RubyGems - ruby-tls - Versions diffs - 1.0.2 → 1.0.3 - Mend

ruby-tls 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/EM-LICENSE +60 -60
data/README.md +71 -71
data/Rakefile +19 -19
data/ext/Rakefile +18 -18
data/ext/tls/page.cpp +102 -102
data/ext/tls/page.h +61 -61
data/ext/tls/ssl.cpp +594 -587
data/ext/tls/ssl.h +130 -129
data/lib/ruby-tls.rb +7 -7
data/lib/ruby-tls/connection.rb +124 -121
data/lib/ruby-tls/ext.rb +39 -38
data/lib/ruby-tls/version.rb +3 -3
data/ruby-tls.gemspec +32 -32
data/spec/client.crt +31 -31
data/spec/client.key +51 -51
data/spec/comms_spec.rb +156 -147
data/spec/verify_spec.rb +120 -118
metadata +34 -34

data/ext/tls/page.h CHANGED

@@ -1,61 +1,61 @@
-/*****************************************************************************
-$Id$
-File:     page.h
-Date:     30Apr06
-Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
-Gmail: blackhedd
-This program is free software; you can redistribute it and/or modify
-it under the terms of either: 1) the GNU General Public License
-as published by the Free Software Foundation; either version 2 of the
-License, or (at your option) any later version; or 2) Ruby's License.
-See the file COPYING for complete licensing information.
-*****************************************************************************/
-#ifndef __PageManager__H_
-#define __PageManager__H_
-#include <deque>
-#include <stdexcept>
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-using namespace std;
-/**************
-class PageList
-**************/
-class PageList
-{
-    struct Page {
-        Page (const char *b, size_t s): Buffer(b), Size(s) {}
-        const char *Buffer;
-        size_t Size;
-    };
-    public:
-        PageList();
-        virtual ~PageList();
-        void Push (const char*, int);
-        bool HasPages();
-        void Front (const char**, int*);
-        void PopFront();
-    private:
-        deque<Page> Pages;
-};
-#endif // __PageManager__H_
+/*****************************************************************************
+$Id$
+File:     page.h
+Date:     30Apr06
+Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
+Gmail: blackhedd
+This program is free software; you can redistribute it and/or modify
+it under the terms of either: 1) the GNU General Public License
+as published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version; or 2) Ruby's License.
+See the file COPYING for complete licensing information.
+*****************************************************************************/
+#ifndef __PageManager__H_
+#define __PageManager__H_
+#include <deque>
+#include <stdexcept>
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+using namespace std;
+/**************
+class PageList
+**************/
+class PageList
+{
+    struct Page {
+        Page (const char *b, size_t s): Buffer(b), Size(s) {}
+        const char *Buffer;
+        size_t Size;
+    };
+    public:
+        PageList();
+        virtual ~PageList();
+        void Push (const char*, int);
+        bool HasPages();
+        void Front (const char**, int*);
+        void PopFront();
+    private:
+        deque<Page> Pages;
+};
+#endif // __PageManager__H_

data/ext/tls/ssl.cpp CHANGED

@@ -1,587 +1,594 @@
-/*****************************************************************************
-$Id$
-File:     ssl.cpp
-Date:     30Apr06
-Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
-Gmail: blackhedd
-This program is free software; you can redistribute it and/or modify
-it under the terms of either: 1) the GNU General Public License
-as published by the Free Software Foundation; either version 2 of the
-License, or (at your option) any later version; or 2) Ruby's License.
-See the file COPYING for complete licensing information.
