb +331 -0
  91. data/lib/em/protocols/object_protocol.rb +46 -0
  92. data/lib/em/protocols/postgres3.rb +246 -0
  93. data/lib/em/protocols/saslauth.rb +175 -0
  94. data/lib/em/protocols/smtpclient.rb +394 -0
  95. data/lib/em/protocols/smtpserver.rb +666 -0
  96. data/lib/em/protocols/socks4.rb +66 -0
  97. data/lib/em/protocols/stomp.rb +205 -0
  98. data/lib/em/protocols/tcptest.rb +54 -0
  99. data/lib/em/pure_ruby.rb +1022 -0
  100. data/lib/em/queue.rb +80 -0
  101. data/lib/em/resolver.rb +232 -0
  102. data/lib/em/spawnable.rb +84 -0
  103. data/lib/em/streamer.rb +118 -0
  104. data/lib/em/threaded_resource.rb +90 -0
  105. data/lib/em/tick_loop.rb +85 -0
  106. data/lib/em/timers.rb +61 -0
  107. data/lib/em/version.rb +3 -0
  108. data/lib/eventmachine.rb +1584 -0
  109. data/lib/fastfilereaderext.rb +2 -0
  110. data/lib/jeventmachine.rb +301 -0
  111. data/lib/rubyeventmachine.rb +2 -0
  112. data/rakelib/package.rake +120 -0
  113. data/rakelib/test.rake +8 -0
  114. data/tests/client.crt +31 -0
  115. data/tests/client.key +51 -0
  116. data/tests/dhparam.pem +13 -0
  117. data/tests/em_test_helper.rb +151 -0
  118. data/tests/test_attach.rb +151 -0
  119. data/tests/test_basic.rb +283 -0
  120. data/tests/test_channel.rb +75 -0
  121. data/tests/test_completion.rb +178 -0
  122. data/tests/test_connection_count.rb +54 -0
  123. data/tests/test_connection_write.rb +35 -0
  124. data/tests/test_defer.rb +35 -0
  125. data/tests/test_deferrable.rb +35 -0
  126. data/tests/test_epoll.rb +142 -0
  127. data/tests/test_error_handler.rb +38 -0
  128. data/tests/test_exc.rb +28 -0
  129. data/tests/test_file_watch.rb +66 -0
  130. data/tests/test_fork.rb +75 -0
  131. data/tests/test_futures.rb +170 -0
  132. data/tests/test_get_sock_opt.rb +37 -0
  133. data/tests/test_handler_check.rb +35 -0
  134. data/tests/test_hc.rb +155 -0
  135. data/tests/test_httpclient.rb +233 -0
  136. data/tests/test_httpclient2.rb +128 -0
  137. data/tests/test_idle_connection.rb +25 -0
  138. data/tests/test_inactivity_timeout.rb +54 -0
  139. data/tests/test_ipv4.rb +125 -0
  140. data/tests/test_ipv6.rb +131 -0
  141. data/tests/test_iterator.rb +115 -0
  142. data/tests/test_kb.rb +28 -0
  143. data/tests/test_line_protocol.rb +33 -0
  144. data/tests/test_ltp.rb +138 -0
  145. data/tests/test_ltp2.rb +308 -0
  146. data/tests/test_many_fds.rb +22 -0
  147. data/tests/test_next_tick.rb +104 -0
  148. data/tests/test_object_protocol.rb +36 -0
  149. data/tests/test_pause.rb +107 -0
  150. data/tests/test_pending_connect_timeout.rb +52 -0
  151. data/tests/test_pool.rb +196 -0
  152. data/tests/test_process_watch.rb +50 -0
  153. data/tests/test_processes.rb +128 -0
  154. data/tests/test_proxy_connection.rb +180 -0
  155. data/tests/test_pure.rb +88 -0
  156. data/tests/test_queue.rb +64 -0
  157. data/tests/test_resolver.rb +104 -0
  158. data/tests/test_running.rb +14 -0
  159. data/tests/test_sasl.rb +47 -0
  160. data/tests/test_send_file.rb +217 -0
  161. data/tests/test_servers.rb +33 -0
  162. data/tests/test_set_sock_opt.rb +39 -0
  163. data/tests/test_shutdown_hooks.rb +23 -0
  164. data/tests/test_smtpclient.rb +75 -0
  165. data/tests/test_smtpserver.rb +57 -0
  166. data/tests/test_spawn.rb +293 -0
  167. data/tests/test_ssl_args.rb +78 -0
  168. data/tests/test_ssl_dhparam.rb +83 -0
  169. data/tests/test_ssl_ecdh_curve.rb +79 -0
  170. data/tests/test_ssl_extensions.rb +49 -0
  171. data/tests/test_ssl_methods.rb +65 -0
  172. data/tests/test_ssl_protocols.rb +246 -0
  173. data/tests/test_ssl_verify.rb +126 -0
  174. data/tests/test_stomp.rb +37 -0
  175. data/tests/test_system.rb +46 -0
  176. data/tests/test_threaded_resource.rb +61 -0
  177. data/tests/test_tick_loop.rb +59 -0
  178. data/tests/test_timers.rb +123 -0
  179. data/tests/test_ud.rb +8 -0
  180. data/tests/test_unbind_reason.rb +52 -0
  181. metadata +381 -0
@@ -0,0 +1,615 @@
1
+ /*****************************************************************************
2
+
3
+ $Id$
4
+
5
+ File: ssl.cpp
6
+ Date: 30Apr06
7
+
8
+ Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