-*****************************************************************************/
-#include "ssl.h"
-static void InitializeDefaultCredentials();
-static EVP_PKEY *DefaultPrivateKey = NULL;
-static X509 *DefaultCertificate = NULL;
-static char PrivateMaterials[] = {
-"-----BEGIN RSA PRIVATE KEY-----\n"
-"MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
-"Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
-"AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
-"AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
-"H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
-"I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
-"6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
-"w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
-"PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
-"xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
-"xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
-"dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
-"2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
-"-----END RSA PRIVATE KEY-----\n"
-"-----BEGIN CERTIFICATE-----\n"
-"MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
-"VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
-"FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
-"A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
-"ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
-"NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
-"EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
-"aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
-"hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
-"AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
-"VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
-"9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
-"AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
-"HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
-"EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
-"VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
-"AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
-"aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
-"SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
-"Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
-"uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
-"-----END CERTIFICATE-----\n"};
-/* These private materials were made with:
- * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
- * TODO: We need a full-blown capability to work with user-supplied
- * keypairs and properly-signed certificates.
- */
-/*****************
-builtin_passwd_cb
-*****************/
-extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
-{
-    strcpy (buf, "kittycat");
-    return 8;
-}
-/****************************
-InitializeDefaultCredentials
-****************************/
-static void InitializeDefaultCredentials()
-{
-    BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
-    assert (bio);
-    if (DefaultPrivateKey) {
-        // we may come here in a restart.
-        EVP_PKEY_free (DefaultPrivateKey);
-        DefaultPrivateKey = NULL;
-    }
-    PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
-    if (DefaultCertificate) {
-        // we may come here in a restart.
-        X509_free (DefaultCertificate);
-        DefaultCertificate = NULL;
-    }
-    PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
-    BIO_free (bio);
-}
-/**************************
-SslContext_t::SslContext_t
-**************************/
-SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
-    pCtx (NULL),
-    PrivateKey (NULL),
-    Certificate (NULL)
-{
-	/* TODO: the usage of the specified private-key and cert-chain filenames only applies to
-     * client-side connections at this point. Server connections currently use the default materials.
-     * That needs to be fixed asap.
-     * Also, in this implementation, server-side connections use statically defined X-509 defaults.
-     * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
-     * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
-     */
-    bIsServer = is_server;
-    pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
-    if (!pCtx)
-        throw std::runtime_error ("no SSL context");
-    SSL_CTX_set_options (pCtx, SSL_OP_ALL);
-    //SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
-#ifdef SSL_MODE_RELEASE_BUFFERS
-    SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
-#endif
-    if (is_server) {
-        // The SSL_CTX calls here do NOT allocate memory.
-        int e;
-        if (privkeyfile.length() > 0)
-            e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
-        else
-            e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
-        if (e <= 0) ERR_print_errors_fp(stderr);
-        assert (e > 0);
-        if (certchainfile.length() > 0)
-            e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
-        else
-            e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
-        if (e <= 0) ERR_print_errors_fp(stderr);
-        assert (e > 0);
-    }
-    //SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
-    // Improve security http://blog.cloudflare.com/staying-on-top-of-tls-attacks
-    SSL_CTX_set_cipher_list (pCtx, "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:@STRENGTH");
-    if (is_server) {
-        SSL_CTX_sess_set_cache_size (pCtx, 128);
-        SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"ruby-tls", 8);
-    }
-    else {
-        int e;
-        if (privkeyfile.length() > 0) {
-            e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
-            if (e <= 0) ERR_print_errors_fp(stderr);
-            assert (e > 0);
-        }
-        if (certchainfile.length() > 0) {
-            e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
-            if (e <= 0) ERR_print_errors_fp(stderr);
-            assert (e > 0);
-        }
-    }
-}
-/***************************
-SslContext_t::~SslContext_t
-***************************/
-SslContext_t::~SslContext_t()
-{
-    if (pCtx)
-        SSL_CTX_free (pCtx);
-    if (PrivateKey)
-        EVP_PKEY_free (PrivateKey);
-    if (Certificate)
-        X509_free (Certificate);
-}
-/******************
-SslBox_t::SslBox_t
-******************/
-SslBox_t::SslBox_t (tls_state_t *tls_state, bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer):
-    bIsServer (is_server),
-    bHandshakeCompleted (false),
-    bVerifyPeer (verify_peer),
-    pSSL (NULL),
-    pbioRead (NULL),
-    pbioWrite (NULL)
-{
-    /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
-     * a new one every time we come here.