9
+ Gmail: blackhedd
10
+
11
+ This program is free software; you can redistribute it and/or modify
12
+ it under the terms of either: 1) the GNU General Public License
13
+ as published by the Free Software Foundation; either version 2 of the
14
+ License, or (at your option) any later version; or 2) Ruby's License.
15
+
16
+ See the file COPYING for complete licensing information.
17
+
18
+ *****************************************************************************/
19
+
20
+
21
+ #ifdef WITH_SSL
22
+
23
+ #include "project.h"
24
+
25
+
26
+ bool SslContext_t::bLibraryInitialized = false;
27
+
28
+
29
+
30
+ static void InitializeDefaultCredentials();
31
+ static EVP_PKEY *DefaultPrivateKey = NULL;
32
+ static X509 *DefaultCertificate = NULL;
33
+
34
+ static char PrivateMaterials[] = {
35
+ "-----BEGIN RSA PRIVATE KEY-----\n"
36
+ "MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
37
+ "Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
38
+ "AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
39
+ "AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
40
+ "H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
41
+ "I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
42
+ "6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
43
+ "w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
44
+ "PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
45
+ "xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
46
+ "xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
47
+ "dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
48
+ "2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
49
+ "-----END RSA PRIVATE KEY-----\n"
50
+ "-----BEGIN CERTIFICATE-----\n"
51
+ "MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
52
+ "VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
53
+ "FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
54
+ "A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
55
+ "ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
56
+ "NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
57
+ "EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
58
+ "aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
59
+ "hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
60
+ "AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
61
+ "VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
62
+ "9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
63
+ "AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
64
+ "HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
65
+ "EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
66
+ "VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
67
+ "AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
68
+ "aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
69
+ "SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
70
+ "Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
71
+ "uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
72
+ "-----END CERTIFICATE-----\n"};
73
+
74
+ /* These private materials were made with:
75
+ * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
76
+ * TODO: We need a full-blown capability to work with user-supplied
77
+ * keypairs and properly-signed certificates.
78
+ */
79
+
80
+
81
+ /*****************
82
+ builtin_passwd_cb
83
+ *****************/
84
+
85
+ extern "C" int builtin_passwd_cb (char *buf UNUSED, int bufsize UNUSED, int rwflag UNUSED, void *userdata UNUSED)
86
+ {
87
+ strcpy (buf, "kittycat");
88
+ return 8;
89
+ }
90
+
91
+ /****************************
92
+ InitializeDefaultCredentials
93
+ ****************************/
94
+
95
+ static void InitializeDefaultCredentials()
96
+ {
97
+ BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
98
+ assert (bio);
99
+
100
+ if (DefaultPrivateKey) {
101
+ // we may come here in a restart.
102
+ EVP_PKEY_free (DefaultPrivateKey);
103
+ DefaultPrivateKey = NULL;
104
+ }
105
+ PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
106
+
107
+ if (DefaultCertificate) {
108
+ // we may come here in a restart.