-     */
-    Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
-    assert (Context);
-    pbioRead = BIO_new (BIO_s_mem());
-    assert (pbioRead);
-    pbioWrite = BIO_new (BIO_s_mem());
-    assert (pbioWrite);
-    pSSL = SSL_new (Context->pCtx);
-    assert (pSSL);
-    SSL_set_bio (pSSL, pbioRead, pbioWrite);
-    // Store a pointer to the callbacks in the SSL object so we can retrieve it later
-    SSL_set_ex_data(pSSL, 0, (void*) tls_state);
-    if (bVerifyPeer)
-        SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
-    if (!bIsServer)
-        SSL_connect (pSSL);
-}
-/*******************
-SslBox_t::~SslBox_t
-*******************/
-SslBox_t::~SslBox_t()
-{
-    // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
-    if (pSSL) {
-        if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
-            SSL_shutdown (pSSL);
-        else
-            SSL_clear (pSSL);
-        SSL_free (pSSL);
-    }
-    delete Context;
-}
-/***********************
-SslBox_t::PutCiphertext
-***********************/
-bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
-{
-    assert (buf && (bufsize > 0));
-    assert (pbioRead);
-    int n = BIO_write (pbioRead, buf, bufsize);
-    return (n == bufsize) ? true : false;
-}
-/**********************
-SslBox_t::GetPlaintext
-**********************/
-int SslBox_t::GetPlaintext (char *buf, int bufsize)
-{
-    if (!SSL_is_init_finished (pSSL)) {
-        int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
-        if (e < 0) {
-            int er = SSL_get_error (pSSL, e);
-            if (er != SSL_ERROR_WANT_READ) {
-                // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
-                return (er == SSL_ERROR_SSL) ? (-2) : (-1);
-            }
-            else
-                return 0;
-        }
-        bHandshakeCompleted = true;
-        // If handshake finished, FALL THROUGH and return the available plaintext.
-    }
-    if (!SSL_is_init_finished (pSSL)) {
-        // We can get here if a browser abandons a handshake.
-        // The user can see a warning dialog and abort the connection.
-        cerr << "<SSL_incomp>";
-        return 0;
-    }
-    //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
-    int n = SSL_read (pSSL, buf, bufsize);
-    if (n >= 0) {
-        return n;
-    }
-    else {
-        if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
-            return 0;
-        }
-        else {
-            return -1;
-        }
-    }
-    return 0;
-}
-/**************************
-SslBox_t::CanGetCiphertext
-**************************/
-bool SslBox_t::CanGetCiphertext()
-{
-    assert (pbioWrite);
-    return BIO_pending (pbioWrite) ? true : false;
-}
-/***********************
-SslBox_t::GetCiphertext
-***********************/
-int SslBox_t::GetCiphertext (char *buf, int bufsize)
-{
-    assert (pbioWrite);
-    assert (buf && (bufsize > 0));
-    return BIO_read (pbioWrite, buf, bufsize);
-}
-/**********************
-SslBox_t::PutPlaintext
-**********************/
-int SslBox_t::PutPlaintext (const char *buf, int bufsize)
-{
-    // The caller will interpret the return value as the number of bytes written.
-    // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
-    // from SSL_write means we should immediately retry? The socket-machine loop
-    // will probably wait for a time-out cycle (perhaps a second) before re-trying.
-    // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
-    /* We internally queue any outbound plaintext that can't be dispatched
-     * because we're in the middle of a handshake or something.
-     * When we get called, try to send any queued data first, and then
-     * send the caller's data (or queue it). We may get called with no outbound
-     * data, which means we try to send the outbound queue and that's all.
-     *
-     * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
-     * Note that if we return 0, the connection is still considered live
-     * and we are signalling that we have accepted the outbound data (if any).