109
+ X509_free (DefaultCertificate);
110
+ DefaultCertificate = NULL;
111
+ }
112
+ PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
113
+
114
+ BIO_free (bio);
115
+ }
116
+
117
+
118
+
119
+ /**************************
120
+ SslContext_t::SslContext_t
121
+ **************************/
122
+
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, const string &cipherlist, const string &ecdh_curve, const string &dhparam, int ssl_version) :
124
+ bIsServer (is_server),
125
+ pCtx (NULL),
126
+ PrivateKey (NULL),
127
+ Certificate (NULL)
128
+ {
129
+ /* TODO: the usage of the specified private-key and cert-chain filenames only applies to
130
+ * client-side connections at this point. Server connections currently use the default materials.
131
+ * That needs to be fixed asap.
132
+ * Also, in this implementation, server-side connections use statically defined X-509 defaults.
133
+ * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
134
+ * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
135
+ */
136
+
137
+ if (!bLibraryInitialized) {
138
+ bLibraryInitialized = true;
139
+ SSL_library_init();
140
+ OpenSSL_add_ssl_algorithms();
141
+ OpenSSL_add_all_algorithms();
142
+ SSL_load_error_strings();
143
+ ERR_load_crypto_strings();
144
+
145
+ InitializeDefaultCredentials();
146
+ }
147
+
148
+ pCtx = SSL_CTX_new (bIsServer ? SSLv23_server_method() : SSLv23_client_method());
149
+ if (!pCtx)
150
+ throw std::runtime_error ("no SSL context");
151
+
152
+ SSL_CTX_set_options (pCtx, SSL_OP_ALL);
153
+
154
+ #ifdef SSL_CTRL_CLEAR_OPTIONS
155
+ SSL_CTX_clear_options (pCtx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
156
+ # ifdef SSL_OP_NO_TLSv1_1
157
+ SSL_CTX_clear_options (pCtx, SSL_OP_NO_TLSv1_1);
158
+ # endif
159
+ # ifdef SSL_OP_NO_TLSv1_2
160
+ SSL_CTX_clear_options (pCtx, SSL_OP_NO_TLSv1_2);
161
+ # endif
162
+ #endif
163
+
164
+ if (!(ssl_version & EM_PROTO_SSLv2))
165
+ SSL_CTX_set_options (pCtx, SSL_OP_NO_SSLv2);
166
+
167
+ if (!(ssl_version & EM_PROTO_SSLv3))
168
+ SSL_CTX_set_options (pCtx, SSL_OP_NO_SSLv3);
169
+
170
+ if (!(ssl_version & EM_PROTO_TLSv1))
171
+ SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1);
172
+
173
+ #ifdef SSL_OP_NO_TLSv1_1
174
+ if (!(ssl_version & EM_PROTO_TLSv1_1))
175
+ SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_1);
176
+ #endif
177
+
178
+ #ifdef SSL_OP_NO_TLSv1_2
179
+ if (!(ssl_version & EM_PROTO_TLSv1_2))
180
+ SSL_CTX_set_options (pCtx, SSL_OP_NO_TLSv1_2);
181
+ #endif
182
+
183
+ #ifdef SSL_MODE_RELEASE_BUFFERS
184
+ SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
185
+ #endif
186
+
187
+ if (bIsServer) {
188
+
189
+ // The SSL_CTX calls here do NOT allocate memory.