-     */
-    OutboundQ.Push (buf, bufsize);
-    if (!SSL_is_init_finished (pSSL))
-        return 0;
-    bool fatal = false;
-    bool did_work = false;
-    while (OutboundQ.HasPages()) {
-        const char *page;
-        int length;
-        OutboundQ.Front (&page, &length);
-        assert (page && (length > 0));
-        int n = SSL_write (pSSL, page, length);
-        if (n > 0) {
-            did_work = true;
-            OutboundQ.PopFront();
-        }
-        else {
-            int er = SSL_get_error (pSSL, n);
-            if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
-                fatal = true;
-            break;
-        }
-    }
-    if (did_work)
-        return 1;
-    else if (fatal)
-        return -1;
-    else
-        return 0;
-}
-/**********************
-SslBox_t::GetPeerCert
-**********************/
-X509 *SslBox_t::GetPeerCert()
-{
-    X509 *cert = NULL;
-    if (pSSL)
-        cert = SSL_get_peer_certificate(pSSL);
-    return cert;
-}
-void _DispatchCiphertext(tls_state_t *tls_state)
-{
-    SslBox_t *SslBox = tls_state->SslBox;
-    assert (SslBox);
-    char BigBuf [2048];
-    bool did_work;
-    do {
-        did_work = false;
-        // try to drain ciphertext
-        while (SslBox->CanGetCiphertext()) {
-            int r = SslBox->GetCiphertext(BigBuf, sizeof(BigBuf));
-            assert (r > 0);
-            // Queue the data for transmit
-            tls_state->transmit_cb(tls_state, BigBuf, r);
-            did_work = true;
-        }
-        // Pump the SslBox, in case it has queued outgoing plaintext
-        // This will return >0 if data was written,
-        // 0 if no data was written, and <0 if there was a fatal error.
-        bool pump;
-        do {
-            pump = false;
-            int w = SslBox->PutPlaintext(NULL, 0);
-            if (w > 0) {
-                did_work = true;
-                pump = true;
-            } else if (w < 0) {
-                // Close on error
-                tls_state->close_cb(tls_state);
-            }
-        } while (pump);
-    } while (did_work);
-}
-void _CheckHandshakeStatus(tls_state_t *tls_state)
-{
-    SslBox_t *SslBox = tls_state->SslBox;
-    // keep track of weather or not this function has been called yet
-    if (SslBox && tls_state->handshake_signaled == 0 && SslBox->IsHandshakeCompleted()) {
-        tls_state->handshake_signaled = 1;
-        // Optional callback
-        if (tls_state->handshake_cb) {
-            tls_state->handshake_cb(tls_state);
-        }
-    }
-}
-/******************
-ssl_verify_wrapper
-*******************/
-extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
-{
-    X509 *cert;
-    SSL *ssl;
-    BUF_MEM *buf;
-    BIO *out;
-    int result;
-    tls_state_t *tls_state;
-    cert = X509_STORE_CTX_get_current_cert(ctx);
-    ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
-    out = BIO_new(BIO_s_mem());
-    PEM_write_bio_X509(out, cert);
-    BIO_write(out, "\0", 1);
-    BIO_get_mem_ptr(out, &buf);
-    tls_state = (tls_state_t *) SSL_get_ex_data(ssl, 0);
-    result = tls_state->verify_cb(tls_state, buf->data);
-    BIO_free(out);
-    return result;
-}
-// These are the FFI interactions:
-// ------------------------------
-extern "C" void start_tls(tls_state_t *tls_state, bool bIsServer, const char *PrivateKeyFilename, const char *CertChainFilename, bool bSslVerifyPeer)
-{
-    tls_state->SslBox = new SslBox_t (tls_state, bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer);
-    _DispatchCiphertext(tls_state);
-}
-extern "C" void encrypt_data(tls_state_t *tls_state, const char *data, int length) {
-    SslBox_t *SslBox = tls_state->SslBox;
-    if (length > 0 && SslBox) {
-        int w = SslBox->PutPlaintext(data, length);
-        if (w < 0) {
-            // Close the connection if there was an issue
-            tls_state->close_cb(tls_state);
-        } else {
-            _DispatchCiphertext(tls_state);
-        }
-    }
-}
-extern "C" void decrypt_data(tls_state_t *tls_state, const char *buffer, int size) {
-    SslBox_t *SslBox = tls_state->SslBox;
-    if (SslBox) {
-        SslBox->PutCiphertext (buffer, size);
-        int s;
-        char B [2048];
-        while ((s = SslBox->GetPlaintext(B, sizeof(B) - 1)) > 0) {
-            _CheckHandshakeStatus(tls_state);
-            B[s] = 0;
-            // data recieved callback
-            tls_state->dispatch_cb(tls_state, B, s);
-        }
-        // If our SSL handshake had a problem, shut down the connection.
-        if (s == -2) {
-            tls_state->close_cb(tls_state);
-            return;
-        }
-        _CheckHandshakeStatus(tls_state);
-        _DispatchCiphertext(tls_state);
-    }
-}
-extern "C" X509 *get_peer_cert(tls_state_t *tls_state)
-{
-    if (tls_state->SslBox)
-        return tls_state->SslBox->GetPeerCert();
-    return 0;
-}
-extern "C" void init_rubytls() {
-    SSL_library_init();
-    OpenSSL_add_ssl_algorithms();
-    OpenSSL_add_all_algorithms();
-    SSL_load_error_strings();
-    ERR_load_crypto_strings();
-    InitializeDefaultCredentials();
-}
+/*****************************************************************************
+$Id$
+File:     ssl.cpp
+Date:     30Apr06
+Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
+Gmail: blackhedd
+This program is free software; you can redistribute it and/or modify
+it under the terms of either: 1) the GNU General Public License
+as published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version; or 2) Ruby's License.
+See the file COPYING for complete licensing information.
+*****************************************************************************/
+#include "ssl.h"
+static void InitializeDefaultCredentials();
+static EVP_PKEY *DefaultPrivateKey = NULL;
+static X509 *DefaultCertificate = NULL;
+static char PrivateMaterials[] = {
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
+"Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
+"AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
+"AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
+"H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
+"I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
+"6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
+"w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
+"PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
+"xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
+"xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
+"dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
+"2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
+"-----END RSA PRIVATE KEY-----\n"
+"-----BEGIN CERTIFICATE-----\n"
+"MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
+"VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
+"FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
+"A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
+"ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
+"NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
+"EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
+"aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
+"hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
+"AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
+"VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
+"9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
+"AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
+"HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
+"EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
+"VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
+"AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
+"aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
+"SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
+"Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
+"uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
+"-----END CERTIFICATE-----\n"};
+/* These private materials were made with:
+ * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
+ * TODO: We need a full-blown capability to work with user-supplied
+ * keypairs and properly-signed certificates.
+ */
+/*****************
+builtin_passwd_cb
+*****************/
+extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
+{
+    strcpy (buf, "kittycat");
+    return 8;
+}
+/****************************
+InitializeDefaultCredentials
+****************************/
+static void InitializeDefaultCredentials()
+{
+    BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
+    assert (bio);
+    if (DefaultPrivateKey) {
+        // we may come here in a restart.
+        EVP_PKEY_free (DefaultPrivateKey);
+        DefaultPrivateKey = NULL;
+    }
+    PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
+    if (DefaultCertificate) {
+        // we may come here in a restart.
+        X509_free (DefaultCertificate);
+        DefaultCertificate = NULL;
+    }
+    PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
+    BIO_free (bio);
+}
+/**************************
+SslContext_t::SslContext_t
+**************************/
+SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
+    pCtx (NULL),
+    PrivateKey (NULL),
+    Certificate (NULL)
+{
+	/* TODO: the usage of the specified private-key and cert-chain filenames only applies to
+     * client-side connections at this point. Server connections currently use the default materials.
+     * That needs to be fixed asap.