190
+ int e;
191
+ if (privkeyfile.length() > 0)
192
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
193
+ else
194
+ e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
195
+ if (e <= 0) ERR_print_errors_fp(stderr);
196
+ assert (e > 0);
197
+
198
+ if (certchainfile.length() > 0)
199
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
200
+ else
201
+ e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
202
+ if (e <= 0) ERR_print_errors_fp(stderr);
203
+ assert (e > 0);
204
+
205
+ if (dhparam.length() > 0) {
206
+ DH *dh;
207
+ BIO *bio;
208
+
209
+ bio = BIO_new_file(dhparam.c_str(), "r");
210
+ if (bio == NULL) {
211
+ char buf [500];
212
+ snprintf (buf, sizeof(buf)-1, "dhparam: BIO_new_file(%s) failed", dhparam.c_str());
213
+ throw std::runtime_error (buf);
214
+ }
215
+
216
+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
217
+
218
+ if (dh == NULL) {
219
+ BIO_free(bio);
220
+ char buf [500];
221
+ snprintf (buf, sizeof(buf)-1, "dhparam: PEM_read_bio_DHparams(%s) failed", dhparam.c_str());
222
+ throw new std::runtime_error(buf);
223
+ }
224
+
225
+ SSL_CTX_set_tmp_dh(pCtx, dh);
226
+
227
+ DH_free(dh);
228
+ BIO_free(bio);
229
+ }
230
+
231
+ if (ecdh_curve.length() > 0) {
232
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL && !defined(OPENSSL_NO_ECDH)
233
+ int nid;
234
+ EC_KEY *ecdh;
235
+
236
+ nid = OBJ_sn2nid((const char *) ecdh_curve.c_str());
237
+ if (nid == 0) {
238
+ char buf [200];
239
+ snprintf (buf, sizeof(buf)-1, "ecdh_curve: Unknown curve name: %s", ecdh_curve.c_str());
240
+ throw std::runtime_error (buf);
241
+ }
242
+
243
+ ecdh = EC_KEY_new_by_curve_name(nid);
244
+ if (ecdh == NULL) {
245
+ char buf [200];
246
+ snprintf (buf, sizeof(buf)-1, "ecdh_curve: Unable to create: %s", ecdh_curve.c_str());
247
+ throw std::runtime_error (buf);
248
+ }
249
+
250
+ SSL_CTX_set_options(pCtx, SSL_OP_SINGLE_ECDH_USE);
251
+
252
+ SSL_CTX_set_tmp_ecdh(pCtx, ecdh);
253
+
254
+ EC_KEY_free(ecdh);
255
+ #else
256
+ throw std::runtime_error ("No openssl ECDH support");
257
+ #endif
258
+ }
259
+ }
260
+
261
+ if (cipherlist.length() > 0)
262
+ SSL_CTX_set_cipher_list (pCtx, cipherlist.c_str());
263
+ else
264
+ SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
265
+
266
+ if (bIsServer) {
267
+ SSL_CTX_sess_set_cache_size (pCtx, 128);
268
+ SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
269
+ }
270
+ else {
271
+ int e;
272
+ if (privkeyfile.length() > 0) {
273
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
274
+ if (e <= 0) ERR_print_errors_fp(stderr);
275
+ assert (e > 0);
276
+ }
277
+ if (certchainfile.length() > 0) {
278
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
279
+ if (e <= 0) ERR_print_errors_fp(stderr);
280
+ assert (e > 0);
281
+ }
282
+ }
283
+ }
284
+
285
+
286
+
287
+ /***************************
288
+ SslContext_t::~SslContext_t
289
+ ***************************/
290
+
291
+ SslContext_t::~SslContext_t()
292
+ {
293
+ if (pCtx)
294
+ SSL_CTX_free (pCtx);
295
+ if (PrivateKey)
296
+ EVP_PKEY_free (PrivateKey);
297
+ if (Certificate)
298
+ X509_free (Certificate);
299
+ }
300
+
301
+
302
+
303
+ /******************
304
+ SslBox_t::SslBox_t
305
+ ******************/
306
+
307
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool fail_if_no_peer_cert, const string &snihostname, const string &cipherlist, const string &ecdh_curve, const string &dhparam, int ssl_version, const uintptr_t binding):
308
+ bIsServer (is_server),
309
+ bHandshakeCompleted (false),
310
+ bVerifyPeer (verify_peer),
311
+ bFailIfNoPeerCert (fail_if_no_peer_cert),
312
+ pSSL (NULL),
313
+ pbioRead (NULL),
314
+ pbioWrite (NULL)
315
+ {
316
+ /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
317
+ * a new one every time we come here.