+     * Also, in this implementation, server-side connections use statically defined X-509 defaults.
+     * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
+     * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
+     */
+    bIsServer = is_server;
+    pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
+    if (!pCtx)
+        throw std::runtime_error ("no SSL context");
+    SSL_CTX_set_options (pCtx, SSL_OP_ALL);
+    //SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
+#ifdef SSL_MODE_RELEASE_BUFFERS
+    SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+    if (is_server) {
+        // The SSL_CTX calls here do NOT allocate memory.
+        int e;
+        if (privkeyfile.length() > 0)
+            e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
+        else
+            e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
+        if (e <= 0) ERR_print_errors_fp(stderr);
+        assert (e > 0);
+        if (certchainfile.length() > 0)
+            e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
+        else
+            e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
+        if (e <= 0) ERR_print_errors_fp(stderr);
+        assert (e > 0);
+    }
+    //SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
+    // Improve security http://blog.cloudflare.com/staying-on-top-of-tls-attacks
+    SSL_CTX_set_cipher_list (pCtx, "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:@STRENGTH");
+    if (is_server) {
+        SSL_CTX_sess_set_cache_size (pCtx, 128);
+        SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"ruby-tls", 8);
+    }
+    else {
+        int e;
+        if (privkeyfile.length() > 0) {
+            e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
+            if (e <= 0) ERR_print_errors_fp(stderr);
+            assert (e > 0);
+        }
+        if (certchainfile.length() > 0) {
+            e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
+            if (e <= 0) ERR_print_errors_fp(stderr);
+            assert (e > 0);
+        }
+    }
+}
+/***************************
+SslContext_t::~SslContext_t
+***************************/
+SslContext_t::~SslContext_t()
+{
+    if (pCtx)
+        SSL_CTX_free (pCtx);
+    if (PrivateKey)
+        EVP_PKEY_free (PrivateKey);
+    if (Certificate)
+        X509_free (Certificate);
+}
+/******************
+SslBox_t::SslBox_t
+******************/
+SslBox_t::SslBox_t (tls_state_t *tls_state, bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer):
+    bIsServer (is_server),
+    bHandshakeCompleted (false),
+    bVerifyPeer (verify_peer),
+    pSSL (NULL),
+    pbioRead (NULL),
+    pbioWrite (NULL)
+{
+    /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
+     * a new one every time we come here.
+     */
+    Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
+    assert (Context);
+    pbioRead = BIO_new (BIO_s_mem());
+    assert (pbioRead);
+    pbioWrite = BIO_new (BIO_s_mem());
+    assert (pbioWrite);
+    pSSL = SSL_new (Context->pCtx);
+    assert (pSSL);
+    SSL_set_bio (pSSL, pbioRead, pbioWrite);
+    // Store a pointer to the callbacks in the SSL object so we can retrieve it later
+    SSL_set_ex_data(pSSL, 0, (void*) tls_state);
+    if (bVerifyPeer)
+        SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
+    if (!bIsServer)
+        SSL_connect (pSSL);
+}
+/*******************
+SslBox_t::~SslBox_t
+*******************/
+SslBox_t::~SslBox_t()
+{
+    // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
+    if (pSSL) {
+        if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
+            SSL_shutdown (pSSL);
+        else
+            SSL_clear (pSSL);
+        SSL_free (pSSL);
+    }
+    delete Context;
+}
+/***********************
+SslBox_t::PutCiphertext
+***********************/
+bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
+{
+    assert (buf && (bufsize > 0));
+    assert (pbioRead);
+    int n = BIO_write (pbioRead, buf, bufsize);
+    return (n == bufsize) ? true : false;
+}
+/**********************
+SslBox_t::GetPlaintext
+**********************/
+int SslBox_t::GetPlaintext (char *buf, int bufsize)
+{
+    if (!SSL_is_init_finished (pSSL)) {
+        int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
+        if (e < 0) {
+            int er = SSL_get_error (pSSL, e);
+            if (er != SSL_ERROR_WANT_READ) {
+                // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
+                return (er == SSL_ERROR_SSL) ? (-2) : (-1);
+            }
+            else
+                return 0;
+        }
+        bHandshakeCompleted = true;
+        // If handshake finished, FALL THROUGH and return the available plaintext.
+    }
+    if (!SSL_is_init_finished (pSSL)) {
+        // We can get here if a browser abandons a handshake.
+        // The user can see a warning dialog and abort the connection.
+        cerr << "<SSL_incomp>";
+        return 0;
+    }
+    //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
+    int n = SSL_read (pSSL, buf, bufsize);
+    if (n >= 0) {
+        return n;
+    }
+    else {
+        if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
+            return 0;
+        }
+        else {
+            return -1;
+        }
+    }
+    return 0;
+}
+/**************************
+SslBox_t::CanGetCiphertext
+**************************/
+bool SslBox_t::CanGetCiphertext()
+{
+    assert (pbioWrite);
+    return BIO_pending (pbioWrite) ? true : false;
+}
+/***********************
+SslBox_t::GetCiphertext
+***********************/
+int SslBox_t::GetCiphertext (char *buf, int bufsize)
+{
+    assert (pbioWrite);
+    assert (buf && (bufsize > 0));
+    return BIO_read (pbioWrite, buf, bufsize);
+}
+/**********************
+SslBox_t::PutPlaintext
+**********************/
+int SslBox_t::PutPlaintext (const char *buf, int bufsize)
+{
+    // The caller will interpret the return value as the number of bytes written.
+    // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
+    // from SSL_write means we should immediately retry? The socket-machine loop
+    // will probably wait for a time-out cycle (perhaps a second) before re-trying.
+    // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
+    /* We internally queue any outbound plaintext that can't be dispatched
+     * because we're in the middle of a handshake or something.
+     * When we get called, try to send any queued data first, and then
+     * send the caller's data (or queue it). We may get called with no outbound
+     * data, which means we try to send the outbound queue and that's all.
+     *
+     * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
+     * Note that if we return 0, the connection is still considered live
+     * and we are signalling that we have accepted the outbound data (if any).
+     */
+    OutboundQ.Push (buf, bufsize);
+    if (!SSL_is_init_finished (pSSL))
+        return 0;
+    bool fatal = false;
+    bool did_work = false;
+    while (OutboundQ.HasPages()) {
+        const char *page;
+        int length;
+        OutboundQ.Front (&page, &length);
+        assert (page && (length > 0));
+        int n = SSL_write (pSSL, page, length);
+        if (n > 0) {
+            did_work = true;
+            OutboundQ.PopFront();
+        }
+        else {
+            int er = SSL_get_error (pSSL, n);
+            if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
+                fatal = true;
+            break;
+        }
+    }
+    if (did_work)
+        return 1;
+    else if (fatal)
+        return -1;
+    else
+        return 0;
+}
+/**********************
+SslBox_t::GetPeerCert
+**********************/
+X509 *SslBox_t::GetPeerCert()
+{
+    X509 *cert = NULL;
+    if (pSSL)
+        cert = SSL_get_peer_certificate(pSSL);
+    return cert;
+}
+void _DispatchCiphertext(tls_state_t *tls_state)
+{
+    SslBox_t *SslBox = tls_state->SslBox;
+    assert (SslBox);
+    char BigBuf [2048];
+    bool did_work;
+    do {
+        did_work = false;
+        // try to drain ciphertext
+        while (SslBox->CanGetCiphertext()) {
+            int r = SslBox->GetCiphertext(BigBuf, sizeof(BigBuf));
+            assert (r > 0);
+            // Queue the data for transmit
+            tls_state->transmit_cb(tls_state, BigBuf, r);
+            did_work = true;
+        }
+        // Pump the SslBox, in case it has queued outgoing plaintext
+        // This will return >0 if data was written,
+        // 0 if no data was written, and <0 if there was a fatal error.