318
+ */
319
+
320
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, cipherlist, ecdh_curve, dhparam, ssl_version);
321
+ assert (Context);
322
+
323
+ pbioRead = BIO_new (BIO_s_mem());
324
+ assert (pbioRead);
325
+
326
+ pbioWrite = BIO_new (BIO_s_mem());
327
+ assert (pbioWrite);
328
+
329
+ pSSL = SSL_new (Context->pCtx);
330
+ assert (pSSL);
331
+
332
+ if (snihostname.length() > 0) {
333
+ SSL_set_tlsext_host_name (pSSL, snihostname.c_str());
334
+ }
335
+
336
+ SSL_set_bio (pSSL, pbioRead, pbioWrite);
337
+
338
+ // Store a pointer to the binding signature in the SSL object so we can retrieve it later
339
+ SSL_set_ex_data(pSSL, 0, (void*) binding);
340
+
341
+ if (bVerifyPeer) {
342
+ int mode = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
343
+ if (bFailIfNoPeerCert)
344
+ mode = mode | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
345
+ SSL_set_verify(pSSL, mode, ssl_verify_wrapper);
346
+ }
347
+
348
+ if (!bIsServer)
349
+ SSL_connect (pSSL);
350
+ }
351
+
352
+
353
+
354
+ /*******************
355
+ SslBox_t::~SslBox_t
356
+ *******************/
357
+
358
+ SslBox_t::~SslBox_t()
359
+ {
360
+ // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
361
+ if (pSSL) {
362
+ if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
363
+ SSL_shutdown (pSSL);
364
+ else
365
+ SSL_clear (pSSL);
366
+ SSL_free (pSSL);
367
+ }
368
+
369
+ delete Context;
370
+ }
371
+
372
+
373
+
374
+ /***********************
375
+ SslBox_t::PutCiphertext
376
+ ***********************/
377
+
378
+ bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
379
+ {
380
+ assert (buf && (bufsize > 0));
381
+
382
+ assert (pbioRead);
383
+ int n = BIO_write (pbioRead, buf, bufsize);
384
+
385
+ return (n == bufsize) ? true : false;
386
+ }
387
+
388
+
389
+ /**********************
390
+ SslBox_t::GetPlaintext
391
+ **********************/
392
+
393
+ int SslBox_t::GetPlaintext (char *buf, int bufsize)
394
+ {
395
+ if (!SSL_is_init_finished (pSSL)) {
396
+ int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
397
+ if (e != 1) {
398
+ int er = SSL_get_error (pSSL, e);
399
+ if (er != SSL_ERROR_WANT_READ) {
400
+ // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
401
+ return (er == SSL_ERROR_SSL) ? (-2) : (-1);
402
+ }
403
+ else
404
+ return 0;
405
+ }
406
+ bHandshakeCompleted = true;
407
+ // If handshake finished, FALL THROUGH and return the available plaintext.
408
+ }
409
+
410
+ if (!SSL_is_init_finished (pSSL)) {
411
+ // We can get here if a browser abandons a handshake.
412
+ // The user can see a warning dialog and abort the connection.
413
+ //cerr << "<SSL_incomp>";
414
+ return 0;
415
+ }
416
+
417
+ //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
418
+
419
+ int n = SSL_read (pSSL, buf, bufsize);
420
+ if (n >= 0) {
421
+ return n;
422
+ }
423
+ else {
424
+ if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
425
+ return 0;
426
+ }
427
+ else {
428
+ return -1;
429
+ }
430
+ }
431
+
432
+ return 0;
433
+ }
434
+
435
+
436
+
437
+ /**************************
438
+ SslBox_t::CanGetCiphertext
439
+ **************************/
440
+
441
+ bool SslBox_t::CanGetCiphertext()
442
+ {
443
+ assert (pbioWrite);
444
+ return BIO_pending (pbioWrite) ? true : false;
445
+ }
446
+
447
+
448
+
449
+ /***********************
450
+ SslBox_t::GetCiphertext
451
+ ***********************/
452
+
453
+ int SslBox_t::GetCiphertext (char *buf, int bufsize)
454
+ {
455
+ assert (pbioWrite);
456
+ assert (buf && (bufsize > 0));
457
+
458
+ return BIO_read (pbioWrite, buf, bufsize);
459
+ }
460
+
461
+
462
+
463
+ /**********************
464
+ SslBox_t::PutPlaintext
465
+ **********************/
466
+
467
+ int SslBox_t::PutPlaintext (const char *buf, int bufsize)
468
+ {
469
+ // The caller will interpret the return value as the number of bytes written.
470
+ // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
471
+ // from SSL_write means we should immediately retry? The socket-machine loop
472
+ // will probably wait for a time-out cycle (perhaps a second) before re-trying.
473
+ // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
474
+
475
+ /* We internally queue any outbound plaintext that can't be dispatched
476
+ * because we're in the middle of a handshake or something.