+        bool pump;
+        do {
+            pump = false;
+            int w = SslBox->PutPlaintext(NULL, 0);
+            if (w > 0) {
+                did_work = true;
+                pump = true;
+            } else if (w < 0) {
+                // Close on error
+                tls_state->close_cb(tls_state);
+            }
+        } while (pump);
+    } while (did_work);
+}
+void _CheckHandshakeStatus(tls_state_t *tls_state)
+{
+    SslBox_t *SslBox = tls_state->SslBox;
+    // keep track of weather or not this function has been called yet
+    if (SslBox && tls_state->handshake_signaled == 0 && SslBox->IsHandshakeCompleted()) {
+        tls_state->handshake_signaled = 1;
+        // Optional callback
+        if (tls_state->handshake_cb) {
+            tls_state->handshake_cb(tls_state);
+        }
+    }
+}
+/******************
+ssl_verify_wrapper
+*******************/
+extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
+{
+    X509 *cert;
+    SSL *ssl;
+    BUF_MEM *buf;
+    BIO *out;
+    int result;
+    tls_state_t *tls_state;
+    cert = X509_STORE_CTX_get_current_cert(ctx);
+    ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    out = BIO_new(BIO_s_mem());
+    PEM_write_bio_X509(out, cert);
+    BIO_write(out, "\0", 1);
+    BIO_get_mem_ptr(out, &buf);
+    tls_state = (tls_state_t *) SSL_get_ex_data(ssl, 0);
+    result = tls_state->verify_cb(tls_state, buf->data);
+    BIO_free(out);
+    return result;
+}
+// These are the FFI interactions:
+// ------------------------------
+extern "C" void start_tls(tls_state_t *tls_state, bool bIsServer, const char *PrivateKeyFilename, const char *CertChainFilename, bool bSslVerifyPeer)
+{
+    tls_state->SslBox = new SslBox_t (tls_state, bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer);
+    _DispatchCiphertext(tls_state);
+}
+extern "C" void encrypt_data(tls_state_t *tls_state, const char *data, int length) {
+    SslBox_t *SslBox = tls_state->SslBox;
+    if (length > 0 && SslBox) {
+        int w = SslBox->PutPlaintext(data, length);
+        if (w < 0) {
+            // Close the connection if there was an issue
+            tls_state->close_cb(tls_state);
+        } else {
+            _DispatchCiphertext(tls_state);
+        }
+    }
+}
+extern "C" void decrypt_data(tls_state_t *tls_state, const char *buffer, int size) {
+    SslBox_t *SslBox = tls_state->SslBox;
+    if (SslBox) {
+        SslBox->PutCiphertext (buffer, size);
+        int s;
+        char B [2048];
+        while ((s = SslBox->GetPlaintext(B, sizeof(B) - 1)) > 0) {
+            _CheckHandshakeStatus(tls_state);
+            B[s] = 0;
+            // data recieved callback
+            tls_state->dispatch_cb(tls_state, B, s);
+        }
+        // If our SSL handshake had a problem, shut down the connection.
+        if (s == -2) {
+            tls_state->close_cb(tls_state);
+            return;
+        }
+        _CheckHandshakeStatus(tls_state);
+        _DispatchCiphertext(tls_state);
+    }
+}
+extern "C" X509 *get_peer_cert(tls_state_t *tls_state)
+{
+    if (tls_state->SslBox)
+        return tls_state->SslBox->GetPeerCert();
+    return 0;
+}
+extern "C" void cleanup(tls_state_t *tls_state) {
+    SslBox_t *SslBox = tls_state->SslBox;
+    if (SslBox) {
+        tls_state->SslBox = 0;
+        delete SslBox;
+    }
+}
+extern "C" void init_rubytls() {
+    SSL_library_init();
+    OpenSSL_add_ssl_algorithms();
+    OpenSSL_add_all_algorithms();
+    SSL_load_error_strings();
+    ERR_load_crypto_strings();
+    InitializeDefaultCredentials();
+}