477
+ * When we get called, try to send any queued data first, and then
478
+ * send the caller's data (or queue it). We may get called with no outbound
479
+ * data, which means we try to send the outbound queue and that's all.
480
+ *
481
+ * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
482
+ * Note that if we return 0, the connection is still considered live
483
+ * and we are signalling that we have accepted the outbound data (if any).
484
+ */
485
+
486
+ OutboundQ.Push (buf, bufsize);
487
+
488
+ if (!SSL_is_init_finished (pSSL))
489
+ return 0;
490
+
491
+ bool fatal = false;
492
+ bool did_work = false;
493
+ int pending = BIO_pending(pbioWrite);
494
+
495
+ while (OutboundQ.HasPages() && pending < SSLBOX_WRITE_BUFFER_SIZE) {
496
+ const char *page;
497
+ int length;
498
+ OutboundQ.Front (&page, &length);
499
+ assert (page && (length > 0));
500
+ int n = SSL_write (pSSL, page, length);
501
+ pending = BIO_pending(pbioWrite);
502
+
503
+ if (n > 0) {
504
+ did_work = true;
505
+ OutboundQ.PopFront();
506
+ }
507
+ else {
508
+ int er = SSL_get_error (pSSL, n);
509
+ if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
510
+ fatal = true;
511
+ break;
512
+ }
513
+ }
514
+
515
+
516
+ if (did_work)
517
+ return 1;
518
+ else if (fatal)
519
+ return -1;
520
+ else
521
+ return 0;
522
+ }
523
+
524
+ /**********************
525
+ SslBox_t::GetPeerCert
526
+ **********************/
527
+
528
+ X509 *SslBox_t::GetPeerCert()
529
+ {
530
+ X509 *cert = NULL;
531
+
532
+ if (pSSL)
533
+ cert = SSL_get_peer_certificate(pSSL);
534
+
535
+ return cert;
536
+ }
537
+
538
+ /**********************
539
+ SslBox_t::GetCipherBits
540
+ **********************/
541
+
542
+ int SslBox_t::GetCipherBits()
543
+ {
544
+ int bits = -1;
545
+ if (pSSL)
546
+ SSL_get_cipher_bits(pSSL, &bits);
547
+ return bits;
548
+ }
549
+
550
+ /**********************
551
+ SslBox_t::GetCipherName
552
+ **********************/
553
+
554
+ const char *SslBox_t::GetCipherName()
555
+ {
556
+ if (pSSL)
557
+ return SSL_get_cipher_name(pSSL);
558
+ return NULL;
559
+ }
560
+
561
+ /**********************
562
+ SslBox_t::GetCipherProtocol
563
+ **********************/
564
+
565
+ const char *SslBox_t::GetCipherProtocol()
566
+ {
567
+ if (pSSL)
568
+ return SSL_get_cipher_version(pSSL);
569
+ return NULL;
570
+ }
571
+
572
+ /**********************
573
+ SslBox_t::GetSNIHostname
574
+ **********************/
575
+
576
+ const char *SslBox_t::GetSNIHostname()
577
+ {
578
+ #ifdef TLSEXT_NAMETYPE_host_name
579
+ if (pSSL)
580
+ return SSL_get_servername (pSSL, TLSEXT_NAMETYPE_host_name);
581
+ #endif
582
+ return NULL;
583
+ }
584
+
585
+ /******************
586
+ ssl_verify_wrapper
587
+ *******************/
588
+
589
+ extern "C" int ssl_verify_wrapper(int preverify_ok UNUSED, X509_STORE_CTX *ctx)
590
+ {
591
+ uintptr_t binding;
592
+ X509 *cert;
593
+ SSL *ssl;
594
+ BUF_MEM *buf;
595
+ BIO *out;
596
+ int result;
597
+
598
+ cert = X509_STORE_CTX_get_current_cert(ctx);
599
+ ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
600
+ binding = (uintptr_t) SSL_get_ex_data(ssl, 0);
601
+
602
+ out = BIO_new(BIO_s_mem());
603
+ PEM_write_bio_X509(out, cert);
604
+ BIO_write(out, "\0", 1);
605
+ BIO_get_mem_ptr(out, &buf);
606
+
607
+ ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
608
+ result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
609
+ BIO_free(out);
610
+
611
+ return result;
612
+ }
613
+
614
+ #endif // WITH_SSL
615
+